Fix Model Policies from matching user_id's and account_id's, and other minor cosmetic fixes

This commit is contained in:
Deon George 2021-09-29 16:20:22 +10:00
parent f7439172b6
commit 4243da9c32
No known key found for this signature in database
GPG Key ID: 7670E8DC27415254
14 changed files with 173 additions and 172 deletions

View File

@ -36,7 +36,6 @@ class Kernel extends HttpKernel
\Illuminate\View\Middleware\ShareErrorsFromSession::class, \Illuminate\View\Middleware\ShareErrorsFromSession::class,
\App\Http\Middleware\VerifyCsrfToken::class, \App\Http\Middleware\VerifyCsrfToken::class,
\Illuminate\Routing\Middleware\SubstituteBindings::class, \Illuminate\Routing\Middleware\SubstituteBindings::class,
// \App\Http\Middleware\SetSite::class,
\Laravel\Passport\Http\Middleware\CreateFreshApiToken::class, \Laravel\Passport\Http\Middleware\CreateFreshApiToken::class,
], ],

View File

@ -10,7 +10,7 @@ class Role
public function handle($request, Closure $next, $role) public function handle($request, Closure $next, $role)
{ {
if ($role AND ! Auth::user()) if ($role AND ! Auth::user())
return abort(303,'Not Authenticated'); abort(403,'Not Authenticated');
switch ($role) { switch ($role) {
case 'wholesaler': case 'wholesaler':

View File

@ -3,9 +3,9 @@
namespace App\Mail; namespace App\Mail;
use Illuminate\Bus\Queueable; use Illuminate\Bus\Queueable;
use Illuminate\Contracts\Queue\ShouldQueue;
use Illuminate\Mail\Mailable; use Illuminate\Mail\Mailable;
use Illuminate\Queue\SerializesModels; use Illuminate\Queue\SerializesModels;
use Illuminate\Contracts\Queue\ShouldQueue;
use App\Models\Invoice; use App\Models\Invoice;

View File

@ -13,8 +13,8 @@ class OrderRequestApprove extends Mailable
{ {
use Queueable, SerializesModels; use Queueable, SerializesModels;
public $service; public Service $service;
public $notes; public string $notes;
/** /**
* Create a new message instance. * Create a new message instance.
@ -22,7 +22,7 @@ class OrderRequestApprove extends Mailable
* @param Service $o * @param Service $o
* @param string $notes * @param string $notes
*/ */
public function __construct(Service $o,$notes='') public function __construct(Service $o,string $notes='')
{ {
$this->service = $o; $this->service = $o;
$this->notes = $notes; $this->notes = $notes;
@ -35,8 +35,7 @@ class OrderRequestApprove extends Mailable
*/ */
public function build() public function build()
{ {
switch ($this->service->category) switch ($this->service->category) {
{
case 'ADSL': $subject = sprintf('%s: %s',$this->service->category,$this->service->service_adsl->service_address); case 'ADSL': $subject = sprintf('%s: %s',$this->service->category,$this->service->service_adsl->service_address);
break; break;

View File

@ -13,15 +13,15 @@ class OrderRequestReject extends Mailable
{ {
use Queueable, SerializesModels; use Queueable, SerializesModels;
public $service; public Service $service;
public $reason; public string $reason;
/** /**
* Create a new message instance. * Create a new message instance.
* *
* @return void * @return void
*/ */
public function __construct(Service $o,$reason) public function __construct(Service $o,string $reason)
{ {
$this->service = $o; $this->service = $o;
$this->reason = $reason; $this->reason = $reason;

View File

@ -12,14 +12,13 @@ class SocialLink extends Mailable
{ {
use Queueable, SerializesModels; use Queueable, SerializesModels;
public $token; public string $token;
public $user; public User $user;
/** /**
* Create a new message instance. * Create a new message instance.
* *
* @param User $o * @param AccountOauth $o
* @param string $token
*/ */
public function __construct(AccountOauth $o) public function __construct(AccountOauth $o)
{ {

View File

@ -13,6 +13,8 @@ class TestEmail extends Mailable
{ {
use Queueable, SerializesModels; use Queueable, SerializesModels;
public User $user;
/** /**
* Create a new message instance. * Create a new message instance.
* *

