Change ScopeServiceUserAuthorised to ScopeAccountUserAuthorised. Scope payments to AccountUserAuthorised, and added PaymentPolicy
All checks were successful
Create Docker Image / Build Docker Image (x86_64) (push) Successful in 55s
Create Docker Image / Final Docker Image Manifest (push) Successful in 12s

This commit is contained in:
Deon George 2024-08-10 23:53:13 +10:00
parent f60727f5fb
commit ef0d4dc773
11 changed files with 150 additions and 56 deletions

View File

@ -274,7 +274,7 @@ class ServiceController extends Controller
public function domain_list(): View public function domain_list(): View
{ {
$o = Service\Domain::ServiceActive() $o = Service\Domain::ServiceActive()
->serviceUserAuthorised(Auth::user()) ->AccountUserAuthorised('services')
->select('service_domain.*') ->select('service_domain.*')
->join('services',['services.id'=>'service_domain.service_id']) ->join('services',['services.id'=>'service_domain.service_id'])
->with(['service.account','registrar']) ->with(['service.account','registrar'])
@ -287,7 +287,7 @@ class ServiceController extends Controller
public function email_list(): View public function email_list(): View
{ {
$o = Service\Email::ServiceActive() $o = Service\Email::ServiceActive()
->serviceUserAuthorised(Auth::user()) ->AccountUserAuthorised('services')
->select('service_email.*') ->select('service_email.*')
->join('services',['services.id'=>'service_email.service_id']) ->join('services',['services.id'=>'service_email.service_id'])
->with(['service.account','service.product.type.supplied.supplier_detail.supplier','tld']) ->with(['service.account','service.product.type.supplied.supplier_detail.supplier','tld'])
@ -313,7 +313,7 @@ class ServiceController extends Controller
public function hosting_list(): View public function hosting_list(): View
{ {
$o = Service\Host::ServiceActive() $o = Service\Host::ServiceActive()
->serviceUserAuthorised(Auth::user()) ->AccountUserAuthorised('services')
->select('service_host.*') ->select('service_host.*')
->join('services',['services.id'=>'service_host.service_id']) ->join('services',['services.id'=>'service_host.service_id'])
->with(['service.account','service.product.type.supplied.supplier_detail.supplier','tld']) ->with(['service.account','service.product.type.supplied.supplier_detail.supplier','tld'])

View File

@ -15,7 +15,9 @@ class ServiceChangeRequest extends FormRequest
*/ */
public function authorize() public function authorize()
{ {
return $this->route('o')->serviceUserAuthorised(Auth::user()); return $this
->route('o')
->AccountUserAuthorised();
} }
/** /**

View File

@ -7,7 +7,7 @@ use Illuminate\Support\Facades\DB;
use Leenooks\Traits\ScopeActive; use Leenooks\Traits\ScopeActive;
use App\Interfaces\IDs; use App\Interfaces\IDs;
use App\Traits\{ProviderRef,PushNew,SiteID}; use App\Traits\{ProviderRef,PushNew,ScopeAccountUserAuthorised,SiteID};
/** /**
* Class Payment * Class Payment
@ -24,7 +24,7 @@ use App\Traits\{ProviderRef,PushNew,SiteID};
*/ */
class Payment extends Model implements IDs class Payment extends Model implements IDs
{ {
use PushNew,ScopeActive,ProviderRef,SiteID; use ProviderRef,PushNew,ScopeActive,ScopeAccountUserAuthorised,SiteID;
protected $casts = [ protected $casts = [
'paid_at'=>'datetime:Y-m-d', 'paid_at'=>'datetime:Y-m-d',

