viscous/invoiceninja
1
0
Fork 0
mirror of https://github.com/invoiceninja/invoiceninja.git synced 2026-03-03 03:07:01 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fixes for activity display for lesser permissioned users

Browse Source
This commit is contained in:
David Bomba
2026-01-19 08:29:08 +11:00
parent 991739cdb6
commit 0800575e7e
3 changed files with 18 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
app/Http/Controllers/ActivityController.php
View File

@@ -102,7 +102,9 @@ class ActivityController extends BaseController
/** @var \App\Models\User auth()->user() */
$user = auth()->user();
if (!$user->isAdmin()) {
$entity = $request->getEntity();
if ($user->cannot('view', $entity)) {
$activities->where('user_id', auth()->user()->id);
}

13
app/Http/Requests/Activity/ShowActivityRequest.php
View File

@@ -12,6 +12,7 @@
namespace App\Http\Requests\Activity;
use Illuminate\Support\Str;
use App\Http\Requests\Request;
use App\Utils\Traits\MakesHash;
@@ -48,4 +49,16 @@ class ShowActivityRequest extends Request
$this->replace($input);
}
public function getEntity()
{
if (!$this->entity) {
return false;
}
$class = "\\App\\Models\\".ucfirst(Str::camel(rtrim($this->entity, 's')));
return $class::withTrashed()->company()->where('id', is_string($this->entity_id) ? $this->decodePrimaryKey($this->entity_id) : $this->entity_id)->first();
}
}

2
app/Http/Requests/Activity/StoreNoteRequest.php
View File

@@ -18,6 +18,8 @@ use Illuminate\Validation\Rule;
class StoreNoteRequest extends Request
{
public $error_message;
/**
* Determine if the user is authorized to make this request.
*