javier/investbrain
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix:improve access controls and language

Browse Source 
also adds improved dialogs / modals
This commit is contained in:
hackerESQ
2024-10-22 16:48:53 -05:00
parent c1a4a44024
commit d1dbf3af62
18 changed files with 154 additions and 59 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app/Http/Controllers/PortfolioController.php
+6 -2
View File
@@ -4,7 +4,7 @@ namespace App\Http\Controllers;
use App\Models\Holding; use App\Models\Holding;
use App\Models\Portfolio; use App\Models\Portfolio;
use App\Models\DailyChange; use Illuminate\Http\Request;
class PortfolioController extends Controller class PortfolioController extends Controller
{ {
@@ -20,8 +20,12 @@ class PortfolioController extends Controller
/** /**
* Display the specified resource. * Display the specified resource.
*/ */
public function show(Portfolio $portfolio) public function show(Request $request, Portfolio $portfolio)
{ {
if ($request->user()->cannot('readOnly', $portfolio)) {
abort(403);
}
$portfolio->load(['transactions', 'holdings']); $portfolio->load(['transactions', 'holdings']);
// get portfolio metrics // get portfolio metrics
app/Models/Portfolio.php
+11
View File
@@ -69,6 +69,17 @@ class Portfolio extends Model
}); });
} }
public function scopeFullAccess()
{
return $this->whereHas('users', function ($query) {
$query->where('user_id', auth()->user()->id)
->where(function ($query) {
$query->where('full_access', true)
->orWhere('owner', true);
});
});
}
public function scopeWithoutWishlists() public function scopeWithoutWishlists()
{ {
return $this->where(['wishlist' => false]); return $this->where(['wishlist' => false]);
lang/en.json
+5 -3
View File
@@ -125,7 +125,7 @@
"Dividends": "Dividends", "Dividends": "Dividends",
"Holding Options": "Holding Options", "Holding Options": "Holding Options",
"Holding options saved": "Holding options saved", "Holding options saved": "Holding options saved",
"Reinvest dividends": "Reinvest dividends", "Reinvest Dividends": "Reinvest Dividends",
"Automatically generate buy transactions for any dividends earned": "Automatically generate buy transactions for any dividends earned", "Automatically generate buy transactions for any dividends earned": "Automatically generate buy transactions for any dividends earned",
"Split": "Split", "Split": "Split",
"Splits": "Splits", "Splits": "Splits",
@@ -348,9 +348,11 @@
"Updated user's access permission to portfolio": "Updated user's access permission to portfolio", "Updated user's access permission to portfolio": "Updated user's access permission to portfolio",
"Removed user's access to portfolio": "Removed user's access to portfolio", "Removed user's access to portfolio": "Removed user's access to portfolio",
"Shared portfolio with user": "Shared portfolio with user", "Shared portfolio with user": "Shared portfolio with user",
"Share Portfolio": "Share portfolio", "Share Portfolio": "Share Portfolio",
"Type an email address to share portfolio": "Type an email address to share portfolio", "Type an email address to share portfolio": "Type an email address to share portfolio",
"Grant full access": "Grant full access", "Grant full access": "Grant full access",
"Allow this user to manage portfolio details and create or update transactions": "Allow this user to manage portfolio details and create or update transactions", "Allow this user to manage portfolio details and create or update transactions": "Allow this user to manage portfolio details and create or update transactions",
"Share": "Share" "Share": "Share",
"Remove Access": "Remove Access",
"By removing this person's access, they will no longer be able to view this portfolio. They will lose access immediately.": "By removing this person's access, they will no longer be able to view this portfolio. They will lose access immediately."
