From 93cb97f630c6a869ecfa3b9aaf6486ddf9a424b1 Mon Sep 17 00:00:00 2001
From: Marcus Hill <bcf8c9f2@opayq.com>
Date: Thu, 29 Dec 2022 21:41:53 +0000
Subject: [PATCH 1/4] Add deprecated notice to companies module and associated
 functionality (#532)

---
 companies.php | 4 ++++
 post.php      | 3 ++-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/companies.php b/companies.php
index ee6b370f..f6bb7d5e 100644
--- a/companies.php
+++ b/companies.php
@@ -26,6 +26,10 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
     </div>
   </div>
   <div class="card-body">
+    <div class="alert alert-danger" role="alert">
+      <b>The multi-company feature should be considered deprecated.</b> It may be removed in the near future - please see the <a href="https://forum.itflow.org/d/74-removing-the-multi-company-feature">forum post</a>.
+    </div>
+    <hr>
     <form autocomplete="off">
       <div class="input-group">
         <input type="search" class="form-control col-md-4" name="q" value="<?php if(isset($q)){ echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Companies">
diff --git a/post.php b/post.php
index 17958489..4acc8851 100644
--- a/post.php
+++ b/post.php
@@ -25,7 +25,8 @@ if(isset($_GET['switch_company'])){
         
         mysqli_query($mysqli,"UPDATE user_settings SET user_default_company = $company_id WHERE user_id = $session_user_id");
 
-        $_SESSION['alert_message'] = "Switched Companies!";
+        $_SESSION['alert_type'] = "error";
+        $_SESSION['alert_message'] = "Switched Companies. <a href='https://forum.itflow.org/d/74-removing-the-multi-company-feature' target='_blank'>Deprecated!</a>";
 
         //Logging
         mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Company', log_action = 'Switch', log_description = '$session_name switched to company $company_name', log_ip = '$session_ip', log_user_agent = '$session_user_agent',  log_user_id = $session_user_id, company_id = $session_company_id");

From d842dbb8639a33fd55fe58c0f4bb119fde779fff Mon Sep 17 00:00:00 2001
From: Marcus Hill <bcf8c9f2@opayq.com>
Date: Thu, 29 Dec 2022 22:29:54 +0000
Subject: [PATCH 2/4] Revert "Hide invoice ticket button for techs"

This reverts commit 6df24d859e9cbb77751dd86082e30eab917cd242.
---
 ticket.php | 11 +++--------
 1 file changed, 3 insertions(+), 8 deletions(-)

diff --git a/ticket.php b/ticket.php
index ecf6afeb..9b714163 100644
--- a/ticket.php
+++ b/ticket.php
@@ -589,17 +589,12 @@ if(isset($_GET['ticket_id'])){
 
     <?php if($config_module_enable_accounting){ ?>
     <div class="card card-body card-outline card-dark mb-2">
-      <div>
-        <?php
-        if($_SESSION['user_role'] == 1 || $_SESSION['user_role'] == 3){
-        ?>
-          <a href="#" class="btn btn-outline-success btn-block" href="#" data-toggle="modal" data-target="#addInvoiceFromTicketModal">Invoice Ticket</a>
-        <?php } ?>
-
+      <div class="">
+        <a href="#" class="btn btn-outline-success btn-block" href="#" data-toggle="modal" data-target="#addInvoiceFromTicketModal">Invoice Ticket</a>
         <?php
         if($ticket_status !== "Closed"){
         ?>
-          <a href="post.php?close_ticket=<?php echo $ticket_id; ?>" class="btn btn-outline-danger btn-block">Close Ticket</a>
+        <a href="post.php?close_ticket=<?php echo $ticket_id; ?>" class="btn btn-outline-danger btn-block">Close Ticket</a>
         <?php } ?>
       </div>
     </div>

From 8906a1960f520d92e31a0d43f82b11204e5f0455 Mon Sep 17 00:00:00 2001
From: Marcus Hill <bcf8c9f2@opayq.com>
Date: Thu, 29 Dec 2022 22:30:40 +0000
Subject: [PATCH 3/4] Revert "Enforce accountant or admin role to peform
 accounting related post requests"

