Fix overivew from global menu and overview per project from project tab.

addedit.php

@@ -3,15 +3,29 @@ if (!defined('W2P_BASE_DIR')) {
     die('You should not access this file directly.');
 }
 
+// check permissions for this record
+$perms = $AppUI->acl();
+if (!$perms->checkModuleItem('invoice','access')) {
+	$AppUI->redirect(ACCESS_DENIED);
+}
+
+$canView = $perms->checkModule($m, 'view');
+$canEdit = $perms->checkModule($m, 'edit');
+$canDelete = $perms->checkModule($m, 'delete');
+if (!$canEdit || !$canView) {
+	$AppUI->redirect(ACCESS_DENIED);
+}
+
+// Invoice object
 $invoice_id = intval( w2PgetParam( $_REQUEST, "invoice_id", 0 ) );
 $project_id = intval( w2PgetParam( $_REQUEST, "project_id", 0 ) );
 
-// check permissions for this record
-// Done automatically in index.php
-//$canEdit = !getDenyEdit( $m, $project_id);
-if (!$canEdit) {
-	$AppUI->redirect( "m=public&a=access_denied" );
-}
+$obj = new CInvoice();
+$obj->invoice_id = $invoice_id;
+$obj->invoice_project = $project_id;
+
+// Invoice load object
+$obj->load(null, $invoice_id);
 
 // format dates
 $df = $AppUI->getPref('SHDATEFORMAT');
@@ -264,7 +278,7 @@ $date = new w2p_Utilities_Date($a['task_log_date']);
 <!-- import the language module -->
 <script type="text/javascript" src="<?php echo $AppUI->cfg['base_url'];?>lib/calendar/lang/calendar-<?php echo $AppUI->user_locale; ?>.js"></script>
 
-<script language="javascript">
+<script language="javascript" type="text/javascript">
 
 function submitIt() {
 	var f = document.editFrm;

do_invoice_aed.php

@@ -3,49 +3,53 @@ if (!defined('W2P_BASE_DIR')) {
     die('You should not access this file directly.');
 }
 
-$del = isset($_POST['del']) ? $_POST['del'] : 0;
-$stat = isset($_POST['stat']) ? $_POST['stat'] : -1;
-$tag = isset($_POST['tag']) ? $_POST['tag'] : -1;
+$del = w2PgetParam($_POST, 'del', 0);
+$stat = w2PgetParam($_POST,'stat' -1);
+$tag = w2PgetParam($_POST, 'tag', -1);
 
 $obj = new CInvoice();
 if (!$obj->bind( $_POST )) {
         $AppUI->setMsg( $obj->getError(), UI_MSG_ERROR );
         $AppUI->redirect();
 }
-$obj->task_invoice=$_POST["task_invoice"];
+$obj->task_invoice = $_POST["task_invoice"];
 