View File

@ -2,19 +2,21 @@
namespace App\Mail; namespace App\Mail;
use App\Models\Site;
use Carbon\Carbon; use Carbon\Carbon;
use Illuminate\Bus\Queueable; use Illuminate\Bus\Queueable;
use Illuminate\Contracts\Queue\ShouldQueue; use Illuminate\Contracts\Queue\ShouldQueue;
use Illuminate\Mail\Mailable; use Illuminate\Mail\Mailable;
use Illuminate\Queue\SerializesModels; use Illuminate\Queue\SerializesModels;
use App\Models\AdslSupplier; use App\Models\{AdslSupplier,Site};
class TrafficMismatch extends Mailable class TrafficMismatch extends Mailable
{ {
use Queueable, SerializesModels; use Queueable, SerializesModels;
public AdslSupplier $aso;
public Carbon $date;
/** /**
* Create a new message instance. * Create a new message instance.
* *

View File

@ -39,7 +39,7 @@ class AccountOauth extends Model
/** /**
* Get a link token to use when validating account. * Get a link token to use when validating account.
*/ */
public function getLinkTokenAttribute() public function getLinkTokenAttribute(): string
{ {
return strtoupper(substr(md5($this->id.$this->date_last),0,8)); return strtoupper(substr(md5($this->id.$this->date_last),0,8));
} }

View File

@ -13,29 +13,29 @@ class AccountPolicy
/** /**
* Determine whether the user can view the service. * Determine whether the user can view the service.
* *
* @param User $user * @param User $uo
* @param Account $o * @param Account $ao
* @return mixed * @return bool
*/ */
public function view(User $user, Account $o) public function view(User $uo,Account $ao): bool
{ {
// If this is a service for an account managed by a user. // If this is a service for an account managed by a user.
return ($user->accounts->pluck('id')->search($o->id) !== FALSE) return ($uo->accounts->pluck('id')->search($ao->id) !== FALSE)
// The user is the wholesaler // The user is the wholesaler
OR $user->isWholesaler() OR $uo->isWholesaler()
// The user is the reseller // The user is the reseller
OR $user->all_accounts()->pluck('id')->search($o->id); OR ($uo->all_accounts()->pluck('id')->search($ao->id) !== FALSE);
} }
/** /**
* Determine whether the user can create services. * Determine whether the user can create services.
* *
* @param User $user * @param User $uo
* @return mixed * @return bool
*/ */
public function create(User $user) public function create(User $uo): bool
{ {
return TRUE; return TRUE;
} }
@ -43,48 +43,48 @@ class AccountPolicy
/** /**
* Determine whether the user can update the service. * Determine whether the user can update the service.
* *
* @param User $user * @param User $uo
* @param Account $o * @param Account $ao
* @return mixed * @return bool
*/ */
public function update(User $user, Account $o) public function update(User $uo,Account $ao): bool
{ {
return $user->isWholesaler(); return $uo->isWholesaler();
} }
/** /**
* Determine whether the user can delete the service. * Determine whether the user can delete the service.
* *
* @param User $user * @param User $uo
* @param Account $o * @param Account $ao
* @return mixed * @return bool
*/ */
public function delete(User $user, Account $o) public function delete(User $uo,Account $ao): bool
{ {
return $user->isWholesaler(); return $uo->isWholesaler();
} }
/** /**
* Determine whether the user can restore the service. * Determine whether the user can restore the service.
* *
* @param User $user * @param User $uo
* @param Account $o * @param Account $ao
* @return mixed * @return bool
*/ */
public function restore(User $user, Account $o) public function restore(User $uo,Account $ao): bool
{ {
return $user->isWholesaler(); return $uo->isWholesaler();
} }
/** /**
* Determine whether the user can permanently delete the service. * Determine whether the user can permanently delete the service.
* *
* @param User $user * @param User $uo
* @param Account $o * @param Account $ao
* @return mixed * @return bool
*/ */
public function forceDelete(User $user, Account $o) public function forceDelete(User $uo,Account $ao): bool
{ {
return $user->isWholesaler(); return $uo->isWholesaler();
} }
} }

