tim/invoiceninja
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge permissions fix

Browse source
This commit is contained in:
Hillel Coren 2018-12-11 11:36:51 +02:00
parent b6f059d00a
commit cdc9df7522
1 changed files with 39 additions and 25 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

64
app/Http/Requests/InvoiceRequest.php
View file

@ -9,59 +9,73 @@ class InvoiceRequest extends EntityRequest
{
protected $entityType = ENTITY_INVOICE;
/**
/**
* Determine if the user is authorized to make this request.
*
* @return bool
*/
public function authorize()
{
$invoice = parent::entity();
$entity = $invoice ? $invoice->subEntityType() : ENTITY_INVOICE;
if ($invoice && $invoice->isQuote())
$standardOrRecurringInvoice = ENTITY_QUOTE;
elseif($invoice && $invoice->is_recurring)
$standardOrRecurringInvoice = ENTITY_RECURRING_INVOICE;
else
$standardOrRecurringInvoice = ENTITY_INVOICE;
switch($entity)
{
case ENTITY_INVOICE:
$crossCloneEntity = ENTITY_QUOTE;
break;
case ENTITY_QUOTE:
$crossCloneEntity = ENTITY_INVOICE;
break;
case ENTITY_RECURRING_INVOICE:
$crossCloneEntity = ENTITY_RECURRING_QUOTE;
break;
case ENTITY_RECURRING_QUOTE:
$crossCloneEntity = ENTITY_RECURRING_INVOICE;
break;
}
if(request()->is('invoices/*/edit') && request()->isMethod('get') && $this->user()->can('edit', $invoice))
if(request()->is('invoices/create*') && $this->user()->can('createEntity', ENTITY_INVOICE))
return true;
if(request()->is('quotes/*/edit') && request()->isMethod('get') && $this->user()->can('edit', $invoice))
if(request()->is('recurring_invoices/create*') && $this->user()->can('createEntity', ENTITY_INVOICE))
return true;
if(request()->is('invoices/create*') && $this->user()->can('create', ENTITY_INVOICE))
if(request()->is('quotes/create*') && $this->user()->can('createEntity', ENTITY_QUOTE))
return true;
if(request()->is('invoices/create*') && !$this->user()->can('create', ENTITY_INVOICE))
return false;
if(request()->is('recurring_quotes/create*') && $this->user()->can('createEntity', ENTITY_QUOTE))
return true;
if(request()->is('recurring_invoices/create') && !$this->user()->can('create', ENTITY_RECURRING_INVOICE))
return false;
if($invoice && !$invoice->isQuote() && request()->is('*invoices/*/edit') && request()->isMethod('put') && $this->user()->can('edit', $invoice))
return true;
if(request()->is('quotes/create*') && !$this->user()->can('create', ENTITY_QUOTE))
return false;
if($invoice && $invoice->isQuote() && request()->is('*quotes/*/edit') && request()->isMethod('put') && $this->user()->can('edit', $invoice))
return true;
if(request()->is('invoices/*/edit') && request()->isMethod('put') && !$this->user()->can('edit', $standardOrRecurringInvoice))
return false;
// allow cross clone quote to invoice
if($invoice && $invoice->isQuote() && request()->is('*invoices/*/clone') && request()->isMethod('get') && $this->user()->can('view', $invoice, $crossCloneEntity))
return true;
if(request()->is('quotes/*/edit') && request()->isMethod('put') && !$this->user()->can('edit', ENTITY_QUOTE))
return false;
// allow cross clone invoice to quote
if($invoice && !$invoice->isQuote() && request()->is('*quotes/*/clone') && request()->isMethod('get') && $this->user()->can('view', $invoice, $crossCloneEntity))
return true;
if(request()->is('invoices/*') && request()->isMethod('get') && !$this->user()->can('view', $standardOrRecurringInvoice))
return false;
if($invoice && !$invoice->isQuote() && request()->is('*invoices/*') && request()->isMethod('get') && $this->user()->can('view', $invoice, $entity))
return true;
if(request()->is('quotes/*') && request()->isMethod('get') && !$this->user()->can('view', ENTITY_QUOTE))
return false;
if($invoice && $invoice->isQuote() && request()->is('*quotes/*') && request()->isMethod('get') && $this->user()->can('view', $invoice, $entity))
return true;
if ($invoice) {
HistoryUtils::trackViewed($invoice);
}
return true;
return false;
}
public function entity()
{
$invoice = parent::entity();