firefly-iii/app/Rules/BelongsUser.php

<?php

/**
 * BelongsUser.php
 * Copyright (c) 2019 james@firefly-iii.org
 *
 * This file is part of Firefly III (https://github.com/firefly-iii).
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <https://www.gnu.org/licenses/>.
 */

declare(strict_types=1);

namespace FireflyIII\Rules;

use FireflyIII\Exceptions\FireflyException;
use FireflyIII\Models\Account;
use FireflyIII\Models\Bill;
use FireflyIII\Models\Budget;
use FireflyIII\Models\Category;
use FireflyIII\Models\PiggyBank;
use FireflyIII\Models\TransactionJournal;
use Illuminate\Contracts\Validation\ValidationRule;
use Closure;

/**
 * Class BelongsUser
 */
class BelongsUser implements ValidationRule
{
    public function validate(string $attribute, mixed $value, Closure $fail): void
    {
        $attribute = $this->parseAttribute($attribute);
        if (!auth()->check()) {
            $fail('validation.belongs_user')->translate();

            return;
        }
        app('log')->debug(sprintf('Going to validate %s', $attribute));

        $result    = match ($attribute) {
            'piggy_bank_id'               => $this->validatePiggyBankId((int) $value),
            'piggy_bank_name'             => $this->validatePiggyBankName($value),
            'bill_id'                     => $this->validateBillId((int) $value),
            'transaction_journal_id'      => $this->validateJournalId((int) $value),
            'bill_name'                   => $this->validateBillName($value),
            'budget_id'                   => $this->validateBudgetId((int) $value),
            'category_id'                 => $this->validateCategoryId((int) $value),
            'budget_name'                 => $this->validateBudgetName($value),
            'source_id', 'destination_id' => $this->validateAccountId((int) $value),
            default                       => throw new FireflyException(sprintf('Rule BelongsUser cannot handle "%s"', $attribute)),
        };
        if (false === $result) {
            $fail('validation.belongs_user')->translate();
        }
    }

    private function parseAttribute(string $attribute): string
    {
        $parts = explode('.', $attribute);
        if (1 === count($parts)) {
            return $attribute;
        }
        if (3 === count($parts)) {
            return $parts[2];
        }

        return $attribute;
    }

    private function validatePiggyBankId(int $value): bool
    {


        $count = PiggyBank::leftJoin('account_piggy_bank', 'account_piggy_bank.piggy_bank_id', '=', 'piggy_banks.id')
            ->leftJoin('accounts', 'accounts.id', '=', 'account_piggy_bank.account_id')
            ->where('piggy_banks.id', '=', $value)
            ->where('accounts.user_id', '=', auth()->user()->id)->count()
        ;

        return $count > 0;
    }

    private function validatePiggyBankName(string $value): bool
    {
        $count = PiggyBank::leftJoin('account_piggy_bank', 'account_piggy_bank.piggy_bank_id', '=', 'piggy_banks.id')
            ->leftJoin('accounts', 'accounts.id', '=', 'account_piggy_bank.account_id')
            ->where('piggy_banks.name', '=', $value)
            ->where('accounts.user_id', '=', auth()->user()->id)->count()
        ;

        return $count > 0;
    }

    private function validateBillId(int $value): bool
    {
        if (0 === $value) {
            return true;
        }
        $count = Bill::where('id', '=', $value)->where('user_id', '=', auth()->user()->id)->count();

        return 1 === $count;
    }

    private function validateJournalId(int $value): bool
    {
        if (0 === $value) {
            return true;
        }
        $count = TransactionJournal::where('id', '=', $value)->where('user_id', '=', auth()->user()->id)->count();

        return 1 === $count;
    }

    private function validateBillName(string $value): bool
    {
        $count = $this->countField(Bill::class, 'name', $value);
        app('log')->debug(sprintf('Result of countField for bill name "%s" is %d', $value, $count));

        return 1 === $count;
    }

    protected function countField(string $class, string $field, string $value): int
    {
        $value   = trim($value);
        $objects = [];
        // get all objects belonging to user:
        if (PiggyBank::class === $class) {
            $objects = PiggyBank::leftJoin('accounts', 'accounts.id', '=', 'piggy_banks.account_id')
                ->where('accounts.user_id', '=', auth()->user()->id)->get(['piggy_banks.*'])
            ;
        }
        if (PiggyBank::class !== $class) {
            $objects = $class::where('user_id', '=', auth()->user()->id)->get();
        }
        $count   = 0;
        foreach ($objects as $object) {
            $objectValue = trim((string) $object->{$field}); // @phpstan-ignore-line
            app('log')->debug(sprintf('Comparing object "%s" with value "%s"', $objectValue, $value));
            if ($objectValue === $value) {
                ++$count;
                app('log')->debug(sprintf('Hit! Count is now %d', $count));
            }
        }