} }
lang/es.json
+4 -2
View File
@@ -125,7 +125,7 @@
"Dividends": "Dividendos", "Dividends": "Dividendos",
"Holding Options": "Opciones de Participaciones", "Holding Options": "Opciones de Participaciones",
"Holding options saved": "Opciones de participaciones guardadas", "Holding options saved": "Opciones de participaciones guardadas",
"Reinvest dividends": "Reinvertir dividendos", "Reinvest Dividends": "Reinvertir Dividendos",
"Automatically generate buy transactions for any dividends earned": "Genere automáticamente transacciones de compra para cualquier dividendo obtenido", "Automatically generate buy transactions for any dividends earned": "Genere automáticamente transacciones de compra para cualquier dividendo obtenido",
"Split": "Division", "Split": "Division",
"Splits": "Divisiones", "Splits": "Divisiones",
@@ -352,5 +352,7 @@
"Type an email address to share portfolio": "Escribe una dirección de correo electrónico para compartir portafolio", "Type an email address to share portfolio": "Escribe una dirección de correo electrónico para compartir portafolio",
"Grant full access": "Otorgar acceso completo", "Grant full access": "Otorgar acceso completo",
"Allow this user to manage portfolio details and create or update transactions": "Permitir a este usuario administrar detalles de portafolio y crear o actualizar transacciones", "Allow this user to manage portfolio details and create or update transactions": "Permitir a este usuario administrar detalles de portafolio y crear o actualizar transacciones",
"Share": "Compartir" "Share": "Compartir",
"Remove Access": "Eliminar acceso",
"By removing this person's access, they will no longer be able to view this portfolio. They will lose access immediately.": "Al eliminar el acceso de esta persona, ya no podrá ver este portafolio. Perderán el acceso inmediatamente."
} }
resources/views/components/confirmation-modal.blade.php
+4 -6
View File
@@ -1,7 +1,7 @@
@props(['id' => null, 'maxWidth' => null]) @props(['id' => null, 'maxWidth' => null])
<x-modal :id="$id" :maxWidth="$maxWidth" {{ $attributes }}> <x-ib-livewire-modal :id="$id" :maxWidth="$maxWidth" {{ $attributes }} :showClose="false">
<div class="p-4"> <div class="p-2">
<div class="sm:flex sm:items-start"> <div class="sm:flex sm:items-start">
<div class="mx-auto shrink-0 flex items-center justify-center h-12 w-12 rounded-full bg-red-100 sm:mx-0 sm:h-10 sm:w-10"> <div class="mx-auto shrink-0 flex items-center justify-center h-12 w-12 rounded-full bg-red-100 sm:mx-0 sm:h-10 sm:w-10">
<svg class="h-6 w-6 text-red-600 dark:text-red-400" xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor"> <svg class="h-6 w-6 text-red-600 dark:text-red-400" xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor">
@@ -21,9 +21,7 @@
</div> </div>
</div> </div>
<div class="flex flex-row justify-end px-6 py-4 text-end"> <div class="flex flex-row justify-end mt-3 p-2 text-end">
{{ $footer }} {{ $footer }}
</div> </div>
</x-modal> </x-ib-livewire-modal>
resources/views/components/dialog-modal.blade.php
+4 -4
View File
@@ -1,7 +1,7 @@
@props(['id' => null, 'maxWidth' => null]) @props(['id' => null, 'maxWidth' => null])
<x-modal :id="$id" :maxWidth="$maxWidth" {{ $attributes }}> <x-ib-livewire-modal :id="$id" :maxWidth="$maxWidth" {{ $attributes }} :showClose="false">
<div class="px-6 py-4"> <div class="p-2">
<div class="text-lg font-medium text-gray-900 dark:text-gray-100"> <div class="text-lg font-medium text-gray-900 dark:text-gray-100">
{{ $title }} {{ $title }}
