public static function get_files($search = false, $skip_permissions = false) { // build up a custom search sql query based on the provided search fields $sql = "SELECT f.* "; $from = " FROM `" . _DB_PREFIX . "file` f "; if (class_exists('module_customer', false)) { $from .= " LEFT JOIN `" . _DB_PREFIX . "customer` c USING (customer_id)"; } $where = " WHERE 1 "; if (isset($search['generic']) && $search['generic']) { $str = mysql_real_escape_string($search['generic']); $where .= " AND ( "; $where .= " f.file_name LIKE '%{$str}%' "; //$where .= "OR u.url LIKE '%$str%' "; $where .= ' ) '; } /*if(isset($search['job']) && $search['job']){ $str = mysql_real_escape_string($search['job']); $from .= " LEFT JOIN `"._DB_PREFIX."job` j USING (job_id)"; $where .= " AND ( "; $where .= " j.name LIKE '%$str%' "; $where .= ' ) '; }*/ // tricky job searching, by name or by job id. // but we don't want to restrict it to customer if they are searching for a job. /* * this is the logic we have to follow: * $customer_access = module_customer::get_customer($file['customer_id']); $job_access = module_job::get_job($file['job_id']); if( ($customer_access && $customer_access['customer_id'] == $file['customer_id']) || ($job_access && $job_access['job_id'] == $file['job_id']) ){ */ foreach (array('file_id', 'owner_id', 'owner_table', 'status', 'bucket_parent_file_id') as $key) { if (isset($search[$key]) && $search[$key] !== '' && $search[$key] !== false) { $str = mysql_real_escape_string($search[$key]); $where .= " AND f.`{$key}` = '{$str}'"; } } // permissions from customer module. // tie in with customer permissions to only get jobs from customers we can access. if (!$skip_permissions) { switch (self::get_file_data_access()) { case _FILE_ACCESS_ALL: // all files, no limits on SQL here break; case _FILE_ACCESS_JOBS: $jobs = module_job::get_jobs(array(), array('columns' => 'u.job_id AS job_id')); $where .= " AND f.job_id IN ( "; if (count($jobs)) { foreach ($jobs as $valid_job_id) { $where .= (int) $valid_job_id['job_id'] . ','; } $where = rtrim($where, ','); } else { $where .= ' -1 '; } $where .= ' ) '; break; case _FILE_ACCESS_ME: $where .= " AND f.create_user_id = " . (int) module_security::get_loggedin_id(); break; case _FILE_ACCESS_ASSIGNED: $from .= " LEFT JOIN `" . _DB_PREFIX . "file_user_rel` cur ON f.file_id = cur.file_id"; $where .= " AND (cur.user_id = " . (int) module_security::get_loggedin_id() . ")"; break; case _FILE_ACCESS_CUSTOMERS: default: if (class_exists('module_customer', false)) { //added for compat in newsletter system that doesn't have customer module switch (module_customer::get_customer_data_access()) { case _CUSTOMER_ACCESS_ALL: // all customers! so this means all files! break; case _CUSTOMER_ACCESS_ALL_COMPANY: case _CUSTOMER_ACCESS_CONTACTS: case _CUSTOMER_ACCESS_TASKS: case _CUSTOMER_ACCESS_STAFF: $valid_customer_ids = module_security::get_customer_restrictions(); if (count($valid_customer_ids)) { $where .= " AND ( "; foreach ($valid_customer_ids as $valid_customer_id) { if (isset($search['owner_table'])) { $where .= " (f.owner_table = 'customer' AND f.owner_id = '" . (int) $valid_customer_id . "') OR "; } else { $where .= " (f.customer_id = '" . (int) $valid_customer_id . "') OR "; if (isset($search['customer_id']) && $search['customer_id'] && $search['customer_id'] == $valid_customer_id) { unset($search['customer_id']); } } } $where = rtrim($where, 'OR '); $where .= ' ) '; } break; } } } // file data access switch } if (class_exists('module_job', false)) { if (isset($search['job_id']) && (int) $search['job_id'] > 0) { // check if we have permissions to view this job. $job = module_job::get_job($search['job_id']); if (!$job || $job['job_id'] != $search['job_id']) { $search['job_id'] = false; } } } if (isset($search['job_id']) && (int) $search['job_id'] > 0) { $where .= " AND f.job_id = " . (int) $search['job_id']; } else { if (isset($search['quote_id']) && (int) $search['quote_id'] > 0) { $where .= " AND f.quote_id = " . (int) $search['quote_id']; } else { if (isset($search['customer_id']) && (int) $search['customer_id']) { $where .= " AND f.customer_id = " . (int) $search['customer_id']; } } } $group_order = ' GROUP BY f.file_id ORDER BY f.file_name'; // stop when multiple company sites have same region $sql = $sql . $from . $where . $group_order; //echo $sql; $result = qa($sql); //module_security::filter_data_set("invoice",$result); return $result; //return get_multiple("file",$search,"file_id","exact","file_id"); }
public static function get_finances($search = array()) { // we have to search for recent transactions. this involves combining the "finance" table with the "invoice_payment" table // then sort the results by date $hide_invoice_payments = false; $sql = "SELECT f.* "; $sql .= " , fa.name AS account_name "; $sql .= " , GROUP_CONCAT(fc.`name` ORDER BY fc.`name` ASC SEPARATOR ', ') AS categories "; $sql .= " FROM `" . _DB_PREFIX . "finance` f "; $sql .= " LEFT JOIN `" . _DB_PREFIX . "finance_account` fa USING (finance_account_id) "; $sql .= " LEFT JOIN `" . _DB_PREFIX . "finance_category_rel` fcr ON f.finance_id = fcr.finance_id "; $sql .= " LEFT JOIN `" . _DB_PREFIX . "finance_category` fc ON fcr.finance_category_id = fc.finance_category_id "; $where = " WHERE 1 "; if (isset($search['finance_account_id']) && is_array($search['finance_account_id'])) { $fo = array(); foreach ($search['finance_account_id'] as $val) { if ((int) $val > 0) { $fo[(int) $val] = true; } } if (count($fo) > 0) { $where .= " AND ( "; foreach ($fo as $f => $ff) { $where .= " f.finance_account_id = " . $f . ' OR'; } $where = rtrim($where, 'OR'); $where .= ' )'; $hide_invoice_payments = true; } } if (isset($search['finance_recurring_id']) && $search['finance_recurring_id']) { $where .= " AND f.finance_recurring_id = '" . (int) $search['finance_recurring_id'] . "'"; $hide_invoice_payments = true; } if (isset($search['finance_category_id']) && is_array($search['finance_category_id'])) { $fo = array(); foreach ($search['finance_category_id'] as $val) { if ((int) $val > 0) { $fo[(int) $val] = true; } } if (count($fo) > 0) { $where .= " AND EXISTS ( SELECT * FROM `" . _DB_PREFIX . "finance_category_rel` fcr2 WHERE fcr2.finance_id = f.finance_id AND ( "; foreach ($fo as $f => $ff) { $where .= " fcr2.finance_category_id = " . $f . ' OR'; } $where = rtrim($where, 'OR'); $where .= ' )'; $where .= ' )'; $hide_invoice_payments = true; } } if (isset($search['invoice_payment_id']) && $search['invoice_payment_id']) { $where .= " AND f.invoice_payment_id = '" . (int) $search['invoice_payment_id'] . "'"; $hide_invoice_payments = true; } // below 6 searches are repeated again below in invoice payments if (isset($search['job_id']) && (int) $search['job_id'] > 0) { $where .= " AND f.`job_id` = " . (int) $search['job_id']; } if (isset($search['invoice_id']) && (int) $search['invoice_id'] > 0) { $where .= " AND f.`invoice_id` = " . (int) $search['invoice_id']; } if (isset($search['customer_id']) && (int) $search['customer_id'] > 0) { $where .= " AND f.