fix permission bug
This commit is contained in:
@@ -2,11 +2,13 @@
|
|||||||
|
|
||||||
namespace App\Nova\Resources\Order\Loan\Concerns;
|
namespace App\Nova\Resources\Order\Loan\Concerns;
|
||||||
|
|
||||||
|
use App\Nova\Resources\Branch\Branch;
|
||||||
use App\Repos\Branch\BranchRepo;
|
use App\Repos\Branch\BranchRepo;
|
||||||
use App\Repos\Order\Loan\LoanTypeRepo;
|
use App\Repos\Order\Loan\LoanTypeRepo;
|
||||||
use App\Repos\Order\OrderRepo;
|
use App\Repos\Order\OrderRepo;
|
||||||
use App\Repos\System\Settings\Location\RegionRepo;
|
use App\Repos\System\Settings\Location\RegionRepo;
|
||||||
use Laravel\Nova\Fields\Badge;
|
use Laravel\Nova\Fields\Badge;
|
||||||
|
use Laravel\Nova\Fields\BelongsTo;
|
||||||
use Laravel\Nova\Fields\ID;
|
use Laravel\Nova\Fields\ID;
|
||||||
use Laravel\Nova\Fields\Select;
|
use Laravel\Nova\Fields\Select;
|
||||||
use Laravel\Nova\Fields\Text;
|
use Laravel\Nova\Fields\Text;
|
||||||
@@ -33,9 +35,7 @@ class LoanOrderFieldsForIndex
|
|||||||
->options(RegionRepo::values())
|
->options(RegionRepo::values())
|
||||||
->sortable(),
|
->sortable(),
|
||||||
|
|
||||||
Select::make(__('Branch'), 'branch_id')
|
BelongsTo::make(__('Branch'), 'branch', Branch::class)
|
||||||
->displayUsingLabels()
|
|
||||||
->options(BranchRepo::values())
|
|
||||||
->sortable(),
|
->sortable(),
|
||||||
|
|
||||||
Text::make(__('Name'), 'customer_name'),
|
Text::make(__('Name'), 'customer_name'),
|
||||||
|
|||||||
@@ -111,7 +111,7 @@ class LoanOrder extends Resource
|
|||||||
}
|
}
|
||||||
|
|
||||||
if ($user->isOperator()) {
|
if ($user->isOperator()) {
|
||||||
return $query->whereIn('branch_id', $user->branches()->pluck('id'));
|
return $query->whereIn('branch_id', $user->branches()->pluck('branches.id'));
|
||||||
}
|
}
|
||||||
|
|
||||||
return $query->where('user_id', $request->user()->id);
|
return $query->where('user_id', $request->user()->id);
|
||||||
|
|||||||
@@ -26,7 +26,7 @@ class LoanOrderPolicy
|
|||||||
}
|
}
|
||||||
|
|
||||||
if ($user->isOperator()) {
|
if ($user->isOperator()) {
|
||||||
return $user->branches()->where('id', $loanOrder->branch_id)->exists();
|
return $user->branches()->where('branches.id', $loanOrder->branch_id)->exists();
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($user->ownsLoanOrder($loanOrder)) {
|
if ($user->ownsLoanOrder($loanOrder)) {
|
||||||
@@ -54,7 +54,7 @@ class LoanOrderPolicy
|
|||||||
}
|
}
|
||||||
|
|
||||||
if ($user->isOperator()) {
|
if ($user->isOperator()) {
|
||||||
return $user->branches()->where('id', $loanOrder->branch_id)->exists();
|
return $user->branches()->where('branches.id', $loanOrder->branch_id)->exists();
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($user->ownsLoanOrder($loanOrder) && in_array($loanOrder->status, [
|
if ($user->ownsLoanOrder($loanOrder) && in_array($loanOrder->status, [
|
||||||
@@ -76,7 +76,7 @@ class LoanOrderPolicy
|
|||||||
}
|
}
|
||||||
|
|
||||||
if ($user->isOperator()) {
|
if ($user->isOperator()) {
|
||||||
return $user->branches()->where('id', $loanOrder->branch_id)->exists();
|
return $user->branches()->where('branches.id', $loanOrder->branch_id)->exists();
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($user->ownsLoanOrder($loanOrder)) {
|
if ($user->ownsLoanOrder($loanOrder)) {
|
||||||
|
|||||||
@@ -92,9 +92,9 @@ class NovaServiceProvider extends NovaApplicationServiceProvider
|
|||||||
->canSee(fn () => auth()->user()->isMe()),
|
->canSee(fn () => auth()->user()->isMe()),
|
||||||
|
|
||||||
LogsTool::make()
|
LogsTool::make()
|
||||||
->canSee(fn () => Gate::allowIf(fn ($user) => $user->isMe()))
|
->canSee(fn () => Gate::allows('isMe', auth()->user()))
|
||||||
->canDownload(fn () => Gate::allowIf(fn ($user) => $user->isMe()))
|
->canDownload(fn () => Gate::allows('isMe', auth()->user()))
|
||||||
->canDelete(fn () => Gate::allowIf(fn ($user) => $user->isMe())),
|
->canDelete(fn () => Gate::allows('isMe', auth()->user())),
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user