Merge pull request #595 from wrongecho/role-enf

Role enforcement - Reporting
itflow-org · Feb 2, 2023 · 00c3537 · 00c3537
2 parents 124439e + baf03d4
commit 00c3537
Show file tree

Hide file tree

Showing 9 changed files with 903 additions and 885 deletions.
diff --git a/functions.php b/functions.php
@@ -50,7 +50,7 @@ function initials($str) {
         $ret = '';
         foreach (explode(' ', $str) as $word)
             $ret .= strtoupper($word[0]);
-            $ret = substr($ret,0, 2);
+        $ret = substr($ret,0, 2);
         return $ret;
     }
 }
@@ -474,6 +474,7 @@ function validateAdminRole() {
     }
 }
 
+// Validates a user is a tech (or admin). Stops page load and attempts to direct away from the page if not (i.e. user is an accountant)
 function validateTechRole() {
     if (!isset($_SESSION['user_role']) || $_SESSION['user_role'] == 1) {
         $_SESSION['alert_type'] = "danger";
@@ -483,6 +484,7 @@ function validateTechRole() {
     }
 }
 
+// Validates a user is an accountant (or admin). Stops page load and attempts to direct away from the page if not (i.e. user is a tech)
 function validateAccountantRole() {
     if (!isset($_SESSION['user_role']) || $_SESSION['user_role'] == 2) {
         $_SESSION['alert_type'] = "danger";

diff --git a/report_expense_by_vendor.php b/report_expense_by_vendor.php
@@ -1,16 +1,18 @@
-<?php include("inc_all_reports.php"); ?>
-<?php 
+<?php
+
+include("inc_all_reports.php");
+validateAccountantRole();
 
 if (isset($_GET['year'])) {
-  $year = intval($_GET['year']);
-}else{
-  $year = date('Y');
+    $year = intval($_GET['year']);
+} else {
+    $year = date('Y');
 }
 
 if (isset($_GET['year'])) {
-  $year = intval($_GET['year']);
-}else{
-  $year = date('Y');
+    $year = intval($_GET['year']);
+} else {
+    $year = date('Y');
 }
 
 $sql_payment_years = mysqli_query($mysqli,"SELECT DISTINCT YEAR(payment_date) AS payment_year FROM payments WHERE company_id = $session_company_id UNION SELECT DISTINCT YEAR(revenue_date) AS payment_year FROM revenues WHERE company_id = $session_company_id ORDER BY payment_year DESC");
@@ -19,65 +21,65 @@
 
