fix:improve access controls and language
also adds improved dialogs / modals
This commit is contained in:
hackerESQ
@@ -4,7 +4,7 @@ namespace App\Http\Controllers;
|
||||
|
||||
use App\Models\Holding;
|
||||
use App\Models\Portfolio;
|
||||
use App\Models\DailyChange;
|
||||
use Illuminate\Http\Request;
|
||||
|
||||
class PortfolioController extends Controller
|
||||
{
|
||||
@@ -20,8 +20,12 @@ class PortfolioController extends Controller
|
||||
/**
|
||||
* Display the specified resource.
|
||||
*/
|
||||
public function show(Portfolio $portfolio)
|
||||
public function show(Request $request, Portfolio $portfolio)
|
||||
{
|
||||
if ($request->user()->cannot('readOnly', $portfolio)) {
|
||||
abort(403);
|
||||
}
|
||||
|
||||
$portfolio->load(['transactions', 'holdings']);
|
||||
|
||||
// get portfolio metrics
|
||||
|
||||
@@ -69,6 +69,17 @@ class Portfolio extends Model
|
||||
});
|
||||
}
|
||||
|
||||
public function scopeFullAccess()
|
||||
{
|
||||
return $this->whereHas('users', function ($query) {
|
||||
$query->where('user_id', auth()->user()->id)
|
||||
->where(function ($query) {
|
||||
$query->where('full_access', true)
|
||||
->orWhere('owner', true);
|
||||
});
|
||||
});
|
||||
}
|
||||
|
||||
public function scopeWithoutWishlists()
|
||||
{
|
||||
return $this->where(['wishlist' => false]);
|
||||
|
||||
+5
-3
@@ -125,7 +125,7 @@
|
||||
"Dividends": "Dividends",
|
||||
"Holding Options": "Holding Options",
|
||||
"Holding options saved": "Holding options saved",
|
||||
"Reinvest dividends": "Reinvest dividends",
|
||||
"Reinvest Dividends": "Reinvest Dividends",
|
||||
"Automatically generate buy transactions for any dividends earned": "Automatically generate buy transactions for any dividends earned",
|
||||
"Split": "Split",
|
||||
"Splits": "Splits",
|
||||
@@ -348,9 +348,11 @@
|
||||
"Updated user's access permission to portfolio": "Updated user's access permission to portfolio",
|
||||
"Removed user's access to portfolio": "Removed user's access to portfolio",
|
||||
"Shared portfolio with user": "Shared portfolio with user",
|
||||
"Share Portfolio": "Share portfolio",
|
||||
"Share Portfolio": "Share Portfolio",
|
||||
"Type an email address to share portfolio": "Type an email address to share portfolio",
|
||||
"Grant full access": "Grant full access",
|
||||
"Allow this user to manage portfolio details and create or update transactions": "Allow this user to manage portfolio details and create or update transactions",
|
||||
"Share": "Share"
|
||||
"Share": "Share",
|
||||
"Remove Access": "Remove Access",
|
||||
"By removing this person's access, they will no longer be able to view this portfolio. They will lose access immediately.": "By removing this person's access, they will no longer be able to view this portfolio. They will lose access immediately."
|
||||
}
|
||||
+4
-2
@@ -125,7 +125,7 @@
|
||||
"Dividends": "Dividendos",
|
||||
"Holding Options": "Opciones de Participaciones",
|
||||
"Holding options saved": "Opciones de participaciones guardadas",
|
||||
"Reinvest dividends": "Reinvertir dividendos",
|
||||
"Reinvest Dividends": "Reinvertir Dividendos",
|
||||
"Automatically generate buy transactions for any dividends earned": "Genere automáticamente transacciones de compra para cualquier dividendo obtenido",
|
||||
"Split": "Division",
|
||||
"Splits": "Divisiones",
|
||||
@@ -352,5 +352,7 @@
|
||||
"Type an email address to share portfolio": "Escribe una dirección de correo electrónico para compartir portafolio",
|
||||
"Grant full access": "Otorgar acceso completo",
|
||||
"Allow this user to manage portfolio details and create or update transactions": "Permitir a este usuario administrar detalles de portafolio y crear o actualizar transacciones",
|
||||
"Share": "Compartir"
|
||||
"Share": "Compartir",
|
||||
"Remove Access": "Eliminar acceso",
|
||||
"By removing this person's access, they will no longer be able to view this portfolio. They will lose access immediately.": "Al eliminar el acceso de esta persona, ya no podrá ver este portafolio. Perderán el acceso inmediatamente."
