Update

Blair2004 · Blair2004 · commit 1ee5cc3fba46 · 2024-02-29T05:02:35.000+01:00
- Added: restrict users from deleting persisten products
diff --git a/app/Http/Controllers/Dashboard/UsersController.php b/app/Http/Controllers/Dashboard/UsersController.php
@@ -208,4 +208,21 @@ public function deleteToken( $tokenId )
     {
         return $this->usersService->deleteToken( $tokenId );
     }
+
+    public function checkPermission( Request $request )
+    {
+        $result     =   $this->usersService->checkPermission( $request->input( 'permission' ) );
+
+        if ( $result ) {
+            return response()->json( [
+                'status'    =>  'success',
+                'message'   =>  __( 'The permission is granted' )
+            ] );
+        } else {
+            return response()->json( [
+                'status'    =>  'error',
+                'message'   =>  __( 'The permission is denied' )
+            ], 403 );
+        }
+    }
 }
diff --git a/app/Services/UsersService.php b/app/Services/UsersService.php
@@ -364,4 +364,10 @@ public function deleteToken( $tokenId, ?User $user = null )
             'message' => __( 'The token has been successfully deleted.' ),
         ];
     }
+
+    public function checkPermission( $permission, ?User $user = null ): bool
+    {
+        ns()->restrict( $permission );
+        return true;
+    }
 }
diff --git a/config/nexopos.php b/config/nexopos.php
@@ -9,7 +9,7 @@
      * This is the core version of NexoPOS. This is used to displays on the
      * dashboard and to ensure a compatibility with the modules.
      */
-    'version' => '5.1.0',
+    'version' => '5.1.1',
 
     /**
      * --------------------------------------------------------------------
diff --git a/database/migrations/update/2024_02_29_035014_update_add_new_pos_permissions.php b/database/migrations/update/2024_02_29_035014_update_add_new_pos_permissions.php
@@ -0,0 +1,47 @@
+<?php
+
+use App\Models\Permission;
+use App\Models\Role;
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Support\Facades\Schema;
+
+return new class extends Migration
+{
+    /**
+     * Run the migrations.
+     */
+    public function up(): void
+    {
+        if ( ! Permission::namespace( 'nexopos.pos.delete-order-product' ) instanceof Permission ) {
+            $pos = Permission::firstOrNew( [ 'namespace' => 'nexopos.pos.delete-order-product' ] );
+            $pos->name = __( 'POS: Delete Order Product' );
+            $pos->namespace = 'nexopos.pos.delete-order-product';
+            $pos->description = __( 'Let the user delete order products on POS.' );
+            $pos->save();
+
+            /**
+             * @var Role
+             */
+            $admin = Role::firstOrNew( [ 'namespace' => Role::ADMIN ] );
+
+            /**
+             * @var Role
+             */
+            $storeAdmin = Role::firstOrNew( [ 'namespace' => Role::STOREADMIN ] );
+
+            $admin->addPermissions( $pos );
+            $storeAdmin->addPermissions( $pos );
+        }        
+    }
+
+    /**
+     * Reverse the migrations.
+     */
+    public function down(): void
+    {
+        $permission = Permission::namespace( 'nexopos.pos.delete-order-product' );
+        $permission->removeFromRoles();
+        $permission->delete();
+    }
+};
diff --git a/database/permissions/admin-role.php b/database/permissions/admin-role.php
@@ -51,5 +51,4 @@
 $admin->addPermissions( Permission::includes( '.units' )->get()->map( fn( $permission ) => $permission->namespace ) );
 $admin->addPermissions( Permission::includes( '.manage-payments-types' )->get()->map( fn( $permission ) => $permission->namespace ) );
 $admin->addPermissions( Permission::includes( '.pos' )->get()->map( fn( $permission ) => $permission->namespace ) );
-$admin->addPermissions( Permission::includes( '.pos' )->get()->map( fn( $permission ) => $permission->namespace ) );
 $admin->addPermissions( Permission::includes( '-widget' )->get()->map( fn( $permission ) => $permission->namespace ) );
diff --git a/database/permissions/pos.php b/database/permissions/pos.php
@@ -33,3 +33,11 @@
     $pos->description = __( 'Let the user add discount on cart.' );
     $pos->save();
 }
+
+if ( ! Permission::namespace( 'nexopos.pos.delete-order-product' ) instanceof Permission ) {
+    $pos = Permission::firstOrNew( [ 'namespace' => 'nexopos.pos.delete-order-product' ] );
+    $pos->name = __( 'POS: Delete Order Products' );
+    $pos->namespace = 'nexopos.pos.delete-order-product';
+    $pos->description = __( 'Let the user delete order products on POS.' );
+    $pos->save();
+}
diff --git a/resources/ts/pos-init.ts b/resources/ts/pos-init.ts
@@ -24,6 +24,7 @@ import { nsCurrency } from "./filters/currency";
 import Print from "./libraries/print";
 import Tax from "./libraries/tax";
 import * as math from "mathjs"
+import nsPosLoadingPopupVue from "./popups/ns-pos-loading-popup.vue";
 
 
 /**
@@ -1575,8 +1576,43 @@ export class POS {
         this._types.next(types);
     }
 
-    removeProductUsingIndex(index) {
+    async removeProductUsingIndex(index) {
         const products = this._products.getValue();
+        const product   =   products[index];
+
+        /**
+         * if the product is persistent,
+         * we should check on the database if the user is allowed
+         * to delete those products.
+         */
+        if ( product.id ) {
+            try {
+                await new Promise((resolve, reject) => {
+                    const popup = Popup.show( nsPosLoadingPopupVue );
+                    nsHttpClient.post(`/api/users/check-permission/`, {
+                        permission: 'nexopos.pos.delete-order-product'
+                    }).subscribe({
+                        next: (response: any) => {
+                            popup.close();
+                            resolve( response );
+                        },
+                        error: error => {
+                            popup.close();
+                            reject( error );
+                        }
+                    })
+                });
+
+                this.resumeRemovingProductUsingIndex( index, products );
+            } catch( exception ) {
+                nsNotice.error( __( 'Forbidden Action' ), __( 'You are not allowed to remove this product.' ) );
+            }
+        } else {
+            this.resumeRemovingProductUsingIndex( index, products );
+        }
+    }
+
+    private resumeRemovingProductUsingIndex( index, products ) {
         products.splice(index, 1);
         this.products.next(products);
         nsHooks.doAction( 'ns-after-cart-changed' );
diff --git a/routes/api/users.php b/routes/api/users.php
@@ -12,3 +12,4 @@
 Route::post( '/users/create-token', [ UsersController::class, 'createToken' ] );
 Route::get( '/users/tokens', [ UsersController::class, 'getTokens' ] );
 Route::delete( '/users/tokens/{id}', [ UsersController::class, 'deleteToken' ] );
+Route::post( '/users/check-permission', [ UsersController::class, 'checkPermission' ] );

Original file line number	Diff line number	Diff line change
`@@ -364,4 +364,10 @@ public function deleteToken( $tokenId, ?User $user = null )`
`364`	`364`	`'message' => __( 'The token has been successfully deleted.' ),`
`365`	`365`	`];`
`366`	`366`	`}`
	`367`	`+`
	`368`	`+ public function checkPermission( $permission, ?User $user = null ): bool`
	`369`	`+ {`
	`370`	`+ ns()->restrict( $permission );`
	`371`	`+ return true;`
	`372`	`+ }`
`367`	`373`	`}`