 $AppUI->setMsg( 'Invoice' );
+$msg = "m=invoice";
 if ($del) {
-        if (($msg = $obj->delete())) {
-                $AppUI->setMsg( $msg, UI_MSG_ERROR );
+        if (!$obj->delete()) {
+                $AppUI->setMsg( 'Invoice delete failed', UI_MSG_ERROR );
         } else {
-                $AppUI->setMsg( "deleted", UI_MSG_OK, true );
+                $AppUI->setMsg( "Invoice deleted", UI_MSG_ALERT );
 	}
-	$AppUI->redirect("m=invoice&a=addedit&invoice_id=".$obj->task_invoice."&project_id=".$obj->_invoice_project);
-} elseif ($stat != -1 && $obj->task_invoice != 0) {
-	if (($msg = $obj->change_status($stat))) {
-		$AppUI->setMsg( $msg, UI_MSG_ERROR );
+	msg = "m=invoice&a=addedit&invoice_id=".$obj->task_invoice."&project_id=".$obj->invoice_project;
+} else if ($stat != -1 && $obj->task_invoice != 0) {
+	if (!$obj->change_status($stat)) {
+		$AppUI->setMsg( 'Invoice status change failed', UI_MSG_ERROR );
 	} else {
-		$AppUI->setMsg( $msg . "updated", UI_MSG_OK, true );
+		$AppUI->setMsg( "Invoice updated", UI_MSG_ALERT );
 	}
-	if (($msg = $obj->change_invoice_tag($tag))) {
-		$AppUI->setMsg( $msg, UI_MSG_ERROR );
+	if (!$obj->change_invoice_tag($tag)) {
+		$AppUI->setMsg( "Invoice tag change failed", UI_MSG_ERROR );
 	} else {
-		$AppUI->setMsg( $msg . "updated", UI_MSG_OK, true );
+		$AppUI->setMsg( "Invoice tag updated", UI_MSG_ALERT );
 	}
-	$AppUI->redirect("m=invoice&a=addedit&invoice_id=".$obj->task_invoice."&project_id=".$obj->_invoice_project);
+	$msg = "m=invoice&a=addedit&invoice_id=".$obj->task_invoice."&project_id=".$obj->invoice_project;
 } else {
 	while(list($key,$value)=each($_POST)) {
 		$tmparr=split("_",$key);
 		if ($tmparr[0] == "num") {
-			$obj->task_invouce=$_POST["task_invoice"];
+			$obj->task_invoice=$_POST["task_invoice"];
 			$obj->task_log_id=$tmparr[1];
 			$obj->task_amount=$_POST["fixed_".$tmparr[1]];
-			$obj->store();
+			if (!$obj->store()) {
+				$AppUI->setMsg( 'Invoice store failed', UI_MSG_ERROR );
+			}
 		}
 	}
-	$AppUI->setMsg( $msg . "updated", UI_MSG_OK, true );
-        $AppUI->redirect("m=invoice&a=addedit&invoice_id=".$obj->task_invoice."&project_id=".$obj->_invoice_project);
+	$isNotNew = $obj->task_queue_id;
+	$AppUI->setMsg( $isNotNew ? 'Invoice updated' : 'Invoice inserted', UI_MSG_OK );
+        $msg = "m=invoice&a=addedit&invoice_id=".$obj->task_invoice."&project_id=".$obj->invoice_project;
 }
-
+$AppUI->redirect($msg);
 ?>

index_table.php

@@ -3,18 +3,32 @@ if (!defined('W2P_BASE_DIR')) {
     die('You should not access this file directly.');
 }
 
-$project_id = intval( w2PgetParam( $_GET, "project_id", 0 ) );
+global $AppUI, $projectid;
+global $tab, $m;
 
-$perms =& $AppUI->acl();
-if (!$perms->checkModuleItem('invoice', 'view', $project_id)) {
-        $AppUI->redirect( "m=public&a=access_denied" );
+$project_id = (int) w2PgetParam( $_GET, "project_id", 0 );
+
+// FIXME howto check if user can access this project_id AND invoice_id
+// or is it handled by the Core autmatically??
+//
+//$perms =& $AppUI->acl();
+//if (!$perms->checkModuleItem('invoice', 'view', $project_id)) {
+//	print "invoice - access denied <br>";
+//        $AppUI->redirect(ACCESS_DENIED);
+//}
+// check permissions for this record
+$perms = $AppUI->acl();
+if (!$perms->checkModuleItem('invoice','access')) {
+	$AppUI->redirect(ACCESS_DENIED);
 }
 
-// retrieve any state parameters
-if (isset( $_GET['tab'] )) {
-        $AppUI->setState( 'ProjVwTab', $_GET['tab'] );
+$canView = $perms->checkModule($m, 'view');
+$canEdit = $perms->checkModule($m, 'edit');
+$canDelete = $perms->checkModule($m, 'delete');
+$canCreate = $perms->checkModule($m, 'add');
+if (!$canView) {
+	$AppUI->redirect(ACCESS_DENIED);
 }
-$tab = $AppUI->getState( 'ProjVwTab' ) !== NULL ? $AppUI->getState( 'ProjVwTab' ) : 0;
 
