diff --git a/app/Http/Controllers/InvoiceController.php b/app/Http/Controllers/InvoiceController.php index 37d46f4..2b1de7e 100644 --- a/app/Http/Controllers/InvoiceController.php +++ b/app/Http/Controllers/InvoiceController.php @@ -36,6 +36,7 @@ class InvoiceController extends Controller { return DB::table('inv_company') ->select( 'id', + 'user_id', 'name', 'compreg', 'taxnr', @@ -77,6 +78,7 @@ class InvoiceController extends Controller { 'payterm' ) ->where('id', $id) + ->where('user_id', $check) ->get(); } else { @@ -86,7 +88,7 @@ class InvoiceController extends Controller { else if ($valid['inv_manuser'] == 1) { return DB::table('inv_company') ->select( - 'cu_id', + 'user_id', 'name', 'compreg', 'taxnr', @@ -119,15 +121,9 @@ class InvoiceController extends Controller { $valid = $this->objAuth->getPermissions($request->username, $request->password); if ($valid['inv_mancompany'] == 1 && $valid['inv_manuser'] == 1) { - $user = DB::table('inv_company_users') - ->insertGetId([ - 'user_id' => $request->user, - 'company_id' => 0 - ]); - $add = DB::table('inv_company') ->insertGetId([ - 'cu_id' => $user, + 'user_id' => $request->user_id, 'name' => $request->name, 'compreg' => ($request->compreg ? $request->compreg : ''), 'taxnr' => ($request->taxnr ? $request->taxnr : ''), @@ -138,10 +134,6 @@ class InvoiceController extends Controller { 'payterm' => $request->payterm ]); - DB::table('inv_company_users') - ->where('user_id', $request->user) - ->update(['company_id' => $add]); - return $add; } else { @@ -161,15 +153,10 @@ class InvoiceController extends Controller { if ($valid['inv_mancompany'] == 1) { if ($valid['inv_manuser'] == 0) { - $companyId = DB::table('inv_company_users') - ->select('company_id') - ->where('user_id', $check) - ->limit(1) - ->first(); - if ($companyId != 0) { DB::table('inv_company') ->where('id', $request->id) + ->where('user_id', $check) ->update([ 'name' => $request->name, 'compreg' => ($request->compreg ? $request->compreg : ''), @@ -186,16 +173,10 @@ class InvoiceController extends Controller { } } else if ($valid['inv_manuser'] == 1) { - DB::table('inv_company_users') - ->where('company_id', $request->id) - ->update([ - 'user_id' => $request->cu_id - ]); - DB::table('inv_company') ->where('id', $request->id) ->update([ - 'cu_id' => $request->cu_id, + 'user_id' => $request->user_id, 'name' => $request->name, 'compreg' => ($request->compreg ? $request->compreg : ''), 'taxnr' => ($request->taxnr ? $request->taxnr : ''), @@ -224,7 +205,6 @@ class InvoiceController extends Controller { if ($valid['inv_mancompany'] == 1 && $valid['inv_manuser'] == 1) { DB::table('inv_company')->where('id', $request->id)->delete(); - DB::table('inv_company_users')->where('company_id', $request->id)->delete(); return 'Done.'; } @@ -245,9 +225,36 @@ class InvoiceController extends Controller { $valid = $this->objAuth->getPermissions($request->username, $request->password); if ($valid['inv_mancontact'] == 1) { - return DB::table('inv_contacts') - ->select('*') - ->get(); + if ($valid['inv_manuser'] == 1) { + return DB::table('inv_contacts') + ->select( + 'id', + 'user_id', + 'name', + 'address', + 'postcode', + 'town', + 'country', + 'phone', + 'email' + ) + ->get(); + } + else { + return DB::table('inv_contacts') + ->select( + 'id', + 'name', + 'address', + 'postcode', + 'town', + 'country', + 'phone', + 'email' + ) + ->where('user_id', $check) + ->get(); + } } else { return 'Permission denied.'; @@ -265,26 +272,67 @@ class InvoiceController extends Controller { $valid = $this->objAuth->getPermissions($request->username, $request->password); if ($valid['inv_mancontact'] == 1) { - $get = DB::table('inv_contacts') - ->select('*') - ->where('id', $id) - ->get(); + if ($valid['inv_manuser'] == 1) { + $get = DB::table('inv_contacts') + ->select( + 'id', + 'user_id', + 'name', + 'address', + 'postcode', + 'town', + 