Skip to content

Commit

Permalink
fix(global): Fix auth->company_id force cast conversion (int)
Browse files Browse the repository at this point in the history
- Replace company default for use the constant
gnovaro committed Mar 9, 2024
1 parent 884f929 commit 445a61b
Showing 22 changed files with 103 additions and 45 deletions.
2 changes: 1 addition & 1 deletion app/Http/Controllers/Account/AccountIndexController.php
Original file line number Diff line number Diff line change
@@ -14,7 +14,7 @@ class AccountIndexController extends MainController
public function index(Request $request)
{
$account = new Account();
$data['accounts'] = $account->getAllActiveByCompany(Auth::user()->company_id);
$data['accounts'] = $account->getAllActiveByCompany((int) Auth::user()->company_id);

return view('account.index', $data);
}
Original file line number Diff line number Diff line change
@@ -47,7 +47,7 @@ public function delete(Request $request, int $id)
}

// Ensure the user can only delete their own company
if (Auth::user()->company_id !== 1) {
if (Auth::user()->company_id !== Company::DEFAULT_COMPANY) {
return response()->json(['message' => 'Unauthorized'], 401);
}

3 changes: 2 additions & 1 deletion app/Http/Controllers/Api/User/UserDeleteController.php
Original file line number Diff line number Diff line change
@@ -4,6 +4,7 @@

namespace App\Http\Controllers\Api\User;

use App\Models\Company;
use App\Models\User;
use Illuminate\Http\JsonResponse;
use Illuminate\Http\Request;
@@ -47,7 +48,7 @@ public function delete(Request $request, int $id)
}

// Ensure the user can only delete users from their own company, except for users from company with ID 1
if ($user->company_id !== Auth::user()->company_id && Auth::user()->company_id !== 1) {
if ($user->company_id !== (int) Auth::user()->company_id && (int) Auth::user()->company_id !== Company::DEFAULT_COMPANY) {
return response()->json(['message' => 'Unauthorized'], 401);
}

2 changes: 1 addition & 1 deletion app/Http/Controllers/Auth/ConfirmPasswordController.php
Original file line number Diff line number Diff line change
@@ -28,7 +28,7 @@ class ConfirmPasswordController extends Controller
*
* @var string
*/
protected $redirectTo = RouteServiceProvider::HOME;
protected string $redirectTo = RouteServiceProvider::HOME;

/**
* Create a new controller instance.
2 changes: 1 addition & 1 deletion app/Http/Controllers/Auth/LoginController.php
Original file line number Diff line number Diff line change
@@ -30,7 +30,7 @@ class LoginController extends Controller
*
* @var string
*/
protected $redirectTo = RouteServiceProvider::HOME;
protected string $redirectTo = RouteServiceProvider::HOME;

/**
* Create a new controller instance.
2 changes: 1 addition & 1 deletion app/Http/Controllers/Auth/RegisterController.php
Original file line number Diff line number Diff line change
@@ -31,7 +31,7 @@ class RegisterController extends Controller
*
* @var string
*/
protected $redirectTo = RouteServiceProvider::HOME;
protected string $redirectTo = RouteServiceProvider::HOME;

/**
* Create a new controller instance.
4 changes: 1 addition & 3 deletions app/Http/Controllers/Auth/ResetPasswordController.php
Original file line number Diff line number Diff line change
@@ -25,8 +25,6 @@ class ResetPasswordController extends Controller

/**
* Where to redirect users after resetting their password.
*
* @var string
*/
protected $redirectTo = RouteServiceProvider::HOME;
protected string $redirectTo = RouteServiceProvider::HOME;
}
3 changes: 2 additions & 1 deletion app/Http/Controllers/Bank/BankDeleteController.php
Original file line number Diff line number Diff line change
@@ -6,6 +6,7 @@

use App\Http\Controllers\MainController;
use App\Models\Bank;
use App\Models\Company;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;

