From 4243da9c321ce6c965994d32782644dafda66730 Mon Sep 17 00:00:00 2001 From: Deon George Date: Wed, 29 Sep 2021 16:20:22 +1000 Subject: [PATCH] Fix Model Policies from matching user_id's and account_id's, and other minor cosmetic fixes --- app/Http/Kernel.php | 1 - app/Http/Middleware/Role.php | 2 +- app/Mail/InvoiceEmail.php | 2 +- app/Mail/OrderRequestApprove.php | 9 ++-- app/Mail/OrderRequestReject.php | 6 +-- app/Mail/SocialLink.php | 7 ++- app/Mail/TestEmail.php | 52 ++++++++++---------- app/Mail/TrafficMismatch.php | 6 ++- app/Models/AccountOauth.php | 2 +- app/Models/Policies/AccountPolicy.php | 64 ++++++++++++------------ app/Models/Policies/InvoicePolicy.php | 66 ++++++++++++------------- app/Models/Policies/ServicePolicy.php | 70 +++++++++++++-------------- app/Models/Policies/UserPolicy.php | 54 ++++++++++----------- app/Models/User.php | 4 +- 14 files changed, 173 insertions(+), 172 deletions(-) diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php index 9acf3f0..cb3cdf4 100644 --- a/app/Http/Kernel.php +++ b/app/Http/Kernel.php @@ -36,7 +36,6 @@ class Kernel extends HttpKernel \Illuminate\View\Middleware\ShareErrorsFromSession::class, \App\Http\Middleware\VerifyCsrfToken::class, \Illuminate\Routing\Middleware\SubstituteBindings::class, - // \App\Http\Middleware\SetSite::class, \Laravel\Passport\Http\Middleware\CreateFreshApiToken::class, ], diff --git a/app/Http/Middleware/Role.php b/app/Http/Middleware/Role.php index 709ea32..f3ec250 100644 --- a/app/Http/Middleware/Role.php +++ b/app/Http/Middleware/Role.php @@ -10,7 +10,7 @@ class Role public function handle($request, Closure $next, $role) { if ($role AND ! Auth::user()) - return abort(303,'Not Authenticated'); + abort(403,'Not Authenticated'); switch ($role) { case 'wholesaler': diff --git a/app/Mail/InvoiceEmail.php b/app/Mail/InvoiceEmail.php index 0c8db67..cc3bba8 100644 --- a/app/Mail/InvoiceEmail.php +++ b/app/Mail/InvoiceEmail.php @@ -3,9 +3,9 @@ namespace App\Mail; use Illuminate\Bus\Queueable; +use Illuminate\Contracts\Queue\ShouldQueue; use Illuminate\Mail\Mailable; use Illuminate\Queue\SerializesModels; -use Illuminate\Contracts\Queue\ShouldQueue; use App\Models\Invoice; diff --git a/app/Mail/OrderRequestApprove.php b/app/Mail/OrderRequestApprove.php index 6c0eae8..91fcb96 100644 --- a/app/Mail/OrderRequestApprove.php +++ b/app/Mail/OrderRequestApprove.php @@ -13,8 +13,8 @@ class OrderRequestApprove extends Mailable { use Queueable, SerializesModels; - public $service; - public $notes; + public Service $service; + public string $notes; /** * Create a new message instance. @@ -22,7 +22,7 @@ class OrderRequestApprove extends Mailable * @param Service $o * @param string $notes */ - public function __construct(Service $o,$notes='') + public function __construct(Service $o,string $notes='') { $this->service = $o; $this->notes = $notes; @@ -35,8 +35,7 @@ class OrderRequestApprove extends Mailable */ public function build() { - switch ($this->service->category) - { + switch ($this->service->category) { case 'ADSL': $subject = sprintf('%s: %s',$this->service->category,$this->service->service_adsl->service_address); break; diff --git a/app/Mail/OrderRequestReject.php b/app/Mail/OrderRequestReject.php index 9ce5471..6df72d3 100644 --- a/app/Mail/OrderRequestReject.php +++ b/app/Mail/OrderRequestReject.php @@ -13,15 +13,15 @@ class OrderRequestReject extends Mailable { use Queueable, SerializesModels; - public $service; - public $reason; + public Service $service; + public string $reason; /** * Create a new message instance. * * @return void */ - public function __construct(Service $o,$reason) + public function __construct(Service $o,string $reason) { $this->service = $o; $this->reason = $reason; diff --git a/app/Mail/SocialLink.php b/app/Mail/SocialLink.php index 1262aaa..8b3aada 100644 --- a/app/Mail/SocialLink.php +++ b/app/Mail/SocialLink.php @@ -12,14 +12,13 @@ class SocialLink extends Mailable { use Queueable, SerializesModels; - public $token; - public $user; + public string $token; + public User $user; /** * Create a new message instance. * - * @param User $o - * @param string $token + * @param AccountOauth $o */ public function __construct(AccountOauth $o) { diff --git a/app/Mail/TestEmail.php b/app/Mail/TestEmail.php index 8a7f28b..a52602f 100644 --- a/app/Mail/TestEmail.php +++ b/app/Mail/TestEmail.php @@ -11,31 +11,33 @@ use