diff --git a/app/Models/Appconfig.php b/app/Models/Appconfig.php index d1cf65460..1e65f93c2 100644 --- a/app/Models/Appconfig.php +++ b/app/Models/Appconfig.php @@ -15,6 +15,11 @@ use ReflectionException; */ class Appconfig extends Model { + protected $allowedFields = [ + 'key', + 'value' + ]; + public function exists(string $key): bool { $builder = $this->db->table('app_config'); @@ -46,20 +51,18 @@ class Appconfig extends Model /** * Calls the parent save() from BaseModel and updates the cached reference. - * @param $data + * @param array|object $data * @return bool * @throws ReflectionException */ - public function save($data): bool + public function save($data): bool //TODO: This is puking: Allowed fields must be specified for model: "App\Models\Appconfig" { $success = parent::save($data); $config = config('OSPOS'); - $key = array_keys($data)[0]; if($success) { - $config->settings[$key] = $data[$key]; - $config->update_settings(); + $config->update_settings(); //TODO: We need to investigate whether there is a possibility of stale data. It updates the cache in this function, but when save() returns any instances of $config->settings[] may not be updated yet. } return $success; diff --git a/app/Models/Attribute.php b/app/Models/Attribute.php index 32ec72fc1..8e39f7e57 100644 --- a/app/Models/Attribute.php +++ b/app/Models/Attribute.php @@ -13,6 +13,22 @@ use ReflectionClass; */ class Attribute extends Model { + protected $allowedFields = [ //TODO: This model may not be well designed... The model accesses three different tables (attribute_definitions, attribute_links, attribute_values). Should that be more than one model? + 'definition_name', + 'definition_type', + 'definition_unit', + 'definition_flags', + 'deleted', + 'attribute_id', + 'definition_id', + 'item_id', + 'sale_id', + 'receiving_id', + 'attribute_value', + 'attribute_date', + 'attribute_decimal' + ]; + const SHOW_IN_ITEMS = 1; //TODO: These need to be moved to constants.php const SHOW_IN_SALES = 2; const SHOW_IN_RECEIVINGS = 4; diff --git a/app/Models/Cashup.php b/app/Models/Cashup.php index 1a6512a47..cf6c44021 100644 --- a/app/Models/Cashup.php +++ b/app/Models/Cashup.php @@ -14,6 +14,23 @@ use stdClass; class Cashup extends Model { + protected $allowedFields = [ + 'open_date', + 'close_date', + 'open_cash_amount', + 'transfer_cash_amount', + 'note', + 'closed_amount_cash', + 'closed_amount_card', + 'closed_amount_check', + 'closed_amount_total', + 'description', + 'open_employee_id', + 'close_employee_id', + 'deleted', + 'closed_amount_due' + ]; + /** * Determines if a given Cashup_id is a Cashup */ @@ -62,7 +79,7 @@ class Cashup extends Model { $config = config('OSPOS')->settings; $builder = $this->db->table('cash_up AS cash_up'); - + // get_found_rows case if($count_only) { diff --git a/app/Models/Customer.php b/app/Models/Customer.php index 4949897ac..77dc3ca25 100644 --- a/app/Models/Customer.php +++ b/app/Models/Customer.php @@ -9,6 +9,23 @@ use CodeIgniter\Database\ResultInterface; */ class Customer extends Person { + protected $allowedFields = [ + 'account_number', + 'taxable', + 'tax_id', + 'sales_tax_code_id', + 'deleted', + 'discount', + 'discount_type', + 'company_name', + 'package_id', + 'points', + 'date', + 'employee_id', + 'consent' + ]; + + /** * Determines if a given person_id is a customer */ diff --git a/app/Models/Customer_rewards.php b/app/Models/Customer_rewards.php index 3ebe5e651..4c2e57ee8 100644 --- a/app/Models/Customer_rewards.php +++ b/app/Models/Customer_rewards.php @@ -10,6 +10,12 @@ use CodeIgniter\Model; */ class Customer_rewards extends Model { + protected $allowedFields = [ + 'package_name', + 'points_percent', + 'deleted' + ]; + public function exists(int $package_id): bool { $builder = $this->db->table('customers_packages'); diff --git