View File

@ -0,0 +1,83 @@
<?php
namespace App\Models\Policies;
use Illuminate\Auth\Access\HandlesAuthorization;
use App\Models\{Payment,User};
class PaymentPolicy
{
use HandlesAuthorization;
/**
* Determine whether the user can view the payment.
*
* @param User $uo
* @param Payment $o
* @return bool
*/
public function view(User $uo,Payment $o): bool
{
return $uo->accounts_all->pluck('id')->contains($o->account_id) || $uo->isWholesaler();
}
/**
* Determine whether the user can create services.
*
* @param User $uo
* @return bool
*/
public function create(User $uo): bool
{
return $uo->isWholesaler();
}
/**
* Determine whether the user can update the service.
*
* @param User $uo
* @param Payment $o
* @return bool
*/
public function update(User $uo,Payment $o): bool
{
return $uo->isWholesaler();
}
/**
* Determine whether the user can delete the service.
*
* @param User $uo
* @param Payment $o
* @return bool
*/
public function delete(User $uo,Payment $o): bool
{
return $uo->isWholesaler();
}
/**
* Determine whether the user can restore the service.
*
* @param User $uo
* @param Payment $o
* @return bool
*/
public function restore(User $uo,Payment $o): bool
{
return $uo->isWholesaler();
}
/**
* Determine whether the user can permanently delete the service.
*
* @param User $uo
* @param Payment $o
* @return bool
*/
public function forceDelete(User $uo,Payment $o): bool
{
return $uo->isWholesaler();
}
}

View File

@ -16,7 +16,7 @@ use Leenooks\Casts\LeenooksCarbon;
use App\Models\Product\Type; use App\Models\Product\Type;
use App\Interfaces\IDs; use App\Interfaces\IDs;
use App\Traits\{ScopeServiceActive,ScopeServiceUserAuthorised}; use App\Traits\{ScopeAccountUserAuthorised,ScopeServiceActive};
/** /**
* Class Service * Class Service
@ -52,7 +52,7 @@ use App\Traits\{ScopeServiceActive,ScopeServiceUserAuthorised};
*/ */
class Service extends Model implements IDs class Service extends Model implements IDs
{ {
use HasFactory,ScopeServiceActive,ScopeServiceUserAuthorised; use HasFactory,ScopeAccountUserAuthorised,ScopeServiceActive;
protected $casts = [ protected $casts = [
'order_info' => AsCollection::class, 'order_info' => AsCollection::class,
@ -280,7 +280,7 @@ class Service extends Model implements IDs
{ {
return (new self) return (new self)
->ServiceActive() ->ServiceActive()
->ServiceUserAuthorised($uo) ->AccountUserAuthorised(NULL,$uo)
->where('order_status','!=','ACTIVE') ->where('order_status','!=','ACTIVE')
->with(['account','product']) ->with(['account','product'])
->get(); ->get();

View File

@ -9,11 +9,11 @@ use Leenooks\Carbon as LeenooksCarbon;
use App\Interfaces\ServiceItem; use App\Interfaces\ServiceItem;
use App\Models\{Account,Service}; use App\Models\{Account,Service};
use App\Models\Supplier\Type as SupplierType; use App\Models\Supplier\Type as SupplierType;
use App\Traits\{ScopeServiceActive,ScopeServiceUserAuthorised}; use App\Traits\{ScopeAccountUserAuthorised,ScopeServiceActive};
abstract class Type extends Model implements ServiceItem abstract class Type extends Model implements ServiceItem
{ {
use ScopeServiceActive,ScopeServiceUserAuthorised; use ScopeAccountUserAuthorised,ScopeServiceActive;
protected $casts = [ protected $casts = [
'connect_at' => 'datetime:Y-m-d', 'connect_at' => 'datetime:Y-m-d',

View File

@ -3,6 +3,7 @@
namespace App\Providers; namespace App\Providers;
use Illuminate\Support\Facades\Gate; use Illuminate\Support\Facades\Gate;
use Illuminate\Support\Facades\Route;
use Illuminate\Support\ServiceProvider; use Illuminate\Support\ServiceProvider;
use Intuit\Traits\IntuitSocialite; use Intuit\Traits\IntuitSocialite;
@ -31,5 +32,8 @@ class AppServiceProvider extends ServiceProvider
}); });
$this->bootIntuitSocialite(); $this->bootIntuitSocialite();
Route::model('co',\App\Models\Checkout::class);
Route::model('po',\App\Models\Payment::class);
} }
} }