</div> </div>
@@ -11,7 +11,7 @@
</div> </div>
</div> </div>
<div class="flex flex-row justify-end px-6 py-4 text-end"> <div class="flex flex-row justify-end mt-3 p-2 text-end">
{{ $footer }} {{ $footer }}
</div> </div>
</x-modal> </x-ib-livewire-modal>
resources/views/components/ib-modal.blade.php → resources/views/components/ib-alpine-modal.blade.php
+7 -4
View File
@@ -3,10 +3,11 @@
'showClose' => true, 'showClose' => true,
'closeOnEscape' => true, 'closeOnEscape' => true,
'title' => null, 'title' => null,
'subtitle' => null 'subtitle' => null,
'persistent' => false
]) ])
<div <dialog
x-data="{ open: false }" x-data="{ open: false }"
x-on:toggle-{{ $key }}.window="open = !open" x-on:toggle-{{ $key }}.window="open = !open"
class="relative z-50 w-auto h-auto" class="relative z-50 w-auto h-auto"
@@ -17,7 +18,9 @@
<template x-teleport="body"> <template x-teleport="body">
<div x-transition.opacity x-show="open" class="fixed top-0 left-0 z-[99] flex items-center justify-center w-full h-full"> <div x-transition.opacity x-show="open" class="fixed top-0 left-0 z-[99] flex items-center justify-center w-full h-full">
<div <div
@click="open=false" @if(!$persistent)
@click="open=false"
@endif
class="absolute inset-0 w-full h-full bg-black bg-opacity-40" class="absolute inset-0 w-full h-full bg-black bg-opacity-40"
x-show="open" x-show="open"
x-cloak x-cloak
@@ -44,4 +47,4 @@
</x-card> </x-card>
</div> </div>
</template> </template>
</div> </dialog>
resources/views/components/ib-drawer.blade.php
+2 -3
View File
@@ -22,9 +22,8 @@
<div @click="open = false" class="fixed inset-0 bg-black opacity-50"></div> <div @click="open = false" class="fixed inset-0 bg-black opacity-50"></div>
<x-card <x-card
{{ $attributes->merge(['class' => 'min-h-screen w-full md:w-3/4 xl:w-3/5 rounded-none px-8 transition']) }}
{{ $attributes->merge(['class' => 'min-h-screen w-5/6 xl:w-3/5 rounded-none px-8 transition']) }}
> >
@if($title) @if($title)
<x-slot:title> <x-slot:title>
resources/views/components/ib-livewire-modal.blade.php
+46
View File
@@ -0,0 +1,46 @@
@props([
'showClose' => true,
'closeOnEscape' => true,
'title' => null,
'subtitle' => null,
'persistent' => false
])
<dialog
{{ $attributes->except('wire:model')->class(["modal"]) }}
x-data="{open: @entangle($attributes->wire('model')).live }"
:class="{'modal-open !animate-none': open}"
:open="open"
@if($closeOnEscape)
@keydown.escape.window = "$wire.{{ $attributes->wire('model')->value() }} = false"
@endif
>
<x-card
:title="$title"
:subtitle="$subtitle"
{{ $attributes->merge(['class' => 'modal-box relative transform overflow-hidden rounded-md ext-left shadow-xl w-full sm:w-2/3 lg:w-1/3 m-2 sm:m-0']) }}
>
@if ($showClose)
<x-button
icon="o-x-mark"
class="absolute top-4 right-4 btn-ghost btn-circle btn-sm"
@click="$wire.{{ $attributes->wire('model')->value() }} = false"
/>
@endif
{{ $slot }}
</x-card>
<div class="modal-backdrop" method="dialog">
<a
@if(!$persistent)
@click="$wire.{{ $attributes->wire('model')->value() }} = false"
@endif
type="button"
title="{{ __('Close') }}"
>
{{ __('Close') }}
</a>
</div>
</dialog>
resources/views/holding/show.blade.php
+4 -4
View File
@@ -1,7 +1,7 @@
<x-app-layout> <x-app-layout>
<div x-data> <div x-data>
<x-ib-modal <x-ib-alpine-modal
key="create-transaction" key="create-transaction"
title="{{ __('Create Transaction') }}" title="{{ __('Create Transaction') }}"
> >
@@ -10,9 +10,9 @@
'symbol' => $holding->market_data->symbol, 'symbol' => $holding->market_data->symbol,
]) ])