'country', + 'phone', + 'email' + ) + ->where('id', $id) + ->get(); - $emp = DB::table('inv_employers') - ->select('id') - ->where('contact_id', $id) - ->get(); + $emp = DB::table('inv_employers') + ->select('id') + ->where('contact_id', $id) + ->get(); - $cus = DB::table('inv_clients') - ->select('id') - ->where('contact_id', $id) - ->get(); + $cus = DB::table('inv_clients') + ->select('id') + ->where('contact_id', $id) + ->get(); + } + else { + $get = DB::table('inv_contacts') + ->select( + 'id', + 'name', + 'address', + 'postcode', + 'town', + 'country', + 'phone', + 'email' + ) + ->where('id', $id) + ->where('user_id', $check) + ->get(); + + $emp = DB::table('inv_employers') + ->select('id') + ->where('contact_id', $id) + ->where('user_id', $check) + ->get(); + + $cus = DB::table('inv_clients') + ->select('id') + ->where('contact_id', $id) + ->where('user_id', $check) + ->get(); + } $res = array(); foreach($get as $g) { $res[] = array( 'id' => $g->id, + 'user_id' => ($valid['inv_manuser'] === 1 ? $g->user_id : $check), 'name' => $g->name, 'address' => $g->address, 'postcode' => $g->postcode, @@ -315,16 +363,63 @@ class InvoiceController extends Controller { $valid = $this->objAuth->getPermissions($request->username, $request->password); if ($valid['inv_mancontact'] == 1) { - $add = DB::table('inv_contacts') - ->insertGetId([ - 'name' => $request->name, - 'address' => $request->address, - 'postcode' => $request->postcode, - 'town' => $request->town, - 'country' => $request->country, - 'phone' => $request->phone, - 'email' => $request->email - ]); + if ($valid['inv_manuser'] == 1) { + $add = DB::table('inv_contacts') + ->insertGetId([ + 'user_id' => $request->user_id, + 'name' => $request->name, + 'address' => $request->address, + 'postcode' => $request->postcode, + 'town' => $request->town, + 'country' => $request->country, + 'phone' => $request->phone, + 'email' => $request->email + ]); + + if ($request->isCustomer) { + DB::table('inv_clients') + ->insert([ + 'user_id' => $request->user_id, + 'contact_id' => $add + ]); + } + + if ($request->isEmployer) { + DB::table('inv_employers') + ->insert([ + 'user_id' => $request->user_id, + 'contact_id' => $add + ]); + } + } + else { + $add = DB::table('inv_contacts') + ->insertGetId([ + 'name' => $request->name, + 'address' => $request->address, + 'postcode' => $request->postcode, + 'town' => $request->town, + 'country' => $request->country, + 'phone' => $request->phone, + 'email' => $request->email + ]); + + if ($request->isCustomer) { + DB::table('inv_clients') + ->insert([ + 'user_id' => $check, + 'contact_id' => $add + ]); + } + + if ($request->isEmployer) { + DB::table('inv_employers') + ->insert([ + 'user_id' => $check, + 'contact_id' => $add + ]); + } + } if ($request->isCustomer) { DB::table('inv_clients') @@ -358,55 +453,121 @@ class InvoiceController extends Controller { $valid = $this->objAuth->getPermissions($request->username, $request->password); if ($valid['inv_mancontact'] == 1) { - DB::table('inv_contacts') - ->where('id', $request->id) - ->update([ - 'name' => $request->name, - 'address' => $request->address, - 'postcode' => $request->postcode, - 'town' => $request->town, - 'country' => $request->country, - 'phone' => $request->phone, - 'email' => $request->email - ]); + if ($valid['inv_manuser'] == 1) { + DB::table('inv_contacts') + ->where('id', $request->id) + ->update([ + 'user_id' => $request->user_id, + 'name' => $request->name, + 'address' => $request->address, + 'postcode' => $request->postcode, + 'town' => $request->town, + 'country' => $request->country, + 'phone' => $request->phone, + 'email' => $request->email + ]); - $emp = DB::table('inv_employers') - ->select('id') - ->where('contact_id', $request->id) - ->get(); + $emp = DB::table('inv_employers') + ->select('id') + ->where('contact_id', $request->id) + ->get(); - $cus = DB::table('inv_clients') - ->select('id') - ->where('contact_id', $request->id) - ->get(); - - if ($emp->count()) { - if (!