Change ScopeServiceUserAuthorised to ScopeAccountUserAuthorised. Scope payments to AccountUserAuthorised, and added PaymentPolicy
This commit is contained in:
parent
f60727f5fb
commit
ef0d4dc773
@ -274,7 +274,7 @@ class ServiceController extends Controller
|
||||
public function domain_list(): View
|
||||
{
|
||||
$o = Service\Domain::ServiceActive()
|
||||
->serviceUserAuthorised(Auth::user())
|
||||
->AccountUserAuthorised('services')
|
||||
->select('service_domain.*')
|
||||
->join('services',['services.id'=>'service_domain.service_id'])
|
||||
->with(['service.account','registrar'])
|
||||
@ -287,7 +287,7 @@ class ServiceController extends Controller
|
||||
public function email_list(): View
|
||||
{
|
||||
$o = Service\Email::ServiceActive()
|
||||
->serviceUserAuthorised(Auth::user())
|
||||
->AccountUserAuthorised('services')
|
||||
->select('service_email.*')
|
||||
->join('services',['services.id'=>'service_email.service_id'])
|
||||
->with(['service.account','service.product.type.supplied.supplier_detail.supplier','tld'])
|
||||
@ -313,7 +313,7 @@ class ServiceController extends Controller
|
||||
public function hosting_list(): View
|
||||
{
|
||||
$o = Service\Host::ServiceActive()
|
||||
->serviceUserAuthorised(Auth::user())
|
||||
->AccountUserAuthorised('services')
|
||||
->select('service_host.*')
|
||||
->join('services',['services.id'=>'service_host.service_id'])
|
||||
->with(['service.account','service.product.type.supplied.supplier_detail.supplier','tld'])
|
||||
|
@ -15,7 +15,9 @@ class ServiceChangeRequest extends FormRequest
|
||||
*/
|
||||
public function authorize()
|
||||
{
|
||||
return $this->route('o')->serviceUserAuthorised(Auth::user());
|
||||
return $this
|
||||
->route('o')
|
||||
->AccountUserAuthorised();
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -7,7 +7,7 @@ use Illuminate\Support\Facades\DB;
|
||||
use Leenooks\Traits\ScopeActive;
|
||||
|
||||
use App\Interfaces\IDs;
|
||||
use App\Traits\{ProviderRef,PushNew,SiteID};
|
||||
use App\Traits\{ProviderRef,PushNew,ScopeAccountUserAuthorised,SiteID};
|
||||
|
||||
/**
|
||||
* Class Payment
|
||||
@ -24,7 +24,7 @@ use App\Traits\{ProviderRef,PushNew,SiteID};
|
||||
*/
|
||||
class Payment extends Model implements IDs
|
||||
{
|
||||
use PushNew,ScopeActive,ProviderRef,SiteID;
|
||||
use ProviderRef,PushNew,ScopeActive,ScopeAccountUserAuthorised,SiteID;
|
||||
|
||||
protected $casts = [
|
||||
'paid_at'=>'datetime:Y-m-d',
|
||||
|
83
app/Models/Policies/PaymentPolicy.php
Normal file
83
app/Models/Policies/PaymentPolicy.php
Normal file
@ -0,0 +1,83 @@
|
||||
<?php
|
||||
|
||||
namespace App\Models\Policies;
|
||||
|
||||
use Illuminate\Auth\Access\HandlesAuthorization;
|
||||
|
||||
use App\Models\{Payment,User};
|
||||
|
||||
class PaymentPolicy
|
||||
{
|
||||
use HandlesAuthorization;
|
||||
|
||||
/**
|
||||
* Determine whether the user can view the payment.
|
||||
*
|
||||
* @param User $uo
|
||||
* @param Payment $o
|
||||
* @return bool
|
||||
*/
|
||||
public function view(User $uo,Payment $o): bool
|
||||
{
|
||||
return $uo->accounts_all->pluck('id')->contains($o->account_id) || $uo->isWholesaler();
|
||||
}
|
||||
|
||||
/**
|
||||
* Determine whether the user can create services.
|
||||
*
|
||||
* @param User $uo
|
||||
* @return bool
|
||||
*/
|
||||
public function create(User $uo): bool
|
||||
{
|
||||
return $uo->isWholesaler();
|
||||
}
|
||||
|
||||
/**
|
||||
* Determine whether the user can update the service.