This reverts commit ea3a12bdd728d6ef8cf145bf12b6b68a5cb8200f.
---
 post.php | 103 +++++++++++++++----------------------------------------
 1 file changed, 28 insertions(+), 75 deletions(-)

diff --git a/post.php b/post.php
index 1cc3f48a..b9d655a6 100644
--- a/post.php
+++ b/post.php
@@ -43,6 +43,7 @@ if(isset($_GET['switch_company'])){
 }
 
 if(isset($_POST['add_user'])){
+
     validateAdminRole();
 
     // CSRF Check
@@ -141,6 +142,7 @@ if(isset($_POST['add_user'])){
 }
 
 if(isset($_POST['edit_user'])){
+
     validateAdminRole();
 
     if($session_user_role != 3 && $_POST['user_id'] !== $session_user_id){
@@ -352,6 +354,7 @@ if(isset($_POST['edit_profile'])){
 }
 
 if(isset($_POST['edit_user_companies'])){
+
     validateAdminRole();
 
     $user_id = intval($_POST['user_id']);
@@ -377,6 +380,7 @@ if(isset($_POST['edit_user_companies'])){
 }
 
 if(isset($_GET['archive_user'])){
+
     validateAdminRole();
 
     // CSRF Check
@@ -406,6 +410,7 @@ if(isset($_GET['archive_user'])){
 
 // API Key
 if(isset($_POST['add_api_key'])){
+
     validateAdminRole();
 
     // CSRF Check
@@ -430,6 +435,7 @@ if(isset($_POST['add_api_key'])){
 }
 
 if(isset($_GET['delete_api_key'])){
+
     validateAdminRole();
 
     // CSRF Check
@@ -454,6 +460,7 @@ if(isset($_GET['delete_api_key'])){
 }
 
 if(isset($_POST['add_company'])){
+
     validateAdminRole();
 
     $name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['name'])));
@@ -553,8 +560,8 @@ if(isset($_POST['add_company'])){
 }
 
 if(isset($_POST['edit_company'])){
-    validateAdminRole();
 
+    validateAdminRole();
     $company_id = intval($_POST['company_id']);
     $name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['name'])));
     $address = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['address'])));
@@ -651,6 +658,7 @@ if(isset($_GET['archive_company'])){
 }
 
 if(isset($_GET['delete_company'])){
+
     validateAdminRole();
 
     // CSRF Check
@@ -777,6 +785,7 @@ if(isset($_POST['verify'])){
 }
 
 if(isset($_POST['edit_mail_settings'])){
+
     validateAdminRole();
 
     $config_smtp_host = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['config_smtp_host'])));
@@ -828,6 +837,7 @@ if(isset($_POST['edit_mail_settings'])){
 }
 
 if(isset($_POST['test_email_smtp'])){
+
     validateAdminRole();
 
     $email = strip_tags(mysqli_real_escape_string($mysqli,$_POST['email']));
@@ -850,6 +860,7 @@ if(isset($_POST['test_email_smtp'])){
 }
 
 if(isset($_POST['test_email_imap'])){
+
     validateAdminRole();
 
     // Prepare connection string with encryption (TLS/SSL/<blank>)
@@ -870,6 +881,7 @@ if(isset($_POST['test_email_imap'])){
 }
 
 if(isset($_POST['edit_invoice_settings'])){
+
     validateAdminRole();
 
     $config_invoice_prefix = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['config_invoice_prefix'])));
@@ -893,6 +905,7 @@ if(isset($_POST['edit_invoice_settings'])){
 }
 
 if(isset($_POST['edit_quote_settings'])){
+
     validateAdminRole();
 
     $config_quote_prefix = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['config_quote_prefix'])));
@@ -913,6 +926,7 @@ if(isset($_POST['edit_quote_settings'])){
 }
 
 if(isset($_POST['edit_ticket_settings'])){
+
     validateAdminRole();
 
     $config_ticket_prefix = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['config_ticket_prefix'])));
@@ -934,6 +948,7 @@ if(isset($_POST['edit_ticket_settings'])){
 }
 
 if(isset($_POST['edit_default_settings'])){
+
     validateAdminRole();
 
