improved tenant identification
This commit is contained in:
Denis Duliçi
@ -1,41 +0,0 @@
|
||||
<?php
|
||||
|
||||
namespace App\Http\Middleware;
|
||||
|
||||
use Closure;
|
||||
use App\Traits\Users;
|
||||
|
||||
class ApiCompany
|
||||
{
|
||||
use Users;
|
||||
|
||||
/**
|
||||
* Handle an incoming request.
|
||||
*
|
||||
* @param \Illuminate\Http\Request $request
|
||||
* @param \Closure $next
|
||||
* @return mixed
|
||||
*/
|
||||
public function handle($request, Closure $next)
|
||||
{
|
||||
$company_id = $request->get('company_id');
|
||||
|
||||
if (empty($company_id)) {
|
||||
return $next($request);
|
||||
}
|
||||
|
||||
// Check if user can access company
|
||||
if (!$this->isUserCompany($company_id)) {
|
||||
return $next($request);
|
||||
}
|
||||
|
||||
// Set company id
|
||||
session(['company_id' => $company_id]);
|
||||
|
||||
// Set the company settings
|
||||
setting()->setExtraColumns(['company_id' => $company_id]);
|
||||
setting()->load(true);
|
||||
|
||||
return $next($request);
|
||||
}
|
||||
}
|
||||
@ -10,7 +10,7 @@ class Authenticate extends Middleware
|
||||
* Get the path the user should be redirected to when they are not authenticated.
|
||||
*
|
||||
* @param \Illuminate\Http\Request $request
|
||||
* @return string
|
||||
* @return string|null
|
||||
*/
|
||||
protected function redirectTo($request)
|
||||
{
|
||||
@ -18,4 +18,4 @@ class Authenticate extends Middleware
|
||||
return route('login');
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
59
app/Http/Middleware/IdentifyCompany.php
Normal file
59
app/Http/Middleware/IdentifyCompany.php
Normal file
@ -0,0 +1,59 @@
|
||||
<?php
|
||||
|
||||
namespace App\Http\Middleware;
|
||||
|
||||
use App\Traits\Users;
|
||||
use Closure;
|
||||
use Illuminate\Auth\AuthenticationException;
|
||||
|
||||
class IdentifyCompany
|
||||
{
|
||||
use Users;
|
||||
|
||||
/**
|
||||
* Handle an incoming request.
|
||||
*
|
||||
* @param \Illuminate\Http\Request $request
|
||||
* @param \Closure $next
|
||||
* @param string[] ...$guards
|
||||
* @return mixed
|
||||
*
|
||||
* @throws \Illuminate\Auth\AuthenticationException
|
||||
*/
|
||||
public function handle($request, Closure $next, ...$guards)
|
||||
{
|
||||
$company_id = $request->isApi()
|
||||
? $this->getCompanyIdFromApi($request)
|
||||
: $this->getCompanyIdFromWeb($request);
|
||||
|
||||
if (empty($company_id)) {
|
||||
abort(500, 'Missing company');
|
||||
}
|
||||
|
||||
// Check if user can access company
|
||||
if ($request->isNotSigned($company_id) && $this->isNotUserCompany($company_id)) {
|
||||
throw new AuthenticationException('Unauthenticated.', $guards);
|
||||
}
|
||||
|
||||
// Set company as current
|
||||
company($company_id)->makeCurrent();
|
||||
|
||||
// Fix routes
|
||||
app('url')->defaults(['company_id' => $company_id]);
|
||||
$request->route()->forgetParameter('company_id');
|
||||
|
||||
return $next($request);
|
||||
}
|
||||
|
||||
protected function getCompanyIdFromWeb($request)
|
||||
{
|
||||
return (int) $request->route('company_id');
|
||||
}
|
||||
|
||||
protected function getCompanyIdFromApi($request)
|
||||
{
|
||||
$company_id = $request->get('company_id', $request->header('X-Company'));
|
||||
|
||||
return $company_id ?: optional($this->getFirstCompanyOfUser())->id;
|
||||
}
|
||||
}
|
||||
@ -1,29 +0,0 @@
|
||||
<?php
|
||||
|
||||
namespace App\Http\Middleware;
|
||||
|
||||
use App\Utilities\Overrider;
|
||||
use Closure;
|
||||
|
||||
class LoadCurrencies
|
||||
{
|
||||
/**
|
||||
* Handle an incoming request.
|
||||
*
|
||||
* @param \Illuminate\Http\Request $request
|
||||
* @param \Closure $next
|
||||
* @return mixed
|
||||
*/
|
||||
public function handle($request, Closure $next)
|
||||
{
|
||||
$company_id = session('company_id');
|
||||
|
||||
if (empty($company_id)) {
|
||||
return $next($request);
|
||||
}
|
||||
|
||||
Overrider::load('currencies');
|
||||
|
||||
return $next($request);
|
||||
}
|
||||
}
|
||||
@ -1,29 +0,0 @@
|
||||
<?php
|
||||
|
||||
namespace App\Http\Middleware;
|
||||
|
||||
use App\Utilities\Overrider;
|
||||
use Closure;
|
||||
|
||||
class LoadSettings
|
||||
{
|
||||
/**
|
||||
* Handle an incoming request.
