forked from anuko/timetracker
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathttExpenseHelper.class.php
More file actions
295 lines (251 loc) · 11 KB
/
Copy pathttExpenseHelper.class.php
File metadata and controls
295 lines (251 loc) · 11 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
<?php
// +----------------------------------------------------------------------+
// | Anuko Time Tracker
// +----------------------------------------------------------------------+
// | Copyright (c) Anuko International Ltd. (https://www.anuko.com)
// +----------------------------------------------------------------------+
// | LIBERAL FREEWARE LICENSE: This source code document may be used
// | by anyone for any purpose, and freely redistributed alone or in
// | combination with other software, provided that the license is obeyed.
// |
// | There are only two ways to violate the license:
// |
// | 1. To redistribute this code in source form, with the copyright
// | notice or license removed or altered. (Distributing in compiled
// | forms without embedded copyright notices is permitted).
// |
// | 2. To redistribute modified versions of this code in *any* form
// | that bears insufficient indications that the modifications are
// | not the work of the original author(s).
// |
// | This license applies to this document only, not any other software
// | that it may be combined with.
// |
// +----------------------------------------------------------------------+
// | Contributors:
// | https://www.anuko.com/time_tracker/credits.htm
// +----------------------------------------------------------------------+
// The ttExpenseHelper is a class to help with expense items.
class ttExpenseHelper {
// insert - inserts an entry into tt_expense_items table.
static function insert($fields) {
global $user;
$mdb2 = getConnection();
$user_id = $user->getUser();
$group_id = $user->getGroup();
$org_id = $user->org_id;
$date = $fields['date'];
$client_id = $fields['client_id'];
$project_id = $fields['project_id'];
$name = $fields['name'];
$cost = str_replace(',', '.', $fields['cost']);
$invoice_id = $fields['invoice_id'];
$status = $fields['status'];
$paid = (int) $fields['paid'];
$created = ', now(), '.$mdb2->quote($_SERVER['REMOTE_ADDR']).', '.$user->id;
$sql = "insert into tt_expense_items".
" (date, user_id, group_id, org_id, client_id, project_id, name, cost, invoice_id, paid, created, created_ip, created_by, status)".
" values (".$mdb2->quote($date).", $user_id, $group_id, $org_id, ".$mdb2->quote($client_id).", ".$mdb2->quote($project_id).
", ".$mdb2->quote($name).", ".$mdb2->quote($cost).", ".$mdb2->quote($invoice_id).", $paid $created, ".$mdb2->quote($status).")";
$affected = $mdb2->exec($sql);
if (is_a($affected, 'PEAR_Error'))
return false;
$id = $mdb2->lastInsertID('tt_expense_items', 'id');
return $id;
}
// update - updates a record in tt_expense_items table.
static function update($fields) {
global $user;
$mdb2 = getConnection();
$user_id = $user->getUser();
$group_id = $user->getGroup();
$org_id = $user->org_id;
$id = (int) $fields['id'];
$date = $fields['date'];
$client_id = $fields['client_id'];
$project_id = $fields['project_id'];
$name = $fields['name'];
$cost = str_replace(',', '.', $fields['cost']);
$invoice_id = $fields['invoice_id'];
$paid_part = '';
if ($user->can('manage_invoices') && $user->isPluginEnabled('ps')) {
$paid_part = $fields['paid'] ? ', paid = 1' : ', paid = 0';
}
$modified_part = ', modified = now(), modified_ip = '.$mdb2->quote($_SERVER['REMOTE_ADDR']).', modified_by = '.$user->id;
$sql = "update tt_expense_items set date = ".$mdb2->quote($date).", user_id = $user_id, client_id = ".$mdb2->quote($client_id).
", project_id = ".$mdb2->quote($project_id).", name = ".$mdb2->quote($name).
", cost = ".$mdb2->quote($cost)."$paid_part $modified_part, invoice_id = ".$mdb2->quote($invoice_id).
" where id = $id and group_id = $group_id and org_id = $org_id";
$affected = $mdb2->exec($sql);
return (!is_a($affected, 'PEAR_Error'));
}
// markDeleted - marks an item as deleted in tt_expense_items table.
static function markDeleted($id) {
global $user;
$mdb2 = getConnection();
// Delete associated files.
if ($user->isPluginEnabled('at')) {
import('ttFileHelper');
global $err;
$fileHelper = new ttFileHelper($err);
if (!$fileHelper->deleteEntityFiles($id, 'expense'))
return false;
}
$user_id = $user->getUser();
$group_id = $user->getGroup();
$org_id = $user->org_id;
$modified_part = ', modified = now(), modified_ip = '.$mdb2->quote($_SERVER['REMOTE_ADDR']).', modified_by = '.$user->id;
$sql = "update tt_expense_items set status = null".$modified_part.
" where id = $id and user_id = $user_id and group_id = $group_id and org_id = $org_id";
$affected = $mdb2->exec($sql);
return (!is_a($affected, 'PEAR_Error'));
}
// getTotalForDay - gets total expenses for a user for a specific date.
static function getTotalForDay($date) {
global $user;
$mdb2 = getConnection();
$user_id = $user->getUser();
$group_id = $user->getGroup();
$org_id = $user->org_id;
$sql = "select sum(cost) as total from tt_expense_items".
" where user_id = $user_id and group_id = $group_id and org_id = $org_id".