`customer_id` = " . (int) $search['customer_id']; } if (isset($search['company_id']) && (int) $search['company_id'] > 0) { // check this user can view this company id or not if (class_exists('module_company', false) && module_company::can_i('view', 'Company') && module_company::is_enabled()) { $companys = module_company::get_companys(); if (isset($companys[$search['company_id']])) { $sql .= " LEFT JOIN `" . _DB_PREFIX . "company_customer` cc ON f.customer_id = cc.customer_id "; $where .= " AND ( cc.`company_id` = " . (int) $search['company_id'] . " OR f.`company_id` = " . (int) $search['company_id'] . " )"; } } } if (isset($search['generic']) && strlen(trim($search['generic']))) { $name = mysql_real_escape_string(trim($search['generic'])); $where .= " AND (f.`name` LIKE '%{$name}%' OR f.description LIKE '%{$name}%' )"; } if (isset($search['date_from']) && $search['date_from'] != '') { $where .= " AND f.transaction_date >= '" . input_date($search['date_from']) . "'"; } if (isset($search['date_to']) && $search['date_to'] != '') { $where .= " AND f.transaction_date <= '" . input_date($search['date_to']) . "'"; } if (isset($search['amount_from']) && $search['amount_from'] != '') { $where .= " AND f.amount >= '" . mysql_real_escape_string($search['amount_from']) . "'"; } if (isset($search['amount_to']) && $search['amount_to'] != '') { $where .= " AND f.amount <= '" . mysql_real_escape_string($search['amount_to']) . "'"; } if (isset($search['type']) && $search['type'] != '' && $search['type'] != 'ie') { $where .= " AND f.type = '" . mysql_real_escape_string($search['type']) . "'"; } // permissions from job module. /*switch(module_job::get_job_access_permissions()){ case _JOB_ACCESS_ALL: break; case _JOB_ACCESS_ASSIGNED: // only assigned jobs! //$from .= " LEFT JOIN `"._DB_PREFIX."task` t ON u.job_id = t.job_id "; //u.user_id = ".(int)module_security::get_loggedin_id()." OR $where .= " AND (t.user_id = ".(int)module_security::get_loggedin_id().")"; break; case _JOB_ACCESS_CUSTOMER: break; }*/ // permissions from customer module. // tie in with customer permissions to only get jobs from customers we can access. switch (module_customer::get_customer_data_access()) { case _CUSTOMER_ACCESS_ALL: // all customers! so this means all jobs! break; case _CUSTOMER_ACCESS_ALL_COMPANY: case _CUSTOMER_ACCESS_CONTACTS: case _CUSTOMER_ACCESS_TASKS: case _CUSTOMER_ACCESS_STAFF: $valid_customer_ids = module_security::get_customer_restrictions(); if (count($valid_customer_ids)) { $where .= " AND f.customer_id IN ( "; foreach ($valid_customer_ids as $valid_customer_id) { $where .= (int) $valid_customer_id . ", "; } $where = rtrim($where, ', '); $where .= " )"; } } $where .= " GROUP BY f.finance_id "; $where .= " ORDER BY f.transaction_date DESC "; $sql .= $where; $finances_from_finance_db_table = qa($sql); // invoice payments: $finance_from_invoice_payments = array(); $finance_from_job_staff_expenses = array(); if (!$hide_invoice_payments && (!isset($search['invoice_id']) || !(int) $search['invoice_id'] > 0)) { $sql = "SELECT j.*, f.finance_id AS existing_finance_id "; $sql .= " FROM `" . _DB_PREFIX . "job` j "; $sql .= " LEFT JOIN `" . _DB_PREFIX . "finance` f ON j.job_id = f.job_id AND f.job_staff_expense > 0 "; $where = " WHERE 1 "; //j.date_completed != '0000-00-00' "; $where .= " AND j.`c_staff_total_amount` > 0 "; if (isset($search['job_id']) && (int) $search['job_id'] > 0) { $where .= " AND (j.`job_id` = " . (int) $search['job_id'] . " ) "; } if (isset($search['customer_id']) && (int) $search['customer_id'] > 0) { $where .= " AND j.`customer_id` = " . (int) $search['customer_id']; } /*if(isset($search['generic']) && strlen(trim($search['generic']))){ $name = mysql_real_escape_string(trim($search['generic'])); $where .= " AND (i.`name` LIKE '%$name%' OR p.method LIKE '%$name%' )"; }*/ if (isset($search['company_id']) && (int) $search['company_id'] > 0) { // check this user can view this company id or not if (class_exists('module_company', false) && module_company::can_i('view', 'Company') && module_company::is_enabled()) { $companys = module_company::get_companys(); if (isset($companys[$search['company_id']])) { $sql .= " LEFT JOIN `" . _DB_PREFIX . "company_customer` cc ON j.customer_id = cc.customer_id "; $where .= " AND cc.`company_id` = " . (int) $search['company_id']; } } } if (isset($search['date_from']) && $search['date_from'] != '') { $where .= " AND j.date_completed >= '" . input_date($search['date_from']) . "'"; } if (isset($search['date_to']) && $search['date_to'] != '') { $where .= " AND j.date_completed <= '" . input_date($search['date_to']) . "'"; } if (isset($search['amount_from']) && $search['amount_from'] != '') { $where .= " AND j.c_staff_total_amount >= '" . mysql_real_escape_string($search['amount_from']) . "'"; } if (isset($search['amount_to']) && $search['amount_to'] != '') { $where .= " AND j.c_staff_total_amount <= '" . mysql_real_escape_string($search['amount_to']) . "'"; } switch (module_job::get_job_access_permissions()) { case _JOB_ACCESS_ALL: break; case _JOB_ACCESS_ASSIGNED: // only assigned jobs! $sql .= " LEFT JOIN `" . _DB_PREFIX . "task` t ON j.job_id = t.job_id "; $where .= " AND (j.user_id = " . (int) module_security::get_loggedin_id() . " OR t.user_id = " . (int) module_security::get_loggedin_id() . ")"; break; case _JOB_ACCESS_CUSTOMER: // tie in with customer permissions to only get jobs from customers we can access. $valid_customer_ids = module_security::get_customer_restrictions(); if (count($valid_customer_ids)) { $where .= " AND j.customer_id IN ( "; foreach ($valid_customer_ids as $valid_customer_id) { $where .= (int) $valid_customer_id . ", "; } $where = rtrim($where, ', '); $where .= " )"; } break; } switch (module_customer::get_customer_data_access()) { case _CUSTOMER_ACCESS_ALL: // all customers! so this means all jobs! break; case _CUSTOMER_ACCESS_ALL_COMPANY: case _CUSTOMER_ACCESS_CONTACTS: case _CUSTOMER_ACCESS_TASKS: case _CUSTOMER_ACCESS_STAFF: $valid_customer_ids = module_security::get_customer_restrictions(); if (count($valid_customer_ids)) { $where .= " AND j.customer_id IN ( "; foreach ($valid_customer_ids as $valid_customer_id) { $where .= (int) $valid_customer_id . ", "; } $where = rtrim($where, ', '); $where .= " )"; } } $sql .= $where . " GROUP BY j.job_id ORDER BY j.date_completed DESC "; //echo $sql; $finance_from_job_staff_expenses = array(); $res = qa($sql); foreach ($res as $finance) { // we have a job with staff expenses. split this up into gruops based on staff members. $staff_total_grouped = false; if (isset($finance['c_staff_total_grouped']) && strlen($finance['c_staff_total_grouped'])) { $staff_total_grouped = @unserialize($finance['c_staff_total_grouped']); } if ($staff_total_grouped === false) { // echo 'here: '; // var_dump($finance); // var_dump($staff_total_grouped); $job_data = module_job::get_job($finance['job_id']); $staff_total_grouped = $job_data['staff_total_grouped']; } if (is_array($staff_total_grouped)) { foreach ($staff_total_grouped as $staff_id => $staff_total) { $staff_member = module_user::get_user($staff_id); if ($staff_member && $staff_member['user_id'] == $staff_id) { // make sure this entry doesn't already exist in the database table for this job // there MAY be an existing entry if 'existing_finance_id' is set if ($finance['existing_finance_id'] > 0) { // check if it exists for this staff member. $existing = get_single('finance', array('job_id', 'job_staff_expense', 'amount'), array($finance['job_id'], $staff_id, $staff_total)); if ($existing) { // match exists already, skip adding this one to the list. continue; } } //$finance = self::_format_invoice_payment($finance, $finance); //$finance['url'] = module_job::link_open($finance['job_id'],false,$finance); $finance['url'] = module_finance::link_open('new', false) . '&job_staff_expense=' . $staff_id . '&from_job_id=' . $finance['job_id']; $finance['transaction_date'] = $finance['date_completed']; $finance['description'] = _l('Job Expense For Staff Member: %s', $staff_member['name'] . ' ' . $staff_member['last_name']); //"Exiting: ".