@@ -15,7 +16,7 @@ public function delete(Request $request, string $uuid)
{
$bank = Bank::find($uuid);
//@TODO improve this security check
if (Auth::user()->company_id !== 1) {
if ((int) Auth::user()->company_id !== Company::DEFAULT_COMPANY) {
return response()->json(['message' => 'Unauthorized'], 401);
}
$bank->delete();
2 changes: 1 addition & 1 deletion app/Http/Controllers/Brand/BrandSaveController.php
Original file line number Diff line number Diff line change
@@ -19,7 +19,7 @@ public function save(Request $request)
$brand = Brand::find($request->id);
}
$brand->name = $request->name;
$brand->company_id = Auth::user()->company_id;
$brand->company_id = (int) Auth::user()->company_id;
$brand->save();

return redirect('/brand');
2 changes: 1 addition & 1 deletion app/Http/Controllers/Campaign/CampaignIndexController.php
Original file line number Diff line number Diff line change
@@ -22,7 +22,7 @@ public function index(Request $request)
'text-bg-warning',
'text-bg-info',
];
$data['campaigns'] = $campaign->getAllByCompany(Auth::user()->company_id);
$data['campaigns'] = $campaign->getAllByCompany((int) Auth::user()->company_id);

return view('campaign.index', $data);
}
2 changes: 1 addition & 1 deletion app/Http/Controllers/Company/CompanyDeleteController.php
Original file line number Diff line number Diff line change
@@ -14,7 +14,7 @@ class CompanyDeleteController extends MainController
public function delete(Request $request, int $id)
{
$company = Company::find($id);
if (Auth::user()->company_id !== 1) {
if ((int) Auth::user()->company_id !== Company::DEFAULT_COMPANY) {
return response()->json(['message' => 'Unauthorized'], 401);
}
$company->delete();
7 changes: 6 additions & 1 deletion app/Http/Controllers/Company/CompanyIndexController.php
Original file line number Diff line number Diff line change
@@ -14,7 +14,12 @@ class CompanyIndexController extends MainController
public function index(Request $request)
{
$company = new Company();
$data['companies'] = Auth::user()->hasRole('SuperAdmin') ? $company->getAllPaginated() : Company::where('id', Auth::user()->company_id)->paginate();
if (Auth::user()->hasRole('SuperAdmin')) {
$companies = $company->getAllPaginated();
} else {
$companies = Company::where('id', (int) Auth::user()->company_id)->paginate();
}
$data['companies'] = $companies;

return view('company.index', $data);
}
4 changes: 2 additions & 2 deletions app/Http/Controllers/Customer/CustomerCreateController.php
Original file line number Diff line number Diff line change
@@ -26,8 +26,8 @@ public function create(Request $request)
$data['customer'] = $customer;
$data['countries'] = Country::orderBy('name')->get();
// Temporary fix get this from configuration
$data['industries'] = (Auth::user()->company_id == 3) ? $industry->getAllByCompany(Auth::user()->company_id) : $industry->getAll();
$data['sellers'] = $user->getAllActiveByCompany(Auth::user()->company_id);
$data['industries'] = ((int) Auth::user()->company_id == 3) ? $industry->getAllByCompany((int) Auth::user()->company_id) : $industry->getAll();
$data['sellers'] = $user->getAllActiveByCompany((int) Auth::user()->company_id);
$data['sources'] = Source::all();
$data['editorType'] = 'advanced';

2 changes: 1 addition & 1 deletion app/Http/Controllers/Customer/CustomerExportController.php
Original file line number Diff line number Diff line change
@@ -17,7 +17,7 @@ public function export(Request $request): BinaryFileResponse
$separator = ';';
$customer = new Customer();
$fileName = 'customers_'.Auth::user()->company->name.'_'.date('Ymd_His').'.csv';
$customers = Customer::where('company_id', Auth::user()->company_id)->get();
$customers = Customer::where('company_id', (int) Auth::user()->company_id)->get();
$headers = [
'Content-type' => 'text/csv',
'Content-Disposition' => "attachment; filename=$fileName",
4 changes: 3 additions & 1 deletion app/Http/Controllers/Lead/LeadSaveController.php
Original file line number Diff line number Diff line change
@@ -7,13 +7,15 @@
use App\Http\Controllers\MainController;
use App\Http\Requests\LeadRequest;
use App\Repositories\LeadRepository;
use Illuminate\Http\Request;

class LeadSaveController extends MainController
{
private LeadRepository $leadSaveRepository;

public function __construct(LeadRepository $leadRepository)
public function __construct(LeadRepository $leadRepository, Request $request)
{
parent::__construct($request);
$this->leadSaveRepository = $leadRepository;
}

