Fix Model Policies from matching user_id's and account_id's, and other minor cosmetic fixes
This commit is contained in:
parent
f7439172b6
commit
4243da9c32
@ -36,7 +36,6 @@ class Kernel extends HttpKernel
|
||||
\Illuminate\View\Middleware\ShareErrorsFromSession::class,
|
||||
\App\Http\Middleware\VerifyCsrfToken::class,
|
||||
\Illuminate\Routing\Middleware\SubstituteBindings::class,
|
||||
// \App\Http\Middleware\SetSite::class,
|
||||
\Laravel\Passport\Http\Middleware\CreateFreshApiToken::class,
|
||||
],
|
||||
|
||||
|
@ -10,7 +10,7 @@ class Role
|
||||
public function handle($request, Closure $next, $role)
|
||||
{
|
||||
if ($role AND ! Auth::user())
|
||||
return abort(303,'Not Authenticated');
|
||||
abort(403,'Not Authenticated');
|
||||
|
||||
switch ($role) {
|
||||
case 'wholesaler':
|
||||
|
@ -3,9 +3,9 @@
|
||||
namespace App\Mail;
|
||||
|
||||
use Illuminate\Bus\Queueable;
|
||||
use Illuminate\Contracts\Queue\ShouldQueue;
|
||||
use Illuminate\Mail\Mailable;
|
||||
use Illuminate\Queue\SerializesModels;
|
||||
use Illuminate\Contracts\Queue\ShouldQueue;
|
||||
|
||||
use App\Models\Invoice;
|
||||
|
||||
|
@ -13,8 +13,8 @@ class OrderRequestApprove extends Mailable
|
||||
{
|
||||
use Queueable, SerializesModels;
|
||||
|
||||
public $service;
|
||||
public $notes;
|
||||
public Service $service;
|
||||
public string $notes;
|
||||
|
||||
/**
|
||||
* Create a new message instance.
|
||||
@ -22,7 +22,7 @@ class OrderRequestApprove extends Mailable
|
||||
* @param Service $o
|
||||
* @param string $notes
|
||||
*/
|
||||
public function __construct(Service $o,$notes='')
|
||||
public function __construct(Service $o,string $notes='')
|
||||
{
|
||||
$this->service = $o;
|
||||
$this->notes = $notes;
|
||||
@ -35,8 +35,7 @@ class OrderRequestApprove extends Mailable
|
||||
*/
|
||||
public function build()
|
||||
{
|
||||
switch ($this->service->category)
|
||||
{
|
||||
switch ($this->service->category) {
|
||||
case 'ADSL': $subject = sprintf('%s: %s',$this->service->category,$this->service->service_adsl->service_address);
|
||||
break;
|
||||
|
||||
|
@ -13,15 +13,15 @@ class OrderRequestReject extends Mailable
|
||||
{
|
||||
use Queueable, SerializesModels;
|
||||
|
||||
public $service;
|
||||
public $reason;
|
||||
public Service $service;
|
||||
public string $reason;
|
||||
|
||||
/**
|
||||
* Create a new message instance.
|
||||
*
|
||||
* @return void
|
||||
*/
|
||||
public function __construct(Service $o,$reason)
|
||||
public function __construct(Service $o,string $reason)
|
||||
{
|
||||
$this->service = $o;
|
||||
$this->reason = $reason;
|
||||
|
@ -12,14 +12,13 @@ class SocialLink extends Mailable
|
||||
{
|
||||
use Queueable, SerializesModels;
|
||||
|
||||
public $token;
|
||||
public $user;
|
||||
public string $token;
|
||||
public User $user;
|
||||
|
||||
/**
|
||||
* Create a new message instance.