$finance['existing_finance_id'].": ". $finance['amount'] = $staff_total; $finance['debit'] = $staff_total; $finance['sub_amount'] = $staff_total; $finance['taxable_amount'] = $staff_total; $finance['credit'] = 0; $finance['type'] = 'e'; $finance_from_job_staff_expenses[] = $finance; } } } } } if (!$hide_invoice_payments) { $sql = "SELECT p.*, i.customer_id "; if (module_config::c('finance_date_type', 'payment') == 'invoice') { // show entries by invoice create date, not payment date. $sql .= " , i.date_create AS transaction_date "; } else { // default, show by paid date. $sql .= " , p.date_paid AS transaction_date "; } $sql .= " FROM `" . _DB_PREFIX . "invoice_payment` p "; $sql .= " LEFT JOIN `" . _DB_PREFIX . "invoice` i ON p.invoice_id = i.invoice_id "; $where = " WHERE p.date_paid != '0000-00-00' "; $where .= " AND p.`amount` != 0 "; $where .= " AND ( p.`payment_type` = " . _INVOICE_PAYMENT_TYPE_NORMAL . " OR p.`payment_type` = " . _INVOICE_PAYMENT_TYPE_REFUND . ' OR p.`payment_type` = ' . _INVOICE_PAYMENT_TYPE_OVERPAYMENT_CREDIT . ' OR p.`payment_type` = ' . _INVOICE_PAYMENT_TYPE_CREDIT . ')'; if (isset($search['job_id']) && (int) $search['job_id'] > 0) { $sql .= " LEFT JOIN `" . _DB_PREFIX . "invoice_item` ii ON i.invoice_id = ii.invoice_id"; $sql .= " LEFT JOIN `" . _DB_PREFIX . "task` t ON ii.task_id = t.task_id"; $where .= " AND (t.`job_id` = " . (int) $search['job_id'] . " OR i.`deposit_job_id` = " . (int) $search['job_id'] . " ) "; } if (isset($search['invoice_id']) && (int) $search['invoice_id'] > 0) { $where .= " AND p.`invoice_id` = " . (int) $search['invoice_id']; } if (isset($search['customer_id']) && (int) $search['customer_id'] > 0) { $where .= " AND i.`customer_id` = " . (int) $search['customer_id']; } /*if(isset($search['generic']) && strlen(trim($search['generic']))){ $name = mysql_real_escape_string(trim($search['generic'])); $where .= " AND (i.`name` LIKE '%$name%' OR p.method LIKE '%$name%' )"; }*/ if (isset($search['company_id']) && (int) $search['company_id'] > 0) { // check this user can view this company id or not if (class_exists('module_company', false) && module_company::can_i('view', 'Company') && module_company::is_enabled()) { $companys = module_company::get_companys(); if (isset($companys[$search['company_id']])) { $sql .= " LEFT JOIN `" . _DB_PREFIX . "company_customer` cc ON i.customer_id = cc.customer_id "; $where .= " AND cc.`company_id` = " . (int) $search['company_id']; } } } if (isset($search['date_from']) && $search['date_from'] != '') { if (module_config::c('finance_date_type', 'payment') == 'invoice') { $where .= " AND i.date_create >= '" . input_date($search['date_from']) . "'"; } else { $where .= " AND p.date_paid >= '" . input_date($search['date_from']) . "'"; } } if (isset($search['date_to']) && $search['date_to'] != '') { if (module_config::c('finance_date_type', 'payment') == 'invoice') { $where .= " AND i.date_create <= '" . input_date($search['date_to']) . "'"; } else { $where .= " AND p.date_paid <= '" . input_date($search['date_to']) . "'"; } } if (isset($search['amount_from']) && $search['amount_from'] != '') { $where .= " AND p.amount >= '" . mysql_real_escape_string($search['amount_from']) . "'"; } if (isset($search['amount_to']) && $search['amount_to'] != '') { $where .= " AND p.amount <= '" . mysql_real_escape_string($search['amount_to']) . "'"; } if (isset($search['type']) && $search['type'] != '' && $search['type'] != 'ie') { if ($search['type'] == 'i') { $where .= " AND p.amount > 0"; } else { if ($search['type'] == 'e') { $where .= " AND p.amount < 0"; } } } switch (module_customer::get_customer_data_access()) { case _CUSTOMER_ACCESS_ALL: // all customers! so this means all jobs! break; case _CUSTOMER_ACCESS_ALL_COMPANY: case _CUSTOMER_ACCESS_CONTACTS: case _CUSTOMER_ACCESS_TASKS: case _CUSTOMER_ACCESS_STAFF: $valid_customer_ids = module_security::get_customer_restrictions(); if (count($valid_customer_ids)) { $where .= " AND i.customer_id IN ( "; foreach ($valid_customer_ids as $valid_customer_id) { $where .= (int) $valid_customer_id . ", "; } $where = rtrim($where, ', '); $where .= " )"; } } $sql .= $where . " ORDER BY p.date_paid DESC "; //echo $sql; $finance_from_invoice_payments = qa($sql); foreach ($finance_from_invoice_payments as $finance_id => $finance) { // doesn't have an finance / account reference just yet. // but they can create one and this will become a child entry to it. $finance = self::_format_invoice_payment($finance, $finance); /*if(!isset($finance['customer_id']) || !$finance['customer_id']){ $invoice_data = module_invoice::get_invoice($finance['invoice_id'],2); $finance['customer_id'] = $invoice_data['customer_id']; }*/ // grab a new name/descriptino/etc.. from other plugins (at the moment only subscription) /*$new_finance = hook_handle_callback('finance_invoice_listing',$finance['invoice_id'],$finance); if(is_array($new_finance) && count($new_finance)){ foreach($new_finance as $n){ $finance = array_merge($finance,$n); } }*/ $finance_from_invoice_payments[$finance_id] = $finance; } if (isset($search['generic']) && strlen(trim($search['generic']))) { $name = mysql_real_escape_string(trim($search['generic'])); // $where .= " AND (i.