/**
* Displays a given invoice number $invoiceNo of $user
*
* @param int $invoiceNo
* @param UserTable $user
* @return string
*/
protected function showInvoice( $invoiceNo, $user ) {
global $_CB_database, $_CB_framework;
$return = '';
$params = $this->params;
$showInvoices = $params->get( 'show_invoices', 1 );
if ( $showInvoices ) {
$invoiceNo = (int) $invoiceNo;
if ( $invoiceNo ) {
$basket = new cbpaidPaymentBasket( $_CB_database );
if ( ( $basket->load( (int) $invoiceNo ) ) && ( $user->id == $basket->user_id ) ) {
$ok = false;
$myId = $_CB_framework->myId();
if ( $myId == 0 ) {
$ck = $this->base->_getReqParam( 'invoicecheck' );
if ( $ck && ( $ck == $basket->checkHashInvoice( $ck ) ) ) {
$ok = true;
}
} elseif ( $user->id == $myId ) {
$ok = true;
} elseif ( cbpaidApp::authoriseAction( 'cbsubs.sales' ) || cbpaidApp::authoriseAction( 'cbsubs.financial' ) ) {
$ok = true;
}
if ( $ok ) {
$itsmyself = ( $_CB_framework->myId() == $user->id );
$return .= $basket->displayInvoice( $user, $itsmyself );
} else {
$return .= '<div class="error">'
. CBPTXT::Th("You need to be logged in to view your private information.")
. '</div>'
;
}
} else {
$this->base->_setErrorMSG( CBPTXT::T("No unpaid payment basket found.") );
}
} else {
$this->base->_setErrorMSG( CBPTXT::T("Not authorized action") );
}
} else {
$this->base->_setErrorMSG( CBPTXT::T("Not authorized action") );
}
return $return;
}