|
||||
*
|
||||
* @param User $o
|
||||
* @param string $token
|
||||
* @param AccountOauth $o
|
||||
*/
|
||||
public function __construct(AccountOauth $o)
|
||||
{
|
||||
|
@ -11,31 +11,33 @@ use App\Models\User;
|
||||
|
||||
class TestEmail extends Mailable
|
||||
{
|
||||
use Queueable, SerializesModels;
|
||||
use Queueable, SerializesModels;
|
||||
|
||||
/**
|
||||
* Create a new message instance.
|
||||
*
|
||||
* @return void
|
||||
*/
|
||||
public function __construct(User $o)
|
||||
{
|
||||
$this->user = $o;
|
||||
}
|
||||
public User $user;
|
||||
|
||||
/**
|
||||
* Build the message.
|
||||
*
|
||||
* @return $this
|
||||
*/
|
||||
public function build()
|
||||
{
|
||||
return $this
|
||||
->markdown('email.system.test_email')
|
||||
->subject('Just a test...')
|
||||
->with([
|
||||
'site'=>$this->user->site,
|
||||
'user'=>$this->user,
|
||||
]);
|
||||
}
|
||||
/**
|
||||
* Create a new message instance.
|
||||
*
|
||||
* @return void
|
||||
*/
|
||||
public function __construct(User $o)
|
||||
{
|
||||
$this->user = $o;
|
||||
}
|
||||
|
||||
/**
|
||||
* Build the message.
|
||||
*
|
||||
* @return $this
|
||||
*/
|
||||
public function build()
|
||||
{
|
||||
return $this
|
||||
->markdown('email.system.test_email')
|
||||
->subject('Just a test...')
|
||||
->with([
|
||||
'site'=>$this->user->site,
|
||||
'user'=>$this->user,
|
||||
]);
|
||||
}
|
||||
}
|
||||
|
@ -2,19 +2,21 @@
|
||||
|
||||
namespace App\Mail;
|
||||
|
||||
use App\Models\Site;
|
||||
use Carbon\Carbon;
|
||||
use Illuminate\Bus\Queueable;
|
||||
use Illuminate\Contracts\Queue\ShouldQueue;
|
||||
use Illuminate\Mail\Mailable;
|
||||
use Illuminate\Queue\SerializesModels;
|
||||
|
||||
use App\Models\AdslSupplier;
|
||||
use App\Models\{AdslSupplier,Site};
|
||||
|
||||
class TrafficMismatch extends Mailable
|
||||
{
|
||||
use Queueable, SerializesModels;
|
||||
|
||||
public AdslSupplier $aso;
|
||||
public Carbon $date;
|
||||
|
||||
/**
|
||||
* Create a new message instance.
|
||||
*
|
||||
|
@ -39,7 +39,7 @@ class AccountOauth extends Model
|
||||
/**
|
||||
* Get a link token to use when validating account.
|
||||
*/
|
||||
public function getLinkTokenAttribute()
|
||||
public function getLinkTokenAttribute(): string
|
||||
{
|
||||
return strtoupper(substr(md5($this->id.$this->date_last),0,8));
|
||||
}
|
||||
|
@ -13,29 +13,29 @@ class AccountPolicy
|
||||
/**
|
||||
* Determine whether the user can view the service.
|
||||
*
|
||||
* @param User $user
|
||||
* @param Account $o
|
||||
* @return mixed
|
||||
* @param User $uo
|
||||
* @param Account $ao
|
||||
* @return bool
|
||||
*/
|
||||
public function view(User $user, Account $o)
|
||||
public function view(User $uo,Account $ao): bool
|
||||
{
|
||||
// If this is a service for an account managed by a user.
|
||||
return ($user->accounts->pluck('id')->search($o->id) !== FALSE)
|
||||
return ($uo->accounts->pluck('id')->search($ao->id) !== FALSE)
|
||||
|
||||
// The user is the wholesaler
|
||||
OR $user->isWholesaler()
|
||||
// The user is the wholesaler
|
||||
OR $uo->isWholesaler()
|
||||
|
||||
// The user is the reseller
|
||||
OR $user->all_accounts()->pluck('id')->search($o->id);
|
||||
// The user is the reseller
|
||||
OR ($uo->all_accounts()->pluck('id')->search($ao->id) !== FALSE);
|
||||
}
|
||||
|
||||
/**
|
||||
* Determine whether the user can create services.
