Change ScopeServiceUserAuthorised to ScopeAccountUserAuthorised. Scope payments to AccountUserAuthorised, and added PaymentPolicy
This commit is contained in:
parent
f60727f5fb
commit
ef0d4dc773
@ -274,7 +274,7 @@ class ServiceController extends Controller
|
|||||||
public function domain_list(): View
|
public function domain_list(): View
|
||||||
{
|
{
|
||||||
$o = Service\Domain::ServiceActive()
|
$o = Service\Domain::ServiceActive()
|
||||||
->serviceUserAuthorised(Auth::user())
|
->AccountUserAuthorised('services')
|
||||||
->select('service_domain.*')
|
->select('service_domain.*')
|
||||||
->join('services',['services.id'=>'service_domain.service_id'])
|
->join('services',['services.id'=>'service_domain.service_id'])
|
||||||
->with(['service.account','registrar'])
|
->with(['service.account','registrar'])
|
||||||
@ -287,7 +287,7 @@ class ServiceController extends Controller
|
|||||||
public function email_list(): View
|
public function email_list(): View
|
||||||
{
|
{
|
||||||
$o = Service\Email::ServiceActive()
|
$o = Service\Email::ServiceActive()
|
||||||
->serviceUserAuthorised(Auth::user())
|
->AccountUserAuthorised('services')
|
||||||
->select('service_email.*')
|
->select('service_email.*')
|
||||||
->join('services',['services.id'=>'service_email.service_id'])
|
->join('services',['services.id'=>'service_email.service_id'])
|
||||||
->with(['service.account','service.product.type.supplied.supplier_detail.supplier','tld'])
|
->with(['service.account','service.product.type.supplied.supplier_detail.supplier','tld'])
|
||||||
@ -313,7 +313,7 @@ class ServiceController extends Controller
|
|||||||
public function hosting_list(): View
|
public function hosting_list(): View
|
||||||
{
|
{
|
||||||
$o = Service\Host::ServiceActive()
|
$o = Service\Host::ServiceActive()
|
||||||
->serviceUserAuthorised(Auth::user())
|
->AccountUserAuthorised('services')
|
||||||
->select('service_host.*')
|
->select('service_host.*')
|
||||||
->join('services',['services.id'=>'service_host.service_id'])
|
->join('services',['services.id'=>'service_host.service_id'])
|
||||||
->with(['service.account','service.product.type.supplied.supplier_detail.supplier','tld'])
|
->with(['service.account','service.product.type.supplied.supplier_detail.supplier','tld'])
|
||||||
|
@ -15,7 +15,9 @@ class ServiceChangeRequest extends FormRequest
|
|||||||
*/
|
*/
|
||||||
public function authorize()
|
public function authorize()
|
||||||
{
|
{
|
||||||
return $this->route('o')->serviceUserAuthorised(Auth::user());
|
return $this
|
||||||
|
->route('o')
|
||||||
|
->AccountUserAuthorised();
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -7,7 +7,7 @@ use Illuminate\Support\Facades\DB;
|
|||||||
use Leenooks\Traits\ScopeActive;
|
use Leenooks\Traits\ScopeActive;
|
||||||
|
|
||||||
use App\Interfaces\IDs;
|
use App\Interfaces\IDs;
|
||||||
use App\Traits\{ProviderRef,PushNew,SiteID};
|
use App\Traits\{ProviderRef,PushNew,ScopeAccountUserAuthorised,SiteID};
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Class Payment
|
* Class Payment
|
||||||
@ -24,7 +24,7 @@ use App\Traits\{ProviderRef,PushNew,SiteID};
|
|||||||
*/
|
*/
|
||||||
class Payment extends Model implements IDs
|
class Payment extends Model implements IDs
|
||||||
{
|
{
|
||||||
use PushNew,ScopeActive,ProviderRef,SiteID;
|
use ProviderRef,PushNew,ScopeActive,ScopeAccountUserAuthorised,SiteID;
|
||||||
|
|
||||||
protected $casts = [
|
protected $casts = [
|
||||||
'paid_at'=>'datetime:Y-m-d',
|
'paid_at'=>'datetime:Y-m-d',
|
||||||
|
83
app/Models/Policies/PaymentPolicy.php
Normal file
83
app/Models/Policies/PaymentPolicy.php
Normal file
@ -0,0 +1,83 @@
|
|||||||
|
<?php
|
||||||
|
|
||||||
|
namespace App\Models\Policies;
|
||||||
|
|
||||||
|
use Illuminate\Auth\Access\HandlesAuthorization;
|
||||||
|
|
||||||
|
use App\Models\{Payment,User};
|
||||||
|
|
||||||
|
class PaymentPolicy
|
||||||
|
{
|
||||||
|
use HandlesAuthorization;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Determine whether the user can view the payment.