`name` LIKE '%$name%' OR p.method LIKE '%$name%' )"; // we have to do a PHP search here because foreach ($finance_from_invoice_payments as $finance_id => $finance) { if (stripos($finance['name'], $name) === false && stripos($finance['description'], $name) === false) { unset($finance_from_invoice_payments[$finance_id]); } } } } $finances = array_merge($finances_from_finance_db_table, $finance_from_invoice_payments, $finance_from_job_staff_expenses); unset($finances_from_finance_db_table); unset($finance_from_invoice_payments); unset($finance_from_job_staff_expenses); // sort this if (!function_exists('sort_finance')) { function sort_finance($a, $b) { $t1 = strtotime($a['transaction_date']); $t2 = strtotime($b['transaction_date']); if ($t1 == $t2) { // sort by finance id, putting ones with a finance id first before others. then amount. if (isset($a['finance_id']) && !isset($b['finance_id'])) { // put $a before $b return -1; } else { if (!isset($a['finance_id']) && isset($b['finance_id'])) { // put $b before $a return 1; } else { return $a['amount'] > $b['amount']; } } } else { return $t1 < $t2; } } } uasort($finances, 'sort_finance'); foreach ($finances as $finance_id => $finance) { // we load each of these transactions // transaction can be a "transaction" or an "invoice_payment" // find out if this transaction is a child transaction to another transaction. // if it is a child transaction and we haven't already dispayed it in this listing // then we find the parent transaction and display it along with all it's children in this place. // this wont be perfect all the time but will be awesome in 99% of cases. if (isset($finance['finance_id']) && $finance['finance_id']) { // displayed before already? if (isset($displayed_finance_ids[$finance['finance_id']])) { $finances[$displayed_finance_ids[$finance['finance_id']]]['link_count']++; unset($finances[$finance_id]); continue; } $displayed_finance_ids[$finance['finance_id']] = $finance_id; if (isset($finance['invoice_payment_id']) && $finance['invoice_payment_id']) { $displayed_invoice_payment_ids[$finance['invoice_payment_id']] = $finance_id; // so we dont display again. } } else { if (isset($finance['invoice_payment_id']) && $finance['invoice_payment_id'] && isset($finance['invoice_id']) && $finance['invoice_id']) { // this is an invoice payment (incoming payment) // displayed before already? if (isset($displayed_invoice_payment_ids[$finance['invoice_payment_id']])) { $finances[$displayed_invoice_payment_ids[$finance['invoice_payment_id']]] = array_merge($finance, $finances[$displayed_invoice_payment_ids[$finance['invoice_payment_id']]]); $finances[$displayed_invoice_payment_ids[$finance['invoice_payment_id']]]['link_count']++; unset($finances[$finance_id]); continue; } $displayed_invoice_payment_ids[$finance['invoice_payment_id']] = $finance_id; // so we dont display again. } else { if (isset($finance['c_staff_total_amount'])) { // staff expense. } else { // nfi? unset($finances[$finance_id]); continue; } } } if (isset($finance['parent_finance_id']) && $finance['parent_finance_id']) { // check if it's parent finance id has been displayed already somewhere. if (isset($displayed_finance_ids[$finance['parent_finance_id']])) { $finances[$displayed_finance_ids[$finance['parent_finance_id']]]['link_count']++; unset($finances[$finance_id]); continue; // already done it on this page. } $displayed_finance_ids[$finance['parent_finance_id']] = $finance_id; // we haven't displayed the parent one yet. // display the parent one in this listing. $finance = self::get_finance($finance['parent_finance_id']); } /*if(isset($finance['invoice_payment_id']) && $finance['invoice_payment_id'] && isset($finance['invoice_id']) && $finance['invoice_id']){ // moved to above. }else*/ if (isset($finance['finance_id']) && $finance['finance_id']) { $finance['url'] = self::link_open($finance['finance_id'], false); $finance['credit'] = $finance['type'] == 'i' ? $finance['amount'] : 0; $finance['debit'] = $finance['type'] == 'e' ? $finance['amount'] : 0; if (!isset($finance['categories'])) { $finance['categories'] = ''; } if (!isset($finance['account_name'])) { $finance['account_name'] = ''; } } if (isset($finance['taxes']) && !isset($finance['sub_amount'])) { $finance['sub_amount'] = $finance['amount']; foreach ($finance['taxes'] as $tax) { if (isset($tax['amount'])) { $finance['sub_amount'] -= $tax['amount']; } } } $finance['link_count'] = 0; $finances[$finance_id] = $finance; } return $finances; }
public static function get_jobs($search = array(), $return_options = array()) { // limit based on customer id /*if(!isset($_REQUEST['customer_id']) || !(int)$_REQUEST['customer_id']){ return array(); }*/ $cache_key = 'get_jobs_' . md5(serialize(array($search, $return_options))); if ($cached_item = module_cache::get('job', $cache_key)) { return $cached_item; } $cache_timeout = module_config::c('cache_objects', 60); // build up a custom search sql query based on the provided search fields $sql = "SELECT "; if (isset($return_options['columns'])) { $sql .= $return_options['columns']; } else { $sql .= "u.*,u.job_id AS id "; $sql .= ", u.name AS name "; $sql .= ", c.customer_name "; if (class_exists('module_website', false) && module_website::is_plugin_enabled()) { $sql .= ", w.name AS website_name"; // for export } $sql .= ", us.name AS staff_member"; // for export } $from = " FROM `" . _DB_PREFIX . "job` u "; $from .= " LEFT JOIN `" . _DB_PREFIX . "customer` c USING (customer_id)"; if (class_exists('module_website', false) && module_website::is_plugin_enabled()) { $from .= " LEFT JOIN `" . _DB_PREFIX . "website` w ON u.website_id = w.website_id"; // for export } $from .= " LEFT JOIN `" . _DB_PREFIX . "user` us ON u.user_id = us.user_id"; // for export $where = " WHERE 1 "; if (is_array($return_options) && isset($return_options['custom_where'])) { // put in return options so harder to push through from user end. $where .= $return_options['custom_where']; } if (isset($search['generic']) && $search['generic']) { $str = mysql_real_escape_string($search['generic']); $where .= " AND ( "; $where .= " u.name LIKE '%{$str}%' "; //OR "; //$where .= " u.url LIKE '%$str%' "; $where .= ' ) '; } if (isset($search['date_start_after']) && $search['date_start_after'] !== '' && $search['date_start_after'] !== false) { $date = input_date($search['date_start_after']); $where .= " AND u.`date_start` >= '" . mysql_real_escape_string($date) . "'"; } if (isset($search['date_start_before']) && $search['date_start_before'] !== '' && $search['date_start_before'] !== false) { $date = input_date($search['date_start_before']); $where .= " AND u.`date_start` != '0000-00-00' AND u.`date_start` <= '" . mysql_real_escape_string($date) . "'"; } if (isset($search['task_due_after']) && $search['task_due_after'] !== '' && $search['task_due_after'] !== false) { $date = input_date($search['task_due_after']); if (!strpos($from, 'task`')) { $from .= " LEFT JOIN `" . _DB_PREFIX . "task` ts ON u.job_id = ts.job_id "; } $where .= " AND ts.`date_due` >= '" . mysql_real_escape_string($date) . "'"; } if (isset($search['task_due_before']) && $search['task_due_before'] !== '' && $search['task_due_before'] !== false) { $date = input_date($search['task_due_before']); if (!strpos($from, 'task`')) { $from .= " LEFT JOIN `" . _DB_PREFIX . "task` ts ON u.job_id = ts.job_id "; } $where .= " AND ts.`date_due` != '0000-00-00' AND ts.`date_due` <= '" . mysql_real_escape_string($date) . "'"; } if (isset($search['user_id']) && $search['user_id'] !== '' && $search['user_id'] !== false && (int) $search['user_id'] > 0) { $user_id = (int) $search['user_id']; if (!strpos($from, 'task`')) { $from .= " LEFT JOIN `" . _DB_PREFIX . "task` ts ON u.job_id = ts.job_id "; } $where .= " AND ( u.`user_id` = {$user_id} OR `ts`.`user_id` = {$user_id} ) "; } if (strpos($sql, 'ts.') && !strpos($from, 'task')) { $from .= " LEFT JOIN `" . _DB_PREFIX . "task` ts ON u.job_id = ts.job_id "; } if (isset($search['group_id']) && trim($search['group_id'])) { $str = (int) $search['group_id']; $from .= " LEFT JOIN `" . _DB_PREFIX . "group_member` gm ON (u.job_id = gm.owner_id)"; $where .