        return $count;
    }

    private function validateBudgetId(int $value): bool
    {
        if (0 === $value) {
            return true;
        }
        $count = Budget::where('id', '=', $value)->where('user_id', '=', auth()->user()->id)->count();

        return 1 === $count;
    }

    private function validateCategoryId(int $value): bool
    {
        $count = Category::where('id', '=', $value)->where('user_id', '=', auth()->user()->id)->count();

        return 1 === $count;
    }

    private function validateBudgetName(string $value): bool
    {
        $count = $this->countField(Budget::class, 'name', $value);

        return 1 === $count;
    }

    private function validateAccountId(int $value): bool
    {
        if (0 === $value) {
            // its ok to submit 0. other checks will fail.
            return true;
        }
        $count = Account::where('id', '=', $value)->where('user_id', '=', auth()->user()->id)->count();

        return 1 === $count;
    }
}
Rule to validate if object belongs to submitting user. 2018-02-16 15:17:36 +01:00			`<?php`

Fix transactions. 2018-02-23 16:59:21 +01:00			`/**`
			`* BelongsUser.php`
Update email address. 2020-02-16 13:56:25 +01:00			`* Copyright (c) 2019 james@firefly-iii.org`
Fix transactions. 2018-02-23 16:59:21 +01:00			`*`
Update copyright of Firefly III to the GNU Affero General Public License as suggested by @nxxxse in #2607. This applies to all code in this commit from this moment onwards. 2019-10-02 06:37:26 +02:00			`* This file is part of Firefly III (https://github.com/firefly-iii).`
Fix transactions. 2018-02-23 16:59:21 +01:00			`*`
Update copyright of Firefly III to the GNU Affero General Public License as suggested by @nxxxse in #2607. This applies to all code in this commit from this moment onwards. 2019-10-02 06:37:26 +02:00			`* This program is free software: you can redistribute it and/or modify`
			`* it under the terms of the GNU Affero General Public License as`
			`* published by the Free Software Foundation, either version 3 of the`
			`* License, or (at your option) any later version.`
Fix transactions. 2018-02-23 16:59:21 +01:00			`*`
Update copyright of Firefly III to the GNU Affero General Public License as suggested by @nxxxse in #2607. This applies to all code in this commit from this moment onwards. 2019-10-02 06:37:26 +02:00			`* This program is distributed in the hope that it will be useful,`
Fix transactions. 2018-02-23 16:59:21 +01:00			`* but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
Update copyright of Firefly III to the GNU Affero General Public License as suggested by @nxxxse in #2607. This applies to all code in this commit from this moment onwards. 2019-10-02 06:37:26 +02:00			`* GNU Affero General Public License for more details.`
Fix transactions. 2018-02-23 16:59:21 +01:00			`*`
Update copyright of Firefly III to the GNU Affero General Public License as suggested by @nxxxse in #2607. This applies to all code in this commit from this moment onwards. 2019-10-02 06:37:26 +02:00			`* You should have received a copy of the GNU Affero General Public License`
			`* along with this program. If not, see <https://www.gnu.org/licenses/>.`
Fix transactions. 2018-02-23 16:59:21 +01:00			`*/`

Update copyright statements. 2018-05-11 10:08:34 +02:00			`declare(strict_types=1);`

Rule to validate if object belongs to submitting user. 2018-02-16 15:17:36 +01:00			`namespace FireflyIII\Rules;`