|
||||
}
|
||||
@@ -1,7 +1,7 @@
|
||||
@props(['id' => null, 'maxWidth' => null])
|
||||
|
||||
<x-modal :id="$id" :maxWidth="$maxWidth" {{ $attributes }}>
|
||||
<div class="p-4">
|
||||
<x-ib-livewire-modal :id="$id" :maxWidth="$maxWidth" {{ $attributes }} :showClose="false">
|
||||
<div class="p-2">
|
||||
<div class="sm:flex sm:items-start">
|
||||
<div class="mx-auto shrink-0 flex items-center justify-center h-12 w-12 rounded-full bg-red-100 sm:mx-0 sm:h-10 sm:w-10">
|
||||
<svg class="h-6 w-6 text-red-600 dark:text-red-400" xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor">
|
||||
@@ -21,9 +21,7 @@
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="flex flex-row justify-end px-6 py-4 text-end">
|
||||
<div class="flex flex-row justify-end mt-3 p-2 text-end">
|
||||
{{ $footer }}
|
||||
</div>
|
||||
</x-modal>
|
||||
|
||||
|
||||
</x-ib-livewire-modal>
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
@props(['id' => null, 'maxWidth' => null])
|
||||
|
||||
<x-modal :id="$id" :maxWidth="$maxWidth" {{ $attributes }}>
|
||||
<div class="px-6 py-4">
|
||||
<x-ib-livewire-modal :id="$id" :maxWidth="$maxWidth" {{ $attributes }} :showClose="false">
|
||||
<div class="p-2">
|
||||
<div class="text-lg font-medium text-gray-900 dark:text-gray-100">
|
||||
{{ $title }}
|
||||
</div>
|
||||
@@ -11,7 +11,7 @@
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="flex flex-row justify-end px-6 py-4 text-end">
|
||||
<div class="flex flex-row justify-end mt-3 p-2 text-end">
|
||||
{{ $footer }}
|
||||
</div>
|
||||
</x-modal>
|
||||
</x-ib-livewire-modal>
|
||||
|
||||
+6
-3
@@ -3,10 +3,11 @@
|
||||
'showClose' => true,
|
||||
'closeOnEscape' => true,
|
||||
'title' => null,
|
||||
'subtitle' => null
|
||||
'subtitle' => null,
|
||||
'persistent' => false
|
||||
])
|
||||
|
||||
<div
|
||||
<dialog
|
||||
x-data="{ open: false }"
|
||||
x-on:toggle-{{ $key }}.window="open = !open"
|
||||
class="relative z-50 w-auto h-auto"
|
||||
@@ -17,7 +18,9 @@
|
||||
<template x-teleport="body">
|
||||
<div x-transition.opacity x-show="open" class="fixed top-0 left-0 z-[99] flex items-center justify-center w-full h-full">
|
||||
<div
|
||||
@if(!$persistent)
|
||||
@click="open=false"
|
||||
@endif
|
||||
class="absolute inset-0 w-full h-full bg-black bg-opacity-40"
|
||||
x-show="open"
|
||||
x-cloak
|
||||
@@ -44,4 +47,4 @@
|
||||
</x-card>
|
||||
</div>
|
||||
</template>
|
||||
</div>
|
||||
</dialog>
|
||||
@@ -23,8 +23,7 @@
|
||||
<div @click="open = false" class="fixed inset-0 bg-black opacity-50"></div>
|
||||
|
||||
<x-card
|
||||
|
||||
{{ $attributes->merge(['class' => 'min-h-screen w-5/6 xl:w-3/5 rounded-none px-8 transition']) }}
|
||||
{{ $attributes->merge(['class' => 'min-h-screen w-full md:w-3/4 xl:w-3/5 rounded-none px-8 transition']) }}
|
||||
>
|
||||
@if($title)
|
||||
<x-slot:title>
|
||||
|
||||
@@ -0,0 +1,46 @@
|
||||
@props([
|
||||
'showClose' => true,
|
||||
'closeOnEscape' => true,
|
||||
'title' => null,
|
||||
'subtitle' => null,
|
||||
'persistent' => false
|
||||
])
|
||||
|
||||
<dialog
|
||||
{{ $attributes->except('wire:model')->class(["modal"]) }}
|
||||
x-data="{open: @entangle($attributes->wire('model')).live }"
|
||||
:class="{'modal-open !animate-none': open}"
|
||||
:open="open"
|
||||
@if($closeOnEscape)
|
||||
@keydown.escape.window = "$wire.{{ $attributes->wire('model')->value() }} = false"
