Permission stuff for Faktur.
このコミットが含まれているのは:
コミット
88273c9d82
|
@ -36,6 +36,7 @@ class InvoiceController extends Controller {
|
|||
return DB::table('inv_company')
|
||||
->select(
|
||||
'id',
|
||||
'user_id',
|
||||
'name',
|
||||
'compreg',
|
||||
'taxnr',
|
||||
|
@ -77,6 +78,7 @@ class InvoiceController extends Controller {
|
|||
'payterm'
|
||||
)
|
||||
->where('id', $id)
|
||||
->where('user_id', $check)
|
||||
->get();
|
||||
}
|
||||
else {
|
||||
|
@ -86,7 +88,7 @@ class InvoiceController extends Controller {
|
|||
else if ($valid['inv_manuser'] == 1) {
|
||||
return DB::table('inv_company')
|
||||
->select(
|
||||
'cu_id',
|
||||
'user_id',
|
||||
'name',
|
||||
'compreg',
|
||||
'taxnr',
|
||||
|
@ -119,15 +121,9 @@ class InvoiceController extends Controller {
|
|||
$valid = $this->objAuth->getPermissions($request->username, $request->password);
|
||||
|
||||
if ($valid['inv_mancompany'] == 1 && $valid['inv_manuser'] == 1) {
|
||||
$user = DB::table('inv_company_users')
|
||||
->insertGetId([
|
||||
'user_id' => $request->user,
|
||||
'company_id' => 0
|
||||
]);
|
||||
|
||||
$add = DB::table('inv_company')
|
||||
->insertGetId([
|
||||
'cu_id' => $user,
|
||||
'user_id' => $request->user_id,
|
||||
'name' => $request->name,
|
||||
'compreg' => ($request->compreg ? $request->compreg : ''),
|
||||
'taxnr' => ($request->taxnr ? $request->taxnr : ''),
|
||||
|
@ -138,10 +134,6 @@ class InvoiceController extends Controller {
|
|||
'payterm' => $request->payterm
|
||||
]);
|
||||
|
||||
DB::table('inv_company_users')
|
||||
->where('user_id', $request->user)
|
||||
->update(['company_id' => $add]);
|
||||
|
||||
return $add;
|
||||
}
|
||||
else {
|
||||
|
@ -161,15 +153,10 @@ class InvoiceController extends Controller {
|
|||
|
||||
if ($valid['inv_mancompany'] == 1) {
|
||||
if ($valid['inv_manuser'] == 0) {
|
||||
$companyId = DB::table('inv_company_users')
|
||||
->select('company_id')
|
||||
->where('user_id', $check)
|
||||
->limit(1)
|
||||
->first();
|
||||
|
||||
if ($companyId != 0) {
|
||||
DB::table('inv_company')
|
||||
->where('id', $request->id)
|
||||
->where('user_id', $check)
|
||||
->update([
|
||||
'name' => $request->name,
|
||||
'compreg' => ($request->compreg ? $request->compreg : ''),
|
||||
|
@ -186,16 +173,10 @@ class InvoiceController extends Controller {
|
|||
}
|
||||
}
|
||||
else if ($valid['inv_manuser'] == 1) {
|
||||
DB::table('inv_company_users')
|
||||
->where('company_id', $request->id)
|
||||
->update([
|
||||
'user_id' => $request->cu_id
|
||||
]);
|
||||
|
||||
DB::table('inv_company')
|
||||
->where('id', $request->id)
|
||||
->update([
|
||||
'cu_id' => $request->cu_id,
|
||||
'user_id' => $request->user_id,
|
||||
'name' => $request->name,
|
||||
'compreg' => ($request->compreg ? $request->compreg : ''),
|
||||
'taxnr' => ($request->taxnr ? $request->taxnr : ''),
|
||||
|
@ -224,7 +205,6 @@ class InvoiceController extends Controller {
|
|||
|
||||
if ($valid['inv_mancompany'] == 1 && $valid['inv_manuser'] == 1) {
|
||||
DB::table('inv_company')->where('id', $request->id)->delete();
|
||||
DB::table('inv_company_users')->where('company_id', $request->id)->delete();
