public static function get_files($search = false, $skip_permissions = false) { // build up a custom search sql query based on the provided search fields $sql = "SELECT f.* "; $from = " FROM `" . _DB_PREFIX . "file` f "; if (class_exists('module_customer', false)) { $from .= " LEFT JOIN `" . _DB_PREFIX . "customer` c USING (customer_id)"; } $where = " WHERE 1 "; if (isset($search['generic']) && $search['generic']) { $str = mysql_real_escape_string($search['generic']); $where .= " AND ( "; $where .= " f.file_name LIKE '%{$str}%' "; //$where .= "OR u.url LIKE '%$str%' "; $where .= ' ) '; } /*if(isset($search['job']) && $search['job']){ $str = mysql_real_escape_string($search['job']); $from .= " LEFT JOIN `"._DB_PREFIX."job` j USING (job_id)"; $where .= " AND ( "; $where .= " j.name LIKE '%$str%' "; $where .= ' ) '; }*/ // tricky job searching, by name or by job id. // but we don't want to restrict it to customer if they are searching for a job. /* * this is the logic we have to follow: * $customer_access = module_customer::get_customer($file['customer_id']); $job_access = module_job::get_job($file['job_id']); if( ($customer_access && $customer_access['customer_id'] == $file['customer_id']) || ($job_access && $job_access['job_id'] == $file['job_id']) ){ */ foreach (array('file_id', 'owner_id', 'owner_table', 'status', 'bucket_parent_file_id') as $key) { if (isset($search[$key]) && $search[$key] !== '' && $search[$key] !== false) { $str = mysql_real_escape_string($search[$key]); $where .= " AND f.`{$key}` = '{$str}'"; } } // permissions from customer module. // tie in with customer permissions to only get jobs from customers we can access. if (!$skip_permissions) { switch (self::get_file_data_access()) { case _FILE_ACCESS_ALL: // all files, no limits on SQL here break; case _FILE_ACCESS_JOBS: $jobs = module_job::get_jobs(array(), array('columns' => 'u.job_id AS job_id')); $where .= " AND f.job_id IN ( "; if (count($jobs)) { foreach ($jobs as $valid_job_id) { $where .= (int) $valid_job_id['job_id'] . ','; } $where = rtrim($where, ','); } else { $where .= ' -1 '; } $where .= ' ) '; break; case _FILE_ACCESS_ME: $where .= " AND f.create_user_id = " . (int) module_security::get_loggedin_id(); break; case _FILE_ACCESS_ASSIGNED: $from .= " LEFT JOIN `" . _DB_PREFIX . "file_user_rel` cur ON f.file_id = cur.file_id"; $where .= " AND (cur.user_id = " . (int) module_security::get_loggedin_id() . ")"; break; case _FILE_ACCESS_CUSTOMERS: default: if (class_exists('module_customer', false)) { //added for compat in newsletter system that doesn't have customer module switch (module_customer::get_customer_data_access()) { case _CUSTOMER_ACCESS_ALL: // all customers! so this means all files! break; case _CUSTOMER_ACCESS_ALL_COMPANY: case _CUSTOMER_ACCESS_CONTACTS: case _CUSTOMER_ACCESS_TASKS: case _CUSTOMER_ACCESS_STAFF: $valid_customer_ids = module_security::get_customer_restrictions(); if (count($valid_customer_ids)) { $where .= " AND ( "; foreach ($valid_customer_ids as $valid_customer_id) { if (isset($search['owner_table'])) { $where .= " (f.owner_table = 'customer' AND f.owner_id = '" . (int) $valid_customer_id . "') OR "; } else { $where .= " (f.customer_id = '" . (int) $valid_customer_id . "') OR "; if (isset($search['customer_id']) && $search['customer_id'] && $search['customer_id'] == $valid_customer_id) { unset($search['customer_id']); } } } $where = rtrim($where, 'OR '); $where .= ' ) '; } break; } } } // file data access switch } if (class_exists('module_job', false)) { if (isset($search['job_id']) && (int) $search['job_id'] > 0) { // check if we have permissions to view this job. $job = module_job::get_job($search['job_id']); if (!$job || $job['job_id'] != $search['job_id']) { $search['job_id'] = false; } } } if (isset($search['job_id']) && (int) $search['job_id'] > 0) { $where .= " AND f.job_id = " . (int) $search['job_id']; } else { if (isset($search['quote_id']) && (int) $search['quote_id'] > 0) { $where .= " AND f.quote_id = " . (int) $search['quote_id']; } else { if (isset($search['customer_id']) && (int) $search['customer_id']) { $where .= " AND f.customer_id = " . (int) $search['customer_id']; } } } $group_order = ' GROUP BY f.file_id ORDER BY f.file_name'; // stop when multiple company sites have same region $sql = $sql . $from . $where . $group_order; //echo $sql; $result = qa($sql); //module_security::filter_data_set("invoice",$result); return $result; //return get_multiple("file",$search,"file_id","exact","file_id"); }
public static function get_finances($search = array()) { // we have to search for recent transactions. this involves combining the "finance" table with the "invoice_payment" table // then sort the results by date $hide_invoice_payments = false; $sql = "SELECT f.* "; $sql .= " , fa.name AS account_name "; $sql .= " , GROUP_CONCAT(fc.`name` ORDER BY fc.`name` ASC SEPARATOR ', ') AS categories "; $sql .= " FROM `" . _DB_PREFIX . "finance` f "; $sql .= " LEFT JOIN `" . _DB_PREFIX . "finance_account` fa USING (finance_account_id) "; $sql .= " LEFT JOIN `" . _DB_PREFIX . "finance_category_rel` fcr ON f.finance_id = fcr.finance_id "; $sql .= " LEFT JOIN `" . _DB_PREFIX . "finance_category` fc ON fcr.finance_category_id = fc.finance_category_id "; $where = " WHERE 1 "; if (isset($search['finance_account_id']) && is_array($search['finance_account_id'])) { $fo = array(); foreach ($search['finance_account_id'] as $val) { if ((int) $val > 0) { $fo[(int) $val] = true; } } if (count($fo) > 0) { $where .= " AND ( "; foreach ($fo as $f => $ff) { $where .= " f.finance_account_id = " . $f . ' OR'; } $where = rtrim($where, 'OR'); $where .= ' )'; $hide_invoice_payments = true; } } if (isset($search['finance_recurring_id']) && $search['finance_recurring_id']) { $where .= " AND f.finance_recurring_id = '" . (int) $search['finance_recurring_id'] . "'"; $hide_invoice_payments = true; } if (isset($search['finance_category_id']) && is_array($search['finance_category_id'])) { $fo = array(); foreach ($search['finance_category_id'] as $val) { if ((int) $val > 0) { $fo[(int) $val] = true; } } if (count($fo) > 0) { $where .= " AND EXISTS ( SELECT * FROM `" . _DB_PREFIX . "finance_category_rel` fcr2 WHERE fcr2.finance_id = f.finance_id AND ( "; foreach ($fo as $f => $ff) { $where .= " fcr2.finance_category_id = " . $f . ' OR'; } $where = rtrim($where, 'OR'); $where .= ' )'; $where .= ' )'; $hide_invoice_payments = true; } } if (isset($search['invoice_payment_id']) && $search['invoice_payment_id']) { $where .= " AND f.invoice_payment_id = '" . (int) $search['invoice_payment_id'] . "'"; $hide_invoice_payments = true; } // below 6 searches are repeated again below in invoice payments if (isset($search['job_id']) && (int) $search['job_id'] > 0) { $where .= " AND f.