|
||||
@endif
|
||||
>
|
||||
<x-card
|
||||
:title="$title"
|
||||
:subtitle="$subtitle"
|
||||
{{ $attributes->merge(['class' => 'modal-box relative transform overflow-hidden rounded-md ext-left shadow-xl w-full sm:w-2/3 lg:w-1/3 m-2 sm:m-0']) }}
|
||||
>
|
||||
@if ($showClose)
|
||||
<x-button
|
||||
icon="o-x-mark"
|
||||
class="absolute top-4 right-4 btn-ghost btn-circle btn-sm"
|
||||
@click="$wire.{{ $attributes->wire('model')->value() }} = false"
|
||||
/>
|
||||
@endif
|
||||
|
||||
{{ $slot }}
|
||||
|
||||
</x-card>
|
||||
|
||||
<div class="modal-backdrop" method="dialog">
|
||||
<a
|
||||
@if(!$persistent)
|
||||
@click="$wire.{{ $attributes->wire('model')->value() }} = false"
|
||||
@endif
|
||||
type="button"
|
||||
title="{{ __('Close') }}"
|
||||
>
|
||||
{{ __('Close') }}
|
||||
</a>
|
||||
</div>
|
||||
</dialog>
|
||||
@@ -1,7 +1,7 @@
|
||||
<x-app-layout>
|
||||
<div x-data>
|
||||
|
||||
<x-ib-modal
|
||||
<x-ib-alpine-modal
|
||||
key="create-transaction"
|
||||
title="{{ __('Create Transaction') }}"
|
||||
>
|
||||
@@ -10,9 +10,9 @@
|
||||
'symbol' => $holding->market_data->symbol,
|
||||
])
|
||||
|
||||
</x-ib-modal>
|
||||
</x-ib-alpine-modal>
|
||||
|
||||
<x-ib-modal
|
||||
<x-ib-alpine-modal
|
||||
key="holding-options"
|
||||
title="{{ __('Holding Options') }}"
|
||||
>
|
||||
@@ -20,7 +20,7 @@
|
||||
'holding' => $holding
|
||||
])
|
||||
|
||||
</x-ib-modal>
|
||||
</x-ib-alpine-modal>
|
||||
|
||||
<x-ib-toolbar>
|
||||
<x-slot:title>
|
||||
|
||||
@@ -44,7 +44,7 @@ new class extends Component {
|
||||
<x-ib-form wire:submit="save" class=""> {{-- col-span-3 --}}
|
||||
|
||||
<x-toggle
|
||||
label="{{ __('Reinvest dividends') }}"
|
||||
label="{{ __('Reinvest Dividends') }}"
|
||||
wire:model="reinvest_dividends"
|
||||
right
|
||||
hint="{{ __('Automatically generate buy transactions for any dividends earned.') }}"
|
||||
|
||||
@@ -47,8 +47,6 @@ new class extends Component {
|
||||
|
||||
public function save()
|
||||
{
|
||||
$this->authorize('fullAccess', $this->portfolio);
|
||||
|
||||
$portfolio = (new Portfolio())->fill($this->validate());
|
||||
|
||||
$portfolio->save();
|
||||
@@ -66,15 +64,18 @@ new class extends Component {
|
||||
}
|
||||
}; ?>
|
||||
|
||||
<div class="grid lg:grid-cols-4 gap-10">
|
||||
<x-ib-form wire:submit="{{ $portfolio ? 'update' : 'save' }}" class="col-span-3">
|
||||
<div class="w-full md:w-3/4">
|
||||
|
||||
<x-ib-form wire:submit="{{ $portfolio ? 'update' : 'save' }}" >
|
||||
<x-input label="{{ __('Title') }}" wire:model="title" required />
|
||||
|
||||
<x-ib-textarea label="{{ __('Notes') }}" wire:model="notes" rows="4" />
|
||||
|
||||
@if (isset($this->portfolio))
|
||||
@livewire('share-portfolio-form', ['portfolio' => $portfolio])
|
||||
@endif
|
||||
|
||||
<x-toggle class="mt-1" label="{{ __('Wishlist') }}" wire:model="wishlist" >
|
||||
<x-toggle label="{{ __('Wishlist') }}" wire:model="wishlist" >
|
||||
<x-slot:hint>
|
||||
{{ __('Treat this portfolio as a "wishlist" (holdings will be excluded from realized gains, unrealized gains, and dividends)') }}
|
||||
</x-slot:hint>
|
||||
|
||||
@@ -116,11 +116,10 @@ new class extends Component {
|
||||
label="{{ __('Portfolio') }}"
|
||||
wire:model="portfolio_id"
|
||||
required
|
||||
:options="auth()->user()->portfolios"
|
||||