|
||||||
|
*
|
||||||
|
* @param User $uo
|
||||||
|
* @param Payment $o
|
||||||
|
* @return bool
|
||||||
|
*/
|
||||||
|
public function view(User $uo,Payment $o): bool
|
||||||
|
{
|
||||||
|
return $uo->accounts_all->pluck('id')->contains($o->account_id) || $uo->isWholesaler();
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Determine whether the user can create services.
|
||||||
|
*
|
||||||
|
* @param User $uo
|
||||||
|
* @return bool
|
||||||
|
*/
|
||||||
|
public function create(User $uo): bool
|
||||||
|
{
|
||||||
|
return $uo->isWholesaler();
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Determine whether the user can update the service.
|
||||||
|
*
|
||||||
|
* @param User $uo
|
||||||
|
* @param Payment $o
|
||||||
|
* @return bool
|
||||||
|
*/
|
||||||
|
public function update(User $uo,Payment $o): bool
|
||||||
|
{
|
||||||
|
return $uo->isWholesaler();
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Determine whether the user can delete the service.
|
||||||
|
*
|
||||||
|
* @param User $uo
|
||||||
|
* @param Payment $o
|
||||||
|
* @return bool
|
||||||
|
*/
|
||||||
|
public function delete(User $uo,Payment $o): bool
|
||||||
|
{
|
||||||
|
return $uo->isWholesaler();
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Determine whether the user can restore the service.
|
||||||
|
*
|
||||||
|
* @param User $uo
|
||||||
|
* @param Payment $o
|
||||||
|
* @return bool
|
||||||
|
*/
|
||||||
|
public function restore(User $uo,Payment $o): bool
|
||||||
|
{
|
||||||
|
return $uo->isWholesaler();
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Determine whether the user can permanently delete the service.
|
||||||
|
*
|
||||||
|
* @param User $uo
|
||||||
|
* @param Payment $o
|
||||||
|
* @return bool
|
||||||
|
*/
|
||||||
|
public function forceDelete(User $uo,Payment $o): bool
|
||||||
|
{
|
||||||
|
return $uo->isWholesaler();
|
||||||
|
}
|
||||||
|
}
|
@ -16,7 +16,7 @@ use Leenooks\Casts\LeenooksCarbon;
|
|||||||
|
|
||||||
use App\Models\Product\Type;
|
use App\Models\Product\Type;
|
||||||
use App\Interfaces\IDs;
|
use App\Interfaces\IDs;
|
||||||
use App\Traits\{ScopeServiceActive,ScopeServiceUserAuthorised};
|
use App\Traits\{ScopeAccountUserAuthorised,ScopeServiceActive};
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Class Service
|
* Class Service
|
||||||
@ -52,7 +52,7 @@ use App\Traits\{ScopeServiceActive,ScopeServiceUserAuthorised};
|
|||||||
*/
|
*/
|
||||||
class Service extends Model implements IDs
|
class Service extends Model implements IDs
|
||||||
{
|
{
|
||||||
use HasFactory,ScopeServiceActive,ScopeServiceUserAuthorised;
|
use HasFactory,ScopeAccountUserAuthorised,ScopeServiceActive;
|
||||||
|
|
||||||
protected $casts = [
|
protected $casts = [
|
||||||
'order_info' => AsCollection::class,
|
'order_info' => AsCollection::class,
|
||||||
@ -280,7 +280,7 @@ class Service extends Model implements IDs
|
|||||||
{
|
{
|
||||||
return (new self)
|
return (new self)
|
||||||
->ServiceActive()
|
->ServiceActive()
|
||||||
->ServiceUserAuthorised($uo)