= " AND (gm.group_id = '{$str}' AND gm.owner_table = 'job')"; } if (isset($search['extra_fields']) && is_array($search['extra_fields']) && class_exists('module_extra', false)) { $extra_fields = array(); foreach ($search['extra_fields'] as $key => $val) { if (strlen(trim($val))) { $extra_fields[$key] = trim($val); } } if (count($extra_fields)) { $from .= " LEFT JOIN `" . _DB_PREFIX . "extra` ext ON (ext.owner_id = u.job_id)"; //AND ext.owner_table = 'customer' $where .= " AND (ext.owner_table = 'job' AND ( "; foreach ($extra_fields as $key => $val) { $val = mysql_real_escape_string($val); $key = mysql_real_escape_string($key); $where .= "( ext.`extra` LIKE '%{$val}%' AND ext.`extra_key` = '{$key}') OR "; } $where = rtrim($where, ' OR'); $where .= ' ) )'; } } foreach (array('customer_id', 'website_id', 'renew_job_id', 'status', 'type', 'date_start', 'date_quote', 'quote_id') as $key) { if (isset($search[$key]) && $search[$key] !== '' && $search[$key] !== false) { $str = mysql_real_escape_string($search[$key]); if ($str[0] == '!') { // hack for != sql searching. $str = ltrim($str, '!'); $where .= " AND u.`{$key}` != '{$str}'"; } else { $where .= " AND u.`{$key}` = '{$str}'"; } } } if (isset($search['completed']) && (int) $search['completed'] > 0) { switch ($search['completed']) { case 1: // both complete and not complete jobs, dont modify query break; case 2: // only completed jobs. $where .= " AND u.date_completed != '0000-00-00'"; break; case 3: // only non-completed jobs. $where .= " AND u.date_completed = '0000-00-00'"; break; case 4: // only quoted jobs $where .= " AND u.date_start = '0000-00-00' AND u.date_quote != '0000-00-00'"; break; case 5: // only not started jobs $where .= " AND u.date_start = '0000-00-00'"; break; } } if (isset($return_options['custom_group_by'])) { $group_order = $return_options['custom_group_by']; } else { $group_order = ' GROUP BY u.job_id ORDER BY u.name'; } switch (self::get_job_access_permissions()) { case _JOB_ACCESS_ALL: break; case _JOB_ACCESS_ASSIGNED: // only assigned jobs! $from .= " LEFT JOIN `" . _DB_PREFIX . "task` t ON u.job_id = t.job_id "; $where .= " AND (u.user_id = " . (int) module_security::get_loggedin_id() . " OR t.user_id = " . (int) module_security::get_loggedin_id() . ")"; break; case _JOB_ACCESS_CUSTOMER: // tie in with customer permissions to only get jobs from customers we can access. $customers = module_customer::get_customers(); if (count($customers)) { $where .= " AND u.customer_id IN ( "; foreach ($customers as $customer) { $where .= $customer['customer_id'] . ', '; } $where = rtrim($where, ', '); $where .= " ) "; } break; } // tie in with customer permissions to only get jobs from customers we can access. switch (module_customer::get_customer_data_access()) { case _CUSTOMER_ACCESS_ALL: // all customers! so this means all jobs! break; case _CUSTOMER_ACCESS_ALL_COMPANY: case _CUSTOMER_ACCESS_CONTACTS: case _CUSTOMER_ACCESS_TASKS: case _CUSTOMER_ACCESS_STAFF: $valid_customer_ids = module_security::get_customer_restrictions(); if (count($valid_customer_ids)) { $where .= " AND ( u.customer_id = 0 OR u.customer_id IN ( "; foreach ($valid_customer_ids as $valid_customer_id) { $where .= (int) $valid_customer_id . ", "; } $where = rtrim($where, ', '); $where .= " )"; $where .= " )"; } } $sql = $sql . $from . $where . $group_order; // echo $sql;print_r(debug_backtrace());exit; $result = qa($sql); //module_security::filter_data_set("job",$result); module_cache::put('job', $cache_key, $result, $cache_timeout); return $result; // return get_multiple("job",$search,"job_id","fuzzy","name"); }
public static function get_invoices($search = array(), $return_options = array()) { // limit based on customer id /*if(!isset($_REQUEST['customer_id']) || !(int)$_REQUEST['customer_id']){ return array(); }*/ // build up a custom search sql query based on the provided search fields $sql = "SELECT u.*,u.invoice_id AS id "; $sql .= ", u.name AS name "; $sql .= ", c.customer_name "; $from = " FROM `" . _DB_PREFIX . "invoice` u "; $from .= " LEFT JOIN `" . _DB_PREFIX . "customer` c USING (customer_id)"; $from .= " LEFT JOIN `" . _DB_PREFIX . "invoice_item` ii ON u.invoice_id = ii.invoice_id "; $from .= " LEFT JOIN `" . _DB_PREFIX . "task` t ON ii.task_id = t.task_id"; /*if(isset($search['job_id']) && (int)$search['job_id']>0){ $from .= " AND t.`job_id` = ".(int)$search['job_id']; }*/ if (class_exists('module_subscription', false)) { $sql .= ", GROUP_CONCAT(DISTINCT subh.subscription_id ORDER BY subh.subscription_id) AS invoice_subscription_ids "; $from .= " LEFT JOIN `" . _DB_PREFIX . "subscription_history` subh ON u.invoice_id = subh.invoice_id "; } $where = " WHERE 1 "; if (is_array($return_options) && isset($return_options['custom_where'])) { // put in return options so harder to push through from user end. $where .= $return_options['custom_where']; } if (isset($search['generic']) && $search['generic']) { $str = mysql_real_escape_string($search['generic']); $where .= " AND ( "; $where .= " u.name LIKE '%{$str}%' "; //$where .= "OR u.url LIKE '%$str%' "; $where .= ' ) '; } foreach (array('customer_id', 'status', 'name', 'date_paid', 'date_due', 'renew_invoice_id', 'credit_note_id', 'website_id') as $key) { if (isset($search[$key]) && $search[$key] !== '' && $search[$key] !== false) { $str = mysql_real_escape_string($search[$key]); $where .= " AND u.`{$key}` = '{$str}'"; } } if (isset($search['date_from']) && $search['date_from']) { $str = mysql_real_escape_string(input_date($search['date_from'])); $where .= " AND ( "; $where .= " u.date_create >= '{$str}' "; $where .= ' ) '; } if (isset($search['date_to']) && $search['date_to']) { $str = mysql_real_escape_string(input_date($search['date_to'])); $where .= " AND ( "; $where .= " u.date_create <= '{$str}' "; $where .= ' ) '; } if (isset($search['date_paid_from']) && $search['date_paid_from']) { $str = mysql_real_escape_string(input_date($search['date_paid_from'])); $where .= " AND ( "; $where .= " u.date_paid >= '{$str}' "; $where .= ' ) '; } if (isset($search['date_paid_to']) && $search['date_paid_to']) { $str = mysql_real_escape_string(input_date($search['date_paid_to'])); $where .= " AND ( "; $where .= " u.date_paid <= '{$str}' "; $where .= ' ) '; } if (isset($search['job_id']) && (int) $search['job_id'] > 0) { $where .= " AND ( t.`job_id` = " . (int) $search['job_id'] . ' OR '; $where .= " u.deposit_job_id = " . (int) $search['job_id']; $where .= ' ) '; } if (isset($search['deposit_job_id']) && (int) $search['deposit_job_id'] > 0) { $where .= " AND ( u.deposit_job_id = " . (int) $search['deposit_job_id']; $where .= ' ) '; } if (isset($search['customer_group_id']) && (int) $search['customer_group_id'] > 0) { $from .= " LEFT JOIN `" . _DB_PREFIX . "group_member` gm ON (c.customer_id = gm.owner_id)"; $where .= " AND (gm.group_id = '" . (int) $search['customer_group_id'] . "' AND gm.owner_table = 'customer')"; } if (isset($search['renewing']) && $search['renewing']) { $where .