     $expense_account = intval($_POST['expense_account']);
@@ -956,6 +971,7 @@ if(isset($_POST['edit_default_settings'])){
 }
 
 if(isset($_POST['edit_alert_settings'])){
+
     validateAdminRole();
 
     $config_enable_cron = intval($_POST['config_enable_cron']);
@@ -975,6 +991,7 @@ if(isset($_POST['edit_alert_settings'])){
 }
 
 if(isset($_POST['edit_online_payment_settings'])){
+
     validateAdminRole();
 
     $config_stripe_enable = intval($_POST['config_stripe_enable']);
@@ -992,6 +1009,7 @@ if(isset($_POST['edit_online_payment_settings'])){
 }
 
 if(isset($_POST['edit_integrations_settings'])){
+
     validateAdminRole();
 
     $azure_client_id = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['azure_client_id'])));
@@ -1009,6 +1027,7 @@ if(isset($_POST['edit_integrations_settings'])){
 }
 
 if(isset($_POST['edit_module_settings'])){
+
     validateAdminRole();
 
     $config_module_enable_itdoc = intval($_POST['config_module_enable_itdoc']);
@@ -1055,6 +1074,7 @@ if(isset($_POST['disable_2fa'])){
 }
 
 if(isset($_GET['download_database'])){
+
     validateAdminRole();
 
     // Get All Table Names From the Database
@@ -1134,6 +1154,7 @@ if(isset($_GET['download_database'])){
 }
 
 if(isset($_POST['backup_master_key'])){
+
     validateAdminRole();
 
     $password = $_POST['password'];
@@ -1165,6 +1186,7 @@ if(isset($_POST['backup_master_key'])){
 }
 
 if(isset($_GET['update'])){
+
     validateAdminRole();
 
     exec("git pull");
@@ -1187,6 +1209,7 @@ if(isset($_GET['update'])){
 }
 
 if(isset($_GET['update_db'])){
+
     validateAdminRole();
 
     // Get the current version
@@ -1204,6 +1227,7 @@ if(isset($_GET['update_db'])){
 }
 
 if(isset($_POST['add_client'])){
+
     validateAdminRole();
 
     $name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['name'])));
@@ -1316,6 +1340,7 @@ if(isset($_POST['add_client'])){
 }
 
 if(isset($_POST['edit_client'])){
+
     validateAdminRole();
 
     $client_id = intval($_POST['client_id']);
@@ -1348,6 +1373,7 @@ if(isset($_POST['edit_client'])){
 }
 
 if(isset($_GET['archive_client'])){
+
     validateAdminRole();
 
     $client_id = intval($_GET['archive_client']);
@@ -1369,7 +1395,6 @@ if(isset($_GET['archive_client'])){
 }
 
 if(isset($_GET['undo_archive_client'])){
-    validateAdminRole();
 
     $client_id = intval($_GET['undo_archive_client']);
 
@@ -1389,6 +1414,7 @@ if(isset($_GET['undo_archive_client'])){
 }
 
 if(isset($_GET['delete_client'])){
+
     validateAdminRole();
 
     // CSRF Check
@@ -1806,7 +1832,6 @@ if(isset($_GET['export_client_vendors_csv'])){
 
 // Products
 if(isset($_POST['add_product'])){
-    validateAccountantRole();
 
     $name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['name'])));
     $description = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['description'])));
@@ -1826,7 +1851,6 @@ if(isset($_POST['add_product'])){
 }
 
 if(isset($_POST['edit_product'])){
-    validateAccountantRole();
 
     $product_id = intval($_POST['product_id']);
     $name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['name'])));
@@ -1850,8 +1874,6 @@ if(isset($_POST['edit_product'])){
 }
 
 if(isset($_GET['delete_product'])){
-    validateAccountantRole();
-
     $product_id = intval($_GET['delete_product']);
 
     //Get Product Name
@@ -1935,7 +1957,6 @@ if(isset($_GET['delete_trip'])){
 }
 
 if(isset($_POST['add_account'])){
-    validateAccountantRole();
 
     $name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['name'])));
     $opening_balance = floatval($_POST['opening_balance']);
@@ -1954,7 +1975,6 @@ if(isset($_POST['add_account'])){
 }
 
 if(isset($_POST['edit_account'])){
-    validateAccountantRole();
 