|
||||
*
|
||||
* @param User $uo
|
||||
* @param Payment $o
|
||||
* @return bool
|
||||
*/
|
||||
public function update(User $uo,Payment $o): bool
|
||||
{
|
||||
return $uo->isWholesaler();
|
||||
}
|
||||
|
||||
/**
|
||||
* Determine whether the user can delete the service.
|
||||
*
|
||||
* @param User $uo
|
||||
* @param Payment $o
|
||||
* @return bool
|
||||
*/
|
||||
public function delete(User $uo,Payment $o): bool
|
||||
{
|
||||
return $uo->isWholesaler();
|
||||
}
|
||||
|
||||
/**
|
||||
* Determine whether the user can restore the service.
|
||||
*
|
||||
* @param User $uo
|
||||
* @param Payment $o
|
||||
* @return bool
|
||||
*/
|
||||
public function restore(User $uo,Payment $o): bool
|
||||
{
|
||||
return $uo->isWholesaler();
|
||||
}
|
||||
|
||||
/**
|
||||
* Determine whether the user can permanently delete the service.
|
||||
*
|
||||
* @param User $uo
|
||||
* @param Payment $o
|
||||
* @return bool
|
||||
*/
|
||||
public function forceDelete(User $uo,Payment $o): bool
|
||||
{
|
||||
return $uo->isWholesaler();
|
||||
}
|
||||
}
|
@ -16,7 +16,7 @@ use Leenooks\Casts\LeenooksCarbon;
|
||||
|
||||
use App\Models\Product\Type;
|
||||
use App\Interfaces\IDs;
|
||||
use App\Traits\{ScopeServiceActive,ScopeServiceUserAuthorised};
|
||||
use App\Traits\{ScopeAccountUserAuthorised,ScopeServiceActive};
|
||||
|
||||
/**
|
||||
* Class Service
|
||||
@ -52,7 +52,7 @@ use App\Traits\{ScopeServiceActive,ScopeServiceUserAuthorised};
|
||||
*/
|
||||
class Service extends Model implements IDs
|
||||
{
|
||||
use HasFactory,ScopeServiceActive,ScopeServiceUserAuthorised;
|
||||
use HasFactory,ScopeAccountUserAuthorised,ScopeServiceActive;
|
||||
|
||||
protected $casts = [
|
||||
'order_info' => AsCollection::class,
|
||||
@ -280,7 +280,7 @@ class Service extends Model implements IDs
|
||||
{
|
||||
return (new self)
|
||||
->ServiceActive()
|
||||
->ServiceUserAuthorised($uo)
|
||||
->AccountUserAuthorised(NULL,$uo)
|
||||
->where('order_status','!=','ACTIVE')
|
||||
->with(['account','product'])
|
||||
->get();
|
||||
|
@ -9,11 +9,11 @@ use Leenooks\Carbon as LeenooksCarbon;
|
||||
use App\Interfaces\ServiceItem;
|
||||
use App\Models\{Account,Service};
|
||||
use App\Models\Supplier\Type as SupplierType;
|
||||
use App\Traits\{ScopeServiceActive,ScopeServiceUserAuthorised};
|
||||
use App\Traits\{ScopeAccountUserAuthorised,ScopeServiceActive};
|
||||
|
||||
abstract class Type extends Model implements ServiceItem
|
||||
{
|
||||
use ScopeServiceActive,ScopeServiceUserAuthorised;
|
||||
use ScopeAccountUserAuthorised,ScopeServiceActive;
|
||||
|
||||
protected $casts = [
|
||||
'connect_at' => 'datetime:Y-m-d',
|
||||
|
@ -3,6 +3,7 @@
|
||||
namespace App\Providers;
|
||||
|
||||
use Illuminate\Support\Facades\Gate;
|
||||
use Illuminate\Support\Facades\Route;
|
||||
use Illuminate\Support\ServiceProvider;
|
||||
use Intuit\Traits\IntuitSocialite;
|
||||
|
||||
@ -31,5 +32,8 @@ class AppServiceProvider extends ServiceProvider
|
||||
});
|
||||
|
||||
$this->bootIntuitSocialite();
|
||||
|
||||
Route::model('co',\App\Models\Checkout::class);
|
||||
Route::model('po',\App\Models\Payment::class);
|
||||
}
|
||||
}
|
29
app/Traits/ScopeAccountUserAuthorised.php
Normal file
29
app/Traits/ScopeAccountUserAuthorised.php
Normal file
@ -0,0 +1,29 @@
|
||||
<?php
|
||||
|
||||
/**
|
||||
* Add a ScopeAuthorised to an Eloquent Model
|
||||
* This will help limit the scope of accounts that a user can see.