App\Models\User; class TestEmail extends Mailable { - use Queueable, SerializesModels; + use Queueable, SerializesModels; - /** - * Create a new message instance. - * - * @return void - */ - public function __construct(User $o) - { - $this->user = $o; - } + public User $user; - /** - * Build the message. - * - * @return $this - */ - public function build() - { - return $this - ->markdown('email.system.test_email') - ->subject('Just a test...') - ->with([ - 'site'=>$this->user->site, - 'user'=>$this->user, - ]); - } + /** + * Create a new message instance. + * + * @return void + */ + public function __construct(User $o) + { + $this->user = $o; + } + + /** + * Build the message. + * + * @return $this + */ + public function build() + { + return $this + ->markdown('email.system.test_email') + ->subject('Just a test...') + ->with([ + 'site'=>$this->user->site, + 'user'=>$this->user, + ]); + } } diff --git a/app/Mail/TrafficMismatch.php b/app/Mail/TrafficMismatch.php index a19afcc..0941bf6 100644 --- a/app/Mail/TrafficMismatch.php +++ b/app/Mail/TrafficMismatch.php @@ -2,19 +2,21 @@ namespace App\Mail; -use App\Models\Site; use Carbon\Carbon; use Illuminate\Bus\Queueable; use Illuminate\Contracts\Queue\ShouldQueue; use Illuminate\Mail\Mailable; use Illuminate\Queue\SerializesModels; -use App\Models\AdslSupplier; +use App\Models\{AdslSupplier,Site}; class TrafficMismatch extends Mailable { use Queueable, SerializesModels; + public AdslSupplier $aso; + public Carbon $date; + /** * Create a new message instance. * diff --git a/app/Models/AccountOauth.php b/app/Models/AccountOauth.php index aaf452d..88d699b 100644 --- a/app/Models/AccountOauth.php +++ b/app/Models/AccountOauth.php @@ -39,7 +39,7 @@ class AccountOauth extends Model /** * Get a link token to use when validating account. */ - public function getLinkTokenAttribute() + public function getLinkTokenAttribute(): string { return strtoupper(substr(md5($this->id.$this->date_last),0,8)); } diff --git a/app/Models/Policies/AccountPolicy.php b/app/Models/Policies/AccountPolicy.php index 24a7005..b8a3a1f 100644 --- a/app/Models/Policies/AccountPolicy.php +++ b/app/Models/Policies/AccountPolicy.php @@ -13,29 +13,29 @@ class AccountPolicy /** * Determine whether the user can view the service. * - * @param User $user - * @param Account $o - * @return mixed + * @param User $uo + * @param Account $ao + * @return bool */ - public function view(User $user, Account $o) + public function view(User $uo,Account $ao): bool { // If this is a service for an account managed by a user. - return ($user->accounts->pluck('id')->search($o->id) !== FALSE) + return ($uo->accounts->pluck('id')->search($ao->id) !== FALSE) - // The user is the wholesaler - OR $user->isWholesaler() + // The user is the wholesaler + OR $uo->isWholesaler() - // The user is the reseller - OR $user->all_accounts()->pluck('id')->search($o->id); + // The user is the reseller + OR ($uo->all_accounts()->pluck('id')->search($ao->id) !== FALSE); } /** * Determine whether the user can create services. * - * @param User $user - * @return mixed + * @param User $uo + * @return bool */ - public function create(User $user) + public function create(User $uo): bool { return TRUE; } @@ -43,48 +43,48 @@ class AccountPolicy /** * Determine whether the user can update the service. * - * @param User $user - * @param Account $o - * @return mixed + * @param User $uo + * @param Account $ao + * @return bool */ - public function update(User $user, Account $o) + public function update(User $uo,Account $ao): bool { - return $user->isWholesaler(); + return $uo->isWholesaler(); } /** * Determine whether the user can delete the service. * - * @param User $user - * @param Account $o - * @return mixed + * @param User $uo + * @param Account $ao + * @return bool */ - public function delete(User $user, Account $o) + public function delete(User $uo,Account $ao): bool { - return $user->isWholesaler(); + return $uo->isWholesaler(); } /** * Determine whether the user can restore the service. * - * @param User $user - * @param Account $o - * @return mixed + * @param User $uo + * @param Account $ao + * @return bool */ - public function restore(User $user, Account $o) + public function restore(User $uo,Account $ao): bool { - return $user->isWholesaler(); + return $uo->isWholesaler(); } /** * Determine whether the user can permanently delete the service. * - * @param