     $account_id = intval($_POST['account_id']);
     $name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['name'])));
@@ -1972,8 +1992,6 @@ if(isset($_POST['edit_account'])){
 }
 
 if(isset($_GET['archive_account'])){
-    validateAccountantRole();
-
     $account_id = intval($_GET['archive_account']);
 
     mysqli_query($mysqli,"UPDATE accounts SET account_archived_at = NOW() WHERE account_id = $account_id");
@@ -1988,8 +2006,6 @@ if(isset($_GET['archive_account'])){
 }
 
 if(isset($_GET['delete_account'])){
-    validateAccountantRole();
-
     $account_id = intval($_GET['delete_account']);
 
     mysqli_query($mysqli,"DELETE FROM accounts WHERE account_id = $account_id AND company_id = $session_company_id");
@@ -2126,7 +2142,6 @@ if(isset($_GET['delete_tag'])){
 //Tax
 
 if(isset($_POST['add_tax'])){
-    validateAccountantRole();
 
     $name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['name'])));
     $percent = floatval($_POST['percent']);
@@ -2143,7 +2158,6 @@ if(isset($_POST['add_tax'])){
 }
 
 if(isset($_POST['edit_tax'])){
-    validateAccountantRole();
 
     $tax_id = intval($_POST['tax_id']);
     $name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['name'])));
@@ -2161,8 +2175,6 @@ if(isset($_POST['edit_tax'])){
 }
 
 if(isset($_GET['archive_tax'])){
-    validateAccountantRole();
-
     $tax_id = intval($_GET['archive_tax']);
 
     mysqli_query($mysqli,"UPDATE taxes SET tax_archived_at = NOW() WHERE tax_id = $tax_id");
@@ -2177,8 +2189,6 @@ if(isset($_GET['archive_tax'])){
 }
 
 if(isset($_GET['delete_tax'])){
-    validateAccountantRole();
-
     $tax_id = intval($_GET['delete_tax']);
 
     mysqli_query($mysqli,"DELETE FROM taxes WHERE tax_id = $tax_id AND company_id = $session_company_id");
@@ -2234,7 +2244,6 @@ if(isset($_GET['dismiss_all_notifications'])){
 }
 
 if(isset($_POST['add_expense'])){
-    validateAccountantRole();
 
     $date = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['date'])));
     $amount = floatval($_POST['amount']);
@@ -2300,7 +2309,6 @@ if(isset($_POST['add_expense'])){
 }
 
 if(isset($_POST['edit_expense'])){
-    validateAccountantRole();
 
     $expense_id = intval($_POST['expense_id']);
     $date = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['date'])));
@@ -2369,8 +2377,6 @@ if(isset($_POST['edit_expense'])){
 }
 
 if(isset($_GET['delete_expense'])){
-    validateAccountantRole();
-
     $expense_id = intval($_GET['delete_expense']);
 
     $sql = mysqli_query($mysqli,"SELECT * FROM expenses WHERE expense_id = $expense_id AND company_id = $session_company_id");
@@ -2391,8 +2397,6 @@ if(isset($_GET['delete_expense'])){
 }
 
 if(isset($_POST['export_expenses_csv'])){
-    validateAccountantRole();
-
     $date_from = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['date_from'])));
     $date_to = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['date_to'])));
     if(!empty($date_from) && !empty($date_to)){
@@ -2449,7 +2453,6 @@ if(isset($_POST['export_expenses_csv'])){
 }
 
 if(isset($_POST['add_transfer'])){
-    validateAccountantRole();
 
     $date = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['date'])));
     $amount = floatval($_POST['amount']);
@@ -2475,7 +2478,6 @@ if(isset($_POST['add_transfer'])){
 }
 
 if(isset($_POST['edit_transfer'])){
-    validateAccountantRole();
 
     $transfer_id = intval($_POST['transfer_id']);
     $expense_id = intval($_POST['expense_id']);
@@ -2502,8 +2504,6 @@ if(isset($_POST['edit_transfer'])){
 }
 
 if(isset($_GET['delete_transfer'])){
-    validateAccountantRole();
-
     $transfer_id = intval($_GET['delete_transfer']);
 