|
||||
*
|
||||
* @param \Illuminate\Http\Request $request
|
||||
* @param \Closure $next
|
||||
* @return mixed
|
||||
*/
|
||||
public function handle($request, Closure $next)
|
||||
{
|
||||
$company_id = session('company_id');
|
||||
|
||||
if (empty($company_id)) {
|
||||
return $next($request);
|
||||
}
|
||||
|
||||
Overrider::load('settings');
|
||||
|
||||
return $next($request);
|
||||
}
|
||||
}
|
||||
@ -20,15 +20,11 @@ class RedirectIfAuthenticated
|
||||
$guards = empty($guards) ? [null] : $guards;
|
||||
|
||||
foreach ($guards as $guard) {
|
||||
if (auth()->guard($guard)->check()) {
|
||||
$user = user();
|
||||
|
||||
if ($user->contact) {
|
||||
return redirect()->route('portal.dashboard');
|
||||
}
|
||||
|
||||
return redirect()->route($user->landing_page);
|
||||
if (!auth()->guard($guard)->check()) {
|
||||
continue;
|
||||
}
|
||||
|
||||
return redirect(user()->getLandingPageOfUser());
|
||||
}
|
||||
|
||||
return $next($request);
|
||||
|
||||
@ -4,7 +4,7 @@ namespace App\Http\Middleware;
|
||||
|
||||
use Closure;
|
||||
|
||||
class CanApiKey
|
||||
class RedirectIfNoApiKey
|
||||
{
|
||||
/**
|
||||
* Handle an incoming request.
|
||||
@ -14,15 +14,15 @@ class CanApiKey
|
||||
* @return mixed
|
||||
*/
|
||||
public function handle($request, Closure $next)
|
||||
{
|
||||
if ($request['alias'] != 'core') {
|
||||
if (setting('apps.api_key')) {
|
||||
return $next($request);
|
||||
} else {
|
||||
redirect('apps/api-key/create')->send();
|
||||
}
|
||||
} else {
|
||||
{
|
||||
if ($request->get('alias') == 'core') {
|
||||
return $next($request);
|
||||
}
|
||||
|
||||
if (setting('apps.api_key')) {
|
||||
return $next($request);
|
||||
}
|
||||
|
||||
return redirect()->route('apps.api-key.create');
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -3,7 +3,6 @@
|
||||
namespace App\Http\Middleware;
|
||||
|
||||
use Closure;
|
||||
use Illuminate\Support\Str;
|
||||
|
||||
class RedirectIfNotInstalled
|
||||
{
|
||||
@ -22,11 +21,11 @@ class RedirectIfNotInstalled
|
||||
}
|
||||
|
||||
// Already in the installation wizard
|
||||
if (Str::startsWith($request->getPathInfo(), '/install')) {
|
||||
if ($request->isInstall()) {
|
||||
return $next($request);
|
||||
}
|
||||
|
||||
// Not installed, redirect to installation wizard
|
||||
redirect()->route('install.requirements')->send();
|
||||
return redirect()->route('install.requirements');
|
||||
}
|
||||
}
|
||||
|
||||
@ -3,7 +3,6 @@
|
||||
namespace App\Http\Middleware;
|
||||
|
||||
use Closure;
|
||||
use Illuminate\Support\Str;
|
||||
|
||||
class RedirectIfWizardNotCompleted
|
||||
{
|
||||
@ -22,11 +21,11 @@ class RedirectIfWizardNotCompleted
|
||||
}
|
||||
|
||||
// Check url
|
||||
if (Str::startsWith($request->getPathInfo(), '/wizard') || Str::startsWith($request->getPathInfo(), '/settings')) {
|
||||
if ($request->isWizard(company_id()) || $request->is(company_id() . '/settings/*')) {
|
||||
return $next($request);
|
||||
}
|
||||
|
||||
// Redirect to wizard
|
||||
redirect()->route('wizard.edit')->send();
|
||||
return redirect()->route('wizard.edit');
|
||||
}
|
||||
}
|
||||
|
||||
@ -24,14 +24,14 @@ class RedirectSignedIfAuthenticated
|
||||
$page = 'dashboard';
|
||||
$params = [];
|
||||
|
||||
if ($request->segment(2) == 'invoices') {
|
||||
if ($request->segment(3) == 'invoices') {
|
||||
$page = 'invoices.show';
|
||||
|
||||
$invoice = Document::find($request->segment(3));
|
||||
$invoice = Document::find($request->segment(4));
|
||||
|
||||
$params = [$invoice->id];
|
||||
}
|
||||
|
||||
redirect()->route($prefix . $page, $params)->send();
|
||||
return redirect()->route($prefix . $page, $params);
|
||||
}
|
||||
}
|
||||
|
||||
@ -1,33 +0,0 @@
|
||||
<?php
|
||||
|
||||
namespace App\Http\Middleware;
|
||||
|
||||
use Closure;
|
||||
|
||||
class SignedCompany
|
||||
{
|
||||
/**
|
||||
* Handle an incoming request.
|
||||
*
|
||||
* @param \Illuminate\Http\Request $request
|
||||
* @param \Closure $next
|
||||
* @return mixed
|
||||
*/
|
||||
public function handle($request, Closure $next)
|
||||
{
|
||||
$company_id = $request->get('company_id');
|
||||
|
||||
if (empty($company_id)) {
|
||||
return $next($request);
|
||||
}
|
||||
|
||||
// Set company id
|
||||
session(['company_id' => $company_id]);
|
||||
|
||||
// Set the company settings
|
||||
setting()->setExtraColumns(['company_id' => $company_id]);
|
||||
setting()->load(true);
|
||||
|
||||
return $next($request);
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user