mirror of
https://github.com/bigcapitalhq/bigcapital.git
synced 2026-02-17 05:10:31 +00:00
d5402b6a9b
Add AuthorizationGuard and PermissionGuard to the following controllers: - CreditNoteRefundsController - CreditNotesApplyInvoiceController - VendorCreditApplyBillsController - VendorCreditsRefundController Add @RequirePermission decorators with appropriate actions: - View action for GET endpoints - Edit action for POST/DELETE endpoints - Refund action for refund-related operations Also fixes AuthorizationGuard to use userId from clsService instead of user.id from request for consistency with the abilities cache.