diff --git a/TODO b/TODO index a8d3704..96cd7bd 100755 --- a/TODO +++ b/TODO @@ -5,11 +5,6 @@ * User groups * cf TODO in files -inc/Invoices.class.php : -======================== -* Edit a bill -* Error in guest input on token error - Manage paybacks : ================= * TODO : Payback system (class should be ok) diff --git a/inc/Invoices.class.php b/inc/Invoices.class.php index 9d801b6..3e37472 100644 --- a/inc/Invoices.class.php +++ b/inc/Invoices.class.php @@ -20,7 +20,6 @@ public function __construct() { parent::__construct(); $this->users_in = new UsersIn(); - $this->date = new DateTime(); } // Getters @@ -30,7 +29,10 @@ } public function getDate($format = "d-m-Y H:i") { - return $this->date->format($format); + if(!empty($this->date)) + return $this->date->format($format); + else + return false; } public function getBuyer() { @@ -90,7 +92,6 @@ $this->what = htmlspecialchars($this->what); $this->amount = (float) $this->amount; $this->buyer = (int) $this->buyer; - // TODO : $this->date = htmlspecialchars($this->date); return $this; } @@ -106,7 +107,8 @@ $this->setWhat($data['what']); $this->setAmount($data['amount']); $this->setBuyer($data['buyer']); - //TODO : $this->setDate($data['date']); + + $this->date = DateTime::createFromFormat('Y-m-d H:i:s', $data['date']); } // Override parent load() method @@ -114,20 +116,31 @@ public function load($fields = NULL, $first_only = false) { $return = parent::load($fields, $first_only); // Execute parent load - if($return !== false) { + if(is_array($return)) { foreach(array_keys($return) as $key) { $return[$key]->users_in->load(); // Load users in for each invoice } } + elseif(is_a($return, 'Invoice')) { + $return->users_in->load(); + } return $return; // Return the loaded elements } - // Overrid parent save() method + // Override parent save() method // ============================ public function save() { parent::save(); // Save invoice element $this->users_in->save(); // Save users in } + + // Override parent delete() method + // =============================== + public function delete() { + parent::delete(); // Delete invoice element + + $this->users_in->delete(); // Also delete users in + } } diff --git a/inc/Storage.class.php b/inc/Storage.class.php index 3f57eac..c9c36fa 100644 --- a/inc/Storage.class.php +++ b/inc/Storage.class.php @@ -264,10 +264,12 @@ class Storage { foreach($this->fields as $field=>$type) { if(!empty($this->$field)) { - if($fields[$field] == 'date') - $value = $value->format('Y-m-d H:i:s'); + if($this->fields[$field] == 'date') + $value = $this->$field->format('Y-m-d H:i:s'); + else + $value = $this->$field; - $query->bindParam(':'.$field, $this->$field); + $query->bindValue(':'.$field, $value); } } diff --git a/inc/UsersIn.class.php b/inc/UsersIn.class.php index 9acf21c..0a85bbf 100644 --- a/inc/UsersIn.class.php +++ b/inc/UsersIn.class.php @@ -114,4 +114,12 @@ $query->execute(); } } + + // Override delete() method + // ======================== + public function delete() { + $query = $this->getConnection()->prepare('DELETE FROM '.MYSQL_PREFIX.$this->TABLE_NAME.' WHERE invoice_id=:invoice_id'); + $query->bindParam(':invoice_id', $this->invoice_id); + $query->execute(); + } } diff --git a/inc/functions.php b/inc/functions.php index b7ca44b..40258f2 100644 --- a/inc/functions.php +++ b/inc/functions.php @@ -81,6 +81,7 @@ } function formatUsersIn($users_in, $all_users) { + global $localized; // TODO : Move this function to somewhere else ? $return = ''; $users_in = $users_in->get(); @@ -91,10 +92,10 @@ $return .= $all_users[$user_in]->getDisplayName(); if($guests != 0) { - if($guest > 1) - $return .= ' ('.$guests.' '.$localized['guest'].'s)'; + if($guests > 1) + $return .= ' ('.$guests.' '.$localized['guest'][LANG].'s)'; else - $return .= ' ('.$guests.' '.$localized['guest'].')'; + $return .= ' ('.$guests.' '.$localized['guest'][LANG].')'; } } diff --git a/index.php b/index.php index a3ec6c7..e11d35a 100644 --- a/index.php +++ b/index.php @@ -8,7 +8,8 @@ 'write_error_data'=>array('fr'=>'Le script ne peut pas écrire dans le dossier data/, vérifiez les permissions sur ce dossier.', 'en'=>'The script can\'t write in data/ dir, check permissions set on this folder.'), 'unable_write_config'=>array('fr'=>'Impossible d\'écrire le fichier data/config.php. Vérifiez les permissions.', 'en'=>'Unable to write data/config.php file. Check permissions.'), 'negative_amount'=>array('fr'=>'Montant négatif non autorisé.', 'en'=>'Negative amount not allowed.'), - 'template_error'=>array('fr'=>'Template non disponible.', 'en'=>'Template not available.') + 'template_error'=>array('fr'=>'Template non disponible.', 'en'=>'Template not available.'), + 'unauthorized'=>array('fr'=>'Vous n\'avez pas le droit de faire cette action.', 'en'=>'You are not authorized to do that.') ); $localized = array( @@ -448,15 +449,25 @@ break; case 'delete_invoice': - // TODO : Check user has right to do it if(!empty($_GET['id'])) { $invoice = new Invoice(); - $invoice->setId($_GET['id']); - $invoice->delete(); + $invoice = $invoice->load(array('id'=>(int) $_GET['id']), true); - // Clear the cache - array_map("unlink", glob(raintpl::$cache_dir."*.rtpl.php")); + if($current_user->getAdmin() || $invoice->getBuyer() == $current_user->getId()) { + $invoice->delete(); + // Clear the cache + array_map("unlink", glob(raintpl::$cache_dir."*.rtpl.php")); + + header('location: index.php?'.$get_redir); + exit(); + } + else { + $tpl->assign('error', $errors['unauthorized']); + $tpl->draw('index'); + } + } + else { header('location: index.php?'.$get_redir); exit(); } @@ -464,10 +475,10 @@ default: // Display cached page in priority - /* TODO if($cache = $tpl->cache('index', $expire_time = 600, $cache_id = $current_user->getLogin())) { + if($cache = $tpl->cache('index', $expire_time = 600, $cache_id = $current_user->getLogin())) { echo $cache; } - else { */ + else { $users_list = new User(); $users_list = $users_list->load(); @@ -482,5 +493,5 @@ $tpl->draw('index'); break; - //} + } } diff --git a/tpl/default_en/edit_users.html b/tpl/default_en/edit_users.html index 3f6aae5..2f95f02 100644 --- a/tpl/default_en/edit_users.html +++ b/tpl/default_en/edit_users.html @@ -1,9 +1,5 @@ {include="header"} -{if condition="$error != ''"} -

