add 503 setting migration

Checked new functionalities from the 5.0 update.

.editorconfig

@@ -19,4 +19,7 @@ indent_size = 2
 indent_size = 2
 
 [*.js]
-indent_size = 2
+indent_size = 2
+
+[*.json]
+indent_size = 2

.env.example

@@ -34,3 +34,5 @@ PUSHER_SECRET=
 
 SANCTUM_STATEFUL_DOMAINS=crater.test
 SESSION_DOMAIN=crater.test
+
+TRUSTED_PROXIES="*"

.env.testing

@@ -9,5 +9,5 @@ MAIL_PORT=587
 MAIL_USERNAME=ff538f0e1037f4
 MAIL_PASSWORD=c04c81145fcb73
 MAIL_ENCRYPTION=tls
-MAIL_FROM_ADDRESS="admin@crater.com"
+MAIL_FROM_ADDRESS="admin@craterapp.com"
 MAIL_FROM_NAME="John Doe"

.eslintrc.js

@@ -1,20 +1,14 @@
+// .eslintrc.js
+
 module.exports = {
-  root: true,
-  env: {
-    node: true,
-  },
   extends: [
-    'plugin:vue/recommended',
-    'eslint:recommended',
-    'prettier/vue',
-    'plugin:prettier/recommended',
+    // add more generic rulesets here, such as:
+    // 'eslint:recommended',
+    "plugin:vue/vue3-recommended",
+    "prettier",
   ],
-  parserOptions: {
-    parser: 'babel-eslint',
-  },
-  plugins: ['prettier'],
   rules: {
-    'no-console': process.env.NODE_ENV === 'production' ? 'error' : 'off',
-    'no-debugger': process.env.NODE_ENV === 'production' ? 'error' : 'off',
+    // override/add rules settings here, such as:
+    // 'vue/no-unused-vars': 'error'
   },
-}
+};

.github/workflows/ci.yaml

@@ -0,0 +1,37 @@
+name: CI
+
+on: [push, pull_request]
+
+jobs:
+  build-test:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        php: ['7.4', '8.0']
+
+    name: PHP ${{ matrix.php }}
+
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v2
+
+    - name: Install dependencies
+      uses: shivammathur/setup-php@v2
+      with:
+        php-version: ${{ matrix.php }}
+        extensions: exif
+
+    - name: Install PHP 7 dependencies
+      run: composer update --no-interaction --no-progress
+      if: "matrix.php < 8"
+
+    - name: Install PHP 8 dependencies
+      run: composer update --ignore-platform-req=php --no-interaction --no-progress
+      if: "matrix.php >= 8"
+
+    - name: Check coding style
+      run: ./vendor/bin/php-cs-fixer fix -v --dry-run --using-cache=no --config=.php-cs-fixer.dist.php
+
+    - name: Unit Tests
+      run: php ./vendor/bin/pest

.gitignore

@@ -11,4 +11,4 @@ Homestead.yaml
 .rnd
 /.expo
 /.vscode
-/docker-compose/db/data/
+/docker-compose/db/data/

.php-cs-fixer.dist.php

@@ -0,0 +1,42 @@
+<?php
+
+$finder = PhpCsFixer\Finder::create()
+    ->in(__DIR__)
+    ->exclude(['bootstrap', 'storage', 'vendor'])
+    ->name('*.php')
+    ->name('_ide_helper')
+    ->notName('*.blade.php')
+    ->ignoreDotFiles(true)
+    ->ignoreVCS(true);
+
+$rules = [
+    '@PSR12' => true,
+    'array_syntax' => ['syntax' => 'short'],
+    'ordered_imports' => ['sort_algorithm' => 'alpha'],
+    'concat_space' => true,
+    'no_unused_imports' => true,
+    'not_operator_with_successor_space' => true,
+    'phpdoc_scalar' => true,
+    'unary_operator_spaces' => true,
+    'binary_operator_spaces' => true,
+    'blank_line_before_statement' => [
+        'statements' => ['break', 'continue', 'declare', 'return', 'throw', 'try'],
+    ],
+    'phpdoc_single_line_var_spacing' => true,
+    'phpdoc_var_without_name' => true,
+    'class_attributes_separation' => [
+        'elements' => [
+            'method' => 'one',
+            'property' => 'one',
+        ],
+    ],
+    'method_argument_space' => [
+        'on_multiline' => 'ensure_fully_multiline',
+        'keep_multiple_spaces_after_comma' => true,
+    ],
+];
+
+return (new PhpCsFixer\Config())
+    ->setUsingCache(true)
+    ->setRules($rules)
+    ->setFinder($finder);

Dockerfile

@@ -12,18 +12,19 @@ RUN apt-get update && apt-get install -y \
     libonig-dev \
     libxml2-dev \
     zip \
-    unzip \ 
-    libzip-dev \ 
-    libmagickwand-dev
+    unzip \
+    libzip-dev \
+    libmagickwand-dev \
+    mariadb-client
 
 # Clear cache
 RUN apt-get clean && rm -rf /var/lib/apt/lists/*
 
-RUN pecl install imagick \ 
+RUN pecl install imagick \
     && docker-php-ext-enable imagick
 
 # Install PHP extensions
-RUN docker-php-ext-install pdo_mysql mbstring zip exif pcntl bcmath gd 
+RUN docker-php-ext-install pdo_mysql mbstring zip exif pcntl bcmath gd
 
 # Get latest Composer
 COPY --from=composer:latest /usr/bin/composer /usr/bin/composer

LICENSE

@@ -1,47 +1,661 @@
-Copyright (c) 2019 by Bytefury
-Crater Invoice * https://www.craterapp.com
-"Easy Invoicing"
+                    GNU AFFERO GENERAL PUBLIC LICENSE
+                       Version 3, 19 November 2007
 
-All Rights Reserved
-ATTRIBUTION ASSURANCE LICENSE (adapted from the original BSD license)
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the conditions below are met.
-These conditions require a modest attribution to CraterApp.com (the
-"Author"), who hopes that its promotional value may help justify the
-thousands of dollars in otherwise billable time invested in writing
-this and other freely available, open-source software.
+ Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
 
-1. Redistributions of source code, in whole or part and with or without
-modification (the "Code"), must prominently display this GPG-signed
-text in verifiable form.
-2. Redistributions of the Code in binary form must be accompanied by
-this GPG-signed text in any documentation and, each time the resulting
-executable program or a program dependent thereon is launched, a
-prominent display (e.g., splash screen or banner text) of the Author's
-attribution information, which includes:
-(a) Name ("Bytefury"),
-(b) Professional identification ("Crater Invoice"), and
-(c) URL ("https://www.craterapp.com").
-3. Neither the name nor any trademark of the Author may be used to
-endorse or promote products derived from this software without specific
-prior written permission.
-4. Users are entirely responsible, to the exclusion of the Author and
-any other persons, for compliance with (1) regulations set by owners or
-administrators of employed equipment, (2) licensing terms of any other
-software, and (3) local regulations regarding use, including those
-regarding import, export, and use of encryption software.
+                            Preamble
 
-THIS FREE SOFTWARE IS PROVIDED BY THE AUTHOR "AS IS" AND
-ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
-FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
-EVENT SHALL THE AUTHOR OR ANY CONTRIBUTOR BE LIABLE FOR
-ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
-EFFECTS OF UNAUTHORIZED OR MALICIOUS NETWORK ACCESS;
-PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
-AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
-IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+  The GNU Affero General Public License is a free, copyleft license for
+software and other kinds of works, specifically designed to ensure
+cooperation with the community in the case of network server software.
+
+  The licenses for most software and other practical works are designed
+to take away your freedom to share and change the works.  By contrast,
+our General Public Licenses are intended to guarantee your freedom to
+share and change all versions of a program--to make sure it remains free
+software for all its users.
+
+  When we speak of free software, we are referring to freedom, not
+price.  Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+them if you wish), that you receive source code or can get it if you
+want it, that you can change the software or use pieces of it in new
+free programs, and that you know you can do these things.
+
+  Developers that use our General Public Licenses protect your rights
+with two steps: (1) assert copyright on the software, and (2) offer
+you this License which gives you legal permission to copy, distribute
+and/or modify the software.
+
+  A secondary benefit of defending all users' freedom is that
+improvements made in alternate versions of the program, if they
+receive widespread use, become available for other developers to
+incorporate.  Many developers of free software are heartened and
+encouraged by the resulting cooperation.  However, in the case of
+software used on network servers, this result may fail to come about.
+The GNU General Public License permits making a modified version and
+letting the public access it on a server without ever releasing its
+source code to the public.
+
+  The GNU Affero General Public License is designed specifically to
+ensure that, in such cases, the modified source code becomes available
+to the community.  It requires the operator of a network server to
+provide the source code of the modified version running there to the
+users of that server.  Therefore, public use of a modified version, on
+a publicly accessible server, gives the public access to the source
+code of the modified version.
+
+  An older license, called the Affero General Public License and
+published by Affero, was designed to accomplish similar goals.  This is
+a different license, not a version of the Affero GPL, but Affero has
+released a new version of the Affero GPL which permits relicensing under
+this license.
+
+  The precise terms and conditions for copying, distribution and
+modification follow.
+
+                       TERMS AND CONDITIONS
+
+  0. Definitions.
+
+  "This License" refers to version 3 of the GNU Affero General Public License.
+
+  "Copyright" also means copyright-like laws that apply to other kinds of
+works, such as semiconductor masks.
+
+  "The Program" refers to any copyrightable work licensed under this
+License.  Each licensee is addressed as "you".  "Licensees" and
+"recipients" may be individuals or organizations.
+
+  To "modify" a work means to copy from or adapt all or part of the work
+in a fashion requiring copyright permission, other than the making of an
+exact copy.  The resulting work is called a "modified version" of the
+earlier work or a work "based on" the earlier work.
+
+  A "covered work" means either the unmodified Program or a work based
+on the Program.
+
+  To "propagate" a work means to do anything with it that, without
+permission, would make you directly or secondarily liable for
+infringement under applicable copyright law, except executing it on a
+computer or modifying a private copy.  Propagation includes copying,
+distribution (with or without modification), making available to the
+public, and in some countries other activities as well.
+
+  To "convey" a work means any kind of propagation that enables other
+parties to make or receive copies.  Mere interaction with a user through
+a computer network, with no transfer of a copy, is not conveying.
+
+  An interactive user interface displays "Appropriate Legal Notices"
+to the extent that it includes a convenient and prominently visible
+feature that (1) displays an appropriate copyright notice, and (2)
+tells the user that there is no warranty for the work (except to the
+extent that warranties are provided), that licensees may convey the
+work under this License, and how to view a copy of this License.  If
+the interface presents a list of user commands or options, such as a
+menu, a prominent item in the list meets this criterion.
+
+  1. Source Code.
+
+  The "source code" for a work means the preferred form of the work
+for making modifications to it.  "Object code" means any non-source
+form of a work.
+
+  A "Standard Interface" means an interface that either is an official
+standard defined by a recognized standards body, or, in the case of
+interfaces specified for a particular programming language, one that
+is widely used among developers working in that language.
+
+  The "System Libraries" of an executable work include anything, other
+than the work as a whole, that (a) is included in the normal form of
+packaging a Major Component, but which is not part of that Major
+Component, and (b) serves only to enable use of the work with that
+Major Component, or to implement a Standard Interface for which an
+implementation is available to the public in source code form.  A
+"Major Component", in this context, means a major essential component
+(kernel, window system, and so on) of the specific operating system
+(if any) on which the executable work runs, or a compiler used to
+produce the work, or an object code interpreter used to run it.
+
+  The "Corresponding Source" for a work in object code form means all
+the source code needed to generate, install, and (for an executable
+work) run the object code and to modify the work, including scripts to
+control those activities.  However, it does not include the work's
+System Libraries, or general-purpose tools or generally available free
+programs which are used unmodified in performing those activities but
+which are not part of the work.  For example, Corresponding Source
+includes interface definition files associated with source files for
+the work, and the source code for shared libraries and dynamically
+linked subprograms that the work is specifically designed to require,
+such as by intimate data communication or control flow between those
+subprograms and other parts of the work.
+
+  The Corresponding Source need not include anything that users
+can regenerate automatically from other parts of the Corresponding
+Source.
+
+  The Corresponding Source for a work in source code form is that
+same work.
+
+  2. Basic Permissions.
+
+  All rights granted under this License are granted for the term of
+copyright on the Program, and are irrevocable provided the stated
+conditions are met.  This License explicitly affirms your unlimited
+permission to run the unmodified Program.  The output from running a
+covered work is covered by this License only if the output, given its
+content, constitutes a covered work.  This License acknowledges your
+rights of fair use or other equivalent, as provided by copyright law.
+
+  You may make, run and propagate covered works that you do not
+convey, without conditions so long as your license otherwise remains
+in force.  You may convey covered works to others for the sole purpose
+of having them make modifications exclusively for you, or provide you
+with facilities for running those works, provided that you comply with
+the terms of this License in conveying all material for which you do
+not control copyright.  Those thus making or running the covered works
+for you must do so exclusively on your behalf, under your direction
+and control, on terms that prohibit them from making any copies of
+your copyrighted material outside their relationship with you.
+
+  Conveying under any other circumstances is permitted solely under
+the conditions stated below.  Sublicensing is not allowed; section 10
+makes it unnecessary.
+
+  3. Protecting Users' Legal Rights From Anti-Circumvention Law.
+
+  No covered work shall be deemed part of an effective technological
+measure under any applicable law fulfilling obligations under article
+11 of the WIPO copyright treaty adopted on 20 December 1996, or
+similar laws prohibiting or restricting circumvention of such
+measures.
+
+  When you convey a covered work, you waive any legal power to forbid
+circumvention of technological measures to the extent such circumvention
+is effected by exercising rights under this License with respect to
+the covered work, and you disclaim any intention to limit operation or
+modification of the work as a means of enforcing, against the work's
+users, your or third parties' legal rights to forbid circumvention of
+technological measures.
+
+  4. Conveying Verbatim Copies.
+
+  You may convey verbatim copies of the Program's source code as you
+receive it, in any medium, provided that you conspicuously and
+appropriately publish on each copy an appropriate copyright notice;
+keep intact all notices stating that this License and any
+non-permissive terms added in accord with section 7 apply to the code;
+keep intact all notices of the absence of any warranty; and give all
+recipients a copy of this License along with the Program.
+
+  You may charge any price or no price for each copy that you convey,
+and you may offer support or warranty protection for a fee.
+
+  5. Conveying Modified Source Versions.
+
+  You may convey a work based on the Program, or the modifications to
+produce it from the Program, in the form of source code under the
+terms of section 4, provided that you also meet all of these conditions:
+
+    a) The work must carry prominent notices stating that you modified
+    it, and giving a relevant date.
+
+    b) The work must carry prominent notices stating that it is
+    released under this License and any conditions added under section
+    7.  This requirement modifies the requirement in section 4 to
+    "keep intact all notices".
+
+    c) You must license the entire work, as a whole, under this
+    License to anyone who comes into possession of a copy.  This
+    License will therefore apply, along with any applicable section 7
+    additional terms, to the whole of the work, and all its parts,
+    regardless of how they are packaged.  This License gives no
+    permission to license the work in any other way, but it does not
+    invalidate such permission if you have separately received it.
+
+    d) If the work has interactive user interfaces, each must display
+    Appropriate Legal Notices; however, if the Program has interactive
+    interfaces that do not display Appropriate Legal Notices, your
+    work need not make them do so.
+
+  A compilation of a covered work with other separate and independent
+works, which are not by their nature extensions of the covered work,
+and which are not combined with it such as to form a larger program,
+in or on a volume of a storage or distribution medium, is called an
+"aggregate" if the compilation and its resulting copyright are not
+used to limit the access or legal rights of the compilation's users
+beyond what the individual works permit.  Inclusion of a covered work
+in an aggregate does not cause this License to apply to the other
+parts of the aggregate.
+
+  6. Conveying Non-Source Forms.
+
+  You may convey a covered work in object code form under the terms
+of sections 4 and 5, provided that you also convey the
+machine-readable Corresponding Source under the terms of this License,
+in one of these ways:
+
+    a) Convey the object code in, or embodied in, a physical product
+    (including a physical distribution medium), accompanied by the
+    Corresponding Source fixed on a durable physical medium
+    customarily used for software interchange.
+
+    b) Convey the object code in, or embodied in, a physical product
+    (including a physical distribution medium), accompanied by a
+    written offer, valid for at least three years and valid for as
+    long as you offer spare parts or customer support for that product
+    model, to give anyone who possesses the object code either (1) a
+    copy of the Corresponding Source for all the software in the
+    product that is covered by this License, on a durable physical
+    medium customarily used for software interchange, for a price no
+    more than your reasonable cost of physically performing this
+    conveying of source, or (2) access to copy the
+    Corresponding Source from a network server at no charge.
+
+    c) Convey individual copies of the object code with a copy of the
+    written offer to provide the Corresponding Source.  This
+    alternative is allowed only occasionally and noncommercially, and
+    only if you received the object code with such an offer, in accord
+    with subsection 6b.
+
+    d) Convey the object code by offering access from a designated
+    place (gratis or for a charge), and offer equivalent access to the
+    Corresponding Source in the same way through the same place at no
+    further charge.  You need not require recipients to copy the
+    Corresponding Source along with the object code.  If the place to
+    copy the object code is a network server, the Corresponding Source
+    may be on a different server (operated by you or a third party)
+    that supports equivalent copying facilities, provided you maintain
+    clear directions next to the object code saying where to find the
+    Corresponding Source.  Regardless of what server hosts the
+    Corresponding Source, you remain obligated to ensure that it is
+    available for as long as needed to satisfy these requirements.
+
+    e) Convey the object code using peer-to-peer transmission, provided
+    you inform other peers where the object code and Corresponding
+    Source of the work are being offered to the general public at no
+    charge under subsection 6d.
+
+  A separable portion of the object code, whose source code is excluded
+from the Corresponding Source as a System Library, need not be
+included in conveying the object code work.
+
+  A "User Product" is either (1) a "consumer product", which means any
+tangible personal property which is normally used for personal, family,
+or household purposes, or (2) anything designed or sold for incorporation
+into a dwelling.  In determining whether a product is a consumer product,
+doubtful cases shall be resolved in favor of coverage.  For a particular
+product received by a particular user, "normally used" refers to a
+typical or common use of that class of product, regardless of the status
+of the particular user or of the way in which the particular user
+actually uses, or expects or is expected to use, the product.  A product
+is a consumer product regardless of whether the product has substantial
+commercial, industrial or non-consumer uses, unless such uses represent
+the only significant mode of use of the product.
+
+  "Installation Information" for a User Product means any methods,
+procedures, authorization keys, or other information required to install
+and execute modified versions of a covered work in that User Product from
+a modified version of its Corresponding Source.  The information must
+suffice to ensure that the continued functioning of the modified object
+code is in no case prevented or interfered with solely because
+modification has been made.
+
+  If you convey an object code work under this section in, or with, or
+specifically for use in, a User Product, and the conveying occurs as
+part of a transaction in which the right of possession and use of the
+User Product is transferred to the recipient in perpetuity or for a
+fixed term (regardless of how the transaction is characterized), the
+Corresponding Source conveyed under this section must be accompanied
+by the Installation Information.  But this requirement does not apply
+if neither you nor any third party retains the ability to install
+modified object code on the User Product (for example, the work has
+been installed in ROM).
+
+  The requirement to provide Installation Information does not include a
+requirement to continue to provide support service, warranty, or updates
+for a work that has been modified or installed by the recipient, or for
+the User Product in which it has been modified or installed.  Access to a
+network may be denied when the modification itself materially and
+adversely affects the operation of the network or violates the rules and
+protocols for communication across the network.
+
+  Corresponding Source conveyed, and Installation Information provided,
+in accord with this section must be in a format that is publicly
+documented (and with an implementation available to the public in
+source code form), and must require no special password or key for
+unpacking, reading or copying.
+
+  7. Additional Terms.
+
+  "Additional permissions" are terms that supplement the terms of this
+License by making exceptions from one or more of its conditions.
+Additional permissions that are applicable to the entire Program shall
+be treated as though they were included in this License, to the extent
+that they are valid under applicable law.  If additional permissions
+apply only to part of the Program, that part may be used separately
+under those permissions, but the entire Program remains governed by
+this License without regard to the additional permissions.
+
+  When you convey a copy of a covered work, you may at your option
+remove any additional permissions from that copy, or from any part of
+it.  (Additional permissions may be written to require their own
+removal in certain cases when you modify the work.)  You may place
+additional permissions on material, added by you to a covered work,
+for which you have or can give appropriate copyright permission.
+
+  Notwithstanding any other provision of this License, for material you
+add to a covered work, you may (if authorized by the copyright holders of
+that material) supplement the terms of this License with terms:
+
+    a) Disclaiming warranty or limiting liability differently from the
+    terms of sections 15 and 16 of this License; or
+
+    b) Requiring preservation of specified reasonable legal notices or
+    author attributions in that material or in the Appropriate Legal
+    Notices displayed by works containing it; or
+
+    c) Prohibiting misrepresentation of the origin of that material, or
+    requiring that modified versions of such material be marked in
+    reasonable ways as different from the original version; or
+
+    d) Limiting the use for publicity purposes of names of licensors or
+    authors of the material; or
+
+    e) Declining to grant rights under trademark law for use of some
+    trade names, trademarks, or service marks; or
+
+    f) Requiring indemnification of licensors and authors of that
+    material by anyone who conveys the material (or modified versions of
+    it) with contractual assumptions of liability to the recipient, for
+    any liability that these contractual assumptions directly impose on
+    those licensors and authors.
+
+  All other non-permissive additional terms are considered "further
+restrictions" within the meaning of section 10.  If the Program as you
+received it, or any part of it, contains a notice stating that it is
+governed by this License along with a term that is a further
+restriction, you may remove that term.  If a license document contains
+a further restriction but permits relicensing or conveying under this
+License, you may add to a covered work material governed by the terms
+of that license document, provided that the further restriction does
+not survive such relicensing or conveying.
+
+  If you add terms to a covered work in accord with this section, you
+must place, in the relevant source files, a statement of the
+additional terms that apply to those files, or a notice indicating
+where to find the applicable terms.
+
+  Additional terms, permissive or non-permissive, may be stated in the
+form of a separately written license, or stated as exceptions;
+the above requirements apply either way.
+
+  8. Termination.
+
+  You may not propagate or modify a covered work except as expressly
+provided under this License.  Any attempt otherwise to propagate or
+modify it is void, and will automatically terminate your rights under
+this License (including any patent licenses granted under the third
+paragraph of section 11).
+
+  However, if you cease all violation of this License, then your
+license from a particular copyright holder is reinstated (a)
+provisionally, unless and until the copyright holder explicitly and
+finally terminates your license, and (b) permanently, if the copyright
+holder fails to notify you of the violation by some reasonable means
+prior to 60 days after the cessation.
+
+  Moreover, your license from a particular copyright holder is
+reinstated permanently if the copyright holder notifies you of the
+violation by some reasonable means, this is the first time you have
+received notice of violation of this License (for any work) from that
+copyright holder, and you cure the violation prior to 30 days after
+your receipt of the notice.
+
+  Termination of your rights under this section does not terminate the
+licenses of parties who have received copies or rights from you under
+this License.  If your rights have been terminated and not permanently
+reinstated, you do not qualify to receive new licenses for the same
+material under section 10.
+
+  9. Acceptance Not Required for Having Copies.
+
+  You are not required to accept this License in order to receive or
+run a copy of the Program.  Ancillary propagation of a covered work
+occurring solely as a consequence of using peer-to-peer transmission
+to receive a copy likewise does not require acceptance.  However,
+nothing other than this License grants you permission to propagate or
+modify any covered work.  These actions infringe copyright if you do
+not accept this License.  Therefore, by modifying or propagating a
+covered work, you indicate your acceptance of this License to do so.
+
+  10. Automatic Licensing of Downstream Recipients.
+
+  Each time you convey a covered work, the recipient automatically
+receives a license from the original licensors, to run, modify and
+propagate that work, subject to this License.  You are not responsible
+for enforcing compliance by third parties with this License.
+
+  An "entity transaction" is a transaction transferring control of an
+organization, or substantially all assets of one, or subdividing an
+organization, or merging organizations.  If propagation of a covered
+work results from an entity transaction, each party to that
+transaction who receives a copy of the work also receives whatever
+licenses to the work the party's predecessor in interest had or could
+give under the previous paragraph, plus a right to possession of the
+Corresponding Source of the work from the predecessor in interest, if
+the predecessor has it or can get it with reasonable efforts.
+
+  You may not impose any further restrictions on the exercise of the
+rights granted or affirmed under this License.  For example, you may
+not impose a license fee, royalty, or other charge for exercise of
+rights granted under this License, and you may not initiate litigation
+(including a cross-claim or counterclaim in a lawsuit) alleging that
+any patent claim is infringed by making, using, selling, offering for
+sale, or importing the Program or any portion of it.
+
+  11. Patents.
+
+  A "contributor" is a copyright holder who authorizes use under this
+License of the Program or a work on which the Program is based.  The
+work thus licensed is called the contributor's "contributor version".
+
+  A contributor's "essential patent claims" are all patent claims
+owned or controlled by the contributor, whether already acquired or
+hereafter acquired, that would be infringed by some manner, permitted
+by this License, of making, using, or selling its contributor version,
+but do not include claims that would be infringed only as a
+consequence of further modification of the contributor version.  For
+purposes of this definition, "control" includes the right to grant
+patent sublicenses in a manner consistent with the requirements of
+this License.
+
+  Each contributor grants you a non-exclusive, worldwide, royalty-free
+patent license under the contributor's essential patent claims, to
+make, use, sell, offer for sale, import and otherwise run, modify and
+propagate the contents of its contributor version.
+
+  In the following three paragraphs, a "patent license" is any express
+agreement or commitment, however denominated, not to enforce a patent
+(such as an express permission to practice a patent or covenant not to
+sue for patent infringement).  To "grant" such a patent license to a
+party means to make such an agreement or commitment not to enforce a
+patent against the party.
+
+  If you convey a covered work, knowingly relying on a patent license,
+and the Corresponding Source of the work is not available for anyone
+to copy, free of charge and under the terms of this License, through a
+publicly available network server or other readily accessible means,
+then you must either (1) cause the Corresponding Source to be so
+available, or (2) arrange to deprive yourself of the benefit of the
+patent license for this particular work, or (3) arrange, in a manner
+consistent with the requirements of this License, to extend the patent
+license to downstream recipients.  "Knowingly relying" means you have
+actual knowledge that, but for the patent license, your conveying the
+covered work in a country, or your recipient's use of the covered work
+in a country, would infringe one or more identifiable patents in that
+country that you have reason to believe are valid.
+
+  If, pursuant to or in connection with a single transaction or
+arrangement, you convey, or propagate by procuring conveyance of, a
+covered work, and grant a patent license to some of the parties
+receiving the covered work authorizing them to use, propagate, modify
+or convey a specific copy of the covered work, then the patent license
+you grant is automatically extended to all recipients of the covered
+work and works based on it.
+
+  A patent license is "discriminatory" if it does not include within
+the scope of its coverage, prohibits the exercise of, or is
+conditioned on the non-exercise of one or more of the rights that are
+specifically granted under this License.  You may not convey a covered
+work if you are a party to an arrangement with a third party that is
+in the business of distributing software, under which you make payment
+to the third party based on the extent of your activity of conveying
+the work, and under which the third party grants, to any of the
+parties who would receive the covered work from you, a discriminatory
+patent license (a) in connection with copies of the covered work
+conveyed by you (or copies made from those copies), or (b) primarily
+for and in connection with specific products or compilations that
+contain the covered work, unless you entered into that arrangement,
+or that patent license was granted, prior to 28 March 2007.
+
+  Nothing in this License shall be construed as excluding or limiting
+any implied license or other defenses to infringement that may
+otherwise be available to you under applicable patent law.
+
+  12. No Surrender of Others' Freedom.
+
+  If conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License.  If you cannot convey a
+covered work so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you may
+not convey it at all.  For example, if you agree to terms that obligate you
+to collect a royalty for further conveying from those to whom you convey
+the Program, the only way you could satisfy both those terms and this
+License would be to refrain entirely from conveying the Program.
+
+  13. Remote Network Interaction; Use with the GNU General Public License.
+
+  Notwithstanding any other provision of this License, if you modify the
+Program, your modified version must prominently offer all users
+interacting with it remotely through a computer network (if your version
+supports such interaction) an opportunity to receive the Corresponding
+Source of your version by providing access to the Corresponding Source
+from a network server at no charge, through some standard or customary
+means of facilitating copying of software.  This Corresponding Source
+shall include the Corresponding Source for any work covered by version 3
+of the GNU General Public License that is incorporated pursuant to the
+following paragraph.
+
+  Notwithstanding any other provision of this License, you have
+permission to link or combine any covered work with a work licensed
+under version 3 of the GNU General Public License into a single
+combined work, and to convey the resulting work.  The terms of this
+License will continue to apply to the part which is the covered work,
+but the work with which it is combined will remain governed by version
+3 of the GNU General Public License.
+
+  14. Revised Versions of this License.
+
+  The Free Software Foundation may publish revised and/or new versions of
+the GNU Affero General Public License from time to time.  Such new versions
+will be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+  Each version is given a distinguishing version number.  If the
+Program specifies that a certain numbered version of the GNU Affero General
+Public License "or any later version" applies to it, you have the
+option of following the terms and conditions either of that numbered
+version or of any later version published by the Free Software
+Foundation.  If the Program does not specify a version number of the
+GNU Affero General Public License, you may choose any version ever published
+by the Free Software Foundation.
+
+  If the Program specifies that a proxy can decide which future
+versions of the GNU Affero General Public License can be used, that proxy's
+public statement of acceptance of a version permanently authorizes you
+to choose that version for the Program.
+
+  Later license versions may give you additional or different
+permissions.  However, no additional obligations are imposed on any
+author or copyright holder as a result of your choosing to follow a
+later version.
+
+  15. Disclaimer of Warranty.
+
+  THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
+APPLICABLE LAW.  EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
+HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
+OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
+THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+PURPOSE.  THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
+IS WITH YOU.  SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
+ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
+
+  16. Limitation of Liability.
+
+  IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
+THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
+GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
+USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
+DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
+PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
+EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGES.
+
+  17. Interpretation of Sections 15 and 16.
+
+  If the disclaimer of warranty and limitation of liability provided
+above cannot be given local legal effect according to their terms,
+reviewing courts shall apply local law that most closely approximates
+an absolute waiver of all civil liability in connection with the
+Program, unless a warranty or assumption of liability accompanies a
+copy of the Program in return for a fee.
+
+                     END OF TERMS AND CONDITIONS
+
+            How to Apply These Terms to Your New Programs
+
+  If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+  To do so, attach the following notices to the program.  It is safest
+to attach them to the start of each source file to most effectively
+state the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+    <one line to give the program's name and a brief idea of what it does.>
+    Copyright (C) <year>  <name of author>
+
+    This program is free software: you can redistribute it and/or modify
+    it under the terms of the GNU Affero General Public License as published
+    by the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU Affero General Public License for more details.
+
+    You should have received a copy of the GNU Affero General Public License
+    along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+Also add information on how to contact you by electronic and paper mail.
+
+  If your software can interact with users remotely through a computer
+network, you should also make sure that it provides a way for users to
+get its source.  For example, if your program is a web application, its
+interface could display a "Source" link that leads users to an archive
+of the code.  There are many ways you could offer source, and different
+solutions will be better for different programs; see section 13 for the
+specific requirements.
+
+  You should also get your employer (if you work as a programmer) or school,
+if any, to sign a "copyright disclaimer" for the program, if necessary.
+For more information on this, and how to apply and follow the GNU AGPL, see
+<https://www.gnu.org/licenses/>.