|
||||
*/
|
||||
namespace App\Traits;
|
||||
|
||||
use Illuminate\Support\Facades\Auth;
|
||||
|
||||
use App\Models\User;
|
||||
|
||||
trait ScopeAccountUserAuthorised
|
||||
{
|
||||
/**
|
||||
* Only query records that the user is authorised to see
|
||||
*/
|
||||
public function scopeAccountUserAuthorised($query,string $table=NULL,User $uo=NULL)
|
||||
{
|
||||
if (! $uo)
|
||||
$uo = Auth::user();
|
||||
|
||||
if (! $table)
|
||||
$table = $this->getTable();
|
||||
|
||||
return $query
|
||||
->whereIN($table.'.account_id',$uo->accounts_all->pluck('id'));
|
||||
}
|
||||
}
|
@ -1,21 +0,0 @@
|
||||
<?php
|
||||
|
||||
/**
|
||||
* Add a ScopeAuthorised to an Eloquent Model
|
||||
* This will help limit the scope of accounts that a user can see.
|
||||
*/
|
||||
namespace App\Traits;
|
||||
|
||||
use App\Models\User;
|
||||
|
||||
trait ScopeServiceUserAuthorised
|
||||
{
|
||||
/**
|
||||
* Only query records that the user is authorised to see
|
||||
*/
|
||||
public function scopeServiceUserAuthorised($query,User $uo)
|
||||
{
|
||||
return $query
|
||||
->whereIN('services.account_id',$uo->accounts_all->pluck('id'));
|
||||
}
|
||||
}
|
@ -34,7 +34,7 @@
|
||||
</thead>
|
||||
|
||||
<tbody>
|
||||
@foreach(Payment::active()->unapplied()->with(['account.user','checkout','items'])->get() as $o)
|
||||
@foreach(Payment::AccountUserAuthorised()->active()->unapplied()->with(['account.user','checkout','items'])->get() as $o)
|
||||
@continue(! $o->balance)
|
||||
<tr>
|
||||
<td><a href="{{ url('r/payment',$o->id) }}">{{ $o->id }}</td>
|
||||
|
@ -82,7 +82,6 @@ Route::group(['middleware'=>['auth','role:wholesaler'],'prefix'=>'a'],function()
|
||||
Route::post('setup',[AdminController::class,'setup']);
|
||||
|
||||
// Checkout Setup (Payments)
|
||||
Route::model('co',\App\Models\Checkout::class);
|
||||
Route::view('checkout','theme.backend.adminlte.checkout.choose');
|
||||
Route::view('checkout/new','theme.backend.adminlte.checkout.view');
|
||||
Route::view('checkout/{co}','theme.backend.adminlte.checkout.view')
|
||||
@ -144,6 +143,7 @@ Route::group(['middleware'=>['auth','role:reseller'],'prefix'=>'r'],function() {
|
||||
|
||||
// Reseller Reports
|
||||
Route::group(['prefix'=>'report'],function() {
|
||||
Route::view('charge/pending','theme.backend.adminlte.charge.pending');
|
||||
Route::get('domain',[ServiceController::class,'domain_list']);
|
||||
Route::get('email',[ServiceController::class,'email_list']);
|
||||
Route::get('hosting',[ServiceController::class,'hosting_list']);
|
||||
@ -158,9 +158,9 @@ Route::group(['middleware'=>['auth','role:reseller'],'prefix'=>'r'],function() {
|
||||
Route::post('charge/edit',[ChargeController::class,'edit']);
|
||||
|
||||
// Payments
|
||||
Route::model('po',\App\Models\Payment::class);
|
||||
Route::view('payment/new','theme.backend.adminlte.payment.view');
|
||||
Route::view('payment/{po}','theme.backend.adminlte.payment.view')
|
||||
->middleware('can:update,po')
|
||||
->where('po','[0-9]+');
|
||||
Route::post('payment/{o?}',[PaymentController::class,'addedit'])
|
||||
->where('o','[0-9]+');
|
||||
