suwako
/
076server
アーカイブ
1
0
フォーク 0
コード イシュー プルリクエスト プロジェクト リリース Wiki アクティビティ

Permission stuff for Faktur.

このコミットが含まれているのは:
テクニカル諏訪子 2018-05-02 19:10:17 +09:00
ff955971fb
コミット 88273c9d82
1個のファイルの変更371行の追加117行の削除
統計情報を表示 Patchファイルをダウンロード Diffファイルをダウンロード すべてのファイルを展開 すべてのファイルを折り畳む

488
app/Http/Controllers/InvoiceController.php
ファイルの表示

@ -36,6 +36,7 @@ class InvoiceController extends Controller {
return DB::table('inv_company')
->select(
'id',
'user_id',
'name',
'compreg',
'taxnr',
@ -77,6 +78,7 @@ class InvoiceController extends Controller {
'payterm'
)
->where('id', $id)
->where('user_id', $check)
->get();
}
else {
@ -86,7 +88,7 @@ class InvoiceController extends Controller {
else if ($valid['inv_manuser'] == 1) {
return DB::table('inv_company')
->select(
'cu_id',
'user_id',
'name',
'compreg',
'taxnr',
@ -119,15 +121,9 @@ class InvoiceController extends Controller {
$valid = $this->objAuth->getPermissions($request->username, $request->password);
if ($valid['inv_mancompany'] == 1 && $valid['inv_manuser'] == 1) {
$user = DB::table('inv_company_users')
->insertGetId([
'user_id' => $request->user,
'company_id' => 0
]);
$add = DB::table('inv_company')
->insertGetId([
'cu_id' => $user,
'user_id' => $request->user_id,
'name' => $request->name,
'compreg' => ($request->compreg ? $request->compreg : ''),
'taxnr' => ($request->taxnr ? $request->taxnr : ''),
@ -138,10 +134,6 @@ class InvoiceController extends Controller {
'payterm' => $request->payterm
]);
DB::table('inv_company_users')
->where('user_id', $request->user)
->update(['company_id' => $add]);
return $add;
}
else {
@ -161,15 +153,10 @@ class InvoiceController extends Controller {
if ($valid['inv_mancompany'] == 1) {
if ($valid['inv_manuser'] == 0) {
$companyId = DB::table('inv_company_users')
->select('company_id')
->where('user_id', $check)
->limit(1)
->first();
if ($companyId != 0) {
DB::table('inv_company')
->where('id', $request->id)
->where('user_id', $check)
->update([
'name' => $request->name,
'compreg' => ($request->compreg ? $request->compreg : ''),
@ -186,16 +173,10 @@ class InvoiceController extends Controller {
}
}
else if ($valid['inv_manuser'] == 1) {
DB::table('inv_company_users')
->where('company_id', $request->id)
->update([
'user_id' => $request->cu_id
]);
DB::table('inv_company')
->where('id', $request->id)
->update([
'cu_id' => $request->cu_id,
'user_id' => $request->user_id,
'name' => $request->name,
'compreg' => ($request->compreg ? $request->compreg : ''),
'taxnr' => ($request->taxnr ? $request->taxnr : ''),
@ -224,7 +205,6 @@ class InvoiceController extends Controller {
if ($valid['inv_mancompany'] == 1 && $valid['inv_manuser'] == 1) {
DB::table('inv_company')->where('id', $request->id)->delete();
DB::table('inv_company_users')->where('company_id', $request->id)->delete();
return 'Done.';
}
@ -245,9 +225,36 @@ class InvoiceController extends Controller {
$valid = $this->objAuth->getPermissions($request->username, $request->password);
if ($valid['inv_mancontact'] == 1) {
return DB::table('inv_contacts')
->select('*')
->get();
if ($valid['inv_manuser'] == 1) {
return DB::table('inv_contacts')
->select(
'id',
'user_id',
'name',
'address',
'postcode',
'town',
'country',
'phone',
'email'
)
->get();
}
else {
return DB::table('inv_contacts')
->select(
'id',
'name',
'address',
'postcode',
'town',
'country',
'phone',
'email'
)
->where('user_id', $check)
->get();
}
}
else {
return 'Permission denied.';
@ -265,26 +272,67 @@ class InvoiceController extends Controller {
$valid = $this->objAuth->getPermissions($request->username, $request->password);
if ($valid['inv_mancontact'] == 1) {
$get = DB::table('inv_contacts')
->select('*')