</x-ib-modal> </x-ib-alpine-modal>
<x-ib-modal <x-ib-alpine-modal
key="holding-options" key="holding-options"
title="{{ __('Holding Options') }}" title="{{ __('Holding Options') }}"
> >
@@ -20,7 +20,7 @@
'holding' => $holding 'holding' => $holding
]) ])
</x-ib-modal> </x-ib-alpine-modal>
<x-ib-toolbar> <x-ib-toolbar>
<x-slot:title> <x-slot:title>
resources/views/livewire/holding-options-form.blade.php
+1 -1
View File
@@ -44,7 +44,7 @@ new class extends Component {
<x-ib-form wire:submit="save" class=""> {{-- col-span-3 --}} <x-ib-form wire:submit="save" class=""> {{-- col-span-3 --}}
<x-toggle <x-toggle
label="{{ __('Reinvest dividends') }}" label="{{ __('Reinvest Dividends') }}"
wire:model="reinvest_dividends" wire:model="reinvest_dividends"
right right
hint="{{ __('Automatically generate buy transactions for any dividends earned.') }}" hint="{{ __('Automatically generate buy transactions for any dividends earned.') }}"
resources/views/livewire/manage-portfolio-form.blade.php
+6 -5
View File
@@ -47,8 +47,6 @@ new class extends Component {
public function save() public function save()
{ {
$this->authorize('fullAccess', $this->portfolio);
$portfolio = (new Portfolio())->fill($this->validate()); $portfolio = (new Portfolio())->fill($this->validate());
$portfolio->save(); $portfolio->save();
@@ -66,15 +64,18 @@ new class extends Component {
} }
}; ?> }; ?>
<div class="grid lg:grid-cols-4 gap-10"> <div class="w-full md:w-3/4">
<x-ib-form wire:submit="{{ $portfolio ? 'update' : 'save' }}" class="col-span-3">
<x-ib-form wire:submit="{{ $portfolio ? 'update' : 'save' }}" >
<x-input label="{{ __('Title') }}" wire:model="title" required /> <x-input label="{{ __('Title') }}" wire:model="title" required />
<x-ib-textarea label="{{ __('Notes') }}" wire:model="notes" rows="4" /> <x-ib-textarea label="{{ __('Notes') }}" wire:model="notes" rows="4" />
@if (isset($this->portfolio))
@livewire('share-portfolio-form', ['portfolio' => $portfolio]) @livewire('share-portfolio-form', ['portfolio' => $portfolio])
@endif
<x-toggle class="mt-1" label="{{ __('Wishlist') }}" wire:model="wishlist" > <x-toggle label="{{ __('Wishlist') }}" wire:model="wishlist" >
<x-slot:hint> <x-slot:hint>
{{ __('Treat this portfolio as a "wishlist" (holdings will be excluded from realized gains, unrealized gains, and dividends)') }} {{ __('Treat this portfolio as a "wishlist" (holdings will be excluded from realized gains, unrealized gains, and dividends)') }}
</x-slot:hint> </x-slot:hint>
resources/views/livewire/manage-transaction-form.blade.php
+1 -2
View File
@@ -116,11 +116,10 @@ new class extends Component {
label="{{ __('Portfolio') }}" label="{{ __('Portfolio') }}"
wire:model="portfolio_id" wire:model="portfolio_id"
required required
:options="auth()->user()->portfolios" :options="auth()->user()->portfolios()->fullAccess()->get()"
option-label="title" option-label="title"
placeholder="Select a portfolio" placeholder="Select a portfolio"
/> />
@endif @endif
<x-input label="{{ __('Symbol') }}" wire:model="symbol" required /> <x-input label="{{ __('Symbol') }}" wire:model="symbol" required />
resources/views/livewire/share-portfolio-form.blade.php
+45 -15
View File
@@ -21,6 +21,8 @@ new class extends Component {
public int $fullAccess = 0; public int $fullAccess = 0;
public array $permissions; public array $permissions;
public bool $confirmingAccessDeletion = false;
public ?string $deletingAccessFor = null;
// methods // methods
public function mount() public function mount()
