Implemented some security when a user's default role is not defined.

jjdejong · Jan 16, 2025 · 6d8a688 · 6d8a688
1 parent f333d98
commit 6d8a688
Show file tree

Hide file tree

Showing 4 changed files with 8 additions and 8 deletions.
diff --git a/app/Models/Matter.php b/app/Models/Matter.php
@@ -387,8 +387,8 @@ function ($join) {
             $query->where('matter_category.display_with', $display_with);
         }
 
-        // When the user is a client, limit the matters to client's own matters
-        if ($authUserRole == 'CLI') {
+        // When the user is a client or no role is defined, limit the matters to client's own matters
+        if ($authUserRole == 'CLI' || empty($authUserRole)) {
             $query->where(
                 function ($q) use ($authUserId) {
                     $q->where('cli.id', $authUserId)
@@ -508,7 +508,7 @@ public static function getCategoryMatterCount($user = null)
         $query = Matter::leftJoin('matter_category as mc', 'mc.code', 'matter.category_code')
             ->groupBy('category_code', 'category')
             ->select('mc.category', 'category_code', DB::raw('count(*) as total'));
-        if ($authUserRole == 'CLI') {
+        if ($authUserRole == 'CLI' || empty($authUserRole)) {
             $query->join('matter_actor_lnk as cli', 'cli.matter_id', DB::raw('ifnull(matter.container_id, matter.id)'))
                 ->where([['cli.role', 'CLI'], ['cli.actor_id', $authUserId]]);
         } else {

diff --git a/app/Models/Task.php b/app/Models/Task.php
@@ -72,7 +72,7 @@ public static function getUsersOpenTaskCount()
             ])
             ->groupby('login');
 
-        if ($role == 'CLI') {
+        if ($role == 'CLI' || empty($role)) {
             $selectQuery->join('matter_actor_lnk as cli', 'cli.matter_id', DB::raw('ifnull(m.container_id, m.id)'))
                 ->where([
                     ['cli.role', 'CLI'],
@@ -125,7 +125,7 @@ public function openTasks($renewals, $what_tasks, $user_dashboard)
             $tasks->where('task.code', '!=', 'REN');
         }
 
-        if (Auth::user()->default_role == 'CLI') {
+        if (Auth::user()->default_role == 'CLI' || empty(Auth::user()->default_role)) {
             $tasks->join('matter_actor_lnk as cli', 'cli.matter_id', DB::raw('ifnull(matter.container_id, matter.id)'))
                 ->where([
                     ['cli.role', 'CLI'],

diff --git a/app/Policies/MatterPolicy.php b/app/Policies/MatterPolicy.php
@@ -17,7 +17,7 @@ class MatterPolicy
      */
     public function view(User $user, Matter $matter)
     {
-        if ($user->default_role === 'CLI') {
+        if ($user->default_role === 'CLI' || empty($user->default_role)) {
             if ($matter->client->count()) {
                 return $user->id === $matter->client->actor_id;
             } else {

diff --git a/app/Providers/AppServiceProvider.php b/app/Providers/AppServiceProvider.php
@@ -26,8 +26,8 @@ public function register()
     public function boot()
     {
         Paginator::useBootstrapFive();
-        Gate::define('client', fn ($user) => $user->default_role === 'CLI');
-        Gate::define('except_client', fn ($user) => $user->default_role !== 'CLI');
+        Gate::define('client', fn ($user) => $user->default_role === 'CLI' || empty($user->default_role));
+        Gate::define('except_client', fn ($user) => $user->default_role !== 'CLI' && !empty($user->default_role));
         Gate::define('admin', fn ($user) => $user->default_role === 'DBA');
         Gate::define('readwrite', fn ($user) => in_array($user->default_role, ['DBA', 'DBRW']));
         Gate::define('readonly', fn ($user) => in_array($user->default_role, ['DBA', 'DBRW', 'DBRO']));