`job_id` = " . (int) $search['job_id']; } if (isset($search['invoice_id']) && (int) $search['invoice_id'] > 0) { $where .= " AND f.`invoice_id` = " . (int) $search['invoice_id']; } if (isset($search['customer_id']) && (int) $search['customer_id'] > 0) { $where .= " AND f.`customer_id` = " . (int) $search['customer_id']; } if (isset($search['company_id']) && (int) $search['company_id'] > 0) { // check this user can view this company id or not if (class_exists('module_company', false) && module_company::can_i('view', 'Company') && module_company::is_enabled()) { $companys = module_company::get_companys(); if (isset($companys[$search['company_id']])) { $sql .= " LEFT JOIN `" . _DB_PREFIX . "company_customer` cc ON f.customer_id = cc.customer_id "; $where .= " AND ( cc.`company_id` = " . (int) $search['company_id'] . " OR f.`company_id` = " . (int) $search['company_id'] . " )"; } } } if (isset($search['generic']) && strlen(trim($search['generic']))) { $name = mysql_real_escape_string(trim($search['generic'])); $where .= " AND (f.`name` LIKE '%{$name}%' OR f.description LIKE '%{$name}%' )"; } if (isset($search['date_from']) && $search['date_from'] != '') { $where .= " AND f.transaction_date >= '" . input_date($search['date_from']) . "'"; } if (isset($search['date_to']) && $search['date_to'] != '') { $where .= " AND f.transaction_date <= '" . input_date($search['date_to']) . "'"; } if (isset($search['amount_from']) && $search['amount_from'] != '') { $where .= " AND f.amount >= '" . mysql_real_escape_string($search['amount_from']) . "'"; } if (isset($search['amount_to']) && $search['amount_to'] != '') { $where .= " AND f.amount <= '" . mysql_real_escape_string($search['amount_to']) . "'"; } if (isset($search['type']) && $search['type'] != '' && $search['type'] != 'ie') { $where .= " AND f.type = '" . mysql_real_escape_string($search['type']) . "'"; } // permissions from job module. /*switch(module_job::get_job_access_permissions()){ case _JOB_ACCESS_ALL: break; case _JOB_ACCESS_ASSIGNED: // only assigned jobs! //$from .= " LEFT JOIN `"._DB_PREFIX."task` t ON u.job_id = t.job_id "; //u.user_id = ".(int)module_security::get_loggedin_id()." OR $where .= " AND (t.user_id = ".(int)module_security::get_loggedin_id().")"; break; case _JOB_ACCESS_CUSTOMER: break; }*/ // permissions from customer module. // tie in with customer permissions to only get jobs from customers we can access. switch (module_customer::get_customer_data_access()) { case _CUSTOMER_ACCESS_ALL: // all customers! so this means all jobs! break; case _CUSTOMER_ACCESS_ALL_COMPANY: case _CUSTOMER_ACCESS_CONTACTS: case _CUSTOMER_ACCESS_TASKS: case _CUSTOMER_ACCESS_STAFF: $valid_customer_ids = module_security::get_customer_restrictions(); if (count($valid_customer_ids)) { $where .= " AND f.customer_id IN ( "; foreach ($valid_customer_ids as $valid_customer_id) { $where .= (int) $valid_customer_id . ", "; } $where = rtrim($where, ', '); $where .= " )"; } } $where .= " GROUP BY f.finance_id "; $where .= " ORDER BY f.transaction_date DESC "; $sql .= $where; $finances_from_finance_db_table = qa($sql); // invoice payments: $finance_from_invoice_payments = array(); $finance_from_job_staff_expenses = array(); if (!$hide_invoice_payments && (!isset($search['invoice_id']) || !(int) $search['invoice_id'] > 0)) { $sql = "SELECT j.*, f.finance_id AS existing_finance_id "; $sql .= " FROM `" . _DB_PREFIX . "job` j "; $sql .= " LEFT JOIN `" . _DB_PREFIX . "finance` f ON j.job_id = f.job_id AND f.job_staff_expense > 0 "; $where = " WHERE 1 "; //j.date_completed != '0000-00-00' "; $where .= " AND j.`c_staff_total_amount` > 0 "; if (isset($search['job_id']) && (int) $search['job_id'] > 0) { $where .= " AND (j.`job_id` = " . (int) $search['job_id'] . " ) "; } if (isset($search['customer_id']) && (int) $search['customer_id'] > 0) { $where .= " AND j.`customer_id` = " . (int) $search['customer_id']; } /*if(isset($search['generic']) && strlen(trim($search['generic']))){ $name = mysql_real_escape_string(trim($search['generic'])); $where .= " AND (i.`name` LIKE '%$name%' OR p.method LIKE '%$name%' )"; }*/ if (isset($search['company_id']) && (int) $search['company_id'] > 0) { // check this user can view this company id or not if (class_exists('module_company', false) && module_company::can_i('view', 'Company') && module_company::is_enabled()) { $companys = module_company::get_companys(); if (isset($companys[$search['company_id']])) { $sql .= " LEFT JOIN `" . _DB_PREFIX . "company_customer` cc ON j.customer_id = cc.customer_id "; $where .= " AND cc.`company_id` = " . (int) $search['company_id']; } } } if (isset($search['date_from']) && $search['date_from'] != '') { $where .= " AND j.date_completed >= '" . input_date($search['date_from']) . "'"; } if (isset($search['date_to']) && $search['date_to'] != '') { $where .= " AND j.date_completed <= '" . input_date($search['date_to']) . "'"; } if (isset($search['amount_from']) && $search['amount_from'] != '') { $where .= " AND j.c_staff_total_amount >= '" . mysql_real_escape_string($search['amount_from']) . "'"; } if (isset($search['amount_to']) && $search['amount_to'] != '') { $where .= " AND j.c_staff_total_amount <= '" . mysql_real_escape_string($search['amount_to']) . "'"; } switch (module_job::get_job_access_permissions()) { case _JOB_ACCESS_ALL: break; case _JOB_ACCESS_ASSIGNED: // only assigned jobs! $sql .= " LEFT JOIN `" . _DB_PREFIX . "task` t ON j.job_id = t.job_id "; $where .= " AND (j.user_id = " . (int) module_security::get_loggedin_id() . " OR t.user_id = " . (int) module_security::get_loggedin_id() . ")"; break; case _JOB_ACCESS_CUSTOMER: // tie in with customer permissions to only get jobs from customers we can access. $valid_customer_ids = module_security::get_customer_restrictions(); if (count($valid_customer_ids)) { $where .= " AND j.customer_id IN ( "; foreach ($valid_customer_ids as $valid_customer_id) { $where .= (int) $valid_customer_id . ", "; } $where = rtrim($where, ', '); $where .= " )"; } break; } switch (module_customer::get_customer_data_access()) { case _CUSTOMER_ACCESS_ALL: // all customers! so this means all jobs! break; case _CUSTOMER_ACCESS_ALL_COMPANY: case _CUSTOMER_ACCESS_CONTACTS: case _CUSTOMER_ACCESS_TASKS: case _CUSTOMER_ACCESS_STAFF: $valid_customer_ids = module_security::get_customer_restrictions(); if (count($valid_customer_ids)) { $where .= " AND j.customer_id IN ( "; foreach ($valid_customer_ids as $valid_customer_id) { $where .= (int) $valid_customer_id . ", "; } $where = rtrim($where, ', '); $where .= " )"; } } $sql .