app/Console/Commands/CheckEstimateStatus.php

@@ -1,9 +1,10 @@
 <?php
+
 namespace Crater\Console\Commands;
 
-use Illuminate\Console\Command;
 use Carbon\Carbon;
 use Crater\Models\Estimate;
+use Illuminate\Console\Command;
 
 class CheckEstimateStatus extends Command
 {
@@ -39,7 +40,7 @@ class CheckEstimateStatus extends Command
     public function handle()
     {
         $date = Carbon::now();
-        $status = array(Estimate::STATUS_ACCEPTED, Estimate::STATUS_REJECTED, Estimate::STATUS_EXPIRED);
+        $status = [Estimate::STATUS_ACCEPTED, Estimate::STATUS_REJECTED, Estimate::STATUS_EXPIRED];
         $estimates = Estimate::whereNotIn('status', $status)->whereDate('expiry_date', '<', $date)->get();
 
         foreach ($estimates as $estimate) {

app/Console/Commands/CheckInvoiceStatus.php

@@ -1,9 +1,10 @@
 <?php
+
 namespace Crater\Console\Commands;
 
-use Illuminate\Console\Command;
 use Carbon\Carbon;
 use Crater\Models\Invoice;
+use Illuminate\Console\Command;
 
 class CheckInvoiceStatus extends Command
 {
@@ -39,7 +40,7 @@ class CheckInvoiceStatus extends Command
     public function handle()
     {
         $date = Carbon::now();
-        $invoices = Invoice::where('status', '<>', Invoice::STATUS_COMPLETED)->whereDate('due_date', '<',$date)->get();
+        $invoices = Invoice::where('status', '<>', Invoice::STATUS_COMPLETED)->whereDate('due_date', '<', $date)->get();
 
         foreach ($invoices as $invoice) {
             $invoice->status = Invoice::STATUS_OVERDUE;

app/Console/Commands/CreateTemplateCommand.php

@@ -0,0 +1,64 @@
+<?php
+
+namespace Crater\Console\Commands;
+
+use Illuminate\Console\Command;
+use Illuminate\Support\Facades\Storage;
+
+class CreateTemplateCommand extends Command
+{
+    /**
+     * The name and signature of the console command.
+     *
+     * @var string
+     */
+    protected $signature = 'make:template {name} {--type=}';
+
+    /**
+     * The console command description.
+     *
+     * @var string
+     */
+    protected $description = 'Create estimate or invoice pdf template.                               ';
+
+    /**
+     * Create a new command instance.
+     *
+     * @return void
+     */
+    public function __construct()
+    {
+        parent::__construct();
+    }
+
+    /**
+     * Execute the console command.
+     *
+     * @return int
+     */
+    public function handle()
+    {
+        $templateName = $this->argument('name');
+        $type = $this->option('type');
+
+        if (! $type) {
+            $type = $this->choice('Create a template for?', ['invoice', 'estimate']);
+        }
+
+        if (Storage::disk('views')->exists("/app/pdf/{$type}/{$templateName}.blade.php")) {
+            $this->info("Template with given name already exists.");
+
+            return 0;
+        }
+
+        Storage::disk('views')->copy("/app/pdf/{$type}/{$type}1.blade.php", "/app/pdf/{$type}/{$templateName}.blade.php");
+        copy(public_path("/build/img/PDF/{$type}1.png"), public_path("/build/img/PDF/{$templateName}.png"));
+        copy(resource_path("/static/img/PDF/{$type}1.png"), resource_path("/static/img/PDF/{$templateName}.png"));
+
+        $path = resource_path("app/pdf/{$type}/{$templateName}.blade.php");
+        $type = ucfirst($type);
+        $this->info("{$type} Template created successfully at ".$path);
+
+        return 0;
+    }
+}

app/Console/Commands/ResetApp.php

@@ -5,7 +5,6 @@ namespace Crater\Console\Commands;
 use Illuminate\Console\Command;
 use Illuminate\Console\ConfirmableTrait;
 use Illuminate\Support\Facades\Artisan;
-use Illuminate\Filesystem\Filesystem;
 
 class ResetApp extends Command
 {
@@ -42,7 +41,7 @@ class ResetApp extends Command
      */
     public function handle()
     {
-        if (!$this->confirmToProceed()) {
+        if (! $this->confirmToProceed()) {
             return;
         }
 

app/Console/Commands/UpdateCommand.php

@@ -2,9 +2,9 @@
 
 namespace Crater\Console\Commands;
 
-use Illuminate\Console\Command;
-use Crater\Space\Updater;
 use Crater\Models\Setting;
+use Crater\Space\Updater;
+use Illuminate\Console\Command;
 
 // Implementation taken from Akaunting - https://github.com/akaunting/akaunting
 class UpdateCommand extends Command
@@ -57,42 +57,43 @@ class UpdateCommand extends Command
             return;
         }
 
-        if (!$this->version) {
+        if (! $this->version) {
             $this->info('No Update Available! You are already on the latest version.');
+
             return;
         }
 
-        if (!$this->confirm("Do you wish to update to {$this->version}?")) {
+        if (! $this->confirm("Do you wish to update to {$this->version}?")) {
             return;
         }
 
-        if (!$path = $this->download()) {
+        if (! $path = $this->download()) {
             return;
         }
 
-        if (!$path = $this->unzip($path)) {
+        if (! $path = $this->unzip($path)) {
             return;
         }
 
-        if (!$this->copyFiles($path)) {
+        if (! $this->copyFiles($path)) {
             return;
         }
 
-        if(isset($this->response->deleted_files) && !empty($this->response->deleted_files)) {
-            if (!$this->deleteFiles($this->response->deleted_files)) {
+        if (isset($this->response->deleted_files) && ! empty($this->response->deleted_files)) {
+            if (! $this->deleteFiles($this->response->deleted_files)) {
                 return;
             }
         }
 
-        if (!$this->migrateUpdate()) {
+        if (! $this->migrateUpdate()) {
             return;
         }
 
-        if (!$this->finish()) {
+        if (! $this->finish()) {
             return;
         }
 
-        $this->info('Successfully updated to ' . $this->version);
+        $this->info('Successfully updated to '.$this->version);
     }
 
     public function getInstalledVersion()
@@ -102,7 +103,7 @@ class UpdateCommand extends Command
 
     public function getLatestVersionResponse()
     {
-        $this->info('Your currently installed version is ' . $this->installed);
+        $this->info('Your currently installed version is '.$this->installed);
         $this->line('');
         $this->info('Checking for update...');
 
@@ -110,14 +111,12 @@ class UpdateCommand extends Command
             $response = Updater::checkForUpdate($this->installed);
 
             if ($response->success) {
-
                 $extensions = $response->version->extensions;
 
                 $is_required = false;
 
                 foreach ($extensions as $key => $extension) {
-
-                    if(!$extension) {
+                    if (! $extension) {
                         $is_required = true;
                         $this->info('❌ '.$key);
                     }
@@ -125,7 +124,7 @@ class UpdateCommand extends Command
                     $this->info('✅ '.$key);
                 }
 
-                if($is_required) {
+                if ($is_required) {
                     return 'extension_required';
                 }
 
@@ -146,8 +145,9 @@ class UpdateCommand extends Command
 
         try {
             $path = Updater::download($this->version, 1);
-            if (!is_string($path)) {
+            if (! is_string($path)) {
                 $this->error('Download exception');
+
                 return false;
             }
         } catch (\Exception $e) {
@@ -165,8 +165,9 @@ class UpdateCommand extends Command
 
         try {
             $path = Updater::unzip($path);
-            if (!is_string($path)) {
+            if (! is_string($path)) {
                 $this->error('Unzipping exception');
+
                 return false;
             }
         } catch (\Exception $e) {

app/Console/Kernel.php

@@ -1,6 +1,8 @@
 <?php
+
 namespace Crater\Console;
 
+use Crater\Models\RecurringInvoice;
 use Illuminate\Console\Scheduling\Schedule;
 use Illuminate\Foundation\Console\Kernel as ConsoleKernel;
 
@@ -13,7 +15,8 @@ class Kernel extends ConsoleKernel
      */
     protected $commands = [
         Commands\ResetApp::class,
-        Commands\UpdateCommand::class
+        Commands\UpdateCommand::class,
+        Commands\CreateTemplateCommand::class
     ];
 
     /**
@@ -24,11 +27,20 @@ class Kernel extends ConsoleKernel
      */
     protected function schedule(Schedule $schedule)
     {
-        $schedule->command('check:invoices:status')
+        if (\Storage::disk('local')->has('database_created')) {
+            $schedule->command('check:invoices:status')
             ->daily();
 
-        $schedule->command('check:estimates:status')
+            $schedule->command('check:estimates:status')
             ->daily();
+
+            $recurringInvoices = RecurringInvoice::where('status', 'ACTIVE')->get();
+            foreach ($recurringInvoices as $recurringInvoice) {
+                $schedule->call(function () use ($recurringInvoice) {
+                    $recurringInvoice->generateInvoice();
+                })->cron($recurringInvoice->frequency);
+            }
+        }
     }
 
     /**

app/Events/UpdateFinished.php

@@ -2,7 +2,7 @@
 
 namespace Crater\Events;
 
-use Illuminate\Foundation\Events\Dispatchable;  
+use Illuminate\Foundation\Events\Dispatchable;
 
 class UpdateFinished
 {

app/Exceptions/Handler.php

@@ -1,8 +1,9 @@
 <?php
+
 namespace Crater\Exceptions;
 
-use Throwable;
 use Illuminate\Foundation\Exceptions\Handler as ExceptionHandler;
+use Throwable;
 
 class Handler extends ExceptionHandler
 {

app/Generators/CustomPathGenerator.php

@@ -1,9 +1,7 @@
 <?php
 
-
 namespace Crater\Generators;
 
-
 use Crater\Models\Estimate;
 use Crater\Models\Invoice;
 use Crater\Models\Payment;
@@ -12,20 +10,19 @@ use Spatie\MediaLibrary\Support\PathGenerator\PathGenerator;
 
 class CustomPathGenerator implements PathGenerator
 {
-
     public function getPath(Media $media): string
     {
-        return $this->getBasePath($media) . '/';
+        return $this->getBasePath($media).'/';
     }
 
     public function getPathForConversions(Media $media): string
     {
-        return $this->getBasePath($media) . '/conversations/';
+        return $this->getBasePath($media).'/conversations/';
     }
 
     public function getPathForResponsiveImages(Media $media): string
     {
-        return $this->getBasePath($media) . '/responsive-images/';
+        return $this->getBasePath($media).'/responsive-images/';
     }
 
     /*

app/Http/Controllers/Controller.php

@@ -1,12 +1,15 @@
 <?php
+
 namespace Crater\Http\Controllers;
 
-use Illuminate\Foundation\Bus\DispatchesJobs;
-use Illuminate\Routing\Controller as BaseController;
-use Illuminate\Foundation\Validation\ValidatesRequests;
 use Illuminate\Foundation\Auth\Access\AuthorizesRequests;
+use Illuminate\Foundation\Bus\DispatchesJobs;
+use Illuminate\Foundation\Validation\ValidatesRequests;
+use Illuminate\Routing\Controller as BaseController;
 
 class Controller extends BaseController
 {
-    use AuthorizesRequests, DispatchesJobs, ValidatesRequests;
+    use AuthorizesRequests;
+    use DispatchesJobs;
+    use ValidatesRequests;
 }

app/Http/Controllers/V1/Admin/Auth/ConfirmPasswordController.php

@@ -1,6 +1,6 @@
 <?php
 
-namespace Crater\Http\Controllers\V1\Auth;
+namespace Crater\Http\Controllers\V1\Admin\Auth;
 
 use Crater\Http\Controllers\Controller;
 use Crater\Providers\RouteServiceProvider;

app/Http/Controllers/V1/Admin/Auth/ForgotPasswordController.php

@@ -1,6 +1,6 @@
 <?php
 
-namespace Crater\Http\Controllers\V1\Auth;
+namespace Crater\Http\Controllers\V1\Admin\Auth;
 
 use Crater\Http\Controllers\Controller;
 use Illuminate\Foundation\Auth\SendsPasswordResetEmails;
@@ -45,6 +45,8 @@ class ForgotPasswordController extends Controller
      */
     protected function sendResetLinkFailedResponse(Request $request, $response)
     {
-        return response('Email could not be sent to this email address.', 403);
+        return response()->json([
+            'error' => 'Email could not be sent to this email address.'
+        ], 403);
     }
 }

app/Http/Controllers/V1/Admin/Auth/LoginController.php

@@ -1,6 +1,6 @@
 <?php
 
-namespace Crater\Http\Controllers\V1\Auth;
+namespace Crater\Http\Controllers\V1\Admin\Auth;
 
 use Crater\Http\Controllers\Controller;
 use Crater\Providers\RouteServiceProvider;

app/Http/Controllers/V1/Admin/Auth/RegisterController.php

@@ -1,12 +1,11 @@
 <?php
 
-namespace Crater\Http\Controllers\V1\Auth;
+namespace Crater\Http\Controllers\V1\Admin\Auth;
 
 use Crater\Http\Controllers\Controller;
-use Crater\Providers\RouteServiceProvider;
 use Crater\Models\User;
+use Crater\Providers\RouteServiceProvider;
 use Illuminate\Foundation\Auth\RegistersUsers;
-use Illuminate\Support\Facades\Hash;
 use Illuminate\Support\Facades\Validator;
 
 class RegisterController extends Controller
@@ -67,7 +66,7 @@ class RegisterController extends Controller
         return User::create([
             'name' => $data['name'],
             'email' => $data['email'],
-            'password' => $data['password']
+            'password' => $data['password'],
         ]);
     }
 }

app/Http/Controllers/V1/Admin/Auth/ResetPasswordController.php

@@ -1,13 +1,13 @@
 <?php
 
-namespace Crater\Http\Controllers\V1\Auth;
+namespace Crater\Http\Controllers\V1\Admin\Auth;
 
 use Crater\Http\Controllers\Controller;
 use Crater\Providers\RouteServiceProvider;
-use Illuminate\Support\Str;
 use Illuminate\Auth\Events\PasswordReset;
-use Illuminate\Http\Request;
 use Illuminate\Foundation\Auth\ResetsPasswords;
+use Illuminate\Http\Request;
+use Illuminate\Support\Str;
 
 class ResetPasswordController extends Controller
 {
@@ -31,7 +31,6 @@ class ResetPasswordController extends Controller
      */
     protected $redirectTo = RouteServiceProvider::HOME;
 
