Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

HP-2069: change abstract permissions to correct #526

Open
wants to merge 8 commits into
base: master
Choose a base branch
from
Open

HP-2069: change abstract permissions to correct #526

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
18b0478
HP-2069: add checks for client
Oct 7, 2024
7a9b3e4
Merge branch 'master' into HP-2069
Oct 25, 2024
65d6b7c
change rights
Oct 27, 2024
4c446ac
change
Oct 27, 2024
cdab5cd
Merge branch 'master' into HP-2069
Nov 13, 2024
4d2005b
change
Nov 13, 2024
456ec38
change
Nov 17, 2024
dfd4719
use account owner
Dec 4, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion src/cart/BatchPurchaseStrategy.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -122,7 +122,7 @@ protected function analyzeResponse($response)
if (isset($response['_error']) && $response['_error'] === 'not enough money') {
foreach ($this->purchases as $key => $purchase) {
$error = Yii::t('hipanel:finance', 'Insufficient funds on the balance');
if ($this->user->can('support')) {
if (!$user->isAccountOwner()) {
$error = Yii::t('hipanel:finance', 'Insufficient funds. Maybe, your client does not have enough money on balance?');
}

Expand Down
4 changes: 1 addition & 3 deletions src/controllers/BillController.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -245,8 +245,7 @@ public function actionImport()
public function actionCreateExchange()
{
$model = new CurrencyExchangeForm();
$canSupport = Yii::$app->user->can('support');
if (!$canSupport) {
if (!Yii::$app->user->can('access-subclients')) {
$model->client_id = Yii::$app->user->identity->getId();
}

Expand All @@ -260,7 +259,6 @@ public function actionCreateExchange()

return $this->render('create-exchange', [
'model' => $model,
'canSupport' => $canSupport,
'rates' => $this->getExchangeRates(),
]);
}
Expand Down
2 changes: 1 addition & 1 deletion src/grid/CreditColumn.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ class CreditColumn
{
public static function resolveConfig()
{
return Yii::$app->user->can('manage') ? [
return Yii::$app->user->can('purse.set-credit') ? [
'class' => XEditableColumn::class,
'filter' => false,
'contentOptions' => ['class' => 'text-right'],
Expand Down
4 changes: 2 additions & 2 deletions src/grid/HistorySalesGridView.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -182,15 +182,15 @@ protected function formatSales(array $models): string
}

$result .= Html::tag('ul', $html, [
'class' => 'tariff-chain ' . ($this->user->can('support') ?: 'inactiveLink'),
'class' => 'tariff-chain ' . ($this->user->can('sale.read') ?: 'inactiveLink'),
'style' => 'margin: 0; padding: 0;',
]);

$html = Html::tag('li',
Html::a($sale['start'] . ' - ' . $sale['finish'], ['@sale/view', 'id' => $sale['id']])
);
$result .= Html::tag('ul', $html, [
'class' => 'tariff-chain ' . ($this->user->can('support') ?: 'inactiveLink'),
'class' => 'tariff-chain ' . ($this->user->can('sale.read') ?: 'inactiveLink'),
'style' => 'margin: 0; padding: 0;',
]);

Expand Down
2 changes: 1 addition & 1 deletion src/menus/DashboardItem.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ public function items()
'encode' => false,
];
}
if (Yii::$app->user->can('manage')) {
if (Yii::$app->user->can('plan.update')) {
$items['tariff'] = [
'label' => $this->render('dashboardTariffItem', array_merge($this->clientWithCounters->getWidgetData('tariff'), [
'route' => Url::toRoute('@plan/index'),
Expand Down
2 changes: 1 addition & 1 deletion src/menus/SaleActionsMenu.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ public function items(): array
'linkOptions' => [
'data-pjax' => 0,
],
'visible' => Yii::$app->user->can('sale.update'),
'visible' => Yii::$app->user->can('sale.update') && $this->model->isOperateable(),
],
];
}
Expand Down
15 changes: 15 additions & 0 deletions src/models/Sale.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -140,6 +140,21 @@ public static function find(array $options = []): SaleQuery
]);
}

public function isMine()
{
return (string) $this->buyer_id === (string) Yii::$app->user->identity->id;
}

public function isMineSeller()
{
return (string) $this->buyer_id === (string) Yii::$app->user->identity->seller_id;
}

public function isOperateable()
{
return !$this->isMine() && !$this->isMineSeller();
}

public function getServer(): ActiveQuery
{
return $this->hasOne(Server::class, ['id' => 'object_id'])
Expand Down
4 changes: 2 additions & 2 deletions src/views/bill/_search.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@
*/
?>