$request->isEmployer) { - DB::table('inv_employers')->where('contact_id', $request->id)->delete(); - } + $cus = DB::table('inv_clients') + ->select('id') + ->where('contact_id', $request->id) + ->get(); } else { - if ($request->isEmployer) { - DB::table('inv_employers') - ->where('id', $request->id) - ->insert([ - 'contact_id' => $request->id - ]); - } + DB::table('inv_contacts') + ->where('id', $request->id) + ->where('user_id', $check) + ->update([ + 'name' => $request->name, + 'address' => $request->address, + 'postcode' => $request->postcode, + 'town' => $request->town, + 'country' => $request->country, + 'phone' => $request->phone, + 'email' => $request->email + ]); + + $emp = DB::table('inv_employers') + ->select('id') + ->where('user_id', $check) + ->where('contact_id', $request->id) + ->get(); + + $cus = DB::table('inv_clients') + ->select('id') + ->where('user_id', $check) + ->where('contact_id', $request->id) + ->get(); } - if ($cus->count()) { - if (!$request->isCustomer) { - DB::table('inv_clients')->where('contact_id', $request->id)->delete(); + if ($valid['inv_manuser'] == 1) { + if ($emp->count()) { + if (!$request->isEmployer) { + DB::table('inv_employers')->where('contact_id', $request->id)->delete(); + } } - } - else { - if ($request->isCustomer) { + else { + if ($request->isEmployer) { + DB::table('inv_employers') + ->where('id', $request->id) + ->insert([ + 'user_id' => $request->user_id, + 'contact_id' => $request->id + ]); + } + } + + if ($cus->count()) { + if (!$request->isCustomer) { + DB::table('inv_clients')->where('contact_id', $request->id)->delete(); + } + } + else { + if ($request->isCustomer) { DB::table('inv_clients') - ->where('id', $request->id) - ->insert([ - 'contact_id' => $request->id - ]); + ->where('id', $request->id) + ->insert([ + 'user_id' => $request->user_id, + 'contact_id' => $request->id + ]); + } + } + } + else { + if ($emp->count()) { + if (!$request->isEmployer) { + DB::table('inv_employers')->where('contact_id', $request->id)->where('user_id', $check)->delete(); + } + } + else { + if ($request->isEmployer) { + DB::table('inv_employers') + ->where('id', $request->id) + ->where('user_id', $check) + ->insert([ + 'contact_id' => $request->id + ]); + } + } + + if ($cus->count()) { + if (!$request->isCustomer) { + DB::table('inv_clients')->where('contact_id', $request->id)->where('user_id', $check)->delete(); + } + } + else { + if ($request->isCustomer) { + DB::table('inv_clients') + ->where('id', $request->id) + ->where('user_id', $check) + ->insert([ + 'contact_id' => $request->id + ]); + } } } @@ -428,9 +589,16 @@ class InvoiceController extends Controller { $valid = $this->objAuth->getPermissions($request->username, $request->password); if ($valid['inv_mancontact'] == 1) { - DB::table('inv_contacts')->where('id', $request->id)->delete(); - DB::table('inv_employers')->where('contact_id', $request->id)->delete(); - DB::table('inv_clients')->where('contact_id', $request->id)->delete(); + if ($valid['inv_manuser'] == 1) { + DB::table('inv_contacts')->where('id', $request->id)->delete(); + DB::table('inv_employers')->where('contact_id', $request->id)->delete(); + DB::table('inv_clients')->where('contact_id', $request->id)->delete(); + } + else { + DB::table('inv_contacts')->where('id', $request->id)->where('user_id', $check)->delete(); + DB::table('inv_employers')->where('contact_id', $request->id)->where('user_id', $check)->delete(); + DB::table('inv_clients')->where('contact_id', $request->id)->where('user_id', $check)->delete(); + } return 'Done.'; } @@ -472,7 +640,12 @@ class InvoiceController extends Controller { $valid = $this->objAuth->getPermissions($request->username, $request->password); if ($valid['inv_makeinvoice'] == 