|
||||
|
||||
return 'Done.';
|
||||
}
|
||||
|
@ -245,9 +225,36 @@ class InvoiceController extends Controller {
|
|||
$valid = $this->objAuth->getPermissions($request->username, $request->password);
|
||||
|
||||
if ($valid['inv_mancontact'] == 1) {
|
||||
return DB::table('inv_contacts')
|
||||
->select('*')
|
||||
->get();
|
||||
if ($valid['inv_manuser'] == 1) {
|
||||
return DB::table('inv_contacts')
|
||||
->select(
|
||||
'id',
|
||||
'user_id',
|
||||
'name',
|
||||
'address',
|
||||
'postcode',
|
||||
'town',
|
||||
'country',
|
||||
'phone',
|
||||
'email'
|
||||
)
|
||||
->get();
|
||||
}
|
||||
else {
|
||||
return DB::table('inv_contacts')
|
||||
->select(
|
||||
'id',
|
||||
'name',
|
||||
'address',
|
||||
'postcode',
|
||||
'town',
|
||||
'country',
|
||||
'phone',
|
||||
'email'
|
||||
)
|
||||
->where('user_id', $check)
|
||||
->get();
|
||||
}
|
||||
}
|
||||
else {
|
||||
return 'Permission denied.';
|
||||
|
@ -265,26 +272,67 @@ class InvoiceController extends Controller {
|
|||
$valid = $this->objAuth->getPermissions($request->username, $request->password);
|
||||
|
||||
if ($valid['inv_mancontact'] == 1) {
|
||||
$get = DB::table('inv_contacts')
|
||||
->select('*')
|
||||
->where('id', $id)
|
||||
->get();
|
||||
if ($valid['inv_manuser'] == 1) {
|
||||
$get = DB::table('inv_contacts')
|
||||
->select(
|
||||
'id',
|
||||
'user_id',
|
||||
'name',
|
||||
'address',
|
||||
'postcode',
|
||||
'town',
|
||||
'country',
|
||||
'phone',
|
||||
'email'
|
||||
)
|
||||
->where('id', $id)
|
||||
->get();
|
||||
|
||||
$emp = DB::table('inv_employers')
|
||||
->select('id')
|
||||
->where('contact_id', $id)
|
||||
->get();
|
||||
$emp = DB::table('inv_employers')
|
||||
->select('id')
|
||||
->where('contact_id', $id)
|
||||
->get();
|
||||
|
||||
$cus = DB::table('inv_clients')
|
||||
->select('id')
|
||||
->where('contact_id', $id)
|
||||
->get();
|
||||
$cus = DB::table('inv_clients')
|
||||
->select('id')
|
||||
->where('contact_id', $id)
|
||||
->get();
|
||||
}
|
||||
else {
|
||||
$get = DB::table('inv_contacts')
|
||||
->select(
|
||||
'id',
|
||||
'name',
|
||||
'address',
|
||||
'postcode',
|
||||
'town',
|
||||
'country',
|
||||
'phone',
|
||||
'email'
|
||||
)
|
||||
->where('id', $id)
|
||||
->where('user_id', $check)
|
||||
->get();
|
||||
|
||||
$emp = DB::table('inv_employers')
|
||||
->select('id')
|
||||
->where('contact_id', $id)
|
||||
->where('user_id', $check)
|
||||
->get();
|
||||
|
||||
$cus = DB::table('inv_clients')
|
||||
->select('id')
|
||||
->where('contact_id', $id)
|
||||
->where('user_id', $check)
|
||||
->get();
|
||||
}
|
||||
|
||||
$res = array();
|
||||
|
||||
foreach($get as $g) {
|
||||
$res[] = array(
|
||||
'id' => $g->id,
|
||||
'user_id' => ($valid['inv_manuser'] === 1 ? $g->user_id : $check),
|
||||
'name' => $g->name,
|
||||
'address' => $g->address,
|
||||
'postcode' => $g->postcode,
|
||||
|
@ -315,16 +363,63 @@ class InvoiceController extends Controller {
|
|||
$valid = $this->objAuth->getPermissions($request->username, $request->password);
|
||||
|
||||
if ($valid['inv_mancontact'] == 1) {
|
||||
