From 45e9c999b83a1f6660fe86adae3bbaf3589986fa Mon Sep 17 00:00:00 2001 From: James Cole Date: Thu, 21 Sep 2023 16:26:07 +0200 Subject: [PATCH] Catch most exceptions. --- .../Controllers/Chart/AccountController.php | 9 +- .../V2/Controllers/Chart/BudgetController.php | 18 +- .../Controllers/Chart/CategoryController.php | 8 +- .../Controllers/Model/Bill/ShowController.php | 11 +- .../Model/PiggyBank/ShowController.php | 11 +- .../Controllers/Summary/BasicController.php | 21 +- app/Helpers/Report/NetWorth.php | 3 +- app/Providers/BudgetServiceProvider.php | 15 +- .../Http/Api/ValidatesUserGroupTrait.php | 65 ++++++ .../views/v2/transactions/create.blade.php | 216 ++++++++++++++++++ 10 files changed, 337 insertions(+), 40 deletions(-) create mode 100644 app/Support/Http/Api/ValidatesUserGroupTrait.php create mode 100644 resources/views/v2/transactions/create.blade.php diff --git a/app/Api/V2/Controllers/Chart/AccountController.php b/app/Api/V2/Controllers/Chart/AccountController.php index 371c9705e0..aa5a5bef7a 100644 --- a/app/Api/V2/Controllers/Chart/AccountController.php +++ b/app/Api/V2/Controllers/Chart/AccountController.php @@ -33,6 +33,7 @@ use FireflyIII\Models\AccountType; use FireflyIII\Models\TransactionCurrency; use FireflyIII\Repositories\UserGroups\Account\AccountRepositoryInterface; use FireflyIII\Support\Http\Api\CleansChartData; +use FireflyIII\Support\Http\Api\ValidatesUserGroupTrait; use Illuminate\Http\JsonResponse; use Psr\Container\ContainerExceptionInterface; use Psr\Container\NotFoundExceptionInterface; @@ -43,6 +44,7 @@ use Psr\Container\NotFoundExceptionInterface; class AccountController extends Controller { use CleansChartData; + use ValidatesUserGroupTrait; private AccountRepositoryInterface $repository; @@ -55,8 +57,11 @@ class AccountController extends Controller $this->middleware( function ($request, $next) { $this->repository = app(AccountRepositoryInterface::class); - throw new FireflyException('uses old administration ID check, needs to be updated.2'); - $this->repository->setAdministrationId(auth()->user()->user_group_id); + $userGroup = $this->validateUserGroup($request); + if (null !== $userGroup) { + $this->repository->setUserGroup($userGroup); + } + return $next($request); } ); diff --git a/app/Api/V2/Controllers/Chart/BudgetController.php b/app/Api/V2/Controllers/Chart/BudgetController.php index 1cdb5266fa..39008f0106 100644 --- a/app/Api/V2/Controllers/Chart/BudgetController.php +++ b/app/Api/V2/Controllers/Chart/BudgetController.php @@ -37,6 +37,7 @@ use FireflyIII\Repositories\UserGroups\Budget\OperationsRepositoryInterface; use FireflyIII\Repositories\Budget\BudgetLimitRepositoryInterface; use FireflyIII\Support\Http\Api\CleansChartData; use FireflyIII\Support\Http\Api\ExchangeRateConverter; +use FireflyIII\Support\Http\Api\ValidatesUserGroupTrait; use FireflyIII\User; use Illuminate\Http\JsonResponse; use Illuminate\Support\Collection; @@ -47,6 +48,7 @@ use Illuminate\Support\Collection; class BudgetController extends Controller { use CleansChartData; + use ValidatesUserGroupTrait; protected OperationsRepositoryInterface $opsRepository; private BudgetLimitRepositoryInterface $blRepository; @@ -63,6 +65,13 @@ class BudgetController extends Controller $this->blRepository = app(BudgetLimitRepositoryInterface::class); $this->opsRepository = app(OperationsRepositoryInterface::class); $this->currency = app('amount')->getDefaultCurrency(); + + $userGroup = $this->validateUserGroup($request); + if (null !== $userGroup) { + $this->repository->setUserGroup($userGroup); + $this->opsRepository->setUserGroup($userGroup); + } + return $next($request); } ); @@ -78,15 +87,6 @@ class BudgetController extends Controller */ public function dashboard(DateRequest $request): JsonResponse { - throw new FireflyException('uses old administration ID check, needs to be updated.3'); - // get user. - /** @var User $user */ - $user = auth()->user(); - // group ID - $administrationId = $user->getAdministrationId(); - $this->repository->setAdministrationId($administrationId); - $this->opsRepository->setAdministrationId($administrationId); - $params = $request->getAll(); /** @var Carbon $start */ $start = $params['start']; diff --git