-
     /**
      * Get the response for a successful password reset.
      *
@@ -42,7 +41,7 @@ class ResetPasswordController extends Controller
     protected function sendResetResponse(Request $request, $response)
     {
         return response()->json([
-            'message' => 'Password reset successfully.'
+            'message' => 'Password reset successfully.',
         ]);
     }
 

app/Http/Controllers/V1/Admin/Auth/VerificationController.php

@@ -1,6 +1,6 @@
 <?php
 
-namespace Crater\Http\Controllers\V1\Auth;
+namespace Crater\Http\Controllers\V1\Admin\Auth;
 
 use Crater\Http\Controllers\Controller;
 use Crater\Providers\RouteServiceProvider;

app/Http/Controllers/V1/Admin/Backup/ApiController.php

@@ -1,7 +1,8 @@
 <?php
+
 // Implementation taken from nova-backup-tool - https://github.com/spatie/nova-backup-tool/
 
-namespace Crater\Http\Controllers\V1\Backup;
+namespace Crater\Http\Controllers\V1\Admin\Backup;
 
 use Crater\Http\Controllers\Controller;
 use Illuminate\Http\JsonResponse;
@@ -12,12 +13,10 @@ class ApiController extends Controller
      *
      * @return JsonResponse
      */
-
     public function respondSuccess(): JsonResponse
     {
         return response()->json([
-            'success' => true
+            'success' => true,
         ]);
     }
-
 }

app/Http/Controllers/V1/Admin/Backup/BackupsController.php

@@ -1,17 +1,17 @@
 <?php
+
 // Implementation taken from nova-backup-tool - https://github.com/spatie/nova-backup-tool/
 
-namespace Crater\Http\Controllers\V1\Backup;
+namespace Crater\Http\Controllers\V1\Admin\Backup;
 
+use Crater\Jobs\CreateBackupJob;
+use Crater\Rules\Backup\PathToZip;
+use Illuminate\Http\JsonResponse;
 use Illuminate\Http\Request;
 use Illuminate\Support\Facades\Cache;
 use Spatie\Backup\BackupDestination\Backup;
 use Spatie\Backup\BackupDestination\BackupDestination;
 use Spatie\Backup\Helpers\Format;
-use Crater\Jobs\CreateBackupJob;
-use Crater\Rules\Backup\BackupDisk;
-use Crater\Rules\Backup\PathToZip;
-use Illuminate\Http\JsonResponse;
 
 class BackupsController extends ApiController
 {
@@ -22,6 +22,8 @@ class BackupsController extends ApiController
      */
     public function index(Request $request)
     {
+        $this->authorize('manage backups');
+
         $configuredBackupDisks = config('backup.backup.destination.disks');
 
         try {
@@ -42,14 +44,14 @@ class BackupsController extends ApiController
 
             return response()->json([
                 'backups' => $backups,
-                'disks' => $configuredBackupDisks
+                'disks' => $configuredBackupDisks,
             ]);
         } catch (\Exception $e) {
             return response()->json([
                 'backups' => [],
                 'error' => 'invalid_disk_credentials',
                 'error_message' => $e->getMessage(),
-                'disks' => $configuredBackupDisks
+                'disks' => $configuredBackupDisks,
             ]);
         }
     }
@@ -62,6 +64,8 @@ class BackupsController extends ApiController
      */
     public function store(Request $request)
     {
+        $this->authorize('manage backups');
+
         dispatch(new CreateBackupJob($request->all()))->onQueue(config('backup.queue.name'));
 
         return $this->respondSuccess();
@@ -75,6 +79,8 @@ class BackupsController extends ApiController
      */
     public function destroy($disk, Request $request)
     {
+        $this->authorize('manage backups');
+
         $validated = $request->validate([
             'path' => ['required', new PathToZip()],
         ]);

app/Http/Controllers/V1/Admin/Backup/DownloadBackupController.php

@@ -1,14 +1,13 @@
 <?php
+
 // Implementation taken from nova-backup-tool - https://github.com/spatie/nova-backup-tool/
 
-namespace Crater\Http\Controllers\V1\Backup;
+namespace Crater\Http\Controllers\V1\Admin\Backup;
 
-use Crater\Http\Controllers\Controller;
+use Crater\Rules\Backup\PathToZip;
 use Illuminate\Http\Request;
 use Spatie\Backup\BackupDestination\Backup;
 use Spatie\Backup\BackupDestination\BackupDestination;
-use Crater\Rules\Backup\BackupDisk;
-use Crater\Rules\Backup\PathToZip;
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\HttpFoundation\StreamedResponse;
 
@@ -16,6 +15,8 @@ class DownloadBackupController extends ApiController
 {
     public function __invoke(Request $request)
     {
+        $this->authorize('manage backups');
+
         $validated = $request->validate([
             'path' => ['required', new PathToZip()],
         ]);

app/Http/Controllers/V1/Admin/Company/CompaniesController.php

@@ -0,0 +1,85 @@
+<?php
+
+namespace Crater\Http\Controllers\V1\Admin\Company;
+
+use Crater\Http\Controllers\Controller;
+use Crater\Http\Requests\CompaniesRequest;
+use Crater\Http\Resources\CompanyResource;
+use Crater\Models\Company;
+use Crater\Models\User;
+use Illuminate\Http\Request;
+use Silber\Bouncer\BouncerFacade;
+use Vinkla\Hashids\Facades\Hashids;
+
+class CompaniesController extends Controller
+{
+    public function store(CompaniesRequest $request)
+    {
+        $this->authorize('create company');
+
+        $user = $request->user();
+
+        $company = Company::create($request->getCompanyPayload());
+        $company->unique_hash = Hashids::connection(Company::class)->encode($company->id);
+        $company->save();
+        $company->setupDefaultData();
+        $user->companies()->attach($company->id);
+        $user->assign('super admin');
+
+        if ($request->address) {
+            $company->address()->create($request->address);
+        }
+
+        return new CompanyResource($company);
+    }
+
+    public function destroy(Request $request)
+    {
+        $company = Company::find($request->header('company'));
+
+        $this->authorize('delete company', $company);
+
+        $user = $request->user();
+
+        if ($request->name !== $company->name) {
+            return respondJson('company_name_must_match_with_given_name', 'Company name must match with given name');
+        }
+
+        if ($user->loadCount('companies')->companies_count <= 1) {
+            return respondJson('You_cannot_delete_all_companies', 'You cannot delete all companies');
+        }
+
+        $company->deleteCompany($user);
+
+        return response()->json([
+            'success' => true
+        ]);
+    }
+
+    public function transferOwnership(Request $request, User $user)
+    {
+        $company = Company::find($request->header('company'));
+        $this->authorize('transfer company ownership', $company);
+
+        if ($user->hasCompany($company->id)) {
+            return response()->json([
+                'success' => false,
+                'message' => 'User does not belongs to this company.'
+            ]);
+        }
+
+        $company->update(['owner_id' => $user->id]);
+        BouncerFacade::sync($user)->roles(['super admin']);
+
+        return response()->json([
+            'success' => true
+        ]);
+    }
+
+    public function getUserCompanies(Request $request)
+    {
+        $companies = $request->user()->companies;
+
+        return CompanyResource::collection($companies);
+    }
+}

app/Http/Controllers/V1/Admin/Company/CompanyController.php

@@ -0,0 +1,24 @@
+<?php
+
+namespace Crater\Http\Controllers\V1\Admin\Company;
+
+use Crater\Http\Controllers\Controller;
+use Crater\Http\Resources\CompanyResource;
+use Crater\Models\Company;
+use Illuminate\Http\Request;
+
+class CompanyController extends Controller
+{
+    /**
+     * Handle the incoming request.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @return \Illuminate\Http\Response
+     */
+    public function __invoke(Request $request)
+    {
+        $company = Company::find($request->header('company'));
+
+        return new CompanyResource($company);
+    }
+}

app/Http/Controllers/V1/Admin/Config/FiscalYearsController.php

@@ -1,6 +1,6 @@
 <?php
 
-namespace Crater\Http\Controllers\V1\General;
+namespace Crater\Http\Controllers\V1\Admin\Config;
 
 use Crater\Http\Controllers\Controller;
 use Illuminate\Http\Request;
@@ -16,7 +16,7 @@ class FiscalYearsController extends Controller
     public function __invoke(Request $request)
     {
         return response()->json([
-            'fiscal_years' => config('crater.fiscal_years')
+            'fiscal_years' => config('crater.fiscal_years'),
         ]);
     }
 }

app/Http/Controllers/V1/Admin/Config/LanguagesController.php

@@ -1,6 +1,6 @@
 <?php
 
-namespace Crater\Http\Controllers\V1\General;
+namespace Crater\Http\Controllers\V1\Admin\Config;
 
 use Crater\Http\Controllers\Controller;
 use Illuminate\Http\Request;
@@ -16,7 +16,7 @@ class LanguagesController extends Controller
     public function __invoke(Request $request)
     {
         return response()->json([
-            'languages' => config('crater.languages')
+            'languages' => config('crater.languages'),
         ]);
     }
 }

app/Http/Controllers/V1/Admin/Config/RetrospectiveEditsController.php

@@ -1,12 +1,11 @@
 <?php
 
-namespace Crater\Http\Controllers\V1\Update;
+namespace Crater\Http\Controllers\V1\Admin\Config;
 
 use Crater\Http\Controllers\Controller;
-use Crater\Space\Updater;
 use Illuminate\Http\Request;
 
-class MigrateUpdateController extends Controller
+class RetrospectiveEditsController extends Controller
 {
     /**
      * Handle the incoming request.
@@ -16,10 +15,8 @@ class MigrateUpdateController extends Controller
      */
     public function __invoke(Request $request)
     {
-        Updater::migrateUpdate();
-
         return response()->json([
-            'success' => true
+            'retrospective_edits' => config('crater.retrospective_edits'),
         ]);
     }
 }

app/Http/Controllers/V1/Admin/CustomField/CustomFieldsController.php

@@ -1,10 +1,11 @@
 <?php
 
-namespace Crater\Http\Controllers\V1\CustomField;
+namespace Crater\Http\Controllers\V1\Admin\CustomField;
 
-use Crater\Models\CustomField;
 use Crater\Http\Controllers\Controller;
 use Crater\Http\Requests\CustomFieldRequest;
+use Crater\Http\Resources\CustomFieldResource;
+use Crater\Models\CustomField;
 use Illuminate\Http\Request;
 
 class CustomFieldsController extends Controller
@@ -16,20 +17,16 @@ class CustomFieldsController extends Controller
      */
     public function index(Request $request)
     {
-      $limit = $request->has('limit') ? $request->limit : 5;
+        $this->authorize('viewAny', CustomField::class);
 
-      $customFields = CustomField::whereCompany($request->header('company'))
-            ->applyFilters($request->only([
-                'type',
-                'search'
-            ]))
+        $limit = $request->has('limit') ? $request->limit : 5;
+
+        $customFields = CustomField::applyFilters($request->all())
+            ->whereCompany()
             ->latest()
             ->paginateData($limit);
 
-
-        return response()->json([
-            'customFields' => $customFields
-        ]);
+        return CustomFieldResource::collection($customFields);
     }
 
     /**
@@ -40,12 +37,11 @@ class CustomFieldsController extends Controller
      */
     public function store(CustomFieldRequest $request)
     {
+        $this->authorize('create', CustomField::class);
+
         $customField = CustomField::createCustomField($request);
 
-        return response()->json([
-            'customField' => $customField,
-            'success' => true
-        ]);
+        return new CustomFieldResource($customField);
     }
 
     /**
@@ -56,10 +52,9 @@ class CustomFieldsController extends Controller
      */
     public function show(CustomField $customField)
     {
-        return response()->json([
-            'customField' => $customField,
-            'success' => true
-        ]);
+        $this->authorize('view', $customField);
+
+        return new CustomFieldResource($customField);
     }
 
     /**
@@ -71,12 +66,11 @@ class CustomFieldsController extends Controller
      */
     public function update(CustomFieldRequest $request, CustomField $customField)
     {
+        $this->authorize('update', $customField);
+
         $customField->updateCustomField($request);
 
-        return response()->json([
-            'customField' => $customField,
-            'success' => true
-        ]);
+        return new CustomFieldResource($customField);
     }
 
     /**
@@ -87,16 +81,16 @@ class CustomFieldsController extends Controller
      */
     public function destroy(CustomField $customField)
     {
-        if ($customField->customFieldValue()->exists()) {
-            return response()->json([
-                'error' => 'values_attached'
-            ]);
+        $this->authorize('delete', $customField);
+
+        if ($customField->customFieldValues()->exists()) {
+            $customField->customFieldValues()->delete();
         }
 
-        $customField->delete();
+        $customField->forceDelete();
 
         return response()->json([
-            'success' => true
+            'success' => true,
         ]);
     }
 }

app/Http/Controllers/V1/Admin/Customer/CustomerStatsController.php

@@ -1,14 +1,15 @@
 <?php
 
-namespace Crater\Http\Controllers\V1\Customer;
+namespace Crater\Http\Controllers\V1\Admin\Customer;
 
-use Crater\Http\Controllers\Controller;
-use Crater\Models\Invoice;
-use Crater\Models\Expense;
-use Crater\Models\Payment;
-use Crater\Models\User;
-use Crater\Models\CompanySetting;
 use Carbon\Carbon;
+use Crater\Http\Controllers\Controller;
+use Crater\Http\Resources\CustomerResource;
+use Crater\Models\CompanySetting;
+use Crater\Models\Customer;
+use Crater\Models\Expense;
+use Crater\Models\Invoice;
+use Crater\Models\Payment;
 use Illuminate\Http\Request;
 
 class CustomerStatsController extends Controller
@@ -19,8 +20,10 @@ class CustomerStatsController extends Controller
      * @param  \Illuminate\Http\Request  $request
      * @return \Illuminate\Http\Response
      */
-    public function __invoke(Request $request, User $customer)
+    public function __invoke(Request $request, Customer $customer)
     {
+        $this->authorize('view', $customer);
+
         $i = 0;
         $months = [];
         $invoiceTotals = [];
@@ -56,7 +59,7 @@ class CustomerStatsController extends Controller
                     'invoice_date',
                     [$start->format('Y-m-d'), $end->format('Y-m-d')]
                 )
-                    ->whereCompany($request->header('company'))
+                    ->whereCompany()
                     ->whereCustomer($customer->id)
                     ->sum('total') ?? 0
             );
@@ -66,7 +69,7 @@ class CustomerStatsController extends Controller
                     'expense_date',
                     [$start->format('Y-m-d'), $end->format('Y-m-d')]
                 )
-                    ->whereCompany($request->header('company'))
+                    ->whereCompany()
                     ->whereUser($customer->id)
                     ->sum('amount') ?? 0
             );
@@ -76,7 +79,7 @@ class CustomerStatsController extends Controller
                     'payment_date',
                     [$start->format('Y-m-d'), $end->format('Y-m-d')]
                 )
-                    ->whereCompany($request->header('company'))
+                    ->whereCompany()
                     ->whereCustomer($customer->id)
                     ->sum('amount') ?? 0
             );
@@ -94,53 +97,46 @@ class CustomerStatsController extends Controller
 
         $start->subMonth()->endOfMonth();
 
-        $salesTotal = Invoice::whereCompany($request->header('company'))
-            ->whereBetween(
-                'invoice_date',
-                [$startDate->format('Y-m-d'), $start->format('Y-m-d')]
-            )
+        $salesTotal = Invoice::whereBetween(
+            'invoice_date',
+            [$startDate->format('Y-m-d'), $start->format('Y-m-d')]
+        )
+            ->whereCompany()
             ->whereCustomer($customer->id)
             ->sum('total');
-        $totalReceipts = Payment::whereCompany($request->header('company'))
-            ->whereBetween(
-                'payment_date',
-                [$startDate->format('Y-m-d'), $start->format('Y-m-d')]
-            )
+        $totalReceipts = Payment::whereBetween(
+            'payment_date',
+            [$startDate->format('Y-m-d'), $start->format('Y-m-d')]
+        )
+            ->whereCompany()
             ->whereCustomer($customer->id)
             ->sum('amount');
-        $totalExpenses = Expense::whereCompany($request->header('company'))
-            ->whereBetween(
-                'expense_date',
-                [$startDate->format('Y-m-d'), $start->format('Y-m-d')]
-            )
+        $totalExpenses = Expense::whereBetween(
+            'expense_date',
+            [$startDate->format('Y-m-d'), $start->format('Y-m-d')]
+        )
+            ->whereCompany()
             ->whereUser($customer->id)
             ->sum('amount');
         $netProfit = (int) $totalReceipts - (int) $totalExpenses;
 
         $chartData = [
-            'months'        => $months,
+            'months' => $months,
             'invoiceTotals' => $invoiceTotals,
             'expenseTotals' => $expenseTotals,
             'receiptTotals' => $receiptTotals,
-            'netProfit'     => $netProfit,
-            'netProfits'     => $netProfits,
-            'salesTotal'    => $salesTotal,
+            'netProfit' => $netProfit,
+            'netProfits' => $netProfits,
+            'salesTotal' => $salesTotal,
             'totalReceipts' => $totalReceipts,
-            'totalExpenses' => $totalExpenses
+            'totalExpenses' => $totalExpenses,
         ];
 
-        $customer = User::with([
-            'billingAddress',
-            'shippingAddress',
-            'billingAddress.country',
-            'shippingAddress.country',
-            'currency',
-            'fields.customField'
-        ])->find($customer->id);
+        $customer = Customer::find($customer->id);
 
-        return response()->json([
-            'customer' => $customer,
-            'chartData' => $chartData,
-        ]);
+        return (new CustomerResource($customer))
+            ->additional(['meta' => [
+                'chartData' => $chartData
+            ]]);
     }
 }

app/Http/Controllers/V1/Admin/Customer/CustomersController.php

@@ -0,0 +1,108 @@
+<?php
+
+namespace Crater\Http\Controllers\V1\Admin\Customer;
+
+use Crater\Http\Controllers\Controller;
+use Crater\Http\Requests;
+use Crater\Http\Requests\DeleteCustomersRequest;
+use Crater\Http\Resources\CustomerResource;
+use Crater\Models\Customer;
+use Illuminate\Http\Request;
+use Illuminate\Support\Facades\DB;
+
+class CustomersController extends Controller
+{
+    /**
+     * Display a listing of the resource.
+     *
+     * @return \Illuminate\Http\JsonResponse
+     */
+    public function index(Request $request)
+    {
+        $this->authorize('viewAny', Customer::class);
+
+        $limit = $request->has('limit') ? $request->limit : 10;
+
+        $customers = Customer::with('creator')
+            ->whereCompany()
+            ->applyFilters($request->all())
+            ->select(
+                'customers.*',
+                DB::raw('sum(invoices.base_due_amount) as base_due_amount'),
+                DB::raw('sum(invoices.due_amount) as due_amount'),
+            )
+            ->groupBy('customers.id')
+            ->leftJoin('invoices', 'customers.id', '=', 'invoices.customer_id')
+            ->paginateData($limit);
+
+        return (CustomerResource::collection($customers))
+            ->additional(['meta' => [
+                'customer_total_count' => Customer::whereCompany()->count(),
+            ]]);
+    }
+
+    /**
+     * Store a newly created resource in storage.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @return \Illuminate\Http\JsonResponse
+     */
+    public function store(Requests\CustomerRequest $request)
+    {
+        $this->authorize('create', Customer::class);
+
+        $customer = Customer::createCustomer($request);
+
+        return new CustomerResource($customer);
+    }
+
+    /**
+     * Display the specified resource.
+     *
+     * @param  Customer $customer
+     * @return \Illuminate\Http\JsonResponse
+     */
+    public function show(Customer $customer)
+    {
+        $this->authorize('view', $customer);
+
+        return new CustomerResource($customer);
+    }
+
+    /**
+     * Update the specified resource in storage.
+     *
+     * @param  \Illuminate\Http\Request $request
+     * @param  \Crater\Models\Customer $customer
+     * @return \Illuminate\Http\JsonResponse
+     */
+    public function update(Requests\CustomerRequest $request, Customer $customer)
+    {
+        $this->authorize('update', $customer);
+
+        $customer = Customer::updateCustomer($request, $customer);
+
+        if (is_string($customer)) {
+            return respondJson('you_cannot_edit_currency', 'Cannot change currency once transactions created');
+        }
+
+        return new CustomerResource($customer);
+    }
+
+    /**
+     * Remove a list of Customers along side all their resources (ie. Estimates, Invoices, Payments and Addresses)
+     *
+     * @param  \Illuminate\Http\Request $request
+     * @return \Illuminate\Http\JsonResponse
+     */
+    public function delete(DeleteCustomersRequest $request)
+    {
+        $this->authorize('delete multiple customers');
+
+        Customer::deleteCustomers($request->ids);
+
+        return response()->json([
+            'success' => true,
+        ]);
+    }
+}

app/Http/Controllers/V1/Admin/Dashboard/DashboardController.php

@@ -0,0 +1,165 @@
+<?php
+
+namespace Crater\Http\Controllers\V1\Admin\Dashboard;
+
+use Carbon\Carbon;
+use Crater\Http\Controllers\Controller;
+use Crater\Models\Company;
+use Crater\Models\CompanySetting;
+use Crater\Models\Customer;
+use Crater\Models\Estimate;
+use Crater\Models\Expense;
+use Crater\Models\Invoice;
+use Crater\Models\Payment;
+use Illuminate\Http\Request;
+
+class DashboardController extends Controller
+{
+    /**
+     * Handle the incoming request.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @return \Illuminate\Http\JsonResponse
+     */
+    public function __invoke(Request $request)
+    {
+        $company = Company::find($request->header('company'));
+
+        $this->authorize('view dashboard', $company);
+
+        $invoice_totals = [];
+        $expense_totals = [];
+        $receipt_totals = [];
+        $net_income_totals = [];
+
+        $i = 0;
+        $months = [];
+        $monthCounter = 0;
+        $fiscalYear = CompanySetting::getSetting('fiscal_year', $request->header('company'));
+        $startDate = Carbon::now();
+        $start = Carbon::now();
+        $end = Carbon::now();
+        $terms = explode('-', $fiscalYear);
+
+        if ($terms[0] <= $start->month) {
+            $startDate->month($terms[0])->startOfMonth();
+            $start->month($terms[0])->startOfMonth();
+            $end->month($terms[0])->endOfMonth();
+        } else {
+            $startDate->subYear()->month($terms[0])->startOfMonth();
+            $start->subYear()->month($terms[0])->startOfMonth();
+            $end->subYear()->month($terms[0])->endOfMonth();
+        }
+
+        if ($request->has('previous_year')) {
+            $startDate->subYear()->startOfMonth();
+            $start->subYear()->startOfMonth();
+            $end->subYear()->endOfMonth();
+        }
+
+        while ($monthCounter < 12) {
+            array_push(
+                $invoice_totals,
+                Invoice::whereBetween(
+                    'invoice_date',
+                    [$start->format('Y-m-d'), $end->format('Y-m-d')]
+                )
+                ->whereCompany()
+                ->sum('base_total')
+            );
+            array_push(
+                $expense_totals,
+                Expense::whereBetween(
+                    'expense_date',
+                    [$start->format('Y-m-d'), $end->format('Y-m-d')]
+                )
+                ->whereCompany()
+                ->sum('base_amount')
+            );
+            array_push(
+                $receipt_totals,
+                Payment::whereBetween(
+                    'payment_date',
+                    [$start->format('Y-m-d'), $end->format('Y-m-d')]
+                )
+                ->whereCompany()
+                ->sum('base_amount')
+            );
+            array_push(
+                $net_income_totals,
+                ($receipt_totals[$i] - $expense_totals[$i])
+            );
+            $i++;
+            array_push($months, $start->format('M'));
+            $monthCounter++;
+            $end->startOfMonth();
+            $start->addMonth()->startOfMonth();
+            $end->addMonth()->endOfMonth();
+        }
+
+        $start->subMonth()->endOfMonth();
+
+        $total_sales = Invoice::whereBetween(
+            'invoice_date',
+            [$startDate->format('Y-m-d'), $start->format('Y-m-d')]
+        )
+            ->whereCompany()
+            ->sum('base_total');
+
+        $total_receipts = Payment::whereBetween(
+            'payment_date',
+            [$startDate->format('Y-m-d'), $start->format('Y-m-d')]
+        )
+            ->whereCompany()
+            ->sum('base_amount');
+
+        $total_expenses = Expense::whereBetween(
+            'expense_date',
+            [$startDate->format('Y-m-d'), $start->format('Y-m-d')]
+        )
+            ->whereCompany()
+            ->sum('base_amount');
+
+        $total_net_income = (int)$total_receipts - (int)$total_expenses;
+
+        $chart_data = [
+            'months' => $months,
+            'invoice_totals' => $invoice_totals,
+            'expense_totals' => $expense_totals,
+            'receipt_totals' => $receipt_totals,
+            'net_income_totals' => $net_income_totals,
+        ];
+
+        $total_customer_count = Customer::whereCompany()->count();
+        $total_invoice_count = Invoice::whereCompany()
+            ->count();
+        $total_estimate_count = Estimate::whereCompany()->count();
+        $total_amount_due = Invoice::whereCompany()
+            ->sum('base_due_amount');
+
+        $recent_due_invoices = Invoice::with('customer')
+            ->whereCompany()
+            ->where('base_due_amount', '>', 0)
+            ->take(5)
+            ->latest()
+            ->get();
+        $recent_estimates = Estimate::with('customer')->whereCompany()->take(5)->latest()->get();
+
+        return response()->json([
+            'total_amount_due' => $total_amount_due,
+            'total_customer_count' => $total_customer_count,
+            'total_invoice_count' => $total_invoice_count,
+            'total_estimate_count' => $total_estimate_count,
+
+            'recent_due_invoices' => $recent_due_invoices,
+            'recent_estimates' => $recent_estimates,
+
+            'chart_data' => $chart_data,
+
+            'total_sales' => $total_sales,
+            'total_receipts' => $total_receipts,
+            'total_expenses' => $total_expenses,
+            'total_net_income' => $total_net_income,
+        ]);
+    }
+}

app/Http/Controllers/V1/Admin/Estimate/ChangeEstimateStatusController.php

@@ -1,10 +1,10 @@
 <?php
 
-namespace Crater\Http\Controllers\V1\Estimate;
+namespace Crater\Http\Controllers\V1\Admin\Estimate;
 
