From e0938cf82d0430eeff43618c13c764191c0c7d58 Mon Sep 17 00:00:00 2001 From: Daniel Meltzer Date: Mon, 25 Jul 2016 21:46:29 -0500 Subject: [PATCH] Scope to company when viewing assets (#2315) * If a user doesn't belong to a company, when scoping to a company we should only show items that don't belong to a company. * Scope tables/items to the company they belong to when fetching items for the index. * Fix asset count to also scope to company. This fixes dashboard view * Exempt super users from the child company check to be consistent. Fixes license count on dashboard now that we scope everything --- app/Http/Controllers/AccessoriesController.php | 2 +- app/Http/Controllers/AssetsController.php | 2 +- app/Http/Controllers/ComponentsController.php | 4 ++-- app/Http/Controllers/ConsumablesController.php | 4 ++-- app/Http/Controllers/LicensesController.php | 2 +- app/Models/Asset.php | 2 +- app/Models/Company.php | 8 ++------ 7 files changed, 10 insertions(+), 14 deletions(-) diff --git a/app/Http/Controllers/AccessoriesController.php b/app/Http/Controllers/AccessoriesController.php index a7c73f760a..4332785440 100755 --- a/app/Http/Controllers/AccessoriesController.php +++ b/app/Http/Controllers/AccessoriesController.php @@ -549,7 +549,7 @@ class AccessoriesController extends Controller **/ public function getDatatable(Request $request) { - $accessories = Accessory::select('accessories.*')->with('category', 'company') + $accessories = Company::scopeCompanyables(Accessory::select('accessories.*')->with('category', 'company')) ->whereNull('accessories.deleted_at'); if (Input::has('search')) { diff --git a/app/Http/Controllers/AssetsController.php b/app/Http/Controllers/AssetsController.php index ea21ef6aeb..b6cd4d6f82 100755 --- a/app/Http/Controllers/AssetsController.php +++ b/app/Http/Controllers/AssetsController.php @@ -1408,7 +1408,7 @@ class AssetsController extends Controller { - $assets = Asset::select('assets.*')->with('model', 'assigneduser', 'assigneduser.userloc', 'assetstatus', 'defaultLoc', 'assetlog', 'model', 'model.category', 'model.manufacturer', 'model.fieldset', 'assetstatus', 'assetloc', 'company') + $assets = Company::scopeCompanyables(Asset::select('assets.*'))->with('model', 'assigneduser', 'assigneduser.userloc', 'assetstatus', 'defaultLoc', 'assetlog', 'model', 'model.category', 'model.manufacturer', 'model.fieldset', 'assetstatus', 'assetloc', 'company') ->Hardware(); if (Input::has('search')) { diff --git a/app/Http/Controllers/ComponentsController.php b/app/Http/Controllers/ComponentsController.php index c455ec3de2..9be7282706 100644 --- a/app/Http/Controllers/ComponentsController.php +++ b/app/Http/Controllers/ComponentsController.php @@ -410,8 +410,8 @@ class ComponentsController extends Controller **/ public function getDatatable() { - $components = Component::select('components.*')->whereNull('components.deleted_at') - ->with('company', 'location', 'category'); + $components = Company::scopeCompanyables(Component::select('components.*')->whereNull('components.deleted_at') + ->with('company', 'location', 'category')); if (Input::has('search')) { $components = $components->TextSearch(Input::get('search')); diff --git a/app/Http/Controllers/ConsumablesController.php b/app/Http/Controllers/ConsumablesController.php index 9cdc284aa6..ab9aa9c5ec 100644 --- a/app/Http/Controllers/ConsumablesController.php +++ b/app/Http/Controllers/ConsumablesController.php @@ -397,8 +397,8 @@ class ConsumablesController extends Controller */ public function getDatatable() { - $consumables = Consumable::select('consumables.*')->whereNull('consumables.deleted_at') - ->with('company', 'location', 'category', 'users'); + $consumables = Company::scopeCompanyables(Consumable::select('consumables.*')->whereNull('consumables.deleted_at') + ->with('company', 'location', 'category', 'users')); if (Input::has('search')) { $consumables = $consumables->TextSearch(e(Input::get('search'))); diff --git a/app/Http/Controllers/LicensesController.php b/app/Http/Controllers/LicensesController.php index 99c575d08b..63d11427b4 100755 --- a/app/Http/Controllers/LicensesController.php +++ b/app/Http/Controllers/LicensesController.php @@ -965,7 +965,7 @@ class LicensesController extends Controller */ public function getDatatable() { - $licenses = License::with('company'); + $licenses = Company::scopeCompanyables(License::with('company')); if (Input::has('search')) { $licenses = $licenses->TextSearch(Input::get('search')); diff --git a/app/Models/Asset.php b/app/Models/Asset.php index f21a9e1bb0..477b35b7df 100644 --- a/app/Models/Asset.php +++ b/app/Models/Asset.php @@ -328,7 +328,7 @@ class Asset extends Depreciable public static function assetcount() { - return Asset::where('physical', '=', '1') + return Company::scopeCompanyables(Asset::where('physical', '=', '1')) ->whereNull('deleted_at', 'and') ->count(); } diff --git a/app/Models/Company.php b/app/Models/Company.php index 928eaf6584..c63b6134b9 100644 --- a/app/Models/Company.php +++ b/app/Models/Company.php @@ -55,11 +55,7 @@ final class Company extends Model $company_id = null; } - if ($company_id == null) { - return $query; - } else { - return $query->where($column, '=', $company_id); - } + return $query->where($column, '=', $company_id); } public static function getSelectList() @@ -141,7 +137,7 @@ final class Company extends Model { if (count($companyable_names) == 0) { throw new Exception('No Companyable Children to scope'); - } elseif (!static::isFullMultipleCompanySupportEnabled()) { + } elseif (!static::isFullMultipleCompanySupportEnabled() || (Auth::check() && Auth::user()->isSuperUser())) { return $query; } else { $f = function ($q) {