a/app/Api/V2/Controllers/Chart/CategoryController.php b/app/Api/V2/Controllers/Chart/CategoryController.php index 393af631c2..0ca99d6c36 100644 --- a/app/Api/V2/Controllers/Chart/CategoryController.php +++ b/app/Api/V2/Controllers/Chart/CategoryController.php @@ -36,6 +36,7 @@ use FireflyIII\Repositories\UserGroups\Account\AccountRepositoryInterface; use FireflyIII\Repositories\Currency\CurrencyRepositoryInterface; use FireflyIII\Support\Http\Api\CleansChartData; use FireflyIII\Support\Http\Api\ExchangeRateConverter; +use FireflyIII\Support\Http\Api\ValidatesUserGroupTrait; use Illuminate\Http\JsonResponse; /** @@ -44,6 +45,7 @@ use Illuminate\Http\JsonResponse; class CategoryController extends Controller { use CleansChartData; + use ValidatesUserGroupTrait; private AccountRepositoryInterface $accountRepos; private CurrencyRepositoryInterface $currencyRepos; @@ -53,10 +55,12 @@ class CategoryController extends Controller parent::__construct(); $this->middleware( function ($request, $next) { - throw new FireflyException('uses old administration ID check, needs to be updated.4'); $this->accountRepos = app(AccountRepositoryInterface::class); $this->currencyRepos = app(CurrencyRepositoryInterface::class); - $this->accountRepos->setAdministrationId(auth()->user()->user_group_id); + $userGroup = $this->validateUserGroup($request); + if (null !== $userGroup) { + $this->accountRepos->setUserGroup($userGroup); + } return $next($request); } ); diff --git a/app/Api/V2/Controllers/Model/Bill/ShowController.php b/app/Api/V2/Controllers/Model/Bill/ShowController.php index a31cde11a7..992524d430 100644 --- a/app/Api/V2/Controllers/Model/Bill/ShowController.php +++ b/app/Api/V2/Controllers/Model/Bill/ShowController.php @@ -29,6 +29,7 @@ use FireflyIII\Api\V2\Controllers\Controller; use FireflyIII\Exceptions\FireflyException; use FireflyIII\Models\Bill; use FireflyIII\Repositories\UserGroups\Bill\BillRepositoryInterface; +use FireflyIII\Support\Http\Api\ValidatesUserGroupTrait; use FireflyIII\Transformers\V2\AccountTransformer; use FireflyIII\Transformers\V2\BillTransformer; use Illuminate\Http\JsonResponse; @@ -40,6 +41,8 @@ use Illuminate\Pagination\LengthAwarePaginator; */ class ShowController extends Controller { + use ValidatesUserGroupTrait; + private BillRepositoryInterface $repository; public function __construct() @@ -47,9 +50,13 @@ class ShowController extends Controller parent::__construct(); $this->middleware( function ($request, $next) { - throw new FireflyException('uses old administration ID check, needs to be updated.5'); $this->repository = app(BillRepositoryInterface::class); - $this->repository->setAdministrationId(auth()->user()->user_group_id); + + $userGroup = $this->validateUserGroup($request); + if (null !== $userGroup) { + $this->repository->setUserGroup($userGroup); + } + return $next($request); } ); diff --git a/app/Api/V2/Controllers/Model/PiggyBank/ShowController.php b/app/Api/V2/Controllers/Model/PiggyBank/ShowController.php index 7159c1385e..57eac1739a 100644 --- a/app/Api/V2/Controllers/Model/PiggyBank/ShowController.php +++ b/app/Api/V2/Controllers/Model/PiggyBank/ShowController.php @@ -28,6 +28,7 @@ namespace FireflyIII\Api\V2\Controllers\Model\PiggyBank; use FireflyIII\Api\V2\Controllers\Controller; use FireflyIII\Exceptions\FireflyException; use FireflyIII\Repositories\UserGroups\PiggyBank\PiggyBankRepositoryInterface; +use FireflyIII\Support\Http\Api\ValidatesUserGroupTrait; use FireflyIII\Transformers\V2\PiggyBankTransformer; use Illuminate\Http\JsonResponse; use Illuminate\Http\Request; @@ -38,6 +39,8 @@ use Illuminate\Pagination\LengthAwarePaginator; */ class ShowController extends Controller { + use ValidatesUserGroupTrait; + private PiggyBankRepositoryInterface $repository; public function __construct() @@ -45,9 +48,13 @@ class ShowController extends Controller parent::__construct(); $this->middleware( function ($request, $next) { - throw new FireflyException('uses old administration ID check, needs to be updated.8'); $this->repository = app(PiggyBankRepositoryInterface::class); - $this->repository->setAdministrationId(auth()->user()->user_group_id); + + $userGroup = $this->validateUserGroup($request); + if (null !