bug fix access control

2025-10-01 15:51:33 +03:30 · 2025-10-01 15:51:33 +03:30 · fb037a8299
parent 61ff2d4ca7
commit fb037a8299
3 changed files with 22 additions and 9 deletions
--- a/hesabixCore/src/Controller/BankController.php
+++ b/hesabixCore/src/Controller/BankController.php
@ -59,8 +59,8 @@ class BankController extends AbstractController
                ->getQuery()
                ->getResult();
            foreach ($items as $item) {
-                $bs += $item->getBs();
-                $bd += $item->getBd();
+                $bs += (float) $item->getBs();
+                $bd += (float) $item->getBd();
            }
            $data->setBalance($bd - $bs);
        }
--- a/hesabixCore/src/Controller/CashdeskController.php
+++ b/hesabixCore/src/Controller/CashdeskController.php
@ -61,8 +61,8 @@ class CashdeskController extends AbstractController
                ->getQuery()
                ->getResult();
            foreach ($items as $item) {
-                $bs += $item->getBs();
-                $bd += $item->getBd();
+                $bs += (float) $item->getBs();
+                $bd += (float) $item->getBd();
            }
            $data->setBalance($bd - $bs);
            $resp[] = Explore::ExploreCashdesk($data);
@ -206,8 +206,8 @@ class CashdeskController extends AbstractController
                ->getQuery()
                ->getResult();
            foreach ($items as $item) {
-                $bs += $item->getBs();
-                $bd += $item->getBd();
+                $bs += (float) $item->getBs();
+                $bd += (float) $item->getBd();
            }
            $data->setBalance($bd - $bs);
        }
@ -255,8 +255,8 @@ class CashdeskController extends AbstractController
            ->getResult();

        foreach ($items as $item) {
-            $bs += $item->getBs();
-            $bd += $item->getBd();
+            $bs += (float) $item->getBs();
+            $bd += (float) $item->getBd();
        }

        return $this->json([
--- a/hesabixCore/src/Service/Access.php
+++ b/hesabixCore/src/Service/Access.php
@ -144,13 +144,26 @@ class Access
            }
        }
        
+        // normalize incoming role names to match Permission getters
+        $normalizeMap = [
+            'bank' => 'banks',
+            'transfer' => 'bankTransfer',
+            'person_receive' => 'person',
+            'person_send' => 'person',
+            'sell_receive' => 'sell',
+            'buy_send' => 'buy',
+            'all' => 'accounting',
+        ];
+        if (isset($normalizeMap[$roll])) {
+            $roll = $normalizeMap[$roll];
+        }
        $methodName = 'is' . ucfirst($roll);
        $permission = $this->em->getRepository(Permission::class)->findOneBy([
           'bid'=>$bid,
           'user'=>$this->user
        ]);
        if($permission){
-            if($permission->{$methodName}())
+            if(method_exists($permission, $methodName) && $permission->{$methodName}())
                return $accessArray;
        }
        return false;