mirror of
https://github.com/itflow-org/itflow
synced 2026-05-29 22:28:19 +00:00
API: Add some missing end points
This commit is contained in:
johnnyq
28
api/v1/invoices/create.php
Normal file
28
api/v1/invoices/create.php
Normal file
@@ -0,0 +1,28 @@
|
||||
<?php
|
||||
|
||||
require_once '../validate_api_key.php';
|
||||
|
||||
require_once '../require_post_method.php';
|
||||
|
||||
$invoice_row = false; // Creation, not an update
|
||||
require_once 'invoice_model.php';
|
||||
|
||||
// Default
|
||||
$insert_id = false;
|
||||
|
||||
// client_id is required for invoices
|
||||
if (!empty($client_id)) {
|
||||
|
||||
$insert_sql = mysqli_query($mysqli, "INSERT INTO invoices SET invoice_date = '$date', invoice_due_date = '$due_date', invoice_notes = '$notes', invoice_footer = '$footer', invoice_currency_code = '$currency_code', invoice_client_id = $client_id, invoice_status = 'Draft'");
|
||||
|
||||
if ($insert_sql) {
|
||||
$insert_id = mysqli_insert_id($mysqli);
|
||||
|
||||
// Logging
|
||||
logAction("Invoice", "Create", "Created invoice via API ($api_key_name)", $client_id, $insert_id);
|
||||
logAction("API", "Success", "Created invoice via API ($api_key_name)", $client_id);
|
||||
}
|
||||
}
|
||||
|
||||
// Output
|
||||
require_once '../create_output.php';
|
||||
31
api/v1/invoices/delete.php
Normal file
31
api/v1/invoices/delete.php
Normal file
@@ -0,0 +1,31 @@
|
||||
<?php
|
||||
|
||||
require_once '../validate_api_key.php';
|
||||
|
||||
require_once '../require_post_method.php';
|
||||
|
||||
// Parse ID
|
||||
$invoice_id = intval($_POST['invoice_id']);
|
||||
|
||||
// Default
|
||||
$delete_count = false;
|
||||
|
||||
if (!empty($invoice_id)) {
|
||||
$row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM invoices WHERE invoice_id = $invoice_id AND invoice_client_id LIKE '$client_id' LIMIT 1"));
|
||||
$invoice_exists = $row['invoice_id'];
|
||||
|
||||
$delete_sql = mysqli_query($mysqli, "DELETE FROM invoices WHERE invoice_id = $invoice_id AND invoice_client_id LIKE '$client_id' LIMIT 1");
|
||||
|
||||
if ($delete_sql && !empty($invoice_exists)) {
|
||||
$delete_count = mysqli_affected_rows($mysqli);
|
||||
|
||||
// Also delete invoice items
|
||||
mysqli_query($mysqli, "DELETE FROM invoice_items WHERE invoice_item_invoice_id = $invoice_id");
|
||||
|
||||
// Logging
|
||||
logAction("Invoice", "Delete", "Invoice $invoice_id via API ($api_key_name)", $client_id);
|
||||
}
|
||||
}
|
||||
|
||||
// Output
|
||||
require_once '../delete_output.php';
|
||||
43
api/v1/invoices/invoice_model.php
Normal file
43
api/v1/invoices/invoice_model.php
Normal file
@@ -0,0 +1,43 @@
|
||||
<?php
|
||||
|
||||
// Variable assignment from POST (or: blank/from DB is updating)
|
||||
|
||||
if (isset($_POST['invoice_date'])) {
|
||||
$date = sanitizeInput($_POST['invoice_date']);
|
||||
} elseif ($invoice_row) {
|
||||
$date = $invoice_row['invoice_date'];
|
||||
} else {
|
||||
$date = date('Y-m-d');
|
||||
}
|
||||
|
||||
if (isset($_POST['invoice_due_date'])) {
|
||||
$due_date = sanitizeInput($_POST['invoice_due_date']);
|
||||
} elseif ($invoice_row) {
|
||||
$due_date = $invoice_row['invoice_due_date'];
|
||||
} else {
|
||||
$due_date = date('Y-m-d');
|
||||
}
|
||||
|
||||
if (isset($_POST['invoice_notes'])) {
|
||||
$notes = sanitizeInput($_POST['invoice_notes']);
|
||||
} elseif ($invoice_row) {
|
||||
$notes = mysqli_real_escape_string($mysqli, $invoice_row['invoice_notes']);
|
||||
} else {
|
||||
$notes = '';
|
||||
}
|
||||
|
||||
if (isset($_POST['invoice_footer'])) {
|
||||
$footer = sanitizeInput($_POST['invoice_footer']);
|
||||
} elseif ($invoice_row) {
|
||||
$footer = mysqli_real_escape_string($mysqli, $invoice_row['invoice_footer']);
|
||||
} else {
|
||||
$footer = '';
|
||||
}
|
||||
|
||||
if (isset($_POST['invoice_currency_code'])) {
|
||||
$currency_code = sanitizeInput($_POST['invoice_currency_code']);
|
||||
} elseif ($invoice_row) {
|
||||
$currency_code = mysqli_real_escape_string($mysqli, $invoice_row['invoice_currency_code']);
|
||||
} else {
|
||||
$currency_code = '';
|
||||
}
|
||||
31
api/v1/invoices/update.php
Normal file
31
api/v1/invoices/update.php
Normal file
@@ -0,0 +1,31 @@
|
||||
<?php
|
||||
|
||||
require_once '../validate_api_key.php';
|
||||
|
||||
require_once '../require_post_method.php';
|
||||
|
||||
// Parse ID
|
||||
$invoice_id = intval($_POST['invoice_id']);
|
||||
|
||||
// Default
|
||||
$update_count = false;
|
||||
|
||||
if (!empty($invoice_id)) {
|
||||
|
||||
$invoice_row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM invoices WHERE invoice_id = '$invoice_id' AND invoice_client_id LIKE '$client_id' LIMIT 1"));
|
||||
|
||||
require_once 'invoice_model.php';
|
||||
|
||||
$update_sql = mysqli_query($mysqli, "UPDATE invoices SET invoice_date = '$date', invoice_due_date = '$due_date', invoice_notes = '$notes', invoice_footer = '$footer', invoice_currency_code = '$currency_code' WHERE invoice_id = $invoice_id AND invoice_client_id LIKE '$client_id' LIMIT 1");
|
||||
|
||||
if ($update_sql) {
|
||||
$update_count = mysqli_affected_rows($mysqli);
|
||||
|
||||
// Logging
|
||||
logAction("Invoice", "Edit", "Invoice $invoice_id via API ($api_key_name)", $client_id);
|
||||
logAction("API", "Success", "Edited invoice $invoice_id via API ($api_key_name)", $client_id);
|
||||
}
|
||||
}
|
||||
|
||||
// Output
|
||||
require_once '../update_output.php';
|
||||
Reference in New Issue
Block a user