@@ -57,10 +59,17 @@ new class extends Component {
$this->success(__('Updated user\'s access permission to portfolio')); $this->success(__('Updated user\'s access permission to portfolio'));
} }
public function deleteUser(string $userId) public function deleteUser(string $userId, bool $confirmed = false)
{ {
$this->authorize('fullAccess', $this->portfolio); $this->authorize('fullAccess', $this->portfolio);
if (!$confirmed) {
$this->deletingAccessFor = $userId;
$this->confirmingAccessDeletion = true;
return;
}
unset($this->permissions[$userId]); unset($this->permissions[$userId]);
$this->portfolio->users()->sync($this->permissions); $this->portfolio->users()->sync($this->permissions);
@@ -68,6 +77,10 @@ new class extends Component {
$this->portfolio->refresh(); $this->portfolio->refresh();
$this->success(__('Removed user\'s access to portfolio')); $this->success(__('Removed user\'s access to portfolio'));
// reset
$this->confirmingAccessDeletion = false;
$this->deletingAccessFor = null;
} }
public function addUser() public function addUser()
@@ -100,18 +113,13 @@ new class extends Component {
}; ?> }; ?>
<div class=""> <div class="">
@if ($this->portfolio)
<label class="pt-0 label label-text font-semibold"> <label class="pt-0 label label-text font-semibold">
<span>{{ __('People with access') }}</span> <span>{{ __('People with access') }}</span>
</label> </label>
<div class="border-primary border rounded-sm px-2 py-5 mb-2"> <div class="border-primary border rounded-sm px-2 py-5 mb-2">
@php
$owner = collect($this->portfolio?->users)->where('pivot.owner', 1)->first() ?? auth()->user();
@endphp
<x-list-item <x-list-item
:item="$owner" :item="$portfolio->owner"
avatar="profile_photo_url" avatar="profile_photo_url"
no-separator no-separator
no-hover no-hover
@@ -119,9 +127,9 @@ new class extends Component {
> >
<x-slot:value> <x-slot:value>
{{ $owner->name }} {{ $portfolio->owner->name }}
@if (auth()->user()->id == $owner->id) @if (auth()->user()->id == $portfolio->owner->id)
({{ __('you') }}) ({{ __('you') }})
@endif @endif
</x-slot:value> </x-slot:value>
@@ -148,6 +156,7 @@ new class extends Component {
:options="[['id' => 0, 'name' => __('Read only')], ['id' => 1, 'name' => __('Full access')]]" :options="[['id' => 0, 'name' => __('Read only')], ['id' => 1, 'name' => __('Full access')]]"
wire:model.live.number="permissions.{{ $user->id }}.full_access" wire:model.live.number="permissions.{{ $user->id }}.full_access"
/> />
@if($user->id != auth()->user()->id)
<x-button <x-button
class="btn-sm btn-ghost btn-circle" class="btn-sm btn-ghost btn-circle"
wire:click="deleteUser('{{ $user->id }}')" wire:click="deleteUser('{{ $user->id }}')"
@@ -155,14 +164,35 @@ new class extends Component {
> >
<x-icon name="o-x-mark" class="w-4" /> <x-icon name="o-x-mark" class="w-4" />
</x-button> </x-button>
@endif
</x-slot:actions> </x-slot:actions>
</x-list-item> </x-list-item>
@endforeach @endforeach
<x-ib-modal <x-confirmation-modal wire:model.live="confirmingAccessDeletion">
<x-slot:title>
{{ __('Remove Access') }}
</x-slot:title>
<x-slot name="content">
{{ __('By removing this person\'s access, they will no longer be able to view this portfolio. They will lose access immediately.') }}
</x-slot>
<x-slot name="footer">
<x-button class="btn-outline" wire:click="$toggle('confirmingAccessDeletion')" wire:loading.attr="disabled">
{{ __('Cancel') }}
</x-secondary-button>
<x-button class="ms-3 btn-error text-white" wire:click="deleteUser('{{ $this->deletingAccessFor }}', true)" spinner="deleteUser" wire:loading.attr="disabled">
