shihaam/akaunting
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

improved widget/report permissions

Browse Source
This commit is contained in:
Denis Duliçi
2020-06-13 00:13:39 +03:00
parent 6ca0ec5522
commit e1743e1f8f
4 changed files with 65 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
app/Http/Controllers/Common/Dashboards.php
View File

@ -10,7 +10,6 @@ use App\Jobs\Common\UpdateDashboard;
use App\Models\Common\Company;
use App\Models\Common\Dashboard;
use App\Models\Common\Widget;
use App\Models\Module\Module;
use App\Traits\DateTime;
use App\Traits\Users;
use App\Utilities\Widgets;
@ -69,13 +68,7 @@ class Dashboards extends Controller
}
$widgets = Widget::where('dashboard_id', $dashboard->id)->orderBy('sort', 'asc')->get()->filter(function ($widget) {
if ($alias = Widgets::getModuleAlias($widget->class)) {
if (!Module::alias($alias)->enabled()->first()) {
return false;
}
}
return Widgets::canRead($widget->class);
return Widgets::canShow($widget->class);
});
$financial_start = $this->getFinancialStart()->format('Y-m-d');

10
app/Http/Controllers/Common/Reports.php
View File

@ -25,7 +25,7 @@ class Reports extends Controller
$reports = Report::orderBy('name')->get();
foreach ($reports as $report) {
if (!Utility::canRead($report->class)) {
if (!Utility::canShow($report->class)) {
continue;
}
@ -56,7 +56,7 @@ class Reports extends Controller
*/
public function show(Report $report)
{
if (!Utility::canRead($report->class)) {
if (!Utility::canShow($report->class)) {
abort(403);
}
@ -203,7 +203,7 @@ class Reports extends Controller
*/
public function print(Report $report)
{
if (!Utility::canRead($report->class)) {
if (!Utility::canShow($report->class)) {
abort(403);
}
@ -218,7 +218,7 @@ class Reports extends Controller
*/
public function export(Report $report)
{
if (!Utility::canRead($report->class)) {
if (!Utility::canShow($report->class)) {
abort(403);
}
@ -263,7 +263,7 @@ class Reports extends Controller
public function clear()
{
Report::all()->each(function ($report) {
if (!Utility::canRead($report->class)) {
if (!Utility::canShow($report->class)) {
return;
}