-use Illuminate\Http\Request;
 use Crater\Http\Controllers\Controller;
 use Crater\Models\Estimate;
+use Illuminate\Http\Request;
 
 class ChangeEstimateStatusController extends Controller
 {
@@ -15,12 +15,14 @@ class ChangeEstimateStatusController extends Controller
     * @param  Estimate $estimate
     * @return \Illuminate\Http\Response
     */
-   public function __invoke(Request $request, Estimate $estimate)
-   {
+    public function __invoke(Request $request, Estimate $estimate)
+    {
+        $this->authorize('send estimate', $estimate);
+
         $estimate->update($request->only('status'));
 
         return response()->json([
-            'success' => true
+            'success' => true,
         ]);
     }
 }

app/Http/Controllers/V1/Admin/Estimate/ConvertEstimateController.php

@@ -0,0 +1,132 @@
+<?php
+
+namespace Crater\Http\Controllers\V1\Admin\Estimate;
+
+use Carbon\Carbon;
+use Crater\Http\Controllers\Controller;
+use Crater\Http\Resources\InvoiceResource;
+use Crater\Models\CompanySetting;
+use Crater\Models\Estimate;
+use Crater\Models\Invoice;
+use Crater\Services\SerialNumberFormatter;
+use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Auth;
+use Vinkla\Hashids\Facades\Hashids;
+
+class ConvertEstimateController extends Controller
+{
+    /**
+     * Handle the incoming request.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @param  \Crater\Models\Estimate $estimate
+     * @return \Illuminate\Http\Response
+     */
+    public function __invoke(Request $request, Estimate $estimate, Invoice $invoice)
+    {
+        $this->authorize('create', Invoice::class);
+
+        $estimate->load(['items', 'items.taxes', 'customer', 'taxes']);
+
+        $invoice_date = Carbon::now();
+        $due_date = null;
+
+        $dueDateEnabled = CompanySetting::getSetting(
+            'invoice_set_due_date_automatically',
+            $request->header('company')
+        );
+
+        if ($dueDateEnabled === 'YES') {
+            $dueDateDays = CompanySetting::getSetting(
+                'invoice_due_date_days',
+                $request->header('company')
+            );
+            $due_date = Carbon::now()->addDays($dueDateDays)->format('Y-m-d');
+        }
+
+        $serial = (new SerialNumberFormatter())
+            ->setModel($invoice)
+            ->setCompany($estimate->company_id)
+            ->setCustomer($estimate->customer_id)
+            ->setNextNumbers();
+
+        $templateName = $estimate->getInvoiceTemplateName();
+
+        $exchange_rate = $estimate->exchange_rate;
+
+        $invoice = Invoice::create([
+            'creator_id' => Auth::id(),
+            'invoice_date' => $invoice_date->format('Y-m-d'),
+            'due_date' => $due_date,
+            'invoice_number' => $serial->getNextNumber(),
+            'sequence_number' => $serial->nextSequenceNumber,
+            'customer_sequence_number' => $serial->nextCustomerSequenceNumber,
+            'reference_number' => $serial->getNextNumber(),
+            'customer_id' => $estimate->customer_id,
+            'company_id' => $request->header('company'),
+            'template_name' => $templateName,
+            'status' => Invoice::STATUS_DRAFT,
+            'paid_status' => Invoice::STATUS_UNPAID,
+            'sub_total' => $estimate->sub_total,
+            'discount' => $estimate->discount,
+            'discount_type' => $estimate->discount_type,
+            'discount_val' => $estimate->discount_val,
+            'total' => $estimate->total,
+            'due_amount' => $estimate->total,
+            'tax_per_item' => $estimate->tax_per_item,
+            'discount_per_item' => $estimate->discount_per_item,
+            'tax' => $estimate->tax,
+            'notes' => $estimate->notes,
+            'exchange_rate' => $exchange_rate,
+            'base_discount_val' => $estimate->discount_val * $exchange_rate,
+            'base_sub_total' => $estimate->sub_total * $exchange_rate,
+            'base_total' => $estimate->total * $exchange_rate,
+            'base_tax' => $estimate->tax * $exchange_rate,
+            'currency_id' => $estimate->currency_id,
+        ]);
+
+        $invoice->unique_hash = Hashids::connection(Invoice::class)->encode($invoice->id);
+        $invoice->save();
+        $invoiceItems = $estimate->items->toArray();
+
+        foreach ($invoiceItems as $invoiceItem) {
+            $invoiceItem['company_id'] = $request->header('company');
+            $invoiceItem['name'] = $invoiceItem['name'];
+            $estimateItem['exchange_rate'] = $exchange_rate;
+            $estimateItem['base_price'] = $invoiceItem['price'] * $exchange_rate;
+            $estimateItem['base_discount_val'] = $invoiceItem['discount_val'] * $exchange_rate;
+            $estimateItem['base_tax'] = $invoiceItem['tax'] * $exchange_rate;
+            $estimateItem['base_total'] = $invoiceItem['total'] * $exchange_rate;
+
+            $item = $invoice->items()->create($invoiceItem);
+
+            if (array_key_exists('taxes', $invoiceItem) && $invoiceItem['taxes']) {
+                foreach ($invoiceItem['taxes'] as $tax) {
+                    $tax['company_id'] = $request->header('company');
+
+                    if ($tax['amount']) {
+                        $item->taxes()->create($tax);
+                    }
+                }
+            }
+        }
+
+        if ($estimate->taxes) {
+            foreach ($estimate->taxes->toArray() as $tax) {
+                $tax['company_id'] = $request->header('company');
+                $tax['exchange_rate'] = $exchange_rate;
+                $tax['base_amount'] = $tax['amount'] * $exchange_rate;
+                $tax['currency_id'] = $estimate->currency_id;
+                unset($tax['estimate_id']);
+
+                $invoice->taxes()->create($tax);
+            }
+        }
+
+        $estimate->checkForEstimateConvertAction();
+
+        $invoice = Invoice::find($invoice->id);
+
+        return new InvoiceResource($invoice);
+    }
+}

app/Http/Controllers/V1/Admin/Estimate/EstimateTemplatesController.php

@@ -0,0 +1,27 @@
+<?php
+
+namespace Crater\Http\Controllers\V1\Admin\Estimate;
+
+use Crater\Http\Controllers\Controller;
+use Crater\Models\Estimate;
+use Illuminate\Http\Request;
+
+class EstimateTemplatesController extends Controller
+{
+    /**
+     * Handle the incoming request.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @return \Illuminate\Http\Response
+     */
+    public function __invoke(Request $request)
+    {
+        $this->authorize('viewAny', Estimate::class);
+
+        $estimateTemplates = Estimate::estimateTemplates();
+
+        return response()->json([
+            'estimateTemplates' => $estimateTemplates
+        ]);
+    }
+}

app/Http/Controllers/V1/Admin/Estimate/EstimatesController.php

@@ -0,0 +1,77 @@
+<?php
+
+namespace Crater\Http\Controllers\V1\Admin\Estimate;
+
+use Crater\Http\Controllers\Controller;
+use Crater\Http\Requests\DeleteEstimatesRequest;
+use Crater\Http\Requests\EstimatesRequest;
+use Crater\Http\Resources\EstimateResource;
+use Crater\Jobs\GenerateEstimatePdfJob;
+use Crater\Models\Estimate;
+use Illuminate\Http\Request;
+
+class EstimatesController extends Controller
+{
+    public function index(Request $request)
+    {
+        $this->authorize('viewAny', Estimate::class);
+
+        $limit = $request->has('limit') ? $request->limit : 10;
+
+        $estimates = Estimate::whereCompany()
+            ->join('customers', 'customers.id', '=', 'estimates.customer_id')
+            ->applyFilters($request->all())
+            ->select('estimates.*', 'customers.name')
+            ->latest()
+            ->paginateData($limit);
+
+        return (EstimateResource::collection($estimates))
+            ->additional(['meta' => [
+                'estimate_total_count' => Estimate::whereCompany()->count(),
+            ]]);
+    }
+
+    public function store(EstimatesRequest $request)
+    {
+        $this->authorize('create', Estimate::class);
+
+        $estimate = Estimate::createEstimate($request);
+
+        if ($request->has('estimateSend')) {
+            $estimate->send($request->title, $request->body);
+        }
+
+        GenerateEstimatePdfJob::dispatch($estimate);
+
+        return new EstimateResource($estimate);
+    }
+
+    public function show(Request $request, Estimate $estimate)
+    {
+        $this->authorize('view', $estimate);
+
+        return new EstimateResource($estimate);
+    }
+
+    public function update(EstimatesRequest $request, Estimate $estimate)
+    {
+        $this->authorize('update', $estimate);
+
+        $estimate = $estimate->updateEstimate($request);
+
+        GenerateEstimatePdfJob::dispatch($estimate, true);
+
+        return new EstimateResource($estimate);
+    }
+
+    public function delete(DeleteEstimatesRequest $request)
+    {
+        $this->authorize('delete multiple estimates');
+
+        Estimate::destroy($request->ids);
+
+        return response()->json([
+            'success' => true,
+        ]);
+    }
+}

app/Http/Controllers/V1/Admin/Estimate/SendEstimateController.php

@@ -1,10 +1,10 @@
 <?php
 
-namespace Crater\Http\Controllers\V1\Estimate;
+namespace Crater\Http\Controllers\V1\Admin\Estimate;
 
 use Crater\Http\Controllers\Controller;
-use Crater\Models\Estimate;
 use Crater\Http\Requests\SendEstimatesRequest;
+use Crater\Models\Estimate;
 
 class SendEstimateController extends Controller
 {
@@ -16,6 +16,8 @@ class SendEstimateController extends Controller
     */
     public function __invoke(SendEstimatesRequest $request, Estimate $estimate)
     {
+        $this->authorize('send estimate', $estimate);
+
         $response = $estimate->send($request->all());
 
         return response()->json($response);

app/Http/Controllers/V1/Admin/Estimate/SendEstimatePreviewController.php

@@ -0,0 +1,26 @@
+<?php
+
+namespace Crater\Http\Controllers\V1\Admin\Estimate;
+
+use Crater\Http\Controllers\Controller;
+use Crater\Http\Requests\SendEstimatesRequest;
+use Crater\Models\Estimate;
+use Illuminate\Mail\Markdown;
+
+class SendEstimatePreviewController extends Controller
+{
+    /**
+    * Handle the incoming request.
+    *
+    * @param  \Crater\Http\Requests\SendEstimatesRequest  $request
+    * @return \Illuminate\Http\JsonResponse
+    */
+    public function __invoke(SendEstimatesRequest $request, Estimate $estimate)
+    {
+        $this->authorize('send estimate', $estimate);
+
+        $markdown = new Markdown(view(), config('mail.markdown'));
+
+        return $markdown->render('emails.send.estimate', ['data' => $estimate->sendEstimateData($request->all())]);
+    }
+}

app/Http/Controllers/V1/Admin/ExchangeRate/ExchangeRateProviderController.php

@@ -0,0 +1,117 @@
+<?php
+
+namespace Crater\Http\Controllers\V1\Admin\ExchangeRate;
+
+use Crater\Http\Controllers\Controller;
+use Crater\Http\Requests\ExchangeRateProviderRequest;
+use Crater\Http\Resources\ExchangeRateProviderResource;
+use Crater\Models\ExchangeRateProvider;
+use Illuminate\Http\Request;
+
+class ExchangeRateProviderController extends Controller
+{
+    /**
+     * Display a listing of the resource.
+     *
+     * @return \Illuminate\Http\Response
+     */
+    public function index(Request $request)
+    {
+        $this->authorize('viewAny', ExchangeRateProvider::class);
+
+        $limit = $request->has('limit') ? $request->limit : 5;
+
+        $exchangeRateProviders = ExchangeRateProvider::whereCompany()->paginate($limit);
+
+        return ExchangeRateProviderResource::collection($exchangeRateProviders);
+    }
+
+    /**
+     * Store a newly created resource in storage.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @return \Illuminate\Http\Response
+     */
+    public function store(ExchangeRateProviderRequest $request)
+    {
+        $this->authorize('create', ExchangeRateProvider::class);
+
+        $query = ExchangeRateProvider::checkActiveCurrencies($request);
+
+        if (count($query) !== 0) {
+            return respondJson('currency_used', 'Currency used.');
+        }
+
+        $checkConverterApi = ExchangeRateProvider::checkExchangeRateProviderStatus($request);
+
+        if ($checkConverterApi->status() == 200) {
+            $exchangeRateProvider = ExchangeRateProvider::createFromRequest($request);
+
+            return new ExchangeRateProviderResource($exchangeRateProvider);
+        }
+
+        return $checkConverterApi;
+    }
+
+    /**
+     * Display the specified resource.
+     *
+     * @param  \Crater\Models\ExchangeRateProvider  $exchangeRateProvider
+     * @return \Illuminate\Http\Response
+     */
+    public function show(ExchangeRateProvider $exchangeRateProvider)
+    {
+        $this->authorize('view', $exchangeRateProvider);
+
+        return new ExchangeRateProviderResource($exchangeRateProvider);
+    }
+
+    /**
+     * Update the specified resource in storage.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @param  \Crater\Models\ExchangeRateProvider  $exchangeRateProvider
+     * @return \Illuminate\Http\Response
+     */
+    public function update(ExchangeRateProviderRequest $request, ExchangeRateProvider $exchangeRateProvider)
+    {
+        $this->authorize('update', $exchangeRateProvider);
+
+        $query = $exchangeRateProvider->checkUpdateActiveCurrencies($request);
+
+        if (count($query) !== 0) {
+            return respondJson('currency_used', 'Currency used.');
+        }
+
+        $checkConverterApi = ExchangeRateProvider::checkExchangeRateProviderStatus($request);
+
+        if ($checkConverterApi->status() == 200) {
+            $exchangeRateProvider->updateFromRequest($request);
+
+            return new ExchangeRateProviderResource($exchangeRateProvider);
+        }
+
+        return $checkConverterApi;
+    }
+
+    /**
+     * Remove the specified resource from storage.
+     *
+     * @param  \Crater\Models\ExchangeRateProvider  $exchangeRateProvider
+     * @return \Illuminate\Http\Response
+     */
+    public function destroy(ExchangeRateProvider $exchangeRateProvider)
+    {
+        $this->authorize('delete', $exchangeRateProvider);
+
+        if ($exchangeRateProvider->active == true) {
+            return respondJson('provider_active', 'Provider Active.');
+        }
+
+        $exchangeRateProvider->delete();
+
+        return response()->json([
+            'success' => true,
+        ]);
+    }
+}

app/Http/Controllers/V1/Admin/ExchangeRate/GetActiveProviderController.php

@@ -0,0 +1,35 @@
+<?php
+
+namespace Crater\Http\Controllers\V1\Admin\ExchangeRate;
+
+use Crater\Http\Controllers\Controller;
+use Crater\Models\Currency;
+use Crater\Models\ExchangeRateProvider;
+use Illuminate\Http\Request;
+
+class GetActiveProviderController extends Controller
+{
+    /**
+     * Handle the incoming request.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @return \Illuminate\Http\Response
+     */
+    public function __invoke(Request $request, Currency $currency)
+    {
+        $query = ExchangeRateProvider::whereCompany()->whereJsonContains('currencies', $currency->code)
+                ->where('active', true)
+                ->get();
+
+        if (count($query) !== 0) {
+            return response()->json([
+                'success' => true,
+                'message' => 'provider_active',
+            ], 200);
+        }
+
+        return response()->json([
+            'error' => 'no_active_provider',
+        ], 200);
+    }
+}

app/Http/Controllers/V1/Admin/ExchangeRate/GetExchangeRateController.php

@@ -0,0 +1,57 @@
+<?php
+
+namespace Crater\Http\Controllers\V1\Admin\ExchangeRate;
+
+use Crater\Http\Controllers\Controller;
+use Crater\Models\CompanySetting;
+use Crater\Models\Currency;
+use Crater\Models\ExchangeRateLog;
+use Crater\Models\ExchangeRateProvider;
+use Crater\Traits\ExchangeRateProvidersTrait;
+use Illuminate\Http\Request;
+use Illuminate\Support\Arr;
+
+class GetExchangeRateController extends Controller
+{
+    use ExchangeRateProvidersTrait;
+
+    /**
+     * Handle the incoming request.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @return \Illuminate\Http\Response
+     */
+    public function __invoke(Request $request, Currency $currency)
+    {
+        $settings = CompanySetting::getSettings(['currency'], $request->header('company'));
+        $baseCurrency = Currency::findOrFail($settings['currency']);
+
+        $query = ExchangeRateProvider::whereJsonContains('currencies', $currency->code)
+                ->where('active', true)
+                ->get()
+                ->toArray();
+
+        $exchange_rate = ExchangeRateLog::where('base_currency_id', $currency->id)
+                ->where('currency_id', $baseCurrency->id)
+                ->orderBy('created_at', 'desc')
+                ->value('exchange_rate');
+
+        if ($query) {
+            $filter = Arr::only($query[0], ['key', 'driver', 'driver_config']);
+            $exchange_rate_value = $this->getExchangeRate($filter, $currency->code, $baseCurrency->code);
+
+            if ($exchange_rate_value->status() == 200) {
+                return $exchange_rate_value;
+            }
+        }
+        if ($exchange_rate) {
+            return response()->json([
+                'exchangeRate' => [$exchange_rate],
+            ], 200);
+        }
+
+        return response()->json([
+            'error' => 'no_exchange_rate_available',
+        ], 200);
+    }
+}

app/Http/Controllers/V1/Admin/ExchangeRate/GetSupportedCurrenciesController.php

@@ -0,0 +1,26 @@
+<?php
+
+namespace Crater\Http\Controllers\V1\Admin\ExchangeRate;
+
+use Crater\Http\Controllers\Controller;
+use Crater\Models\ExchangeRateProvider;
+use Crater\Traits\ExchangeRateProvidersTrait;
+use Illuminate\Http\Request;
+
+class GetSupportedCurrenciesController extends Controller
+{
+    use ExchangeRateProvidersTrait;
+
+    /**
+     * Handle the incoming request.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @return \Illuminate\Http\Response
+     */
+    public function __invoke(Request $request)
+    {
+        $this->authorize('viewAny', ExchangeRateProvider::class);
+
+        return $this->getSupportedCurrencies($request);
+    }
+}

app/Http/Controllers/V1/Admin/ExchangeRate/GetUsedCurrenciesController.php

@@ -0,0 +1,55 @@
+<?php
+
+namespace Crater\Http\Controllers\V1\Admin\ExchangeRate;
+
+use Crater\Http\Controllers\Controller;
+use Crater\Models\ExchangeRateProvider;
+use Illuminate\Http\Request;
+
+class GetUsedCurrenciesController extends Controller
+{
+    /**
+     * Handle the incoming request.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @return \Illuminate\Http\Response
+     */
+    public function __invoke(Request $request)
+    {
+        $this->authorize('viewAny', ExchangeRateProvider::class);
+
+        $providerId = $request->provider_id;
+
+        $activeExchangeRateProviders = ExchangeRateProvider::where('active', true)
+            ->whereCompany()
+            ->when($providerId, function ($query) use ($providerId) {
+                return $query->where('id', '<>', $providerId);
+            })
+            ->pluck('currencies');
+        $activeExchangeRateProvider = [];
+
+        foreach ($activeExchangeRateProviders as $data) {
+            if (is_array($data)) {
+                for ($limit = 0; $limit < count($data); $limit++) {
+                    $activeExchangeRateProvider[] = $data[$limit];
+                }
+            }
+        }
+
+        $allExchangeRateProviders = ExchangeRateProvider::whereCompany()->pluck('currencies');
+        $allExchangeRateProvider = [];
+
+        foreach ($allExchangeRateProviders as $data) {
+            if (is_array($data)) {
+                for ($limit = 0; $limit < count($data); $limit++) {
+                    $allExchangeRateProvider[] = $data[$limit];
+                }
+            }
+        }
+
+        return response()->json([
+            'allUsedCurrencies' => $allExchangeRateProvider ? $allExchangeRateProvider : [],
+            'activeUsedCurrencies' => $activeExchangeRateProvider ? $activeExchangeRateProvider : [],
+        ]);
+    }
+}

app/Http/Controllers/V1/Admin/Expense/ExpenseCategoriesController.php

@@ -1,10 +1,12 @@
 <?php
-namespace Crater\Http\Controllers\V1\Expense;
 
+namespace Crater\Http\Controllers\V1\Admin\Expense;
+
+use Crater\Http\Controllers\Controller;
+use Crater\Http\Requests\ExpenseCategoryRequest;
+use Crater\Http\Resources\ExpenseCategoryResource;
 use Crater\Models\ExpenseCategory;
 use Illuminate\Http\Request;
-use Crater\Http\Requests\ExpenseCategoryRequest;
-use Crater\Http\Controllers\Controller;
 
 class ExpenseCategoriesController extends Controller
 {
@@ -15,19 +17,16 @@ class ExpenseCategoriesController extends Controller
      */
     public function index(Request $request)
     {
+        $this->authorize('viewAny', ExpenseCategory::class);
+
         $limit = $request->has('limit') ? $request->limit : 5;
 