= " AND u.date_renew != '0000-00-00' AND (u.renew_invoice_id IS NULL OR u.renew_invoice_id = 0) "; } switch (self::get_invoice_access_permissions()) { case _INVOICE_ACCESS_ALL: break; case _INVOICE_ACCESS_STAFF: $where .= " AND u.vendor_user_id = " . (int) module_security::get_loggedin_id(); break; case _INVOICE_ACCESS_JOB: $valid_job_ids = module_job::get_jobs(); $where .= " AND ( t.`job_id` IN ( "; if (count($valid_job_ids)) { foreach ($valid_job_ids as $valid_job_id) { $where .= (int) $valid_job_id['job_id'] . ", "; } $where = rtrim($where, ', '); } else { $where .= ' NULL '; } $where .= ' ) '; $where .= " OR "; $where .= " u.deposit_job_id IN ( "; if (count($valid_job_ids)) { foreach ($valid_job_ids as $valid_job_id) { $where .= (int) $valid_job_id['job_id'] . ", "; } $where = rtrim($where, ', '); } else { $where .= ' NULL '; } $where .= ' ) '; $where .= " )"; break; case _INVOICE_ACCESS_CUSTOMER: $valid_customer_ids = module_security::get_customer_restrictions(); $where .= " AND u.customer_id IN ( "; if (count($valid_customer_ids)) { foreach ($valid_customer_ids as $valid_customer_id) { $where .= (int) $valid_customer_id . ", "; } $where = rtrim($where, ', '); } else { $where .= ' NULL '; } $where .= " )"; } // permissions from customer module. // tie in with customer permissions to only get jobs from customers we can access. switch (module_customer::get_customer_data_access()) { case _CUSTOMER_ACCESS_ALL: // all customers! so this means all jobs! break; case _CUSTOMER_ACCESS_ALL_COMPANY: case _CUSTOMER_ACCESS_CONTACTS: case _CUSTOMER_ACCESS_TASKS: case _CUSTOMER_ACCESS_STAFF: $valid_customer_ids = module_security::get_customer_restrictions(); $where .= " AND u.customer_id IN ( "; if (count($valid_customer_ids)) { foreach ($valid_customer_ids as $valid_customer_id) { $where .= (int) $valid_customer_id . ", "; } $where = rtrim($where, ', '); } else { $where .= ' NULL '; } $where .= " )"; } $group_order = ' GROUP BY u.invoice_id ORDER BY u.date_create DESC'; // stop when multiple company sites have same region $sql = $sql . $from . $where . $group_order; $result = qa($sql); //module_security::filter_data_set("invoice",$result); return $result; // return get_multiple("invoice",$search,"invoice_id","fuzzy","name"); }
<?php /** * Copyright: dtbaker 2012 * Licence: Please check CodeCanyon.net for licence details. * More licence clarification available here: http://codecanyon.net/wiki/support/legal-terms/licensing-terms/ * Deploy: 9809 f200f46c2a19bb98d112f2d32a8de0c4 * Envato: 4ffca17e-861e-4921-86c3-8931978c40ca * Package Date: 2015-11-25 02:55:20 * IP Address: 67.79.165.254 */ $access = true; switch ($table_name) { case 'invoice': default: // check if current user can access this invoice. if ($data && isset($data['customer_id']) && (int) $data['customer_id'] > 0) { $valid_customer_ids = module_security::get_customer_restrictions(); if ($valid_customer_ids) { $access = isset($valid_customer_ids[$data['customer_id']]); if (!$access) { return false; } } } break; }
public static function get_quotes($search = array(), $return_options = array()) { // limit based on customer id /*if(!isset($_REQUEST['customer_id']) || !(int)$_REQUEST['customer_id']){ return array(); }*/ $cache_key = 'get_quotes_' . md5(serialize(array($search, $return_options))); if ($cached_item = module_cache::get('quote', $cache_key)) { return $cached_item; } $cache_timeout = module_config::c('cache_objects', 60); // build up a custom search sql query based on the provided search fields $sql = "SELECT "; if (isset($return_options['columns'])) { $sql .= $return_options['columns']; } else { $sql .= "u.*,u.quote_id AS id "; $sql .= ", u.name AS name "; $sql .= ", c.customer_name "; if (class_exists('module_website', false) && module_website::is_plugin_enabled()) { $sql .= ", w.name AS website_name"; // for export } $sql .= ", us.name AS staff_member"; // for export } $from = " FROM `" . _DB_PREFIX . "quote` u "; $from .= " LEFT JOIN `" . _DB_PREFIX . "customer` c USING (customer_id)"; if (class_exists('module_website', false) && module_website::is_plugin_enabled()) { $from .= " LEFT JOIN `" . _DB_PREFIX . "website` w ON u.website_id = w.website_id"; // for export } $from .= " LEFT JOIN `" . _DB_PREFIX . "user` us ON u.user_id = us.user_id"; // for export $where = " WHERE 1 "; if (is_array($return_options) && isset($return_options['custom_where'])) { // put in return options so harder to push through from user end. $where .= $return_options['custom_where']; } if (isset($search['generic']) && $search['generic']) { $str = mysql_real_escape_string($search['generic']); $where .= " AND ( "; $where .= " u.name LIKE '%{$str}%' "; //OR "; //$where .= " u.url LIKE '%$str%' "; $where .= ' ) '; } foreach (array('customer_id', 'website_id', 'status', 'type', 'date_create') as $key) { if (isset($search[$key]) && $search[$key] !== '' && $search[$key] !== false) { $str = mysql_real_escape_string($search[$key]); if ($str[0] == '!') { // hack for != sql searching. $str = ltrim($str, '!'); $where .= " AND u.`{$key}` != '{$str}'"; } else { $where .= " AND u.`{$key}` = '{$str}'"; } } } if (isset($search['ticket_id']) && (int) $search['ticket_id'] > 0) { // join on the ticket_quote_rel tab.e $from .= " LEFT JOIN `" . _DB_PREFIX . "ticket_quote_rel` tqr USING (quote_id)"; $where .= " AND tqr.ticket_id = " . (int) $search['ticket_id']; } if (isset($search['accepted']) && (int) $search['accepted'] > 0) { switch ($search['accepted']) { case 1: // both complete and not complete quotes, dont modify query break; case 2: // only completed quotes. $where .= " AND u.date_approved != '0000-00-00'"; break; case 3: // only non-completed quotes. $where .= " AND u.date_approved = '0000-00-00'"; break; } } $group_order = ' GROUP BY u.quote_id ORDER BY u.name'; switch (self::get_quote_access_permissions()) { case _QUOTE_ACCESS_ALL: break; case _QUOTE_ACCESS_ASSIGNED: // only assigned quotes! $from .= " LEFT JOIN `" . _DB_PREFIX . "quote_task` t ON u.quote_id = t.quote_id "; $where .= " AND (u.user_id = " . (int) module_security::get_loggedin_id() . " OR t.user_id = " . (int) module_security::get_loggedin_id() . ")"; break; case _QUOTE_ACCESS_CUSTOMER: // tie in with customer permissions to only get quotes from customers we can access. $customers = module_customer::get_customers(); if (count($customers)) { $where .= " AND u.customer_id IN ( "; foreach ($customers as $customer) { $where .= $customer['customer_id'] . ', '; } $where = rtrim($where, ', '); $where .= " ) "; } break; } // tie in with customer permissions to only get quotes from customers we can access. switch (module_customer::get_customer_data_access()) { case _CUSTOMER_ACCESS_ALL: // all customers! so this means all quotes! break; case _CUSTOMER_ACCESS_ALL_COMPANY: case _CUSTOMER_ACCESS_CONTACTS: case _CUSTOMER_ACCESS_TASKS: case _CUSTOMER_ACCESS_STAFF: $valid_customer_ids = module_security::get_customer_restrictions(); if (count($valid_customer_ids)) { $where .= " AND ( u.customer_id = 0 OR u.customer_id IN ( "; foreach ($valid_customer_ids as $valid_customer_id) { $where .= (int) $valid_customer_id . ", "; } $where = rtrim($where, ', '); $where .= " )"; $where .= " )"; } } $sql = $sql . $from . $where . $group_order; // echo $sql;print_r(debug_backtrace());exit; $result = qa($sql); //module_security::filter_data_set("quote",$result); module_cache::put('quote', $cache_key, $result, $cache_timeout); return $result; // return get_multiple("quote",$search,"quote_id","fuzzy","name"); }
