X-Git-Url: http://wagnertech.de/git?a=blobdiff_plain;f=invoice_view.php;h=605a5302027b0e85501ba651969d84ff3b70561f;hb=HEAD;hp=3715b80a23caa60cfd0cb6a4e2f1412462da9fc3;hpb=a62e4bdd1bc89ea4f3cf29507399b5b8f229597a;p=timetracker.git diff --git a/invoice_view.php b/invoice_view.php index 3715b80a..605a5302 100644 --- a/invoice_view.php +++ b/invoice_view.php @@ -32,34 +32,36 @@ import('ttInvoiceHelper'); import('ttClientHelper'); import('form.Form'); -// Access check. -if (!(ttAccessAllowed('manage_invoices') || ttAccessAllowed('view_own_invoices')) || !$user->isPluginEnabled('iv')) { +// Access checks. +if (!(ttAccessAllowed('manage_invoices') || ttAccessAllowed('view_client_invoices'))) { header('Location: access_denied.php'); exit(); } - -$cl_id = (int)$request->getParameter('id'); -$invoice = ttInvoiceHelper::getInvoice($cl_id); -// Temporary fix for invalid invoice id. TODO: implement properly and review security of other pages, -// where item id is passed (or posted) as parameter. +if (!$user->isPluginEnabled('iv')) { + header('Location: feature_disabled.php'); + exit(); +} +$cl_invoice_id = (int)$request->getParameter('id'); +$invoice = ttInvoiceHelper::getInvoice($cl_invoice_id); if (!$invoice) { header('Location: access_denied.php'); exit(); } +// End of access checks. $invoice_date = new DateAndTime(DB_DATEFORMAT, $invoice['date']); $client = ttClientHelper::getClient($invoice['client_id'], true); if (!$client) // In case client was deleted. $client = ttClientHelper::getDeletedClient($invoice['client_id']); -$invoice_items = ttInvoiceHelper::getInvoiceItems($cl_id); +$invoice_items = ttInvoiceHelper::getInvoiceItems($cl_invoice_id); $tax_percent = $client['tax']; $subtotal = 0; $tax = 0; foreach($invoice_items as $item) $subtotal += $item['cost']; -if ($tax_percent) { +if ($tax_percent > 0) { $tax_expenses = $user->isPluginEnabled('et'); foreach($invoice_items as $item) { if ($item['type'] == 2 && !$tax_expenses) @@ -67,27 +69,31 @@ if ($tax_percent) { $tax += round($item['cost'] * $tax_percent / 100, 2); } } -$total = $subtotal + $tax; +$total = $subtotal + $tax; + +$currency = $user->getCurrency(); +$decimalMark = $user->getDecimalMark(); -$smarty->assign('subtotal', $user->currency.' '.str_replace('.', $user->decimal_mark, sprintf('%8.2f', round($subtotal, 2)))); -if ($tax) $smarty->assign('tax', $user->currency.' '.str_replace('.', $user->decimal_mark, sprintf('%8.2f', round($tax, 2)))); -$smarty->assign('total', $user->currency.' '.str_replace('.', $user->decimal_mark, sprintf('%8.2f', round($total, 2)))); +$smarty->assign('subtotal', $currency.' '.str_replace('.', $decimalMark, sprintf('%8.2f', round($subtotal, 2)))); +if ($tax) $smarty->assign('tax', $currency.' '.str_replace('.', $decimalMark, sprintf('%8.2f', round($tax, 2)))); +$smarty->assign('total', $currency.' '.str_replace('.', $decimalMark, sprintf('%8.2f', round($total, 2)))); -if ('.' != $user->decimal_mark) { +if ('.' != $decimalMark) { foreach ($invoice_items as &$item) - $item['cost'] = str_replace('.', $user->decimal_mark, $item['cost']); + $item['cost'] = str_replace('.', $decimalMark, $item['cost']); } // Calculate colspan for invoice summary. $colspan = 4; -if (MODE_PROJECTS == $user->tracking_mode) +$trackingMode = $user->getTrackingMode(); +if (MODE_PROJECTS == $trackingMode) $colspan++; -elseif (MODE_PROJECTS_AND_TASKS == $user->tracking_mode) +elseif (MODE_PROJECTS_AND_TASKS == $trackingMode) $colspan += 2; $form = new Form('invoiceForm'); // Hidden control for invoice id. -$form->addInput(array('type'=>'hidden','name'=>'id','value'=>$cl_id)); +$form->addInput(array('type'=>'hidden','name'=>'id','value'=>$cl_invoice_id)); // invoiceForm only contains controls for "Mark paid" block below invoice table. if ($user->isPluginEnabled('ps')) { $mark_paid_action_options = array('1'=>$i18n->get('dropdown.paid'),'2'=>$i18n->get('dropdown.not_paid')); @@ -104,20 +110,22 @@ if ($request->isPost()) { // Determine user action. $mark_paid = $request->getParameter('mark_paid_action_options') == 1 ? true : false; - ttInvoiceHelper::markPaid($cl_id, $mark_paid); + ttInvoiceHelper::markPaid($cl_invoice_id, $mark_paid); // Re-display this form. - header('Location: invoice_view.php?id='.$cl_id); + header('Location: invoice_view.php?id='.$cl_invoice_id); exit(); } } $smarty->assign('forms', array($form->getName()=>$form->toArray())); -$smarty->assign('invoice_id', $cl_id); +$smarty->assign('invoice_id', $cl_invoice_id); $smarty->assign('invoice_name', $invoice['name']); -$smarty->assign('invoice_date', $invoice_date->toString($user->date_format)); +$smarty->assign('invoice_date', $invoice_date->toString($user->getDateFormat())); $smarty->assign('client_name', $client['name']); $smarty->assign('client_address', $client['address']); +$smarty->assign('show_project', MODE_PROJECTS == $trackingMode || MODE_PROJECTS_AND_TASKS == $trackingMode); +$smarty->assign('show_task', MODE_PROJECTS_AND_TASKS == $trackingMode); $smarty->assign('invoice_items', $invoice_items); $smarty->assign('colspan', $colspan); $smarty->assign('title', $i18n->get('title.view_invoice'));