-        $categories = ExpenseCategory::whereCompany($request->header('company'))
-            ->applyFilters($request->only([
-                'category_id',
-                'search'
-            ]))
+        $categories = ExpenseCategory::applyFilters($request->all())
+            ->whereCompany()
             ->latest()
             ->paginateData($limit);
 
-        return response()->json([
-            'categories' => $categories
-        ]);
+        return ExpenseCategoryResource::collection($categories);
     }
 
     /**
@@ -38,14 +37,11 @@ class ExpenseCategoriesController extends Controller
      */
     public function store(ExpenseCategoryRequest $request)
     {
-        $data = $request->validated();
-        $data['company_id'] = $request->header('company');
-        $category = ExpenseCategory::create($data);
+        $this->authorize('create', ExpenseCategory::class);
 
-        return response()->json([
-            'category' => $category,
-            'success' => true
-        ]);
+        $category = ExpenseCategory::create($request->getExpenseCategoryPayload());
+
+        return new ExpenseCategoryResource($category);
     }
 
     /**
@@ -56,9 +52,9 @@ class ExpenseCategoriesController extends Controller
      */
     public function show(ExpenseCategory $category)
     {
-        return response()->json([
-            'category' => $category
-        ]);
+        $this->authorize('view', $category);
+
+        return new ExpenseCategoryResource($category);
     }
 
     /**
@@ -70,12 +66,11 @@ class ExpenseCategoriesController extends Controller
      */
     public function update(ExpenseCategoryRequest $request, ExpenseCategory $category)
     {
-        $category->update($request->validated());
+        $this->authorize('update', $category);
 
-        return response()->json([
-            'category' => $category,
-            'success' => true
-        ]);
+        $category->update($request->getExpenseCategoryPayload());
+
+        return new ExpenseCategoryResource($category);
     }
 
     /**
@@ -86,16 +81,16 @@ class ExpenseCategoriesController extends Controller
      */
     public function destroy(ExpenseCategory $category)
     {
+        $this->authorize('delete', $category);
+
         if ($category->expenses() && $category->expenses()->count() > 0) {
-            return response()->json([
-                'success' => false
-            ]);
+            return respondJson('expense_attached', 'Expense Attached');
         }
 
         $category->delete();
 
         return response()->json([
-            'success' => true
+            'success' => true,
         ]);
     }
 }

app/Http/Controllers/V1/Admin/Expense/ExpensesController.php

@@ -1,12 +1,13 @@
 <?php
 
-namespace Crater\Http\Controllers\V1\Expense;
+namespace Crater\Http\Controllers\V1\Admin\Expense;
 
-use Crater\Models\Expense;
-use Illuminate\Http\Request;
-use Crater\Http\Requests\ExpenseRequest;
 use Crater\Http\Controllers\Controller;
 use Crater\Http\Requests\DeleteExpensesRequest;
+use Crater\Http\Requests\ExpenseRequest;
+use Crater\Http\Resources\ExpenseResource;
+use Crater\Models\Expense;
+use Illuminate\Http\Request;
 
 class ExpensesController extends Controller
 {
@@ -17,29 +18,22 @@ class ExpensesController extends Controller
      */
     public function index(Request $request)
     {
+        $this->authorize('viewAny', Expense::class);
+
         $limit = $request->has('limit') ? $request->limit : 10;
 
         $expenses = Expense::with('category', 'creator', 'fields')
-            ->leftJoin('users', 'users.id', '=', 'expenses.user_id')
+            ->whereCompany()
+            ->leftJoin('customers', 'customers.id', '=', 'expenses.customer_id')
             ->join('expense_categories', 'expense_categories.id', '=', 'expenses.expense_category_id')
-            ->applyFilters($request->only([
-                'expense_category_id',
-                'user_id',
-                'expense_id',
-                'search',
-                'from_date',
-                'to_date',
-                'orderByField',
-                'orderBy'
-            ]))
-            ->whereCompany($request->header('company'))
-            ->select('expenses.*', 'expense_categories.name', 'users.name as user_name')
+            ->applyFilters($request->all())
+            ->select('expenses.*', 'expense_categories.name', 'customers.name as user_name')
             ->paginateData($limit);
 
-        return response()->json([
-            'expenses' => $expenses,
-            'expenseTotalCount' => Expense::count()
-        ]);
+        return (ExpenseResource::collection($expenses))
+            ->additional(['meta' => [
+                'expense_total_count' => Expense::whereCompany()->count(),
+            ]]);
     }
 
     /**
@@ -50,12 +44,11 @@ class ExpensesController extends Controller
      */
     public function store(ExpenseRequest $request)
     {
+        $this->authorize('create', Expense::class);
+
         $expense = Expense::createExpense($request);
 
-        return response()->json([
-            'expense' => $expense,
-            'success' => true
-        ]);
+        return new ExpenseResource($expense);
     }
 
     /**
@@ -66,11 +59,9 @@ class ExpensesController extends Controller
      */
     public function show(Expense $expense)
     {
-        $expense->load('creator', 'fields.customField');
+        $this->authorize('view', $expense);
 
-        return response()->json([
-            'expense' => $expense
-        ]);
+        return new ExpenseResource($expense);
     }
 
     /**
@@ -82,20 +73,21 @@ class ExpensesController extends Controller
      */
     public function update(ExpenseRequest $request, Expense $expense)
     {
+        $this->authorize('update', $expense);
+
         $expense->updateExpense($request);
 
-        return response()->json([
-            'expense' => $expense,
-            'success' => true
-        ]);
+        return new ExpenseResource($expense);
     }
 
     public function delete(DeleteExpensesRequest $request)
     {
+        $this->authorize('delete multiple expenses');
+
         Expense::destroy($request->ids);
 
         return response()->json([
-            'success' => true
+            'success' => true,
         ]);
     }
 }

app/Http/Controllers/V1/Admin/Expense/ShowReceiptController.php

@@ -0,0 +1,30 @@
+<?php
+
+namespace Crater\Http\Controllers\V1\Admin\Expense;
+
+use Crater\Http\Controllers\Controller;
+use Crater\Models\Expense;
+
+class ShowReceiptController extends Controller
+{
+    /**
+     * Retrieve details of an expense receipt from storage.
+     *
+     * @param   \Crater\Models\Expense $expense
+     * @return  \Illuminate\Http\JsonResponse
+     */
+    public function __invoke(Expense $expense)
+    {
+        $this->authorize('view', $expense);
+
+        if ($expense) {
+            $media = $expense->getFirstMedia('receipts');
+
+            if ($media) {
+                return response()->file($media->getPath());
+            }
+
+            return respondJson('receipt_does_not_exist', 'Receipt does not exist.');
+        }
+    }
+}

app/Http/Controllers/V1/Admin/Expense/UploadReceiptController.php

@@ -1,9 +1,9 @@
 <?php
 
-namespace Crater\Http\Controllers\V1\Expense;
+namespace Crater\Http\Controllers\V1\Admin\Expense;
 
-use Crater\Models\Expense;
 use Crater\Http\Controllers\Controller;
+use Crater\Models\Expense;
 use Illuminate\Http\Request;
 
 class UploadReceiptController extends Controller
@@ -17,6 +17,8 @@ class UploadReceiptController extends Controller
      */
     public function __invoke(Request $request, Expense $expense)
     {
+        $this->authorize('update', $expense);
+
         $data = json_decode($request->attachment_receipt);
 
         if ($data) {
@@ -26,11 +28,11 @@ class UploadReceiptController extends Controller
 
             $expense->addMediaFromBase64($data->data)
                 ->usingFileName($data->name)
-                ->toMediaCollection('receipts', 'local');
+                ->toMediaCollection('receipts');
         }
 
         return response()->json([
-            'success' => 'Expense receipts uploaded successfully'
-        ]);
+            'success' => 'Expense receipts uploaded successfully',
+        ], 200);
     }
 }

app/Http/Controllers/V1/Admin/General/BootstrapController.php

@@ -0,0 +1,63 @@
+<?php
+
+namespace Crater\Http\Controllers\V1\Admin\General;
+
+use Crater\Http\Controllers\Controller;
+use Crater\Http\Resources\CompanyResource;
+use Crater\Http\Resources\UserResource;
+use Crater\Models\Company;
+use Crater\Models\CompanySetting;
+use Crater\Models\Currency;
+use Crater\Traits\GeneratesMenuTrait;
+use Illuminate\Http\Request;
+use Silber\Bouncer\BouncerFacade;
+
+class BootstrapController extends Controller
+{
+    use GeneratesMenuTrait;
+
+    /**
+     * Handle the incoming request.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @return \Illuminate\Http\JsonResponse
+     */
+    public function __invoke(Request $request)
+    {
+        $current_user = $request->user();
+        $current_user_settings = $current_user->getAllSettings();
+
+        $main_menu = $this->generateMenu('main_menu', $current_user);
+
+        $setting_menu = $this->generateMenu('setting_menu', $current_user);
+
+        $companies = $current_user->companies;
+
+        $current_company = Company::find($request->header('company'));
+
+        if ((! $current_company) || ($current_company && ! $current_user->hasCompany($current_company->id))) {
+            $current_company = $current_user->companies()->first();
+        }
+
+        $current_company_settings = CompanySetting::getAllSettings($current_company->id);
+
+        $current_company_currency = $current_company_settings->has('currency')
+            ? Currency::find($current_company_settings->get('currency'))
+            : Currency::first();
+
+        BouncerFacade::refreshFor($current_user);
+
+        return response()->json([
+            'current_user' => new UserResource($current_user),
+            'current_user_settings' => $current_user_settings,
+            'current_user_abilities' => $current_user->getAbilities(),
+            'companies' => CompanyResource::collection($companies),
+            'current_company' => new CompanyResource($current_company),
+            'current_company_settings' => $current_company_settings,
+            'current_company_currency' => $current_company_currency,
+            'config' => config('crater'),
+            'main_menu' => $main_menu,
+            'setting_menu' => $setting_menu,
+        ]);
+    }
+}

app/Http/Controllers/V1/Admin/General/BulkExchangeRateController.php

@@ -0,0 +1,128 @@
+<?php
+
+namespace Crater\Http\Controllers\V1\Admin\General;
+
+use Crater\Http\Controllers\Controller;
+use Crater\Http\Requests\BulkExchangeRateRequest;
+use Crater\Models\CompanySetting;
+use Crater\Models\Estimate;
+use Crater\Models\Invoice;
+use Crater\Models\Payment;
+use Crater\Models\Tax;
+
+class BulkExchangeRateController extends Controller
+{
+    /**
+     * Handle the incoming request.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @return \Illuminate\Http\Response
+     */
+    public function __invoke(BulkExchangeRateRequest $request)
+    {
+        $bulkExchangeRate = CompanySetting::getSetting('bulk_exchange_rate_configured', $request->header('company'));
+
+        if ($bulkExchangeRate == 'NO') {
+            if ($request->currencies) {
+                foreach ($request->currencies as $currency) {
+                    $currency['exchange_rate'] = $currency['exchange_rate'] ?? 1;
+
+                    $invoices = Invoice::where('currency_id', $currency['id'])->get();
+
+                    if ($invoices) {
+                        foreach ($invoices as $invoice) {
+                            $invoice->update([
+                                'exchange_rate' => $currency['exchange_rate'],
+                                'base_discount_val' => $invoice->sub_total * $currency['exchange_rate'],
+                                'base_sub_total' => $invoice->sub_total * $currency['exchange_rate'],
+                                'base_total' => $invoice->total * $currency['exchange_rate'],
+                                'base_tax' => $invoice->tax * $currency['exchange_rate'],
+                                'base_due_amount' => $invoice->due_amount * $currency['exchange_rate']
+                            ]);
+
+                            $this->items($invoice);
+                        }
+                    }
+
+                    $estimates = Estimate::where('currency_id', $currency['id'])->get();
+
+                    if ($estimates) {
+                        foreach ($estimates as $estimate) {
+                            $estimate->update([
+                                'exchange_rate' => $currency['exchange_rate'],
+                                'base_discount_val' => $estimate->sub_total * $currency['exchange_rate'],
+                                'base_sub_total' => $estimate->sub_total * $currency['exchange_rate'],
+                                'base_total' => $estimate->total * $currency['exchange_rate'],
+                                'base_tax' => $estimate->tax * $currency['exchange_rate']
+                            ]);
+
+                            $this->items($estimate);
+                        }
+                    }
+
+                    $taxes = Tax::where('currency_id', $currency['id'])->get();
+
+                    if ($taxes) {
+                        foreach ($taxes as $tax) {
+                            $tax->base_amount = $tax->base_amount * $currency['exchange_rate'];
+                            $tax->save();
+                        }
+                    }
+
+                    $payments = Payment::where('currency_id', $currency['id'])->get();
+
+                    if ($payments) {
+                        foreach ($payments as $payment) {
+                            $payment->exchange_rate = $currency['exchange_rate'];
+                            $payment->base_amount = $payment->amount * $currency['exchange_rate'];
+                            $payment->save();
+                        }
+                    }
+                }
+            }
+
+            $settings = [
+                'bulk_exchange_rate_configured' => 'YES'
+            ];
+
+            CompanySetting::setSettings($settings, $request->header('company'));
+
+            return response()->json([
+                'success' => true
+            ]);
+        }
+
+        return response()->json([
+            'error' => false
+        ]);
+    }
+
+    public function items($model)
+    {
+        foreach ($model->items as $item) {
+            $item->update([
+                'exchange_rate' => $model->exchange_rate,
+                'base_discount_val' => $item->discount_val * $model->exchange_rate,
+                'base_price' => $item->price * $model->exchange_rate,
+                'base_tax' => $item->tax * $model->exchange_rate,
+                'base_total' => $item->total * $model->exchange_rate
+            ]);
+
+            $this->taxes($item);
+        }
+
+        $this->taxes($model);
+    }
+
+    public function taxes($model)
+    {
+        if ($model->taxes()->exists()) {
+            $model->taxes->map(function ($tax) use ($model) {
+                $tax->update([
+                    'exchange_rate' => $model->exchange_rate,
+                    'base_amount' => $tax->amount * $model->exchange_rate,
+                ]);
+            });
+        }
+    }
+}

app/Http/Controllers/V1/Admin/General/ConfigController.php

@@ -1,12 +1,11 @@
 <?php
 
-namespace Crater\Http\Controllers\V1\Estimate;
+namespace Crater\Http\Controllers\V1\Admin\General;
 
-use Crater\Models\EstimateTemplate;
 use Crater\Http\Controllers\Controller;
 use Illuminate\Http\Request;
 
-class EstimateTemplatesController extends Controller
+class ConfigController extends Controller
 {
     /**
      * Handle the incoming request.
@@ -17,7 +16,7 @@ class EstimateTemplatesController extends Controller
     public function __invoke(Request $request)
     {
         return response()->json([
-            'templates' => EstimateTemplate::all()
+            $request->key => config('crater.'.$request->key),
         ]);
     }
 }

app/Http/Controllers/V1/Admin/General/CountriesController.php

@@ -1,9 +1,10 @@
 <?php
 
-namespace Crater\Http\Controllers\V1\General;
+namespace Crater\Http\Controllers\V1\Admin\General;
 
-use Crater\Models\Country;
 use Crater\Http\Controllers\Controller;
+use Crater\Http\Resources\CountryResource;
+use Crater\Models\Country;
 use Illuminate\Http\Request;
 
 class CountriesController extends Controller
@@ -16,8 +17,8 @@ class CountriesController extends Controller
      */
     public function __invoke(Request $request)
     {
-        return response()->json([
-            'countries' => Country::all()
-        ]);
+        $countries = Country::all();
+
+        return CountryResource::collection($countries);
     }
 }

app/Http/Controllers/V1/Admin/General/CurrenciesController.php

@@ -1,9 +1,10 @@
 <?php
 
-namespace Crater\Http\Controllers\V1\General;
+namespace Crater\Http\Controllers\V1\Admin\General;
 
-use Crater\Models\Currency;
 use Crater\Http\Controllers\Controller;
+use Crater\Http\Resources\CurrencyResource;
+use Crater\Models\Currency;
 use Illuminate\Http\Request;
 
 class CurrenciesController extends Controller
@@ -18,8 +19,6 @@ class CurrenciesController extends Controller
     {
         $currencies = Currency::latest()->get();
 
-        return response()->json([
-            'currencies' => $currencies
-        ]);
+        return CurrencyResource::collection($currencies);
     }
 }

app/Http/Controllers/V1/Admin/General/DateFormatsController.php

@@ -1,6 +1,6 @@
 <?php
 
-namespace Crater\Http\Controllers\V1\General;
+namespace Crater\Http\Controllers\V1\Admin\General;
 
 use Crater\Http\Controllers\Controller;
 use Crater\Space\DateFormatter;
@@ -17,7 +17,7 @@ class DateFormatsController extends Controller
     public function __invoke(Request $request)
     {
         return response()->json([
-            'date_formats' => DateFormatter::get_list()
+            'date_formats' => DateFormatter::get_list(),
         ]);
     }
 }

app/Http/Controllers/V1/Admin/General/GetAllUsedCurrenciesController.php

@@ -0,0 +1,37 @@
+<?php
+
+namespace Crater\Http\Controllers\V1\Admin\General;
+
+use Crater\Http\Controllers\Controller;
+use Crater\Models\Currency;
+use Crater\Models\Estimate;
+use Crater\Models\Invoice;
+use Crater\Models\Payment;
+use Crater\Models\Tax;
+use Illuminate\Http\Request;
+
+class GetAllUsedCurrenciesController extends Controller
+{
+    /**
+     * Handle the incoming request.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @return \Illuminate\Http\Response
+     */
+    public function __invoke(Request $request)
+    {
+        $invoices = Invoice::where('exchange_rate', null)->pluck('currency_id')->toArray();
+
+        $taxes = Tax::where('exchange_rate', null)->pluck('currency_id')->toArray();
+
+        $estimates = Estimate::where('exchange_rate', null)->pluck('currency_id')->toArray();
+
+        $payments = Payment::where('exchange_rate', null)->pluck('currency_id')->toArray();
+
+        $currencies = array_merge($invoices, $taxes, $estimates, $payments);
+
+        return response()->json([
+            'currencies' => Currency::whereIn('id', $currencies)->get()
+        ]);
+    }
+}

app/Http/Controllers/V1/Admin/General/NextNumberController.php

@@ -0,0 +1,66 @@
+<?php
+
+namespace Crater\Http\Controllers\V1\Admin\General;
+
+use Crater\Http\Controllers\Controller;
+use Crater\Models\Estimate;
+use Crater\Models\Invoice;
+use Crater\Models\Payment;
+use Crater\Services\SerialNumberFormatter;
+use Illuminate\Http\Request;
+
+class NextNumberController extends Controller
+{
+    /**
+     * Handle the incoming request.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @return \Illuminate\Http\Response
+     */
+    public function __invoke(Request $request, Invoice $invoice, Estimate $estimate, Payment $payment)
+    {
+        $key = $request->key;
+        $nextNumber = null;
+        $serial = (new SerialNumberFormatter())
+            ->setCompany($request->header('company'))
+            ->setCustomer($request->userId);
+
+        try {
+            switch ($key) {
+                case 'invoice':
+                    $nextNumber = $serial->setModel($invoice)
+                        ->setModelObject($request->model_id)
+                        ->getNextNumber();
+
+                    break;
+
+                case 'estimate':
+                    $nextNumber = $serial->setModel($estimate)
+                        ->setModelObject($request->model_id)
+                        ->getNextNumber();
+
+                    break;
+
+                case 'payment':
+                    $nextNumber = $serial->setModel($payment)
+                        ->setModelObject($request->model_id)
+                        ->getNextNumber();
+
+                    break;
+
+                default:
+                    return;
+            }
+        } catch (\Exception $exception) {
+            return response()->json([
+                'success' => false,
+                'message' => $exception->getMessage()
+            ]);
+        }
+
+        return response()->json([
+            'success' => true,
+            'nextNumber' => $nextNumber,
+        ]);
+    }
+}

app/Http/Controllers/V1/Admin/General/NotesController.php

@@ -1,9 +1,10 @@
 <?php
 
-namespace Crater\Http\Controllers\V1\General;
+namespace Crater\Http\Controllers\V1\Admin\General;
 
 use Crater\Http\Controllers\Controller;
 use Crater\Http\Requests\NotesRequest;
+use Crater\Http\Resources\NoteResource;
 use Crater\Models\Note;
 use Illuminate\Http\Request;
 
@@ -16,15 +17,16 @@ class NotesController extends Controller
      */
     public function index(Request $request)
     {
+        $this->authorize('view notes');
+
         $limit = $request->limit ?? 10;
 
         $notes = Note::latest()
-            ->applyFilters($request->only(['type', 'search']))
+            ->whereCompany()
+            ->applyFilters($request->all())
             ->paginate($limit);
 
-        return response()->json([
-            'notes' => $notes
-        ]);
+        return NoteResource::collection($notes);
     }
 
     /**
@@ -35,11 +37,11 @@ class NotesController extends Controller
      */
     public function store(NotesRequest $request)
     {
-        $note = Note::create($request->validated());
+        $this->authorize('manage notes');
 
-        return response()->json([
-            'note' => $note
-        ]);
+        $note = Note::create($request->getNotesPayload());
+
+        return new NoteResource($note);
     }
 
     /**
@@ -50,9 +52,9 @@ class NotesController extends Controller
      */
     public function show(Note $note)
     {
-        return response()->json([
-            'note' => $note
-        ]);
+        $this->authorize('view notes');
+
+        return new NoteResource($note);
     }
 
     /**
@@ -64,11 +66,11 @@ class NotesController extends Controller
      */
     public function update(NotesRequest $request, Note $note)
     {
-        $note->update($request->validated());
+        $this->authorize('manage notes');
 
-        return response()->json([
-            'note' => $note
-        ]);
+        $note->update($request->getNotesPayload());
+
+        return new NoteResource($note);
     }
 
     /**
@@ -79,10 +81,12 @@ class NotesController extends Controller
      */
     public function destroy(Note $note)
     {
+        $this->authorize('manage notes');
+
         $note->delete();
 
         return response()->json([
-            'success' => true
+            'success' => true,
         ]);
     }
 }

app/Http/Controllers/V1/Admin/General/NumberPlaceholdersController.php

@@ -0,0 +1,30 @@
+<?php
+
+namespace Crater\Http\Controllers\V1\Admin\General;
+
+use Crater\Http\Controllers\Controller;
+use Crater\Services\SerialNumberFormatter;
+use Illuminate\Http\Request;
+
+class NumberPlaceholdersController extends Controller
+{
+    /**
+     * Handle the incoming request.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @return \Illuminate\Http\Response
+     */
+    public function __invoke(Request $request)
+    {
+        if ($request->format) {
+            $placeholders = SerialNumberFormatter::getPlaceholders($request->format);
+        } else {
+            $placeholders = [];
+        }
+
+        return response()->json([
+            'success' => true,
+            'placeholders' => $placeholders,
+        ]);
+    }
+}

app/Http/Controllers/V1/Admin/General/SearchController.php

@@ -1,11 +1,11 @@
 <?php
 
-namespace Crater\Http\Controllers\V1\General;
+namespace Crater\Http\Controllers\V1\Admin\General;
 
 use Crater\Http\Controllers\Controller;
+use Crater\Models\Customer;
 use Crater\Models\User;
 use Illuminate\Http\Request;
-use Illuminate\Support\Facades\Auth;
 
 class SearchController extends Controller
 {
@@ -17,21 +17,21 @@ class SearchController extends Controller
      */
     public function __invoke(Request $request)
     {
-        $customers = User::where('role', 'customer')
-            ->applyFilters($request->only(['search']))
+        $user = $request->user();
+
+        $customers = Customer::applyFilters($request->only(['search']))
             ->latest()
             ->paginate(10);
 
