check permission before searching

app/Http/Controllers/Common/Search.php

@@ -19,10 +19,13 @@ class Search extends Controller
      */
     public function index()
     {
+        $user = user();
+
         $search = new \stdClass();
         $search->results = [];
         $search->keyword = request('keyword');
 
+        if ($user->can('read-banking-accounts')) {
             $accounts = Account::enabled()->usingSearchString($search->keyword)->get();
 
             if ($accounts->count()) {
@@ -36,7 +39,9 @@ class Search extends Controller
                     ];
                 }
             }
+        }
 
+        if ($user->can('read-common-items')) {
             $items = Item::enabled()->usingSearchString($search->keyword)->get();
 
             if ($items->count()) {
@@ -50,7 +55,9 @@ class Search extends Controller
                     ];
                 }
             }
+        }
 
+        if ($user->can('read-sales-invoices')) {
             $invoices = Document::invoice()->usingSearchString($search->keyword)->get();
 
             if ($invoices->count()) {
@@ -64,8 +71,10 @@ class Search extends Controller
                     ];
                 }
             }
+        }
 
         /*
+        if ($user->can('read-sales-revenues')) {
             $income_transactions = Transaction::income()->usingSearchString($keyword)->get();
 
             if ($income_transactions->count()) {
@@ -79,8 +88,10 @@ class Search extends Controller
                     ];
                 }
             }
+        }
         */
 
+        if ($user->can('read-sales-customers')) {
             $customers = Contact::customer()->enabled()->usingSearchString($search->keyword)->get();
 
             if ($customers->count()) {
@@ -94,7 +105,9 @@ class Search extends Controller
                     ];
                 }
             }
+        }
 
+        if ($user->can('read-purchases-bills')) {
             $bills = Document::bill()->usingSearchString($search->keyword)->get();
 
             if ($bills->count()) {
@@ -108,8 +121,10 @@ class Search extends Controller
                     ];
                 }
             }
+        }
 
         /*
+        if ($user->can('read-purchases-payments')) {
             $payments = Transaction::expense()->usingSearchString($keyword)->get();
 
             if ($revenues->count()) {
@@ -123,8 +138,10 @@ class Search extends Controller
                     ];
                 }
             }
+        }
         */
 
+        if ($user->can('read-purchases-vendors')) {
             $vendors = Contact::vendor()->enabled()->usingSearchString($search->keyword)->get();
 
             if ($vendors->count()) {
@@ -138,6 +155,7 @@ class Search extends Controller
                     ];
                 }
             }
+        }
 
         event(new GlobalSearched($search));