public static function get_customer($customer_id, $skip_permissions = false, $basic_for_link = false) { $customer_id = (int) $customer_id; $customer = false; if ($customer_id > 0) { $cache_key_args = func_get_args(); $cache_key = self::_customer_cache_key($customer_id, $cache_key_args); $cache_timeout = module_config::c('cache_objects', 60); if ($cached_item = module_cache::get('customer', $cache_key)) { return $cached_item; } $customer = get_single("customer", "customer_id", $customer_id); // get their address. if ($customer && isset($customer['customer_id']) && $customer['customer_id'] == $customer_id) { if (!$basic_for_link) { $customer['staff_ids'] = array(); foreach (get_multiple('customer_user_rel', array('customer_id' => $customer_id), 'user_id') as $val) { $customer['staff_ids'][] = $val['user_id']; } $customer['customer_address'] = module_address::get_address($customer_id, 'customer', 'physical', true); } switch (self::get_customer_data_access()) { case _CUSTOMER_ACCESS_ALL: break; case _CUSTOMER_ACCESS_ALL_COMPANY: case _CUSTOMER_ACCESS_CONTACTS: case _CUSTOMER_ACCESS_TASKS: case _CUSTOMER_ACCESS_STAFF: $valid_customer_ids = module_security::get_customer_restrictions(); $is_valid_customer = isset($valid_customer_ids[$customer['customer_id']]); if (!$is_valid_customer) { if ($skip_permissions) { $customer['_no_access'] = true; // set a flag for custom processing. we check for this when calling get_customer with the skip permissions argument. (eg: in the ticket file listing link) } else { $customer = false; } } break; } } } if (!$customer) { $customer = array('customer_id' => 'new', 'customer_name' => '', 'customer_status' => _CUSTOMER_STATUS_PAID, 'primary_user_id' => '', 'credit' => '0', 'customer_address' => array(), 'staff_ids' => array(), 'customer_type_id' => self::get_current_customer_type_id()); } if (class_exists('module_company', false) && module_company::is_enabled() && !$basic_for_link) { $customer['company_ids'] = array(); if (isset($customer['customer_id']) && (int) $customer['customer_id'] > 0) { foreach (module_company::get_companys_by_customer($customer['customer_id']) as $company) { $customer['company_ids'][$company['company_id']] = $company['name']; } } } //$customer['customer_industry_id'] = get_multiple('customer_industry_rel',array('customer_id'=>$customer_id),'customer_industry_id'); //echo $customer_id;print_r($customer);exit; if (isset($cache_key) && isset($cache_timeout)) { module_cache::put('customer', $cache_key, $customer, $cache_timeout); } return $customer; }
public static function get_user($user_id, $perms = true, $do_link = true, $basic_for_link = false) { //,$basic=false $cache_key_args = func_get_args(); $cache_key = self::_user_cache_key($user_id, $cache_key_args); $cache_timeout = module_config::c('cache_objects', 60); if ($cached_item = module_cache::get('user', $cache_key)) { return $cached_item; } $user = get_single("user", "user_id", $user_id); if ($do_link && $user && isset($user['linked_parent_user_id']) && $user['linked_parent_user_id'] && $user['linked_parent_user_id'] != $user['user_id']) { $user = self::get_user($user['linked_parent_user_id']); module_cache::put('user', $cache_key, $user, $cache_timeout); return $user; } if ($user) { if ($basic_for_link) { module_cache::put('user', $cache_key, $user, $cache_timeout); return $user; } // if this user is a linked contact to the current contact then we allow access. if (isset($user['linked_parent_user_id']) && $user['linked_parent_user_id'] == module_security::get_loggedin_id()) { // allow all access. } else { if (class_exists('module_customer', false)) { if ($user) { switch (module_user::get_user_data_access()) { case _USER_ACCESS_ME: if ($user['user_id'] != module_security::get_loggedin_id()) { if ($perms) { $user = false; } else { // eg for linking. $user['_perms'] = false; } } break; case _USER_ACCESS_CONTACTS: if (!$user['customer_id'] && !$user['vendor_id'] && $user['user_id'] != module_security::get_loggedin_id()) { // this user is not a customer contact, don't let them access it. if ($perms) { $user = false; } else { // eg for linking. $user['_perms'] = false; } } break; case _USER_ACCESS_ALL: default: // all user accounts. break; } } if ($user && $user['customer_id'] > 0) { switch (module_customer::get_customer_data_access()) { case _CUSTOMER_ACCESS_ALL: // all customers! so this means all jobs! break; case _CUSTOMER_ACCESS_ALL_COMPANY: case _CUSTOMER_ACCESS_CONTACTS: case _CUSTOMER_ACCESS_TASKS: case _CUSTOMER_ACCESS_STAFF: $valid_customer_ids = module_security::get_customer_restrictions(); $is_valid_user = isset($valid_customer_ids[$user['customer_id']]); if (!$is_valid_user) { if ($perms) { $user = false; } else { // eg for linking. $user['_perms'] = false; } } } } } if ($user && $user['vendor_id'] > 0) { switch (module_vendor::get_vendor_data_access()) { case _VENDOR_ACCESS_ALL: // all vendors! so this means all jobs! break; case _VENDOR_ACCESS_ALL_COMPANY: case _VENDOR_ACCESS_CONTACTS: $valid_vendor_check = module_vendor::get_vendor($user['vendor_id']); $is_valid_user = $valid_vendor_check && isset($valid_vendor_check['vendor_id']) && $valid_vendor_check['vendor_id'] == $user['vendor_id']; if (!$is_valid_user) { if ($perms) { $user = false; } else { // eg for linking. $user['_perms'] = false; } } } } } } if (!$user) { $user = array('user_id' => 'new', 'customer_id' => 0, 'vendor_id' => 0, 'name' => '', 'last_name' => '', 'email' => '', 'password' => '', 'phone' => '', 'mobile' => '', 'fax' => '', 'roles' => array(), 'language' => module_config::c('default_language', 'en'), 'company_ids' => array()); $use_master_key = self::get_contact_master_key(); if (isset($_REQUEST[$use_master_key])) { $user[$use_master_key] = $_REQUEST[$use_master_key]; } } else { $user['roles'] = get_multiple('user_role', array('user_id' => $user_id)); if (class_exists('module_company', false) && module_company::is_enabled()) { $user['company_ids'] = array(); foreach (module_company::get_companys_by_user($user['user_id']) as $company) { $user['company_ids'][$company['company_id']] = $company['name']; } } module_cache::put('user', $cache_key, $user, $cache_timeout); } return $user; }
/** * Copyright: dtbaker 2012 * Licence: Please check CodeCanyon.net for licence details. * More licence clarification available here: http://codecanyon.net/wiki/support/legal-terms/licensing-terms/ * Deploy: 9809 f200f46c2a19bb98d112f2d32a8de0c4 * Envato: 4ffca17e-861e-4921-86c3-8931978c40ca * Package Date: 2015-11-25 02:55:20 * IP Address: 67.79.165.254 */ print_heading(array('main' => true, 'type' => 'h2', 'title' => 'Calendar')); $customer_id = isset($_REQUEST['customer_id']) ? (int) $_REQUEST['customer_id'] : false; $customer_access = module_customer::get_customer_data_access(); if ($customer_access && $customer_access != _CUSTOMER_ACCESS_ALL) { // restricted to what customers we can see. is it only 1? $customer_access_ids = module_security::get_customer_restrictions(); if (count($customer_access_ids) == 1) { $customer_access_id = current($customer_access_ids); if ($customer_access_id > 0) { $customer_id = $customer_access_id; } } } $base_path = _BASE_HREF . 'includes/plugin_calendar/wdCalendar/'; ?> <link href="<?php echo $base_path; ?> css/calendar.css" rel="stylesheet" type="text/css" /> <link href="<?php echo $base_path;