 $q = new w2p_Database_Query();
 $q->addQuery('
@@ -30,71 +44,68 @@ $q->addOrder('invoice_id DESC');
 
 $invoices = null;
 $ptrc=$q->exec();
+if (!$ptrc) {
+	echo db_error();
+}
 $nums=db_num_rows($ptrc);
-echo db_error();
 
 for ($x=0; $x < $nums; $x++) {
         $row = db_fetch_assoc( $ptrc );
         $invoices[] = $row;
 }
 
-
 function showtask_inv( &$a, $level=0 ) {
-        global $AppUI, $done, $query_string, $durnTypes, $project_id, $perms;
+        global $AppUI, $done, $query_string, $durnTypes, $project_id, $canEdit;
         $df = $AppUI->getPref( 'SHDATEFORMAT' );
         $done[] = $a['invoice_id'];
-	$invoice_status="Closed";
+	$invoice_status = w2PformSafe("Closed");
 	if ($a["invoice_status"] == "0") {
-		$invoice_status="Open";
+		$invoice_status = w2PformSafe("Open");
 	}elseif ($a["invoice_status"] == "1") {
-		$invoice_status="Pending";
-	}elseif ($a["invouce_status"] == "2") {
-		$invoice_status="Paid";
-	}elseif ($a["invouce_status"] == "3") {^M
-                $invoice_status="Loss";
+		$invoice_status = w2PformSafe("Pending");
+	}elseif ($a["invoice_status"] == "2") {
+		$invoice_status= w2PformSafe("Paid");
+	}elseif ($a["invoice_status"] == "3") {
+                $invoice_status= w2PformSafe("Loss");
 	}
-	$start_date=strftime($df,$a["invoice_date"]);
+	$start_date = strftime($df,$a["invoice_date"]);
 
-// edit query FROM users; user_first_name and user_last_name
-$q = new w2p_Database_Query();
-$q->addQuery('
-        contact_first_name,
-        contact_last_name');
-$q->addTable('contacts');
-$q->leftJoin('users', 'u', 'user_contact=contact_id');
-$q->addWhere('user_id = ' . $a['invoice_creator']);
+	// edit query FROM users; user_first_name and user_last_name
+	$q = new w2p_Database_Query();
+	$q->addQuery('contact_first_name, contact_last_name');
+	$q->addTable('contacts');
+	$q->leftJoin('users', 'u', 'user_contact=contact_id');
+	$q->addWhere('user_id = ' . $a['invoice_creator']);
 
 	$tmpuser=$q->exec();
 	$username=db_fetch_assoc($tmpuser);
 	
-
-        $s = "\n<tr>";
+        echo "\n<tr>";
 // edit icon
-        $s .= "\n\t<td>";
-        if ($perms->checkModuleItem('invoice', "edit", $a['invoice_id'])) {
-                $s .= "\n\t\t<a href=\"?m=invoice&a=addedit&invoice_id={$a['invoice_id']}&project_id=${project_id}\">"
-                        . "\n\t\t\t".'<img src="./images/icons/pencil.gif" alt="'.$AppUI->_( 'Edit Invoice' ).'" border="0" width="12" height="12">'
+        echo"\n\t<td>";
+	if ($canEdit) {
+                echo "\n\t\t<a href=\"?m=invoice&a=addedit&invoice_id={$a['invoice_id']}&project_id=${project_id}\">"
+                        . "\n\t\t\t".w2PshowImage('icons/pencil.gif', '16', '16')
                         . "\n\t\t</a>";
         }
-        $s .= "\n\t</td>";
+        echo "\n\t</td>";
 // name link
         $alt = htmlspecialchars( $a["invoice_id"] );
-        $s .= '<td align=right>&nbsp;<a href="./index.php?m=invoice&a=view&invoice_id='.$a["invoice_id"].'&project_id='.$project_id.'" title="' . $alt . '"># ' . $a["invoice_id"] . '</a></td>';
-	$s .= '<td align=right>&nbsp;<a href="./index.php?m=invoice&a=view&invoice_id='.$a["invoice_id"].'&project_id='.$project_id.'" title="' . $alt . '">' . $a["invoice_tag"] . '</a></td>';
+        echo '<td align=right>&nbsp;<a href="./index.php?m=invoice&a=view&invoice_id='.$a["invoice_id"].'&project_id='.$project_id.'" title="' . $alt . '"># ' . $a["invoice_id"] . '</a></td>';
+	echo '<td align=right>&nbsp;<a href="./index.php?m=invoice&a=view&invoice_id='.$a["invoice_id"].'&project_id='.$project_id.'" title="' . $alt . '">' . $a["invoice_tag"] . '</a></td>';
 // task owner
-        $s .= '<td nowrap="nowrap" align=center>'.$username["contact_first_name"].' '.$username["contact_last_name"].'</td>';
+        echo '<td nowrap="nowrap" align=center>'.$username["contact_first_name"].' '.$username["contact_last_name"].'</td>';
 // start date
-        $s .= '<td nowrap="nowrap" align=center>'.$start_date.'</td>';
+        echo '<td nowrap="nowrap" align=center>'.$start_date.'</td>';
 // status
-	$s .= '<td nowrap="nowrap">'.$invoice_status.'</td>';
-        $s .= '</tr>';
-        echo $s;
+	echo '<td nowrap="nowrap">'.$invoice_status.'</td>';
+        echo '</tr>';
 }
 