     //Query the transfer ID to get the Payment and Expense IDs so we can delete those as well
@@ -2528,8 +2528,6 @@ if(isset($_GET['delete_transfer'])){
 }
 
 if(isset($_POST['add_invoice'])){
-    validateAccountantRole();
-
     $client = intval($_POST['client']);
     $date = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['date'])));
     $category = intval($_POST['category']);
@@ -2562,7 +2560,6 @@ if(isset($_POST['add_invoice'])){
 }
 
 if(isset($_POST['edit_invoice'])){
-    validateAccountantRole();
 
     $invoice_id = intval($_POST['invoice_id']);
     $date = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['date'])));
@@ -2582,7 +2579,6 @@ if(isset($_POST['edit_invoice'])){
 }
 
 if(isset($_POST['add_invoice_copy'])){
-    validateAccountantRole();
 
     $invoice_id = intval($_POST['invoice_id']);
     $date = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['date'])));
@@ -2639,7 +2635,6 @@ if(isset($_POST['add_invoice_copy'])){
 }
 
 if(isset($_POST['add_invoice_recurring'])){
-    validateAccountantRole();
 
     $invoice_id = intval($_POST['invoice_id']);
     $recurring_frequency = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['frequency'])));
@@ -2690,7 +2685,6 @@ if(isset($_POST['add_invoice_recurring'])){
 }
 
 if(isset($_POST['add_quote'])){
-    validateAccountantRole();
 
     $client = intval($_POST['client']);
     $date = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['date'])));
@@ -2722,7 +2716,6 @@ if(isset($_POST['add_quote'])){
 }
 
 if(isset($_POST['add_quote_copy'])){
-    validateAccountantRole();
 
     $quote_id = intval($_POST['quote_id']);
     $date = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['date'])));
@@ -2775,7 +2768,6 @@ if(isset($_POST['add_quote_copy'])){
 }
 
 if(isset($_POST['add_quote_to_invoice'])){
-    validateAccountantRole();
 
     $quote_id = intval($_POST['quote_id']);
     $date = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['date'])));
@@ -2831,7 +2823,6 @@ if(isset($_POST['add_quote_to_invoice'])){
 }
 
 if(isset($_POST['add_quote_item'])){
-    validateAccountantRole();
 
     $quote_id = intval($_POST['quote_id']);
     
@@ -2872,7 +2863,6 @@ if(isset($_POST['add_quote_item'])){
 }
 
 if(isset($_POST['quote_note'])){
-    validateAccountantRole();
     
     $quote_id = intval($_POST['quote_id']);
     $note = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['note'])));
@@ -2886,7 +2876,6 @@ if(isset($_POST['quote_note'])){
 }
 
 if(isset($_POST['edit_quote'])){
-    validateAccountantRole();
 
     $quote_id = intval($_POST['quote_id']);
     $date = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['date'])));
@@ -2905,8 +2894,6 @@ if(isset($_POST['edit_quote'])){
 }
 
 if(isset($_GET['delete_quote'])){
-    validateAccountantRole();
-
     $quote_id = intval($_GET['delete_quote']);
 
     mysqli_query($mysqli,"DELETE FROM quotes WHERE quote_id = $quote_id AND company_id = $session_company_id");
@@ -2935,8 +2922,6 @@ if(isset($_GET['delete_quote'])){
 }
 
 if(isset($_GET['delete_quote_item'])){
-    validateAccountantRole();
-
     $item_id = intval($_GET['delete_quote_item']);
 
     $sql = mysqli_query($mysqli,"SELECT * FROM invoice_items WHERE item_id = $item_id AND company_id = $session_company_id");
@@ -2965,7 +2950,6 @@ if(isset($_GET['delete_quote_item'])){
 }
 
 if(isset($_GET['mark_quote_sent'])){
-    validateAccountantRole();
 
     $quote_id = intval($_GET['mark_quote_sent']);
 
@@ -2983,7 +2967,6 @@ if(isset($_GET['mark_quote_sent'])){
 }
 
 if(isset($_GET['accept_quote'])){
-    validateAccountantRole();
 
     $quote_id = intval($_GET['accept_quote']);
 
@@ -3001,7 +2984,6 @@ if(isset($_GET['accept_quote'])){
 }
 
 if(isset($_GET['decline_quote'])){
-    validateAccountantRole();
 