a/app/Models/Dinner_table.php b/app/Models/Dinner_table.php index bb2dff55e..d76c0e6f8 100644 --- a/app/Models/Dinner_table.php +++ b/app/Models/Dinner_table.php @@ -10,6 +10,12 @@ use CodeIgniter\Model; */ class Dinner_table extends Model { + protected $allowedFields = [ + 'name', + 'status', + 'deleted' + ]; + public function exists(int $dinner_table_id): bool { $builder = $this->db->table('dinner_tables'); @@ -145,4 +151,4 @@ class Dinner_table extends Model { return $this->release($release_dinner_table_id) && $this->occupy($occupy_dinner_table_id); } -} \ No newline at end of file +} diff --git a/app/Models/Employee.php b/app/Models/Employee.php index 247fc9381..df6aa4e3d 100644 --- a/app/Models/Employee.php +++ b/app/Models/Employee.php @@ -14,6 +14,15 @@ use CodeIgniter\Session\Session; */ class Employee extends Person { + protected $allowedFields = [ + 'username', + 'password', + 'deleted', + 'hashversion', + 'language', + 'language_code' + ]; + public function __construct() { parent::__construct(); diff --git a/app/Models/Expense.php b/app/Models/Expense.php index e65790b68..725228e2f 100644 --- a/app/Models/Expense.php +++ b/app/Models/Expense.php @@ -14,6 +14,19 @@ use stdClass; */ class Expense extends Model { + protected $allowedFields = [ + 'date', + 'amount', + 'payment_type', + 'expense_category_id', + 'description', + 'employee_id', + 'deleted', + 'supplier_tax_code', + 'tax_amount', + 'supplier_id' + ]; + /** * Determines if a given Expense_id is an Expense */ diff --git a/app/Models/Expense_category.php b/app/Models/Expense_category.php index 23b6e4777..2ee23d944 100644 --- a/app/Models/Expense_category.php +++ b/app/Models/Expense_category.php @@ -11,6 +11,12 @@ use stdClass; */ class Expense_category extends Model { + protected $allowedFields = [ + 'category_name', + 'category_description', + 'deleted' + ]; + /** * Determines if a given Expense_id is an Expense category */ @@ -173,4 +179,4 @@ class Expense_category extends Model return $builder->get(); } -} \ No newline at end of file +} diff --git a/app/Models/Giftcard.php b/app/Models/Giftcard.php index ae76a64c7..e3c356be9 100644 --- a/app/Models/Giftcard.php +++ b/app/Models/Giftcard.php @@ -11,6 +11,14 @@ use stdClass; */ class Giftcard extends Model { + protected $allowedFields = [ + 'giftcard_number', + 'value', + 'deleted', + 'person_id', + 'record_time' + ]; + /** * Determines if a given giftcard_id is a giftcard */ @@ -329,4 +337,4 @@ class Giftcard extends Model return $builder->get()->getRow()->person_id; } -} \ No newline at end of file +} diff --git a/app/Models/Inventory.php b/app/Models/Inventory.php index eee2167c0..2cd2bb039 100644 --- a/app/Models/Inventory.php +++ b/app/Models/Inventory.php @@ -14,6 +14,15 @@ use ReflectionException; */ class Inventory extends Model { + protected $allowedFields = [ + 'trans_items', + 'trans_user', + 'trans_date', + 'trans_comment', + 'trans_inventory', + 'trans_location' + ]; + public function insert($inventory_data = NULL, bool $returnID = TRUE) { $builder = $this->db->table('inventory'); diff --git a/app/Models/Item.php b/app/Models/Item.php index 72986b678..d090e61a3 100644 --- a/app/Models/Item.php +++ b/app/Models/Item.php @@ -15,6 +15,29 @@ use stdClass; */ class Item extends Model { + protected $allowedFields = [ + 'name', + 'category', + 'supplier_id', + 'item_number', + 'description', + 'cost_price', + 'unit_price', + 'reorder_level', + 'allow_alt_description', + 'is_serialized', + 'deleted', + 'stock_type', + 'item_type', + 'tax_category_id', + 'receiving_quantity', + 'pic_filename', + 'qty_per_pack', + 'pack_name', + 'low_sell_item_id', + 'hsn_code' + ]; + /** * Determines if a given item_id is an item */ diff --git a/app/Models/Item_kit.php b/app/Models/Item_kit.php index bc13335f1..4a5abaca3 100644 --- a/app/Models/Item_kit.php +++ b/app/Models/Item_kit.php @@ -11,6 +11,16 @@ use stdClass; */ class Item_kit extends Model { + protected $allowedFields = [ + 'item_kit_number', + 'name', + 'description', + 'item_id', + 'kit_discount', + 'kit_discount_type', + 'price_option' + ]; + /** * Determines if a given item_id is an item kit */ diff --git a/app/Models/Item_kit_items.php b/app/Models/Item_kit_items.php index b08bedd10..ba608d835 100644 --- a/app/Models/Item_kit_items.php +++ b/app/Models/Item_kit_items.php @@ -9,6 +9,10 @@ use CodeIgniter\Model; */ class Item_kit_items extends Model { + protected $allowedFields = [ + 'kit_sequence' + ]; + /** * Gets item kit items for a particular item kit */ diff --git a/app/Models/Item_quantity.php b/app/Models/Item_quantity.php index 5564e362c..ba1738506 100644 --- a/app/Models/Item_quantity.php +++ b/app/Models/Item_quantity.php @@ -10,6 +10,10 @@ use stdClass; */ class Item_quantity extends Model { + protected $allowedFields = [ + 'quantity' + ]; + public function exists(int $item_id, int $location_id): bool { $builder = $this->db->table('item_quantities'); @@ -93,4 +97,4 @@ class Item_quantity extends Model return $builder->update(['quantity' => 0]); } -} \ No newline at end of file +} diff --git a/app/Models/Item_taxes.php b/app/Models/Item_taxes.php index 038827f96..5b9f7dd03 100644 --- a/app/Models/Item_taxes.php +++ b/app/Models/Item_taxes.php @@ -9,6 +9,11 @@ use CodeIgniter\Model; */ class Item_taxes extends Model { + protected $allowedFields = [ + 'name', + 'percent' + ]; + /** * Gets tax info for a particular item */ diff --git a/app/Models/Module.php b/app/Models/Module.php index 5610e8aab..f9a769088 100644 --- a/app/Models/Module.php +++ b/app/Models/Module.php @@ -10,6 +10,12 @@ use CodeIgniter\Model; */ class Module extends Model { + protected $allowedFields = [ + 'name_lang_key', + 'desc_lang_key', + 'sort' + ]; + public function get_module_name(string $module_id): string { $builder = $this->db->table('modules'); @@ -128,4 +134,4 @@ class Module extends Model return $builder->get()->getRow()->sort; } -} \ No newline at end of file +} diff --git a/app/Models/Person.php b/app/Models/Person.php index 6d2a92424..5790867a1 100644 --- a/app/Models/Person.php +++ b/app/Models/Person.php @@ -11,6 +11,21 @@ use stdClass; */ class Person extends Model { + protected $allowedFields = [ + 'first_name', + 'last_name', + 'phone_number', + 'email', + 'address_1', + 'address_2', + 'city', + 'state', + 'zip', + 'country', + 'comments', + 'gender' + ]; + /** * Determines whether the given person exists in the people database table * diff --git a/app/Models/Receiving.php b/app/Models/Receiving.php index a93feaf31..2ab37697e 100644 --- a/app/Models/Receiving.php +++ b/app/Models/Receiving.php @@ -17,6 +17,16 @@ use ReflectionException; */ class Receiving extends Model { + protected $allowedFields = [ + 'receiving_time', + 'supplier_id', + 'employee_id', + 'comment', + 'receiving_id', + 'payment_type', + 'reference' + ]; + public function get_info(int $receiving_id): ResultInterface { $builder = $this->db->table('receivings'); @@ -239,7 +249,7 @@ class Receiving extends Model // execute transaction $this->db->transComplete(); - + return $this->db->transStatus(); } @@ -250,7 +260,7 @@ class Receiving extends Model return $builder->get(); } - + public function get_supplier(int $receiving_id): object { $builder = $this->db->table('receivings'); diff --git a/app/Models/Rewards.php b/app/Models/Rewards.php index e85ffbc8c..4b7b6df75 100644 --- a/app/Models/Rewards.php +++ b/app/Models/Rewards.php @@ -10,6 +10,12 @@ use CodeIgniter\Model; class Rewards extends Model //TODO: This class is named with plural while the general practice is to name models singular { + protected $allowedFields = [ + 'sale_id', + 'earned', + 'used' + ]; + /** * Inserts or updates