mirror of
https://github.com/opensourcepos/opensourcepos.git
synced 2026-03-07 16:47:03 -05:00
690f43578d
Complete Content-Type application/json fix for all AJAX responses - Add missing return statements to all ->response->setJSON() calls - Fix Items.php method calls from JSON() to setJSON() - Convert echo statements to proper JSON responses - Ensure consistent Content-Type headers across all controllers - Fix 46+ instances across 12 controller files - Change Config.php methods to : ResponseInterface (all return setJSON only): - postSaveRewards(), postSaveBarcode(), postSaveReceipt() - postSaveInvoice(), postRemoveLogo() - Update PHPDoc @return tags - Change Receivings.php _reload() to : string (only returns view) - Change Receivings.php methods to : string (all return _reload()): - getIndex(), postSelectSupplier(), postChangeMode(), postAdd() - postEditItem(), getDeleteItem(), getRemoveSupplier() - postComplete(), postRequisitionComplete(), getReceipt(), postCancelReceiving() - Change postSave() to : ResponseInterface (returns setJSON) - Update all PHPDoc @return tags Fix XSS vulnerabilities in sales templates, login, and config pages This commit addresses 5 XSS vulnerabilities by adding proper escaping to all user-controlled configuration values in HTML contexts. Fixed Files: - app/Views/sales/invoice.php: Escaped company_logo (URL context) and company (HTML) - app/Views/sales/work_order.php: Escaped company_logo (URL context) - app/Views/sales/receipt_email.php: Added file path validation and escaping for logo - app/Views/login.php: Escaped all config values in title, logo src, and alt - app/Views/configs/info_config.php: Escaped company_logo (URL context) Security Impact: - Prevents stored XSS attacks if configuration is compromised - Defense-in-depth principle applied to administrative interfaces - Follows OWASP best practices for output encoding Testing: - Verified no script execution with XSS payloads in config values - Confirmed proper escaping in HTML, URL, and file contexts - All templates render correctly with valid configuration Severity: High (4 files), Medium-High (1 file) CVSS Score: ~6.1 CWE: CWE-79 (Improper Neutralization of Input During Web Page Generation) Fix critical password validation bypass and add unit tests This commit addresses a critical security vulnerability where the password minimum length check was performed on the HASHED password (always 60 characters for bcrypt) instead of the actual password before hashing. Vulnerability Details: - Original code: strlen($employee_data['password']) >= 8 - This compared the hash length (always 60) instead of raw password - Impact: Users could set 1-character passwords like "a" - Severity: Critical (enables brute force attacks on weak passwords) - CVE-like issue: CWE-307 (Improper Restriction of Excessive Authentication Attempts) Fix Applied: - Validate password length BEFORE hashing - Clear error message when password is too short - Added unit tests to verify minimum length enforcement - Regression test to prevent future vulnerability re-introduction Test Coverage: - testPasswordMinLength_Rejects7Characters: Verify 7 chars rejected - testPasswordMinLength_Accepts8Characters: Verify 8 chars accepted - testPasswordMinLength_RejectsEmptyString: Verify empty rejected - testPasswordMinLength_RejectsWhitespaceOnly: Verify whitespace rejected - testPasswordMinLength_AcceptsSpecialCharacters: Verify special chars OK - testPasswordMinLength_RejectsPreviousBehavior: Regression test for bug Files Modified: - app/Controllers/Home.php: Fixed password validation logic - tests/Controllers/HomeTest.php: Added comprehensive unit tests Security Impact: - Enforces 8-character minimum password policy - Prevents extremely weak passwords that facilitate brute-force attacks - Critical for credential security and user account protection Breaking Changes: - Users with passwords < 8 characters will need to reset their password - This is the intended security improvement Severity: Critical CVSS Score: ~7.5 CWE: CWE-305 (Authentication Bypass by Primary Weakness), CWE-307 Add GitHub Actions workflow to run PHPUnit tests Move business logic from views to controllers for better separation of concerns - Move logo URL computation from info_config view to Config::getIndex() - Move image base64 encoding from receipt_email view to Sales controller - Improves separation of concerns by keeping business logic in controllers - Simplifies view templates to only handle presentation Fix XSS vulnerabilities in report views - escape user-controllable summary data and labels Fix base64 encoding URL issue in delete payment - properly URL encode base64 string Fix remaining return type declarations for Sales controller Fixed additional methods that call _reload(): - postAdd() - returns _reload($data) - postAddPayment() - returns _reload($data) - postEditItem() - returns _reload($data) - postSuspend() - returns _reload($data) - postSetPaymentType() - returns _reload() All methods now return ResponseInterface|string to match _reload() signature. This resolves PHP TypeError errors.