-        if (Auth::user()->role == 'super admin') {
-            $users = User::where('role', 'admin')
-                ->applyFilters($request->only(['search']))
+        if ($user->isOwner()) {
+            $users = User::applyFilters($request->only(['search']))
                 ->latest()
                 ->paginate(10);
         }
 
         return response()->json([
             'customers' => $customers,
-            'users' => $users ?? []
+            'users' => $users ?? [],
         ]);
     }
 }

app/Http/Controllers/V1/Admin/General/SearchUsersController.php

@@ -0,0 +1,27 @@
+<?php
+
+namespace Crater\Http\Controllers\V1\Admin\General;
+
+use Crater\Http\Controllers\Controller;
+use Crater\Models\User;
+use Illuminate\Http\Request;
+
+class SearchUsersController extends Controller
+{
+    /**
+     * Handle the incoming request.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @return \Illuminate\Http\Response
+     */
+    public function __invoke(Request $request)
+    {
+        $this->authorize('create', User::class);
+
+        $users = User::whereEmail($request->email)
+            ->latest()
+            ->paginate(10);
+
+        return response()->json(['users' => $users]);
+    }
+}

app/Http/Controllers/V1/Admin/General/TimezonesController.php

@@ -1,6 +1,6 @@
 <?php
 
-namespace Crater\Http\Controllers\V1\General;
+namespace Crater\Http\Controllers\V1\Admin\General;
 
 use Crater\Http\Controllers\Controller;
 use Crater\Space\TimeZones;
@@ -17,7 +17,7 @@ class TimezonesController extends Controller
     public function __invoke(Request $request)
     {
         return response()->json([
-            'time_zones' => TimeZones::get_list()
+            'time_zones' => TimeZones::get_list(),
         ]);
     }
 }

app/Http/Controllers/V1/Admin/Invoice/ChangeInvoiceStatusController.php

@@ -1,10 +1,10 @@
 <?php
 
-namespace Crater\Http\Controllers\V1\Invoice;
+namespace Crater\Http\Controllers\V1\Admin\Invoice;
 
-use Illuminate\Http\Request;
 use Crater\Http\Controllers\Controller;
 use Crater\Models\Invoice;
+use Illuminate\Http\Request;
 
 class ChangeInvoiceStatusController extends Controller
 {
@@ -14,8 +14,10 @@ class ChangeInvoiceStatusController extends Controller
     * @param  \Illuminate\Http\Request  $request
     * @return \Illuminate\Http\JsonResponse
     */
-   public function __invoke(Request $request, Invoice $invoice)
-   {
+    public function __invoke(Request $request, Invoice $invoice)
+    {
+        $this->authorize('send invoice', $invoice);
+
         if ($request->status == Invoice::STATUS_SENT) {
             $invoice->status = Invoice::STATUS_SENT;
             $invoice->sent = true;
@@ -28,7 +30,7 @@ class ChangeInvoiceStatusController extends Controller
         }
 
         return response()->json([
-            'success' => true
+            'success' => true,
         ]);
     }
 }

app/Http/Controllers/V1/Admin/Invoice/CloneInvoiceController.php

@@ -0,0 +1,131 @@
+<?php
+
+namespace Crater\Http\Controllers\V1\Admin\Invoice;
+
+use Carbon\Carbon;
+use Crater\Http\Controllers\Controller;
+use Crater\Http\Resources\InvoiceResource;
+use Crater\Models\CompanySetting;
+use Crater\Models\Invoice;
+use Crater\Services\SerialNumberFormatter;
+use Illuminate\Http\Request;
+use Vinkla\Hashids\Facades\Hashids;
+
+class CloneInvoiceController extends Controller
+{
+    /**
+     * Mail a specific invoice to the corresponding customer's email address.
+     *
+     * @param  \Illuminate\Http\Request $request
+     * @return \Illuminate\Http\JsonResponse
+     */
+    public function __invoke(Request $request, Invoice $invoice)
+    {
+        $this->authorize('create', Invoice::class);
+
+        $date = Carbon::now();
+
+        $serial = (new SerialNumberFormatter())
+            ->setModel($invoice)
+            ->setCompany($invoice->company_id)
+            ->setCustomer($invoice->customer_id)
+            ->setNextNumbers();
+
+        $due_date = null;
+        $dueDateEnabled = CompanySetting::getSetting(
+            'invoice_set_due_date_automatically',
+            $request->header('company')
+        );
+
+        if ($dueDateEnabled === 'YES') {
+            $dueDateDays = CompanySetting::getSetting(
+                'invoice_due_date_days',
+                $request->header('company')
+            );
+            $due_date = Carbon::now()->addDays($dueDateDays)->format('Y-m-d');
+        }
+
+        $exchange_rate = $invoice->exchange_rate;
+
+        $newInvoice = Invoice::create([
+            'invoice_date' => $date->format('Y-m-d'),
+            'due_date' => $due_date,
+            'invoice_number' => $serial->getNextNumber(),
+            'sequence_number' => $serial->nextSequenceNumber,
+            'customer_sequence_number' => $serial->nextCustomerSequenceNumber,
+            'reference_number' => $invoice->reference_number,
+            'customer_id' => $invoice->customer_id,
+            'company_id' => $request->header('company'),
+            'template_name' => $invoice->template_name,
+            'status' => Invoice::STATUS_DRAFT,
+            'paid_status' => Invoice::STATUS_UNPAID,
+            'sub_total' => $invoice->sub_total,
+            'discount' => $invoice->discount,
+            'discount_type' => $invoice->discount_type,
+            'discount_val' => $invoice->discount_val,
+            'total' => $invoice->total,
+            'due_amount' => $invoice->total,
+            'tax_per_item' => $invoice->tax_per_item,
+            'discount_per_item' => $invoice->discount_per_item,
+            'tax' => $invoice->tax,
+            'notes' => $invoice->notes,
+            'exchange_rate' => $exchange_rate,
+            'base_total' => $invoice->total * $exchange_rate,
+            'base_discount_val' => $invoice->discount_val * $exchange_rate,
+            'base_sub_total' => $invoice->sub_total * $exchange_rate,
+            'base_tax' => $invoice->tax * $exchange_rate,
+            'base_due_amount' => $invoice->total * $exchange_rate,
+            'currency_id' => $invoice->currency_id,
+        ]);
+
+        $newInvoice->unique_hash = Hashids::connection(Invoice::class)->encode($newInvoice->id);
+        $newInvoice->save();
+        $invoice->load('items.taxes');
+
+        $invoiceItems = $invoice->items->toArray();
+
+        foreach ($invoiceItems as $invoiceItem) {
+            $invoiceItem['company_id'] = $request->header('company');
+            $invoiceItem['name'] = $invoiceItem['name'];
+            $invoiceItem['exchange_rate'] = $exchange_rate;
+            $invoiceItem['base_price'] = $invoiceItem['price'] * $exchange_rate;
+            $invoiceItem['base_discount_val'] = $invoiceItem['discount_val'] * $exchange_rate;
+            $invoiceItem['base_tax'] = $invoiceItem['tax'] * $exchange_rate;
+            $invoiceItem['base_total'] = $invoiceItem['total'] * $exchange_rate;
+
+            $item = $newInvoice->items()->create($invoiceItem);
+
+            if (array_key_exists('taxes', $invoiceItem) && $invoiceItem['taxes']) {
+                foreach ($invoiceItem['taxes'] as $tax) {
+                    $tax['company_id'] = $request->header('company');
+
+                    if ($tax['amount']) {
+                        $item->taxes()->create($tax);
+                    }
+                }
+            }
+        }
+
+        if ($invoice->taxes) {
+            foreach ($invoice->taxes->toArray() as $tax) {
+                $tax['company_id'] = $request->header('company');
+                $newInvoice->taxes()->create($tax);
+            }
+        }
+
+        if ($invoice->fields()->exists()) {
+            $customFields = [];
+
+            foreach ($invoice->fields as $data) {
+                $customFields[] = [
+                    'id' => $data->custom_field_id,
+                    'value' => $data->defaultAnswer
+                ];
+            }
+
+            $newInvoice->addCustomFields($customFields);
+        }
+
+        return new InvoiceResource($newInvoice);
+    }
+}

app/Http/Controllers/V1/Admin/Invoice/InvoiceTemplatesController.php

@@ -1,9 +1,9 @@
 <?php
 
-namespace Crater\Http\Controllers\V1\Invoice;
+namespace Crater\Http\Controllers\V1\Admin\Invoice;
 
 use Crater\Http\Controllers\Controller;
-use Crater\Models\InvoiceTemplate;
+use Crater\Models\Invoice;
 use Illuminate\Http\Request;
 
 class InvoiceTemplatesController extends Controller
@@ -16,10 +16,12 @@ class InvoiceTemplatesController extends Controller
      */
     public function __invoke(Request $request)
     {
-        $invoiceTemplates = InvoiceTemplate::all();
+        $this->authorize('viewAny', Invoice::class);
+
+        $invoiceTemplates = Invoice::invoiceTemplates();
 
         return response()->json([
-            'invoiceTemplates' => $invoiceTemplates
+            'invoiceTemplates' => $invoiceTemplates,
         ]);
     }
 }

app/Http/Controllers/V1/Admin/Invoice/InvoicesController.php

@@ -1,13 +1,14 @@
 <?php
 
-namespace Crater\Http\Controllers\V1\Invoice;
+namespace Crater\Http\Controllers\V1\Admin\Invoice;
 
-use Illuminate\Http\Request;
-use Crater\Http\Requests;
-use Crater\Models\Invoice;
 use Crater\Http\Controllers\Controller;
+use Crater\Http\Requests;
 use Crater\Http\Requests\DeleteInvoiceRequest;
+use Crater\Http\Resources\InvoiceResource;
 use Crater\Jobs\GenerateInvoicePdfJob;
+use Crater\Models\Invoice;
+use Illuminate\Http\Request;
 
 class InvoicesController extends Controller
 {
@@ -18,31 +19,21 @@ class InvoicesController extends Controller
      */
     public function index(Request $request)
     {
+        $this->authorize('viewAny', Invoice::class);
+
         $limit = $request->has('limit') ? $request->limit : 10;
 
-        $invoices = Invoice::with(['items', 'user', 'creator', 'invoiceTemplate', 'taxes'])
-            ->join('users', 'users.id', '=', 'invoices.user_id')
-            ->applyFilters($request->only([
-                'status',
-                'paid_status',
-                'customer_id',
-                'invoice_id',
-                'invoice_number',
-                'from_date',
-                'to_date',
-                'orderByField',
-                'orderBy',
-                'search',
-            ]))
-            ->whereCompany($request->header('company'))
-            ->select('invoices.*', 'users.name')
+        $invoices = Invoice::whereCompany()
+            ->join('customers', 'customers.id', '=', 'invoices.customer_id')
+            ->applyFilters($request->all())
+            ->select('invoices.*', 'customers.name')
             ->latest()
             ->paginateData($limit);
 
-        return response()->json([
-            'invoices' => $invoices,
-            'invoiceTotalCount' => Invoice::count()
-        ]);
+        return (InvoiceResource::collection($invoices))
+            ->additional(['meta' => [
+                'invoice_total_count' => Invoice::whereCompany()->count(),
+            ]]);
     }
 
     /**
@@ -53,6 +44,8 @@ class InvoicesController extends Controller
      */
     public function store(Requests\InvoicesRequest $request)
     {
+        $this->authorize('create', Invoice::class);
+
         $invoice = Invoice::createInvoice($request);
 
         if ($request->has('invoiceSend')) {
@@ -61,9 +54,7 @@ class InvoicesController extends Controller
 
         GenerateInvoicePdfJob::dispatch($invoice);
 
-        return response()->json([
-            'invoice' => $invoice
-        ]);
+        return new InvoiceResource($invoice);
     }
 
     /**
@@ -72,24 +63,11 @@ class InvoicesController extends Controller
      * @param  \Crater\Models\Invoice $invoice
      * @return \Illuminate\Http\JsonResponse
      */
-    public function show(Invoice $invoice)
+    public function show(Request $request, Invoice $invoice)
     {
-        $invoice->load([
-            'items',
-            'items.taxes',
-            'user',
-            'invoiceTemplate',
-            'taxes.taxType',
-            'fields.customField'
-        ]);
+        $this->authorize('view', $invoice);
 
-        $siteData = [
-            'invoice' => $invoice,
-            'nextInvoiceNumber' => $invoice->getInvoiceNumAttribute(),
-            'invoicePrefix' => $invoice->getInvoicePrefixAttribute(),
-        ];
-
-        return response()->json($siteData);
+        return new InvoiceResource($invoice);
     }
 
     /**
@@ -101,14 +79,17 @@ class InvoicesController extends Controller
      */
     public function update(Requests\InvoicesRequest $request, Invoice $invoice)
     {
+        $this->authorize('update', $invoice);
+
         $invoice = $invoice->updateInvoice($request);
 
+        if (is_string($invoice)) {
+            return respondJson($invoice, $invoice);
+        }
+
         GenerateInvoicePdfJob::dispatch($invoice, true);
 
-        return response()->json([
-            'invoice' => $invoice,
-            'success' => true
-        ]);
+        return new InvoiceResource($invoice);
     }
 
     /**
@@ -119,10 +100,12 @@ class InvoicesController extends Controller
      */
     public function delete(DeleteInvoiceRequest $request)
     {
+        $this->authorize('delete multiple invoices');
+
         Invoice::destroy($request->ids);
 
         return response()->json([
-            'success' => true
+            'success' => true,
         ]);
     }
 }

app/Http/Controllers/V1/Admin/Invoice/SendInvoiceController.php

@@ -1,10 +1,10 @@
 <?php
 
-namespace Crater\Http\Controllers\V1\Invoice;
+namespace Crater\Http\Controllers\V1\Admin\Invoice;
 
 use Crater\Http\Controllers\Controller;
-use Crater\Models\Invoice;
 use Crater\Http\Requests\SendInvoiceRequest;
+use Crater\Models\Invoice;
 
 class SendInvoiceController extends Controller
 {
@@ -16,10 +16,12 @@ class SendInvoiceController extends Controller
      */
     public function __invoke(SendInvoiceRequest $request, Invoice $invoice)
     {
+        $this->authorize('send invoice', $invoice);
+
         $invoice->send($request->all());
 
         return response()->json([
-            'success' => true
+            'success' => true,
         ]);
     }
 }

app/Http/Controllers/V1/Admin/Invoice/SendInvoicePreviewController.php

@@ -0,0 +1,26 @@
+<?php
+
+namespace Crater\Http\Controllers\V1\Admin\Invoice;
+
+use Crater\Http\Controllers\Controller;
+use Crater\Http\Requests\SendInvoiceRequest;
+use Crater\Models\Invoice;
+use Illuminate\Mail\Markdown;
+
+class SendInvoicePreviewController extends Controller
+{
+    /**
+     * Mail a specific invoice to the corresponding customer's email address.
+     *
+     * @param  \Illuminate\Http\Request $request
+     * @return \Illuminate\Http\JsonResponse
+     */
+    public function __invoke(SendInvoiceRequest $request, Invoice $invoice)
+    {
+        $this->authorize('send invoice', $invoice);
+
+        $markdown = new Markdown(view(), config('mail.markdown'));
+
+        return $markdown->render('emails.send.invoice', ['data' => $invoice->sendInvoiceData($request->all())]);
+    }
+}

app/Http/Controllers/V1/Admin/Item/ItemsController.php

@@ -1,13 +1,14 @@
 <?php
 
-namespace Crater\Http\Controllers\V1\Item;
+namespace Crater\Http\Controllers\V1\Admin\Item;
 
 use Crater\Http\Controllers\Controller;
-use Illuminate\Http\Request;
 use Crater\Http\Requests;
 use Crater\Http\Requests\DeleteItemsRequest;
+use Crater\Http\Resources\ItemResource;
 use Crater\Models\Item;
 use Crater\Models\TaxType;
+use Illuminate\Http\Request;
 
 class ItemsController extends Controller
 {
@@ -19,28 +20,22 @@ class ItemsController extends Controller
      */
     public function index(Request $request)
     {
+        $this->authorize('viewAny', Item::class);
+
         $limit = $request->has('limit') ? $request->limit : 10;
 
-        $items = Item::with(['taxes', 'creator'])
+        $items = Item::whereCompany()
             ->leftJoin('units', 'units.id', '=', 'items.unit_id')
-            ->applyFilters($request->only([
-                'search',
-                'price',
-                'unit_id',
-                'item_id',
-                'orderByField',
-                'orderBy'
-            ]))
-            ->whereCompany($request->header('company'))
+            ->applyFilters($request->all())
             ->select('items.*', 'units.name as unit_name')
             ->latest()
             ->paginateData($limit);
 
-        return response()->json([
-            'items' => $items,
-            'taxTypes' => TaxType::latest()->get(),
-            'itemTotalCount' => Item::count()
-        ]);
+        return (ItemResource::collection($items))
+            ->additional(['meta' => [
+                'tax_types' => TaxType::whereCompany()->latest()->get(),
+                'item_total_count' => Item::whereCompany()->count(),
+            ]]);
     }
 
     /**
@@ -51,11 +46,11 @@ class ItemsController extends Controller
      */
     public function store(Requests\ItemsRequest $request)
     {
+        $this->authorize('create', Item::class);
+
         $item = Item::createItem($request);
 
-        return response()->json([
-            'item' => $item
-        ]);
+        return new ItemResource($item);
     }
 
     /**
@@ -66,11 +61,9 @@ class ItemsController extends Controller
      */
     public function show(Item $item)
     {
-        $item->load('taxes');
+        $this->authorize('view', $item);
 
-        return response()->json([
-            'item' => $item
-        ]);
+        return new ItemResource($item);
     }
 
     /**
@@ -82,11 +75,11 @@ class ItemsController extends Controller
      */
     public function update(Requests\ItemsRequest $request, Item $item)
     {
+        $this->authorize('update', $item);
+
         $item = $item->updateItem($request);
 
-        return response()->json([
-            'item' => $item
-        ]);
+        return new ItemResource($item);
     }
 
     /**
@@ -97,10 +90,12 @@ class ItemsController extends Controller
      */
     public function delete(DeleteItemsRequest $request)
     {
+        $this->authorize('delete multiple items');
+
         Item::destroy($request->ids);
 
         return response()->json([
-            'success' => true
+            'success' => true,
         ]);
     }
 }

app/Http/Controllers/V1/Admin/Item/UnitsController.php

@@ -1,11 +1,12 @@
 <?php
 
-namespace Crater\Http\Controllers\V1\Item;
+namespace Crater\Http\Controllers\V1\Admin\Item;
 
+use Crater\Http\Controllers\Controller;
+use Crater\Http\Requests\UnitRequest;
+use Crater\Http\Resources\UnitResource;
 use Crater\Models\Unit;
 use Illuminate\Http\Request;
-use Crater\Http\Requests\UnitRequest;
-use Crater\Http\Controllers\Controller;
 
 class UnitsController extends Controller
 {
@@ -16,28 +17,16 @@ class UnitsController extends Controller
      */
     public function index(Request $request)
     {
+        $this->authorize('viewAny', Unit::class);
+
         $limit = $request->has('limit') ? $request->limit : 5;
 
-        $units = Unit::whereCompany($request->header('company'))
-            ->applyFilters($request->only([
-                'unit_id'
-            ]))
+        $units = Unit::applyFilters($request->all())
+            ->whereCompany()
             ->latest()
             ->paginateData($limit);
 
-        return response()->json([
-            'units' => $units
-        ]);
-    }
-
-    /**
-     * Show the form for creating a new resource.
-     *
-     * @return \Illuminate\Http\Response
-     */
-    public function create()
-    {
-        //
+        return UnitResource::collection($units);
     }
 
     /**
@@ -48,13 +37,11 @@ class UnitsController extends Controller
      */
     public function store(UnitRequest $request)
     {
-        $data = $request->validated();
-        $data['company_id'] = $request->header('company');
-        $unit = Unit::create($data);
+        $this->authorize('create', Unit::class);
 
-        return response()->json([
-            'unit' => $unit
-        ]);
+        $unit = Unit::create($request->getUnitPayload());
+
+        return new UnitResource($unit);
     }
 
     /**
@@ -65,9 +52,9 @@ class UnitsController extends Controller
      */
     public function show(Unit $unit)
     {
-        return response()->json([
-            'unit' => $unit
-        ]);
+        $this->authorize('view', $unit);
+
+        return new UnitResource($unit);
     }
 
     /**
@@ -79,11 +66,11 @@ class UnitsController extends Controller
      */
     public function update(UnitRequest $request, Unit $unit)
     {
-        $unit->update($request->validated());
+        $this->authorize('update', $unit);
 
-        return response()->json([
-            'unit' => $unit
-        ]);
+        $unit->update($request->getUnitPayload());
+
+        return new UnitResource($unit);
     }
 
     /**
@@ -94,16 +81,16 @@ class UnitsController extends Controller
      */
     public function destroy(Unit $unit)
     {
+        $this->authorize('delete', $unit);
+
         if ($unit->items()->exists()) {
-            return response()->json([
-                'error' => 'items_attached'
-            ]);
+            return respondJson('items_attached', 'Items Attached');
         }
 
         $unit->delete();
 
         return response()->json([
-            'success' => 'Unit deleted successfully'
+            'success' => 'Unit deleted successfully',
         ]);
     }
 }

app/Http/Controllers/V1/Admin/Mobile/AuthController.php

@@ -1,23 +1,19 @@
 <?php
 
-namespace Crater\Http\Controllers\V1\Mobile;
+namespace Crater\Http\Controllers\V1\Admin\Mobile;
 
 use Crater\Http\Controllers\Controller;
+use Crater\Http\Requests\LoginRequest;
 use Crater\Models\User;
 use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Auth;
 use Illuminate\Support\Facades\Hash;
 use Illuminate\Validation\ValidationException;
 
 class AuthController extends Controller
 {
-    public function login(Request $request)
+    public function login(LoginRequest $request)
     {
-        $request->validate([
-            'username' => 'required|email',
-            'password' => 'required',
-            'device_name' => 'required',
-        ]);
-
         $user = User::where('email', $request->username)->first();
 
         if (! $user || ! Hash::check($request->password, $user->password)) {
@@ -28,7 +24,7 @@ class AuthController extends Controller
 
         return response()->json([
             'type' => 'Bearer',
-            'token' => $user->createToken($request->device_name)->plainTextToken
+            'token' => $user->createToken($request->device_name)->plainTextToken,
         ]);
     }
 
