// =============================
// = add / edit expense record =
// =============================
case 'add_edit_record':
header('Content-Type: application/json;charset=utf-8');
$errors = array();
// determine action for permission check
$action = 'add';
if ($id) {
$action = 'edit';
}
if (isset($_REQUEST['erase'])) {
$action = 'delete';
}
if ($id) {
$data = expense_get($id);
// check if editing or deleting with the old values would be allowed
if (!expenseAccessAllowed($data, $action, $errors)) {
echo json_encode(array('errors' => $errors));
break;
}
}
// delete now because next steps don't need to be taken for deleted entries
if (isset($_REQUEST['erase'])) {
expense_delete($id);
echo json_encode(array('errors' => $errors));
break;
}
if (!isset($_REQUEST['projectID']) || empty($_REQUEST['projectID']) || !is_numeric($_REQUEST['projectID'])) {
$errors['projectID'] = $kga['lang']['errorMessages']['noProjectSelected'];
}
/**
* edit exp entry
*
* @param integer $id ID of record
* @global array $kga kimai-global-array
* @param integer $data array with new record data
* @author th
*/
function expense_edit($id, $data)
{
global $kga, $database;
$conn = $database->getConnectionHandler();
$data = $database->clean_data($data);
$original_array = expense_get($id);
$new_array = array();
foreach ($original_array as $key => $value) {
if (isset($data[$key]) == true) {
$new_array[$key] = $data[$key];
} else {
$new_array[$key] = $original_array[$key];
}
}
$values['projectID'] = MySQL::SQLValue($new_array['projectID'], MySQL::SQLVALUE_NUMBER);
$values['designation'] = MySQL::SQLValue($new_array['designation']);
$values['comment'] = MySQL::SQLValue($new_array['comment']);
$values['commentType'] = MySQL::SQLValue($new_array['commentType'], MySQL::SQLVALUE_NUMBER);
$values['timestamp'] = MySQL::SQLValue($new_array['timestamp'], MySQL::SQLVALUE_NUMBER);
$values['multiplier'] = MySQL::SQLValue($new_array['multiplier'], MySQL::SQLVALUE_NUMBER);
$values['value'] = MySQL::SQLValue($new_array['value'], MySQL::SQLVALUE_NUMBER);
$values['refundable'] = MySQL::SQLValue($new_array['refundable'], MySQL::SQLVALUE_NUMBER);
$filter['expenseID'] = MySQL::SQLValue($id, MySQL::SQLVALUE_NUMBER);
$table = $kga['server_prefix'] . "expenses";
$query = MySQL::BuildSQLUpdate($table, $values, $filter);
$success = true;
if (!$conn->Query($query)) {
$success = false;
}
return $success;
}