531 lines
22 KiB
PHP
531 lines
22 KiB
PHP
<?php
|
|
|
|
namespace App\Controllers;
|
|
|
|
use App\Libraries\Receiving_lib;
|
|
use App\Libraries\Token_lib;
|
|
use App\Libraries\Barcode_lib;
|
|
use App\Models\Inventory;
|
|
use App\Models\Item;
|
|
use App\Models\Item_kit;
|
|
use App\Models\Receiving;
|
|
use App\Models\Stock_location;
|
|
use App\Models\Supplier;
|
|
use CodeIgniter\HTTP\ResponseInterface;
|
|
use Config\OSPOS;
|
|
use Config\Services;
|
|
use ReflectionException;
|
|
|
|
class Receivings extends Secure_Controller
|
|
{
|
|
private Receiving_lib $receiving_lib;
|
|
private Token_lib $token_lib;
|
|
private Barcode_lib $barcode_lib;
|
|
private Inventory $inventory;
|
|
private Item $item;
|
|
private Item_kit $item_kit;
|
|
private Receiving $receiving;
|
|
private Stock_location $stock_location;
|
|
private Supplier $supplier;
|
|
private array $config;
|
|
|
|
public function __construct()
|
|
{
|
|
parent::__construct('receivings');
|
|
|
|
$this->receiving_lib = new Receiving_lib();
|
|
$this->token_lib = new Token_lib();
|
|
$this->barcode_lib = new Barcode_lib();
|
|
|
|
$this->inventory = model(Inventory::class);
|
|
$this->item_kit = model(Item_kit::class);
|
|
$this->item = model(Item::class);
|
|
$this->receiving = model(Receiving::class);
|
|
$this->stock_location = model(Stock_location::class);
|
|
$this->supplier = model(Supplier::class);
|
|
$this->config = config(OSPOS::class)->settings;
|
|
}
|
|
|
|
/**
|
|
* @return string
|
|
*/
|
|
public function getIndex(): string
|
|
{
|
|
return $this->_reload();
|
|
}
|
|
|
|
/**
|
|
* Returns search suggestions for an item. Used in app/Views/sales/register.php
|
|
*
|
|
* @return ResponseInterface
|
|
* @noinspection PhpUnused
|
|
*/
|
|
public function getItemSearch(): ResponseInterface
|
|
{
|
|
$search = $this->request->getGet('term');
|
|
$suggestions = $this->item->get_search_suggestions($search, ['search_custom' => false, 'is_deleted' => false], true);
|
|
$suggestions = array_merge($suggestions, $this->item_kit->get_search_suggestions($search));
|
|
|
|
return $this->response->setJSON($suggestions);
|
|
}
|
|
|
|
/**
|
|
* Gets search suggestions for a stock item. Used in app/Views/receivings/receiving.php
|
|
*
|
|
* @return ResponseInterface
|
|
* @noinspection PhpUnused
|
|
*/
|
|
public function getStockItemSearch(): ResponseInterface
|
|
{
|
|
$search = $this->request->getGet('term');
|
|
$suggestions = $this->item->get_stock_search_suggestions($search, ['search_custom' => false, 'is_deleted' => false], true);
|
|
$suggestions = array_merge($suggestions, $this->item_kit->get_search_suggestions($search));
|
|
|
|
return $this->response->setJSON($suggestions);
|
|
}
|
|
|
|
/**
|
|
* Set supplier if it exists in the database. Used in app/Views/receivings/receiving.php
|
|
*
|
|
* @return string
|
|
* @noinspection PhpUnused
|
|
*/
|
|
public function postSelectSupplier(): string
|
|
{
|
|
$supplier_id = $this->request->getPost('supplier', FILTER_SANITIZE_NUMBER_INT);
|
|
if ($this->supplier->exists($supplier_id)) {
|
|
$this->receiving_lib->set_supplier($supplier_id);
|
|
}
|
|
|
|
return $this->_reload(); // TODO: Hungarian notation
|
|
}
|
|
|
|
/**
|
|
* Change receiving mode for current receiving. Used in app/Views/receivings/receiving.php
|
|
*
|
|
* @return string
|
|
* @noinspection PhpUnused
|
|
*/
|
|
public function postChangeMode(): string
|
|
{
|
|
$stock_destination = $this->request->getPost('stock_destination', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
|
$stock_source = $this->request->getPost('stock_source', FILTER_SANITIZE_NUMBER_INT);
|
|
|
|
if ((!$stock_source || $stock_source == $this->receiving_lib->get_stock_source()) &&
|
|
(!$stock_destination || $stock_destination == $this->receiving_lib->get_stock_destination())
