Fixed permission management #10
@@ -66,34 +66,20 @@ class CostUnitRepository {
|
|||||||
}
|
}
|
||||||
|
|
||||||
public function getCostUnitsByCriteria(array $criteria, bool $forDisplay = true, $disableAccessCheck = false) : array {
|
public function getCostUnitsByCriteria(array $criteria, bool $forDisplay = true, $disableAccessCheck = false) : array {
|
||||||
$tenant = app('tenant');
|
|
||||||
|
|
||||||
$canSeeAll = false;
|
|
||||||
$user = Auth()->user();
|
$user = Auth()->user();
|
||||||
|
|
||||||
if ($disableAccessCheck) {
|
if ($disableAccessCheck) {
|
||||||
$canSeeAll = true;
|
$canSeeAll = true;
|
||||||
} else {
|
} else {
|
||||||
if ($tenant->slug !== 'lv') {
|
$canSeeAll = in_array(new AuthCheckProvider()->getUserRole(), [
|
||||||
if (
|
UserRole::USER_ROLE_ADMIN, UserRole::USER_ROLE_GROUP_LEADER
|
||||||
new AuthCheckProvider()->isAdministrator() ||
|
]);
|
||||||
$user->user_role_local_group === UserRole::USER_ROLE_ADMIN
|
|
||||||
) {
|
|
||||||
$canSeeAll = true;
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
if (
|
|
||||||
in_array($user->user_role_main, [UserRole::USER_ROLE_GROUP_LEADER, UserRole::USER_ROLE_ADMIN])
|
|
||||||
) {
|
|
||||||
$canSeeAll = true;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
$visibleCostUnits = [];
|
$visibleCostUnits = [];
|
||||||
/** @var CostUnit $costUnit */
|
/** @var CostUnit $costUnit */
|
||||||
foreach (Costunit::where($criteria)->get() as $costUnit) {
|
foreach (Costunit::where($criteria)->get() as $costUnit) {
|
||||||
if ($canSeeAll || $disableAccessCheck || $costUnit->treasurers()->where('user_id', $user->id)->exists() ) {
|
if ($canSeeAll || $costUnit->treasurers()->where('user_id', $user->id)->exists() ) {
|
||||||
if ($forDisplay) {
|
if ($forDisplay) {
|
||||||
$visibleCostUnits[] = new CostUnitResource($costUnit)->toArray(request());
|
$visibleCostUnits[] = new CostUnitResource($costUnit)->toArray(request());
|
||||||
} else {
|
} else {
|
||||||
|
|||||||
@@ -77,38 +77,20 @@ class EventRepository {
|
|||||||
}
|
}
|
||||||
|
|
||||||
public function getEventsByCriteria(array $criteria, $accessCheck = true) : array {
|
public function getEventsByCriteria(array $criteria, $accessCheck = true) : array {
|
||||||
$tenant = app('tenant');
|
|
||||||
|
|
||||||
$canSeeAll = false;
|
|
||||||
$user = Auth()->user();
|
$user = Auth()->user();
|
||||||
|
|
||||||
if (!$accessCheck) {
|
if (!$accessCheck) {
|
||||||
$canSeeAll = true;
|
$canSeeAll = true;
|
||||||
} else {
|
} else {
|
||||||
if (
|
$canSeeAll = in_array(new AuthCheckProvider()->getUserRole(), [
|
||||||
new AuthCheckProvider()->isAdministrator() ||
|
UserRole::USER_ROLE_ADMIN, UserRole::USER_ROLE_GROUP_LEADER
|
||||||
$user->user_role_local_group === UserRole::USER_ROLE_ADMIN
|
]);
|
||||||
) {
|
|
||||||
if (
|
|
||||||
$user->user_role_main === UserRole::USER_ROLE_ADMIN ||
|
|
||||||
in_array($user->user_role_local_group, [UserRole::USER_ROLE_GROUP_LEADER, UserRole::USER_ROLE_ADMIN])
|
|
||||||
) {
|
|
||||||
$canSeeAll = true;
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
if (
|
|
||||||
in_array($user->user_role_main, [UserRole::USER_ROLE_GROUP_LEADER, UserRole::USER_ROLE_ADMIN])
|
|
||||||
) {
|
|
||||||
$canSeeAll = true;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
$visibleEvents = [];
|
$visibleEvents = [];
|
||||||
/** @var Event $event */
|
/** @var Event $event */
|
||||||
foreach (Event::where($criteria)->orderBy('start_date')->get() as $event) {
|
foreach (Event::where($criteria)->orderBy('start_date')->get() as $event) {
|
||||||
|
if ($canSeeAll || $event->eventManagers()->where('user_id', $user->id)->exists()) {
|
||||||
if ($canSeeAll || !$accessCheck || $event->eventManagers()->where('user_id', $user->id)->exists()) {
|
|
||||||
$visibleEvents[] = $event;
|
$visibleEvents[] = $event;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -6,6 +6,7 @@ use App\Enumerations\InvoiceStatus;
|
|||||||
use App\Enumerations\UserRole;
|
use App\Enumerations\UserRole;
|
||||||
use App\Models\CostUnit;
|
use App\Models\CostUnit;
|
||||||
use App\Models\Invoice;
|
use App\Models\Invoice;
|
||||||
|
use App\Providers\AuthCheckProvider;
|
||||||
use App\Resources\InvoiceResource;
|
use App\Resources\InvoiceResource;
|
||||||
use App\ValueObjects\Amount;
|
use App\ValueObjects\Amount;
|
||||||
use Illuminate\Database\Eloquent\Collection;
|
use Illuminate\Database\Eloquent\Collection;
|
||||||
@@ -83,19 +84,9 @@ class InvoiceRepository {
|
|||||||
return $invoice;
|
return $invoice;
|
||||||
}
|
}
|
||||||
|
|
||||||
$user = auth()->user();
|
return in_array(new AuthCheckProvider()->getUserRole(), [
|
||||||
if ($user->user_role_main === UserRole::USER_ROLE_ADMIN) {
|
UserRole::USER_ROLE_ADMIN, UserRole::USER_ROLE_GROUP_LEADER
|
||||||
return $invoice;
|
]) ? $invoice : null;
|
||||||
}
|
|
||||||
|
|
||||||
if (app('tenant')->slug === 'lv' && $user->user_role_main === UserRole::USER_ROLE_GROUP_LEADER) {
|
|
||||||
return $invoice;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (app('tenant')->slug !== 'lv' && $user->local_group === app('tenant')->slug && $user->user_role_local_group === UserRole::USER_ROLE_GROUP_LEADER) {
|
|
||||||
return $invoice;
|
|
||||||
}
|
|
||||||
|
|
||||||
return null;
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user