|
->AccountUserAuthorised(NULL,$uo)
|
||||||
->where('order_status','!=','ACTIVE')
|
->where('order_status','!=','ACTIVE')
|
||||||
->with(['account','product'])
|
->with(['account','product'])
|
||||||
->get();
|
->get();
|
||||||
|
@ -9,11 +9,11 @@ use Leenooks\Carbon as LeenooksCarbon;
|
|||||||
use App\Interfaces\ServiceItem;
|
use App\Interfaces\ServiceItem;
|
||||||
use App\Models\{Account,Service};
|
use App\Models\{Account,Service};
|
||||||
use App\Models\Supplier\Type as SupplierType;
|
use App\Models\Supplier\Type as SupplierType;
|
||||||
use App\Traits\{ScopeServiceActive,ScopeServiceUserAuthorised};
|
use App\Traits\{ScopeAccountUserAuthorised,ScopeServiceActive};
|
||||||
|
|
||||||
abstract class Type extends Model implements ServiceItem
|
abstract class Type extends Model implements ServiceItem
|
||||||
{
|
{
|
||||||
use ScopeServiceActive,ScopeServiceUserAuthorised;
|
use ScopeAccountUserAuthorised,ScopeServiceActive;
|
||||||
|
|
||||||
protected $casts = [
|
protected $casts = [
|
||||||
'connect_at' => 'datetime:Y-m-d',
|
'connect_at' => 'datetime:Y-m-d',
|
||||||
|
@ -3,6 +3,7 @@
|
|||||||
namespace App\Providers;
|
namespace App\Providers;
|
||||||
|
|
||||||
use Illuminate\Support\Facades\Gate;
|
use Illuminate\Support\Facades\Gate;
|
||||||
|
use Illuminate\Support\Facades\Route;
|
||||||
use Illuminate\Support\ServiceProvider;
|
use Illuminate\Support\ServiceProvider;
|
||||||
use Intuit\Traits\IntuitSocialite;
|
use Intuit\Traits\IntuitSocialite;
|
||||||
|
|
||||||
@ -31,5 +32,8 @@ class AppServiceProvider extends ServiceProvider
|
|||||||
});
|
});
|
||||||
|
|
||||||
$this->bootIntuitSocialite();
|
$this->bootIntuitSocialite();
|
||||||
|
|
||||||
|
Route::model('co',\App\Models\Checkout::class);
|
||||||
|
Route::model('po',\App\Models\Payment::class);
|
||||||
}
|
}
|
||||||
}
|
}
|
29
app/Traits/ScopeAccountUserAuthorised.php
Normal file
29
app/Traits/ScopeAccountUserAuthorised.php
Normal file
@ -0,0 +1,29 @@
|
|||||||
|
<?php
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Add a ScopeAuthorised to an Eloquent Model
|
||||||
|
* This will help limit the scope of accounts that a user can see.
|
||||||
|
*/
|
||||||
|
namespace App\Traits;
|
||||||
|
|
||||||
|
use Illuminate\Support\Facades\Auth;
|
||||||
|
|
||||||
|
use App\Models\User;
|
||||||
|
|
||||||
|
trait ScopeAccountUserAuthorised
|
||||||
|
{
|
||||||
|
/**
|
||||||
|
* Only query records that the user is authorised to see
|
||||||
|
*/
|
||||||
|
public function scopeAccountUserAuthorised($query,string $table=NULL,User $uo=NULL)
|
||||||
|
{
|
||||||
|
if (! $uo)
|
||||||
|
$uo = Auth::user();
|
||||||
|
|
||||||
|
if (! $table)
|
||||||
|
$table = $this->getTable();
|
||||||
|
|
||||||
|
return $query
|
||||||
|
->whereIN($table.'.account_id',$uo->accounts_all->pluck('id'));
|
||||||
|
}
|
||||||
|
}
|
@ -1,21 +0,0 @@
|
|||||||
<?php
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Add a ScopeAuthorised to an Eloquent Model
|
|
||||||
* This will help limit the scope of accounts that a user can see.
