mirror of
https://github.com/InvoiceShelf/InvoiceShelf.git
synced 2026-04-17 18:24:10 +00:00
Eliminate Company\CompaniesController, introduce owner role
Redistribute methods: - show() -> BootstrapController::currentCompany() - store(), destroy(), userCompanies() -> Admin\CompaniesController - transferOwnership() -> CompanySettingsController Security fix: introduce 'owner' role for company-level admin, distinct from 'super admin' which is now global platform admin only. - CompanyService::setupRoles() creates 'owner' role per company - Company creation assigns scoped 'owner' role instead of global 'super admin' - Seeders updated to assign 'owner' Migration renames all existing company-scoped 'super admin' roles to 'owner' and ensures every company owner has the role assigned.
This commit is contained in:
Darko Gjorgjijoski
@@ -2,14 +2,22 @@
|
||||
|
||||
namespace App\Http\Controllers\Admin;
|
||||
|
||||
use App\Facades\Hashids;
|
||||
use App\Http\Controllers\Controller;
|
||||
use App\Http\Requests\AdminCompanyUpdateRequest;
|
||||
use App\Http\Requests\CompaniesRequest;
|
||||
use App\Http\Resources\CompanyResource;
|
||||
use App\Models\Company;
|
||||
use App\Services\CompanyService;
|
||||
use Illuminate\Http\Request;
|
||||
use Silber\Bouncer\BouncerFacade;
|
||||
|
||||
class CompaniesController extends Controller
|
||||
{
|
||||
public function __construct(
|
||||
private readonly CompanyService $companyService,
|
||||
) {}
|
||||
|
||||
public function index(Request $request)
|
||||
{
|
||||
$companies = Company::query()
|
||||
@@ -54,4 +62,56 @@ class CompaniesController extends Controller
|
||||
|
||||
return new CompanyResource($company);
|
||||
}
|
||||
|
||||
public function store(CompaniesRequest $request)
|
||||
{
|
||||
$this->authorize('create company');
|
||||
|
||||
$user = $request->user();
|
||||
|
||||
$company = Company::create($request->getCompanyPayload());
|
||||
$company->unique_hash = Hashids::connection(Company::class)->encode($company->id);
|
||||
$company->save();
|
||||
$this->companyService->setupDefaults($company);
|
||||
$user->companies()->attach($company->id);
|
||||
|
||||
BouncerFacade::scope()->to($company->id);
|
||||
$user->assign('owner');
|
||||
|
||||
if ($request->address) {
|
||||
$company->address()->create($request->address);
|
||||
}
|
||||
|
||||
return new CompanyResource($company);
|
||||
}
|
||||
|
||||
public function destroy(Request $request)
|
||||
{
|
||||
$company = Company::find($request->header('company'));
|
||||
|
||||
$this->authorize('delete company', $company);
|
||||
|
||||
$user = $request->user();
|
||||
|
||||
if ($request->name !== $company->name) {
|
||||
return respondJson('company_name_must_match_with_given_name', 'Company name must match with given name');
|
||||
}
|
||||
|
||||
if ($user->loadCount('companies')->companies_count <= 1) {
|
||||
return respondJson('You_cannot_delete_all_companies', 'You cannot delete all companies');
|
||||
}
|
||||
|
||||
$this->companyService->delete($company, $user);
|
||||
|
||||
return response()->json([
|
||||
'success' => true,
|
||||
]);
|
||||
}
|
||||
|
||||
public function userCompanies(Request $request)
|
||||
{
|
||||
$companies = $request->user()->companies;
|
||||
|
||||
return CompanyResource::collection($companies);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,97 +0,0 @@
|
||||
<?php
|
||||
|
||||
namespace App\Http\Controllers\Company;
|
||||
|
||||
use App\Facades\Hashids;
|
||||
use App\Http\Controllers\Controller;
|
||||
use App\Http\Requests\CompaniesRequest;
|
||||
use App\Http\Resources\CompanyResource;
|
||||
use App\Models\Company;
|
||||
use App\Models\User;
|
||||
use App\Services\CompanyService;
|
||||
use Illuminate\Http\Request;
|
||||
use Silber\Bouncer\BouncerFacade;
|
||||
|
||||
class CompaniesController extends Controller
|
||||
{
|
||||
public function __construct(
|
||||
private readonly CompanyService $companyService,
|
||||
) {}
|
||||
|
||||
public function show(Request $request)
|
||||
{
|
||||
$company = Company::find($request->header('company'));
|
||||
|
||||
return new CompanyResource($company);
|
||||
}
|
||||
|
||||
public function store(CompaniesRequest $request)
|
||||
{
|
||||
$this->authorize('create company');
|
||||
|
||||
$user = $request->user();
|
||||
|
||||
$company = Company::create($request->getCompanyPayload());
|
||||
$company->unique_hash = Hashids::connection(Company::class)->encode($company->id);
|
||||
$company->save();
|
||||
$this->companyService->setupDefaults($company);
|
||||
$user->companies()->attach($company->id);
|
||||
$user->assign('super admin');
|
||||
|
||||
if ($request->address) {
|
||||
$company->address()->create($request->address);
|
||||
}
|
||||
|
||||
return new CompanyResource($company);
|
||||
}
|
||||
|
||||
public function destroy(Request $request)
|
||||
{
|
||||
$company = Company::find($request->header('company'));
|
||||
|
||||
$this->authorize('delete company', $company);
|
||||
|
||||
$user = $request->user();
|
||||
|
||||
if ($request->name !== $company->name) {
|
||||
return respondJson('company_name_must_match_with_given_name', 'Company name must match with given name');
|
||||
}
|
||||
|
||||
if ($user->loadCount('companies')->companies_count <= 1) {
|
||||
return respondJson('You_cannot_delete_all_companies', 'You cannot delete all companies');
|
||||
}
|
||||
|
||||
$this->companyService->delete($company, $user);
|
||||
|
||||
return response()->json([
|
||||
'success' => true,
|
||||
]);
|
||||
}
|
||||
|
||||
public function transferOwnership(Request $request, User $user)
|
||||
{
|
||||
$company = Company::find($request->header('company'));
|
||||
$this->authorize('transfer company ownership', $company);
|
||||
|
||||
if (! $user->hasCompany($company->id)) {
|
||||
return response()->json([
|
||||
'success' => false,
|
||||
'message' => 'User does not belong to this company.',
|
||||
]);
|
||||
}
|
||||
|
||||
$company->update(['owner_id' => $user->id]);
|
||||
BouncerFacade::sync($user)->roles(['super admin']);
|
||||
|
||||
return response()->json([
|
||||
'success' => true,
|
||||
]);
|
||||
}
|
||||
|
||||
public function getUserCompanies(Request $request)
|
||||
{
|
||||
$companies = $request->user()->companies;
|
||||
|
||||
return CompanyResource::collection($companies);
|
||||
}
|
||||
}
|
||||
@@ -76,4 +76,11 @@ class BootstrapController extends Controller
|
||||
'modules' => Module::where('enabled', true)->pluck('name'),
|
||||
]);
|
||||
}
|
||||
|
||||
public function currentCompany(Request $request)
|
||||
{
|
||||
$company = Company::find($request->header('company'));
|
||||
|
||||
return new CompanyResource($company);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -7,9 +7,11 @@ use App\Http\Requests\GetSettingsRequest;
|
||||
use App\Http\Requests\UpdateSettingsRequest;
|
||||
use App\Models\Company;
|
||||
use App\Models\CompanySetting;
|
||||
use App\Models\User;
|
||||
use Illuminate\Http\JsonResponse;
|
||||
use Illuminate\Http\Request;
|
||||
use Illuminate\Support\Arr;
|
||||
use Silber\Bouncer\BouncerFacade;
|
||||
|
||||