     $quote_id = intval($_GET['decline_quote']);
 
@@ -3019,8 +3001,6 @@ if(isset($_GET['decline_quote'])){
 }
 
 if(isset($_GET['email_quote'])){
-    validateAccountantRole();
-
     $quote_id = intval($_GET['email_quote']);
 
     $sql = mysqli_query($mysqli,"SELECT * FROM quotes
@@ -3093,7 +3073,6 @@ if(isset($_GET['email_quote'])){
 }
 
 if(isset($_POST['add_recurring'])){
-    validateAccountantRole();
 
     $client = intval($_POST['client']);
     $frequency = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['frequency'])));
@@ -3123,7 +3102,6 @@ if(isset($_POST['add_recurring'])){
 }
 
 if(isset($_POST['edit_recurring'])){
-    validateAccountantRole();
 
     $recurring_id = intval($_POST['recurring_id']);
     $frequency = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['frequency'])));
@@ -3145,7 +3123,6 @@ if(isset($_POST['edit_recurring'])){
 }
 
 if(isset($_POST['edit_recurring_next_date'])){
-    validateAccountantRole();
 
     $recurring_id = intval($_POST['recurring_id']);
     $next_date = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['next_date'])));
@@ -3164,8 +3141,6 @@ if(isset($_POST['edit_recurring_next_date'])){
 }
 
 if(isset($_GET['delete_recurring'])){
-    validateAccountantRole();
-
     $recurring_id = intval($_GET['delete_recurring']);
 
     mysqli_query($mysqli,"DELETE FROM recurring WHERE recurring_id = $recurring_id AND company_id = $session_company_id");
@@ -3194,7 +3169,6 @@ if(isset($_GET['delete_recurring'])){
 }
 
 if(isset($_POST['add_recurring_item'])){
-    validateAccountantRole();
 
     $recurring_id = intval($_POST['recurring_id']);
     $name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['name'])));
@@ -3234,7 +3208,6 @@ if(isset($_POST['add_recurring_item'])){
 }
 
 if(isset($_POST['recurring_note'])){
-    validateAccountantRole();
     
     $recurring_id = intval($_POST['recurring_id']);
     $note = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['note'])));
@@ -3248,8 +3221,6 @@ if(isset($_POST['recurring_note'])){
 }
 
 if(isset($_GET['delete_recurring_item'])){
-    validateAccountantRole();
-
     $item_id = intval($_GET['delete_recurring_item']);
 
     $sql = mysqli_query($mysqli,"SELECT * FROM invoice_items WHERE item_id = $item_id AND company_id = $session_company_id");
@@ -3278,7 +3249,6 @@ if(isset($_GET['delete_recurring_item'])){
 }
 
 if(isset($_GET['mark_invoice_sent'])){
-    validateAccountantRole();
 
     $invoice_id = intval($_GET['mark_invoice_sent']);
 
@@ -3296,7 +3266,6 @@ if(isset($_GET['mark_invoice_sent'])){
 }
 
 if(isset($_GET['cancel_invoice'])){
-    validateAccountantRole();
 
     $invoice_id = intval($_GET['cancel_invoice']);
 
@@ -3314,8 +3283,6 @@ if(isset($_GET['cancel_invoice'])){
 }
 
 if(isset($_GET['delete_invoice'])){
-    validateAccountantRole();
-
     $invoice_id = intval($_GET['delete_invoice']);
 
     mysqli_query($mysqli,"DELETE FROM invoices WHERE invoice_id = $invoice_id AND company_id = $session_company_id");
@@ -3351,7 +3318,6 @@ if(isset($_GET['delete_invoice'])){
 }
 
 if(isset($_POST['add_invoice_item'])){
-    validateAccountantRole();
 
     $invoice_id = intval($_POST['invoice_id']);
     $name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['name'])));
@@ -3392,7 +3358,6 @@ if(isset($_POST['add_invoice_item'])){
 }
 
 if(isset($_POST['invoice_note'])){
-    validateAccountantRole();
 