<?php if (Yii::$app->user->can('support')) : ?>
<?php if (Yii::$app->user->can('access-subclients')) : ?>
<div class="col-md-4 col-sm-6 col-xs-12">
<?= $search->field('client_id')->widget(ClientCombo::class) ?>
</div>
Expand Down Expand Up @@ -89,7 +89,7 @@
<?= $search->field('tariff_id')->widget(PlanCombo::class) ?>
</div>

<?php if (Yii::$app->user->can('support')) : ?>
<?php if (Yii::$app->user->can('access-subclients')) : ?>
<div class="col-md-4 col-sm-6 col-xs-12">
<?= $search->field('seller_id')->widget(SellerCombo::class) ?>
</div>
Expand Down
3 changes: 1 addition & 2 deletions src/views/bill/create-exchange.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,6 @@

/**
* @var View $this
* @var bool $canSupport
* @var CurrencyExchangeForm $model
* @var ExchangeRate[] $rates
*/
Expand All @@ -33,7 +32,7 @@
<div class="row">
<div class="col-lg-6 col-md-8">
<?php Box::begin() ?>
<?= $canSupport
<?= Yii::$app->user->can('access-subclients')
? $form->field($model, 'client_id')
->widget(ClientCombo::class)
: Html::activeHiddenInput($model, 'client_id') ?>
Expand Down
2 changes: 1 addition & 1 deletion src/views/bill/index.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,7 @@
'type', 'descr',
'time', 'no',
Yii::$app->user->can('resell') ? 'client' : null,
Yii::$app->user->can('support') ? 'seller' : null
Yii::$app->user->can('access-subclients') ? 'seller' : null
]),
]) ?>
<?php $page->endContent() ?>
Expand Down
2 changes: 1 addition & 1 deletion src/views/bill/view.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,7 @@
]) ?>
</div>

<?php if ($detalizationAllowed || Yii::$app->user->can('support')): ?>
<?php if ($detalizationAllowed || Yii::$app->user->can('bill.charges.read')): ?>
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Simplify redundant permission check

The condition contains a redundant permission check. Looking at line 23, $detalizationAllowed is already set to:

$detalizationAllowed = Yii::$app->params['module.finance.bill.detalization.allowed'] || Yii::$app->user->can('bill.charges.read');

Therefore, checking bill.charges.read again in the if condition is unnecessary.

Simplify the condition to:

-    <?php if ($detalizationAllowed || Yii::$app->user->can('bill.charges.read')): ?>
+    <?php if ($detalizationAllowed): ?>

<div class="col-md-9">
<?php $page = IndexPage::begin(['model' => $model, 'layout' => 'noSearch']) ?>
<?php $page->beginContent('show-actions') ?>
Expand Down
2 changes: 1 addition & 1 deletion src/views/menus/dashboardBillItem.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@
<?php if ($model->credit > 0) : ?>
<span><?= Yii::t('hipanel', 'Credit') . ' ' . Yii::$app->formatter->asCurrency($model->credit, $model->currency) ?></span>
<?php endif ?>
<?php if (Yii::$app->user->can('manage')) : ?>
<?php if (Yii::$app->user->can('bill.read')) : ?>
<br>
<?= SearchForm::widget([
'formOptions' => [
Expand Down
2 changes: 1 addition & 1 deletion src/views/requisite/_search.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@
<?= $search->field('email_like') ?>
</div>

