Fix Model Policies from matching user_id's and account_id's, and other minor cosmetic fixes

This commit is contained in:
Deon George 2021-09-29 16:20:22 +10:00
parent f7439172b6
commit 4243da9c32
No known key found for this signature in database
GPG Key ID: 7670E8DC27415254
14 changed files with 173 additions and 172 deletions

View File

@ -36,7 +36,6 @@ class Kernel extends HttpKernel
\Illuminate\View\Middleware\ShareErrorsFromSession::class,
\App\Http\Middleware\VerifyCsrfToken::class,
\Illuminate\Routing\Middleware\SubstituteBindings::class,
// \App\Http\Middleware\SetSite::class,
\Laravel\Passport\Http\Middleware\CreateFreshApiToken::class,
],

View File

@ -10,7 +10,7 @@ class Role
public function handle($request, Closure $next, $role)
{
if ($role AND ! Auth::user())
return abort(303,'Not Authenticated');
abort(403,'Not Authenticated');
switch ($role) {
case 'wholesaler':

View File

@ -3,9 +3,9 @@
namespace App\Mail;
use Illuminate\Bus\Queueable;
use Illuminate\Contracts\Queue\ShouldQueue;
use Illuminate\Mail\Mailable;
use Illuminate\Queue\SerializesModels;
use Illuminate\Contracts\Queue\ShouldQueue;
use App\Models\Invoice;

View File

@ -13,8 +13,8 @@ class OrderRequestApprove extends Mailable
{
use Queueable, SerializesModels;
public $service;
public $notes;
public Service $service;
public string $notes;
/**
* Create a new message instance.
@ -22,7 +22,7 @@ class OrderRequestApprove extends Mailable
* @param Service $o
* @param string $notes
*/
public function __construct(Service $o,$notes='')
public function __construct(Service $o,string $notes='')
{
$this->service = $o;
$this->notes = $notes;
@ -35,8 +35,7 @@ class OrderRequestApprove extends Mailable
*/
public function build()
{
switch ($this->service->category)
{
switch ($this->service->category) {
case 'ADSL': $subject = sprintf('%s: %s',$this->service->category,$this->service->service_adsl->service_address);
break;

View File

@ -13,15 +13,15 @@ class OrderRequestReject extends Mailable
{
use Queueable, SerializesModels;
public $service;
public $reason;
public Service $service;
public string $reason;
/**
* Create a new message instance.
*
* @return void
*/
public function __construct(Service $o,$reason)
public function __construct(Service $o,string $reason)
{
$this->service = $o;
$this->reason = $reason;

View File

@ -12,14 +12,13 @@ class SocialLink extends Mailable
{
use Queueable, SerializesModels;
public $token;
public $user;
public string $token;
public User $user;
/**
* Create a new message instance.
*
* @param User $o
* @param string $token
* @param AccountOauth $o
*/
public function __construct(AccountOauth $o)
{

View File

@ -13,6 +13,8 @@ class TestEmail extends Mailable
{
use Queueable, SerializesModels;
public User $user;
/**
* Create a new message instance.
*

View File

@ -2,19 +2,21 @@
namespace App\Mail;
use App\Models\Site;
use Carbon\Carbon;
use Illuminate\Bus\Queueable;
use Illuminate\Contracts\Queue\ShouldQueue;
use Illuminate\Mail\Mailable;
use Illuminate\Queue\SerializesModels;
use App\Models\AdslSupplier;
use App\Models\{AdslSupplier,Site};
class TrafficMismatch extends Mailable
{
use Queueable, SerializesModels;
public AdslSupplier $aso;
public Carbon $date;
/**
* Create a new message instance.
*

View File

@ -39,7 +39,7 @@ class AccountOauth extends Model
/**
* Get a link token to use when validating account.
*/
public function getLinkTokenAttribute()
public function getLinkTokenAttribute(): string
{
return strtoupper(substr(md5($this->id.$this->date_last),0,8));
}

