public function getDocument($invitationKey, $publicId)
{
if (!($invitation = $this->invoiceRepo->findInvoiceByInvitation($invitationKey))) {
return $this->returnError();
}
Session::put('contact_key', $invitation->contact->contact_key);
// track current contact
$clientId = $invitation->invoice->client_id;
$document = Document::scope($publicId, $invitation->account_id)->firstOrFail();
$authorized = false;
if ($document->expense && $document->expense->client_id == $invitation->invoice->client_id) {
$authorized = true;
} else {
if ($document->invoice && $document->invoice->client_id == $invitation->invoice->client_id) {
$authorized = true;
}
}
if (!$authorized) {
return Response::view('error', ['error' => 'Not authorized'], 403);
}
return DocumentController::getDownloadResponse($document);
}