<?php if (Yii::$app->user->can('support')) : ?>
<?php if (Yii::$app->user->can('access-subclients')) : ?>
<div class="col-md-4 col-sm-6 col-xs-12">
<?= $search->field('client_id')->widget(ClientCombo::class) ?>
</div>
Expand Down
7 changes: 5 additions & 2 deletions src/views/sale/_form.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -96,7 +96,10 @@
<?php if (Yii::$app->user->can('sale.update')) : ?>
<td>
<?= $form->field($sale, "[$idx]unsale_time")
->textInput(['class' => 'form-control datetime'])
->textInput([
'class' => 'form-control datetime',
'readonly' => !$sale->isOperateable()
])
->label(false)
?>
</td>
Expand All @@ -110,7 +113,7 @@
</td>
<td>
<?= $form->field($model, "[$idx]reason")
->textInput()
->textInput(['readonly' => !$sale->isOperateable()])
->label(false)
?>
</td>
Expand Down
6 changes: 5 additions & 1 deletion src/views/sale/modals/change-buyer-by-one.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,10 @@
<div class="col-md-8">
<?= $form->field($model, "[$tariffType][$idx]buyer_id")->widget(ClientCombo::class, [
'hasId' => true,
'inputOptions' => ['id' => "sale-$tariffType-$idx-buyer_id"],
'inputOptions' => [
'id' => "sale-$tariffType-$idx-buyer_id",
'readonly' => !$model->isOperateable(),
],
]) ?>
</div>
<div class="col-md-4">
Expand All @@ -59,6 +62,7 @@
'options' => [
'value' => Yii::$app->formatter->asDatetime(new DateTime(), 'php:Y-m-d H:i:s'),
'id' => "sale-$tariffType-$idx-time",
'readonly' => !$model->isOperateable(),
],
]) ?>
</div>
Expand Down
10 changes: 5 additions & 5 deletions src/views/tariff/server/view.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@
<thead>
<tr>
<td><?= Yii::t('hipanel:finance:tariff', 'Price') ?></td>
<?php if (Yii::$app->user->can('manage')) : ?>
<?php if (Yii::$app->user->can('price.update')) : ?>
<td><?= Yii::t('hipanel:finance:tariff', 'Parent tariff price') ?></td>
<td><?= Yii::t('hipanel:finance:tariff', 'Profit') ?></td>
<?php endif; ?>
Expand All @@ -28,7 +28,7 @@
<?php $price = $model->calculation()->price; ?>
<?php $basePrice = $model->parentCalculation()->price; ?>
<td><?= Yii::$app->formatter->asCurrency($price, $model->calculation()->currency) ?></td>
<?php if (Yii::$app->user->can('manage')) : ?>
<?php if (Yii::$app->user->can('price.update')) : ?>
<td><?= Yii::$app->formatter->asCurrency($basePrice, $model->parentCalculation()->currency) ?></td>
<td>
<?= PriceDifferenceWidget::widget([
Expand Down Expand Up @@ -63,7 +63,7 @@
'price' => $resource->fee,
'currency' => $resource->currency,
]) ?>
<?php if (Yii::$app->user->can('manage')) : ?>
<?php if (Yii::$app->user->can('price.update')) : ?>
<?= PriceDifferenceWidget::widget([
'new' => $resource->fee,
'old' => $baseResource->fee,
Expand Down Expand Up @@ -99,7 +99,7 @@
'price' => $resource->fee,
'currency' => $resource->currency,
]) ?>
<?php if (Yii::$app->user->can('manage')) : ?>
<?php if (Yii::$app->user->can('price.update')) : ?>
<?= PriceDifferenceWidget::widget([
'new' => $resource->fee,
'old' => $baseResource->fee,
Expand All @@ -114,7 +114,7 @@
'price' => $resource->price,
'currency' => $resource->currency,
]) ?>
<?php if (Yii::$app->user->can('manage')) : ?>
<?php if (Yii::$app->user->can('price.update')) : ?>
<?= PriceDifferenceWidget::widget([
'new' => $resource->price,
'old' => $baseResource->price,
Expand Down
10 changes: 5 additions & 5 deletions src/views/tariff/vds/view.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@
