mirror of
https://github.com/itflow-org/itflow
synced 2026-06-02 16:18:19 +00:00
API: Add some missing end points
This commit is contained in:
johnnyq
30
api/v1/expenses/create.php
Normal file
30
api/v1/expenses/create.php
Normal file
@@ -0,0 +1,30 @@
|
||||
<?php
|
||||
|
||||
require_once '../validate_api_key.php';
|
||||
|
||||
require_once '../require_post_method.php';
|
||||
|
||||
// Expenses require All Clients scope
|
||||
$insert_id = false;
|
||||
|
||||
if ($client_id == 0) {
|
||||
|
||||
$expense_row = false; // Creation, not an update
|
||||
require_once 'expense_model.php';
|
||||
|
||||
if (!empty($description)) {
|
||||
|
||||
$insert_sql = mysqli_query($mysqli, "INSERT INTO expenses SET expense_description = '$description', expense_amount = $amount, expense_date = '$date', expense_tax = $tax, expense_notes = '$notes', expense_vendor_id = $vendor_id, expense_category_id = $category_id");
|
||||
|
||||
if ($insert_sql) {
|
||||
$insert_id = mysqli_insert_id($mysqli);
|
||||
|
||||
// Logging
|
||||
logAction("Expense", "Create", "Created expense $description via API ($api_key_name)", 0, $insert_id);
|
||||
logAction("API", "Success", "Created expense $description via API ($api_key_name)", 0);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// Output
|
||||
require_once '../create_output.php';
|
||||
29
api/v1/expenses/delete.php
Normal file
29
api/v1/expenses/delete.php
Normal file
@@ -0,0 +1,29 @@
|
||||
<?php
|
||||
|
||||
require_once '../validate_api_key.php';
|
||||
|
||||
require_once '../require_post_method.php';
|
||||
|
||||
// Parse ID
|
||||
$expense_id = intval($_POST['expense_id']);
|
||||
|
||||
// Default
|
||||
$delete_count = false;
|
||||
|
||||
// Expenses require All Clients scope
|
||||
if (!empty($expense_id) && $client_id == 0) {
|
||||
$row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM expenses WHERE expense_id = $expense_id LIMIT 1"));
|
||||
$expense_description = $row['expense_description'];
|
||||
|
||||
$delete_sql = mysqli_query($mysqli, "DELETE FROM expenses WHERE expense_id = $expense_id LIMIT 1");
|
||||
|
||||
if ($delete_sql && !empty($expense_description)) {
|
||||
$delete_count = mysqli_affected_rows($mysqli);
|
||||
|
||||
// Logging
|
||||
logAction("Expense", "Delete", "$expense_description via API ($api_key_name)", 0);
|
||||
}
|
||||
}
|
||||
|
||||
// Output
|
||||
require_once '../delete_output.php';
|
||||
60
api/v1/expenses/expense_model.php
Normal file
60
api/v1/expenses/expense_model.php
Normal file
@@ -0,0 +1,60 @@
|
||||
<?php
|
||||
|
||||
// Variable assignment from POST (or: blank/from DB is updating)
|
||||
// Note: expenses are not scoped to a client_id
|
||||
|
||||
if (isset($_POST['expense_description'])) {
|
||||
$description = sanitizeInput($_POST['expense_description']);
|
||||
} elseif ($expense_row) {
|
||||
$description = mysqli_real_escape_string($mysqli, $expense_row['expense_description']);
|
||||
} else {
|
||||
$description = '';
|
||||
}
|
||||
|
||||
if (isset($_POST['expense_amount'])) {
|
||||
$amount = floatval($_POST['expense_amount']);
|
||||
} elseif ($expense_row) {
|
||||
$amount = $expense_row['expense_amount'];
|
||||
} else {
|
||||
$amount = 0;
|
||||
}
|
||||
|
||||
if (isset($_POST['expense_date'])) {
|
||||
$date = sanitizeInput($_POST['expense_date']);
|
||||
} elseif ($expense_row) {
|
||||
$date = $expense_row['expense_date'];
|
||||
} else {
|
||||
$date = date('Y-m-d');
|
||||
}
|
||||
|
||||
if (isset($_POST['expense_tax'])) {
|
||||
$tax = floatval($_POST['expense_tax']);
|
||||
} elseif ($expense_row) {
|
||||
$tax = $expense_row['expense_tax'];
|
||||
} else {
|
||||
$tax = 0;
|
||||
}
|
||||
|
||||
if (isset($_POST['expense_notes'])) {
|
||||
$notes = sanitizeInput($_POST['expense_notes']);
|
||||
} elseif ($expense_row) {
|
||||
$notes = mysqli_real_escape_string($mysqli, $expense_row['expense_notes']);
|
||||
} else {
|
||||
$notes = '';
|
||||
}
|
||||
|
||||
if (isset($_POST['expense_vendor_id'])) {
|
||||
$vendor_id = intval($_POST['expense_vendor_id']);
|
||||
} elseif ($expense_row) {
|
||||
$vendor_id = $expense_row['expense_vendor_id'];
|
||||
} else {
|
||||
$vendor_id = 0;
|
||||
}
|
||||
|
||||
if (isset($_POST['expense_category_id'])) {
|
||||
$category_id = intval($_POST['expense_category_id']);
|
||||
} elseif ($expense_row) {
|
||||
$category_id = $expense_row['expense_category_id'];
|
||||
} else {
|
||||
$category_id = 0;
|
||||
}
|
||||
32
api/v1/expenses/update.php
Normal file
32
api/v1/expenses/update.php
Normal file
@@ -0,0 +1,32 @@
|
||||
<?php
|
||||
|
||||
require_once '../validate_api_key.php';
|
||||
|
||||
require_once '../require_post_method.php';
|
||||
|
||||
// Parse ID
|
||||
$expense_id = intval($_POST['expense_id']);
|
||||
|
||||
// Default
|
||||
$update_count = false;
|
||||
|
||||
// Expenses require All Clients scope
|
||||
if (!empty($expense_id) && $client_id == 0) {
|
||||
|
||||
$expense_row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM expenses WHERE expense_id = '$expense_id' LIMIT 1"));
|
||||
|
||||
require_once 'expense_model.php';
|
||||
|
||||
$update_sql = mysqli_query($mysqli, "UPDATE expenses SET expense_description = '$description', expense_amount = $amount, expense_date = '$date', expense_tax = $tax, expense_notes = '$notes', expense_vendor_id = $vendor_id, expense_category_id = $category_id WHERE expense_id = $expense_id LIMIT 1");
|
||||
|
||||
if ($update_sql) {
|
||||
$update_count = mysqli_affected_rows($mysqli);
|
||||
|
||||
// Logging
|
||||
logAction("Expense", "Edit", "$description via API ($api_key_name)", 0);
|
||||
logAction("API", "Success", "Edited expense $description via API ($api_key_name)", 0);
|
||||
}
|
||||
}
|
||||
|
||||
// Output
|
||||
require_once '../update_output.php';
|
||||
Reference in New Issue
Block a user