a rewards */ @@ -32,4 +38,4 @@ class Rewards extends Model //TODO: This class is named with plural while the ge return $builder->update($rewards_data); } -} \ No newline at end of file +} diff --git a/app/Models/Sale.php b/app/Models/Sale.php index 91b3e6221..649170ba1 100644 --- a/app/Models/Sale.php +++ b/app/Models/Sale.php @@ -25,6 +25,19 @@ use ReflectionException; */ class Sale extends Model { + protected $allowedFields = [ + 'sale_time', + 'customer_id', + 'employee_id', + 'comment', + 'quote_number', + 'sale_status', + 'invoice_number', + 'dinner_table_id', + 'work_order_number', + 'sale_type' + ]; + public function __construct() { parent::__construct(); @@ -1114,7 +1127,7 @@ class Sale extends Model { $builder = $this->db->table('sales'); $builder->where('invoice_number', $invoice_number); - + if(!empty($sale_id)) { $builder->where('sale_id !=', $sale_id); @@ -1223,7 +1236,7 @@ class Sale extends Model WHERE ' . $where . ' GROUP BY sale_id, item_id, line )'; - + $this->db->query($sql); // create a temporary table to contain all the payment types and amount @@ -1241,7 +1254,7 @@ class Sale extends Model WHERE ' . $where . ' GROUP BY payments.sale_id )'; - + $this->db->query($sql); $item = model(Item::class); $sql = 'CREATE TEMPORARY TABLE IF NOT EXISTS ' . $this->db->prefixTable('sales_items_temp') . @@ -1308,7 +1321,7 @@ class Sale extends Model WHERE ' . $where . ' GROUP BY sale_id, item_id, line )'; - + $this->db->query($sql); } @@ -1372,7 +1385,7 @@ class Sale extends Model public function update_sale_status(int $sale_id, int $sale_status): void { $builder = $this->db->table('sales'); - + $builder->where('sale_id', $sale_id); $builder->update(['sale_status' => $sale_status]); } diff --git a/app/Models/Stock_location.php b/app/Models/Stock_location.php index e3cc1f5b5..0f47622f9 100644 --- a/app/Models/Stock_location.php +++ b/app/Models/Stock_location.php @@ -16,6 +16,11 @@ use CodeIgniter\Session\Session; */ class Stock_location extends Model { + protected $allowedFields = [ + 'location_name', + 'deleted' + ]; + public function __construct() { parent::__construct(); diff --git a/app/Models/Supplier.php b/app/Models/Supplier.php index c9eecd4b0..212c0538f 100644 --- a/app/Models/Supplier.php +++ b/app/Models/Supplier.php @@ -9,15 +9,24 @@ use CodeIgniter\Database\ResultInterface; */ class Supplier extends Person { + protected $allowedFields = [ + 'company_name', + 'account_number', + 'tax_id', + 'deleted', + 'agency_name', + 'category' + ]; + /** * Determines if a given person_id is a customer */ public function exists(int $person_id): bool { - $builder = $this->db->table('suppliers'); + $builder = $this->db->table('suppliers'); $builder->join('people', 'people.person_id = suppliers.person_id'); $builder->where('suppliers.person_id', $person_id); - + return ($builder->get()->getNumRows() == 1); //TODO: === } @@ -31,7 +40,7 @@ class Supplier extends Person return $builder->countAllResults(); } - + /** * Returns all the suppliers */ @@ -50,17 +59,17 @@ class Supplier extends Person return $builder->get(); } - + /** * Gets information about a particular supplier */ public function get_info(int $person_id): object { - $builder = $this->db->table('suppliers'); + $builder = $this->db->table('suppliers'); $builder->join('people', 'people.person_id = suppliers.person_id'); $builder->where('suppliers.person_id', $person_id); $query = $builder->get(); - + if($query->getNumRows() == 1) //TODO: === { return $query->getRow(); @@ -69,18 +78,18 @@ class Supplier extends Person { //Get empty base parent object, as $supplier_id is NOT a supplier $person_obj = parent::get_info(-1); //TODO: need to replace with a constant instead of -1 - - //Get all the fields from supplier table + + //Get all the fields from supplier table //append those fields to base parent