:options="auth()->user()->portfolios()->fullAccess()->get()"
|
||||
option-label="title"
|
||||
placeholder="Select a portfolio"
|
||||
/>
|
||||
|
||||
@endif
|
||||
|
||||
<x-input label="{{ __('Symbol') }}" wire:model="symbol" required />
|
||||
|
||||
@@ -21,6 +21,8 @@ new class extends Component {
|
||||
public int $fullAccess = 0;
|
||||
|
||||
public array $permissions;
|
||||
public bool $confirmingAccessDeletion = false;
|
||||
public ?string $deletingAccessFor = null;
|
||||
|
||||
// methods
|
||||
public function mount()
|
||||
@@ -57,10 +59,17 @@ new class extends Component {
|
||||
$this->success(__('Updated user\'s access permission to portfolio'));
|
||||
}
|
||||
|
||||
public function deleteUser(string $userId)
|
||||
public function deleteUser(string $userId, bool $confirmed = false)
|
||||
{
|
||||
$this->authorize('fullAccess', $this->portfolio);
|
||||
|
||||
if (!$confirmed) {
|
||||
$this->deletingAccessFor = $userId;
|
||||
$this->confirmingAccessDeletion = true;
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
unset($this->permissions[$userId]);
|
||||
|
||||
$this->portfolio->users()->sync($this->permissions);
|
||||
@@ -68,6 +77,10 @@ new class extends Component {
|
||||
$this->portfolio->refresh();
|
||||
|
||||
$this->success(__('Removed user\'s access to portfolio'));
|
||||
|
||||
// reset
|
||||
$this->confirmingAccessDeletion = false;
|
||||
$this->deletingAccessFor = null;
|
||||
}
|
||||
|
||||
public function addUser()
|
||||
@@ -100,18 +113,13 @@ new class extends Component {
|
||||
}; ?>
|
||||
|
||||
<div class="">
|
||||
@if ($this->portfolio)
|
||||
|
||||
<label class="pt-0 label label-text font-semibold">
|
||||
<span>{{ __('People with access') }}</span>
|
||||
</label>
|
||||
|
||||
<div class="border-primary border rounded-sm px-2 py-5 mb-2">
|
||||
@php
|
||||
$owner = collect($this->portfolio?->users)->where('pivot.owner', 1)->first() ?? auth()->user();
|
||||
@endphp
|
||||
<x-list-item
|
||||
:item="$owner"
|
||||
:item="$portfolio->owner"
|
||||
avatar="profile_photo_url"
|
||||
no-separator
|
||||
no-hover
|
||||
@@ -119,9 +127,9 @@ new class extends Component {
|
||||
>
|
||||
<x-slot:value>
|
||||
|
||||
{{ $owner->name }}
|
||||
{{ $portfolio->owner->name }}
|
||||
|
||||
@if (auth()->user()->id == $owner->id)
|
||||
@if (auth()->user()->id == $portfolio->owner->id)
|
||||
({{ __('you') }})
|
||||
@endif
|
||||
</x-slot:value>
|
||||
@@ -148,6 +156,7 @@ new class extends Component {
|
||||
:options="[['id' => 0, 'name' => __('Read only')], ['id' => 1, 'name' => __('Full access')]]"
|
||||
wire:model.live.number="permissions.{{ $user->id }}.full_access"
|
||||
/>
|
||||
@if($user->id != auth()->user()->id)
|
||||
<x-button
|
||||
class="btn-sm btn-ghost btn-circle"
|
||||
wire:click="deleteUser('{{ $user->id }}')"
|
||||
@@ -155,14 +164,35 @@ new class extends Component {
|
||||
>
|
||||
<x-icon name="o-x-mark" class="w-4" />
|
||||
</x-button>
|
||||
@endif
|
||||
|
||||
</x-slot:actions>
|
||||
</x-list-item>
|
||||
@endforeach
|
||||
|
||||
<x-ib-modal
|
||||
<x-confirmation-modal wire:model.live="confirmingAccessDeletion">
|
||||
<x-slot:title>
|
||||
{{ __('Remove Access') }}
|
||||
</x-slot:title>
|
||||
|
||||
<x-slot name="content">
|
||||
{{ __('By removing this person\'s access, they will no longer be able to view this portfolio. They will lose access immediately.') }}