|
|
||||||
*/
|
|
||||||
namespace App\Traits;
|
|
||||||
|
|
||||||
use App\Models\User;
|
|
||||||
|
|
||||||
trait ScopeServiceUserAuthorised
|
|
||||||
{
|
|
||||||
/**
|
|
||||||
* Only query records that the user is authorised to see
|
|
||||||
*/
|
|
||||||
public function scopeServiceUserAuthorised($query,User $uo)
|
|
||||||
{
|
|
||||||
return $query
|
|
||||||
->whereIN('services.account_id',$uo->accounts_all->pluck('id'));
|
|
||||||
}
|
|
||||||
}
|
|
@ -34,7 +34,7 @@
|
|||||||
</thead>
|
</thead>
|
||||||
|
|
||||||
<tbody>
|
<tbody>
|
||||||
@foreach(Payment::active()->unapplied()->with(['account.user','checkout','items'])->get() as $o)
|
@foreach(Payment::AccountUserAuthorised()->active()->unapplied()->with(['account.user','checkout','items'])->get() as $o)
|
||||||
@continue(! $o->balance)
|
@continue(! $o->balance)
|
||||||
<tr>
|
<tr>
|
||||||
<td><a href="{{ url('r/payment',$o->id) }}">{{ $o->id }}</td>
|
<td><a href="{{ url('r/payment',$o->id) }}">{{ $o->id }}</td>
|
||||||
|
@ -82,7 +82,6 @@ Route::group(['middleware'=>['auth','role:wholesaler'],'prefix'=>'a'],function()
|
|||||||
Route::post('setup',[AdminController::class,'setup']);
|
Route::post('setup',[AdminController::class,'setup']);
|
||||||
|
|
||||||
// Checkout Setup (Payments)
|
// Checkout Setup (Payments)
|
||||||
Route::model('co',\App\Models\Checkout::class);
|
|
||||||
Route::view('checkout','theme.backend.adminlte.checkout.choose');
|
Route::view('checkout','theme.backend.adminlte.checkout.choose');
|
||||||
Route::view('checkout/new','theme.backend.adminlte.checkout.view');
|
Route::view('checkout/new','theme.backend.adminlte.checkout.view');
|
||||||
Route::view('checkout/{co}','theme.backend.adminlte.checkout.view')
|
Route::view('checkout/{co}','theme.backend.adminlte.checkout.view')
|
||||||
@ -144,6 +143,7 @@ Route::group(['middleware'=>['auth','role:reseller'],'prefix'=>'r'],function() {
|
|||||||
|
|
||||||
// Reseller Reports
|
// Reseller Reports
|
||||||
Route::group(['prefix'=>'report'],function() {
|
Route::group(['prefix'=>'report'],function() {
|
||||||
|
Route::view('charge/pending','theme.backend.adminlte.charge.pending');
|
||||||
Route::get('domain',[ServiceController::class,'domain_list']);
|
Route::get('domain',[ServiceController::class,'domain_list']);
|
||||||
Route::get('email',[ServiceController::class,'email_list']);
|
Route::get('email',[ServiceController::class,'email_list']);
|
||||||
Route::get('hosting',[ServiceController::class,'hosting_list']);
|
Route::get('hosting',[ServiceController::class,'hosting_list']);
|
||||||
@ -158,9 +158,9 @@ Route::group(['middleware'=>['auth','role:reseller'],'prefix'=>'r'],function() {
|
|||||||
Route::post('charge/edit',[ChargeController::class,'edit']);
|
Route::post('charge/edit',[ChargeController::class,'edit']);
|
||||||
|
|
||||||
// Payments
|
// Payments
|
||||||
Route::model('po',\App\Models\Payment::class);
|
|
||||||
Route::view('payment/new','theme.backend.adminlte.payment.view');
|
Route::view('payment/new','theme.backend.adminlte.payment.view');
|
||||||
Route::view('payment/{po}','theme.backend.adminlte.payment.view')
|
Route::view('payment/{po}','theme.backend.adminlte.payment.view')
|
||||||
|
->middleware('can:update,po')
|
||||||
->where('po','[0-9]+');
|
->where('po','[0-9]+');
|
||||||
Route::post('payment/{o?}',[PaymentController::class,'addedit'])
|
Route::post('payment/{o?}',[PaymentController::class,'addedit'])
|
||||||
->where('o','[0-9]+');
|
->where('o','[0-9]+');
|
||||||
@ -169,49 +169,46 @@ Route::group(['middleware'=>['auth','role:reseller'],'prefix'=>'r'],function() {
|
|||||||
// Reseller API calls
|
// Reseller API calls
|
||||||
Route::post('service_change_charges/{o}',[ServiceController::class,'service_change_charges_display'])
|
Route::post('service_change_charges/{o}',[ServiceController::class,'service_change_charges_display'])
|
||||||
->where('o','[0-9]+');
|
->where('o','[0-9]+');
|
||||||
|
|
||||||
// Charges
|
|
||||||
Route::view('report/charge/pending','theme.backend.adminlte.charge.pending');