View File

@ -0,0 +1,29 @@
<?php
/**
* Add a ScopeAuthorised to an Eloquent Model
* This will help limit the scope of accounts that a user can see.
*/
namespace App\Traits;
use Illuminate\Support\Facades\Auth;
use App\Models\User;
trait ScopeAccountUserAuthorised
{
/**
* Only query records that the user is authorised to see
*/
public function scopeAccountUserAuthorised($query,string $table=NULL,User $uo=NULL)
{
if (! $uo)
$uo = Auth::user();
if (! $table)
$table = $this->getTable();
return $query
->whereIN($table.'.account_id',$uo->accounts_all->pluck('id'));
}
}

View File

@ -1,21 +0,0 @@
<?php
/**
* Add a ScopeAuthorised to an Eloquent Model
* This will help limit the scope of accounts that a user can see.
*/
namespace App\Traits;
use App\Models\User;
trait ScopeServiceUserAuthorised
{
/**
* Only query records that the user is authorised to see
*/
public function scopeServiceUserAuthorised($query,User $uo)
{
return $query
->whereIN('services.account_id',$uo->accounts_all->pluck('id'));
}
}

View File

@ -34,7 +34,7 @@
</thead> </thead>
<tbody> <tbody>
@foreach(Payment::active()->unapplied()->with(['account.user','checkout','items'])->get() as $o) @foreach(Payment::AccountUserAuthorised()->active()->unapplied()->with(['account.user','checkout','items'])->get() as $o)
@continue(! $o->balance) @continue(! $o->balance)
<tr> <tr>
<td><a href="{{ url('r/payment',$o->id) }}">{{ $o->id }}</td> <td><a href="{{ url('r/payment',$o->id) }}">{{ $o->id }}</td>