|
||||
</x-slot>
|
||||
|
||||
<x-slot name="footer">
|
||||
<x-button class="btn-outline" wire:click="$toggle('confirmingAccessDeletion')" wire:loading.attr="disabled">
|
||||
{{ __('Cancel') }}
|
||||
</x-secondary-button>
|
||||
|
||||
<x-button class="ms-3 btn-error text-white" wire:click="deleteUser('{{ $this->deletingAccessFor }}', true)" spinner="deleteUser" wire:loading.attr="disabled">
|
||||
{{ __('Remove Access') }}
|
||||
</x-button>
|
||||
</x-slot>
|
||||
</x-confirmation-modal>
|
||||
|
||||
<x-ib-alpine-modal
|
||||
key="add-user-modal"
|
||||
title="{{ __('Share portfolio') }}"
|
||||
title="{{ __('Share Portfolio') }}"
|
||||
>
|
||||
<div class="" x-data="{ }">
|
||||
<x-ib-form wire:submit="addUser" class="">
|
||||
@@ -172,6 +202,7 @@ new class extends Component {
|
||||
icon="o-envelope"
|
||||
placeholder="{{ __('Type an email address to share portfolio') }}"
|
||||
wire:model="emailAddress"
|
||||
required
|
||||
/>
|
||||
|
||||
<x-toggle
|
||||
@@ -186,7 +217,7 @@ new class extends Component {
|
||||
|
||||
<x-button
|
||||
label="{{ __('Share') }}"
|
||||
title="{{ __('Share portfolio') }}"
|
||||
title="{{ __('Share Portfolio') }}"
|
||||
type="submit"
|
||||
icon="o-paper-airplane"
|
||||
class="btn-primary"
|
||||
@@ -197,12 +228,11 @@ new class extends Component {
|
||||
|
||||
</div>
|
||||
|
||||
</x-ib-modal>
|
||||
</x-ib-alpine-modal>
|
||||
|
||||
<x-button class="btn-sm block mt-4" @click="$dispatch('toggle-add-user-modal')">
|
||||
{{ __('Add people') }}
|
||||
{{ __('Add People') }}
|
||||
</x-button>
|
||||
|
||||
</div>
|
||||
@endif
|
||||
</div>
|
||||
@@ -89,7 +89,7 @@ new class extends Component {
|
||||
|
||||
@endforeach
|
||||
|
||||
<x-ib-modal
|
||||
<x-ib-alpine-modal
|
||||
key="manage-transaction"
|
||||
title="{{ __('Manage Transaction') }}"
|
||||
>
|
||||
@@ -98,5 +98,5 @@ new class extends Component {
|
||||
'transaction' => $editingTransaction,
|
||||
], key($editingTransaction->id ?? 'new'))
|
||||
|
||||
</x-ib-modal>
|
||||
</x-ib-alpine-modal>
|
||||
</div>
|
||||
@@ -112,7 +112,7 @@ new class extends Component {
|
||||
@endscope
|
||||
</x-table>
|
||||
|
||||
<x-ib-modal
|
||||
<x-ib-alpine-modal
|
||||
key="manage-transaction"
|
||||
title="Manage Transaction"
|
||||
>
|
||||
@@ -120,5 +120,5 @@ new class extends Component {
|
||||
'transaction' => $editingTransaction,
|
||||
], key($editingTransaction->id ?? 'new'))
|
||||
|
||||
</x-ib-modal>
|
||||
</x-ib-alpine-modal>
|
||||
</div>
|
||||
@@ -1,7 +1,7 @@
|
||||
<x-app-layout>
|
||||
<div x-data>
|
||||
|
||||
<x-ib-modal
|
||||
<x-ib-alpine-modal
|
||||
key="create-transaction"
|
||||
title="{{ __('Create Transaction') }}"
|
||||
>
|
||||
@@ -9,7 +9,7 @@
|
||||
'portfolio' => $portfolio,
|
||||
])
|
||||
|
||||
</x-ib-modal>
|
||||
</x-ib-alpine-modal>
|
||||
|
||||
<x-ib-drawer
|
||||
key="manage-portfolio"
|
||||
|
||||
@@ -1,13 +1,13 @@
|
||||
<x-app-layout>
|
||||
<div x-data>
|
||||
|
||||
<x-ib-modal
|
||||
<x-ib-alpine-modal
|
||||
key="create-transaction"
|
||||
title="{{ __('Create Transaction') }}"
|
||||
>
|
||||
@livewire('manage-transaction-form')
|
||||
|
||||
</x-ib-modal>
|
||||
</x-ib-alpine-modal>
|
||||
|
||||
<x-ib-toolbar title="{{ __('All Transactions') }}">
|
||||
|
||||
|
||||
Reference in New Issue
Block a user