 ?>
 
 <?php
-if ($perms->checkModule('invoice', 'add'))
+if ($canCreate)
 {
 ?>
 <form action="?m=invoice&a=addedit&project_id=<?php echo $project_id; ?>" method="post">
@@ -114,7 +125,7 @@ if ($perms->checkModule('invoice', 'add'))
 <?php
 //echo '<pre>'; print_r($invoices); echo '</pre>';
 //print count($invoices);
-@reset( $invoices);
+@reset($invoices);
 for ($s=0; $s < count($invoices); $s++) {
 	$tnums=count($invoices);
         if ($tnums) {

invoice.class.php

@@ -7,64 +7,104 @@ if (!defined('W2P_BASE_DIR')) {
 //require_once( $AppUI->getSystemClass( 'w2p' ) );
 
 class CInvoice extends w2p_Core_BaseObject {
+	// table 'invoice'
+	public $invoice_id = null;
+	public $invoice_tag = null;
+	public $invoice_project = 0;
+	public $invoice_status = 0;
+	public $invoice_data = null;
+	public $invoice_paid = null;
+	public $invoice_creator = null;
 
-	var $invoice_task_queue_id = NULL;
-	var $task_invoice = NULL;
-	var $task_log_id = NULL;
-	var $task_amount = NULL;
+	// table 'invoice_task_queue'
+	public $invoice_task_queue_id = null;
+	public $task_invoice = null;
+	public $task_log_id = null;
+	public $task_amount = null;
 
-        function CInvoice() {
-                $this->w2pObject( 'invoice_task_queue', 'task_invoice' );
-		$this->_invoice_project=$_POST["invoice_project"];
-		$this->_task_queue_id=$_POST["task_queue_id"];
+        public function __construct() {
+		parent::__construct('invoice', 'invoice_id');
         }
 
-	function check() {
+	public function isValid() {
+		$baseErrorMsg = get_class($this) . '::store-check failed -';
+		if ($this->invoice_id == 0) {
+			$this->_error['invoice_id'] = $baseErrorMsg . 'invoice_id is not set';
+		}
+		return (count($this->_error)) ? false : true;
+	}
+
+	public function check() {
 		if ($this->task_invoice == NULL || $this->task_invoice == "0") {
-			$this->init();
+			if (!$this->init()) {
+				return false;
+			}
 		}
 		if (empty($this->task_amount))
 			$this->task_amount = '0';
-		return NULL;
+		return true;
 	}
 