$add = DB::table('inv_contacts')
|
||||
->insertGetId([
|
||||
'name' => $request->name,
|
||||
'address' => $request->address,
|
||||
'postcode' => $request->postcode,
|
||||
'town' => $request->town,
|
||||
'country' => $request->country,
|
||||
'phone' => $request->phone,
|
||||
'email' => $request->email
|
||||
]);
|
||||
if ($valid['inv_manuser'] == 1) {
|
||||
$add = DB::table('inv_contacts')
|
||||
->insertGetId([
|
||||
'user_id' => $request->user_id,
|
||||
'name' => $request->name,
|
||||
'address' => $request->address,
|
||||
'postcode' => $request->postcode,
|
||||
'town' => $request->town,
|
||||
'country' => $request->country,
|
||||
'phone' => $request->phone,
|
||||
'email' => $request->email
|
||||
]);
|
||||
|
||||
if ($request->isCustomer) {
|
||||
DB::table('inv_clients')
|
||||
->insert([
|
||||
'user_id' => $request->user_id,
|
||||
'contact_id' => $add
|
||||
]);
|
||||
}
|
||||
|
||||
if ($request->isEmployer) {
|
||||
DB::table('inv_employers')
|
||||
->insert([
|
||||
'user_id' => $request->user_id,
|
||||
'contact_id' => $add
|
||||
]);
|
||||
}
|
||||
}
|
||||
else {
|
||||
$add = DB::table('inv_contacts')
|
||||
->insertGetId([
|
||||
'name' => $request->name,
|
||||
'address' => $request->address,
|
||||
'postcode' => $request->postcode,
|
||||
'town' => $request->town,
|
||||
'country' => $request->country,
|
||||
'phone' => $request->phone,
|
||||
'email' => $request->email
|
||||
]);
|
||||
|
||||
if ($request->isCustomer) {
|
||||
DB::table('inv_clients')
|
||||
->insert([
|
||||
'user_id' => $check,
|
||||
'contact_id' => $add
|
||||
]);
|
||||
}
|
||||
|
||||
if ($request->isEmployer) {
|
||||
DB::table('inv_employers')
|
||||
->insert([
|
||||
'user_id' => $check,
|
||||
'contact_id' => $add
|
||||
]);
|
||||
}
|
||||
}
|
||||
|
||||
if ($request->isCustomer) {
|
||||
DB::table('inv_clients')
|
||||
|
@ -358,55 +453,121 @@ class InvoiceController extends Controller {
|
|||
$valid = $this->objAuth->getPermissions($request->username, $request->password);
|
||||
|
||||
if ($valid['inv_mancontact'] == 1) {
|
||||
DB::table('inv_contacts')
|
||||
->where('id', $request->id)
|
||||
->update([
|
||||
'name' => $request->name,
|
||||
'address' => $request->address,
|
||||
'postcode' => $request->postcode,
|
||||
'town' => $request->town,
|
||||
'country' => $request->country,
|
||||
'phone' => $request->phone,
|
||||
'email' => $request->email
|
||||
]);
|
||||
if ($valid['inv_manuser'] == 1) {
|
||||
DB::table('inv_contacts')
|
||||
->where('id', $request->id)
|
||||
->update([
|
||||
'user_id' => $request->user_id,
|
||||
'name' => $request->name,
|
||||
'address' => $request->address,
|
||||
'postcode' => $request->postcode,
|
||||
'town' => $request->town,
|
||||
'country' => $request->country,
|
||||
'phone' => $request->phone,
|
||||
'email' => $request->email
|
||||
]);
|
||||
|
||||
$emp = DB::table('inv_employers')
|
||||
->select('id')
|
||||
->where('contact_id', $request->id)
|
||||
->get();
|
||||
$emp = DB::table('inv_employers')
|
||||
->select('id')
|
||||
->where('contact_id', $request->id)
|
||||
->get();
|
||||
|
||||
$cus = DB::table('inv_clients')
|
||||
