Change ScopeServiceUserAuthorised to ScopeAccountUserAuthorised. Scope payments to AccountUserAuthorised, and added PaymentPolicy

2024-08-10 23:53:13 +10:00 · 2024-08-10 23:53:13 +10:00 · ef0d4dc773
commit ef0d4dc773
parent f60727f5fb
11 changed files with 150 additions and 56 deletions
--- a/app/Http/Controllers/ServiceController.php
+++ b/app/Http/Controllers/ServiceController.php
@ -274,7 +274,7 @@ class ServiceController extends Controller
 	public function domain_list(): View
 	{
 		$o = Service\Domain::ServiceActive()
-			->serviceUserAuthorised(Auth::user())
+			->AccountUserAuthorised('services')
 			->select('service_domain.*')
 			->join('services',['services.id'=>'service_domain.service_id'])
 			->with(['service.account','registrar'])
@ -287,7 +287,7 @@ class ServiceController extends Controller
 	public function email_list(): View
 	{
 		$o = Service\Email::ServiceActive()
-			->serviceUserAuthorised(Auth::user())
+			->AccountUserAuthorised('services')
 			->select('service_email.*')
 			->join('services',['services.id'=>'service_email.service_id'])
 			->with(['service.account','service.product.type.supplied.supplier_detail.supplier','tld'])
@ -313,7 +313,7 @@ class ServiceController extends Controller
 	public function hosting_list(): View
 	{
 		$o = Service\Host::ServiceActive()
-			->serviceUserAuthorised(Auth::user())
+			->AccountUserAuthorised('services')
 			->select('service_host.*')
 			->join('services',['services.id'=>'service_host.service_id'])
 			->with(['service.account','service.product.type.supplied.supplier_detail.supplier','tld'])
--- a/app/Http/Requests/ServiceChangeRequest.php
+++ b/app/Http/Requests/ServiceChangeRequest.php
@ -15,7 +15,9 @@ class ServiceChangeRequest extends FormRequest
     */
    public function authorize()
    {
-		return $this->route('o')->serviceUserAuthorised(Auth::user());
+		return $this
+			->route('o')
+			->AccountUserAuthorised();
    }

    /**
--- a/app/Models/Payment.php
+++ b/app/Models/Payment.php
@ -7,7 +7,7 @@ use Illuminate\Support\Facades\DB;
 use Leenooks\Traits\ScopeActive;

 use App\Interfaces\IDs;
-use App\Traits\{ProviderRef,PushNew,SiteID};
+use App\Traits\{ProviderRef,PushNew,ScopeAccountUserAuthorised,SiteID};

 /**
 * Class Payment
@ -24,7 +24,7 @@ use App\Traits\{ProviderRef,PushNew,SiteID};
 */
 class Payment extends Model implements IDs
 {
-	use PushNew,ScopeActive,ProviderRef,SiteID;
+	use ProviderRef,PushNew,ScopeActive,ScopeAccountUserAuthorised,SiteID;

 	protected $casts = [
 		'paid_at'=>'datetime:Y-m-d',
--- a/app/Models/Policies/PaymentPolicy.php
+++ b/app/Models/Policies/PaymentPolicy.php
@ -0,0 +1,83 @@
+<?php
+
+namespace App\Models\Policies;
+
+use Illuminate\Auth\Access\HandlesAuthorization;
+
+use App\Models\{Payment,User};
+
+class PaymentPolicy
+{
+	use HandlesAuthorization;
+
+	/**
+	 * Determine whether the user can view the payment.
+	 *
+	 * @param User    $uo
+	 * @param Payment $o
+	 * @return bool
+	 */
+	public function view(User $uo,Payment $o): bool
+	{
+		return $uo->accounts_all->pluck('id')->contains($o->account_id) || $uo->isWholesaler();
+	}
+
+	/**
+	 * Determine whether the user can create services.
+	 *
+	 * @param User $uo
+	 * @return bool
+	 */
+	public function create(User $uo): bool
+	{
+		return $uo->isWholesaler();
+	}
+
+	/**
+	 * Determine whether the user can update the service.
+	 *
+	 * @param User    $uo
+	 * @param Payment $o
+	 * @return bool
+	 */
+	public function update(User $uo,Payment $o): bool
+	{
+		return $uo->isWholesaler();
+	}
+
+	/**
+	 * Determine whether the user can delete the service.
+	 *
+	 * @param User    $uo
+	 * @param Payment $o
+	 * @return bool
+	 */
+	public function delete(User $uo,Payment $o): bool
+	{
+		return $uo->isWholesaler();
+	}
+
+	/**
+	 * Determine whether the user can restore the service.
+	 *
+	 * @param User    $uo
+	 * @param Payment $o
+	 * @return bool
+	 */
+	public function restore(User $uo,Payment $o): bool
+	{
+		return $uo->isWholesaler();
+	}
+
+	/**
+	 * Determine whether the user can permanently delete the service.
+	 *
+	 * @param User    $uo
+	 * @param Payment $o
+	 * @return bool
+	 */
+	public function forceDelete(User $uo,Payment $o): bool
+	{
+		return $uo->isWholesaler();
+	}
+}
--- a/app/Models/Service.php
+++ b/app/Models/Service.php
@ -16,7 +16,7 @@ use Leenooks\Casts\LeenooksCarbon;

 use App\Models\Product\Type;
 use App\Interfaces\IDs;
-use App\Traits\{ScopeServiceActive,ScopeServiceUserAuthorised};
+use App\Traits\{ScopeAccountUserAuthorised,ScopeServiceActive};