			`use FireflyIII\Exceptions\FireflyException;`
			`use FireflyIII\Models\Account;`
			`use FireflyIII\Models\Bill;`
			`use FireflyIII\Models\Budget;`
			`use FireflyIII\Models\Category;`
			`use FireflyIII\Models\PiggyBank;`
Code for https://github.com/firefly-iii/firefly-iii/issues/5610 2022-01-24 07:24:01 +01:00			`use FireflyIII\Models\TransactionJournal;`
Expand API and refactor for user groups. 2023-09-21 15:50:49 +02:00			`use Illuminate\Contracts\Validation\ValidationRule;`
Import statements and update configuration. 2025-05-27 16:57:36 +02:00			`use Closure;`
Rule to validate if object belongs to submitting user. 2018-02-16 15:17:36 +01:00
			`/**`
			`* Class BelongsUser`
			`*/`
Expand API and refactor for user groups. 2023-09-21 15:50:49 +02:00			`class BelongsUser implements ValidationRule`
Rule to validate if object belongs to submitting user. 2018-02-16 15:17:36 +01:00			`{`
Import statements and update configuration. 2025-05-27 16:57:36 +02:00			`public function validate(string $attribute, mixed $value, Closure $fail): void`
Rule to validate if object belongs to submitting user. 2018-02-16 15:17:36 +01:00			`{`
			`$attribute = $this->parseAttribute($attribute);`
			`if (!auth()->check()) {`
Expand API and refactor for user groups. 2023-09-21 15:50:49 +02:00			`$fail('validation.belongs_user')->translate();`
Code cleanup. 2023-12-20 19:35:52 +01:00
Expand API and refactor for user groups. 2023-09-21 15:50:49 +02:00			`return;`
Rule to validate if object belongs to submitting user. 2018-02-16 15:17:36 +01:00			`}`
Remove static references 2023-10-29 06:33:43 +01:00			`app('log')->debug(sprintf('Going to validate %s', $attribute));`
Various code cleanup. 2021-09-18 10:20:19 +02:00
Various code cleanup and fixed alignments. 2024-01-01 14:43:56 +01:00			`$result = match ($attribute) {`
Code cleanup 2024-12-22 08:43:12 +01:00			`'piggy_bank_id' => $this->validatePiggyBankId((int) $value),`
Code for new release 2023-07-15 16:02:42 +02:00			`'piggy_bank_name' => $this->validatePiggyBankName($value),`
Code cleanup 2024-12-22 08:43:12 +01:00			`'bill_id' => $this->validateBillId((int) $value),`
			`'transaction_journal_id' => $this->validateJournalId((int) $value),`
Code for new release 2023-07-15 16:02:42 +02:00			`'bill_name' => $this->validateBillName($value),`
Code cleanup 2024-12-22 08:43:12 +01:00			`'budget_id' => $this->validateBudgetId((int) $value),`
			`'category_id' => $this->validateCategoryId((int) $value),`
Code for new release 2023-07-15 16:02:42 +02:00			`'budget_name' => $this->validateBudgetName($value),`
Code cleanup 2024-12-22 08:43:12 +01:00			`'source_id', 'destination_id' => $this->validateAccountId((int) $value),`
Expand API and refactor for user groups. 2023-09-21 15:50:49 +02:00			`default => throw new FireflyException(sprintf('Rule BelongsUser cannot handle "%s"', $attribute)),`
Various code cleanup. 2021-09-18 10:20:19 +02:00			`};`
Expand API and refactor for user groups. 2023-09-21 15:50:49 +02:00			`if (false === $result) {`
			`$fail('validation.belongs_user')->translate();`
			`}`
Rule to validate if object belongs to submitting user. 2018-02-16 15:17:36 +01:00			`}`

chore: reformat code. 2023-06-21 12:34:58 +02:00			`private function parseAttribute(string $attribute): string`
			`{`
			`$parts = explode('.', $attribute);`
			`if (1 === count($parts)) {`
			`return $attribute;`
			`}`
			`if (3 === count($parts)) {`
			`return $parts[2];`
			`}`

			`return $attribute;`
			`}`

			`private function validatePiggyBankId(int $value): bool`
			`{`
Fix linking piggy banks to transactions. 2025-01-02 04:54:29 +01:00

Auto commit for release 'develop' on 2025-01-03 2025-01-03 07:01:02 +01:00			`$count = PiggyBank::leftJoin('account_piggy_bank', 'account_piggy_bank.piggy_bank_id', '=', 'piggy_banks.id')`
Fix linking piggy banks to transactions. 2025-01-02 04:54:29 +01:00			`->leftJoin('accounts', 'accounts.id', '=', 'account_piggy_bank.account_id')`
Code cleanup. 2023-12-20 19:35:52 +01:00			`->where('piggy_banks.id', '=', $value)`
			`->where('accounts.user_id', '=', auth()->user()->id)->count()`
			`;`
chore: reformat code. 2023-06-21 12:34:58 +02:00
Fix linking piggy banks to transactions. 2025-01-02 04:54:29 +01:00			`return $count > 0;`
chore: reformat code. 2023-06-21 12:34:58 +02:00			`}`

			`private function validatePiggyBankName(string $value): bool`
			`{`
Auto commit for release 'develop' on 2025-01-03 2025-01-03 07:01:02 +01:00			`$count = PiggyBank::leftJoin('account_piggy_bank', 'account_piggy_bank.piggy_bank_id', '=', 'piggy_banks.id')`
Fix linking piggy banks to transactions. 2025-01-02 04:54:29 +01:00			`->leftJoin('accounts', 'accounts.id', '=', 'account_piggy_bank.account_id')`
			`->where('piggy_banks.name', '=', $value)`
			`->where('accounts.user_id', '=', auth()->user()->id)->count()`
			`;`
chore: reformat code. 2023-06-21 12:34:58 +02:00
Auto commit for release 'develop' on 2025-01-03 2025-01-03 07:01:02 +01:00			`return $count > 0;`
chore: reformat code. 2023-06-21 12:34:58 +02:00			`}`