public static function get_website($website_id) { $website = get_single("website", "website_id", $website_id); if ($website) { switch (module_customer::get_customer_data_access()) { case _CUSTOMER_ACCESS_ALL: // all customers! so this means all jobs! break; case _CUSTOMER_ACCESS_ALL_COMPANY: case _CUSTOMER_ACCESS_CONTACTS: case _CUSTOMER_ACCESS_STAFF: $valid_customer_ids = module_security::get_customer_restrictions(); $is_valid_website = isset($valid_customer_ids[$website['customer_id']]); if (!$is_valid_website) { $website = false; } break; case _CUSTOMER_ACCESS_TASKS: // only customers who have linked jobs that I am assigned to. $has_job_access = false; if (isset($website['customer_id']) && $website['customer_id']) { $jobs = module_job::get_jobs(array('customer_id' => $website['customer_id'])); foreach ($jobs as $job) { if ($job['user_id'] == module_security::get_loggedin_id()) { $has_job_access = true; break; } $tasks = module_job::get_tasks($job['job_id']); foreach ($tasks as $task) { if ($task['user_id'] == module_security::get_loggedin_id()) { $has_job_access = true; break; } } } } if (!$has_job_access) { $website = false; } break; } } if (!$website) { $website = array('website_id' => 'new', 'customer_id' => isset($_REQUEST['customer_id']) ? $_REQUEST['customer_id'] : 0, 'name' => '', 'status' => module_config::s('website_status_default', 'New'), 'url' => ''); } return $website; }
public static function get_ticket($ticket_id, $full = true) { $cache_key_args = func_get_args(); $cache_key = self::_ticket_cache_key($ticket_id, $cache_key_args); $cache_timeout = module_config::c('cache_objects', 60); if ($cached_item = module_cache::get('ticket', $cache_key)) { return $cached_item; } $ticket_access = self::get_ticket_data_access(); $ticket_id = (int) $ticket_id; $ticket = false; if ($ticket_id > 0) { //$ticket = get_single("ticket","ticket_id",$ticket_id); $sql = "SELECT * FROM `" . _DB_PREFIX . "ticket` t WHERE t.ticket_id = {$ticket_id} "; switch ($ticket_access) { case _TICKET_ACCESS_ALL: break; case _TICKET_ACCESS_ASSIGNED: // we only want tickets assigned to me. //$sql .= " AND t.assigned_user_id = '".(int)module_security::get_loggedin_id()."'"; $sql .= " AND (t.assigned_user_id = '" . (int) module_security::get_loggedin_id() . "' OR t.assigned_user_id = 0)"; break; case _TICKET_ACCESS_CREATED: // we only want tickets I created. $sql .= " AND t.user_id = '" . (int) module_security::get_loggedin_id() . "'"; break; case _TICKET_ACCESS_CUSTOMER: $valid_customer_ids = module_security::get_customer_restrictions(); if (is_array($valid_customer_ids) && count($valid_customer_ids)) { $sql .= " AND ( "; foreach ($valid_customer_ids as $valid_customer_id) { $sql .= " t.customer_id = '" . (int) $valid_customer_id . "' OR "; } $sql = rtrim($sql, 'OR '); $sql .= " )"; } break; } $ticket = qa1($sql, false); } if ($full === 2) { module_cache::put('ticket', $cache_key, $ticket, $cache_timeout); return $ticket; } if (!$ticket) { $customer_id = $website_id = 0; $user_id = module_security::get_loggedin_id(); if (isset($_REQUEST['customer_id']) && $_REQUEST['customer_id']) { // $customer_id = (int) $_REQUEST['customer_id']; $customer = module_customer::get_customer($customer_id); if (!$customer || $customer['customer_id'] != $customer_id) { $customer_id = 0; } else { $user_id = $customer['primary_user_id']; } // find default website id to use. if (isset($_REQUEST['website_id'])) { $website_id = (int) $_REQUEST['website_id']; $website = module_website::get_website($website_id); if (!$website || $website['website_id'] != $website_id || $website['customer_id'] != $customer_id) { $website_id = 0; } } else { $website_id = 0; } } $position = self::ticket_position(); $ticket = array('ticket_id' => 'new', 'customer_id' => $customer_id, 'website_id' => $website_id, 'subject' => '', 'date_completed' => '', 'status_id' => _TICKET_STATUS_NEW_ID, 'user_id' => $user_id, 'assigned_user_id' => module_config::c('ticket_default_user_id', 1), 'ticket_account_id' => module_config::c('ticket_default_account_id', 0), 'last_message_timestamp' => 0, 'last_ticket_message_id' => 0, 'message_count' => 0, 'position' => $position['current'] + 1, 'priority' => 0, 'ticket_type_id' => module_config::c('ticket_type_id_default', 0), 'total_pending' => $position['total'] + 1, 'extra_data' => array(), 'invoice_id' => false, 'faq_product_id' => false); } else { // find the position of this ticket // the position is determined by the number of pending tickets // that have a last_message_timestamp earlier than this ticket. $position = self::ticket_position($ticket_id); $ticket['position'] = $position['current']; $ticket['total_pending'] = $position['total']; /*if($ticket['priority'] == _TICKET_PRIORITY_STATUS_ID){ $ticket['position'] = self::ticket_count('priority',$ticket['last_message_timestamp'],$ticket['ticket_id'],$ticket['priority']); }else{ $ticket['position'] = self::ticket_count('pending',$ticket['last_message_timestamp'],$ticket['ticket_id'],$ticket['priority']); } $ticket['total_pending'] = self::ticket_count('pending');*/ $messages = self::get_ticket_messages($ticket_id, true); //$ticket['message_count'] = count($messages); $ticket['message_count'] = mysql_num_rows($messages); //end($messages); if ($ticket['message_count'] > 0) { mysql_data_seek($messages, $ticket['message_count'] - 1); } //$last_message = current($messages); $last_message = mysql_fetch_assoc($messages); $ticket['last_ticket_message_id'] = $last_message['ticket_message_id']; $ticket['last_message_was_private'] = isset($last_message['private_message']) && $last_message['private_message']; // for passwords and website addresses.. $ticket['extra_data'] = self::get_ticket_extras($ticket_id); // hook into the envato module. // link any missing envato/faqproduct items together. if (class_exists('module_envato', false) && isset($_REQUEST['faq_product_envato_hack']) && (!$ticket['faq_product_id'] || $ticket['faq_product_id'] == $_REQUEST['faq_product_envato_hack'])) { $items = module_envato::get_items_by_ticket($ticket['ticket_id']); foreach ($items as $envato_item_id => $item) { // see if this item is linked to a product. if ($item['envato_item_id']) { $sql = "SELECT * FROM `" . _DB_PREFIX . "faq_product` WHERE envato_item_ids REGEXP '[|]*" . $envato_item_id . "[|]*'"; $res = qa1($sql); if ($res && $res['faq_product_id']) { // found a product matching this one. link her up. update_insert('ticket_id', $ticket_id, 'ticket', array('faq_product_id' => $res['faq_product_id'])); break; } } } } } module_cache::put('ticket', $cache_key, $ticket, $cache_timeout); return $ticket; }