 /**
 * Class Service
@ -52,7 +52,7 @@ use App\Traits\{ScopeServiceActive,ScopeServiceUserAuthorised};
 */
 class Service extends Model implements IDs
 {
-	use HasFactory,ScopeServiceActive,ScopeServiceUserAuthorised;
+	use HasFactory,ScopeAccountUserAuthorised,ScopeServiceActive;

 	protected $casts = [
 		'order_info' => AsCollection::class,
@ -280,7 +280,7 @@ class Service extends Model implements IDs
 	{
 		return (new self)
 			->ServiceActive()
-			->ServiceUserAuthorised($uo)
+			->AccountUserAuthorised(NULL,$uo)
 			->where('order_status','!=','ACTIVE')
 			->with(['account','product'])
 			->get();
--- a/app/Models/Service/Type.php
+++ b/app/Models/Service/Type.php
@ -9,11 +9,11 @@ use Leenooks\Carbon as LeenooksCarbon;
 use App\Interfaces\ServiceItem;
 use App\Models\{Account,Service};
 use App\Models\Supplier\Type as SupplierType;
-use App\Traits\{ScopeServiceActive,ScopeServiceUserAuthorised};
+use App\Traits\{ScopeAccountUserAuthorised,ScopeServiceActive};

 abstract class Type extends Model implements ServiceItem
 {
-	use ScopeServiceActive,ScopeServiceUserAuthorised;
+	use ScopeAccountUserAuthorised,ScopeServiceActive;

 	protected $casts = [
 		'connect_at' => 'datetime:Y-m-d',
--- a/app/Providers/AppServiceProvider.php
+++ b/app/Providers/AppServiceProvider.php
@ -3,6 +3,7 @@
 namespace App\Providers;

 use Illuminate\Support\Facades\Gate;
+use Illuminate\Support\Facades\Route;
 use Illuminate\Support\ServiceProvider;
 use Intuit\Traits\IntuitSocialite;

@ -31,5 +32,8 @@ class AppServiceProvider extends ServiceProvider
 		});

 		$this->bootIntuitSocialite();
+
+		Route::model('co',\App\Models\Checkout::class);
+		Route::model('po',\App\Models\Payment::class);
    }
 }
--- a/app/Traits/ScopeAccountUserAuthorised.php
+++ b/app/Traits/ScopeAccountUserAuthorised.php
@ -0,0 +1,29 @@
+<?php
+
+/**
+ * Add a ScopeAuthorised to an Eloquent Model
+ * This will help limit the scope of accounts that a user can see.
+ */
+namespace App\Traits;
+
+use Illuminate\Support\Facades\Auth;
+
+use App\Models\User;
+
+trait ScopeAccountUserAuthorised
+{
+	/**
+	 * Only query records that the user is authorised to see
+	 */
+	public function scopeAccountUserAuthorised($query,string $table=NULL,User $uo=NULL)
+	{
+		if (! $uo)
+			$uo = Auth::user();
+
+		if (! $table)
+			$table = $this->getTable();
+
+		return $query
+			->whereIN($table.'.account_id',$uo->accounts_all->pluck('id'));
+	}
+}
--- a/app/Traits/ScopeServiceUserAuthorised.php
+++ b/app/Traits/ScopeServiceUserAuthorised.php
@ -1,21 +0,0 @@
-<?php
-
-/**
- * Add a ScopeAuthorised to an Eloquent Model
- * This will help limit the scope of accounts that a user can see.
- */
-namespace App\Traits;
-
-use App\Models\User;
-
-trait ScopeServiceUserAuthorised
-{
-	/**
-	 * Only query records that the user is authorised to see
-	 */
-	public function scopeServiceUserAuthorised($query,User $uo)
-	{
-		return $query
-			->whereIN('services.account_id',$uo->accounts_all->pluck('id'));
-	}
-}
--- a/resources/views/theme/backend/adminlte/payment/unapplied.blade.php
+++ b/resources/views/theme/backend/adminlte/payment/unapplied.blade.php
@ -34,7 +34,7 @@
 						</thead>

 						<tbody>
-						@foreach(Payment::active()->unapplied()->with(['account.user','checkout','items'])->get() as $o)
+						@foreach(Payment::AccountUserAuthorised()->active()->unapplied()->with(['account.user','checkout','items'])->get() as $o)
 							@continue(! $o->balance)
 							<tr>
 								<td><a href="{{ url('r/payment',$o->id) }}">{{ $o->id }}</td>
--- a/routes/web.php
+++ b/routes/web.php
@ -82,7 +82,6 @@ Route::group(['middleware'=>['auth','role:wholesaler'],'prefix'=>'a'],function()
 	Route::post('setup',[AdminController::class,'setup']);

