QT/sure
1
0
Fork 0
mirror of https://github.com/we-promise/sure.git synced 2026-04-26 15:34:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

Providers sharing (#1273)

Browse Source 
* third party provider scoping

* Simplify logic and allow only admins to mange providers

* Broadcast fixes

* FIX tests and build

* Fixes

* Reviews

* Scope merchants

* DRY fixes
This commit is contained in:
soky srm
2026-03-25 17:47:04 +01:00
committed by GitHub
parent 1627cf197b
commit 9410e5b38d
74 changed files with 588 additions and 583 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
app/controllers/valuations_controller.rb
View File

@@ -3,14 +3,7 @@ class ValuationsController < ApplicationController
def confirm_create
@account = accessible_accounts.find(params.dig(:entry, :account_id))
unless @account.permission_for(Current.user).in?([ :owner, :full_control ])
respond_to do |format|
format.html { redirect_back_or_to account_path(@account), alert: t("accounts.not_authorized") }
format.turbo_stream { stream_redirect_back_or_to(account_path(@account), alert: t("accounts.not_authorized")) }
end
return
end
return unless require_account_permission!(@account)
@entry = @account.entries.build(entry_params.merge(currency: @account.currency))
@@ -25,14 +18,7 @@ class ValuationsController < ApplicationController
def confirm_update
@entry = Current.accessible_entries.find(params[:id])
unless @entry.account.permission_for(Current.user).in?([ :owner, :full_control ])
respond_to do |format|
format.html { redirect_back_or_to account_path(@entry.account), alert: t("accounts.not_authorized") }
format.turbo_stream { stream_redirect_back_or_to(account_path(@entry.account), alert: t("accounts.not_authorized")) }
end
return
end
return unless require_account_permission!(@entry.account)
@account = @entry.account
@entry.assign_attributes(entry_params.merge(currency: @account.currency))
@@ -49,14 +35,7 @@ class ValuationsController < ApplicationController
def create
account = accessible_accounts.find(params.dig(:entry, :account_id))
unless account.permission_for(Current.user).in?([ :owner, :full_control ])
respond_to do |format|
format.html { redirect_back_or_to account_path(account), alert: t("accounts.not_authorized") }
format.turbo_stream { stream_redirect_back_or_to(account_path(account), alert: t("accounts.not_authorized")) }
end
return
end
return unless require_account_permission!(account)
result = account.create_reconciliation(
balance: entry_params[:amount],
@@ -75,13 +54,7 @@ class ValuationsController < ApplicationController
end
def update
unless can_edit_entry?
respond_to do |format|
format.html { redirect_back_or_to account_path(@entry.account), alert: t("accounts.not_authorized") }
format.turbo_stream { stream_redirect_back_or_to(account_path(@entry.account), alert: t("accounts.not_authorized")) }
end
return
end
return unless require_account_permission!(@entry.account)
# Notes updating is independent of reconciliation, just a simple CRUD operation
@entry.update!(notes: entry_params[:notes]) if entry_params[:notes].present?