diff --git a/app/JsonApi/V3/Accounts/AccountResource.php b/app/JsonApi/V3/Accounts/AccountResource.php new file mode 100644 index 0000000000..a289f9a39a --- /dev/null +++ b/app/JsonApi/V3/Accounts/AccountResource.php @@ -0,0 +1,50 @@ + $this->resource->created_at, + 'updated_at' => $this->resource->updated_at, + 'name' => $this->resource->name, + 'account_type' => $this->resource->accountType->type, + 'virtual_balance' => $this->resource->virtual_balance, + 'iban' => $this->resource->iban, + 'active' => $this->resource->active, + 'order' => $this->resource->order, + ]; + } + + /** + * Get the resource's relationships. + * + * @param Request|null $request + * + * @return iterable + */ + public function relationships($request): iterable + { + return [ + 'user' => $this->relation('user') + ]; + } + +} diff --git a/app/JsonApi/V3/Accounts/AccountSchema.php b/app/JsonApi/V3/Accounts/AccountSchema.php new file mode 100644 index 0000000000..531959d9e4 --- /dev/null +++ b/app/JsonApi/V3/Accounts/AccountSchema.php @@ -0,0 +1,71 @@ +sortable()->readOnly(), + DateTime::make('updated_at')->sortable()->readOnly(), + Str::make('name')->sortable(), + Str::make('account_type'), + Str::make('virtual_balance'), + Str::make('iban'), + Boolean::make('active'), + Number::make('order'), + HasOne::make('user'), + ]; + } + + /** + * Get the resource filters. + * + * @return array + */ + public function filters(): array + { + return [ + WhereIdIn::make($this), + ]; + } + + /** + * Get the resource paginator. + * + * @return Paginator|null + */ + public function pagination(): ?Paginator + { + return PagePagination::make(); + } + +} diff --git a/app/JsonApi/V3/Users/UserResource.php b/app/JsonApi/V3/Users/UserResource.php new file mode 100644 index 0000000000..0a6d1be766 --- /dev/null +++ b/app/JsonApi/V3/Users/UserResource.php @@ -0,0 +1,42 @@ + $this->resource->created_at, + 'updated_at' => $this->resource->updated_at, + ]; + } + + /** + * Get the resource's relationships. + * + * @param Request|null $request + * @return iterable + */ + public function relationships($request): iterable + { + return [ + // @TODO + ]; + } + +} diff --git a/app/JsonApi/V3/Users/UserSchema.php b/app/JsonApi/V3/Users/UserSchema.php index 00dc8e0363..ef56aa5284 100644 --- a/app/JsonApi/V3/Users/UserSchema.php +++ b/app/JsonApi/V3/Users/UserSchema.php @@ -32,7 +32,7 @@ class UserSchema extends Schema ID::make(), DateTime::make('created_at')->sortable()->readOnly(), DateTime::make('created_at')->sortable()->readOnly(), - HasMany::make('accounts'), + //HasMany::make('accounts'), ]; } diff --git a/app/Policies/AccountPolicy.php b/app/Policies/AccountPolicy.php index c1ed85f04d..d0394bfce6 100644 --- a/app/Policies/AccountPolicy.php +++ b/app/Policies/AccountPolicy.php @@ -39,6 +39,7 @@ class AccountPolicy */ public function view(User $user, Account $account): bool { + return true; return auth()->check() && $user->id === $account->user_id; } @@ -49,6 +50,7 @@ class AccountPolicy */ public function viewAny(): bool { + return true; return auth()->check(); } } diff --git a/app/Policies/UserPolicy.php b/app/Policies/UserPolicy.php index 4c6cec2c65..2d043d77c9 100644 --- a/app/Policies/UserPolicy.php +++ b/app/Policies/UserPolicy.php @@ -23,7 +23,33 @@ declare(strict_types=1); namespace FireflyIII\Policies; +use FireflyIII\Models\Account; +use FireflyIII\User; + class UserPolicy { + /** + * TODO needs better authentication. + * + * @param User $user + * @param Account $account + * + * @return bool + */ + public function view(User $user, Account $account): bool + { + return true; + return auth()->check() && $user->id === $account->user_id; + } + /** + * Everybody can do this, but selection should limit to user. + * + * @return true + */ + public function viewAny(): bool + { + return true; + return auth()->check(); + } }