class CompanySettingsController extends Controller
|
||||
{
|
||||
@@ -55,4 +57,25 @@ class CompanySettingsController extends Controller
|
||||
'has_transactions' => $company->hasTransactions(),
|
||||
]);
|
||||
}
|
||||
|
||||
public function transferOwnership(Request $request, User $user): JsonResponse
|
||||
{
|
||||
$company = Company::find($request->header('company'));
|
||||
$this->authorize('transfer company ownership', $company);
|
||||
|
||||
if (! $user->hasCompany($company->id)) {
|
||||
return response()->json([
|
||||
'success' => false,
|
||||
'message' => 'User does not belong to this company.',
|
||||
]);
|
||||
}
|
||||
|
||||
$company->update(['owner_id' => $user->id]);
|
||||
BouncerFacade::scope()->to($company->id);
|
||||
BouncerFacade::sync($user)->roles(['owner']);
|
||||
|
||||
return response()->json([
|
||||
'success' => true,
|
||||
]);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -26,14 +26,14 @@ class CompanyService
|
||||
{
|
||||
BouncerFacade::scope()->to($company->id);
|
||||
|
||||
$superAdmin = BouncerFacade::role()->firstOrCreate([
|
||||
'name' => 'super admin',
|
||||
'title' => 'Super Admin',
|
||||
$owner = BouncerFacade::role()->firstOrCreate([
|
||||
'name' => 'owner',
|
||||
'title' => 'Owner',
|
||||
'scope' => $company->id,
|
||||
]);
|
||||
|
||||
foreach (config('abilities.abilities') as $ability) {
|
||||
BouncerFacade::allow($superAdmin)->to($ability['ability'], $ability['model']);
|
||||
BouncerFacade::allow($owner)->to($ability['ability'], $ability['model']);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -0,0 +1,47 @@
|
||||
<?php
|
||||
|
||||
use App\Models\Company;
|
||||
use App\Models\User;
|
||||
use Illuminate\Database\Migrations\Migration;
|
||||
use Silber\Bouncer\BouncerFacade;
|
||||
use Silber\Bouncer\Database\Role;
|
||||
|
||||
return new class extends Migration
|
||||
{
|
||||
/**
|
||||
* Rename all company-scoped "super admin" roles to "owner".
|
||||
* Ensure every company owner has the owner role assigned.
|
||||
*/
|
||||
public function up(): void
|
||||
{
|
||||
// Rename existing company-scoped super admin roles to owner
|
||||
Role::whereNotNull('scope')
|
||||
->where('name', 'super admin')
|
||||
->update([
|
||||
'name' => 'owner',
|
||||
'title' => 'Owner',
|
||||
]);
|
||||
|
||||
// Ensure every company owner has the owner role
|
||||
foreach (Company::whereNotNull('owner_id')->get() as $company) {
|
||||
BouncerFacade::scope()->to($company->id);
|
||||
$user = User::find($company->owner_id);
|
||||
if ($user && ! $user->isA('owner')) {
|
||||
$user->assign('owner');
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Reverse: rename owner roles back to super admin.
|
||||
*/
|
||||
public function down(): void
|
||||
{
|
||||
Role::whereNotNull('scope')
|
||||
->where('name', 'owner')
|
||||
->update([
|
||||
'name' => 'super admin',
|
||||
'title' => 'Super Admin',
|
||||
]);
|
||||
}
|
||||
};
|
||||
@@ -40,7 +40,7 @@ class DemoSeeder extends Seeder
|
||||
$user->companies()->attach($company->id);
|
||||
BouncerFacade::scope()->to($company->id);
|
||||
|
||||
$user->assign('super admin');
|
||||
$user->assign('owner');
|
||||
|
||||
// Set default user settings
|
||||
$user->setSettings([
|
||||
|
||||
@@ -37,7 +37,7 @@ class UsersTableSeeder extends Seeder
|
||||
$user->companies()->attach($company->id);
|
||||
BouncerFacade::scope()->to($company->id);
|
||||
|
||||
$user->assign('super admin');
|
||||
$user->assign('owner');
|
||||
|
||||
Setting::setSetting('profile_complete', 0);
|
||||
// Set version.