|
||||
*
|
||||
* @param User $user
|
||||
* @return mixed
|
||||
* @param User $uo
|
||||
* @return bool
|
||||
*/
|
||||
public function create(User $user)
|
||||
public function create(User $uo): bool
|
||||
{
|
||||
return TRUE;
|
||||
}
|
||||
@ -43,48 +43,48 @@ class AccountPolicy
|
||||
/**
|
||||
* Determine whether the user can update the service.
|
||||
*
|
||||
* @param User $user
|
||||
* @param Account $o
|
||||
* @return mixed
|
||||
* @param User $uo
|
||||
* @param Account $ao
|
||||
* @return bool
|
||||
*/
|
||||
public function update(User $user, Account $o)
|
||||
public function update(User $uo,Account $ao): bool
|
||||
{
|
||||
return $user->isWholesaler();
|
||||
return $uo->isWholesaler();
|
||||
}
|
||||
|
||||
/**
|
||||
* Determine whether the user can delete the service.
|
||||
*
|
||||
* @param User $user
|
||||
* @param Account $o
|
||||
* @return mixed
|
||||
* @param User $uo
|
||||
* @param Account $ao
|
||||
* @return bool
|
||||
*/
|
||||
public function delete(User $user, Account $o)
|
||||
public function delete(User $uo,Account $ao): bool
|
||||
{
|
||||
return $user->isWholesaler();
|
||||
return $uo->isWholesaler();
|
||||
}
|
||||
|
||||
/**
|
||||
* Determine whether the user can restore the service.
|
||||
*
|
||||
* @param User $user
|
||||
* @param Account $o
|
||||
* @return mixed
|
||||
* @param User $uo
|
||||
* @param Account $ao
|
||||
* @return bool
|
||||
*/
|
||||
public function restore(User $user, Account $o)
|
||||
public function restore(User $uo,Account $ao): bool
|
||||
{
|
||||
return $user->isWholesaler();
|
||||
return $uo->isWholesaler();
|
||||
}
|
||||
|
||||
/**
|
||||
* Determine whether the user can permanently delete the service.
|
||||
*
|
||||
* @param User $user
|
||||
* @param Account $o
|
||||
* @return mixed
|
||||
* @param User $uo
|
||||
* @param Account $ao
|
||||
* @return bool
|
||||
*/
|
||||
public function forceDelete(User $user, Account $o)
|
||||
public function forceDelete(User $uo,Account $ao): bool
|
||||
{
|
||||
return $user->isWholesaler();
|
||||
return $uo->isWholesaler();
|
||||
}
|
||||
}
|
@ -13,78 +13,78 @@ class InvoicePolicy
|
||||
/**
|
||||
* Determine whether the user can view the service.
|
||||
*
|
||||
* @param User $user
|
||||
* @param Invoice $o
|
||||
* @return mixed
|
||||
* @param User $uo
|
||||
* @param Invoice $io
|
||||
* @return bool
|
||||
*/
|
||||
public function view(User $user, Invoice $o)
|
||||
public function view(User $uo,Invoice $io): bool
|
||||
{
|
||||
// If this is a service for an account managed by a user.
|
||||
return ($user->invoices->pluck('id')->search($o->id) !== FALSE)
|
||||
return ($uo->invoices->pluck('id')->search($io->id) !== FALSE)
|
||||
|
||||
// The user is the wholesaler
|
||||
OR $user->isWholesaler()
|
||||
// The user is the wholesaler
|
||||
OR $uo->isWholesaler()
|
||||
|
||||
// The user is the reseller
|
||||
OR $user->all_accounts()->pluck('id')->search($o->account_id);
|
||||
// The user is the reseller
|
||||
OR ($uo->all_accounts()->pluck('id')->search($io->account_id) !== FALSE);
|
||||
}
|
||||
|
||||
/**
|
||||
* Determine whether the user can create services.