 	// Checkout Setup (Payments)
-	Route::model('co',\App\Models\Checkout::class);
 	Route::view('checkout','theme.backend.adminlte.checkout.choose');
 	Route::view('checkout/new','theme.backend.adminlte.checkout.view');
 	Route::view('checkout/{co}','theme.backend.adminlte.checkout.view')
@ -144,6 +143,7 @@ Route::group(['middleware'=>['auth','role:reseller'],'prefix'=>'r'],function() {

 	// Reseller Reports
 	Route::group(['prefix'=>'report'],function() {
+		Route::view('charge/pending','theme.backend.adminlte.charge.pending');
 		Route::get('domain',[ServiceController::class,'domain_list']);
 		Route::get('email',[ServiceController::class,'email_list']);
 		Route::get('hosting',[ServiceController::class,'hosting_list']);
@ -158,9 +158,9 @@ Route::group(['middleware'=>['auth','role:reseller'],'prefix'=>'r'],function() {
 	Route::post('charge/edit',[ChargeController::class,'edit']);

 	// Payments
-	Route::model('po',\App\Models\Payment::class);
 	Route::view('payment/new','theme.backend.adminlte.payment.view');
 	Route::view('payment/{po}','theme.backend.adminlte.payment.view')
+		->middleware('can:update,po')
 		->where('po','[0-9]+');
 	Route::post('payment/{o?}',[PaymentController::class,'addedit'])
 		->where('o','[0-9]+');
@ -169,49 +169,46 @@ Route::group(['middleware'=>['auth','role:reseller'],'prefix'=>'r'],function() {
 	// Reseller API calls
 	Route::post('service_change_charges/{o}',[ServiceController::class,'service_change_charges_display'])
 		->where('o','[0-9]+');
-
-	// Charges
-	Route::view('report/charge/pending','theme.backend.adminlte.charge.pending');
 });

 // Our User Routes
 Route::group(['middleware'=>['auth'],'prefix'=>'u'],function() {
 	Route::get('home',[HomeController::class,'home']);
 	Route::get('home/{o}',[HomeController::class,'home'])
-		->where('o','[0-9]+')
-		->middleware('can:view,o');
+		->middleware('can:view,o')
+		->where('o','[0-9]+');

 	Route::view('checkout/cart','theme.backend.adminlte.checkout.cart');
 	Route::get('checkout/cart/{o}',[CheckoutController::class,'cart_invoice'])
-		->where('o','[0-9]+')
-		->middleware('can:view,o');
+		->middleware('can:view,o')
+		->where('o','[0-9]+');
 	Route::post('checkout/cart/remove',[CheckoutController::class,'cart_remove']);
 	Route::post('checkout/fee',[CheckoutController::class,'fee']);
 	Route::post('checkout/pay',[CheckoutController::class,'pay']);

 	Route::get('invoice/{o}',[InvoiceController::class,'view'])
-		->where('o','[0-9]+')
-		->middleware('can:view,o');
+		->middleware('can:view,o')
+		->where('o','[0-9]+');
 	Route::get('invoice/{o}/pdf',[InvoiceController::class,'pdf'])
-		->where('o','[0-9]+')
-		->middleware('can:view,o');
+		->middleware('can:view,o')
+		->where('o','[0-9]+');

 	Route::get('service/{o}',[ServiceController::class,'home'])
-		->where('o','[0-9]+')
-		->middleware('can:view,o');
+		->middleware('can:view,o')
+		->where('o','[0-9]+');
 	Route::match(['get','post'],'service/{o}/cancel-request',[ServiceController::class,'cancel_request'])
-		->where('o','[0-9]+')
-		->middleware('can:progress,o,"cancel-request"');
+		->middleware('can:progress,o,"cancel-request"')
+		->where('o','[0-9]+');
 	Route::match(['get','post'],'service/{o}/change-request',[ServiceController::class,'change_request'])
-		->where('o','[0-9]+')
-		->middleware('can:progress,o,"change-request"');
+		->middleware('can:progress,o,"change-request"')
+		->where('o','[0-9]+');
 	// @todo This shouldnt be a user privilege.
 	Route::match(['get','post'],'service/{o}/change-pending',[ServiceController::class,'change_pending'])
-		->where('o','[0-9]+')
-		->middleware('can:progress,o,"change-pending"');
+		->middleware('can:progress,o,"change-pending"')
+		->where('o','[0-9]+');
 	Route::get('service/{o}/change/{status}',[ServiceController::class,'change'])
-		->where('o','[0-9]+')
-		->middleware('can:progress,o,status');
+		->middleware('can:progress,o,status')
+		->where('o','[0-9]+');

 	// User settings
 	Route::view('settings','theme.backend.adminlte.user.settings');