object, we have a complete empty object foreach($this->db->getFieldNames('suppliers') as $field) { $person_obj->$field = ''; } - + return $person_obj; } } - + /** * Gets information about multiple suppliers */ @@ -93,7 +102,7 @@ class Supplier extends Person return $builder->get(); } - + /** * Inserts or updates a suppliers */ @@ -103,7 +112,7 @@ class Supplier extends Person //Run these queries as a transaction, we want to make sure we do all or nothing $this->db->transStart(); - + if(parent::save_value($person_data,$supplier_id)) { $builder = $this->db->table('suppliers'); @@ -118,14 +127,14 @@ class Supplier extends Person $success = $builder->update($supplier_data); } } - + $this->db->transComplete(); - + $success &= $this->db->transStatus(); return $success; } - + /** * Deletes one supplier */ @@ -136,7 +145,7 @@ class Supplier extends Person return $builder->update(['deleted' => 1]); } - + /** * Deletes a list of suppliers */ @@ -147,7 +156,7 @@ class Supplier extends Person return $builder->update(['deleted' => 1]); } - + /** * Get search suggestions to find suppliers */ @@ -183,7 +192,7 @@ class Supplier extends Person $builder->join('people', 'suppliers.person_id = people.person_id'); $builder->groupStart(); $builder->like('first_name', $search); - $builder->orLike('last_name', $search); + $builder->orLike('last_name', $search); $builder->orLike('CONCAT(first_name, " ", last_name)', $search); $builder->groupEnd(); $builder->where('deleted', 0); @@ -246,7 +255,7 @@ class Supplier extends Person { return $this->search($search, 0, 0, 'last_name', 'asc', TRUE); } - + /** * Perform a search on suppliers */ @@ -272,7 +281,7 @@ class Supplier extends Person $builder->orLike('CONCAT(first_name, " ", last_name)', $search); //TODO: According to PHPStorm, this line down to the return is repeated in Customer.php and Employee.php... perhaps refactoring a method in a library could be helpful? $builder->groupEnd(); $builder->where('deleted', 0); - + if($count_only == TRUE) //TODO: This needs to be replaced with `if($count_only)` { return $builder->get()->getRow()->count; diff --git a/app/Models/Tax.php b/app/Models/Tax.php index 8727332a0..e4a45355d 100644 --- a/app/Models/Tax.php +++ b/app/Models/Tax.php @@ -11,6 +11,14 @@ use stdClass; */ class Tax extends Model { + protected $allowedFields = [ + 'rate_tax_code_id', + 'rate_tax_category_id', + 'rate_jurisdiction_id', + 'tax_rate', + 'tax_rounding_code' + ]; + /** * Determines if a given row is on file */ diff --git a/app/Models/Tax_category.php b/app/Models/Tax_category.php index a6b3cf383..3699b2096 100644 --- a/app/Models/Tax_category.php +++ b/app/Models/Tax_category.php @@ -12,6 +12,12 @@ use stdClass; class Tax_category extends Model { + protected $allowedFields = [ + 'tax_category', + 'tax_group_sequence', + 'deleted' + ]; + /** * Determines if it exists in the table */ @@ -260,4 +266,4 @@ class Tax_category extends Model ] ]; } -} \ No newline at end of file +} diff --git a/app/Models/Tax_code.php b/app/Models/Tax_code.php index a56db8ba6..2af0ae4ac 100644 --- a/app/Models/Tax_code.php +++ b/app/Models/Tax_code.php @@ -11,6 +11,14 @@ use stdClass; */ class Tax_code extends Model { + protected $allowedFields = [ + 'tax_code', + 'tax_code_name', + 'city', + 'state', + 'deleted' + ]; + /** * Determines if it exists in the table */ diff --git a/app/Models/Tax_jurisdiction.php b/app/Models/Tax_jurisdiction.php index 3ad8c6752..5662a3d0d 100644 --- a/app/Models/Tax_jurisdiction.php +++ b/app/Models/Tax_jurisdiction.php @@ -12,6 +12,16 @@ use stdClass; class Tax_jurisdiction extends Model { + protected $allowedFields = [ + 'jurisdiction_name', + 'tax_group', + 'tax_type', + 'reporting_authority', + 'tax_group_sequence', + 'cascade_sequence', + 'deleted' + ]; + /** * Determines if it exists in the table */