Commit 3e72b71b authored by Pardeep Sahu's avatar Pardeep Sahu

targets dealer restriction in url

parent fe5f64fb
Pipeline #2601 passed with stage
in 26 seconds
......@@ -1328,6 +1328,7 @@ class AsmController extends Controller
$query->where('dealer_id', $request->dealer_id);
}
})
->whereIn('dealer_id', $d_ids)
->whereYear('month', $year)
->whereMonth('month', $month)
->paginate(10);
......
......@@ -959,6 +959,7 @@ class RsmController extends Controller
$query->where('dealer_id', $request->dealer_id);
}
})
->whereIn('dealer_id', $d_ids)
->whereYear('month', $year)
->whereMonth('month', $month)
->paginate(10);
......
......@@ -958,6 +958,7 @@ class SseController extends Controller
$query->where('dealer_id', $request->dealer_id);
}
})
->whereIn('dealer_id', $d_ids)
->whereYear('month', $year)
->whereMonth('month', $month)
->paginate(10);
......
......@@ -30,7 +30,21 @@ class AuthenticateResource
return redirect()->back()->with('error', 'Invalid activity');
}
}
$dealersArray = get_reporting_authorities_dealer($loggedInUser);
if (str_contains($request->getRequestUri(), 'asm/targets')) {
if (!empty(request()->dealer_id) && !in_array(request()->dealer_id, $dealersArray)) {
return redirect()->back()->with('error', 'Invalid activity');
}
} else if (str_contains($request->getRequestUri(), 'rsm/targets')) {
if (!empty(request()->dealer_id) && !in_array(request()->dealer_id, $dealersArray)) {
return redirect()->back()->with('error', 'Invalid activity');
}
} else if (str_contains($request->getRequestUri(), 'sse/targets')) {
if (!empty(request()->dealer_id) && !in_array(request()->dealer_id, $dealersArray)) {
return redirect()->back()->with('error', 'Invalid activity');
}
}
return $next($request);
}
}
......@@ -487,6 +487,20 @@ function get_dealers($firm_id)
return @$result;
}
//get asm
function get_reporting_authorities_dealer($user_id)
{
$getDealers = DB::table('users')->where(['role' => 2, 'status' => 1])->select('id', 'name', 'reporting_authority')->orderBy('name', 'asc')->get();
$d_ids = array();
foreach ($getDealers as $key => $value) {
$authorities = explode(",", $getDealers[$key]->reporting_authority);
if (in_array($user_id, $authorities)) {
$d_ids[] = $getDealers[$key]->id;
}
}
return $d_ids;
}
// get Firm short code
function get_firm_short_code($id = NULL)
{
......
......@@ -381,7 +381,7 @@ Route::group(['prefix' => 'asm', 'as' => 'asm::', 'middleware' => ['web', 'asm']
Route::get('/statusEmpHierarchy/{status}/{id}', 'AsmController@statusEmpHierarchy');
// Target Module
Route::get('targets', 'AsmController@targets');
Route::get('targets', 'AsmController@targets')->middleware('authenticate');
Route::get('targetListing/{dealer_id}/{temp_id}/{target_id}', 'AsmController@targetListing');
Route::get('editTarget/{target_id}', 'AsmController@editTarget');
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment