From 6d8a688cb7d462216b49ad123add9fe6d4336b9a Mon Sep 17 00:00:00 2001 From: Jean Jacques de Jong Date: Thu, 16 Jan 2025 13:17:13 +0100 Subject: [PATCH] Implemented some security when a user's default role is not defined. --- app/Models/Matter.php | 6 +++--- app/Models/Task.php | 4 ++-- app/Policies/MatterPolicy.php | 2 +- app/Providers/AppServiceProvider.php | 4 ++-- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/app/Models/Matter.php b/app/Models/Matter.php index 2493ef0c..55494315 100644 --- a/app/Models/Matter.php +++ b/app/Models/Matter.php @@ -387,8 +387,8 @@ function ($join) { $query->where('matter_category.display_with', $display_with); } - // When the user is a client, limit the matters to client's own matters - if ($authUserRole == 'CLI') { + // When the user is a client or no role is defined, limit the matters to client's own matters + if ($authUserRole == 'CLI' || empty($authUserRole)) { $query->where( function ($q) use ($authUserId) { $q->where('cli.id', $authUserId) @@ -508,7 +508,7 @@ public static function getCategoryMatterCount($user = null) $query = Matter::leftJoin('matter_category as mc', 'mc.code', 'matter.category_code') ->groupBy('category_code', 'category') ->select('mc.category', 'category_code', DB::raw('count(*) as total')); - if ($authUserRole == 'CLI') { + if ($authUserRole == 'CLI' || empty($authUserRole)) { $query->join('matter_actor_lnk as cli', 'cli.matter_id', DB::raw('ifnull(matter.container_id, matter.id)')) ->where([['cli.role', 'CLI'], ['cli.actor_id', $authUserId]]); } else { diff --git a/app/Models/Task.php b/app/Models/Task.php index c0c29381..7c6c5543 100644 --- a/app/Models/Task.php +++ b/app/Models/Task.php @@ -72,7 +72,7 @@ public static function getUsersOpenTaskCount() ]) ->groupby('login'); - if ($role == 'CLI') { + if ($role == 'CLI' || empty($role)) { $selectQuery->join('matter_actor_lnk as cli', 'cli.matter_id', DB::raw('ifnull(m.container_id, m.id)')) ->where([ ['cli.role', 'CLI'], @@ -125,7 +125,7 @@ public function openTasks($renewals, $what_tasks, $user_dashboard) $tasks->where('task.code', '!=', 'REN'); } - if (Auth::user()->default_role == 'CLI') { + if (Auth::user()->default_role == 'CLI' || empty(Auth::user()->default_role)) { $tasks->join('matter_actor_lnk as cli', 'cli.matter_id', DB::raw('ifnull(matter.container_id, matter.id)')) ->where([ ['cli.role', 'CLI'], diff --git a/app/Policies/MatterPolicy.php b/app/Policies/MatterPolicy.php index f3694b50..c9dcf4cf 100644 --- a/app/Policies/MatterPolicy.php +++ b/app/Policies/MatterPolicy.php @@ -17,7 +17,7 @@ class MatterPolicy */ public function view(User $user, Matter $matter) { - if ($user->default_role === 'CLI') { + if ($user->default_role === 'CLI' || empty($user->default_role)) { if ($matter->client->count()) { return $user->id === $matter->client->actor_id; } else { diff --git a/app/Providers/AppServiceProvider.php b/app/Providers/AppServiceProvider.php index 22d39eef..58514a43 100644 --- a/app/Providers/AppServiceProvider.php +++ b/app/Providers/AppServiceProvider.php @@ -26,8 +26,8 @@ public function register() public function boot() { Paginator::useBootstrapFive(); - Gate::define('client', fn ($user) => $user->default_role === 'CLI'); - Gate::define('except_client', fn ($user) => $user->default_role !== 'CLI'); + Gate::define('client', fn ($user) => $user->default_role === 'CLI' || empty($user->default_role)); + Gate::define('except_client', fn ($user) => $user->default_role !== 'CLI' && !empty($user->default_role)); Gate::define('admin', fn ($user) => $user->default_role === 'DBA'); Gate::define('readwrite', fn ($user) => in_array($user->default_role, ['DBA', 'DBRW'])); Gate::define('readonly', fn ($user) => in_array($user->default_role, ['DBA', 'DBRW', 'DBRO']));