|
||||
|
||||
@@ -1,6 +1,7 @@
|
||||
<?php
|
||||
|
||||
use App\Http\Controllers\Admin\BackupsController;
|
||||
use App\Http\Controllers\Admin\CompaniesController;
|
||||
use App\Http\Controllers\Admin\CountriesController;
|
||||
use App\Http\Controllers\Admin\CurrenciesController;
|
||||
use App\Http\Controllers\Admin\Modules\ModuleInstallationController;
|
||||
@@ -14,7 +15,6 @@ use App\Http\Controllers\AppVersionController;
|
||||
use App\Http\Controllers\Company\Auth\AuthController;
|
||||
use App\Http\Controllers\Company\Auth\ForgotPasswordController;
|
||||
use App\Http\Controllers\Company\Auth\ResetPasswordController;
|
||||
use App\Http\Controllers\Company\CompaniesController;
|
||||
use App\Http\Controllers\Company\Customer\CustomersController;
|
||||
use App\Http\Controllers\Company\Customer\CustomerStatsController;
|
||||
use App\Http\Controllers\Company\CustomField\CustomFieldsController;
|
||||
@@ -148,9 +148,9 @@ Route::prefix('/v1')->group(function () {
|
||||
// ----------------------------------
|
||||
|
||||
Route::middleware(['auth:sanctum', 'super-admin'])->prefix('super-admin')->group(function () {
|
||||
Route::get('companies', [App\Http\Controllers\Admin\CompaniesController::class, 'index']);
|
||||
Route::get('companies/{company}', [App\Http\Controllers\Admin\CompaniesController::class, 'show']);
|
||||
Route::put('companies/{company}', [App\Http\Controllers\Admin\CompaniesController::class, 'update']);
|
||||
Route::get('companies', [CompaniesController::class, 'index']);
|
||||
Route::get('companies/{company}', [CompaniesController::class, 'show']);
|
||||
Route::put('companies/{company}', [CompaniesController::class, 'update']);
|
||||
|
||||
Route::get('users', [App\Http\Controllers\Admin\UsersController::class, 'index']);
|
||||
Route::get('users/{user}', [App\Http\Controllers\Admin\UsersController::class, 'show']);
|
||||
@@ -214,7 +214,7 @@ Route::prefix('/v1')->group(function () {
|
||||
|
||||
Route::get('/number-placeholders', [SerialNumberController::class, 'placeholders']);
|
||||
|
||||
Route::get('/current-company', [CompaniesController::class, 'show']);
|
||||
Route::get('/current-company', [BootstrapController::class, 'currentCompany']);
|
||||
|
||||
// Customers
|
||||
// ----------------------------------
|
||||
@@ -418,11 +418,11 @@ Route::prefix('/v1')->group(function () {
|
||||
|
||||
Route::post('companies', [CompaniesController::class, 'store']);
|
||||
|
||||
Route::post('/transfer/ownership/{user}', [CompaniesController::class, 'transferOwnership']);
|
||||
Route::post('/transfer/ownership/{user}', [CompanySettingsController::class, 'transferOwnership']);
|
||||
|
||||
Route::post('companies/delete', [CompaniesController::class, 'destroy']);
|
||||
|
||||
Route::get('companies', [CompaniesController::class, 'getUserCompanies']);
|
||||
Route::get('companies', [CompaniesController::class, 'userCompanies']);
|
||||
|
||||
// Users
|
||||
// ----------------------------------
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
<?php
|
||||
|
||||
use App\Http\Controllers\Company\CompaniesController;
|
||||
use App\Http\Controllers\Admin\CompaniesController;
|
||||
use App\Http\Requests\CompaniesRequest;
|
||||
use App\Models\Company;
|
||||
use App\Models\User;
|
||||
|
||||
Reference in New Issue
Block a user