     $invoice_id = intval($_POST['invoice_id']);
     $note = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['note'])));
@@ -3406,7 +3371,6 @@ if(isset($_POST['invoice_note'])){
 }
 
 if(isset($_POST['edit_item'])){
-    validateAccountantRole();
 
     $invoice_id = intval($_POST['invoice_id']);
     $quote_id = intval($_POST['quote_id']);
@@ -3467,8 +3431,6 @@ if(isset($_POST['edit_item'])){
 }
 
 if(isset($_GET['delete_invoice_item'])){
-    validateAccountantRole();
-
     $item_id = intval($_GET['delete_invoice_item']);
 
     $sql = mysqli_query($mysqli,"SELECT * FROM invoice_items WHERE item_id = $item_id AND company_id = $session_company_id");
@@ -3497,7 +3459,6 @@ if(isset($_GET['delete_invoice_item'])){
 }
 
 if(isset($_POST['add_payment'])){
-    validateAccountantRole();
 
     $invoice_id = intval($_POST['invoice_id']);
     $balance = floatval($_POST['balance']);
@@ -3636,8 +3597,6 @@ if(isset($_POST['add_payment'])){
 }
 
 if(isset($_GET['delete_payment'])){
-    validateAccountantRole();
-
     $payment_id = intval($_GET['delete_payment']);
 
     $sql = mysqli_query($mysqli,"SELECT * FROM payments WHERE payment_id = $payment_id AND company_id = $session_company_id");
@@ -3683,8 +3642,6 @@ if(isset($_GET['delete_payment'])){
 }
 
 if(isset($_GET['email_invoice'])){
-    validateAccountantRole();
-
     $invoice_id = intval($_GET['email_invoice']);
 
     $sql = mysqli_query($mysqli,"SELECT * FROM invoices
@@ -3775,7 +3732,6 @@ if(isset($_GET['email_invoice'])){
 }
 
 if(isset($_POST['add_revenue'])){
-    validateAccountantRole();
 
     $date = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['date'])));
     $amount = floatval($_POST['amount']);
@@ -3798,7 +3754,6 @@ if(isset($_POST['add_revenue'])){
 }
 
 if(isset($_POST['edit_revenue'])){
-    validateAccountantRole();
 
     $revenue_id = intval($_POST['revenue_id']);
     $date = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['date'])));
@@ -3822,8 +3777,6 @@ if(isset($_POST['edit_revenue'])){
 }
 
 if(isset($_GET['delete_revenue'])){
-    validateAccountantRole();
-
     $revenue_id = intval($_GET['delete_revenue']);
 
     mysqli_query($mysqli,"DELETE FROM revenues WHERE revenue_id = $revenue_id AND company_id = $session_company_id");

From ad26daa4658879016278c1191047320fd916c3e9 Mon Sep 17 00:00:00 2001
From: Marcus Hill <bcf8c9f2@opayq.com>
Date: Thu, 29 Dec 2022 22:33:36 +0000
Subject: [PATCH 4/4] Show techs the sales menu in accordance with new access
 matrix

---
 side_nav.php | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/side_nav.php b/side_nav.php
index 76f0b51d..1da310d5 100644
--- a/side_nav.php
+++ b/side_nav.php
@@ -98,8 +98,6 @@
 
         <?php } ?>
 
-        <?php if($session_user_role == 1 OR $session_user_role == 3 && $config_module_enable_accounting == 1){ ?>
-
         <li class="nav-header mt-3">SALES</li>
         <li class="nav-item">
           <a href="quotes.php" class="nav-link <?php if(basename($_SERVER["PHP_SELF"]) == "quotes.php" || basename($_SERVER["PHP_SELF"]) == "quote.php") { echo "active"; } ?>">
@@ -131,7 +129,10 @@
             <p>Products</p>
           </a>
         </li>
-        <li class="nav-header mt-3">ACCOUNTING</li>
+
+        <?php if($session_user_role == 1 OR $session_user_role == 3 && $config_module_enable_accounting == 1){ ?>
+
+          <li class="nav-header mt-3">ACCOUNTING</li>
         <li class="nav-item">
           <a href="payments.php" class="nav-link <?php if(basename($_SERVER["PHP_SELF"]) == "payments.php") { echo "active"; } ?>">
             <i class="nav-icon fas fa-credit-card"></i>