" and date = ".$mdb2->quote($date)." and status = 1";
$res = $mdb2->query($sql);
if (!is_a($res, 'PEAR_Error')) {
$val = $res->fetchRow();
$val['total'] = str_replace('.', $user->getDecimalMark(), $val['total']);
return $val['total'];
}
return false;
}
// getItem - retrieves an entry from tt_expense_items table.
static function getItem($id) {
global $user;
$mdb2 = getConnection();
$user_id = $user->getUser();
$group_id = $user->getGroup();
$org_id = $user->org_id;
$client_field = null;
if ($user->isPluginEnabled('cl'))
$client_field = ", c.name as client_name";
$left_joins = "";
$left_joins = " left join tt_projects p on (ei.project_id = p.id)";
if ($user->isPluginEnabled('cl'))
$left_joins .= " left join tt_clients c on (ei.client_id = c.id)";
$sql = "select ei.id, ei.date, ei.client_id, ei.project_id, ei.name, ei.cost, ei.invoice_id, ei.approved,".
" ei.paid $client_field, p.name as project_name".
" from tt_expense_items ei $left_joins".
" where ei.id = $id and ei.group_id = $group_id and ei.org_id = $org_id and ei.user_id = $user_id and ei.status = 1";
$res = $mdb2->query($sql);
if (!is_a($res, 'PEAR_Error')) {
if (!$res->numRows()) {
return false;
}
if ($val = $res->fetchRow()) {
$val['cost'] = str_replace('.', $user->getDecimalMark(), $val['cost']);
return $val;
}
}
return false;
}
// getItemForFileView - retrieves an expense item identified by its id for
// attachment view operation.
//
// It is different from getItem, as we want users with appropriate rights
// to be able to see other users files, without changing "on behalf" user.
// For example, viewing reports for all users and their attached files
// from report links.
static function getItemForFileView($id) {
// There are several possible situations:
//
// Record is ours. Check "view_own_reports" or "view_all_reports".
// Record is for the current on behalf user. Check "view_reports" or "view_all_reports".
// Record is for someone else. Check "view_reports" or "view_all_reports" and rank.
//
// It looks like the best way is to use 2 queries, obtain user_id first, then check rank.
global $user;
$mdb2 = getConnection();
$user_id = $user->getUser();
$group_id = $user->getGroup();
$org_id = $user->org_id;
// Obtain user_id for the expense item.
$sql = "select ei.id, ei.user_id, ei.invoice_id, ei.approved from tt_expense_items ei ".
" where ei.id = $id and ei.group_id = $group_id and ei.org_id = $org_id and ei.status = 1";
$res = $mdb2->query($sql);
if (is_a($res, 'PEAR_Error')) return false;
if (!$res->numRows()) return false;
$val = $res->fetchRow();
$user_id = $val['user_id'];
// If record is ours.
if ($user_id == $user->id) {
if ($user->can('view_own_reports') || $user->can('view_all_reports')) {
$val['can_edit'] = !($val['invoice_id'] || $val['approved']);
return $val;
}
return false; // No rights.
}
// If record belongs to a user we impersonate.
if ($user->behalfUser && $user_id == $user->behalfUser->id) {
if ($user->can('view_reports') || $user->can('view_all_reports')) {
$val['can_edit'] = !($val['invoice_id'] || $val['approved']);
return $val;
}
return false; // No rights.
}
// Record belongs to someone else. We need to check user rank.
if (!($user->can('view_reports') || $user->can('view_all_reports'))) return false;
$max_rank = $user->can('view_all_reports') ? MAX_RANK : $user->getMaxRankForGroup($group_id);
$left_joins = ' left join tt_users u on (ei.user_id = u.id)';
$left_joins .= ' left join tt_roles r on (u.role_id = r.id)';
$where_part = " where ei.id = $id and ei.group_id = $group_id and ei.org_id = $org_id and ei.status = 1".
$where_part .= " and r.rank <= $max_rank";
$sql = "select ei.id, ei.user_id, ei.invoice_id, ei.approved".
" from tt_expense_items ei $left_joins $where_part";
$res = $mdb2->query($sql);
if (!is_a($res, 'PEAR_Error')) {
if (!$res->numRows()) {
return false;
}
if ($val = $res->fetchRow()) {
$val['can_edit'] = false;
return $val;
}
}
return false;
}
// getItems - returns expense items for a user for a given date.
static function getItems($date, $includeFiles = false) {
global $user;
$mdb2 = getConnection();
$user_id = $user->getUser();
$group_id = $user->getGroup();
$org_id = $user->org_id;
$result = array();
$client_field = null;
if ($user->isPluginEnabled('cl'))
$client_field = ", c.name as client";
if ($includeFiles) {
$filePart = ', if(Sub1.entity_id is null, 0, 1) as has_files';
$fileJoin = " left join (select distinct entity_id from tt_files".
" where entity_type = 'expense' and group_id = $group_id and org_id = $org_id and status = 1) Sub1".
" on (ei.id = Sub1.entity_id)";
}
$left_joins = "";
$left_joins = " left join tt_projects p on (ei.project_id = p.id)";
if ($user->isPluginEnabled('cl'))
$left_joins .= " left join tt_clients c on (ei.client_id = c.id)";
$left_joins .= $fileJoin;
$sql = "select ei.id as id $client_field, p.name as project, ei.name as item, ei.cost as cost,".
" ei.invoice_id, ei.approved $filePart from tt_expense_items ei $left_joins".
" where ei.date = ".$mdb2->quote($date)." and ei.user_id = $user_id".
" and ei.group_id = $group_id and ei.org_id = $org_id and ei.status = 1 order by ei.id";
$res = $mdb2->query($sql);
if (!is_a($res, 'PEAR_Error')) {
while ($val = $res->fetchRow()) {
$val['cost'] = str_replace('.', $user->getDecimalMark(), $val['cost']);
$result[] = $val;
}
} else return false;
return $result;
}
}