->where('id', $id)
->get();
if ($valid['inv_manuser'] == 1) {
$get = DB::table('inv_contacts')
->select(
'id',
'user_id',
'name',
'address',
'postcode',
'town',
'country',
'phone',
'email'
)
->where('id', $id)
->get();
$emp = DB::table('inv_employers')
->select('id')
->where('contact_id', $id)
->get();
$emp = DB::table('inv_employers')
->select('id')
->where('contact_id', $id)
->get();
$cus = DB::table('inv_clients')
->select('id')
->where('contact_id', $id)
->get();
$cus = DB::table('inv_clients')
->select('id')
->where('contact_id', $id)
->get();
}
else {
$get = DB::table('inv_contacts')
->select(
'id',
'name',
'address',
'postcode',
'town',
'country',
'phone',
'email'
)
->where('id', $id)
->where('user_id', $check)
->get();
$emp = DB::table('inv_employers')
->select('id')
->where('contact_id', $id)
->where('user_id', $check)
->get();
$cus = DB::table('inv_clients')
->select('id')
->where('contact_id', $id)
->where('user_id', $check)
->get();
}
$res = array();
foreach($get as $g) {
$res[] = array(
'id' => $g->id,
'user_id' => ($valid['inv_manuser'] === 1 ? $g->user_id : $check),
'name' => $g->name,
'address' => $g->address,
'postcode' => $g->postcode,
@ -315,16 +363,63 @@ class InvoiceController extends Controller {
$valid = $this->objAuth->getPermissions($request->username, $request->password);
if ($valid['inv_mancontact'] == 1) {
$add = DB::table('inv_contacts')
->insertGetId([
'name' => $request->name,
'address' => $request->address,
'postcode' => $request->postcode,
'town' => $request->town,
'country' => $request->country,
'phone' => $request->phone,
'email' => $request->email
]);
if ($valid['inv_manuser'] == 1) {
$add = DB::table('inv_contacts')
->insertGetId([
'user_id' => $request->user_id,
'name' => $request->name,
'address' => $request->address,
'postcode' => $request->postcode,
'town' => $request->town,
'country' => $request->country,
'phone' => $request->phone,
'email' => $request->email
]);
if ($request->isCustomer) {
DB::table('inv_clients')
->insert([
'user_id' => $request->user_id,
'contact_id' => $add
]);
}
if ($request->isEmployer) {
DB::table('inv_employers')
->insert([
'user_id' => $request->user_id,
'contact_id' => $add
]);
}
}
else {
$add = DB::table('inv_contacts')
->insertGetId([
'name' => $request->name,
'address' => $request->address,
'postcode' => $request->postcode,
'town' => $request->town,
'country' => $request->country,
'phone' => $request->phone,
'email' => $request->email
]);
if ($request->isCustomer) {
DB::table('inv_clients')
->insert([
'user_id' => $check,
'contact_id' => $add
]);
}
if ($request->isEmployer) {
DB::table('inv_employers')
->insert([
'user_id' => $check,
'contact_id' => $add
]);
}
}
if ($request->isCustomer) {
DB::table('inv_clients')
@ -358,55 +453,121 @@ class InvoiceController extends Controller {
$valid = $this->objAuth->getPermissions($request->username, $request->password);
if ($valid['inv_mancontact'] == 1) {
DB::table('inv_contacts')
->where('id', $request->id)
->update([
'name' => $request->name,
'address' => $request->address,
'postcode' => $request->postcode,
'town' => $request->town,
'country' => $request->country,
'phone' => $request->phone,
'email' => $request->email
]);
if ($valid['inv_manuser'] == 1) {
DB::table('inv_contacts')
->where('id', $request->id)
->update([
'user_id' => $request->user_id,
'name' => $request->name,
'address' => $request->address,
'postcode' => $request->postcode,
'town' => $request->town,
'country' => $request->country,
'phone' => $request->phone,
'email' => $request->email
]);
$emp = DB::table('inv_employers')
->select('id')
->where('contact_id', $request->id)
->get();
$emp = DB::table('inv_employers')
