diff --git a/app/Api/V1/Controllers/Data/Bulk/TransactionController.php b/app/Api/V1/Controllers/Data/Bulk/TransactionController.php index f6ae26a5e2..382df12db6 100644 --- a/app/Api/V1/Controllers/Data/Bulk/TransactionController.php +++ b/app/Api/V1/Controllers/Data/Bulk/TransactionController.php @@ -26,6 +26,7 @@ namespace FireflyIII\Api\V1\Controllers\Data\Bulk; use FireflyIII\Api\V1\Controllers\Controller; use FireflyIII\Api\V1\Requests\Data\Bulk\TransactionRequest; +use FireflyIII\Enums\UserRoleEnum; use FireflyIII\Repositories\Account\AccountRepositoryInterface; use FireflyIII\Services\Internal\Destroy\AccountDestroyService; use Illuminate\Http\JsonResponse; @@ -44,13 +45,17 @@ class TransactionController extends Controller { private AccountRepositoryInterface $repository; + protected array $acceptedRoles = [UserRoleEnum::MANAGE_TRANSACTIONS]; + public function __construct() { parent::__construct(); $this->middleware( function ($request, $next) { + $this->validateUserGroup($request); $this->repository = app(AccountRepositoryInterface::class); - $this->repository->setUser(auth()->user()); + $this->repository->setUserGroup($this->userGroup); + $this->repository->setUser($this->user); return $next($request); } diff --git a/app/Api/V1/Controllers/Data/DestroyController.php b/app/Api/V1/Controllers/Data/DestroyController.php index b2ed17a568..af0751bf52 100644 --- a/app/Api/V1/Controllers/Data/DestroyController.php +++ b/app/Api/V1/Controllers/Data/DestroyController.php @@ -28,6 +28,7 @@ use FireflyIII\Api\V1\Controllers\Controller; use FireflyIII\Api\V1\Requests\Data\DestroyRequest; use FireflyIII\Enums\AccountTypeEnum; use FireflyIII\Enums\TransactionTypeEnum; +use FireflyIII\Enums\UserRoleEnum; use FireflyIII\Exceptions\FireflyException; use FireflyIII\Models\Account; use FireflyIII\Models\TransactionJournal; @@ -55,6 +56,19 @@ class DestroyController extends Controller { private bool $unused; + protected array $acceptedRoles = [UserRoleEnum::FULL]; + + public function __construct() + { + parent::__construct(); + $this->middleware( + function ($request, $next) { + $this->validateUserGroup($request); + return $next($request); + } + ); + } + /** * This endpoint is documented at: * https://api-docs.firefly-iii.org/?urls.primaryName=2.0.0%20(v1)#/data/destroyData diff --git a/app/Api/V1/Controllers/Data/Export/ExportController.php b/app/Api/V1/Controllers/Data/Export/ExportController.php index 2b847226c2..e1ad139c60 100644 --- a/app/Api/V1/Controllers/Data/Export/ExportController.php +++ b/app/Api/V1/Controllers/Data/Export/ExportController.php @@ -26,6 +26,7 @@ namespace FireflyIII\Api\V1\Controllers\Data\Export; use FireflyIII\Api\V1\Controllers\Controller; use FireflyIII\Api\V1\Requests\Data\Export\ExportRequest; +use FireflyIII\Enums\UserRoleEnum; use FireflyIII\Exceptions\FireflyException; use FireflyIII\Support\Export\ExportDataGenerator; use Illuminate\Http\Response as LaravelResponse; @@ -39,6 +40,7 @@ use function Safe\date; class ExportController extends Controller { private ExportDataGenerator $exporter; + protected array $acceptedRoles = [UserRoleEnum::READ_ONLY]; /** * ExportController constructor. @@ -48,8 +50,10 @@ class ExportController extends Controller parent::__construct(); $this->middleware( function ($request, $next) { + $this->validateUserGroup($request); $this->exporter = app(ExportDataGenerator::class); - $this->exporter->setUser(auth()->user()); + $this->exporter->setUserGroup($this->userGroup); + $this->exporter->setUser($this->user); return $next($request); } diff --git a/app/Api/V1/Controllers/Data/PurgeController.php b/app/Api/V1/Controllers/Data/PurgeController.php index baba2f622a..65b0f79cc5 100644 --- a/app/Api/V1/Controllers/Data/PurgeController.php +++ b/app/Api/V1/Controllers/Data/PurgeController.php @@ -44,6 +44,7 @@ use Illuminate\Http\JsonResponse; */ class PurgeController extends Controller { + /** * TODO cleanup and use repositories. * This endpoint is documented at: @@ -66,14 +67,6 @@ class PurgeController extends Controller $repository = app(PiggyBankRepositoryInterface::class); $repository->setUser($user); $repository->purgeAll(); - // $set = PiggyBank::leftJoin('accounts', 'accounts.id', 'piggy_banks.account_id') - // ->where('accounts.user_id', $user->id)->onlyTrashed()->get(['piggy_banks.*']) - // ; - // - // /** @var PiggyBank $piggy */ - // foreach ($set as $piggy) { - // $piggy->forceDelete(); - // } // rule group RuleGroup::whereUserId($user->id)->onlyTrashed()->forceDelete(); diff --git a/app/Support/Export/ExportDataGenerator.php b/app/Support/Export/ExportDataGenerator.php index 02f3f04763..d15ac20db7 100644 --- a/app/Support/Export/ExportDataGenerator.php +++ b/app/Support/Export/ExportDataGenerator.php @@ -42,6 +42,7 @@ use FireflyIII\Models\Rule; use FireflyIII\Models\RuleAction; use FireflyIII\Models\RuleTrigger; use FireflyIII\Models\Tag; +use FireflyIII\Models\UserGroup; use FireflyIII\Repositories\Account\AccountRepositoryInterface; use FireflyIII\Repositories\Bill\BillRepositoryInterface; use FireflyIII\Repositories\Budget\BudgetLimitRepositoryInterface; @@ -84,6 +85,7 @@ class ExportDataGenerator private bool $exportTransactions; private Carbon $start; private User $user; + private UserGroup $userGroup; public function __construct() { @@ -906,4 +908,11 @@ class ExportDataGenerator { $this->start = $start; } + + public function setUserGroup(UserGroup $userGroup): void + { + $this->userGroup = $userGroup; + } + + }