View File

@ -13,78 +13,78 @@ class InvoicePolicy
/** /**
* Determine whether the user can view the service. * Determine whether the user can view the service.
* *
* @param User $user * @param User $uo
* @param Invoice $o * @param Invoice $io
* @return mixed * @return bool
*/ */
public function view(User $user, Invoice $o) public function view(User $uo,Invoice $io): bool
{ {
// If this is a service for an account managed by a user. // If this is a service for an account managed by a user.
return ($user->invoices->pluck('id')->search($o->id) !== FALSE) return ($uo->invoices->pluck('id')->search($io->id) !== FALSE)
// The user is the wholesaler // The user is the wholesaler
OR $user->isWholesaler() OR $uo->isWholesaler()
// The user is the reseller // The user is the reseller
OR $user->all_accounts()->pluck('id')->search($o->account_id); OR ($uo->all_accounts()->pluck('id')->search($io->account_id) !== FALSE);
} }
/** /**
* Determine whether the user can create services. * Determine whether the user can create services.
* *
* @param User $user * @param User $uo
* @return mixed * @return bool
*/ */
public function create(User $user) public function create(User $uo): bool
{ {
return TRUE; return $uo->isWholesaler();
} }
/** /**
* Determine whether the user can update the service. * Determine whether the user can update the service.
* *
* @param User $user * @param User $uo
* @param Invoice $o * @param Invoice $io
* @return mixed * @return bool
*/ */
public function update(User $user, Invoice $o) public function update(User $uo,Invoice $io): bool
{ {
return $user->isWholesaler(); return $uo->isWholesaler();
} }
/** /**
* Determine whether the user can delete the service. * Determine whether the user can delete the service.
* *
* @param User $user * @param User $uo
* @param Invoice $o * @param Invoice $io
* @return mixed * @return bool
*/ */
public function delete(User $user, Invoice $o) public function delete(User $uo,Invoice $io): bool
{ {
return $user->isWholesaler(); return $uo->isWholesaler();
} }
/** /**
* Determine whether the user can restore the service. * Determine whether the user can restore the service.
* *
* @param User $user * @param User $uo
* @param Invoice $o * @param Invoice $io
* @return mixed * @return bool
*/ */
public function restore(User $user, Invoice $o) public function restore(User $uo,Invoice $io): bool
{ {
return $user->isWholesaler(); return $uo->isWholesaler();
} }
/** /**
* Determine whether the user can permanently delete the service. * Determine whether the user can permanently delete the service.
* *
* @param User $user * @param User $uo
* @param Invoice $o * @param Invoice $io
* @return mixed * @return bool
*/ */
public function forceDelete(User $user, Invoice $o) public function forceDelete(User $uo,Invoice $io): bool
{ {
return $user->isWholesaler(); return $uo->isWholesaler();
} }
} }

View File

@ -13,29 +13,29 @@ class ServicePolicy
/** /**
* Determine whether the user can view the service. * Determine whether the user can view the service.
* *
* @param User $user * @param User $uo
* @param Service $o * @param Service $so
* @return mixed * @return bool
*/ */
public function view(User $user, Service $o) public function view(User $uo, Service $so): bool
{ {
// If this is a service for an account managed by a user. // If this is a service for an account managed by a user.
return ($user->services->pluck('id')->search($o->id) !== FALSE) return ($uo->services->pluck('id')->search($so->id) !== FALSE)
// The user is the wholesaler // The user is the wholesaler
OR $user->isWholesaler() OR $uo->isWholesaler()
// The user is the reseller // The user is the reseller
OR $user->all_accounts()->pluck('id')->search($o->account_id); OR ($uo->all_accounts()->pluck('id')->search($so->account_id) !== FALSE);
} }
/** /**
* Determine whether the user can create services. * Determine whether the user can create services.
* *
* @param User $user * @param User $uo
* @return mixed * @return bool
*/ */
public function create(User $user) public function create(User $uo): bool
{ {
return TRUE; return TRUE;
} }
@ -43,61 +43,61 @@ class ServicePolicy
/** /**
* Can the user progress an order status * Can the user progress an order status
* *
* @param User $user * @param User $uo
* @param Service $o * @param Service $so
* @param string $next * @param string $stage
* @return bool * @return bool
*/ */
public function progress(User $user, Service $o,string $next) public function progress(User $uo,Service $so,string $stage): bool
{ {
return $o->actions()->has($next); return $so->actions()->has($stage);
} }
/** /**
* Determine whether the user can update the service. * Determine whether the user can update the service.
* *
* @param User $user * @param User $uo
* @param Service $o * @param Service $so
* @return mixed * @return bool
*/ */
public function update(User $user, Service $o) public function update(User $uo, Service $so): bool
{ {
return $user->isWholesaler(); return $uo->isWholesaler();
} }
/** /**
* Determine whether the user can delete the service. * Determine whether the user can delete the service.
* *
* @param User $user * @param User $uo
* @param Service $o * @param Service $so
* @return mixed * @return bool
*/ */
public function delete(User $user, Service $o) public function delete(User $uo, Service $so): bool
{ {
return $user->isWholesaler(); return $uo->isWholesaler();
} }
/** /**
* Determine whether the user can restore the service. * Determine whether the user can restore the service.
* *
* @param User $user * @param User $uo
* @param Service $o * @param Service $so
* @return mixed * @return bool
*/ */
public function restore(User $user, Service $o) public function restore(User $uo, Service $so): bool
{ {
return $user->isWholesaler(); return $uo->isWholesaler();
} }
/** /**
* Determine whether the user can permanently delete the service. * Determine whether the user can permanently delete the service.
* *
* @param User $user * @param User $uo
* @param Service $o * @param Service $so
* @return mixed * @return bool
*/ */
public function forceDelete(User $user, Service $o) public function forceDelete(User $uo, Service $so): bool
{ {
return $user->isWholesaler(); return $uo->isWholesaler();
} }
} }