->select('id')
->where('contact_id', $request->id)
->get();
$cus = DB::table('inv_clients')
->select('id')
->where('contact_id', $request->id)
->get();
if ($emp->count()) {
if (!$request->isEmployer) {
DB::table('inv_employers')->where('contact_id', $request->id)->delete();
}
$cus = DB::table('inv_clients')
->select('id')
->where('contact_id', $request->id)
->get();
}
else {
if ($request->isEmployer) {
DB::table('inv_employers')
->where('id', $request->id)
->insert([
'contact_id' => $request->id
]);
}
DB::table('inv_contacts')
->where('id', $request->id)
->where('user_id', $check)
->update([
'name' => $request->name,
'address' => $request->address,
'postcode' => $request->postcode,
'town' => $request->town,
'country' => $request->country,
'phone' => $request->phone,
'email' => $request->email
]);
$emp = DB::table('inv_employers')
->select('id')
->where('user_id', $check)
->where('contact_id', $request->id)
->get();
$cus = DB::table('inv_clients')
->select('id')
->where('user_id', $check)
->where('contact_id', $request->id)
->get();
}
if ($cus->count()) {
if (!$request->isCustomer) {
DB::table('inv_clients')->where('contact_id', $request->id)->delete();
if ($valid['inv_manuser'] == 1) {
if ($emp->count()) {
if (!$request->isEmployer) {
DB::table('inv_employers')->where('contact_id', $request->id)->delete();
}
}
}
else {
if ($request->isCustomer) {
else {
if ($request->isEmployer) {
DB::table('inv_employers')
->where('id', $request->id)
->insert([
'user_id' => $request->user_id,
'contact_id' => $request->id
]);
}
}
if ($cus->count()) {
if (!$request->isCustomer) {
DB::table('inv_clients')->where('contact_id', $request->id)->delete();
}
}
else {
if ($request->isCustomer) {
DB::table('inv_clients')
->where('id', $request->id)
->insert([
'contact_id' => $request->id
]);
->where('id', $request->id)
->insert([
'user_id' => $request->user_id,
'contact_id' => $request->id
]);
}
}
}
else {
if ($emp->count()) {
if (!$request->isEmployer) {
DB::table('inv_employers')->where('contact_id', $request->id)->where('user_id', $check)->delete();
}
}
else {
if ($request->isEmployer) {
DB::table('inv_employers')
->where('id', $request->id)
->where('user_id', $check)
->insert([
'contact_id' => $request->id
]);
}
}
if ($cus->count()) {
if (!$request->isCustomer) {
DB::table('inv_clients')->where('contact_id', $request->id)->where('user_id', $check)->delete();
}
}
else {
if ($request->isCustomer) {
DB::table('inv_clients')
->where('id', $request->id)
->where('user_id', $check)
->insert([
'contact_id' => $request->id
]);
}
}
}
@ -428,9 +589,16 @@ class InvoiceController extends Controller {
$valid = $this->objAuth->getPermissions($request->username, $request->password);
if ($valid['inv_mancontact'] == 1) {
DB::table('inv_contacts')->where('id', $request->id)->delete();
DB::table('inv_employers')->where('contact_id', $request->id)->delete();
DB::table('inv_clients')->where('contact_id', $request->id)->delete();
if ($valid['inv_manuser'] == 1) {
DB::table('inv_contacts')->where('id', $request->id)->delete();
DB::table('inv_employers')->where('contact_id', $request->id)->delete();
DB::table('inv_clients')->where('contact_id', $request->id)->delete();
}
else {
DB::table('inv_contacts')->where('id', $request->id)->where('user_id', $check)->delete();
DB::table('inv_employers')->where('contact_id', $request->id)->where('user_id', $check)->delete();
DB::table('inv_clients')->where('contact_id', $request->id)->where('user_id', $check)->delete();
}
return 'Done.';
}
@ -472,7 +640,12 @@ class InvoiceController extends Controller {
$valid = $this->objAuth->getPermissions($request->username, $request->password);