-	function init() {
-		$q = new w2p_Database_Query();
+	protected function init() {
+		$q = $this->_getQuery();
 		$q->addTable('invoice');
-		$q->addInsert('invoice_project,invoice_date,invoice_creator', $_POST['invoice_project'].','.time().','.$_POST['project_creator'], true);;
-		$q->exec();
+		$q->addInsert('invoice_project,invoice_date,invoice_creator',
+				$_POST['invoice_project'].','.time().','.$_POST['project_creator'], true);
+		if (!$q->exec()) {
+			$this->_error['init-invoice'] = db_error();
+			return false;
+		}
 		$this->task_invoice = db_insert_id();
 //		$temp_array = mysql_fetch_array(mysql_query("select last_insert_id() from invoice"));
 //		$my_last_id = $temp_array['last_insert_id()']; 
 //		$this->task_invoice=(int)$my_last_id;
+		return true;
+	}
+
+	public function load($unused = null, $invoice_id) {
+		$q = $this->_getQuery();
+		$q->addQuery('*');
+		$q->addTable('invoice');
+		$q->addWhere('invoice_id =' . (int)$invoice_id);
+		$q->loadObject($this, true, false);
 	}
 
-	function store() {
-		$msg = $this->check();
-		$q = new w2p_Database_Query();
+	public function store($unused = null) {
+		$this->clearErrors();
+		if (!$this->check()) {
+			$this->_error['store-invoice'] = 'failed store sanity checks';
+			return false;
+		}
+		$q = $this->_getQuery();
 		$q->addTable('invoice_task_queue');
-		$q->addInsert('task_invoice,task_amount,task_log_id', $this->task_invoice.','.$this->task_amount.','.$this->task_log_id, true);
-		$q->exec();
+		$q->addInsert('task_invoice,task_amount,task_log_id',
+			$this->task_invoice.','.$this->task_amount.','.$this->task_log_id, true);
+		if (!$q->exec()) {
+			$this->_error['store-invoice'] = db_error();
+			return false;
+		}
 		//db_insertObject('invoice_task_queue',$this,'task_queue_id');
-	
+		return true;
 	}
 
-	function delete() 
-	{
+	public function delete($unused = null) {
+		$this->clearErrors();
 		$this->_action='deleted';
-		$q = new w2p_Database_Query();
+		$q = $this->_getQuery();
 		$q->setDelete('invoice_task_queue');
 		$q->addWhere('task_queue_id = ' . $this->_task_queue_id);
-		if (!$q->exec())
-			return db_error();
-		else
-			return NULL;
+		if (!$q->exec()) {
+			$this->_error['delete-invoice'] = db_error();
+			return false;
+		}
+		return true;
 	}
 
-	function purge() 
+	public function purge()
 	{
+		$this->clearErrors();
 		$this->_action='purged';
-		$q = new w2p_Database_Query();
+		$q = $this->_getQuery();
 		$q->addQuery('invoice_status');
 		$q->addTable('invoice');
 		$q->addWhere('invoice_id = ' . $this->task_invoice);
@@ -75,7 +115,10 @@ class CInvoice extends w2p_Core_BaseObject {
 			$q->clear();	
 			$q->setDelete('invoice_task_queue');
 			$q->addWhere('task_invoice = ' . $this->task_invoice);
-			$q->exec();
+			if (!$q->exec()) {
+				$this->_error['purge-invoice'] = db_error();
+				return false;
+			}
 		} 
 		else 
 		{
@@ -84,35 +127,49 @@ class CInvoice extends w2p_Core_BaseObject {
 			$q->addUpdate('task_invoice', '0');
 			$q->addUpdate('task_cost' , '0');
 			$q->addWhere('task_invoice = ' . $this->task_invoice);
-			$q->exec();
+			if (!$q->exec()) {
+				$this->_error['purge-invoice'] = db_error();
+				return false;
+			}
 		}
 
 		$q->clear();
-		$q->setDelete('invoices');
+		$q->setDelete('invoice');
 		$q->addWhere('invoice_id = ' . $this->task_invoice);
-		if (!$q->exec())
-			return db_error();
-		else
-			return NULL;
+		if (!$q->exec()) {
+			$this->_error['purge-invoice'] = db_error();
+			return false;
+		}
+		return true;
 	}
 