@ -169,49 +169,46 @@ Route::group(['middleware'=>['auth','role:reseller'],'prefix'=>'r'],function() {
|
||||
// Reseller API calls
|
||||
Route::post('service_change_charges/{o}',[ServiceController::class,'service_change_charges_display'])
|
||||
->where('o','[0-9]+');
|
||||
|
||||
// Charges
|
||||
Route::view('report/charge/pending','theme.backend.adminlte.charge.pending');
|
||||
});
|
||||
|
||||
// Our User Routes
|
||||
Route::group(['middleware'=>['auth'],'prefix'=>'u'],function() {
|
||||
Route::get('home',[HomeController::class,'home']);
|
||||
Route::get('home/{o}',[HomeController::class,'home'])
|
||||
->where('o','[0-9]+')
|
||||
->middleware('can:view,o');
|
||||
->middleware('can:view,o')
|
||||
->where('o','[0-9]+');
|
||||
|
||||
Route::view('checkout/cart','theme.backend.adminlte.checkout.cart');
|
||||
Route::get('checkout/cart/{o}',[CheckoutController::class,'cart_invoice'])
|
||||
->where('o','[0-9]+')
|
||||
->middleware('can:view,o');
|
||||
->middleware('can:view,o')
|
||||
->where('o','[0-9]+');
|
||||
Route::post('checkout/cart/remove',[CheckoutController::class,'cart_remove']);
|
||||
Route::post('checkout/fee',[CheckoutController::class,'fee']);
|
||||
Route::post('checkout/pay',[CheckoutController::class,'pay']);
|
||||
|
||||
Route::get('invoice/{o}',[InvoiceController::class,'view'])
|
||||
->where('o','[0-9]+')
|
||||
->middleware('can:view,o');
|
||||
->middleware('can:view,o')
|
||||
->where('o','[0-9]+');
|
||||
Route::get('invoice/{o}/pdf',[InvoiceController::class,'pdf'])
|
||||
->where('o','[0-9]+')
|
||||
->middleware('can:view,o');
|
||||
->middleware('can:view,o')
|
||||
->where('o','[0-9]+');
|
||||
|
||||
Route::get('service/{o}',[ServiceController::class,'home'])
|
||||
->where('o','[0-9]+')
|
||||
->middleware('can:view,o');
|
||||
->middleware('can:view,o')
|
||||
->where('o','[0-9]+');
|
||||
Route::match(['get','post'],'service/{o}/cancel-request',[ServiceController::class,'cancel_request'])
|
||||
->where('o','[0-9]+')
|
||||
->middleware('can:progress,o,"cancel-request"');
|
||||
->middleware('can:progress,o,"cancel-request"')
|
||||
->where('o','[0-9]+');
|
||||
Route::match(['get','post'],'service/{o}/change-request',[ServiceController::class,'change_request'])
|
||||
->where('o','[0-9]+')
|
||||
->middleware('can:progress,o,"change-request"');
|
||||
->middleware('can:progress,o,"change-request"')
|
||||
->where('o','[0-9]+');
|
||||
// @todo This shouldnt be a user privilege.
|
||||
Route::match(['get','post'],'service/{o}/change-pending',[ServiceController::class,'change_pending'])
|
||||
->where('o','[0-9]+')
|
||||
->middleware('can:progress,o,"change-pending"');
|
||||
->middleware('can:progress,o,"change-pending"')
|
||||
->where('o','[0-9]+');
|
||||
Route::get('service/{o}/change/{status}',[ServiceController::class,'change'])
|
||||
->where('o','[0-9]+')
|
||||
->middleware('can:progress,o,status');
|
||||
->middleware('can:progress,o,status')
|
||||
->where('o','[0-9]+');
|
||||
|
||||
// User settings
|
||||
Route::view('settings','theme.backend.adminlte.user.settings');
|
||||
|
Loading…
Reference in New Issue
Block a user