			`private function validateBillId(int $value): bool`
Various code cleanup. 2018-07-26 06:10:17 +02:00			`{`
Various updates. 2021-04-04 08:31:15 +02:00			`if (0 === $value) {`
			`return true;`
			`}`
chore: reformat code. 2023-06-21 12:34:58 +02:00			`$count = Bill::where('id', '=', $value)->where('user_id', '=', auth()->user()->id)->count();`
Various code cleanup. 2018-07-26 06:10:17 +02:00
			`return 1 === $count;`
			`}`

chore: reformat code. 2023-06-21 12:34:58 +02:00			`private function validateJournalId(int $value): bool`
Code for https://github.com/firefly-iii/firefly-iii/issues/5610 2022-01-24 07:24:01 +01:00			`{`
			`if (0 === $value) {`
			`return true;`
			`}`
chore: reformat code. 2023-06-21 12:34:58 +02:00			`$count = TransactionJournal::where('id', '=', $value)->where('user_id', '=', auth()->user()->id)->count();`
Code for https://github.com/firefly-iii/firefly-iii/issues/5610 2022-01-24 07:24:01 +01:00
			`return 1 === $count;`
			`}`

Various code cleanup. 2018-07-26 06:10:17 +02:00			`private function validateBillName(string $value): bool`
			`{`
			`$count = $this->countField(Bill::class, 'name', $value);`
Remove static references 2023-10-29 06:33:43 +01:00			`app('log')->debug(sprintf('Result of countField for bill name "%s" is %d', $value, $count));`
Various code cleanup. 2018-07-26 06:10:17 +02:00
			`return 1 === $count;`
			`}`

Clean up code. 2025-05-04 17:41:26 +02:00			`protected function countField(string $class, string $field, string $value): int`
			`{`
			`$value = trim($value);`
			`$objects = [];`
			`// get all objects belonging to user:`
			`if (PiggyBank::class === $class) {`
			`$objects = PiggyBank::leftJoin('accounts', 'accounts.id', '=', 'piggy_banks.account_id')`
			`->where('accounts.user_id', '=', auth()->user()->id)->get(['piggy_banks.*'])`
			`;`
			`}`
			`if (PiggyBank::class !== $class) {`
			`$objects = $class::where('user_id', '=', auth()->user()->id)->get();`
			`}`
			`$count = 0;`
			`foreach ($objects as $object) {`
			`$objectValue = trim((string) $object->{$field}); // @phpstan-ignore-line`
			`app('log')->debug(sprintf('Comparing object "%s" with value "%s"', $objectValue, $value));`
			`if ($objectValue === $value) {`
			`++$count;`
			`app('log')->debug(sprintf('Hit! Count is now %d', $count));`
			`}`
			`}`

			`return $count;`
			`}`

Various code cleanup. 2018-07-26 06:10:17 +02:00			`private function validateBudgetId(int $value): bool`
			`{`
Fix #2526 2019-09-01 14:49:26 +02:00			`if (0 === $value) {`
			`return true;`
			`}`
Various code cleanup. 2018-07-26 06:10:17 +02:00			`$count = Budget::where('id', '=', $value)->where('user_id', '=', auth()->user()->id)->count();`

			`return 1 === $count;`
			`}`

chore: reformat code. 2023-06-21 12:34:58 +02:00			`private function validateCategoryId(int $value): bool`
Various code cleanup. 2018-07-26 06:10:17 +02:00			`{`
chore: reformat code. 2023-06-21 12:34:58 +02:00			`$count = Category::where('id', '=', $value)->where('user_id', '=', auth()->user()->id)->count();`
Various code cleanup. 2018-07-26 06:10:17 +02:00
			`return 1 === $count;`
			`}`

chore: reformat code. 2023-06-21 12:34:58 +02:00			`private function validateBudgetName(string $value): bool`
Various code cleanup. 2018-07-26 06:10:17 +02:00			`{`
chore: reformat code. 2023-06-21 12:34:58 +02:00			`$count = $this->countField(Budget::class, 'name', $value);`
Various code cleanup. 2018-07-26 06:10:17 +02:00
			`return 1 === $count;`
			`}`

chore: reformat code. 2023-06-21 12:34:58 +02:00			`private function validateAccountId(int $value): bool`
Various code cleanup. 2018-07-26 06:10:17 +02:00			`{`
Code cleanup 2021-03-21 09:15:40 +01:00			`if (0 === $value) {`
chore: reformat code. 2023-06-21 12:34:58 +02:00			`// its ok to submit 0. other checks will fail.`
Code cleanup 2021-03-21 09:15:40 +01:00			`return true;`
			`}`
chore: reformat code. 2023-06-21 12:34:58 +02:00			`$count = Account::where('id', '=', $value)->where('user_id', '=', auth()->user()->id)->count();`
Various code cleanup. 2018-07-26 06:10:17 +02:00
			`return 1 === $count;`
			`}`
Rule to validate if object belongs to submitting user. 2018-02-16 15:17:36 +01:00			`}`