->select('id')
|
||||
->where('contact_id', $request->id)
|
||||
->get();
|
||||
|
||||
if ($emp->count()) {
|
||||
if (!$request->isEmployer) {
|
||||
DB::table('inv_employers')->where('contact_id', $request->id)->delete();
|
||||
}
|
||||
$cus = DB::table('inv_clients')
|
||||
->select('id')
|
||||
->where('contact_id', $request->id)
|
||||
->get();
|
||||
}
|
||||
else {
|
||||
if ($request->isEmployer) {
|
||||
DB::table('inv_employers')
|
||||
->where('id', $request->id)
|
||||
->insert([
|
||||
'contact_id' => $request->id
|
||||
]);
|
||||
}
|
||||
DB::table('inv_contacts')
|
||||
->where('id', $request->id)
|
||||
->where('user_id', $check)
|
||||
->update([
|
||||
'name' => $request->name,
|
||||
'address' => $request->address,
|
||||
'postcode' => $request->postcode,
|
||||
'town' => $request->town,
|
||||
'country' => $request->country,
|
||||
'phone' => $request->phone,
|
||||
'email' => $request->email
|
||||
]);
|
||||
|
||||
$emp = DB::table('inv_employers')
|
||||
->select('id')
|
||||
->where('user_id', $check)
|
||||
->where('contact_id', $request->id)
|
||||
->get();
|
||||
|
||||
$cus = DB::table('inv_clients')
|
||||
->select('id')
|
||||
->where('user_id', $check)
|
||||
->where('contact_id', $request->id)
|
||||
->get();
|
||||
}
|
||||
|
||||
if ($cus->count()) {
|
||||
if (!$request->isCustomer) {
|
||||
DB::table('inv_clients')->where('contact_id', $request->id)->delete();
|
||||
if ($valid['inv_manuser'] == 1) {
|
||||
if ($emp->count()) {
|
||||
if (!$request->isEmployer) {
|
||||
DB::table('inv_employers')->where('contact_id', $request->id)->delete();
|
||||
}
|
||||
}
|
||||
}
|
||||
else {
|
||||
if ($request->isCustomer) {
|
||||
else {
|
||||
if ($request->isEmployer) {
|
||||
DB::table('inv_employers')
|
||||
->where('id', $request->id)
|
||||
->insert([
|
||||
'user_id' => $request->user_id,
|
||||
'contact_id' => $request->id
|
||||
]);
|
||||
}
|
||||
}
|
||||
|
||||
if ($cus->count()) {
|
||||
if (!$request->isCustomer) {
|
||||
DB::table('inv_clients')->where('contact_id', $request->id)->delete();
|
||||
}
|
||||
}
|
||||
else {
|
||||
if ($request->isCustomer) {
|
||||
DB::table('inv_clients')
|
||||
->where('id', $request->id)
|
||||
->insert([
|
||||
'contact_id' => $request->id
|
||||
]);
|
||||
->where('id', $request->id)
|
||||
->insert([
|
||||
'user_id' => $request->user_id,
|
||||
'contact_id' => $request->id
|
||||
]);
|
||||
}
|
||||
}
|
||||
}
|
||||
else {
|
||||
if ($emp->count()) {
|
||||
if (!$request->isEmployer) {
|
||||
DB::table('inv_employers')->where('contact_id', $request->id)->where('user_id', $check)->delete();
|
||||
}
|
||||
}
|
||||
else {
|
||||
if ($request->isEmployer) {
|
||||
DB::table('inv_employers')
|
||||
->where('id', $request->id)
|
||||
->where('user_id', $check)
|
||||
->insert([
|
||||
'contact_id' => $request->id
|
||||
]);
|
||||
}
|
||||
}
|
||||
|
||||
if ($cus->count()) {
|
||||
if (!$request->isCustomer) {
|
||||
DB::table('inv_clients')->where('contact_id', $request->id)->where('user_id', $check)->delete();
|
||||
}
|
||||
}
|
||||
else {
|
||||
if ($request->isCustomer) {
|
||||
DB::table('inv_clients')
|
||||
