mirror of
https://github.com/InvoiceShelf/InvoiceShelf.git
synced 2026-04-09 14:34:47 +00:00
1adebe85b9
Bulk delete: filter IDs through whereCompany() before deleting in all controllers (Invoices, Payments, Items, Expenses, Estimates, Recurring Invoices). Previously, any user could delete records from other companies by providing cross-company IDs. Transfer ownership: fix inverted hasCompany() check that allowed transferring company ownership to users who do NOT belong to the company, while blocking users who DO belong. Ref #567
82 lines
2.2 KiB
PHP
82 lines
2.2 KiB
PHP
<?php
|
|
|
|
namespace App\Http\Controllers\V1\Admin\Estimate;
|
|
|
|
use App\Http\Controllers\Controller;
|
|
use App\Http\Requests\DeleteEstimatesRequest;
|
|
use App\Http\Requests\EstimatesRequest;
|
|
use App\Http\Resources\EstimateResource;
|
|
use App\Jobs\GenerateEstimatePdfJob;
|
|
use App\Models\Estimate;
|
|
use Illuminate\Http\Request;
|
|
|
|
class EstimatesController extends Controller
|
|
{
|
|
public function index(Request $request)
|
|
{
|
|
$this->authorize('viewAny', Estimate::class);
|
|
|
|
$limit = $request->has('limit') ? $request->limit : 10;
|
|
|
|
$estimates = Estimate::whereCompany()
|
|
->join('customers', 'customers.id', '=', 'estimates.customer_id')
|
|
->applyFilters($request->all())
|
|
->select('estimates.*', 'customers.name')
|
|
->latest()
|
|
->paginateData($limit);
|
|
|
|
return EstimateResource::collection($estimates)
|
|
->additional(['meta' => [
|
|
'estimate_total_count' => Estimate::whereCompany()->count(),
|
|
]]);
|
|
}
|
|
|
|
public function store(EstimatesRequest $request)
|
|
{
|
|
$this->authorize('create', Estimate::class);
|
|
|
|
$estimate = Estimate::createEstimate($request);
|
|
|
|
if ($request->has('estimateSend')) {
|
|
$estimate->send($request->title, $request->body);
|
|
}
|
|
|
|
GenerateEstimatePdfJob::dispatch($estimate);
|
|
|
|
return new EstimateResource($estimate);
|
|
}
|
|
|
|
public function show(Request $request, Estimate $estimate)
|
|
{
|
|
$this->authorize('view', $estimate);
|
|
|
|
return new EstimateResource($estimate);
|
|
}
|
|
|
|
public function update(EstimatesRequest $request, Estimate $estimate)
|
|
{
|
|
$this->authorize('update', $estimate);
|
|
|
|
$estimate = $estimate->updateEstimate($request);
|
|
|
|
GenerateEstimatePdfJob::dispatch($estimate, true);
|
|
|
|
return new EstimateResource($estimate);
|
|
}
|
|
|
|
public function delete(DeleteEstimatesRequest $request)
|
|
{
|
|
$this->authorize('delete multiple estimates');
|
|
|
|
$ids = Estimate::whereCompany()
|
|
->whereIn('id', $request->ids)
|
|
->pluck('id');
|
|
|
|
Estimate::destroy($ids);
|
|
|
|
return response()->json([
|
|
'success' => true,
|
|
]);
|
|
}
|
|
}
|