== $userGroup) { + $this->repository->setUserGroup($userGroup); + } + return $next($request); } ); diff --git a/app/Api/V2/Controllers/Summary/BasicController.php b/app/Api/V2/Controllers/Summary/BasicController.php index aff2859dbf..3b35875c86 100644 --- a/app/Api/V2/Controllers/Summary/BasicController.php +++ b/app/Api/V2/Controllers/Summary/BasicController.php @@ -43,6 +43,7 @@ use FireflyIII\Repositories\UserGroups\Budget\BudgetRepositoryInterface; use FireflyIII\Repositories\UserGroups\Budget\OperationsRepositoryInterface; use FireflyIII\Repositories\Currency\CurrencyRepositoryInterface; use FireflyIII\Support\Http\Api\ExchangeRateConverter; +use FireflyIII\Support\Http\Api\ValidatesUserGroupTrait; use FireflyIII\User; use Illuminate\Http\JsonResponse; @@ -51,6 +52,8 @@ use Illuminate\Http\JsonResponse; */ class BasicController extends Controller { + use ValidatesUserGroupTrait; + private AvailableBudgetRepositoryInterface $abRepository; private AccountRepositoryInterface $accountRepository; private BillRepositoryInterface $billRepository; @@ -68,8 +71,6 @@ class BasicController extends Controller parent::__construct(); $this->middleware( function ($request, $next) { - /** @var User $user */ - $user = auth()->user(); $this->abRepository = app(AvailableBudgetRepositoryInterface::class); $this->accountRepository = app(AccountRepositoryInterface::class); $this->billRepository = app(BillRepositoryInterface::class); @@ -77,14 +78,14 @@ class BasicController extends Controller $this->currencyRepos = app(CurrencyRepositoryInterface::class); $this->opsRepository = app(OperationsRepositoryInterface::class); - throw new FireflyException('uses old administration ID check, needs to be updated.9'); - - $this->abRepository->setAdministrationId($user->user_group_id); - $this->accountRepository->setAdministrationId($user->user_group_id); - $this->billRepository->setAdministrationId($user->user_group_id); - $this->budgetRepository->setAdministrationId($user->user_group_id); - $this->currencyRepos->setUser($user); - $this->opsRepository->setAdministrationId($user->user_group_id); + $userGroup = $this->validateUserGroup($request); + if (null !== $userGroup) { + $this->abRepository->setUserGroup($userGroup); + $this->accountRepository->setUserGroup($userGroup); + $this->billRepository->setUserGroup($userGroup); + $this->budgetRepository->setUserGroup($userGroup); + $this->opsRepository->setUserGroup($userGroup); + } return $next($request); } diff --git a/app/Helpers/Report/NetWorth.php b/app/Helpers/Report/NetWorth.php index bebbf46c07..5b089c6159 100644 --- a/app/Helpers/Report/NetWorth.php +++ b/app/Helpers/Report/NetWorth.php @@ -245,8 +245,7 @@ class NetWorth implements NetWorthInterface { $this->userGroup = $userGroup; $this->adminAccountRepository = app(AdminAccountRepositoryInterface::class); - throw new FireflyException('uses old administration ID check, needs to be updated.A'); - $this->adminAccountRepository->setAdministrationId($userGroup->id); + $this->adminAccountRepository->setUserGroup($userGroup); } /** diff --git a/app/Providers/BudgetServiceProvider.php b/app/Providers/BudgetServiceProvider.php index 41542ee7f2..c48674fd7f 100644 --- a/app/Providers/BudgetServiceProvider.php +++ b/app/Providers/BudgetServiceProvider.php @@ -23,21 +23,20 @@ declare(strict_types=1); namespace FireflyIII\Providers; -use FireflyIII\Exceptions\FireflyException; use FireflyIII\Repositories\Budget\AvailableBudgetRepository; use FireflyIII\Repositories\Budget\AvailableBudgetRepositoryInterface; -use FireflyIII\Repositories\UserGroups\Budget\AvailableBudgetRepository as AdminAbRepository; -use FireflyIII\Repositories\UserGroups\Budget\AvailableBudgetRepositoryInterface as AdminAbRepositoryInterface; use FireflyIII\Repositories\Budget\BudgetLimitRepository; use FireflyIII\Repositories\Budget\BudgetLimitRepositoryInterface; use FireflyIII\Repositories\Budget\BudgetRepository; use FireflyIII\Repositories\Budget\BudgetRepositoryInterface; -use FireflyIII\Repositories\UserGroups\Budget\BudgetRepository as AdminBudgetRepository; -use FireflyIII\Repositories\UserGroups\Budget\BudgetRepositoryInterface as AdminBudgetRepositoryInterface; use FireflyIII\Repositories\Budget\NoBudgetRepository; use