shihaam/akaunting
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

improved dashboard authorization

Browse Source
This commit is contained in:
denisdulici 2020-01-11 22:57:19 +03:00
parent 83ba5c7691
commit 3b652df7cd
4 changed files with 27 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
app/Jobs/Common/DeleteDashboard.php
View File

@ -47,8 +47,12 @@ class DeleteDashboard extends Job
*/ */
public function authorize() public function authorize()
{ {
// Can't delete your last dashboard // Can't delete last dashboard for any shared user
if (user()->dashboards()->enabled()->count() == 1) { foreach ($this->dashboard->users as $user) {
if ($user->dashboards()->enabled()->count() > 1) {
continue;
}
$message = trans('dashboards.error.delete_last'); $message = trans('dashboards.error.delete_last');
throw new \Exception($message); throw new \Exception($message);

24
app/Jobs/Common/UpdateDashboard.php
View File

@ -51,13 +51,27 @@ class UpdateDashboard extends Job
*/ */
public function authorize() public function authorize()
{ {
$user = user(); // Can't disable last dashboard for any shared user
if ($this->request->has('enabled') && !$this->request->get('enabled')) {
foreach ($this->dashboard->users as $user) {
if ($user->dashboards()->enabled()->count() > 1) {
continue;
}
// Can't delete your last dashboard $message = trans('dashboards.error.disable_last');
if ($this->request->has('users') && !in_array($user->id, (array) $this->request->get('users')) && ($user->dashboards()->enabled()->count() == 1)) {
$message = trans('dashboards.error.delete_last');
throw new \Exception($message); throw new \Exception($message);
}
}
if ($this->request->has('users')) {
$user = user();
if (!in_array($user->id, (array) $this->request->get('users')) && ($user->dashboards()->enabled()->count() == 1)) {
$message = trans('dashboards.error.delete_last');
throw new \Exception($message);
}
} }
// Check if user can access dashboard // Check if user can access dashboard

2
resources/lang/en-GB/customers.php
View File

@ -6,7 +6,7 @@ return [
'user_created' => 'User Created', 'user_created' => 'User Created',
'error' => [ 'error' => [
'email' => 'The email has already been taken.' 'email' => 'The email has already been taken.',
], ],
]; ];

1
resources/lang/en-GB/dashboards.php
View File

@ -5,6 +5,7 @@ return [
'error' => [ 'error' => [
'not_user_dashboard' => 'Error: You are not allowed to change this dashboard!', 'not_user_dashboard' => 'Error: You are not allowed to change this dashboard!',
'delete_last' => 'Error: Can not delete the last dashboard. Please, create a new one first!', 'delete_last' => 'Error: Can not delete the last dashboard. Please, create a new one first!',
'disable_last' => 'Error: Can not disable the last dashboard. Please, create a new one first!',
], ],
]; ];