check permission before searching

2021-02-24 19:23:56 +03:00
parent 0d3f34ae8f
commit 24428977ef
1 changed files with 98 additions and 80 deletions
--- a/app/Http/Controllers/Common/Search.php
+++ b/app/Http/Controllers/Common/Search.php
@ -19,10 +19,13 @@ class Search extends Controller
     */
    public function index()
    {
+        $user = user();
+
        $search = new \stdClass();
        $search->results = [];
        $search->keyword = request('keyword');

+        if ($user->can('read-banking-accounts')) {
            $accounts = Account::enabled()->usingSearchString($search->keyword)->get();

            if ($accounts->count()) {
@ -36,7 +39,9 @@ class Search extends Controller
                    ];
                }
            }
+        }

+        if ($user->can('read-common-items')) {
            $items = Item::enabled()->usingSearchString($search->keyword)->get();

            if ($items->count()) {
@ -50,7 +55,9 @@ class Search extends Controller
                    ];
                }
            }
+        }

+        if ($user->can('read-sales-invoices')) {
            $invoices = Document::invoice()->usingSearchString($search->keyword)->get();

            if ($invoices->count()) {
@ -64,8 +71,10 @@ class Search extends Controller
                    ];
                }
            }
+        }

        /*
+        if ($user->can('read-sales-revenues')) {
            $income_transactions = Transaction::income()->usingSearchString($keyword)->get();

            if ($income_transactions->count()) {
@ -79,8 +88,10 @@ class Search extends Controller
                    ];
                }
            }
+        }
        */

+        if ($user->can('read-sales-customers')) {
            $customers = Contact::customer()->enabled()->usingSearchString($search->keyword)->get();

            if ($customers->count()) {
@ -94,7 +105,9 @@ class Search extends Controller
                    ];
                }
            }
+        }

+        if ($user->can('read-purchases-bills')) {
            $bills = Document::bill()->usingSearchString($search->keyword)->get();

            if ($bills->count()) {
@ -108,8 +121,10 @@ class Search extends Controller
                    ];
                }
            }
+        }

        /*
+        if ($user->can('read-purchases-payments')) {
            $payments = Transaction::expense()->usingSearchString($keyword)->get();

            if ($revenues->count()) {
@ -123,8 +138,10 @@ class Search extends Controller
                    ];
                }
            }
+        }
        */

+        if ($user->can('read-purchases-vendors')) {
            $vendors = Contact::vendor()->enabled()->usingSearchString($search->keyword)->get();

            if ($vendors->count()) {
@ -138,6 +155,7 @@ class Search extends Controller
                    ];
                }
            }
+        }

        event(new GlobalSearched($search));