= $where . " GROUP BY j.job_id ORDER BY j.date_completed DESC "; //echo $sql; $finance_from_job_staff_expenses = array(); $res = qa($sql); foreach ($res as $finance) { // we have a job with staff expenses. split this up into gruops based on staff members. $staff_total_grouped = false; if (isset($finance['c_staff_total_grouped']) && strlen($finance['c_staff_total_grouped'])) { $staff_total_grouped = @unserialize($finance['c_staff_total_grouped']); } if ($staff_total_grouped === false) { // echo 'here: '; // var_dump($finance); // var_dump($staff_total_grouped); $job_data = module_job::get_job($finance['job_id']); $staff_total_grouped = $job_data['staff_total_grouped']; } if (is_array($staff_total_grouped)) { foreach ($staff_total_grouped as $staff_id => $staff_total) { $staff_member = module_user::get_user($staff_id); if ($staff_member && $staff_member['user_id'] == $staff_id) { // make sure this entry doesn't already exist in the database table for this job // there MAY be an existing entry if 'existing_finance_id' is set if ($finance['existing_finance_id'] > 0) { // check if it exists for this staff member. $existing = get_single('finance', array('job_id', 'job_staff_expense', 'amount'), array($finance['job_id'], $staff_id, $staff_total)); if ($existing) { // match exists already, skip adding this one to the list. continue; } } //$finance = self::_format_invoice_payment($finance, $finance); //$finance['url'] = module_job::link_open($finance['job_id'],false,$finance); $finance['url'] = module_finance::link_open('new', false) . '&job_staff_expense=' . $staff_id . '&from_job_id=' . $finance['job_id']; $finance['transaction_date'] = $finance['date_completed']; $finance['description'] = _l('Job Expense For Staff Member: %s', $staff_member['name'] . ' ' . $staff_member['last_name']); //"Exiting: ".$finance['existing_finance_id'].": ". $finance['amount'] = $staff_total; $finance['debit'] = $staff_total; $finance['sub_amount'] = $staff_total; $finance['taxable_amount'] = $staff_total; $finance['credit'] = 0; $finance['type'] = 'e'; $finance_from_job_staff_expenses[] = $finance; } } } } } if (!$hide_invoice_payments) { $sql = "SELECT p.*, i.customer_id "; if (module_config::c('finance_date_type', 'payment') == 'invoice') { // show entries by invoice create date, not payment date. $sql .= " , i.date_create AS transaction_date "; } else { // default, show by paid date. $sql .= " , p.date_paid AS transaction_date "; } $sql .= " FROM `" . _DB_PREFIX . "invoice_payment` p "; $sql .= " LEFT JOIN `" . _DB_PREFIX . "invoice` i ON p.invoice_id = i.invoice_id "; $where = " WHERE p.date_paid != '0000-00-00' "; $where .= " AND p.`amount` != 0 "; $where .= " AND ( p.`payment_type` = " . _INVOICE_PAYMENT_TYPE_NORMAL . " OR p.`payment_type` = " . _INVOICE_PAYMENT_TYPE_REFUND . ' OR p.`payment_type` = ' . _INVOICE_PAYMENT_TYPE_OVERPAYMENT_CREDIT . ' OR p.`payment_type` = ' . _INVOICE_PAYMENT_TYPE_CREDIT . ')'; if (isset($search['job_id']) && (int) $search['job_id'] > 0) { $sql .= " LEFT JOIN `" . _DB_PREFIX . "invoice_item` ii ON i.invoice_id = ii.invoice_id"; $sql .= " LEFT JOIN `" . _DB_PREFIX . "task` t ON ii.task_id = t.task_id"; $where .= " AND (t.`job_id` = " . (int) $search['job_id'] . " OR i.`deposit_job_id` = " . (int) $search['job_id'] . " ) "; } if (isset($search['invoice_id']) && (int) $search['invoice_id'] > 0) { $where .= " AND p.`invoice_id` = " . (int) $search['invoice_id']; } if (isset($search['customer_id']) && (int) $search['customer_id'] > 0) { $where .= " AND i.`customer_id` = " . (int) $search['customer_id']; } /*if(isset($search['generic']) && strlen(trim($search['generic']))){ $name = mysql_real_escape_string(trim($search['generic'])); $where .= " AND (i.`name` LIKE '%$name%' OR p.method LIKE '%$name%' )"; }*/ if (isset($search['company_id']) && (int) $search['company_id'] > 0) { // check this user can view this company id or not if (class_exists('module_company', false) && module_company::can_i('view', 'Company') && module_company::is_enabled()) { $companys = module_company::get_companys(); if (isset($companys[$search['company_id']])) { $sql .= " LEFT JOIN `" . _DB_PREFIX . "company_customer` cc ON i.customer_id = cc.customer_id "; $where .= " AND cc.`company_id` = " . (int) $search['company_id']; } } } if (isset($search['date_from']) && $search['date_from'] != '') { if (module_config::c('finance_date_type', 'payment') == 'invoice') { $where .= " AND i.date_create >= '" . input_date($search['date_from']) . "'"; } else { $where .= " AND p.date_paid >= '" . input_date($search['date_from']) . "'"; } } if (isset($search['date_to']) && $search['date_to'] != '') { if (module_config::c('finance_date_type', 'payment') == 'invoice') { $where .= " AND i.date_create <= '" . input_date($search['date_to']) . "'"; } else { $where .= " AND p.date_paid <= '" . input_date($search['date_to']) . "'"; } } if (isset($search['amount_from']) && $search['amount_from'] != '') { $where .= " AND p.amount >= '" . mysql_real_escape_string($search['amount_from']) . "'"; } if (isset($search['amount_to']) && $search['amount_to'] != '') { $where .= " AND p.amount <= '" . mysql_real_escape_string($search['amount_to']) . "'"; } if (isset($search['type']) && $search['type'] != '' && $search['type'] != 'ie') { if ($search['type'] == 'i') { $where .= " AND p.amount > 0"; } else { if ($search['type'] == 'e') { $where .= " AND p.amount < 0"; } } } switch (module_customer::get_customer_data_access()) { case _CUSTOMER_ACCESS_ALL: // all customers! so this means all jobs! break; case _CUSTOMER_ACCESS_ALL_COMPANY: case _CUSTOMER_ACCESS_CONTACTS: case _CUSTOMER_ACCESS_TASKS: case _CUSTOMER_ACCESS_STAFF: $valid_customer_ids = module_security::get_customer_restrictions(); if (count($valid_customer_ids)) { $where .= " AND i.customer_id IN ( "; foreach ($valid_customer_ids as $valid_customer_id) { $where .= (int) $valid_customer_id . ", "; } $where = rtrim($where, ', '); $where .= " )"; } } $sql .= $where . " ORDER BY p.date_paid DESC "; //echo $sql; $finance_from_invoice_payments = qa($sql); foreach ($finance_from_invoice_payments as $finance_id => $finance) { // doesn't have an finance / account reference just yet. // but they can create one and this will become a child entry to it. $finance = self::_format_invoice_payment($finance, $finance); /*if(!isset($finance['customer_id']) || !$finance['customer_id']){ $invoice_data = module_invoice::get_invoice($finance['invoice_id'],2); $finance['customer_id'] = $invoice_data['customer_id']; }*/ // grab a new name/descriptino/etc.. from other plugins (at the moment only subscription) /*$new_finance = hook_handle_callback('finance_invoice_listing',$finance['invoice_id'],$finance); if(is_array($new_finance) && count($new_finance)){ foreach($new_finance as $n){ $finance = array_merge($finance,$n); } }*/ $finance_from_invoice_payments[$finance_id] = $finance; } if (isset($search['generic']) && strlen(trim($search['generic']))) { $name = mysql_real_escape_string(trim($search['generic'])); // $where .= " AND (i.