{{ __('Remove Access') }}
</x-button>
</x-slot>
</x-confirmation-modal>
<x-ib-alpine-modal
key="add-user-modal" key="add-user-modal"
title="{{ __('Share portfolio') }}" title="{{ __('Share Portfolio') }}"
> >
<div class="" x-data="{ }"> <div class="" x-data="{ }">
<x-ib-form wire:submit="addUser" class=""> <x-ib-form wire:submit="addUser" class="">
@@ -172,6 +202,7 @@ new class extends Component {
icon="o-envelope" icon="o-envelope"
placeholder="{{ __('Type an email address to share portfolio') }}" placeholder="{{ __('Type an email address to share portfolio') }}"
wire:model="emailAddress" wire:model="emailAddress"
required
/> />
<x-toggle <x-toggle
@@ -186,7 +217,7 @@ new class extends Component {
<x-button <x-button
label="{{ __('Share') }}" label="{{ __('Share') }}"
title="{{ __('Share portfolio') }}" title="{{ __('Share Portfolio') }}"
type="submit" type="submit"
icon="o-paper-airplane" icon="o-paper-airplane"
class="btn-primary" class="btn-primary"
@@ -197,12 +228,11 @@ new class extends Component {
</div> </div>
</x-ib-modal> </x-ib-alpine-modal>
<x-button class="btn-sm block mt-4" @click="$dispatch('toggle-add-user-modal')"> <x-button class="btn-sm block mt-4" @click="$dispatch('toggle-add-user-modal')">
{{ __('Add people') }} {{ __('Add People') }}
</x-button> </x-button>
</div> </div>
@endif
</div> </div>
resources/views/livewire/transactions-list.blade.php
+2 -2
View File
@@ -89,7 +89,7 @@ new class extends Component {
@endforeach @endforeach
<x-ib-modal <x-ib-alpine-modal
key="manage-transaction" key="manage-transaction"
title="{{ __('Manage Transaction') }}" title="{{ __('Manage Transaction') }}"
> >
@@ -98,5 +98,5 @@ new class extends Component {
'transaction' => $editingTransaction, 'transaction' => $editingTransaction,
], key($editingTransaction->id ?? 'new')) ], key($editingTransaction->id ?? 'new'))
</x-ib-modal> </x-ib-alpine-modal>
</div> </div>
resources/views/livewire/transactions-table.blade.php
+2 -2
View File
@@ -112,7 +112,7 @@ new class extends Component {
@endscope @endscope
</x-table> </x-table>
<x-ib-modal <x-ib-alpine-modal
key="manage-transaction" key="manage-transaction"
title="Manage Transaction" title="Manage Transaction"
> >
@@ -120,5 +120,5 @@ new class extends Component {
'transaction' => $editingTransaction, 'transaction' => $editingTransaction,
], key($editingTransaction->id ?? 'new')) ], key($editingTransaction->id ?? 'new'))
</x-ib-modal> </x-ib-alpine-modal>
</div> </div>
resources/views/portfolio/show.blade.php
+2 -2
View File
@@ -1,7 +1,7 @@
<x-app-layout> <x-app-layout>
<div x-data> <div x-data>
<x-ib-modal <x-ib-alpine-modal
key="create-transaction" key="create-transaction"
title="{{ __('Create Transaction') }}" title="{{ __('Create Transaction') }}"
> >
@@ -9,7 +9,7 @@
'portfolio' => $portfolio, 'portfolio' => $portfolio,
]) ])
</x-ib-modal> </x-ib-alpine-modal>
<x-ib-drawer <x-ib-drawer
key="manage-portfolio" key="manage-portfolio"
resources/views/transaction/index.blade.php
+2 -2
View File
@@ -1,13 +1,13 @@
<x-app-layout> <x-app-layout>
<div x-data> <div x-data>
<x-ib-modal <x-ib-alpine-modal
key="create-transaction" key="create-transaction"
title="{{ __('Create Transaction') }}" title="{{ __('Create Transaction') }}"
> >
@livewire('manage-transaction-form') @livewire('manage-transaction-form')
</x-ib-modal> </x-ib-alpine-modal>
<x-ib-toolbar title="{{ __('All Transactions') }}"> <x-ib-toolbar title="{{ __('All Transactions') }}">