@@ -37,7 +33,12 @@ class AuthController extends Controller
         $request->user()->currentAccessToken()->delete();
 
         return response()->json([
-            'success' => true
+            'success' => true,
         ]);
     }
+
+    public function check()
+    {
+        return Auth::check();
+    }
 }

app/Http/Controllers/V1/Admin/Payment/PaymentMethodsController.php

@@ -1,11 +1,12 @@
 <?php
 
-namespace Crater\Http\Controllers\V1\Payment;
+namespace Crater\Http\Controllers\V1\Admin\Payment;
 
+use Crater\Http\Controllers\Controller;
+use Crater\Http\Requests\PaymentMethodRequest;
+use Crater\Http\Resources\PaymentMethodResource;
 use Crater\Models\PaymentMethod;
 use Illuminate\Http\Request;
-use Crater\Http\Requests\PaymentMethodRequest;
-use Crater\Http\Controllers\Controller;
 
 class PaymentMethodsController extends Controller
 {
@@ -16,19 +17,16 @@ class PaymentMethodsController extends Controller
      */
     public function index(Request $request)
     {
+        $this->authorize('viewAny', PaymentMethod::class);
+
         $limit = $request->has('limit') ? $request->limit : 5;
 
-        $paymentMethods = PaymentMethod::whereCompany($request->header('company'))
-            ->applyFilters($request->only([
-                'method_id',
-                'search'
-            ]))
+        $paymentMethods = PaymentMethod::applyFilters($request->all())
+            ->whereCompany()
             ->latest()
             ->paginateData($limit);
 
-        return response()->json([
-            'paymentMethods' => $paymentMethods
-        ]);
+        return PaymentMethodResource::collection($paymentMethods);
     }
 
     /**
@@ -39,11 +37,11 @@ class PaymentMethodsController extends Controller
      */
     public function store(PaymentMethodRequest $request)
     {
+        $this->authorize('create', PaymentMethod::class);
+
         $paymentMethod = PaymentMethod::createPaymentMethod($request);
 
-        return response()->json([
-            'paymentMethod' => $paymentMethod
-        ]);
+        return new PaymentMethodResource($paymentMethod);
     }
 
     /**
@@ -54,9 +52,9 @@ class PaymentMethodsController extends Controller
      */
     public function show(PaymentMethod $paymentMethod)
     {
-        return response()->json([
-            'paymentMethod' => $paymentMethod
-        ]);
+        $this->authorize('view', $paymentMethod);
+
+        return new PaymentMethodResource($paymentMethod);
     }
 
     /**
@@ -68,11 +66,11 @@ class PaymentMethodsController extends Controller
      */
     public function update(PaymentMethodRequest $request, PaymentMethod $paymentMethod)
     {
+        $this->authorize('update', $paymentMethod);
+
         $paymentMethod->update($request->validated());
 
-        return response()->json([
-            'paymentMethod' => $paymentMethod
-        ]);
+        return new PaymentMethodResource($paymentMethod);
     }
 
     /**
@@ -83,18 +81,18 @@ class PaymentMethodsController extends Controller
      */
     public function destroy(PaymentMethod $paymentMethod)
     {
+        $this->authorize('delete', $paymentMethod);
+
         $payments = $paymentMethod->payments;
 
         if ($payments->count() > 0) {
-            return response()->json([
-                'error' => 'payments_attached'
-            ]);
+            return respondJson('payments_attached', 'Payments Attached.');
         }
 
         $paymentMethod->delete();
 
         return response()->json([
-            'success' => 'Payment method deleted successfully'
+            'success' => 'Payment method deleted successfully',
         ]);
     }
 }

app/Http/Controllers/V1/Admin/Payment/PaymentsController.php

@@ -0,0 +1,81 @@
+<?php
+
+namespace Crater\Http\Controllers\V1\Admin\Payment;
+
+use Crater\Http\Controllers\Controller;
+use Crater\Http\Requests\DeletePaymentsRequest;
+use Crater\Http\Requests\PaymentRequest;
+use Crater\Http\Resources\PaymentResource;
+use Crater\Models\Payment;
+use Illuminate\Http\Request;
+
+class PaymentsController extends Controller
+{
+    /**
+     * Display a listing of the resource.
+     *
+     * @return \Illuminate\Http\Response
+     */
+    public function index(Request $request)
+    {
+        $this->authorize('viewAny', Payment::class);
+
+        $limit = $request->has('limit') ? $request->limit : 10;
+
+        $payments = Payment::whereCompany()
+            ->join('customers', 'customers.id', '=', 'payments.customer_id')
+            ->leftJoin('invoices', 'invoices.id', '=', 'payments.invoice_id')
+            ->leftJoin('payment_methods', 'payment_methods.id', '=', 'payments.payment_method_id')
+            ->applyFilters($request->all())
+            ->select('payments.*', 'customers.name', 'invoices.invoice_number', 'payment_methods.name as payment_mode')
+            ->latest()
+            ->paginateData($limit);
+
+        return (PaymentResource::collection($payments))
+            ->additional(['meta' => [
+                'payment_total_count' => Payment::whereCompany()->count(),
+            ]]);
+    }
+
+    /**
+     * Store a newly created resource in storage.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @return \Illuminate\Http\Response
+     */
+    public function store(PaymentRequest $request)
+    {
+        $this->authorize('create', Payment::class);
+
+        $payment = Payment::createPayment($request);
+
+        return new PaymentResource($payment);
+    }
+
+    public function show(Request $request, Payment $payment)
+    {
+        $this->authorize('view', $payment);
+
+        return new PaymentResource($payment);
+    }
+
+    public function update(PaymentRequest $request, Payment $payment)
+    {
+        $this->authorize('update', $payment);
+
+        $payment = $payment->updatePayment($request);
+
+        return new PaymentResource($payment);
+    }
+
+    public function delete(DeletePaymentsRequest $request)
+    {
+        $this->authorize('delete multiple payments');
+
+        Payment::deletePayments($request->ids);
+
+        return response()->json([
+            'success' => true,
+        ]);
+    }
+}

app/Http/Controllers/V1/Admin/Payment/SendPaymentController.php

@@ -1,10 +1,10 @@
 <?php
 
-namespace Crater\Http\Controllers\V1\Payment;
+namespace Crater\Http\Controllers\V1\Admin\Payment;
 
 use Crater\Http\Controllers\Controller;
-use Crater\Models\Payment;
 use Crater\Http\Requests\SendPaymentRequest;
+use Crater\Models\Payment;
 
 class SendPaymentController extends Controller
 {
@@ -16,6 +16,8 @@ class SendPaymentController extends Controller
      */
     public function __invoke(SendPaymentRequest $request, Payment $payment)
     {
+        $this->authorize('send payment', $payment);
+
         $response = $payment->send($request->all());
 
         return response()->json($response);

app/Http/Controllers/V1/Admin/Payment/SendPaymentPreviewController.php

@@ -0,0 +1,26 @@
+<?php
+
+namespace Crater\Http\Controllers\V1\Admin\Payment;
+
+use Crater\Http\Controllers\Controller;
+use Crater\Models\Payment;
+use Illuminate\Http\Request;
+use Illuminate\Mail\Markdown;
+
+class SendPaymentPreviewController extends Controller
+{
+    /**
+     * Handle the incoming request.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @return \Illuminate\Http\Response
+     */
+    public function __invoke(Request $request, Payment $payment)
+    {
+        $this->authorize('send payment', $payment);
+
+        $markdown = new Markdown(view(), config('mail.markdown'));
+
+        return $markdown->render('emails.send.payment', ['data' => $payment->sendPaymentData($request->all())]);
+    }
+}

app/Http/Controllers/V1/Admin/RecurringInvoice/RecurringInvoiceController.php

@@ -0,0 +1,94 @@
+<?php
+
+namespace Crater\Http\Controllers\V1\Admin\RecurringInvoice;
+
+use Crater\Http\Controllers\Controller;
+use Crater\Http\Requests\RecurringInvoiceRequest;
+use Crater\Http\Resources\RecurringInvoiceResource;
+use Crater\Models\RecurringInvoice;
+use Illuminate\Http\Request;
+
+class RecurringInvoiceController extends Controller
+{
+    /**
+     * Display a listing of the resource.
+     *
+     * @return \Illuminate\Http\Response
+     */
+    public function index(Request $request)
+    {
+        $this->authorize('viewAny', RecurringInvoice::class);
+
+        $limit = $request->has('limit') ? $request->limit : 10;
+
+        $recurringInvoices = RecurringInvoice::whereCompany()
+            ->applyFilters($request->all())
+            ->paginateData($limit);
+
+        return (RecurringInvoiceResource::collection($recurringInvoices))
+            ->additional(['meta' => [
+                'recurring_invoice_total_count' => RecurringInvoice::whereCompany()->count(),
+            ]]);
+    }
+
+    /**
+     * Store a newly created resource in storage.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @return \Illuminate\Http\Response
+     */
+    public function store(RecurringInvoiceRequest $request)
+    {
+        $this->authorize('create', RecurringInvoice::class);
+
+        $recurringInvoice = RecurringInvoice::createFromRequest($request);
+
+        return new RecurringInvoiceResource($recurringInvoice);
+    }
+
+    /**
+     * Display the specified resource.
+     *
+     * @param  \Crater\Models\RecurringInvoice  $recurringInvoice
+     * @return \Illuminate\Http\Response
+     */
+    public function show(RecurringInvoice $recurringInvoice)
+    {
+        $this->authorize('view', $recurringInvoice);
+
+        return new RecurringInvoiceResource($recurringInvoice);
+    }
+
+    /**
+     * Update the specified resource in storage.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @param  \Crater\Models\RecurringInvoice  $recurringInvoice
+     * @return \Illuminate\Http\Response
+     */
+    public function update(RecurringInvoiceRequest $request, RecurringInvoice $recurringInvoice)
+    {
+        $this->authorize('update', $recurringInvoice);
+
+        $recurringInvoice->updateFromRequest($request);
+
+        return new RecurringInvoiceResource($recurringInvoice);
+    }
+
+    /**
+     * Remove the specified resource from storage.
+     *
+     * @param  \Crater\Models\RecurringInvoice  $recurringInvoice
+     * @return \Illuminate\Http\Response
+     */
+    public function delete(Request $request)
+    {
+        $this->authorize('delete multiple recurring invoices');
+
+        RecurringInvoice::deleteRecurringInvoice($request->ids);
+
+        return response()->json([
+            'success' => true,
+        ]);
+    }
+}

app/Http/Controllers/V1/Admin/RecurringInvoice/RecurringInvoiceFrequencyController.php

@@ -0,0 +1,20 @@
+<?php
+
+namespace Crater\Http\Controllers\V1\Admin\RecurringInvoice;
+
+use Crater\Http\Controllers\Controller;
+use Crater\Models\RecurringInvoice;
+use Illuminate\Http\Request;
+
+class RecurringInvoiceFrequencyController extends Controller
+{
+    public function __invoke(Request $request)
+    {
+        $nextInvoiceAt = RecurringInvoice::getNextInvoiceDate($request->frequency, $request->starts_at);
+
+        return response()->json([
+            'success' => true,
+            'next_invoice_at' => $nextInvoiceAt,
+        ]);
+    }
+}

app/Http/Controllers/V1/Admin/Report/CustomerSalesReportController.php

@@ -1,15 +1,15 @@
 <?php
 
-namespace Crater\Http\Controllers\V1\Report;
+namespace Crater\Http\Controllers\V1\Admin\Report;
 
-use Illuminate\Support\Facades\App;
-use Illuminate\Http\Request;
-use Crater\Models\Company;
-use PDF;
 use Carbon\Carbon;
-use Crater\Models\User;
-use Crater\Models\CompanySetting;
 use Crater\Http\Controllers\Controller;
+use Crater\Models\Company;
+use Crater\Models\CompanySetting;
+use Crater\Models\Customer;
+use Illuminate\Http\Request;
+use Illuminate\Support\Facades\App;
+use PDF;
 
 class CustomerSalesReportController extends Controller
 {
@@ -24,6 +24,8 @@ class CustomerSalesReportController extends Controller
     {
         $company = Company::where('unique_hash', $hash)->first();
 
+        $this->authorize('view report', $company);
+
         $locale = CompanySetting::getSetting('language',  $company->id);
 
         App::setLocale($locale);
@@ -31,14 +33,13 @@ class CustomerSalesReportController extends Controller
         $start = Carbon::createFromFormat('Y-m-d', $request->from_date);
         $end = Carbon::createFromFormat('Y-m-d', $request->to_date);
 
-        $customers = User::with(['invoices' => function ($query) use ($start, $end) {
-                $query->whereBetween(
-                    'invoice_date',
-                    [$start->format('Y-m-d'), $end->format('Y-m-d')]
-                );
-            }])
-            ->customer()
-            ->whereCompany($company->id)
+        $customers = Customer::with(['invoices' => function ($query) use ($start, $end) {
+            $query->whereBetween(
+                'invoice_date',
+                [$start->format('Y-m-d'), $end->format('Y-m-d')]
+            );
+        }])
+            ->where('company_id', $company->id)
             ->applyInvoiceFilters($request->only(['from_date', 'to_date']))
             ->get();
 
@@ -65,7 +66,7 @@ class CustomerSalesReportController extends Controller
             'footer_text_color',
             'footer_total_color',
             'footer_bg_color',
-            'date_text_color'
+            'date_text_color',
         ];
 
         $colorSettings = CompanySetting::whereIn('option', $colors)
@@ -78,11 +79,15 @@ class CustomerSalesReportController extends Controller
             'colorSettings' => $colorSettings,
             'company' => $company,
             'from_date' => $from_date,
-            'to_date' => $to_date
+            'to_date' => $to_date,
         ]);
 
         $pdf = PDF::loadView('app.pdf.reports.sales-customers');
 
+        if ($request->has('preview')) {
+            return view('app.pdf.reports.sales-customers');
+        }
+
         if ($request->has('download')) {
             return $pdf->download();
         }

app/Http/Controllers/V1/Admin/Report/ExpensesReportController.php

@@ -1,15 +1,15 @@
 <?php
 
-namespace Crater\Http\Controllers\V1\Report;
+namespace Crater\Http\Controllers\V1\Admin\Report;
 
-use Illuminate\Http\Request;
-use Crater\Models\Company;
-use PDF;
 use Carbon\Carbon;
-use Crater\Models\Expense;
-use Crater\Models\CompanySetting;
 use Crater\Http\Controllers\Controller;
+use Crater\Models\Company;
+use Crater\Models\CompanySetting;
+use Crater\Models\Expense;
+use Illuminate\Http\Request;
 use Illuminate\Support\Facades\App;
+use PDF;
 
 class ExpensesReportController extends Controller
 {
@@ -24,16 +24,17 @@ class ExpensesReportController extends Controller
     {
         $company = Company::where('unique_hash', $hash)->first();
 
+        $this->authorize('view report', $company);
+
         $locale = CompanySetting::getSetting('language',  $company->id);
 
         App::setLocale($locale);
 
         $expenseCategories = Expense::with('category')
-        ->whereCompany($company->id)
+            ->whereCompanyId($company->id)
             ->applyFilters($request->only(['from_date', 'to_date']))
             ->expensesAttributes()
             ->get();
-
         $totalAmount = 0;
         foreach ($expenseCategories as $category) {
             $totalAmount += $category->total_amount;
@@ -52,7 +53,7 @@ class ExpensesReportController extends Controller
             'footer_text_color',
             'footer_total_color',
             'footer_bg_color',
-            'date_text_color'
+            'date_text_color',
         ];
         $colorSettings = CompanySetting::whereIn('option', $colors)
             ->whereCompany($company->id)
@@ -64,10 +65,14 @@ class ExpensesReportController extends Controller
             'totalExpense' => $totalAmount,
             'company' => $company,
             'from_date' => $from_date,
-            'to_date' => $to_date
+            'to_date' => $to_date,
         ]);
         $pdf = PDF::loadView('app.pdf.reports.expenses');
 
+        if ($request->has('preview')) {
+            return view('app.pdf.reports.expenses');
+        }
+
         if ($request->has('download')) {
             return $pdf->download();
         }

app/Http/Controllers/V1/Admin/Report/ItemSalesReportController.php

@@ -1,15 +1,15 @@
 <?php
 
-namespace Crater\Http\Controllers\V1\Report;
+namespace Crater\Http\Controllers\V1\Admin\Report;
 
-use Illuminate\Http\Request;
-use Crater\Models\Company;
-use PDF;
 use Carbon\Carbon;
-use Crater\Models\InvoiceItem;
-use Crater\Models\CompanySetting;
 use Crater\Http\Controllers\Controller;
+use Crater\Models\Company;
+use Crater\Models\CompanySetting;
+use Crater\Models\InvoiceItem;
+use Illuminate\Http\Request;
 use Illuminate\Support\Facades\App;
+use PDF;
 
 class ItemSalesReportController extends Controller
 {
@@ -24,6 +24,8 @@ class ItemSalesReportController extends Controller
     {
         $company = Company::where('unique_hash', $hash)->first();
 
+        $this->authorize('view report', $company);
+
         $locale = CompanySetting::getSetting('language',  $company->id);
 
         App::setLocale($locale);
@@ -51,7 +53,7 @@ class ItemSalesReportController extends Controller
             'footer_text_color',
             'footer_total_color',
             'footer_bg_color',
-            'date_text_color'
+            'date_text_color',
         ];
         $colorSettings = CompanySetting::whereIn('option', $colors)
             ->whereCompany($company->id)
@@ -63,10 +65,14 @@ class ItemSalesReportController extends Controller
             'totalAmount' => $totalAmount,
             'company' => $company,
             'from_date' => $from_date,
-            'to_date' => $to_date
+            'to_date' => $to_date,
         ]);
         $pdf = PDF::loadView('app.pdf.reports.sales-items');
 
+        if ($request->has('preview')) {
+            return view('app.pdf.reports.sales-items');
+        }
+
         if ($request->has('download')) {
             return $pdf->download();
         }

app/Http/Controllers/V1/Admin/Report/ProfitLossReportController.php

@@ -1,16 +1,16 @@
 <?php
 
-namespace Crater\Http\Controllers\V1\Report;
+namespace Crater\Http\Controllers\V1\Admin\Report;
 
-use Illuminate\Http\Request;
-use Crater\Models\Company;
-use PDF;
 use Carbon\Carbon;
-use Crater\Models\Invoice;
-use Crater\Models\Expense;
-use Crater\Models\CompanySetting;
 use Crater\Http\Controllers\Controller;
+use Crater\Models\Company;
+use Crater\Models\CompanySetting;
+use Crater\Models\Expense;
+use Crater\Models\Invoice;
+use Illuminate\Http\Request;
 use Illuminate\Support\Facades\App;
+use PDF;
 
 class ProfitLossReportController extends Controller
 {
@@ -25,17 +25,19 @@ class ProfitLossReportController extends Controller
     {
         $company = Company::where('unique_hash', $hash)->first();
 
+        $this->authorize('view report', $company);
+
         $locale = CompanySetting::getSetting('language',  $company->id);
 
         App::setLocale($locale);
 
-        $invoicesAmount = Invoice::whereCompany($company->id)
+        $invoicesAmount = Invoice::whereCompanyId($company->id)
             ->applyFilters($request->only(['from_date', 'to_date']))
             ->wherePaidStatus(Invoice::STATUS_PAID)
             ->sum('total');
 
         $expenseCategories = Expense::with('category')
-        ->whereCompany($company->id)
+            ->whereCompanyId($company->id)
             ->applyFilters($request->only(['from_date', 'to_date']))
             ->expensesAttributes()
             ->get();
@@ -58,7 +60,7 @@ class ProfitLossReportController extends Controller
             'footer_text_color',
             'footer_total_color',
             'footer_bg_color',
-            'date_text_color'
+            'date_text_color',
         ];
         $colorSettings = CompanySetting::whereIn('option', $colors)
             ->whereCompany($company->id)
@@ -72,10 +74,14 @@ class ProfitLossReportController extends Controller
             'colorSettings' => $colorSettings,
             'company' => $company,
             'from_date' => $from_date,
-            'to_date' => $to_date
+            'to_date' => $to_date,
         ]);
         $pdf = PDF::loadView('app.pdf.reports.profit-loss');
 
+        if ($request->has('preview')) {
+            return view('app.pdf.reports.profit-loss');
+        }
+
         if ($request->has('download')) {
             return $pdf->download();
         }

app/Http/Controllers/V1/Admin/Report/TaxSummaryReportController.php

@@ -1,15 +1,15 @@
 <?php
 
-namespace Crater\Http\Controllers\V1\Report;
+namespace Crater\Http\Controllers\V1\Admin\Report;
 
-use Illuminate\Http\Request;
-use Crater\Models\Company;
-use PDF;
 use Carbon\Carbon;
-use Crater\Models\Tax;
-use Crater\Models\CompanySetting;
 use Crater\Http\Controllers\Controller;
+use Crater\Models\Company;
+use Crater\Models\CompanySetting;
+use Crater\Models\Tax;
+use Illuminate\Http\Request;
 use Illuminate\Support\Facades\App;
+use PDF;
 
 class TaxSummaryReportController extends Controller
 {
@@ -24,12 +24,14 @@ class TaxSummaryReportController extends Controller
     {
         $company = Company::where('unique_hash', $hash)->first();
 
+        $this->authorize('view report', $company);
+
         $locale = CompanySetting::getSetting('language',  $company->id);
 
         App::setLocale($locale);
 
         $taxTypes = Tax::with('taxType', 'invoice', 'invoiceItem')
-        ->whereCompany($company->id)
+            ->whereCompany($company->id)
             ->whereInvoicesFilters($request->only(['from_date', 'to_date']))
             ->taxAttributes()
             ->get();
@@ -52,7 +54,7 @@ class TaxSummaryReportController extends Controller
             'footer_text_color',
             'footer_total_color',
             'footer_bg_color',
-            'date_text_color'
+            'date_text_color',
         ];
 
         $colorSettings = CompanySetting::whereIn('option', $colors)
@@ -65,11 +67,15 @@ class TaxSummaryReportController extends Controller
             'colorSettings' => $colorSettings,
             'company' => $company,
             'from_date' => $from_date,
-            'to_date' => $to_date
+            'to_date' => $to_date,
         ]);
 
         $pdf = PDF::loadView('app.pdf.reports.tax-summary');
 