->where('id', $request->id)
|
||||
->where('user_id', $check)
|
||||
->insert([
|
||||
'contact_id' => $request->id
|
||||
]);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -428,9 +589,16 @@ class InvoiceController extends Controller {
|
|||
$valid = $this->objAuth->getPermissions($request->username, $request->password);
|
||||
|
||||
if ($valid['inv_mancontact'] == 1) {
|
||||
DB::table('inv_contacts')->where('id', $request->id)->delete();
|
||||
DB::table('inv_employers')->where('contact_id', $request->id)->delete();
|
||||
DB::table('inv_clients')->where('contact_id', $request->id)->delete();
|
||||
if ($valid['inv_manuser'] == 1) {
|
||||
DB::table('inv_contacts')->where('id', $request->id)->delete();
|
||||
DB::table('inv_employers')->where('contact_id', $request->id)->delete();
|
||||
DB::table('inv_clients')->where('contact_id', $request->id)->delete();
|
||||
}
|
||||
else {
|
||||
DB::table('inv_contacts')->where('id', $request->id)->where('user_id', $check)->delete();
|
||||
DB::table('inv_employers')->where('contact_id', $request->id)->where('user_id', $check)->delete();
|
||||
DB::table('inv_clients')->where('contact_id', $request->id)->where('user_id', $check)->delete();
|
||||
}
|
||||
|
||||
return 'Done.';
|
||||
}
|
||||
|
@ -472,7 +640,12 @@ class InvoiceController extends Controller {
|
|||
$valid = $this->objAuth->getPermissions($request->username, $request->password);
|
||||
|
||||
if ($valid['inv_makeinvoice'] == 1) {
|
||||
DB::table('inv_invoices')->where('id', $request->id)->delete();
|
||||
if ($valid['inv_manuser'] == 1) {
|
||||
DB::table('inv_invoices')->where('id', $request->id)->delete();
|
||||
}
|
||||
else {
|
||||
DB::table('inv_invoices')->where('id', $request->id)->where('user_id', $check)->delete();
|
||||
}
|
||||
|
||||
return 'Done.';
|
||||
}
|
||||
|
@ -483,17 +656,71 @@ class InvoiceController extends Controller {
|
|||
}
|
||||
|
||||
// Services
|
||||
public function getServices() { // /api/rpc/invoice/service/getservices
|
||||
return DB::table('inv_services')
|
||||
->select('*')
|
||||
->get();
|
||||
public function getServices(Request $request) { // /api/rpc/invoice/service/getservices
|
||||
$check = $this->objAuth->checkLegit($request->username, $request->password);
|
||||
|
||||
if ($check == 0) {
|
||||
return 'Err!';
|
||||
}
|
||||
else {
|
||||
$valid = $this->objAuth->getPermissions($request->username, $request->password);
|
||||
|
||||
if ($valid['inv_makeinvoice'] == 1) {
|
||||
if ($valid['inv_manuser'] == 1) {
|
||||
return DB::table('inv_services')
|
||||
->select(
|
||||
'id',
|
||||
'name',
|
||||
'rate'
|
||||
)
|
||||
->get();
|
||||
|
||||
}
|
||||
else {
|
||||
return DB::table('inv_services')
|
||||
->select(
|
||||
'id',
|
||||
'name',
|
||||
'rate'
|
||||
)
|
||||
->where('user_id', $check)
|
||||
->get();
|
||||
}
|
||||
}
|
||||
else {
|
||||
return 'Permission denied.';
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
public function getService($id) { // /api/rpc/invoice/services/getservice/id
|
||||
return DB::table('inv_services')
|
||||
->select('*')
|
||||
->where('id', $id)
|
||||
->get();
|
||||
