deon/osb
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix authorisation for resellers to only see their own accounts

Browse Source
This commit is contained in:
Deon George 2022-04-22 16:35:01 +10:00
parent 16cc0c9f8d
commit 03f37f33ff
5 changed files with 12 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
app/Models/Policies/AccountPolicy.php
View File

@ -11,7 +11,7 @@ class AccountPolicy
use HandlesAuthorization; use HandlesAuthorization;
/** /**
* Determine whether the user can view the service. * Determine whether the user can view the account.
* *
* @param User $uo * @param User $uo
* @param Account $ao * @param Account $ao
@ -25,8 +25,8 @@ class AccountPolicy
// The user is the wholesaler // The user is the wholesaler
OR $uo->isWholesaler() OR $uo->isWholesaler()
// The user is the reseller // The user has this as one of their accounts
OR $uo->isReseller(); OR $uo->accounts->pluck('id')->contains($ao->id);
} }
/** /**

6
app/Models/Policies/InvoicePolicy.php
View File

@ -11,7 +11,7 @@ class InvoicePolicy
use HandlesAuthorization; use HandlesAuthorization;
/** /**
* Determine whether the user can view the service. * Determine whether the user can view the invoice.
* *
* @param User $uo * @param User $uo
* @param Invoice $io * @param Invoice $io
@ -25,8 +25,8 @@ class InvoicePolicy
// The user is the wholesaler // The user is the wholesaler
OR $uo->isWholesaler() OR $uo->isWholesaler()
// The user is the reseller // The user has this as one of their accounts
OR $uo->isReseller(); OR $uo->accounts->pluck('id')->contains($io->account_id);
} }
/** /**

4
app/Models/Policies/ServicePolicy.php
View File

@ -25,8 +25,8 @@ class ServicePolicy
// The user is the wholesaler // The user is the wholesaler
OR $uo->isWholesaler() OR $uo->isWholesaler()
// The user is the reseller // The user has this as one of their accounts
OR $uo->isReseller(); OR $uo->accounts->pluck('id')->contains($so->account_id);
} }
/** /**

6
app/Models/Policies/UserPolicy.php
View File

@ -11,7 +11,7 @@ class UserPolicy
use HandlesAuthorization; use HandlesAuthorization;
/** /**
* Determine whether the user can view the service. * Determine whether the user can view the user details.
* *
* @param User $uo * @param User $uo
* @param User $o * @param User $o
@ -25,8 +25,8 @@ class UserPolicy
// The user is the wholesaler // The user is the wholesaler
OR $uo->isWholesaler() OR $uo->isWholesaler()
// The user is the reseller // The user has this as one of their accounts
OR $uo->isReseller(); OR $uo->accounts->pluck('user')->pluck('id')->unique()->contains($o->id);
} }
/** /**

2
resources/views/theme/backend/adminlte/u/service/widgets/information.blade.php
View File

@ -16,7 +16,7 @@
<table class="table table-sm"> <table class="table table-sm">
<tr> <tr>
<th>Account</th> <th>Account</th>
<td><a href="{{url('u/home/',$o->account->user_id)}}">{{ $o->account->sid }}</a></td> <td><a href="{{url('u/home',$o->account->user_id)}}">{{ $o->account->sid }}</a></td>
</tr> </tr>
<tr> <tr>
<th>Status</th> <th>Status</th>