Original file line number Diff line number Diff line change
@@ -15,6 +15,6 @@ public function getLatest(Request $request): \Illuminate\Http\JsonResponse
{
$notification = new Notification();

return response()->json(['notifications' => $notification->getLatestByUser(Auth::user()->id)]);
return response()->json(['notifications' => $notification->getLatestByUser((int) Auth::user()->id)]);
}
}
Original file line number Diff line number Diff line change
@@ -14,7 +14,7 @@ class NotificationIndexController extends MainController
public function index(Request $request)
{
$notification = new Notification();
$data['notifications'] = $notification->getLatestByUser(Auth::user()->id, 20, true);
$data['notifications'] = $notification->getLatestByUser((int) Auth::user()->id, 20, true);

return view('notification.index', $data);
}
2 changes: 1 addition & 1 deletion app/Http/Controllers/Order/OrderCreateController.php
Original file line number Diff line number Diff line change
@@ -21,7 +21,7 @@ public function create(Request $request)
$order = new Order();
$customer = new Customer();
$product = new Product();
$company_id = Auth::user()->company_id;
$company_id = (int) Auth::user()->company_id;
$data['order'] = $order;
$data['customers'] = $customer->getAllByCompanyId($company_id);
$data['products'] = $product->getAllByCompanyId($company_id);
4 changes: 2 additions & 2 deletions app/Http/Controllers/Ticket/TicketCreateController.php
Original file line number Diff line number Diff line change
@@ -19,8 +19,8 @@ public function create(Request $request)
$user = new User();
$customer = new Customer();
$data['ticket'] = $ticket;
$data['users'] = $user->getAllActiveByCompany(Auth::user()->company_id);
$data['customers'] = $customer->getAllByCompanyId(Auth::user()->company_id);
$data['users'] = $user->getAllActiveByCompany((int) Auth::user()->company_id);
$data['customers'] = $customer->getAllByCompanyId((int) Auth::user()->company_id);

return view('ticket.ticket', $data);
}
4 changes: 2 additions & 2 deletions app/Http/Controllers/Ticket/TicketUpdateController.php
Original file line number Diff line number Diff line change
@@ -21,8 +21,8 @@ public function update(Request $request, int $id)
$ticket = Ticket::find($id);
$customer = new Customer();
$data['ticket'] = $ticket;
$data['users'] = $user->getAllActiveByCompany(Auth::user()->company_id);
$data['customers'] = $customer->getAllByCompanyId(Auth::user()->company_id);
$data['users'] = $user->getAllActiveByCompany((int) Auth::user()->company_id);
$data['customers'] = $customer->getAllByCompanyId((int) Auth::user()->company_id);
$attachments = collect(Storage::disk('public')->allFiles('attachments-tickets'.DIRECTORY_SEPARATOR.$ticket->id));
$data['attachments'] = $attachments->map(function ($path) {
return [
89 changes: 70 additions & 19 deletions app/Models/Customer.php
Original file line number Diff line number Diff line change
@@ -6,13 +6,15 @@

use App\Models\Customer\Message;
use App\Models\Scopes\AssignedSellerScope;
use Illuminate\Database\Eloquent\Builder;
use Illuminate\Database\Eloquent\Collection;
use Illuminate\Database\Eloquent\Factories\HasFactory;
use Illuminate\Database\Eloquent\Model;
use Illuminate\Database\Eloquent\Relations\BelongsTo;
use Illuminate\Database\Eloquent\Relations\HasMany;
use Illuminate\Database\Eloquent\Relations\HasOne;
use Illuminate\Database\Eloquent\SoftDeletes;
use Illuminate\Support\Facades\DB;
use OpenApi\Annotations\OpenApi as OA;
use Squire\Models\Country;
use Yajra\Auditable\AuditableWithDeletesTrait;
@@ -247,33 +249,30 @@ public function getAll(): Collection
return Customer::all();
}

public function getAllByCompanyId(int $company_id, ?string $search = null, ?array $filters = null, ?string $order_by = 'created_at', int $limit = 50): mixed
public function getAllByCompanyId(
int $company_id,
?string $search = null,
?array $filters = null,
?string $order_by = 'created_at',
int $limit = 50): mixed
{
if (is_null($order_by)) {
$order_by = 'created_at';
}