User $user - * @param Account $o - * @return mixed + * @param User $uo + * @param Account $ao + * @return bool */ - public function forceDelete(User $user, Account $o) + public function forceDelete(User $uo,Account $ao): bool { - return $user->isWholesaler(); + return $uo->isWholesaler(); } } \ No newline at end of file diff --git a/app/Models/Policies/InvoicePolicy.php b/app/Models/Policies/InvoicePolicy.php index e8051c5..59bb541 100644 --- a/app/Models/Policies/InvoicePolicy.php +++ b/app/Models/Policies/InvoicePolicy.php @@ -13,78 +13,78 @@ class InvoicePolicy /** * Determine whether the user can view the service. * - * @param User $user - * @param Invoice $o - * @return mixed + * @param User $uo + * @param Invoice $io + * @return bool */ - public function view(User $user, Invoice $o) + public function view(User $uo,Invoice $io): bool { // If this is a service for an account managed by a user. - return ($user->invoices->pluck('id')->search($o->id) !== FALSE) + return ($uo->invoices->pluck('id')->search($io->id) !== FALSE) - // The user is the wholesaler - OR $user->isWholesaler() + // The user is the wholesaler + OR $uo->isWholesaler() - // The user is the reseller - OR $user->all_accounts()->pluck('id')->search($o->account_id); + // The user is the reseller + OR ($uo->all_accounts()->pluck('id')->search($io->account_id) !== FALSE); } /** * Determine whether the user can create services. * - * @param User $user - * @return mixed + * @param User $uo + * @return bool */ - public function create(User $user) + public function create(User $uo): bool { - return TRUE; + return $uo->isWholesaler(); } /** * Determine whether the user can update the service. * - * @param User $user - * @param Invoice $o - * @return mixed + * @param User $uo + * @param Invoice $io + * @return bool */ - public function update(User $user, Invoice $o) + public function update(User $uo,Invoice $io): bool { - return $user->isWholesaler(); + return $uo->isWholesaler(); } /** * Determine whether the user can delete the service. * - * @param User $user - * @param Invoice $o - * @return mixed + * @param User $uo + * @param Invoice $io + * @return bool */ - public function delete(User $user, Invoice $o) + public function delete(User $uo,Invoice $io): bool { - return $user->isWholesaler(); + return $uo->isWholesaler(); } /** * Determine whether the user can restore the service. * - * @param User $user - * @param Invoice $o - * @return mixed + * @param User $uo + * @param Invoice $io + * @return bool */ - public function restore(User $user, Invoice $o) + public function restore(User $uo,Invoice $io): bool { - return $user->isWholesaler(); + return $uo->isWholesaler(); } /** * Determine whether the user can permanently delete the service. * - * @param User $user - * @param Invoice $o - * @return mixed + * @param User $uo + * @param Invoice $io + * @return bool */ - public function forceDelete(User $user, Invoice $o) + public function forceDelete(User $uo,Invoice $io): bool { - return $user->isWholesaler(); + return $uo->isWholesaler(); } } \ No newline at end of file diff --git a/app/Models/Policies/ServicePolicy.php b/app/Models/Policies/ServicePolicy.php index b72c1e3..0860541 100644 --- a/app/Models/Policies/ServicePolicy.php +++ b/app/Models/Policies/ServicePolicy.php @@ -13,29 +13,29 @@ class ServicePolicy /** * Determine whether the user can view the service. * - * @param User $user - * @param Service $o - * @return mixed + * @param User $uo + * @param Service $so + * @return bool */ - public function view(User $user, Service $o) + public function view(User $uo, Service $so): bool { // If this is a service for an account managed by a user. - return ($user->services->pluck('id')->search($o->id) !== FALSE) + return ($uo->services->pluck('id')->search($so->id) !== FALSE) // The user is the wholesaler - OR $user->isWholesaler() + OR $uo->isWholesaler() // The user is the reseller - OR $user->all_accounts()->pluck('id')->search($o->account_id); + OR ($uo->all_accounts()->pluck('id')->search($so->account_id) !