FireflyIII\Repositories\Budget\NoBudgetRepositoryInterface; use FireflyIII\Repositories\Budget\OperationsRepository; use FireflyIII\Repositories\Budget\OperationsRepositoryInterface; +use FireflyIII\Repositories\UserGroups\Budget\AvailableBudgetRepository as AdminAbRepository; +use FireflyIII\Repositories\UserGroups\Budget\AvailableBudgetRepositoryInterface as AdminAbRepositoryInterface; +use FireflyIII\Repositories\UserGroups\Budget\BudgetRepository as AdminBudgetRepository; +use FireflyIII\Repositories\UserGroups\Budget\BudgetRepositoryInterface as AdminBudgetRepositoryInterface; use FireflyIII\Repositories\UserGroups\Budget\OperationsRepository as AdminOperationsRepository; use FireflyIII\Repositories\UserGroups\Budget\OperationsRepositoryInterface as AdminOperationsRepositoryInterface; use Illuminate\Foundation\Application; @@ -79,8 +78,6 @@ class BudgetServiceProvider extends ServiceProvider $repository = app(AdminBudgetRepository::class); if ($app->auth->check()) { // @phpstan-ignore-line $repository->setUser(auth()->user()); - throw new FireflyException('uses old administration ID check, needs to be updated.C'); - $repository->setAdministrationId(auth()->user()->user_group_id); } return $repository; @@ -109,8 +106,6 @@ class BudgetServiceProvider extends ServiceProvider $repository = app(AdminAbRepository::class); if ($app->auth->check()) { // @phpstan-ignore-line $repository->setUser(auth()->user()); - throw new FireflyException('uses old administration ID check, needs to be updated.D'); - $repository->setAdministrationId(auth()->user()->user_group_id); } return $repository; @@ -165,8 +160,6 @@ class BudgetServiceProvider extends ServiceProvider $repository = app(AdminOperationsRepository::class); if ($app->auth->check()) { // @phpstan-ignore-line $repository->setUser(auth()->user()); - throw new FireflyException('uses old administration ID check, needs to be updated.E'); - $repository->setAdministrationId(auth()->user()->user_group_id); } return $repository; diff --git a/app/Support/Http/Api/ValidatesUserGroupTrait.php b/app/Support/Http/Api/ValidatesUserGroupTrait.php new file mode 100644 index 0000000000..a7f1f16bc7 --- /dev/null +++ b/app/Support/Http/Api/ValidatesUserGroupTrait.php @@ -0,0 +1,65 @@ +. + */ + +declare(strict_types=1); + +namespace FireflyIII\Support\Http\Api; + +use FireflyIII\Exceptions\FireflyException; +use FireflyIII\Models\GroupMembership; +use FireflyIII\Models\UserGroup; +use FireflyIII\User; +use Illuminate\Http\Request; + +trait ValidatesUserGroupTrait +{ + /** + * This check does not validate which rights the user has, that comes later. + * + * @param Request $request + * + * @return UserGroup|null + * @throws FireflyException + */ + protected function validateUserGroup(Request $request): ?UserGroup + { + if (!auth()->check()) { + app('log')->debug('validateUserGroup: user is not logged in, return NULL.'); + return null; + } + /** @var User $user */ + $user = auth()->user(); + if (!$request->has('user_group_id')) { + $group = $user->userGroup; + app('log')->debug(sprintf('validateUserGroup: no user group submitted, return default group #%d.', $group->id)); + return $group; + } + $groupId = (int)$request->get('user_group_id'); + /** @var GroupMembership|null $membership */ + $membership = $user->groupMemberships()->where('user_group_id', $groupId)->first(); + if (null === $membership) { + app('log')->debug('validateUserGroup: user has no access to this group.'); + throw new FireflyException((string)trans('validation.belongs_user_or_user_group')); + } + app('log')->debug(sprintf('validateUserGroup: user has role "%s" in group #%d.', $membership->userRole->title, $membership->userGroup->id)); + return $membership->userGroup; + } +} diff --git a/resources/views/v2/transactions/create.blade.php b/resources/views/v2/transactions/create.blade.php new file mode 100644 index 0000000000..1607b417a0 --- /dev/null +++ b/resources/views/v2/transactions/create.blade.php @@ -0,0 +1,216 @@ +@extends('layout.v2') +@section('vite') + @vite(['resources/assets/v2/sass/app.scss', 'resources/assets/v2/pages/transactions/create.js']) +@endsection +@section('content') +
+ +
+
+
+ + +
+
+
+
+ +
+
+
+ +
+
+
+ +
+
+
+
+ +@endsection