<thead>
<tr>
<td><?= Yii::t('hipanel:finance:tariff', 'Price') ?></td>
<?php if (Yii::$app->user->can('manage')) : ?>
<?php if (Yii::$app->user->can('price.update')) : ?>
<td><?= Yii::t('hipanel:finance:tariff', 'Parent tariff price') ?></td>
<td><?= Yii::t('hipanel:finance:tariff', 'Profit') ?></td>
<?php endif; ?>
Expand All @@ -28,7 +28,7 @@
<?php $price = $model->calculation()->price; ?>
<?php $basePrice = $model->parentCalculation()->price; ?>
<td><?= Yii::$app->formatter->asCurrency($price, $model->calculation()->currency) ?></td>
<?php if (Yii::$app->user->can('manage')) : ?>
<?php if (Yii::$app->user->can('price.update')) : ?>
<td><?= Yii::$app->formatter->asCurrency($basePrice, $model->parentCalculation()->currency) ?></td>
<td>
<?= PriceDifferenceWidget::widget([
Expand Down Expand Up @@ -63,7 +63,7 @@
'price' => $resource->fee,
'currency' => $resource->currency,
]) ?>
<?php if (Yii::$app->user->can('manage')) : ?>
<?php if (Yii::$app->user->can('price.update')) : ?>
<?= PriceDifferenceWidget::widget([
'new' => $resource->fee,
'old' => $baseResource->fee,
Expand Down Expand Up @@ -99,7 +99,7 @@
'price' => $resource->fee,
'currency' => $resource->currency,
]) ?>
<?php if (Yii::$app->user->can('manage')) : ?>
<?php if (Yii::$app->user->can('price.update')) : ?>
<?= PriceDifferenceWidget::widget([
'new' => $resource->fee,
'old' => $baseResource->fee,
Expand All @@ -114,7 +114,7 @@
'price' => $resource->price,
'currency' => $resource->currency,
]) ?>
<?php if (Yii::$app->user->can('manage')) : ?>
<?php if (Yii::$app->user->can('price.update')) : ?>
<?= PriceDifferenceWidget::widget([
'new' => $resource->price,
'old' => $baseResource->price,
Expand Down
4 changes: 2 additions & 2 deletions src/views/tariff/view.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@
<div class="profile-usermenu">
<?php if ($model->tariff->note) : ?>
<p style="padding: 10px 15px; border-bottom: 1px solid #f0f4f7;">
<?php if (Yii::$app->user->can('manage')) : ?>
<?php if (Yii::$app->user->can('plan.set-note')) : ?>
<?= Yii::t('hipanel:finance:tariff', '{0}:', [Html::tag('b', $model->tariff->getAttributeLabel('note'))]) ?>
<?= \hipanel\widgets\XEditable::widget([
'model' => $model->tariff,
Expand All @@ -62,7 +62,7 @@
<?php endif; ?>
</p>
<?php endif; ?>
<?php if (Yii::$app->user->can('manage')) : ?>
<?php if (Yii::$app->user->can('plan.update')) : ?>
<?= TariffDetailMenu::widget(['model' => $model]) ?>
<?php endif ?>
</div>
Expand Down
4 changes: 2 additions & 2 deletions src/widgets/CartCurrencyNegotiator.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,7 @@ public function run()
$cartCurrency
);

if (!Yii::$app->user->can('support')) {
if (Yii::$app->user->can('resell') || !Yii::$app->user->isAccountOwner()) {
// Prevent seller from exchanging own money to pay for client's services,
// when client's tariff is in different currency.
$convertibleCurrencies = $this->convertibleCurrencies(
Expand Down Expand Up @@ -176,7 +176,7 @@ private function renderCurrencyOptions(float $amount, string $currency): void
'currency' => $currency,
];

if (round($purse->getBudget(), 2) >= round($amount, 2) || Yii::$app->user->can('manage')) {
if (round($purse->getBudget(), 2) >= round($amount, 2) || Yii::$app->user->can('sale.create')) {
echo $this->render('enough', $options);
} elseif ($purse->getBudget() > 0) {
echo $this->render('partial', array_merge($options, [
Expand Down