+        if ($request->has('preview')) {
+            return view('app.pdf.reports.tax-summary');
+        }
+
         if ($request->has('download')) {
             return $pdf->download();
         }

app/Http/Controllers/V1/Admin/Role/AbilitiesController.php

@@ -0,0 +1,20 @@
+<?php
+
+namespace Crater\Http\Controllers\V1\Admin\Role;
+
+use Crater\Http\Controllers\Controller;
+use Illuminate\Http\Request;
+
+class AbilitiesController extends Controller
+{
+    /**
+     * Handle the incoming request.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @return \Illuminate\Http\Response
+     */
+    public function __invoke(Request $request)
+    {
+        return response()->json(['abilities' => config('abilities.abilities')]);
+    }
+}

app/Http/Controllers/V1/Admin/Role/RolesController.php

@@ -0,0 +1,119 @@
+<?php
+
+namespace Crater\Http\Controllers\V1\Admin\Role;
+
+use Crater\Http\Controllers\Controller;
+use Crater\Http\Requests\RoleRequest;
+use Crater\Http\Resources\RoleResource;
+use Crater\Models\User;
+use Illuminate\Http\Request;
+use Silber\Bouncer\BouncerFacade;
+use Silber\Bouncer\Database\Role;
+
+class RolesController extends Controller
+{
+    /**
+     * Display a listing of the resource.
+     *
+     * @return \Illuminate\Http\Response
+     */
+    public function index(Request $request)
+    {
+        $this->authorize('viewAny', Role::class);
+
+        $roles = Role::when($request->has('orderByField'), function ($query) use ($request) {
+            return $query->orderBy($request['orderByField'], $request['orderBy']);
+        })
+            ->when($request->company_id, function ($query) use ($request) {
+                return $query->where('scope', $request->company_id);
+            })
+            ->get();
+
+        return RoleResource::collection($roles);
+    }
+
+    /**
+     * Store a newly created resource in storage.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @return \Illuminate\Http\Response
+     */
+    public function store(RoleRequest $request)
+    {
+        $this->authorize('create', Role::class);
+
+        $role = Role::create($request->getRolePayload());
+
+        $this->syncAbilities($request, $role);
+
+        return new RoleResource($role);
+    }
+
+    /**
+     * Display the specified resource.
+     *
+     * @param  \Spatie\Permission\Models\Role $role
+     * @return \Illuminate\Http\Response
+     */
+    public function show(Role $role)
+    {
+        $this->authorize('view', $role);
+
+        return new RoleResource($role);
+    }
+
+    /**
+     * Update the specified resource in storage.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @param  \Spatie\Permission\Models\Role $role
+     * @return \Illuminate\Http\Response
+     */
+    public function update(RoleRequest $request, Role $role)
+    {
+        $this->authorize('update', $role);
+
+        $role->update($request->getRolePayload());
+
+        $this->syncAbilities($request, $role);
+
+        return new RoleResource($role);
+    }
+
+    /**
+     * Remove the specified resource from storage.
+     *
+     * @param  \Spatie\Permission\Models\Role $role
+     * @return \Illuminate\Http\Response
+     */
+    public function destroy(Role $role)
+    {
+        $this->authorize('delete', $role);
+
+        $users = User::whereIs($role->name)->get()->toArray();
+
+        if (! empty($users)) {
+            return respondJson('role_attached_to_users', 'Roles Attached to user');
+        }
+
+        $role->delete();
+
+        return response()->json([
+            'success' => true
+        ]);
+    }
+
+    private function syncAbilities(RoleRequest $request, $role)
+    {
+        foreach (config('abilities.abilities') as $ability) {
+            $check = array_search($ability['ability'], array_column($request->abilities, 'ability'));
+            if ($check !== false) {
+                BouncerFacade::allow($role)->to($ability['ability'], $ability['model']);
+            } else {
+                BouncerFacade::disallow($role)->to($ability['ability'], $ability['model']);
+            }
+        }
+
+        return true;
+    }
+}

app/Http/Controllers/V1/Admin/Settings/CompanyController.php

@@ -1,13 +1,14 @@
 <?php
 
-namespace Crater\Http\Controllers\V1\Settings;
+namespace Crater\Http\Controllers\V1\Admin\Settings;
 
-use Illuminate\Http\Request;
-use Crater\Models\Company;
-use Crater\Http\Requests\ProfileRequest;
-use Crater\Http\Requests\CompanyRequest;
 use Crater\Http\Controllers\Controller;
-use Illuminate\Support\Facades\Auth;
+use Crater\Http\Requests\CompanyRequest;
+use Crater\Http\Requests\ProfileRequest;
+use Crater\Http\Resources\CompanyResource;
+use Crater\Http\Resources\UserResource;
+use Crater\Models\Company;
+use Illuminate\Http\Request;
 
 class CompanyController extends Controller
 {
@@ -15,21 +16,9 @@ class CompanyController extends Controller
      * Retrive the Admin account.
      * @return \Illuminate\Http\JsonResponse
      */
-    public function getUser()
+    public function getUser(Request $request)
     {
-        $user = Auth::user();
-
-        $user->load([
-            'addresses',
-            'addresses.country',
-            'company',
-            'company.address',
-            'company.address.country'
-        ]);
-
-        return response()->json([
-            'user' => $user
-        ]);
+        return new UserResource($request->user());
     }
 
     /**
@@ -41,14 +30,11 @@ class CompanyController extends Controller
      */
     public function updateProfile(ProfileRequest $request)
     {
-        $user = Auth::user();
+        $user = $request->user();
 
         $user->update($request->validated());
 
-        return response()->json([
-            'user' => $user,
-            'success' => true
-        ]);
+        return new UserResource($user);
     }
 
     /**
@@ -58,16 +44,15 @@ class CompanyController extends Controller
      */
     public function updateCompany(CompanyRequest $request)
     {
-        $company = Auth::user()->company;
+        $company = Company::find($request->header('company'));
+
+        $this->authorize('manage company', $company);
 
         $company->update($request->only('name'));
 
-        $company->address()->updateOrCreate(['company_id' => $company->id], $request->except(['name']));
+        $company->address()->updateOrCreate(['company_id' => $company->id], $request->address);
 
-        return response()->json([
-            'company' => $company,
-            'success' => true
-        ]);
+        return new CompanyResource($company);
     }
 
     /**
@@ -78,6 +63,10 @@ class CompanyController extends Controller
      */
     public function uploadCompanyLogo(Request $request)
     {
+        $company = Company::find($request->header('company'));
+
+        $this->authorize('manage company', $company);
+
         $data = json_decode($request->company_logo);
 
         if ($data) {
@@ -93,7 +82,7 @@ class CompanyController extends Controller
         }
 
         return response()->json([
-            'success' => true
+            'success' => true,
         ]);
     }
 
@@ -105,23 +94,24 @@ class CompanyController extends Controller
      */
     public function uploadAvatar(Request $request)
     {
-        $data = json_decode($request->admin_avatar);
+        $user = auth()->user();
 
-        if ($data) {
-            $user = auth()->user();
+        if ($user && $request->hasFile('admin_avatar')) {
+            $user->clearMediaCollection('admin_avatar');
 
-            if ($user) {
-                $user->clearMediaCollection('admin_avatar');
-
-                $user->addMediaFromBase64($data->data)
-                    ->usingFileName($data->name)
-                    ->toMediaCollection('admin_avatar');
-            }
+            $user->addMediaFromRequest('admin_avatar')
+                ->toMediaCollection('admin_avatar');
         }
 
-        return response()->json([
-            'user' => $user,
-            'success' => true
-        ]);
+        if ($user && $request->has('avatar')) {
+            $data = json_decode($request->avatar);
+            $user->clearMediaCollection('admin_avatar');
+
+            $user->addMediaFromBase64($data->data)
+                ->usingFileName($data->name)
+                ->toMediaCollection('admin_avatar');
+        }
+
+        return new UserResource($user);
     }
 }

app/Http/Controllers/V1/Admin/Settings/DiskController.php

@@ -1,12 +1,13 @@
 <?php
 
-namespace Crater\Http\Controllers\V1\Settings;
+namespace Crater\Http\Controllers\V1\Admin\Settings;
 
 use Crater\Http\Controllers\Controller;
-use Illuminate\Http\Request;
-use Crater\Models\FileDisk;
 use Crater\Http\Requests\DiskEnvironmentRequest;
+use Crater\Http\Resources\FileDiskResource;
+use Crater\Models\FileDisk;
 use Illuminate\Http\JsonResponse;
+use Illuminate\Http\Request;
 
 class DiskController extends Controller
 {
@@ -16,14 +17,14 @@ class DiskController extends Controller
      */
     public function index(Request $request)
     {
+        $this->authorize('manage file disk');
+
         $limit = $request->has('limit') ? $request->limit : 5;
         $disks = FileDisk::applyFilters($request->all())
             ->latest()
             ->paginateData($limit);
 
-        return response()->json([
-            'disks' => $disks,
-        ]);
+        return FileDiskResource::collection($disks);
     }
 
     /**
@@ -33,19 +34,15 @@ class DiskController extends Controller
      */
     public function store(DiskEnvironmentRequest $request)
     {
-        if(!FileDisk::validateCredentials($request->credentials, $request->driver)) {
-            return response()->json([
-                'success' => false,
-                'error' => 'invalid_credentials'
-            ]);
+        $this->authorize('manage file disk');
+
+        if (! FileDisk::validateCredentials($request->credentials, $request->driver)) {
+            return respondJson('invalid_credentials', 'Invalid Credentials.');
         }
 
         $disk = FileDisk::createDisk($request);
 
-        return response()->json([
-            'success' => true,
-            'disk' => $disk
-        ]);
+        return new FileDiskResource($disk);
     }
 
     /**
@@ -56,26 +53,22 @@ class DiskController extends Controller
      */
     public function update(FileDisk $disk, Request $request)
     {
+        $this->authorize('manage file disk');
+
         $credentials = $request->credentials;
         $driver = $request->driver;
 
-        if($credentials && $driver && $disk->type !== 'SYSTEM') {
-            if(!FileDisk::validateCredentials($credentials, $driver)) {
-                return response()->json([
-                    'success' => false,
-                    'error' => 'invalid_credentials'
-                ]);
+        if ($credentials && $driver && $disk->type !== 'SYSTEM') {
+            if (! FileDisk::validateCredentials($credentials, $driver)) {
+                return respondJson('invalid_credentials', 'Invalid Credentials.');
             }
 
             $disk->updateDisk($request);
-        } else if($request->set_as_default) {
+        } elseif ($request->set_as_default) {
             $disk->setAsDefaultDisk();
         }
 
-        return response()->json([
-            'success' => true,
-            'disk' => $disk
-        ]);
+        return new FileDiskResource($disk);
     }
 
     /**
@@ -84,12 +77,15 @@ class DiskController extends Controller
      */
     public function show($disk)
     {
+        $this->authorize('manage file disk');
+
         $diskData = [];
         switch ($disk) {
             case 'local':
                 $diskData = [
                     'root' => config('filesystems.disks.local.root'),
                 ];
+
                 break;
 
 
@@ -101,6 +97,7 @@ class DiskController extends Controller
                     'bucket' => '',
                     'root' => '',
                 ];
+
                 break;
 
             case 'doSpaces':
@@ -112,6 +109,7 @@ class DiskController extends Controller
                     'endpoint' => '',
                     'root' => '',
                 ];
+
                 break;
 
             case 'dropbox':
@@ -122,6 +120,7 @@ class DiskController extends Controller
                     'app' => '',
                     'root' => '',
                 ];
+
                 break;
         }
 
@@ -138,16 +137,16 @@ class DiskController extends Controller
      */
     public function destroy(FileDisk $disk)
     {
+        $this->authorize('manage file disk');
+
         if ($disk->setAsDefault() && $disk->type === 'SYSTEM') {
-            return response()->json([
-                'success' => false
-            ]);
+            return respondJson('not_allowed', 'Not Allowed');
         }
 
         $disk->delete();
 
         return response()->json([
-            'success' => true
+            'success' => true,
         ]);
     }
 
@@ -157,22 +156,24 @@ class DiskController extends Controller
      */
     public function getDiskDrivers()
     {
+        $this->authorize('manage file disk');
+
         $drivers = [
             [
                 'name' => 'Local',
-                'value' => 'local'
+                'value' => 'local',
             ],
             [
                 'name' => 'Amazon S3',
-                'value' => 's3'
+                'value' => 's3',
             ],
             [
                 'name' => 'Digital Ocean Spaces',
-                'value' => 'doSpaces'
+                'value' => 'doSpaces',
             ],
             [
                 'name' => 'Dropbox',
-                'value' => 'dropbox'
+                'value' => 'dropbox',
             ],
         ];
 
@@ -180,7 +181,7 @@ class DiskController extends Controller
 
         return response()->json([
             'drivers' => $drivers,
-            'default' => $default
+            'default' => $default,
         ]);
     }
 }

app/Http/Controllers/V1/Admin/Settings/GetCompanyMailConfigurationController.php

@@ -0,0 +1,25 @@
+<?php
+
+namespace Crater\Http\Controllers\V1\Admin\Settings;
+
+use Crater\Http\Controllers\Controller;
+use Illuminate\Http\Request;
+
+class GetCompanyMailConfigurationController extends Controller
+{
+    /**
+     * Handle the incoming request.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @return \Illuminate\Http\Response
+     */
+    public function __invoke(Request $request)
+    {
+        $mailConfig = [
+            'from_name' => config('mail.from.name'),
+            'from_mail' => config('mail.from.address'),
+        ];
+
+        return response()->json($mailConfig);
+    }
+}

app/Http/Controllers/V1/Admin/Settings/GetCompanySettingsController.php

@@ -1,10 +1,10 @@
 <?php
 
-namespace Crater\Http\Controllers\V1\Settings;
+namespace Crater\Http\Controllers\V1\Admin\Settings;
 
-use Crater\Models\CompanySetting;
 use Crater\Http\Controllers\Controller;
 use Crater\Http\Requests\GetSettingsRequest;
+use Crater\Models\CompanySetting;
 
 class GetCompanySettingsController extends Controller
 {

app/Http/Controllers/V1/Admin/Settings/GetUserSettingsController.php

@@ -1,8 +1,7 @@
 <?php
 
-namespace Crater\Http\Controllers\V1\Settings;
+namespace Crater\Http\Controllers\V1\Admin\Settings;
 
-use Auth;
 use Crater\Http\Controllers\Controller;
 use Crater\Http\Requests\GetSettingsRequest;
 
@@ -16,7 +15,7 @@ class GetUserSettingsController extends Controller
      */
     public function __invoke(GetSettingsRequest $request)
     {
-        $user = Auth::user();
+        $user = $request->user();
 
         return response()->json($user->getSettings($request->settings));
     }

app/Http/Controllers/V1/Admin/Settings/MailConfigurationController.php

@@ -1,14 +1,14 @@
 <?php
 
-namespace Crater\Http\Controllers\V1\Settings;
+namespace Crater\Http\Controllers\V1\Admin\Settings;
 
-use Crater\Models\Setting;
-use Illuminate\Http\Request;
-use Crater\Space\EnvironmentManager;
-use Crater\Http\Requests\MailEnvironmentRequest;
-use Illuminate\Http\JsonResponse;
 use Crater\Http\Controllers\Controller;
+use Crater\Http\Requests\MailEnvironmentRequest;
 use Crater\Mail\TestMail;
+use Crater\Models\Setting;
+use Crater\Space\EnvironmentManager;
+use Illuminate\Http\JsonResponse;
+use Illuminate\Http\Request;
 use Mail;
 
 class MailConfigurationController extends Controller
@@ -33,11 +33,12 @@ class MailConfigurationController extends Controller
      */
     public function saveMailEnvironment(MailEnvironmentRequest $request)
     {
+        $this->authorize('manage email config');
+
         $setting = Setting::getSetting('profile_complete');
         $results = $this->environmentManager->saveMailVariables($request);
 
-        if ($setting !== 'COMPLETED')
-        {
+        if ($setting !== 'COMPLETED') {
             Setting::setSetting('profile_complete', 4);
         }
 
@@ -46,6 +47,8 @@ class MailConfigurationController extends Controller
 
     public function getMailEnvironment()
     {
+        $this->authorize('manage email config');
+
         $MailData = [
             'mail_driver' => config('mail.driver'),
             'mail_host' => config('mail.host'),
@@ -72,12 +75,14 @@ class MailConfigurationController extends Controller
      */
     public function getMailDrivers()
     {
+        $this->authorize('manage email config');
+
         $drivers = [
             'smtp',
             'mail',
             'sendmail',
             'mailgun',
-            'ses'
+            'ses',
         ];
 
         return response()->json($drivers);
@@ -85,16 +90,18 @@ class MailConfigurationController extends Controller
 
     public function testEmailConfig(Request $request)
     {
+        $this->authorize('manage email config');
+
         $this->validate($request, [
             'to' => 'required|email',
             'subject' => 'required',
-            'message' => 'required'
+            'message' => 'required',
         ]);
 
         Mail::to($request->to)->send(new TestMail($request->subject, $request->message));
 
         return response()->json([
-            'success' => true
+            'success' => true,
         ]);
     }
 }

app/Http/Controllers/V1/Admin/Settings/TaxTypesController.php

@@ -1,11 +1,12 @@
 <?php
 
-namespace Crater\Http\Controllers\V1\Settings;
+namespace Crater\Http\Controllers\V1\Admin\Settings;
 
-use Crater\Models\TaxType;
-use Crater\Http\Requests\TaxTypeRequest;
-use Illuminate\Http\Request;
 use Crater\Http\Controllers\Controller;
+use Crater\Http\Requests\TaxTypeRequest;
+use Crater\Http\Resources\TaxTypeResource;
+use Crater\Models\TaxType;
+use Illuminate\Http\Request;
 
 class TaxTypesController extends Controller
 {
@@ -16,21 +17,16 @@ class TaxTypesController extends Controller
      */
     public function index(Request $request)
     {
+        $this->authorize('viewAny', TaxType::class);
+
         $limit = $request->has('limit') ? $request->limit : 5;
 
-        $taxTypes = TaxType::whereCompany($request->header('company'))
-            ->applyFilters($request->only([
-                'tax_type_id',
-                'search',
-                'orderByField',
-                'orderBy'
-            ]))
+        $taxTypes = TaxType::applyFilters($request->all())
+            ->whereCompany()
             ->latest()
             ->paginateData($limit);
 
-        return response()->json([
-            'taxTypes' => $taxTypes
-        ]);
+        return TaxTypeResource::collection($taxTypes);
     }
 
     /**
@@ -41,15 +37,11 @@ class TaxTypesController extends Controller
      */
     public function store(TaxTypeRequest $request)
     {
-        $data = $request->validated();
+        $this->authorize('create', TaxType::class);
 
-        $data['company_id'] = $request->header('company');
+        $taxType = TaxType::create($request->getTaxTypePayload());
 
-        $taxType = TaxType::create($data);
-
-        return response()->json([
-            'taxType' => $taxType,
-        ]);
+        return new TaxTypeResource($taxType);
     }
 
     /**
@@ -60,9 +52,9 @@ class TaxTypesController extends Controller
      */
     public function show(TaxType $taxType)
     {
-        return response()->json([
-            'taxType' => $taxType
-        ]);
+        $this->authorize('view', $taxType);
+
+        return new TaxTypeResource($taxType);
     }
 
     /**
@@ -74,11 +66,11 @@ class TaxTypesController extends Controller
      */
     public function update(TaxTypeRequest $request, TaxType $taxType)
     {
-        $taxType->update($request->validated());
+        $this->authorize('update', $taxType);
 
-        return response()->json([
-            'taxType' => $taxType,
-        ]);
+        $taxType->update($request->getTaxTypePayload());
+
+        return new TaxTypeResource($taxType);
     }
 
     /**
@@ -89,15 +81,16 @@ class TaxTypesController extends Controller
      */
     public function destroy(TaxType $taxType)
     {
+        $this->authorize('delete', $taxType);
+
         if ($taxType->taxes() && $taxType->taxes()->count() > 0) {
-            return response()->json([
-                'success' => false
-            ]);
+            return respondJson('taxes_attached', 'Taxes Attached.');
         }
+
         $taxType->delete();
 
         return response()->json([
-            'success' => true
+            'success' => true,
         ]);
     }
 }

app/Http/Controllers/V1/Admin/Settings/UpdateCompanySettingsController.php

@@ -1,10 +1,11 @@
 <?php
 
-namespace Crater\Http\Controllers\V1\Settings;
+namespace Crater\Http\Controllers\V1\Admin\Settings;
 
-use Crater\Models\CompanySetting;
 use Crater\Http\Controllers\Controller;
 use Crater\Http\Requests\UpdateSettingsRequest;
+use Crater\Models\Company;
+use Crater\Models\CompanySetting;
 
 class UpdateCompanySettingsController extends Controller
 {
@@ -16,10 +17,12 @@ class UpdateCompanySettingsController extends Controller
      */
     public function __invoke(UpdateSettingsRequest $request)
     {
+        $this->authorize('manage company', Company::find($request->header('company')));
+
         CompanySetting::setSettings($request->settings, $request->header('company'));
 
         return response()->json([
-            'success' => true
+            'success' => true,
         ]);
     }
 }

app/Http/Controllers/V1/Admin/Settings/UpdateUserSettingsController.php

@@ -1,8 +1,7 @@
 <?php
 
-namespace Crater\Http\Controllers\V1\Settings;
+namespace Crater\Http\Controllers\V1\Admin\Settings;
 
-use Auth;
 use Crater\Http\Controllers\Controller;
 use Crater\Http\Requests\UpdateSettingsRequest;
 
@@ -16,12 +15,12 @@ class UpdateUserSettingsController extends Controller
      */
     public function __invoke(UpdateSettingsRequest $request)
     {
-        $user = Auth::user();
+        $user = $request->user();
 
         $user->setSettings($request->settings);
 
         return response()->json([
-            'success' => true
+            'success' => true,
         ]);
     }
 }

app/Http/Controllers/V1/Admin/Update/CheckVersionController.php

@@ -1,6 +1,6 @@
 <?php
 
-namespace Crater\Http\Controllers\V1\Update;
+namespace Crater\Http\Controllers\V1\Admin\Update;
 
 use Crater\Http\Controllers\Controller;
 use Crater\Models\Setting;
@@ -17,6 +17,13 @@ class CheckVersionController extends Controller
      */
     public function __invoke(Request $request)
     {
+        if ((! $request->user()) || (! $request->user()->isOwner())) {
+            return response()->json([
+                'success' => false,
+                'message' => 'You are not allowed to update this app.'
+            ], 401);
+        }
+
         set_time_limit(600); // 10 minutes
 
         $json = Updater::checkForUpdate(Setting::getSetting('version'));

app/Http/Controllers/V1/Admin/Update/CopyFilesController.php

@@ -1,6 +1,6 @@
 <?php
 
-namespace Crater\Http\Controllers\V1\Update;
+namespace Crater\Http\Controllers\V1\Admin\Update;
 
 use Crater\Http\Controllers\Controller;
 use Crater\Space\Updater;
@@ -16,6 +16,13 @@ class CopyFilesController extends Controller
      */
     public function __invoke(Request $request)
     {
+        if ((! $request->user()) || (! $request->user()->isOwner())) {
+            return response()->json([
+                'success' => false,
+                'message' => 'You are not allowed to update this app.'
+            ], 401);
+        }
+
         $request->validate([
             'path' => 'required',
         ]);
@@ -24,7 +31,7 @@ class CopyFilesController extends Controller
 
         return response()->json([
             'success' => true,
-            'path' => $path
+            'path' => $path,
         ]);
     }
 }

app/Http/Controllers/V1/Admin/Update/DeleteFilesController.php

@@ -1,10 +1,10 @@
 <?php
 
-namespace Crater\Http\Controllers\V1\Update;
+namespace Crater\Http\Controllers\V1\Admin\Update;
 
 use Crater\Http\Controllers\Controller;
-use Illuminate\Http\Request;
 use Crater\Space\Updater;
+use Illuminate\Http\Request;
 
 class DeleteFilesController extends Controller
 {
@@ -16,8 +16,14 @@ class DeleteFilesController extends Controller
      */
     public function __invoke(Request $request)
     {
+        if ((! $request->user()) || (! $request->user()->isOwner())) {
+            return response()->json([
+                'success' => false,
+                'message' => 'You are not allowed to update this app.'
+            ], 401);
+        }
 
-        if(isset($request->deleted_files) && !empty($request->deleted_files)) {
+        if (isset($request->deleted_files) && ! empty($request->deleted_files)) {
             Updater::deleteFiles($request->deleted_files);
         }