Merge branch 'api' into develop

# Conflicts: # app/JsonApi/V3/Accounts/AccountRepository.php # app/JsonApi/V3/Accounts/AccountResource.php # app/JsonApi/V3/Accounts/Capabilities/AccountQuery.php # app/JsonApi/V3/Users/UserSchema.php
2025-10-12 15:35:15 +00:00 · 2024-05-10 12:52:44 +02:00
parent 6a64420721 c6c8f282e2
commit 7d9f22d3f4
9 changed files with 325 additions and 13 deletions
--- a/app/Policies/AccountPolicy.php
+++ b/app/Policies/AccountPolicy.php
@@ -53,4 +53,19 @@ class AccountPolicy
        return true;
        return auth()->check();
    }
+
+    /**
+     * Everybody can do this, but selection should limit to user.
+     *
+     * @return true
+     */
+    public function viewUser(User $user, Account $account): bool
+    {
+        return $this->view($user, $account);
+    }
+
+    public function viewBalances(User $user, Account $account): bool
+    {
+        return $this->view($user, $account);
+    }
 }
--- a/app/Policies/BalancePolicy.php
+++ b/app/Policies/BalancePolicy.php
@@ -0,0 +1,53 @@
+<?php
+/*
+ * BalancePolicy.php
+ * Copyright (c) 2024 james@firefly-iii.org.
+ *
+ * This file is part of Firefly III (https://github.com/firefly-iii).
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see https://www.gnu.org/licenses/.
+ */
+
+declare(strict_types=1);
+
+namespace FireflyIII\Policies;
+
+use FireflyIII\Models\Account;
+use FireflyIII\User;
+
+class BalancePolicy
+{
+    /**
+     * TODO needs better authentication.
+     *
+     * @param User    $user
+     * @param Account $account
+     *
+     * @return bool
+     */
+    public function view(User $user, Account $account): bool
+    {
+        return auth()->check() && $user->id === $account->user_id;
+    }
+
+    /**
+     * Everybody can do this, but selection should limit to user.
+     *
+     * @return true
+     */
+    public function viewAny(): bool
+    {
+        return auth()->check();
+    }
+}