{$error}

-{/if} - {if condition="$view == 'list_users'"}

List of users

You can also add a user.

diff --git a/tpl/default_en/header.html b/tpl/default_en/header.html index 920c212..a02008b 100755 --- a/tpl/default_en/header.html +++ b/tpl/default_en/header.html @@ -27,3 +27,4 @@ {/if} {/if} +{if condition="!empty($error)"}

{$error}

{/if} diff --git a/tpl/default_en/index.html b/tpl/default_en/index.html index f5b45cb..c058c60 100755 --- a/tpl/default_en/index.html +++ b/tpl/default_en/index.html @@ -27,7 +27,7 @@

Detailed list of bills for last month

- {if condition="count($invoices)>=1"} + {if condition="$invoices !== false && count($invoices)>=1"} @@ -40,7 +40,7 @@ {loop="invoices"} - + diff --git a/tpl/default_en/new_invoice.html b/tpl/default_en/new_invoice.html index 7826484..92ef083 100755 --- a/tpl/default_en/new_invoice.html +++ b/tpl/default_en/new_invoice.html @@ -1,9 +1,5 @@ {include="header"} -{if condition="$error != ''"} -

{$error}

-{/if} -

Add a bill

diff --git a/tpl/default_en/settings.html b/tpl/default_en/settings.html index 32999fa..8556ffb 100644 --- a/tpl/default_en/settings.html +++ b/tpl/default_en/settings.html @@ -2,7 +2,6 @@ {if condition="!$show_settings"}

Edit homepage notice

-{if condition="$error"}

{$error}

{/if}


@@ -17,7 +16,6 @@ {else}

Change settings of your Bouffe@Ulm installation

-{if condition="$error"}

{$error}

{/if}
Database
Date
{$value->getDate()}{$value->getDate('d-m-Y A')} {$users[$value->getBuyer()]->getDisplayName()} {function="formatUsersIn($value->getUsersIn(), $users)"} {$value->getAmount()}