|
||||
*
|
||||
* @param User $user
|
||||
* @return mixed
|
||||
* @param User $uo
|
||||
* @return bool
|
||||
*/
|
||||
public function create(User $user)
|
||||
public function create(User $uo): bool
|
||||
{
|
||||
return TRUE;
|
||||
return $uo->isWholesaler();
|
||||
}
|
||||
|
||||
/**
|
||||
* Determine whether the user can update the service.
|
||||
*
|
||||
* @param User $user
|
||||
* @param Invoice $o
|
||||
* @return mixed
|
||||
* @param User $uo
|
||||
* @param Invoice $io
|
||||
* @return bool
|
||||
*/
|
||||
public function update(User $user, Invoice $o)
|
||||
public function update(User $uo,Invoice $io): bool
|
||||
{
|
||||
return $user->isWholesaler();
|
||||
return $uo->isWholesaler();
|
||||
}
|
||||
|
||||
/**
|
||||
* Determine whether the user can delete the service.
|
||||
*
|
||||
* @param User $user
|
||||
* @param Invoice $o
|
||||
* @return mixed
|
||||
* @param User $uo
|
||||
* @param Invoice $io
|
||||
* @return bool
|
||||
*/
|
||||
public function delete(User $user, Invoice $o)
|
||||
public function delete(User $uo,Invoice $io): bool
|
||||
{
|
||||
return $user->isWholesaler();
|
||||
return $uo->isWholesaler();
|
||||
}
|
||||
|
||||
/**
|
||||
* Determine whether the user can restore the service.
|
||||
*
|
||||
* @param User $user
|
||||
* @param Invoice $o
|
||||
* @return mixed
|
||||
* @param User $uo
|
||||
* @param Invoice $io
|
||||
* @return bool
|
||||
*/
|
||||
public function restore(User $user, Invoice $o)
|
||||
public function restore(User $uo,Invoice $io): bool
|
||||
{
|
||||
return $user->isWholesaler();
|
||||
return $uo->isWholesaler();
|
||||
}
|
||||
|
||||
/**
|
||||
* Determine whether the user can permanently delete the service.
|
||||
*
|
||||
* @param User $user
|
||||
* @param Invoice $o
|
||||
* @return mixed
|
||||
* @param User $uo
|
||||
* @param Invoice $io
|
||||
* @return bool
|
||||
*/
|
||||
public function forceDelete(User $user, Invoice $o)
|
||||
public function forceDelete(User $uo,Invoice $io): bool
|
||||
{
|
||||
return $user->isWholesaler();
|
||||
return $uo->isWholesaler();
|
||||
}
|
||||
}
|
@ -13,29 +13,29 @@ class ServicePolicy
|
||||
/**
|
||||
* Determine whether the user can view the service.
|
||||
*
|
||||
* @param User $user
|
||||
* @param Service $o
|
||||
* @return mixed
|
||||
* @param User $uo
|
||||
* @param Service $so
|
||||
* @return bool
|
||||
*/
|
||||
public function view(User $user, Service $o)
|
||||
public function view(User $uo, Service $so): bool
|
||||
{
|
||||
// If this is a service for an account managed by a user.
|
||||
return ($user->services->pluck('id')->search($o->id) !== FALSE)
|
||||
return ($uo->services->pluck('id')->search($so->id) !== FALSE)
|
||||
|
||||
// The user is the wholesaler
|
||||
OR $user->isWholesaler()
|
||||
OR $uo->isWholesaler()
|
||||
|
||||
// The user is the reseller
|
||||
OR $user->all_accounts()->pluck('id')->search($o->account_id);
|
||||
OR ($uo->all_accounts()->pluck('id')->search($so->account_id) !== FALSE);
|
||||
}
|
||||
|
||||
/**
|
||||
* Determine whether the user can create services.