View File

@ -82,7 +82,6 @@ Route::group(['middleware'=>['auth','role:wholesaler'],'prefix'=>'a'],function()
Route::post('setup',[AdminController::class,'setup']); Route::post('setup',[AdminController::class,'setup']);
// Checkout Setup (Payments) // Checkout Setup (Payments)
Route::model('co',\App\Models\Checkout::class);
Route::view('checkout','theme.backend.adminlte.checkout.choose'); Route::view('checkout','theme.backend.adminlte.checkout.choose');
Route::view('checkout/new','theme.backend.adminlte.checkout.view'); Route::view('checkout/new','theme.backend.adminlte.checkout.view');
Route::view('checkout/{co}','theme.backend.adminlte.checkout.view') Route::view('checkout/{co}','theme.backend.adminlte.checkout.view')
@ -144,6 +143,7 @@ Route::group(['middleware'=>['auth','role:reseller'],'prefix'=>'r'],function() {
// Reseller Reports // Reseller Reports
Route::group(['prefix'=>'report'],function() { Route::group(['prefix'=>'report'],function() {
Route::view('charge/pending','theme.backend.adminlte.charge.pending');
Route::get('domain',[ServiceController::class,'domain_list']); Route::get('domain',[ServiceController::class,'domain_list']);
Route::get('email',[ServiceController::class,'email_list']); Route::get('email',[ServiceController::class,'email_list']);
Route::get('hosting',[ServiceController::class,'hosting_list']); Route::get('hosting',[ServiceController::class,'hosting_list']);
@ -158,9 +158,9 @@ Route::group(['middleware'=>['auth','role:reseller'],'prefix'=>'r'],function() {
Route::post('charge/edit',[ChargeController::class,'edit']); Route::post('charge/edit',[ChargeController::class,'edit']);
// Payments // Payments
Route::model('po',\App\Models\Payment::class);
Route::view('payment/new','theme.backend.adminlte.payment.view'); Route::view('payment/new','theme.backend.adminlte.payment.view');
Route::view('payment/{po}','theme.backend.adminlte.payment.view') Route::view('payment/{po}','theme.backend.adminlte.payment.view')
->middleware('can:update,po')
->where('po','[0-9]+'); ->where('po','[0-9]+');
Route::post('payment/{o?}',[PaymentController::class,'addedit']) Route::post('payment/{o?}',[PaymentController::class,'addedit'])
->where('o','[0-9]+'); ->where('o','[0-9]+');
@ -169,49 +169,46 @@ Route::group(['middleware'=>['auth','role:reseller'],'prefix'=>'r'],function() {
// Reseller API calls // Reseller API calls
Route::post('service_change_charges/{o}',[ServiceController::class,'service_change_charges_display']) Route::post('service_change_charges/{o}',[ServiceController::class,'service_change_charges_display'])
->where('o','[0-9]+'); ->where('o','[0-9]+');
// Charges
Route::view('report/charge/pending','theme.backend.adminlte.charge.pending');
}); });
// Our User Routes // Our User Routes
Route::group(['middleware'=>['auth'],'prefix'=>'u'],function() { Route::group(['middleware'=>['auth'],'prefix'=>'u'],function() {
Route::get('home',[HomeController::class,'home']); Route::get('home',[HomeController::class,'home']);
Route::get('home/{o}',[HomeController::class,'home']) Route::get('home/{o}',[HomeController::class,'home'])
->where('o','[0-9]+') ->middleware('can:view,o')
->middleware('can:view,o'); ->where('o','[0-9]+');
Route::view('checkout/cart','theme.backend.adminlte.checkout.cart'); Route::view('checkout/cart','theme.backend.adminlte.checkout.cart');
Route::get('checkout/cart/{o}',[CheckoutController::class,'cart_invoice']) Route::get('checkout/cart/{o}',[CheckoutController::class,'cart_invoice'])
->where('o','[0-9]+') ->middleware('can:view,o')
->middleware('can:view,o'); ->where('o','[0-9]+');
Route::post('checkout/cart/remove',[CheckoutController::class,'cart_remove']); Route::post('checkout/cart/remove',[CheckoutController::class,'cart_remove']);
Route::post('checkout/fee',[CheckoutController::class,'fee']); Route::post('checkout/fee',[CheckoutController::class,'fee']);
Route::post('checkout/pay',[CheckoutController::class,'pay']); Route::post('checkout/pay',[CheckoutController::class,'pay']);
Route::get('invoice/{o}',[InvoiceController::class,'view']) Route::get('invoice/{o}',[InvoiceController::class,'view'])
->where('o','[0-9]+') ->middleware('can:view,o')
->middleware('can:view,o'); ->where('o','[0-9]+');
Route::get('invoice/{o}/pdf',[InvoiceController::class,'pdf']) Route::get('invoice/{o}/pdf',[InvoiceController::class,'pdf'])
->where('o','[0-9]+') ->middleware('can:view,o')
->middleware('can:view,o'); ->where('o','[0-9]+');
Route::get('service/{o}',[ServiceController::class,'home']) Route::get('service/{o}',[ServiceController::class,'home'])
->where('o','[0-9]+') ->middleware('can:view,o')
->middleware('can:view,o'); ->where('o','[0-9]+');
Route::match(['get','post'],'service/{o}/cancel-request',[ServiceController::class,'cancel_request']) Route::match(['get','post'],'service/{o}/cancel-request',[ServiceController::class,'cancel_request'])
->where('o','[0-9]+') ->middleware('can:progress,o,"cancel-request"')
->middleware('can:progress,o,"cancel-request"'); ->where('o','[0-9]+');
Route::match(['get','post'],'service/{o}/change-request',[ServiceController::class,'change_request']) Route::match(['get','post'],'service/{o}/change-request',[ServiceController::class,'change_request'])
->where('o','[0-9]+') ->middleware('can:progress,o,"change-request"')
->middleware('can:progress,o,"change-request"'); ->where('o','[0-9]+');
// @todo This shouldnt be a user privilege. // @todo This shouldnt be a user privilege.
Route::match(['get','post'],'service/{o}/change-pending',[ServiceController::class,'change_pending']) Route::match(['get','post'],'service/{o}/change-pending',[ServiceController::class,'change_pending'])
->where('o','[0-9]+') ->middleware('can:progress,o,"change-pending"')
->middleware('can:progress,o,"change-pending"'); ->where('o','[0-9]+');
Route::get('service/{o}/change/{status}',[ServiceController::class,'change']) Route::get('service/{o}/change/{status}',[ServiceController::class,'change'])
->where('o','[0-9]+') ->middleware('can:progress,o,status')
->middleware('can:progress,o,status'); ->where('o','[0-9]+');
// User settings // User settings
Route::view('settings','theme.backend.adminlte.user.settings'); Route::view('settings','theme.backend.adminlte.user.settings');