QT/InvoiceShelf
1
0
Fork 0
mirror of https://github.com/InvoiceShelf/InvoiceShelf.git synced 2026-04-09 22:44:48 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
242b689311a5e0646ebd3c4af590b38feccf43d8
InvoiceShelf/app/Http/Controllers/V1/Admin/Customer/CustomersController.php
Darko Gjorgjijoski 6092e48cf6 Scope bulk delete to current company to prevent cross-company deletion 
Filter customer IDs through whereCompany() before passing to
deleteCustomers(), ensuring users cannot delete customers belonging
to other companies via the bulk delete endpoint.
2026-04-03 13:49:57 +02:00

106 lines
2.7 KiB
PHP
Raw Blame History

<?php
namespace App\Http\Controllers\V1\Admin\Customer;
use App\Http\Controllers\Controller;
use App\Http\Requests;
use App\Http\Requests\DeleteCustomersRequest;
use App\Http\Resources\CustomerResource;
use App\Models\Customer;
use Illuminate\Http\JsonResponse;
use Illuminate\Http\Request;
class CustomersController extends Controller
{
/**
* Display a listing of the resource.
*
* @return JsonResponse
*/
public function index(Request $request)
{
$this->authorize('viewAny', Customer::class);
$limit = $request->has('limit') ? $request->limit : 10;
$customers = Customer::with('creator')
->whereCompany()
->applyFilters($request->all())
->withSum('invoices as base_due_amount', 'base_due_amount')
->withSum('invoices as due_amount', 'due_amount')
->paginateData($limit);
return CustomerResource::collection($customers)
->additional(['meta' => [
'customer_total_count' => Customer::whereCompany()->count(),
]]);
}
/**
* Store a newly created resource in storage.
*
* @param Request $request
* @return JsonResponse
*/
public function store(Requests\CustomerRequest $request)
{
$this->authorize('create', Customer::class);
$customer = Customer::createCustomer($request);
return new CustomerResource($customer);
}
/**
* Display the specified resource.
*
* @return JsonResponse
*/
public function show(Customer $customer)
{
$this->authorize('view', $customer);
return new CustomerResource($customer);
}
/**
* Update the specified resource in storage.
*
* @param Request $request
* @return JsonResponse
*/
public function update(Requests\CustomerRequest $request, Customer $customer)
{
$this->authorize('update', $customer);
$customer = Customer::updateCustomer($request, $customer);
if (is_string($customer)) {
return respondJson('you_cannot_edit_currency', 'Cannot change currency once transactions created');
}
return new CustomerResource($customer);
}
/**
* Remove a list of Customers along side all their resources (ie. Estimates, Invoices, Payments and Addresses)
*
* @param Request $request
* @return JsonResponse
*/
public function delete(DeleteCustomersRequest $request)
{
$this->authorize('delete multiple customers');
$ids = Customer::whereCompany()
->whereIn('id', $request->ids)
->pluck('id');
Customer::deleteCustomers($ids);
return response()->json([
'success' => true,
]);
}
}
Reference in New Issue View Git Blame Copy Permalink