1) { - DB::table('inv_invoices')->where('id', $request->id)->delete(); + if ($valid['inv_manuser'] == 1) { + DB::table('inv_invoices')->where('id', $request->id)->delete(); + } + else { + DB::table('inv_invoices')->where('id', $request->id)->where('user_id', $check)->delete(); + } return 'Done.'; } @@ -483,17 +656,71 @@ class InvoiceController extends Controller { } // Services - public function getServices() { // /api/rpc/invoice/service/getservices - return DB::table('inv_services') - ->select('*') - ->get(); + public function getServices(Request $request) { // /api/rpc/invoice/service/getservices + $check = $this->objAuth->checkLegit($request->username, $request->password); + + if ($check == 0) { + return 'Err!'; + } + else { + $valid = $this->objAuth->getPermissions($request->username, $request->password); + + if ($valid['inv_makeinvoice'] == 1) { + if ($valid['inv_manuser'] == 1) { + return DB::table('inv_services') + ->select( + 'id', + 'name', + 'rate' + ) + ->get(); + + } + else { + return DB::table('inv_services') + ->select( + 'id', + 'name', + 'rate' + ) + ->where('user_id', $check) + ->get(); + } + } + else { + return 'Permission denied.'; + } + } } - public function getService($id) { // /api/rpc/invoice/services/getservice/id - return DB::table('inv_services') - ->select('*') - ->where('id', $id) - ->get(); + public function getService($id, Request $request) { // /api/rpc/invoice/services/getservice/id + $check = $this->objAuth->checkLegit($request->username, $request->password); + + if ($check == 0) { + return 'Err!'; + } + else { + $valid = $this->objAuth->getPermissions($request->username, $request->password); + + if ($valid['inv_makeinvoice'] == 1) { + if ($valid['inv_manuser'] == 1) { + return DB::table('inv_services') + ->select('*') + ->where('id', $id) + ->get(); + } + else { + return DB::table('inv_services') + ->select('*') + ->where('id', $id) + ->where('user_id', $check) + ->get(); + } + } + else { + return 'Permission denied.'; + } + } } public function newService(Request $request) { // /api/rpc/invoice/services/new @@ -506,11 +733,21 @@ class InvoiceController extends Controller { $valid = $this->objAuth->getPermissions($request->username, $request->password); if ($valid['inv_makeinvoice'] == 1) { - $add = DB::table('inv_services') - ->insertGetId([ - 'name' => $request->name, - 'rate' => $request->rate - ]); + if ($valid['inv_manuser'] == 1) { + $add = DB::table('inv_services') + ->insertGetId([ + 'user_id' => $request->user_id, + 'name' => $request->name, + 'rate' => $request->rate + ]); + } + else { + $add = DB::table('inv_services') + ->insertGetId([ + 'name' => $request->name, + 'rate' => $request->rate + ]); + } return $add; } @@ -530,12 +767,24 @@ class InvoiceController extends Controller { $valid = $this->objAuth->getPermissions($request->username, $request->password); if ($valid['inv_makeinvoice'] == 1) { - DB::table('inv_services') - ->where('id', $request->id) - ->update([ - 'name' => $request->name, - 'rate' => $request->rate - ]); + if ($valid['inv_manuser'] == 1) { + DB::table('inv_services') + ->where('id', $request->id) + ->update([ + 'user_id' => $request->user_id, + 'name' => $request->name, + 'rate' => $request->rate + ]); + } + else { + DB::table('inv_services') + ->where('id', $request->id) + ->where('user_id', $check) + ->update([ + 'name' => $request->name, + 'rate' => $request->rate + ]); + } return 'Success!'; } @@ -555,7 +804,12 @@ class InvoiceController extends Controller { $valid = $this->objAuth->getPermissions($request->username, $request->password); if ($valid['inv_makeinvoice'] == 1) { - DB::table('inv_services')->where('id', $request->id)->delete(); + if ($valid['inv_manuser'] == 1) { + DB::table('inv_services')->where('id', $request->id)->delete(); + } + else { + DB::table('inv_services')->where('id', $request->id)->where('user_id', $check)->delete(); + } return 'Done.'; }