// ============================= // = add / edit expense record = // ============================= case 'add_edit_record': header('Content-Type: application/json;charset=utf-8'); $errors = array(); // determine action for permission check $action = 'add'; if ($id) { $action = 'edit'; } if (isset($_REQUEST['erase'])) { $action = 'delete'; } if ($id) { $data = expense_get($id); // check if editing or deleting with the old values would be allowed if (!expenseAccessAllowed($data, $action, $errors)) { echo json_encode(array('errors' => $errors)); break; } } // delete now because next steps don't need to be taken for deleted entries if (isset($_REQUEST['erase'])) { expense_delete($id); echo json_encode(array('errors' => $errors)); break; } if (!isset($_REQUEST['projectID']) || empty($_REQUEST['projectID']) || !is_numeric($_REQUEST['projectID'])) { $errors['projectID'] = $kga['lang']['errorMessages']['noProjectSelected']; }
/** * edit exp entry * * @param integer $id ID of record * @global array $kga kimai-global-array * @param integer $data array with new record data * @author th */ function expense_edit($id, $data) { global $kga, $database; $conn = $database->getConnectionHandler(); $data = $database->clean_data($data); $original_array = expense_get($id); $new_array = array(); foreach ($original_array as $key => $value) { if (isset($data[$key]) == true) { $new_array[$key] = $data[$key]; } else { $new_array[$key] = $original_array[$key]; } } $values['projectID'] = MySQL::SQLValue($new_array['projectID'], MySQL::SQLVALUE_NUMBER); $values['designation'] = MySQL::SQLValue($new_array['designation']); $values['comment'] = MySQL::SQLValue($new_array['comment']); $values['commentType'] = MySQL::SQLValue($new_array['commentType'], MySQL::SQLVALUE_NUMBER); $values['timestamp'] = MySQL::SQLValue($new_array['timestamp'], MySQL::SQLVALUE_NUMBER); $values['multiplier'] = MySQL::SQLValue($new_array['multiplier'], MySQL::SQLVALUE_NUMBER); $values['value'] = MySQL::SQLValue($new_array['value'], MySQL::SQLVALUE_NUMBER); $values['refundable'] = MySQL::SQLValue($new_array['refundable'], MySQL::SQLVALUE_NUMBER); $filter['expenseID'] = MySQL::SQLValue($id, MySQL::SQLVALUE_NUMBER); $table = $kga['server_prefix'] . "expenses"; $query = MySQL::BuildSQLUpdate($table, $values, $filter); $success = true; if (!$conn->Query($query)) { $success = false; } return $success; }