tim/invoiceninja
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Restrict API access for free/unpaid accounts

Browse source
This commit is contained in:
David Bomba 2021-11-10 08:23:22 +11:00
parent 075fe7a5e5
commit d0be8f744c
1 changed files with 10 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
app/Http/Middleware/TokenAuth.php
View file

@ -42,6 +42,16 @@ class TokenAuth
return response()->json($error, 403);
}
if(Ninja::isHosted() && $company_token->is_system == 0 && !$user->account->isPaid()){
$error = [
'message' => 'Feature not available with free / unpaid account.',
'errors' => new stdClass,
];
return response()->json($error, 403);
}
/*
|
| Necessary evil here: As we are authenticating on CompanyToken,