== FALSE); } /** * Determine whether the user can create services. * - * @param User $user - * @return mixed + * @param User $uo + * @return bool */ - public function create(User $user) + public function create(User $uo): bool { return TRUE; } @@ -43,61 +43,61 @@ class ServicePolicy /** * Can the user progress an order status * - * @param User $user - * @param Service $o - * @param string $next + * @param User $uo + * @param Service $so + * @param string $stage * @return bool */ - public function progress(User $user, Service $o,string $next) + public function progress(User $uo,Service $so,string $stage): bool { - return $o->actions()->has($next); + return $so->actions()->has($stage); } /** * Determine whether the user can update the service. * - * @param User $user - * @param Service $o - * @return mixed + * @param User $uo + * @param Service $so + * @return bool */ - public function update(User $user, Service $o) + public function update(User $uo, Service $so): bool { - return $user->isWholesaler(); + return $uo->isWholesaler(); } /** * Determine whether the user can delete the service. * - * @param User $user - * @param Service $o - * @return mixed + * @param User $uo + * @param Service $so + * @return bool */ - public function delete(User $user, Service $o) + public function delete(User $uo, Service $so): bool { - return $user->isWholesaler(); + return $uo->isWholesaler(); } /** * Determine whether the user can restore the service. * - * @param User $user - * @param Service $o - * @return mixed + * @param User $uo + * @param Service $so + * @return bool */ - public function restore(User $user, Service $o) + public function restore(User $uo, Service $so): bool { - return $user->isWholesaler(); + return $uo->isWholesaler(); } /** * Determine whether the user can permanently delete the service. * - * @param User $user - * @param Service $o - * @return mixed + * @param User $uo + * @param Service $so + * @return bool */ - public function forceDelete(User $user, Service $o) + public function forceDelete(User $uo, Service $so): bool { - return $user->isWholesaler(); + return $uo->isWholesaler(); } } \ No newline at end of file diff --git a/app/Models/Policies/UserPolicy.php b/app/Models/Policies/UserPolicy.php index a05576c..a037301 100644 --- a/app/Models/Policies/UserPolicy.php +++ b/app/Models/Policies/UserPolicy.php @@ -1,6 +1,6 @@ id == $o->id) + return ($uo->id == $o->id) // The user is the wholesaler - OR $user->isWholesaler() + OR $uo->isWholesaler() // The user is the reseller - OR $user->all_clients()->pluck('id')->search($o->id); + OR ($uo->all_clients()->pluck('id')->search($o->id) !== FALSE); } /** * Determine whether the user can create services. * - * @param User $user - * @return mixed + * @param User $uo + * @return bool */ - public function create(User $user) + public function create(User $uo): bool { - // + return $uo->isWholesaler(); } /** * Determine whether the user can update the service. * - * @param User $user + * @param User $uo * @param User $o - * @return mixed + * @return bool */ - public function update(User $user, User $o) + public function update(User $uo, User $o): bool { - // + return $uo->isWholesaler(); } /** * Determine whether the user can delete the service. * - * @param User $user + * @param User $uo * @param User $o - * @return mixed + * @return bool */ - public function delete(User $user, User $o) + public function delete(User $uo, User $o): bool { - // + return $uo->isWholesaler(); } /** * Determine whether the user can restore the service. * - * @param User $user + * @param User $uo * @param User $o - * @return mixed + * @return bool */ - public function restore(User $user, User $o) + public function restore(User $uo, User $o): bool { - // + return $uo->isWholesaler(); } /** * Determine whether the user can permanently delete the service. * - * @param User $user + * @param User $uo * @param User $o - * @return mixed + * @return bool */ - public function forceDelete(User $user, User $o) + public function forceDelete(User $uo, User $o): bool { - // + return $uo->isWholesaler(); } } \ No newline at end of file diff --git a/app/Models/User.php b/app/Models/User.php index a8f11ca..c2b4540 100644 --- a/app/Models/User.php +++ b/app/Models/User.php @@ -330,14 +330,14 @@ class User extends Authenticatable /* GENERAL METHODS */ /** - * Determine if the user is an admin of the account with $id + * Determine if the user is an admin of the user with $id * * @param $id * @return bool */ public function isAdmin($id): bool { - return $id AND $this->isReseller() AND in_array($id,$this->all_accounts()->pluck('id')->toArray()); + return $id AND $this->isReseller() AND in_array($id,$this->all_accounts()->pluck('user_id')->toArray()); } /**