View File

@ -1,6 +1,6 @@
<?php <?php
namespace App\Policies; namespace App\Models\Policies;
use Illuminate\Auth\Access\HandlesAuthorization; use Illuminate\Auth\Access\HandlesAuthorization;
@ -13,78 +13,78 @@ class UserPolicy
/** /**
* Determine whether the user can view the service. * Determine whether the user can view the service.
* *
* @param User $user * @param User $uo
* @param User $o * @param User $o
* @return mixed * @return bool
*/ */
public function view(User $user, User $o) public function view(User $uo,User $o): bool
{ {
// If this is a service for an account managed by a user. // If this is a service for an account managed by a user.
return ($user->id == $o->id) return ($uo->id == $o->id)
// The user is the wholesaler // The user is the wholesaler
OR $user->isWholesaler() OR $uo->isWholesaler()
// The user is the reseller // The user is the reseller
OR $user->all_clients()->pluck('id')->search($o->id); OR ($uo->all_clients()->pluck('id')->search($o->id) !== FALSE);
} }
/** /**
* Determine whether the user can create services. * Determine whether the user can create services.
* *
* @param User $user * @param User $uo
* @return mixed * @return bool
*/ */
public function create(User $user) public function create(User $uo): bool
{ {
// return $uo->isWholesaler();
} }
/** /**
* Determine whether the user can update the service. * Determine whether the user can update the service.
* *
* @param User $user * @param User $uo
* @param User $o * @param User $o
* @return mixed * @return bool
*/ */
public function update(User $user, User $o) public function update(User $uo, User $o): bool
{ {
// return $uo->isWholesaler();
} }
/** /**
* Determine whether the user can delete the service. * Determine whether the user can delete the service.
* *
* @param User $user * @param User $uo
* @param User $o * @param User $o
* @return mixed * @return bool
*/ */
public function delete(User $user, User $o) public function delete(User $uo, User $o): bool
{ {
// return $uo->isWholesaler();
} }
/** /**
* Determine whether the user can restore the service. * Determine whether the user can restore the service.
* *
* @param User $user * @param User $uo
* @param User $o * @param User $o
* @return mixed * @return bool
*/ */
public function restore(User $user, User $o) public function restore(User $uo, User $o): bool
{ {
// return $uo->isWholesaler();
} }
/** /**
* Determine whether the user can permanently delete the service. * Determine whether the user can permanently delete the service.
* *
* @param User $user * @param User $uo
* @param User $o * @param User $o
* @return mixed * @return bool
*/ */
public function forceDelete(User $user, User $o) public function forceDelete(User $uo, User $o): bool
{ {
// return $uo->isWholesaler();
} }
} }

View File

@ -330,14 +330,14 @@ class User extends Authenticatable
/* GENERAL METHODS */ /* GENERAL METHODS */
/** /**
* Determine if the user is an admin of the account with $id * Determine if the user is an admin of the user with $id
* *
* @param $id * @param $id
* @return bool * @return bool
*/ */
public function isAdmin($id): bool public function isAdmin($id): bool
{ {
return $id AND $this->isReseller() AND in_array($id,$this->all_accounts()->pluck('id')->toArray()); return $id AND $this->isReseller() AND in_array($id,$this->all_accounts()->pluck('user_id')->toArray());
} }
/** /**