|
||||
*
|
||||
* @param User $user
|
||||
* @return mixed
|
||||
* @param User $uo
|
||||
* @return bool
|
||||
*/
|
||||
public function create(User $user)
|
||||
public function create(User $uo): bool
|
||||
{
|
||||
return TRUE;
|
||||
}
|
||||
@ -43,61 +43,61 @@ class ServicePolicy
|
||||
/**
|
||||
* Can the user progress an order status
|
||||
*
|
||||
* @param User $user
|
||||
* @param Service $o
|
||||
* @param string $next
|
||||
* @param User $uo
|
||||
* @param Service $so
|
||||
* @param string $stage
|
||||
* @return bool
|
||||
*/
|
||||
public function progress(User $user, Service $o,string $next)
|
||||
public function progress(User $uo,Service $so,string $stage): bool
|
||||
{
|
||||
return $o->actions()->has($next);
|
||||
return $so->actions()->has($stage);
|
||||
}
|
||||
|
||||
/**
|
||||
* Determine whether the user can update the service.
|
||||
*
|
||||
* @param User $user
|
||||
* @param Service $o
|
||||
* @return mixed
|
||||
* @param User $uo
|
||||
* @param Service $so
|
||||
* @return bool
|
||||
*/
|
||||
public function update(User $user, Service $o)
|
||||
public function update(User $uo, Service $so): bool
|
||||
{
|
||||
return $user->isWholesaler();
|
||||
return $uo->isWholesaler();
|
||||
}
|
||||
|
||||
/**
|
||||
* Determine whether the user can delete the service.
|
||||
*
|
||||
* @param User $user
|
||||
* @param Service $o
|
||||
* @return mixed
|
||||
* @param User $uo
|
||||
* @param Service $so
|
||||
* @return bool
|
||||
*/
|
||||
public function delete(User $user, Service $o)
|
||||
public function delete(User $uo, Service $so): bool
|
||||
{
|
||||
return $user->isWholesaler();
|
||||
return $uo->isWholesaler();
|
||||
}
|
||||
|
||||
/**
|
||||
* Determine whether the user can restore the service.
|
||||
*
|
||||
* @param User $user
|
||||
* @param Service $o
|
||||
* @return mixed
|
||||
* @param User $uo
|
||||
* @param Service $so
|
||||
* @return bool
|
||||
*/
|
||||
public function restore(User $user, Service $o)
|
||||
public function restore(User $uo, Service $so): bool
|
||||
{
|
||||
return $user->isWholesaler();
|
||||
return $uo->isWholesaler();
|
||||
}
|
||||
|
||||
/**
|
||||
* Determine whether the user can permanently delete the service.
|
||||
*
|
||||
* @param User $user
|
||||
* @param Service $o
|
||||
* @return mixed
|
||||
* @param User $uo
|
||||
* @param Service $so
|
||||
* @return bool
|
||||
*/
|
||||
public function forceDelete(User $user, Service $o)
|
||||
public function forceDelete(User $uo, Service $so): bool
|
||||
{
|
||||
return $user->isWholesaler();
|
||||
return $uo->isWholesaler();
|
||||
}
|
||||
}
|
@ -1,6 +1,6 @@
|
||||
<?php
|
||||
|
||||
namespace App\Policies;
|
||||
namespace App\Models\Policies;
|
||||
|
||||
use Illuminate\Auth\Access\HandlesAuthorization;
|
||||
|
||||
@ -13,78 +13,78 @@ class UserPolicy
|
||||
/**
|
||||
* Determine whether the user can view the service.