`name` LIKE '%$name%' OR p.method LIKE '%$name%' )"; // we have to do a PHP search here because foreach ($finance_from_invoice_payments as $finance_id => $finance) { if (stripos($finance['name'], $name) === false && stripos($finance['description'], $name) === false) { unset($finance_from_invoice_payments[$finance_id]); } } } } $finances = array_merge($finances_from_finance_db_table, $finance_from_invoice_payments, $finance_from_job_staff_expenses); unset($finances_from_finance_db_table); unset($finance_from_invoice_payments); unset($finance_from_job_staff_expenses); // sort this if (!function_exists('sort_finance')) { function sort_finance($a, $b) { $t1 = strtotime($a['transaction_date']); $t2 = strtotime($b['transaction_date']); if ($t1 == $t2) { // sort by finance id, putting ones with a finance id first before others. then amount. if (isset($a['finance_id']) && !isset($b['finance_id'])) { // put $a before $b return -1; } else { if (!isset($a['finance_id']) && isset($b['finance_id'])) { // put $b before $a return 1; } else { return $a['amount'] > $b['amount']; } } } else { return $t1 < $t2; } } } uasort($finances, 'sort_finance'); foreach ($finances as $finance_id => $finance) { // we load each of these transactions // transaction can be a "transaction" or an "invoice_payment" // find out if this transaction is a child transaction to another transaction. // if it is a child transaction and we haven't already dispayed it in this listing // then we find the parent transaction and display it along with all it's children in this place. // this wont be perfect all the time but will be awesome in 99% of cases. if (isset($finance['finance_id']) && $finance['finance_id']) { // displayed before already? if (isset($displayed_finance_ids[$finance['finance_id']])) { $finances[$displayed_finance_ids[$finance['finance_id']]]['link_count']++; unset($finances[$finance_id]); continue; } $displayed_finance_ids[$finance['finance_id']] = $finance_id; if (isset($finance['invoice_payment_id']) && $finance['invoice_payment_id']) { $displayed_invoice_payment_ids[$finance['invoice_payment_id']] = $finance_id; // so we dont display again. } } else { if (isset($finance['invoice_payment_id']) && $finance['invoice_payment_id'] && isset($finance['invoice_id']) && $finance['invoice_id']) { // this is an invoice payment (incoming payment) // displayed before already? if (isset($displayed_invoice_payment_ids[$finance['invoice_payment_id']])) { $finances[$displayed_invoice_payment_ids[$finance['invoice_payment_id']]] = array_merge($finance, $finances[$displayed_invoice_payment_ids[$finance['invoice_payment_id']]]); $finances[$displayed_invoice_payment_ids[$finance['invoice_payment_id']]]['link_count']++; unset($finances[$finance_id]); continue; } $displayed_invoice_payment_ids[$finance['invoice_payment_id']] = $finance_id; // so we dont display again. } else { if (isset($finance['c_staff_total_amount'])) { // staff expense. } else { // nfi? unset($finances[$finance_id]); continue; } } } if (isset($finance['parent_finance_id']) && $finance['parent_finance_id']) { // check if it's parent finance id has been displayed already somewhere. if (isset($displayed_finance_ids[$finance['parent_finance_id']])) { $finances[$displayed_finance_ids[$finance['parent_finance_id']]]['link_count']++; unset($finances[$finance_id]); continue; // already done it on this page. } $displayed_finance_ids[$finance['parent_finance_id']] = $finance_id; // we haven't displayed the parent one yet. // display the parent one in this listing. $finance = self::get_finance($finance['parent_finance_id']); } /*if(isset($finance['invoice_payment_id']) && $finance['invoice_payment_id'] && isset($finance['invoice_id']) && $finance['invoice_id']){ // moved to above. }else*/ if (isset($finance['finance_id']) && $finance['finance_id']) { $finance['url'] = self::link_open($finance['finance_id'], false); $finance['credit'] = $finance['type'] == 'i' ? $finance['amount'] : 0; $finance['debit'] = $finance['type'] == 'e' ? $finance['amount'] : 0; if (!isset($finance['categories'])) { $finance['categories'] = ''; } if (!isset($finance['account_name'])) { $finance['account_name'] = ''; } } if (isset($finance['taxes']) && !isset($finance['sub_amount'])) { $finance['sub_amount'] = $finance['amount']; foreach ($finance['taxes'] as $tax) { if (isset($tax['amount'])) { $finance['sub_amount'] -= $tax['amount']; } } } $finance['link_count'] = 0; $finances[$finance_id] = $finance; } return $finances; }
public static function get_jobs($search = array(), $return_options = array()) { // limit based on customer id /*if(!isset($_REQUEST['customer_id']) || !(int)$_REQUEST['customer_id']){ return array(); }*/ $cache_key = 'get_jobs_' . md5(serialize(array($search, $return_options))); if ($cached_item = module_cache::get('job', $cache_key)) { return $cached_item; } $cache_timeout = module_config::c('cache_objects', 60); // build up a custom search sql query based on the provided search fields $sql = "SELECT "; if (isset($return_options['columns'])) { $sql .= $return_options['columns']; } else { $sql .= "u.*,u.job_id AS id "; $sql .= ", u.name AS name "; $sql .= ", c.customer_name "; if (class_exists('module_website', false) && module_website::is_plugin_enabled()) { $sql .= ", w.name AS website_name"; // for export } $sql .= ", us.name AS staff_member"; // for export } $from = " FROM `" . _DB_PREFIX . "job` u "; $from .= " LEFT JOIN `" . _DB_PREFIX . "customer` c USING (customer_id)"; if (class_exists('module_website', false) && module_website::is_plugin_enabled()) { $from .= " LEFT JOIN `" . _DB_PREFIX . "website` w ON u.website_id = w.website_id"; // for export } $from .= " LEFT JOIN `" . _DB_PREFIX . "user` us ON u.user_id = us.user_id"; // for export $where = " WHERE 1 "; if (is_array($return_options) && isset($return_options['custom_where'])) { // put in return options so harder to push through from user end. $where .= $return_options['custom_where']; } if (isset($search['generic']) && $search['generic']) { $str = mysql_real_escape_string($search['generic']); $where .= " AND ( "; $where .= " u.name LIKE '%{$str}%' "; //OR "; //$where .= " u.url LIKE '%$str%' "; $where .= ' ) '; } if (isset($search['date_start_after']) && $search['date_start_after'] !== '' && $search['date_start_after'] !== false) { $date = input_date($search['date_start_after']); $where .= " AND u.`date_start` >= '" . mysql_real_escape_string($date) . "'"; } if (isset($search['date_start_before']) && $search['date_start_before'] !== '' && $search['date_start_before'] !== false) { $date = input_date($search['date_start_before']); $where .= " AND u.`date_start` != '0000-00-00' AND u.`date_start` <= '" . mysql_real_escape_string($date) . "'"; } if (isset($search['task_due_after']) && $search['task_due_after'] !== '' && $search['task_due_after'] !