if ($valid['inv_makeinvoice'] == 1) {
DB::table('inv_invoices')->where('id', $request->id)->delete();
if ($valid['inv_manuser'] == 1) {
DB::table('inv_invoices')->where('id', $request->id)->delete();
}
else {
DB::table('inv_invoices')->where('id', $request->id)->where('user_id', $check)->delete();
}
return 'Done.';
}
@ -483,17 +656,71 @@ class InvoiceController extends Controller {
}
// Services
public function getServices() { // /api/rpc/invoice/service/getservices
return DB::table('inv_services')
->select('*')
->get();
public function getServices(Request $request) { // /api/rpc/invoice/service/getservices
$check = $this->objAuth->checkLegit($request->username, $request->password);
if ($check == 0) {
return 'Err!';
}
else {
$valid = $this->objAuth->getPermissions($request->username, $request->password);
if ($valid['inv_makeinvoice'] == 1) {
if ($valid['inv_manuser'] == 1) {
return DB::table('inv_services')
->select(
'id',
'name',
'rate'
)
->get();
}
else {
return DB::table('inv_services')
->select(
'id',
'name',
'rate'
)
->where('user_id', $check)
->get();
}
}
else {
return 'Permission denied.';
}
}
}
public function getService($id) { // /api/rpc/invoice/services/getservice/id
return DB::table('inv_services')
->select('*')
->where('id', $id)
->get();
public function getService($id, Request $request) { // /api/rpc/invoice/services/getservice/id
$check = $this->objAuth->checkLegit($request->username, $request->password);
if ($check == 0) {
return 'Err!';
}
else {
$valid = $this->objAuth->getPermissions($request->username, $request->password);
if ($valid['inv_makeinvoice'] == 1) {
if ($valid['inv_manuser'] == 1) {
return DB::table('inv_services')
->select('*')
->where('id', $id)
->get();
}
else {
return DB::table('inv_services')
->select('*')
->where('id', $id)
->where('user_id', $check)
->get();
}
}
else {
return 'Permission denied.';
}
}
}
public function newService(Request $request) { // /api/rpc/invoice/services/new
@ -506,11 +733,21 @@ class InvoiceController extends Controller {
$valid = $this->objAuth->getPermissions($request->username, $request->password);
if ($valid['inv_makeinvoice'] == 1) {
$add = DB::table('inv_services')
->insertGetId([
'name' => $request->name,
'rate' => $request->rate
]);
if ($valid['inv_manuser'] == 1) {
$add = DB::table('inv_services')
->insertGetId([
'user_id' => $request->user_id,
'name' => $request->name,
'rate' => $request->rate
]);
}
else {
$add = DB::table('inv_services')
->insertGetId([
'name' => $request->name,
'rate' => $request->rate
]);
}
return $add;
}
@ -530,12 +767,24 @@ class InvoiceController extends Controller {
$valid = $this->objAuth->getPermissions($request->username, $request->password);
if ($valid['inv_makeinvoice'] == 1) {
DB::table('inv_services')
->where('id', $request->id)
->update([
'name' => $request->name,
'rate' => $request->rate
]);
if ($valid['inv_manuser'] == 1) {
DB::table('inv_services')
->where('id', $request->id)
->update([
'user_id' => $request->user_id,
'name' => $request->name,
'rate' => $request->rate
]);
}
else {
DB::table('inv_services')
->where('id', $request->id)
->where('user_id', $check)
->update([
'name' => $request->name,
'rate' => $request->rate
]);
}
return 'Success!';
}
@ -555,7 +804,12 @@ class InvoiceController extends Controller {
$valid = $this->objAuth->getPermissions($request->username, $request->password);
if ($valid['inv_makeinvoice'] == 1) {
DB::table('inv_services')->where('id', $request->id)->delete();
if ($valid['inv_manuser'] == 1) {
DB::table('inv_services')->where('id', $request->id)->delete();
}
else {
DB::table('inv_services')->where('id', $request->id)->where('user_id', $check)->delete();
}
return 'Done.';
}