View File

@ -13,29 +13,29 @@ class AccountPolicy
/**
* Determine whether the user can view the service.
*
* @param User $user
* @param Account $o
* @return mixed
* @param User $uo
* @param Account $ao
* @return bool
*/
public function view(User $user, Account $o)
public function view(User $uo,Account $ao): bool
{
// If this is a service for an account managed by a user.
return ($user->accounts->pluck('id')->search($o->id) !== FALSE)
return ($uo->accounts->pluck('id')->search($ao->id) !== FALSE)
// The user is the wholesaler
OR $user->isWholesaler()
OR $uo->isWholesaler()
// The user is the reseller
OR $user->all_accounts()->pluck('id')->search($o->id);
OR ($uo->all_accounts()->pluck('id')->search($ao->id) !== FALSE);
}
/**
* Determine whether the user can create services.
*
* @param User $user
* @return mixed
* @param User $uo
* @return bool
*/
public function create(User $user)
public function create(User $uo): bool
{
return TRUE;
}
@ -43,48 +43,48 @@ class AccountPolicy
/**
* Determine whether the user can update the service.
*
* @param User $user
* @param Account $o
* @return mixed
* @param User $uo
* @param Account $ao
* @return bool
*/
public function update(User $user, Account $o)
public function update(User $uo,Account $ao): bool
{
return $user->isWholesaler();
return $uo->isWholesaler();
}
/**
* Determine whether the user can delete the service.
*
* @param User $user
* @param Account $o
* @return mixed
* @param User $uo
* @param Account $ao
* @return bool
*/
public function delete(User $user, Account $o)
public function delete(User $uo,Account $ao): bool
{
return $user->isWholesaler();
return $uo->isWholesaler();
}
/**
* Determine whether the user can restore the service.
*
* @param User $user
* @param Account $o
* @return mixed
* @param User $uo
* @param Account $ao
* @return bool
*/
public function restore(User $user, Account $o)
public function restore(User $uo,Account $ao): bool
{
return $user->isWholesaler();
return $uo->isWholesaler();
}
/**
* Determine whether the user can permanently delete the service.
*
* @param User $user
* @param Account $o
* @return mixed
* @param User $uo
* @param Account $ao
* @return bool
*/
public function forceDelete(User $user, Account $o)
public function forceDelete(User $uo,Account $ao): bool
{
return $user->isWholesaler();
return $uo->isWholesaler();
}
}

View File

@ -13,78 +13,78 @@ class InvoicePolicy
/**
* Determine whether the user can view the service.
*
* @param User $user
* @param Invoice $o
* @return mixed
* @param User $uo
* @param Invoice $io
* @return bool
*/
public function view(User $user, Invoice $o)
public function view(User $uo,Invoice $io): bool
{
// If this is a service for an account managed by a user.
return ($user->invoices->pluck('id')->search($o->id) !== FALSE)
return ($uo->invoices->pluck('id')->search($io->id) !== FALSE)
// The user is the wholesaler
OR $user->isWholesaler()
OR $uo->isWholesaler()
// The user is the reseller
OR $user->all_accounts()->pluck('id')->search($o->account_id);
OR ($uo->all_accounts()->pluck('id')->search($io->account_id) !== FALSE);
}
/**
* Determine whether the user can create services.
*
* @param User $user
* @return mixed
* @param User $uo
* @return bool
*/
public function create(User $user)
public function create(User $uo): bool
{
return TRUE;
return $uo->isWholesaler();
}
/**
* Determine whether the user can update the service.
*
* @param User $user
* @param Invoice $o
* @return mixed
* @param User $uo
* @param Invoice $io
* @return bool
*/
public function update(User $user, Invoice $o)
public function update(User $uo,Invoice $io): bool
{
return $user->isWholesaler();
return $uo->isWholesaler();
}
/**
* Determine whether the user can delete the service.
*
* @param User $user
* @param Invoice $o
* @return mixed
* @param User $uo
* @param Invoice $io
* @return bool
*/
public function delete(User $user, Invoice $o)
public function delete(User $uo,Invoice $io): bool
{
return $user->isWholesaler();
return $uo->isWholesaler();
}
/**
* Determine whether the user can restore the service.
*
* @param User $user
* @param Invoice $o
* @return mixed
* @param User $uo
* @param Invoice $io
* @return bool
*/
public function restore(User $user, Invoice $o)
public function restore(User $uo,Invoice $io): bool
{
return $user->isWholesaler();
return $uo->isWholesaler();
}
/**
* Determine whether the user can permanently delete the service.
*
* @param User $user
* @param Invoice $o
* @return mixed
* @param User $uo
* @param Invoice $io
* @return bool
*/
public function forceDelete(User $user, Invoice $o)
public function forceDelete(User $uo,Invoice $io): bool
{
return $user->isWholesaler();
return $uo->isWholesaler();
}
}