== false) { $date = input_date($search['task_due_after']); if (!strpos($from, 'task`')) { $from .= " LEFT JOIN `" . _DB_PREFIX . "task` ts ON u.job_id = ts.job_id "; } $where .= " AND ts.`date_due` >= '" . mysql_real_escape_string($date) . "'"; } if (isset($search['task_due_before']) && $search['task_due_before'] !== '' && $search['task_due_before'] !== false) { $date = input_date($search['task_due_before']); if (!strpos($from, 'task`')) { $from .= " LEFT JOIN `" . _DB_PREFIX . "task` ts ON u.job_id = ts.job_id "; } $where .= " AND ts.`date_due` != '0000-00-00' AND ts.`date_due` <= '" . mysql_real_escape_string($date) . "'"; } if (isset($search['user_id']) && $search['user_id'] !== '' && $search['user_id'] !== false && (int) $search['user_id'] > 0) { $user_id = (int) $search['user_id']; if (!strpos($from, 'task`')) { $from .= " LEFT JOIN `" . _DB_PREFIX . "task` ts ON u.job_id = ts.job_id "; } $where .= " AND ( u.`user_id` = {$user_id} OR `ts`.`user_id` = {$user_id} ) "; } if (strpos($sql, 'ts.') && !strpos($from, 'task')) { $from .= " LEFT JOIN `" . _DB_PREFIX . "task` ts ON u.job_id = ts.job_id "; } if (isset($search['group_id']) && trim($search['group_id'])) { $str = (int) $search['group_id']; $from .= " LEFT JOIN `" . _DB_PREFIX . "group_member` gm ON (u.job_id = gm.owner_id)"; $where .= " AND (gm.group_id = '{$str}' AND gm.owner_table = 'job')"; } if (isset($search['extra_fields']) && is_array($search['extra_fields']) && class_exists('module_extra', false)) { $extra_fields = array(); foreach ($search['extra_fields'] as $key => $val) { if (strlen(trim($val))) { $extra_fields[$key] = trim($val); } } if (count($extra_fields)) { $from .= " LEFT JOIN `" . _DB_PREFIX . "extra` ext ON (ext.owner_id = u.job_id)"; //AND ext.owner_table = 'customer' $where .= " AND (ext.owner_table = 'job' AND ( "; foreach ($extra_fields as $key => $val) { $val = mysql_real_escape_string($val); $key = mysql_real_escape_string($key); $where .= "( ext.`extra` LIKE '%{$val}%' AND ext.`extra_key` = '{$key}') OR "; } $where = rtrim($where, ' OR'); $where .= ' ) )'; } } foreach (array('customer_id', 'website_id', 'renew_job_id', 'status', 'type', 'date_start', 'date_quote', 'quote_id') as $key) { if (isset($search[$key]) && $search[$key] !== '' && $search[$key] !== false) { $str = mysql_real_escape_string($search[$key]); if ($str[0] == '!') { // hack for != sql searching. $str = ltrim($str, '!'); $where .= " AND u.`{$key}` != '{$str}'"; } else { $where .= " AND u.`{$key}` = '{$str}'"; } } } if (isset($search['completed']) && (int) $search['completed'] > 0) { switch ($search['completed']) { case 1: // both complete and not complete jobs, dont modify query break; case 2: // only completed jobs. $where .= " AND u.date_completed != '0000-00-00'"; break; case 3: // only non-completed jobs. $where .= " AND u.date_completed = '0000-00-00'"; break; case 4: // only quoted jobs $where .= " AND u.date_start = '0000-00-00' AND u.date_quote != '0000-00-00'"; break; case 5: // only not started jobs $where .= " AND u.date_start = '0000-00-00'"; break; } } if (isset($return_options['custom_group_by'])) { $group_order = $return_options['custom_group_by']; } else { $group_order = ' GROUP BY u.job_id ORDER BY u.name'; } switch (self::get_job_access_permissions()) { case _JOB_ACCESS_ALL: break; case _JOB_ACCESS_ASSIGNED: // only assigned jobs! $from .= " LEFT JOIN `" . _DB_PREFIX . "task` t ON u.job_id = t.job_id "; $where .= " AND (u.user_id = " . (int) module_security::get_loggedin_id() . " OR t.user_id = " . (int) module_security::get_loggedin_id() . ")"; break; case _JOB_ACCESS_CUSTOMER: // tie in with customer permissions to only get jobs from customers we can access. $customers = module_customer::get_customers(); if (count($customers)) { $where .= " AND u.customer_id IN ( "; foreach ($customers as $customer) { $where .= $customer['customer_id'] . ', '; } $where = rtrim($where, ', '); $where .= " ) "; } break; } // tie in with customer permissions to only get jobs from customers we can access. switch (module_customer::get_customer_data_access()) { case _CUSTOMER_ACCESS_ALL: // all customers! so this means all jobs! break; case _CUSTOMER_ACCESS_ALL_COMPANY: case _CUSTOMER_ACCESS_CONTACTS: case _CUSTOMER_ACCESS_TASKS: case _CUSTOMER_ACCESS_STAFF: $valid_customer_ids = module_security::get_customer_restrictions(); if (count($valid_customer_ids)) { $where .= " AND ( u.customer_id = 0 OR u.customer_id IN ( "; foreach ($valid_customer_ids as $valid_customer_id) { $where .= (int) $valid_customer_id . ", "; } $where = rtrim($where, ', '); $where .= " )"; $where .= " )"; } } $sql = $sql . $from . $where . $group_order; // echo $sql;print_r(debug_backtrace());exit; $result = qa($sql); //module_security::filter_data_set("job",$result); module_cache::put('job', $cache_key, $result, $cache_timeout); return $result; // return get_multiple("job",$search,"job_id","fuzzy","name"); }
public static function get_invoices($search = array(), $return_options = array()) { // limit based on customer id /*if(!isset($_REQUEST['customer_id']) || !(int)$_REQUEST['customer_id']){ return array(); }*/ // build up a custom search sql query based on the provided search fields $sql = "SELECT u.*,u.invoice_id AS id "; $sql .= ", u.name AS name "; $sql .= ", c.customer_name "; $from = " FROM `" . _DB_PREFIX . "invoice` u "; $from .= " LEFT JOIN `" . _DB_PREFIX . "customer` c USING (customer_id)"; $from .= " LEFT JOIN `" . _DB_PREFIX . "invoice_item` ii ON u.invoice_id = ii.invoice_id "; $from .= " LEFT JOIN `" . _DB_PREFIX . "task` t ON ii.task_id = t.task_id"; /*if(isset($search['job_id']) && (int)$search['job_id']>0){ $from .= " AND t.`job_id` = ".(int)$search['job_id']; }*/ if (class_exists('module_subscription', false)) { $sql .= ", GROUP_CONCAT(DISTINCT subh.subscription_id ORDER BY subh.subscription_id) AS invoice_subscription_ids "; $from .= " LEFT JOIN `" . _DB_PREFIX . "subscription_history` subh ON u.invoice_id = subh.invoice_id "; } $where = " WHERE 1 "; if (is_array($return_options) && isset($return_options['custom_where'])) { // put in return options so harder to push through from user end. $where .= $return_options['custom_where']; } if (isset($search['generic']) && $search['generic']) { $str = mysql_real_escape_string($search['generic']); $where .= " AND ( "; $where .= " u.name LIKE '%{$str}%' "; //$where .= "OR u.url LIKE '%$str%' "; $where .= ' ) '; } foreach (array('customer_id', 'status', 'name', 'date_paid', 'date_due', 'renew_invoice_id', 'credit_note_id', 'website_id') as $key) { if (isset($search[$key]) && $search[$key] !== '' && $search[$key] !== false) { $str = mysql_real_escape_string($search[$key]); $where .= " AND u.`{$key}` = '{$str}'"; } } if (isset($search['date_from']) && $search['date_from']) { $str = mysql_real_escape_string(input_date($search['date_from'])); $where .