|
||||
*
|
||||
* @param User $user
|
||||
* @param User $uo
|
||||
* @param User $o
|
||||
* @return mixed
|
||||
* @return bool
|
||||
*/
|
||||
public function view(User $user, User $o)
|
||||
public function view(User $uo,User $o): bool
|
||||
{
|
||||
// If this is a service for an account managed by a user.
|
||||
return ($user->id == $o->id)
|
||||
return ($uo->id == $o->id)
|
||||
|
||||
// The user is the wholesaler
|
||||
OR $user->isWholesaler()
|
||||
OR $uo->isWholesaler()
|
||||
|
||||
// The user is the reseller
|
||||
OR $user->all_clients()->pluck('id')->search($o->id);
|
||||
OR ($uo->all_clients()->pluck('id')->search($o->id) !== FALSE);
|
||||
}
|
||||
|
||||
/**
|
||||
* Determine whether the user can create services.
|
||||
*
|
||||
* @param User $user
|
||||
* @return mixed
|
||||
* @param User $uo
|
||||
* @return bool
|
||||
*/
|
||||
public function create(User $user)
|
||||
public function create(User $uo): bool
|
||||
{
|
||||
//
|
||||
return $uo->isWholesaler();
|
||||
}
|
||||
|
||||
/**
|
||||
* Determine whether the user can update the service.
|
||||
*
|
||||
* @param User $user
|
||||
* @param User $uo
|
||||
* @param User $o
|
||||
* @return mixed
|
||||
* @return bool
|
||||
*/
|
||||
public function update(User $user, User $o)
|
||||
public function update(User $uo, User $o): bool
|
||||
{
|
||||
//
|
||||
return $uo->isWholesaler();
|
||||
}
|
||||
|
||||
/**
|
||||
* Determine whether the user can delete the service.
|
||||
*
|
||||
* @param User $user
|
||||
* @param User $uo
|
||||
* @param User $o
|
||||
* @return mixed
|
||||
* @return bool
|
||||
*/
|
||||
public function delete(User $user, User $o)
|
||||
public function delete(User $uo, User $o): bool
|
||||
{
|
||||
//
|
||||
return $uo->isWholesaler();
|
||||
}
|
||||
|
||||
/**
|
||||
* Determine whether the user can restore the service.
|
||||
*
|
||||
* @param User $user
|
||||
* @param User $uo
|
||||
* @param User $o
|
||||
* @return mixed
|
||||
* @return bool
|
||||
*/
|
||||
public function restore(User $user, User $o)
|
||||
public function restore(User $uo, User $o): bool
|
||||
{
|
||||
//
|
||||
return $uo->isWholesaler();
|
||||
}
|
||||
|
||||
/**
|
||||
* Determine whether the user can permanently delete the service.
|
||||
*
|
||||
* @param User $user
|
||||
* @param User $uo
|
||||
* @param User $o
|
||||
* @return mixed
|
||||
* @return bool
|
||||
*/
|
||||
public function forceDelete(User $user, User $o)
|
||||
public function forceDelete(User $uo, User $o): bool
|
||||
{
|
||||
//
|
||||
return $uo->isWholesaler();
|
||||
}
|
||||
}
|
@ -330,14 +330,14 @@ class User extends Authenticatable
|
||||
/* GENERAL METHODS */
|
||||
|
||||
/**
|
||||
* Determine if the user is an admin of the account with $id
|
||||
* Determine if the user is an admin of the user with $id
|
||||
*
|
||||
* @param $id
|
||||
* @return bool
|
||||
*/
|
||||
public function isAdmin($id): bool
|
||||
{
|
||||
return $id AND $this->isReseller() AND in_array($id,$this->all_accounts()->pluck('id')->toArray());
|
||||
return $id AND $this->isReseller() AND in_array($id,$this->all_accounts()->pluck('user_id')->toArray());
|
||||
}
|
||||
|
||||
/**
|
||||
|
Loading…
Reference in New Issue
Block a user