View File

@ -13,29 +13,29 @@ class ServicePolicy
/**
* Determine whether the user can view the service.
*
* @param User $user
* @param Service $o
* @return mixed
* @param User $uo
* @param Service $so
* @return bool
*/
public function view(User $user, Service $o)
public function view(User $uo, Service $so): bool
{
// If this is a service for an account managed by a user.
return ($user->services->pluck('id')->search($o->id) !== FALSE)
return ($uo->services->pluck('id')->search($so->id) !== FALSE)
// The user is the wholesaler
OR $user->isWholesaler()
OR $uo->isWholesaler()
// The user is the reseller
OR $user->all_accounts()->pluck('id')->search($o->account_id);
OR ($uo->all_accounts()->pluck('id')->search($so->account_id) !== FALSE);
}
/**
* Determine whether the user can create services.
*
* @param User $user
* @return mixed
* @param User $uo
* @return bool
*/
public function create(User $user)
public function create(User $uo): bool
{
return TRUE;
}
@ -43,61 +43,61 @@ class ServicePolicy
/**
* Can the user progress an order status
*
* @param User $user
* @param Service $o
* @param string $next
* @param User $uo
* @param Service $so
* @param string $stage
* @return bool
*/
public function progress(User $user, Service $o,string $next)
public function progress(User $uo,Service $so,string $stage): bool
{
return $o->actions()->has($next);
return $so->actions()->has($stage);
}
/**
* Determine whether the user can update the service.
*
* @param User $user
* @param Service $o
* @return mixed
* @param User $uo
* @param Service $so
* @return bool
*/
public function update(User $user, Service $o)
public function update(User $uo, Service $so): bool
{
return $user->isWholesaler();
return $uo->isWholesaler();
}
/**
* Determine whether the user can delete the service.
*
* @param User $user
* @param Service $o
* @return mixed
* @param User $uo
* @param Service $so
* @return bool
*/
public function delete(User $user, Service $o)
public function delete(User $uo, Service $so): bool
{
return $user->isWholesaler();
return $uo->isWholesaler();
}
/**
* Determine whether the user can restore the service.
*
* @param User $user
* @param Service $o
* @return mixed
* @param User $uo
* @param Service $so
* @return bool
*/
public function restore(User $user, Service $o)
public function restore(User $uo, Service $so): bool
{
return $user->isWholesaler();
return $uo->isWholesaler();
}
/**
* Determine whether the user can permanently delete the service.
*
* @param User $user
* @param Service $o
* @return mixed
* @param User $uo
* @param Service $so
* @return bool
*/
public function forceDelete(User $user, Service $o)
public function forceDelete(User $uo, Service $so): bool
{
return $user->isWholesaler();
return $uo->isWholesaler();
}
}

View File

@ -1,6 +1,6 @@
<?php
namespace App\Policies;
namespace App\Models\Policies;
use Illuminate\Auth\Access\HandlesAuthorization;
@ -13,78 +13,78 @@ class UserPolicy
/**
* Determine whether the user can view the service.
*
* @param User $user
* @param User $uo
* @param User $o
* @return mixed
* @return bool
*/
public function view(User $user, User $o)
public function view(User $uo,User $o): bool
{
// If this is a service for an account managed by a user.
return ($user->id == $o->id)
return ($uo->id == $o->id)
// The user is the wholesaler
OR $user->isWholesaler()
OR $uo->isWholesaler()
// The user is the reseller
OR $user->all_clients()->pluck('id')->search($o->id);
OR ($uo->all_clients()->pluck('id')->search($o->id) !== FALSE);
}
/**
* Determine whether the user can create services.
*
* @param User $user
* @return mixed
* @param User $uo
* @return bool
*/
public function create(User $user)
public function create(User $uo): bool
{
//
return $uo->isWholesaler();
}
/**
* Determine whether the user can update the service.
*
* @param User $user
* @param User $uo
* @param User $o
* @return mixed
* @return bool
*/
public function update(User $user, User $o)
public function update(User $uo, User $o): bool
{
//
return $uo->isWholesaler();
}
/**
* Determine whether the user can delete the service.
*
* @param User $user
* @param User $uo
* @param User $o
* @return mixed
* @return bool
*/
public function delete(User $user, User $o)
public function delete(User $uo, User $o): bool
{
//
return $uo->isWholesaler();
}
/**
* Determine whether the user can restore the service.
*
* @param User $user
* @param User $uo
* @param User $o
* @return mixed
* @return bool
*/
public function restore(User $user, User $o)
public function restore(User $uo, User $o): bool
{
//
return $uo->isWholesaler();
}
/**
* Determine whether the user can permanently delete the service.
*
* @param User $user
* @param User $uo
* @param User $o
* @return mixed
* @return bool
*/
public function forceDelete(User $user, User $o)
public function forceDelete(User $uo, User $o): bool
{
//
return $uo->isWholesaler();
}
}

View File

@ -330,14 +330,14 @@ class User extends Authenticatable
/* GENERAL METHODS */
/**
* Determine if the user is an admin of the account with $id
* Determine if the user is an admin of the user with $id
*
* @param $id
* @return bool
*/
public function isAdmin($id): bool
{
return $id AND $this->isReseller() AND in_array($id,$this->all_accounts()->pluck('id')->toArray());
return $id AND $this->isReseller() AND in_array($id,$this->all_accounts()->pluck('user_id')->toArray());
}
/**