shihaam/akaunting
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

improved dashboard authorization

Browse Source
This commit is contained in:
denisdulici
2020-01-11 22:57:19 +03:00
parent 83ba5c7691
commit 3b652df7cd
4 changed files with 27 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
app/Jobs/Common/UpdateDashboard.php
View File

@ -51,13 +51,27 @@ class UpdateDashboard extends Job
*/
public function authorize()
{
$user = user();
// Can't disable last dashboard for any shared user
if ($this->request->has('enabled') && !$this->request->get('enabled')) {
foreach ($this->dashboard->users as $user) {
if ($user->dashboards()->enabled()->count() > 1) {
continue;
}
// Can't delete your last dashboard
if ($this->request->has('users') && !in_array($user->id, (array) $this->request->get('users')) && ($user->dashboards()->enabled()->count() == 1)) {
$message = trans('dashboards.error.delete_last');
$message = trans('dashboards.error.disable_last');
throw new \Exception($message);
throw new \Exception($message);
}
}
if ($this->request->has('users')) {
$user = user();
if (!in_array($user->id, (array) $this->request->get('users')) && ($user->dashboards()->enabled()->count() == 1)) {
$message = trans('dashboards.error.delete_last');
throw new \Exception($message);
}
}
// Check if user can access dashboard