-	function change_status($stat) 
+	public function change_status($stat)
 	{
+		$this->clearErrors();
 		$this->_action='updated';
-		$q = new w2p_Database_Query();
+		$q = $this->_getQuery();
 		$q->addTable('invoice');
 		$q->addUpdate('invoice_status', $stat);
 		$q->addWhere('invoice_id = ' . $this->task_invoice);
-		$q->exec();
+		if (!$q->exec()) {
+			$this->_error['status-invoice'] = db_error();
+			return false;
+		}
+		return true;
 	}
 
-	function change_invoice_tag($tag)
+	public function change_invoice_tag($tag)
 	{
+		$this->clearErrors();
 		$this->_action='updated';
-		$q = new w2p_Database_Query();
+		$q = $this->_getQuery();
 		$q->addTable('invoice');
 		$q->addUpdate('invoice_tag', $tag);
 		$q->addWhere('invoice_id = ' . $this->task_invoice);
-		$q->exec();
+		if (!$q->exec()) {
+			$this->_error['tag-invoice'] = db_error();
+			return false;
+		}
+		return true;
 	}
 }

setup.php

@@ -11,13 +11,20 @@
 // MODULE CONFIGURATION DEFINITION
 $config = array();
 $config['mod_name'] = 'Invoice';
-$config['mod_version'] = '0.5';
+$config['mod_version'] = '0.6';
 $config['mod_directory'] = 'invoice';
 $config['mod_setup_class'] = 'CSetupInvoice';
 $config['mod_type'] = 'user';
-$config['mod_ui_name'] = 'Invoice';
+$config['mod_ui_name'] = $config['mod_name'];
 $config['mod_ui_icon'] = 'applet3-48.png';
 $config['mod_description'] = 'A module for billing tasks';
+$config['mod_config'] = false;
+$config['mod_main_class'] = 'CInvoice';
+
+// permissions
+$config['permission_item_table'] = 'invoice';    // table to check for permissions
+$config['permission_item_field'] = 'invoice_id'; // primary key
+$config['permission_item_field'] = 'invoice_tag';// administration number (eg: <yyyy><nn>)
 
 if (@$a == 'setup') {
 	echo w2PshowModuleConfig( $config );

view.php

@@ -290,8 +290,8 @@ function get_task_log($task_log_id, $task=false)
         task_log_date');
 	$q->addTable('task_log');
 	$q->addWhere('task_log_id = ' . $task_log_id);
-$tmptasks=$q->exec();
-$tasks=db_fetch_assoc($tmptasks);
+	$tmptasks=$q->exec();
+	$tasks=db_fetch_assoc($tmptasks);
 //	$task = $q->loadResult();
 	
 	return $task;

vw_inc.php

@@ -27,7 +27,7 @@ $df = $AppUI->getPref('SHDATEFORMAT');
 		<a href="?m=invoice&orderby=invoice_date" class="hdr"><?php echo $AppUI->_('Created On');?></a>
 	</th>
 	<th nowrap="nowrap">
-		<a href="?m=invoice&orderby=invoice_amount" class="hdr"><?php echo $AppUI->_('Invoice Amount');?>:</a>
+		<a href="?m=invoice&orderby=invoice_amount" class="hdr"><?php echo $AppUI->_('Invoice Amount');?></a>
 	</th>
 </tr>
 
@@ -100,9 +100,9 @@ function get_invoice_amount($invoice_id, $project_id) {
 	$q->addWhere('project_id = '. $project_id);
 
 	$company_id = $q->loadResult();
-//$tmpprj=db_exec($sql);
-//$row=db_fetch_assoc($tmpprj);
-//$company_id=$row["project_company"];
+	//$tmpprj=db_exec($sql);
+	//$row=db_fetch_assoc($tmpprj);
+	//$company_id=$row["project_company"];
 
 	$q->clear();
 	$q->addQuery('