= " AND ( "; $where .= " u.date_create >= '{$str}' "; $where .= ' ) '; } if (isset($search['date_to']) && $search['date_to']) { $str = mysql_real_escape_string(input_date($search['date_to'])); $where .= " AND ( "; $where .= " u.date_create <= '{$str}' "; $where .= ' ) '; } if (isset($search['date_paid_from']) && $search['date_paid_from']) { $str = mysql_real_escape_string(input_date($search['date_paid_from'])); $where .= " AND ( "; $where .= " u.date_paid >= '{$str}' "; $where .= ' ) '; } if (isset($search['date_paid_to']) && $search['date_paid_to']) { $str = mysql_real_escape_string(input_date($search['date_paid_to'])); $where .= " AND ( "; $where .= " u.date_paid <= '{$str}' "; $where .= ' ) '; } if (isset($search['job_id']) && (int) $search['job_id'] > 0) { $where .= " AND ( t.`job_id` = " . (int) $search['job_id'] . ' OR '; $where .= " u.deposit_job_id = " . (int) $search['job_id']; $where .= ' ) '; } if (isset($search['deposit_job_id']) && (int) $search['deposit_job_id'] > 0) { $where .= " AND ( u.deposit_job_id = " . (int) $search['deposit_job_id']; $where .= ' ) '; } if (isset($search['customer_group_id']) && (int) $search['customer_group_id'] > 0) { $from .= " LEFT JOIN `" . _DB_PREFIX . "group_member` gm ON (c.customer_id = gm.owner_id)"; $where .= " AND (gm.group_id = '" . (int) $search['customer_group_id'] . "' AND gm.owner_table = 'customer')"; } if (isset($search['renewing']) && $search['renewing']) { $where .= " AND u.date_renew != '0000-00-00' AND (u.renew_invoice_id IS NULL OR u.renew_invoice_id = 0) "; } switch (self::get_invoice_access_permissions()) { case _INVOICE_ACCESS_ALL: break; case _INVOICE_ACCESS_STAFF: $where .= " AND u.vendor_user_id = " . (int) module_security::get_loggedin_id(); break; case _INVOICE_ACCESS_JOB: $valid_job_ids = module_job::get_jobs(); $where .= " AND ( t.`job_id` IN ( "; if (count($valid_job_ids)) { foreach ($valid_job_ids as $valid_job_id) { $where .= (int) $valid_job_id['job_id'] . ", "; } $where = rtrim($where, ', '); } else { $where .= ' NULL '; } $where .= ' ) '; $where .= " OR "; $where .= " u.deposit_job_id IN ( "; if (count($valid_job_ids)) { foreach ($valid_job_ids as $valid_job_id) { $where .= (int) $valid_job_id['job_id'] . ", "; } $where = rtrim($where, ', '); } else { $where .= ' NULL '; } $where .= ' ) '; $where .= " )"; break; case _INVOICE_ACCESS_CUSTOMER: $valid_customer_ids = module_security::get_customer_restrictions(); $where .= " AND u.customer_id IN ( "; if (count($valid_customer_ids)) { foreach ($valid_customer_ids as $valid_customer_id) { $where .= (int) $valid_customer_id . ", "; } $where = rtrim($where, ', '); } else { $where .= ' NULL '; } $where .= " )"; } // permissions from customer module. // tie in with customer permissions to only get jobs from customers we can access. switch (module_customer::get_customer_data_access()) { case _CUSTOMER_ACCESS_ALL: // all customers! so this means all jobs! break; case _CUSTOMER_ACCESS_ALL_COMPANY: case _CUSTOMER_ACCESS_CONTACTS: case _CUSTOMER_ACCESS_TASKS: case _CUSTOMER_ACCESS_STAFF: $valid_customer_ids = module_security::get_customer_restrictions(); $where .= " AND u.customer_id IN ( "; if (count($valid_customer_ids)) { foreach ($valid_customer_ids as $valid_customer_id) { $where .= (int) $valid_customer_id . ", "; } $where = rtrim($where, ', '); } else { $where .= ' NULL '; } $where .= " )"; } $group_order = ' GROUP BY u.invoice_id ORDER BY u.date_create DESC'; // stop when multiple company sites have same region $sql = $sql . $from . $where . $group_order; $result = qa($sql); //module_security::filter_data_set("invoice",$result); return $result; // return get_multiple("invoice",$search,"invoice_id","fuzzy","name"); }
public static function get_quotes($search = array(), $return_options = array()) { // limit based on customer id /*if(!isset($_REQUEST['customer_id']) || !(int)$_REQUEST['customer_id']){ return array(); }*/ $cache_key = 'get_quotes_' . md5(serialize(array($search, $return_options))); if ($cached_item = module_cache::get('quote', $cache_key)) { return $cached_item; } $cache_timeout = module_config::c('cache_objects', 60); // build up a custom search sql query based on the provided search fields $sql = "SELECT "; if (isset($return_options['columns'])) { $sql .= $return_options['columns']; } else { $sql .= "u.*,u.quote_id AS id "; $sql .= ", u.name AS name "; $sql .= ", c.customer_name "; if (class_exists('module_website', false) && module_website::is_plugin_enabled()) { $sql .= ", w.name AS website_name"; // for export } $sql .= ", us.name AS staff_member"; // for export } $from = " FROM `" . _DB_PREFIX . "quote` u "; $from .= " LEFT JOIN `" . _DB_PREFIX . "customer` c USING (customer_id)"; if (class_exists('module_website', false) && module_website::is_plugin_enabled()) { $from .= " LEFT JOIN `" . _DB_PREFIX . "website` w ON u.website_id = w.website_id"; // for export } $from .= " LEFT JOIN `" . _DB_PREFIX . "user` us ON u.user_id = us.user_id"; // for export $where = " WHERE 1 "; if (is_array($return_options) && isset($return_options['custom_where'])) { // put in return options so harder to push through from user end. $where .= $return_options['custom_where']; } if (isset($search['generic']) && $search['generic']) { $str = mysql_real_escape_string($search['generic']); $where .= " AND ( "; $where .= " u.name LIKE '%{$str}%' "; //OR "; //$where .= " u.url LIKE '%$str%' "; $where .= ' ) '; } foreach (array('customer_id', 'website_id', 'status', 'type', 'date_create') as $key) { if (isset($search[$key]) && $search[$key] !== '' && $search[$key] !== false) { $str = mysql_real_escape_string($search[$key]); if ($str[0] == '!') { // hack for != sql searching. $str = ltrim($str, '!'); $where .= " AND u.`{$key}` != '{$str}'"; } else { $where .= " AND u.`{$key}` = '{$str}'"; } } } if (isset($search['ticket_id']) && (int) $search['ticket_id'] > 0) { // join on the ticket_quote_rel tab.e $from .= " LEFT JOIN `" . _DB_PREFIX . "ticket_quote_rel` tqr USING (quote_id)"; $where .= " AND tqr.ticket_id = " . (int) $search['ticket_id']; } if (isset($search['accepted']) && (int) $search['accepted'] > 0) { switch ($search['accepted']) { case 1: // both complete and not complete quotes, dont modify query break; case 2: // only completed quotes. $where .= " AND u.date_approved != '0000-00-00'"; break; case 3: // only non-completed quotes. $where .= " AND u.date_approved = '0000-00-00'"; break; } } $group_order = ' GROUP BY u.quote_id ORDER BY u.name'; switch (self::get_quote_access_permissions()) { case _QUOTE_ACCESS_ALL: break; case _QUOTE_ACCESS_ASSIGNED: // only assigned quotes! $from .= " LEFT JOIN `" . _DB_PREFIX . "quote_task` t ON u.quote_id = t.quote_id "; $where .