public function getService($id, Request $request) { // /api/rpc/invoice/services/getservice/id
|
||||
$check = $this->objAuth->checkLegit($request->username, $request->password);
|
||||
|
||||
if ($check == 0) {
|
||||
return 'Err!';
|
||||
}
|
||||
else {
|
||||
$valid = $this->objAuth->getPermissions($request->username, $request->password);
|
||||
|
||||
if ($valid['inv_makeinvoice'] == 1) {
|
||||
if ($valid['inv_manuser'] == 1) {
|
||||
return DB::table('inv_services')
|
||||
->select('*')
|
||||
->where('id', $id)
|
||||
->get();
|
||||
}
|
||||
else {
|
||||
return DB::table('inv_services')
|
||||
->select('*')
|
||||
->where('id', $id)
|
||||
->where('user_id', $check)
|
||||
->get();
|
||||
}
|
||||
}
|
||||
else {
|
||||
return 'Permission denied.';
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
public function newService(Request $request) { // /api/rpc/invoice/services/new
|
||||
|
@ -506,11 +733,21 @@ class InvoiceController extends Controller {
|
|||
$valid = $this->objAuth->getPermissions($request->username, $request->password);
|
||||
|
||||
if ($valid['inv_makeinvoice'] == 1) {
|
||||
$add = DB::table('inv_services')
|
||||
->insertGetId([
|
||||
'name' => $request->name,
|
||||
'rate' => $request->rate
|
||||
]);
|
||||
if ($valid['inv_manuser'] == 1) {
|
||||
$add = DB::table('inv_services')
|
||||
->insertGetId([
|
||||
'user_id' => $request->user_id,
|
||||
'name' => $request->name,
|
||||
'rate' => $request->rate
|
||||
]);
|
||||
}
|
||||
else {
|
||||
$add = DB::table('inv_services')
|
||||
->insertGetId([
|
||||
'name' => $request->name,
|
||||
'rate' => $request->rate
|
||||
]);
|
||||
}
|
||||
|
||||
return $add;
|
||||
}
|
||||
|
@ -530,12 +767,24 @@ class InvoiceController extends Controller {
|
|||
$valid = $this->objAuth->getPermissions($request->username, $request->password);
|
||||
|
||||
if ($valid['inv_makeinvoice'] == 1) {
|
||||
DB::table('inv_services')
|
||||
->where('id', $request->id)
|
||||
->update([
|
||||
'name' => $request->name,
|
||||
'rate' => $request->rate
|
||||
]);
|
||||
if ($valid['inv_manuser'] == 1) {
|
||||
DB::table('inv_services')
|
||||
->where('id', $request->id)
|
||||
->update([
|
||||
'user_id' => $request->user_id,
|
||||
'name' => $request->name,
|
||||
'rate' => $request->rate
|
||||
]);
|
||||
}
|
||||
else {
|
||||
DB::table('inv_services')
|
||||
->where('id', $request->id)
|
||||
->where('user_id', $check)
|
||||
->update([
|
||||
'name' => $request->name,
|
||||
'rate' => $request->rate
|
||||
]);
|
||||
}
|
||||
|
||||
return 'Success!';
|
||||
}
|
||||
|
@ -555,7 +804,12 @@ class InvoiceController extends Controller {
|
|||
$valid = $this->objAuth->getPermissions($request->username, $request->password);
|
||||
|
||||
if ($valid['inv_makeinvoice'] == 1) {
|
||||
DB::table('inv_services')->where('id', $request->id)->delete();
|
||||
if ($valid['inv_manuser'] == 1) {
|
||||
DB::table('inv_services')->where('id', $request->id)->delete();
|
||||
}
|
||||
else {
|
||||
DB::table('inv_services')->where('id', $request->id)->where('user_id', $check)->delete();
|
||||
}
|
||||
|
||||
return 'Done.';
|
||||
}
|
||||
|
|
新しいイシューから参照