mirror of
https://github.com/InvoiceShelf/InvoiceShelf.git
synced 2026-04-08 22:14:48 +00:00
1adebe85b9
Bulk delete: filter IDs through whereCompany() before deleting in all controllers (Invoices, Payments, Items, Expenses, Estimates, Recurring Invoices). Previously, any user could delete records from other companies by providing cross-company IDs. Transfer ownership: fix inverted hasCompany() check that allowed transferring company ownership to users who do NOT belong to the company, while blocking users who DO belong. Ref #567
98 lines
2.5 KiB
PHP
98 lines
2.5 KiB
PHP
<?php
|
|
|
|
namespace App\Http\Controllers\V1\Admin\RecurringInvoice;
|
|
|
|
use App\Http\Controllers\Controller;
|
|
use App\Http\Requests\RecurringInvoiceRequest;
|
|
use App\Http\Resources\RecurringInvoiceResource;
|
|
use App\Models\RecurringInvoice;
|
|
use Illuminate\Http\Request;
|
|
use Illuminate\Http\Response;
|
|
|
|
class RecurringInvoiceController extends Controller
|
|
{
|
|
/**
|
|
* Display a listing of the resource.
|
|
*
|
|
* @return Response
|
|
*/
|
|
public function index(Request $request)
|
|
{
|
|
$this->authorize('viewAny', RecurringInvoice::class);
|
|
|
|
$limit = $request->has('limit') ? $request->limit : 10;
|
|
|
|
$recurringInvoices = RecurringInvoice::whereCompany()
|
|
->applyFilters($request->all())
|
|
->paginateData($limit);
|
|
|
|
return RecurringInvoiceResource::collection($recurringInvoices)
|
|
->additional(['meta' => [
|
|
'recurring_invoice_total_count' => RecurringInvoice::whereCompany()->count(),
|
|
]]);
|
|
}
|
|
|
|
/**
|
|
* Store a newly created resource in storage.
|
|
*
|
|
* @param Request $request
|
|
* @return Response
|
|
*/
|
|
public function store(RecurringInvoiceRequest $request)
|
|
{
|
|
$this->authorize('create', RecurringInvoice::class);
|
|
|
|
$recurringInvoice = RecurringInvoice::createFromRequest($request);
|
|
|
|
return new RecurringInvoiceResource($recurringInvoice);
|
|
}
|
|
|
|
/**
|
|
* Display the specified resource.
|
|
*
|
|
* @return Response
|
|
*/
|
|
public function show(RecurringInvoice $recurringInvoice)
|
|
{
|
|
$this->authorize('view', $recurringInvoice);
|
|
|
|
return new RecurringInvoiceResource($recurringInvoice);
|
|
}
|
|
|
|
/**
|
|
* Update the specified resource in storage.
|
|
*
|
|
* @param Request $request
|
|
* @return Response
|
|
*/
|
|
public function update(RecurringInvoiceRequest $request, RecurringInvoice $recurringInvoice)
|
|
{
|
|
$this->authorize('update', $recurringInvoice);
|
|
|
|
$recurringInvoice->updateFromRequest($request);
|
|
|
|
return new RecurringInvoiceResource($recurringInvoice);
|
|
}
|
|
|
|
/**
|
|
* Remove the specified resource from storage.
|
|
*
|
|
* @param RecurringInvoice $recurringInvoice
|
|
* @return Response
|
|
*/
|
|
public function delete(Request $request)
|
|
{
|
|
$this->authorize('delete multiple recurring invoices');
|
|
|
|
$ids = RecurringInvoice::whereCompany()
|
|
->whereIn('id', $request->ids)
|
|
->pluck('id');
|
|
|
|
RecurringInvoice::deleteRecurringInvoice($ids);
|
|
|
|
return response()->json([
|
|
'success' => true,
|
|
]);
|
|
}
|
|
}
|