$customers = Customer::where('company_id', $company_id);
if (! empty($search)) {
if (is_numeric($search)) {
$customers->orWhere('external_id', '=', "$search")
->orWhere('phone', 'LIKE', "%$search%");
}

if (is_string($search)) {
$words = explode(' ', $search);
if (count($words) == 1) {
$customers->where('name', 'LIKE', "%$search%")
->orWhere('business_name', 'LIKE', "%$search%")
->orWhere('tags', 'LIKE', "%$search%")
->orWhere('external_id', 'LIKE', "%$search%")
->orWhere('vat', 'LIKE', "%$search%");
} else {
$customers->whereFullText(['name', 'business_name'], $search)
->orWhere('tags', 'LIKE', "%$search%");
}
}
// Comprobamos si el motor de base de datos es compatible con búsquedas fulltext
$supportsFulltext = $this->supportsFulltext();

// Aplicamos la búsqueda adecuada según el soporte de fulltext
if ($supportsFulltext && ! empty($search)) {
$customers = $this->applyFulltextSearch($customers, $search);
} elseif (! empty($search)) {
$customers = $this->applyBasicSearch($customers, $search);
}

// Apply aditionals filters
if (is_array($filters)) {
foreach ($filters as $key => $filter) {
$customers->where($key, $filter);
@@ -283,6 +282,58 @@ public function getAllByCompanyId(int $company_id, ?string $search = null, ?arra
return $customers->orderBy($order_by, 'desc')->paginate($limit);
}

protected function isPgTrgmEnabled(): bool
{
$connection = DB::connection();
$result = $connection->select("SELECT * FROM pg_extension WHERE extname = 'pg_trgm'");

return ! empty($result);
}

protected function supportsFulltext(): bool
{
$driver = config('database.connections.'.config('database.default').'.driver');

switch ($driver) {
case 'mysql':
// Verificar si estamos utilizando MySQL y si el modo de SQL es 'strict_all_tables'
return true;
case 'pgsql':
// Verificar si estamos utilizando PostgreSQL y si la extensión pg_trgm está habilitada
return $this->isPgTrgmEnabled();
default:
// Otros motores de base de datos no son compatibles con búsquedas fulltext
return false;
}
}

protected function applyFulltextSearch(Builder $query, string $search): Builder
{
// Lógica para aplicar la búsqueda fulltext
return $query->whereFullText(['name', 'business_name'], $search)
->orWhere('tags', 'LIKE', "%$search%");
}

protected function applyBasicSearch(Builder $query, string $search): Builder
{
return $query->where(function (Builder $query) use ($search) {
if (is_numeric($search)) {
$query->orWhere('external_id', '=', $search)
->orWhere('phone', 'LIKE', "%$search%");
}

if (is_string($search)) {
$query->where(function (Builder $query) use ($search) {
$query->where('name', 'LIKE', "%$search%")
->orWhere('business_name', 'LIKE', "%$search%")
->orWhere('tags', 'LIKE', "%$search%")
->orWhere('external_id', 'LIKE', "%$search%")
->orWhere('vat', 'LIKE', "%$search%");
});
}
});
}

public function getCountByCompany(int $company_id): int
{
return Customer::where('company_id', $company_id)->count();
2 changes: 1 addition & 1 deletion version.php
Original file line number Diff line number Diff line change
@@ -1,3 +1,3 @@
<?php

const APP_VERSION = '3.7.8';
const APP_VERSION = '3.7.9';

0 comments on commit 445a61b

Please sign in to comment.