= " AND (u.user_id = " . (int) module_security::get_loggedin_id() . " OR t.user_id = " . (int) module_security::get_loggedin_id() . ")"; break; case _QUOTE_ACCESS_CUSTOMER: // tie in with customer permissions to only get quotes from customers we can access. $customers = module_customer::get_customers(); if (count($customers)) { $where .= " AND u.customer_id IN ( "; foreach ($customers as $customer) { $where .= $customer['customer_id'] . ', '; } $where = rtrim($where, ', '); $where .= " ) "; } break; } // tie in with customer permissions to only get quotes from customers we can access. switch (module_customer::get_customer_data_access()) { case _CUSTOMER_ACCESS_ALL: // all customers! so this means all quotes! break; case _CUSTOMER_ACCESS_ALL_COMPANY: case _CUSTOMER_ACCESS_CONTACTS: case _CUSTOMER_ACCESS_TASKS: case _CUSTOMER_ACCESS_STAFF: $valid_customer_ids = module_security::get_customer_restrictions(); if (count($valid_customer_ids)) { $where .= " AND ( u.customer_id = 0 OR u.customer_id IN ( "; foreach ($valid_customer_ids as $valid_customer_id) { $where .= (int) $valid_customer_id . ", "; } $where = rtrim($where, ', '); $where .= " )"; $where .= " )"; } } $sql = $sql . $from . $where . $group_order; // echo $sql;print_r(debug_backtrace());exit; $result = qa($sql); //module_security::filter_data_set("quote",$result); module_cache::put('quote', $cache_key, $result, $cache_timeout); return $result; // return get_multiple("quote",$search,"quote_id","fuzzy","name"); }
public function save_customer($customer_id, $data) { $customer_id = (int) $customer_id; $temp_customer = false; if ($customer_id > 0) { // check permissions $temp_customer = $this->get_customer($customer_id); if (!$temp_customer || $temp_customer['customer_id'] != $customer_id) { $temp_customer = false; $customer_id = false; } } if (_DEMO_MODE && $customer_id == 1) { set_error('Sorry this is a Demo Customer. It cannot be changed.'); redirect_browser(self::link_open($customer_id)); } if (isset($data['default_tax_system']) && $data['default_tax_system']) { $data['default_tax'] = -1; $data['default_tax_name'] = ''; } if (isset($data['primary_user_id'])) { unset($data['primary_user_id']); } // only allow this to be set through the method. $customer_id = update_insert("customer_id", $customer_id, "customer", $data); if (isset($data['single_staff_id']) && (int) $data['single_staff_id'] > 0 && module_customer::get_customer_data_access() == _CUSTOMER_ACCESS_STAFF && $data['single_staff_id'] == module_security::get_loggedin_id()) { $sql = "REPLACE INTO `" . _DB_PREFIX . "customer_user_rel` SET "; $sql .= " `user_id` = " . (int) $data['single_staff_id']; $sql .= ", `customer_id` = " . (int) $customer_id; query($sql); } else { if (isset($data['staff_ids']) && is_array($data['staff_ids']) && module_customer::can_i('edit', 'Customer Staff')) { $existing_staff = array(); if ($temp_customer) { $existing_staff = $temp_customer['staff_ids']; } foreach ($data['staff_ids'] as $staff_id) { $sql = "REPLACE INTO `" . _DB_PREFIX . "customer_user_rel` SET "; $sql .= " `user_id` = " . (int) $staff_id; $sql .= ", `customer_id` = " . (int) $customer_id; $key = array_search($staff_id, $existing_staff); if ($key !== false) { unset($existing_staff[$key]); } query($sql); } foreach ($existing_staff as $staff_id) { delete_from_db('customer_user_rel', array('user_id', 'customer_id'), array($staff_id, $customer_id)); } } } if (isset($_REQUEST['user_id'])) { $user_id = (int) $_REQUEST['user_id']; if ($user_id > 0) { // check permissions $temp_user = module_user::get_user($user_id); if (!$temp_user || $temp_user['user_id'] != $user_id) { $user_id = false; } } // assign specified user_id to this customer. // could this be a problem? // maybe? // todo: think about security precautions here, maybe only allow admins to set primary contacts. $data['customer_id'] = $customer_id; if (!$user_id) { // hack to set the default role of a contact (if one is set in settings). if (!isset($data['last_name']) && isset($data['name']) && strpos($data['name'], ' ') > 0) { // todo - save from customer import $bits = explode(' ', $data['name']); $data['last_name'] = array_pop($bits); $data['name'] = implode(' ', $bits); } global $plugins; $user_id = $plugins['user']->create_user($data, 'contact'); //$user_id = update_insert("user_id",false,"user",$data); //module_cache::clear('user'); $role_id = module_config::c('contact_default_role', 0); if ($role_id > 0) { module_user::add_user_to_role($user_id, $role_id); } $this->set_primary_user_id($customer_id, $user_id); } else { // make sure this user is part of this customer. // wait! addition, we want to be able to move an existing customer contact to this new customer. $saved_user_id = false; if (isset($_REQUEST['move_user_id']) && (int) $_REQUEST['move_user_id'] && module_customer::can_i('create', 'Active Leads')) { $old_user = module_user::get_user((int) $_REQUEST['move_user_id']); if ($old_user && $old_user['user_id'] == (int) $_REQUEST['move_user_id']) { $saved_user_id = $user_id = update_insert("user_id", $user_id, "user", $data); module_cache::clear('user'); hook_handle_callback('customer_contact_moved', $user_id, $old_user['customer_id'], $customer_id); $this->set_primary_user_id($customer_id, $user_id); module_cache::clear('user'); } } else { // save normally, only those linked to this account: $users = module_user::get_contacts(array('customer_id' => $customer_id)); foreach ($users as $user) { if ($user['user_id'] == $user_id) { $saved_user_id = $user_id = update_insert("user_id", $user_id, "user", $data); $this->set_primary_user_id($customer_id, $user_id); module_cache::clear('user'); break; } } } if (!$saved_user_id) { $this->set_primary_user_id($customer_id, 0); module_cache::clear('user'); } } // todo: move this functionality back into the user class. // maybe with a static save_user method ? if ($user_id > 0 && class_exists('module_extra', false) && module_extra::is_plugin_enabled()) { module_extra::save_extras('user', 'user_id', $user_id); } } handle_hook("address_block_save", $this, "physical", "customer", "customer_id", $customer_id); //handle_hook("address_block_save",$this,"postal","customer","customer_id",$customer_id); if (class_exists('module_extra', false) && module_extra::is_plugin_enabled()) { module_extra::save_extras('customer', 'customer_id', $customer_id); } // save the company information if it's available if (class_exists('module_company', false) && module_company::can_i('view', 'Company') && module_company::is_enabled()) { if (isset($_REQUEST['available_customer_company']) && is_array($_REQUEST['available_customer_company'])) { $selected_companies = isset($_POST['customer_company']) && is_array($_POST['customer_company']) ? $_POST['customer_company'] : array(); $company_access = module_company::get_company_data_access(); if ($company_access == _COMPANY_ACCESS_ALL && !count($selected_companies)) { // user is unassignging this customer from all companies we have access to, dont let them do this? } foreach ($_REQUEST['available_customer_company'] as $company_id => $tf) { if (!isset($selected_companies[$company_id]) || !$selected_companies[$company_id]) { // remove customer from this company module_company::delete_customer($company_id, $customer_id); } else { // add customer to this company (if they are not already existing) module_company::add_customer_to_company($company_id, $customer_id); } } } } self::update_customer_status($customer_id); module_cache::clear('customer'); return $customer_id; }