 ?>
 
-<div class="card card-dark">
-  <div class="card-header py-2">
-    <h3 class="card-title mt-2"><i class="fa fa-fw fa-building"></i> Expense By Vendor</h3>
-    <div class="card-tools">
-      <button type="button" class="btn btn-primary d-print-none" onclick="window.print();"><i class="fas fa-fw fa-print"></i> Print</button>
-    </div>
-  </div>
-  <div class="card-body">
-    <form class="mb-3">
-      <select onchange="this.form.submit()" class="form-control" name="year">
-        <?php 
-
-        while ($row = mysqli_fetch_array($sql_payment_years)) {
-          $payment_year = $row['payment_year'];
-        ?>
-        <option <?php if ($year == $payment_year) { ?> selected <?php } ?> > <?php echo $payment_year; ?></option>
-
-        <?php
-        }
-        ?>
-
-      </select>
-    </form>
-
-    <div class="table-responsive">
-      <table class="table table-striped">
-        <thead>
-          <tr>
-            <th>Vendor</th>
-            <th class="text-right">Paid</th>
-          </tr>
-        </thead>
-        <tbody>
-          <?php
-          while ($row = mysqli_fetch_array($sql_vendors)) {
-            $vendor_id = $row['vendor_id'];
-            $vendor_name = htmlentities($row['vendor_name']);
-
-            $sql_amount_paid = mysqli_query($mysqli,"SELECT SUM(expense_amount) AS amount_paid FROM expenses WHERE YEAR(expense_date) = $year AND expense_vendor_id = $vendor_id");
-            $row = mysqli_fetch_array($sql_amount_paid);
-
-            $amount_paid = floatval($row['amount_paid']);
-
-            if ($amount_paid > 599) {
-
-              ?>
-
-              <tr>
-                <td><?php echo $vendor_name; ?></td>
-                <td class="text-right"><?php echo numfmt_format_currency($currency_format, $amount_paid, $session_company_currency); ?></td>
-              </tr>
-              <?php 
-              } 
-            }
-            ?>
-        </tbody>
-      </table>
+    <div class="card card-dark">
+        <div class="card-header py-2">
+            <h3 class="card-title mt-2"><i class="fa fa-fw fa-building"></i> Expense By Vendor</h3>
+            <div class="card-tools">
+                <button type="button" class="btn btn-primary d-print-none" onclick="window.print();"><i class="fas fa-fw fa-print"></i> Print</button>
+            </div>
+        </div>
+        <div class="card-body">
+            <form class="mb-3">
+                <select onchange="this.form.submit()" class="form-control" name="year">
+                    <?php
+
+                    while ($row = mysqli_fetch_array($sql_payment_years)) {
+                        $payment_year = $row['payment_year'];
+                        ?>
+                        <option <?php if ($year == $payment_year) { ?> selected <?php } ?> > <?php echo $payment_year; ?></option>
+
+                        <?php
+                    }
+                    ?>
+
+                </select>
+            </form>
+
+            <div class="table-responsive">
+                <table class="table table-striped">
+                    <thead>
+                    <tr>
+                        <th>Vendor</th>
+                        <th class="text-right">Paid</th>
+                    </tr>
+                    </thead>
+                    <tbody>
+                    <?php
+                    while ($row = mysqli_fetch_array($sql_vendors)) {
+                        $vendor_id = $row['vendor_id'];
+                        $vendor_name = htmlentities($row['vendor_name']);
+
+                        $sql_amount_paid = mysqli_query($mysqli,"SELECT SUM(expense_amount) AS amount_paid FROM expenses WHERE YEAR(expense_date) = $year AND expense_vendor_id = $vendor_id");
+                        $row = mysqli_fetch_array($sql_amount_paid);
+
+                        $amount_paid = floatval($row['amount_paid']);
+
+                        if ($amount_paid > 599) {
+
+                            ?>
+
+                            <tr>
+                                <td><?php echo $vendor_name; ?></td>
+                                <td class="text-right"><?php echo numfmt_format_currency($currency_format, $amount_paid, $session_company_currency); ?></td>
+                            </tr>
+                            <?php
+                        }
+                    }
+                    ?>
+                    </tbody>
+                </table>
+            </div>
+        </div>
     </div>
-  </div>
-</div>
 
-<?php include("footer.php"); ?>
+<?php require_once("footer.php"); ?>
diff --git a/report_expense_summary.php b/report_expense_summary.php
@@ -1,14 +1,17 @@
-<?php include("inc_all_reports.php");
+<?php
+
+require_once("inc_all_reports.php");
+validateAccountantRole();
 
 if (isset($_GET['year'])) {
     $year = intval($_GET['year']);
-}else{
+} else {
     $year = date('Y');
 }
 
 if (isset($_GET['year'])) {
     $year = intval($_GET['year']);
-}else{
+} else {
     $year = date('Y');
 }
 
@@ -130,7 +133,7 @@
     </div>
 </div>
 
-<?php include("footer.php"); ?>
+<?php require_once("footer.php"); ?>
 
 <script>
     // Set new default font family and font color to mimic Bootstrap's default styling

diff --git a/report_income_by_client.php b/report_income_by_client.php
@@ -1,16 +1,18 @@
-<?php include("inc_all_reports.php"); ?>
-<?php 
+<?php
+
+require_once("inc_all_reports.php");
+validateAccountantRole();
 
 if (isset($_GET['year'])) {
-  $year = intval($_GET['year']);
-}else{
-  $year = date('Y');
+    $year = intval($_GET['year']);
+} else {
+    $year = date('Y');
 }
 
 if (isset($_GET['year'])) {
-  $year = intval($_GET['year']);
-}else{
-  $year = date('Y');
+    $year = intval($_GET['year']);
+} else {
+    $year = date('Y');
 }
 
 $sql_payment_years = mysqli_query($mysqli,"SELECT DISTINCT YEAR(payment_date) AS payment_year FROM payments WHERE company_id = $session_company_id UNION SELECT DISTINCT YEAR(revenue_date) AS payment_year FROM revenues WHERE company_id = $session_company_id ORDER BY payment_year DESC");
@@ -20,64 +22,64 @@
 ?>
 