|
|
||||||
});
|
});
|
||||||
|
|
||||||
// Our User Routes
|
// Our User Routes
|
||||||
Route::group(['middleware'=>['auth'],'prefix'=>'u'],function() {
|
Route::group(['middleware'=>['auth'],'prefix'=>'u'],function() {
|
||||||
Route::get('home',[HomeController::class,'home']);
|
Route::get('home',[HomeController::class,'home']);
|
||||||
Route::get('home/{o}',[HomeController::class,'home'])
|
Route::get('home/{o}',[HomeController::class,'home'])
|
||||||
->where('o','[0-9]+')
|
->middleware('can:view,o')
|
||||||
->middleware('can:view,o');
|
->where('o','[0-9]+');
|
||||||
|
|
||||||
Route::view('checkout/cart','theme.backend.adminlte.checkout.cart');
|
Route::view('checkout/cart','theme.backend.adminlte.checkout.cart');
|
||||||
Route::get('checkout/cart/{o}',[CheckoutController::class,'cart_invoice'])
|
Route::get('checkout/cart/{o}',[CheckoutController::class,'cart_invoice'])
|
||||||
->where('o','[0-9]+')
|
->middleware('can:view,o')
|
||||||
->middleware('can:view,o');
|
->where('o','[0-9]+');
|
||||||
Route::post('checkout/cart/remove',[CheckoutController::class,'cart_remove']);
|
Route::post('checkout/cart/remove',[CheckoutController::class,'cart_remove']);
|
||||||
Route::post('checkout/fee',[CheckoutController::class,'fee']);
|
Route::post('checkout/fee',[CheckoutController::class,'fee']);
|
||||||
Route::post('checkout/pay',[CheckoutController::class,'pay']);
|
Route::post('checkout/pay',[CheckoutController::class,'pay']);
|
||||||
|
|
||||||
Route::get('invoice/{o}',[InvoiceController::class,'view'])
|
Route::get('invoice/{o}',[InvoiceController::class,'view'])
|
||||||
->where('o','[0-9]+')
|
->middleware('can:view,o')
|
||||||
->middleware('can:view,o');
|
->where('o','[0-9]+');
|
||||||
Route::get('invoice/{o}/pdf',[InvoiceController::class,'pdf'])
|
Route::get('invoice/{o}/pdf',[InvoiceController::class,'pdf'])
|
||||||
->where('o','[0-9]+')
|
->middleware('can:view,o')
|
||||||
->middleware('can:view,o');
|
->where('o','[0-9]+');
|
||||||
|
|
||||||
Route::get('service/{o}',[ServiceController::class,'home'])
|
Route::get('service/{o}',[ServiceController::class,'home'])
|
||||||
->where('o','[0-9]+')
|
->middleware('can:view,o')
|
||||||
->middleware('can:view,o');
|
->where('o','[0-9]+');
|
||||||
Route::match(['get','post'],'service/{o}/cancel-request',[ServiceController::class,'cancel_request'])
|
Route::match(['get','post'],'service/{o}/cancel-request',[ServiceController::class,'cancel_request'])
|
||||||
->where('o','[0-9]+')
|
->middleware('can:progress,o,"cancel-request"')
|
||||||
->middleware('can:progress,o,"cancel-request"');
|
->where('o','[0-9]+');
|
||||||
Route::match(['get','post'],'service/{o}/change-request',[ServiceController::class,'change_request'])
|
Route::match(['get','post'],'service/{o}/change-request',[ServiceController::class,'change_request'])
|
||||||
->where('o','[0-9]+')
|
->middleware('can:progress,o,"change-request"')
|
||||||
->middleware('can:progress,o,"change-request"');
|
->where('o','[0-9]+');
|
||||||
// @todo This shouldnt be a user privilege.
|
// @todo This shouldnt be a user privilege.
|
||||||
Route::match(['get','post'],'service/{o}/change-pending',[ServiceController::class,'change_pending'])
|
Route::match(['get','post'],'service/{o}/change-pending',[ServiceController::class,'change_pending'])
|
||||||
->where('o','[0-9]+')
|
->middleware('can:progress,o,"change-pending"')
|
||||||
->middleware('can:progress,o,"change-pending"');
|
->where('o','[0-9]+');
|
||||||
Route::get('service/{o}/change/{status}',[ServiceController::class,'change'])
|
Route::get('service/{o}/change/{status}',[ServiceController::class,'change'])
|
||||||
->where('o','[0-9]+')
|
->middleware('can:progress,o,status')
|
||||||
->middleware('can:progress,o,status');
|
->where('o','[0-9]+');
|
||||||
|
|
||||||
// User settings
|
// User settings
|
||||||
Route::view('settings','theme.backend.adminlte.user.settings');
|
Route::view('settings','theme.backend.adminlte.user.settings');
|
||||||
|
Loading…
Reference in New Issue
Block a user