public static function get_user($user_id, $perms = true, $do_link = true, $basic_for_link = false) { //,$basic=false $cache_key_args = func_get_args(); $cache_key = self::_user_cache_key($user_id, $cache_key_args); $cache_timeout = module_config::c('cache_objects', 60); if ($cached_item = module_cache::get('user', $cache_key)) { return $cached_item; } $user = get_single("user", "user_id", $user_id); if ($do_link && $user && isset($user['linked_parent_user_id']) && $user['linked_parent_user_id'] && $user['linked_parent_user_id'] != $user['user_id']) { $user = self::get_user($user['linked_parent_user_id']); module_cache::put('user', $cache_key, $user, $cache_timeout); return $user; } if ($user) { if ($basic_for_link) { module_cache::put('user', $cache_key, $user, $cache_timeout); return $user; } // if this user is a linked contact to the current contact then we allow access. if (isset($user['linked_parent_user_id']) && $user['linked_parent_user_id'] == module_security::get_loggedin_id()) { // allow all access. } else { if (class_exists('module_customer', false)) { if ($user) { switch (module_user::get_user_data_access()) { case _USER_ACCESS_ME: if ($user['user_id'] != module_security::get_loggedin_id()) { if ($perms) { $user = false; } else { // eg for linking. $user['_perms'] = false; } } break; case _USER_ACCESS_CONTACTS: if (!$user['customer_id'] && !$user['vendor_id'] && $user['user_id'] != module_security::get_loggedin_id()) { // this user is not a customer contact, don't let them access it. if ($perms) { $user = false; } else { // eg for linking. $user['_perms'] = false; } } break; case _USER_ACCESS_ALL: default: // all user accounts. break; } } if ($user && $user['customer_id'] > 0) { switch (module_customer::get_customer_data_access()) { case _CUSTOMER_ACCESS_ALL: // all customers! so this means all jobs! break; case _CUSTOMER_ACCESS_ALL_COMPANY: case _CUSTOMER_ACCESS_CONTACTS: case _CUSTOMER_ACCESS_TASKS: case _CUSTOMER_ACCESS_STAFF: $valid_customer_ids = module_security::get_customer_restrictions(); $is_valid_user = isset($valid_customer_ids[$user['customer_id']]); if (!$is_valid_user) { if ($perms) { $user = false; } else { // eg for linking. $user['_perms'] = false; } } } } } if ($user && $user['vendor_id'] > 0) { switch (module_vendor::get_vendor_data_access()) { case _VENDOR_ACCESS_ALL: // all vendors! so this means all jobs! break; case _VENDOR_ACCESS_ALL_COMPANY: case _VENDOR_ACCESS_CONTACTS: $valid_vendor_check = module_vendor::get_vendor($user['vendor_id']); $is_valid_user = $valid_vendor_check && isset($valid_vendor_check['vendor_id']) && $valid_vendor_check['vendor_id'] == $user['vendor_id']; if (!$is_valid_user) { if ($perms) { $user = false; } else { // eg for linking. $user['_perms'] = false; } } } } } } if (!$user) { $user = array('user_id' => 'new', 'customer_id' => 0, 'vendor_id' => 0, 'name' => '', 'last_name' => '', 'email' => '', 'password' => '', 'phone' => '', 'mobile' => '', 'fax' => '', 'roles' => array(), 'language' => module_config::c('default_language', 'en'), 'company_ids' => array()); $use_master_key = self::get_contact_master_key(); if (isset($_REQUEST[$use_master_key])) { $user[$use_master_key] = $_REQUEST[$use_master_key]; } } else { $user['roles'] = get_multiple('user_role', array('user_id' => $user_id)); if (class_exists('module_company', false) && module_company::is_enabled()) { $user['company_ids'] = array(); foreach (module_company::get_companys_by_user($user['user_id']) as $company) { $user['company_ids'][$company['company_id']] = $company['name']; } } module_cache::put('user', $cache_key, $user, $cache_timeout); } return $user; }
<?php /** * Copyright: dtbaker 2012 * Licence: Please check CodeCanyon.net for licence details. * More licence clarification available here: http://codecanyon.net/wiki/support/legal-terms/licensing-terms/ * Deploy: 9809 f200f46c2a19bb98d112f2d32a8de0c4 * Envato: 4ffca17e-861e-4921-86c3-8931978c40ca * Package Date: 2015-11-25 02:55:20 * IP Address: 67.79.165.254 */ print_heading(array('main' => true, 'type' => 'h2', 'title' => 'Calendar')); $customer_id = isset($_REQUEST['customer_id']) ? (int) $_REQUEST['customer_id'] : false; $customer_access = module_customer::get_customer_data_access(); if ($customer_access && $customer_access != _CUSTOMER_ACCESS_ALL) { // restricted to what customers we can see. is it only 1? $customer_access_ids = module_security::get_customer_restrictions(); if (count($customer_access_ids) == 1) { $customer_access_id = current($customer_access_ids); if ($customer_access_id > 0) { $customer_id = $customer_access_id; } } } $base_path = _BASE_HREF . 'includes/plugin_calendar/wdCalendar/'; ?> <link href="<?php echo $base_path; ?> css/calendar.css" rel="stylesheet" type="text/css" /> <link href="<?php
public static function get_website($website_id) { $website = get_single("website", "website_id", $website_id); if ($website) { switch (module_customer::get_customer_data_access()) { case _CUSTOMER_ACCESS_ALL: // all customers! so this means all jobs! break; case _CUSTOMER_ACCESS_ALL_COMPANY: case _CUSTOMER_ACCESS_CONTACTS: case _CUSTOMER_ACCESS_STAFF: $valid_customer_ids = module_security::get_customer_restrictions(); $is_valid_website = isset($valid_customer_ids[$website['customer_id']]); if (!$is_valid_website) { $website = false; } break; case _CUSTOMER_ACCESS_TASKS: // only customers who have linked jobs that I am assigned to. $has_job_access = false; if (isset($website['customer_id']) && $website['customer_id']) { $jobs = module_job::get_jobs(array('customer_id' => $website['customer_id'])); foreach ($jobs as $job) { if ($job['user_id'] == module_security::get_loggedin_id()) { $has_job_access = true; break; } $tasks = module_job::get_tasks($job['job_id']); foreach ($tasks as $task) { if ($task['user_id'] == module_security::get_loggedin_id()) { $has_job_access = true; break; } } } } if (!$has_job_access) { $website = false; } break; } } if (!$website) { $website = array('website_id' => 'new', 'customer_id' => isset($_REQUEST['customer_id']) ? $_REQUEST['customer_id'] : 0, 'name' => '', 'status' => module_config::s('website_status_default', 'New'), 'url' => ''); } return $website; }