 <div class="card card-dark">
-  <div class="card-header py-2">
-    <h3 class="card-title mt-2"><i class="fa fa-fw fa-users"></i> Income By Client</h3>
-    <div class="card-tools">
-      <button type="button" class="btn btn-primary d-print-none" onclick="window.print();"><i class="fas fa-fw fa-print"></i> Print</button>
+    <div class="card-header py-2">
+        <h3 class="card-title mt-2"><i class="fa fa-fw fa-users"></i> Income By Client</h3>
+        <div class="card-tools">
+            <button type="button" class="btn btn-primary d-print-none" onclick="window.print();"><i class="fas fa-fw fa-print"></i> Print</button>
+        </div>
     </div>
-  </div>
-  <div class="card-body">
-    <form class="mb-3">
-      <select onchange="this.form.submit()" class="form-control" name="year">
-        <?php 
-
-        while ($row = mysqli_fetch_array($sql_payment_years)) {
-          $payment_year = $row['payment_year'];
-        ?>
-        <option <?php if ($year == $payment_year) { ?> selected <?php } ?> > <?php echo $payment_year; ?></option>
-
-        <?php
-        }
-        ?>
-
-      </select>
-    </form>
-
-    <div class="table-responsive">
-      <table class="table table-striped">
-        <thead>
-          <tr>
-            <th>Client</th>
-            <th class="text-right">Paid</th>
-          </tr>
-        </thead>
-        <tbody>
-          <?php
-          while ($row = mysqli_fetch_array($sql_clients)) {
-            $client_id = $row['client_id'];
-            $client_name = htmlentities($row['client_name']);
-
-            $sql_amount_paid = mysqli_query($mysqli,"SELECT SUM(payment_amount) AS amount_paid FROM payments, invoices WHERE payment_invoice_id = invoice_id AND YEAR(payment_date) = $year AND invoice_client_id = $client_id");
-            $row = mysqli_fetch_array($sql_amount_paid);
-
-            $amount_paid = floatval($row['amount_paid']);
-
-            if ($amount_paid > 599) {
-
-              ?>
-
-              <tr>
-                <td><?php echo $client_name; ?></td>
-                <td class="text-right"><?php echo numfmt_format_currency($currency_format, $amount_paid, $session_company_currency); ?></td>
-              </tr>
-              <?php 
-              } 
-            }
-            ?>
-        </tbody>
-      </table>
+    <div class="card-body">
+        <form class="mb-3">
+            <select onchange="this.form.submit()" class="form-control" name="year">
+                <?php
+
+                while ($row = mysqli_fetch_array($sql_payment_years)) {
+                    $payment_year = $row['payment_year'];
+                    ?>
+                    <option <?php if ($year == $payment_year) { ?> selected <?php } ?> > <?php echo $payment_year; ?></option>
+
+                    <?php
+                }
+                ?>
+
+            </select>
+        </form>
+
+        <div class="table-responsive">
+            <table class="table table-striped">
+                <thead>
+                <tr>
+                    <th>Client</th>
+                    <th class="text-right">Paid</th>
+                </tr>
+                </thead>
+                <tbody>
+                <?php
+                while ($row = mysqli_fetch_array($sql_clients)) {
+                    $client_id = $row['client_id'];
+                    $client_name = htmlentities($row['client_name']);
+
+                    $sql_amount_paid = mysqli_query($mysqli,"SELECT SUM(payment_amount) AS amount_paid FROM payments, invoices WHERE payment_invoice_id = invoice_id AND YEAR(payment_date) = $year AND invoice_client_id = $client_id");
+                    $row = mysqli_fetch_array($sql_amount_paid);
+
+                    $amount_paid = floatval($row['amount_paid']);
+
+                    if ($amount_paid > 599) {
+
+                        ?>
+
+                        <tr>
+                            <td><?php echo $client_name; ?></td>
+                            <td class="text-right"><?php echo numfmt_format_currency($currency_format, $amount_paid, $session_company_currency); ?></td>
+                        </tr>
+                        <?php
+                    }
+                }
+                ?>
+                </tbody>
+            </table>
+        </div>
     </div>
-  </div>
 </div>
 
-<?php include("footer.php"); ?>
+<?php require_once("footer.php"); ?>
diff --git a/report_income_summary.php b/report_income_summary.php
@@ -1,6 +1,8 @@
-<?php include("inc_all_reports.php"); ?>
 <?php
 
+require_once("inc_all_reports.php");
+validateAccountantRole();
+
 if (isset($_GET['year'])) {
     $year = intval($_GET['year']);
 } else {
@@ -148,7 +150,7 @@
     </div>
 </div>
 
-<?php include("footer.php"); ?>
+<?php require_once("footer.php"); ?>
 
 <script>
     // Set new default font family and font color to mimic Bootstrap's default styling