|
|
) {
|
|
$this->receiving_lib->clear_reference();
|
|
$mode = $this->request->getPost('mode', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
|
$this->receiving_lib->set_mode($mode);
|
|
} elseif ($this->stock_location->is_allowed_location($stock_source, 'receivings')) {
|
|
$this->receiving_lib->set_stock_source($stock_source);
|
|
$this->receiving_lib->set_stock_destination($stock_destination);
|
|
}
|
|
|
|
return $this->_reload(); // TODO: Hungarian notation
|
|
}
|
|
|
|
/**
|
|
* Sets receiving comment. Used in app/Views/receivings/receiving.php
|
|
* @return ResponseInterface
|
|
* @noinspection PhpUnused
|
|
*/
|
|
public function postSetComment(): ResponseInterface
|
|
{
|
|
$this->receiving_lib->set_comment($this->request->getPost('comment', FILTER_SANITIZE_FULL_SPECIAL_CHARS));
|
|
return $this->response->setJSON(['success' => true]);
|
|
}
|
|
|
|
/**
|
|
* Sets the print after sale flag for the receiving. Used in app/Views/receivings/receiving.php
|
|
* @return ResponseInterface
|
|
* @noinspection PhpUnused
|
|
*/
|
|
public function postSetPrintAfterSale(): ResponseInterface
|
|
{
|
|
$this->receiving_lib->set_print_after_sale($this->request->getPost('recv_print_after_sale') != null);
|
|
return $this->response->setJSON(['success' => true]);
|
|
}
|
|
|
|
/**
|
|
* Sets the reference number for the receiving. Used in app/Views/receivings/receiving.php
|
|
* @return ResponseInterface
|
|
* @noinspection PhpUnused
|
|
*/
|
|
public function postSetReference(): ResponseInterface
|
|
{
|
|
$this->receiving_lib->set_reference($this->request->getPost('recv_reference', FILTER_SANITIZE_FULL_SPECIAL_CHARS));
|
|
return $this->response->setJSON(['success' => true]);
|
|
}
|
|
|
|
/**
|
|
* Add an item to the receiving. Used in app/Views/receivings/receiving.php
|
|
*
|
|
* @return string
|
|
* @noinspection PhpUnused
|
|
*/
|
|
public function postAdd(): string
|
|
{
|
|
$data = [];
|
|
|
|
$mode = $this->receiving_lib->get_mode();
|
|
$item_id_or_number_or_item_kit_or_receipt = $this->request->getPost('item', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
|
$this->token_lib->parse_barcode($quantity, $price, $item_id_or_number_or_item_kit_or_receipt);
|
|
$quantity = ($mode == 'receive' || $mode == 'requisition') ? $quantity : -$quantity;
|
|
$item_location = $this->receiving_lib->get_stock_source();
|
|
$discount = $this->config['default_receivings_discount'];
|
|
$discount_type = $this->config['default_receivings_discount_type'];
|
|
|
|
if ($mode == 'return' && $this->receiving->is_valid_receipt($item_id_or_number_or_item_kit_or_receipt)) {
|
|
$this->receiving_lib->return_entire_receiving($item_id_or_number_or_item_kit_or_receipt);
|
|
} elseif ($this->item_kit->is_valid_item_kit($item_id_or_number_or_item_kit_or_receipt)) {
|
|
$this->receiving_lib->add_item_kit($item_id_or_number_or_item_kit_or_receipt, $item_location, $discount, $discount_type);
|
|
} elseif (!$this->receiving_lib->add_item($item_id_or_number_or_item_kit_or_receipt, $quantity, $item_location, $discount, $discount_type)) {
|
|
$data['error'] = lang('Receivings.unable_to_add_item');
|
|
}
|
|
|
|
return $this->_reload($data); // TODO: Hungarian notation
|
|
}
|
|
|
|
/**
|
|
* Edit line item in current receiving. Used in app/Views/receivings/receiving.php
|
|
*
|
|
* @param string|int|null $item_id
|
|
* @return string
|
|
* @noinspection PhpUnused
|
|
*/
|
|
public function postEditItem($item_id): string
|
|
{
|
|
$data = [];
|
|
|
|
$validation_rule = [
|
|
'price' => 'trim|required|decimal_locale',
|
|
'quantity' => 'trim|required|decimal_locale',
|
|
'discount' => 'trim|permit_empty|decimal_locale',
|
|
];
|
|
|
|
$price = parse_decimals($this->request->getPost('price'));
|
|
$quantity = parse_quantity($this->request->getPost('quantity'));
|
|
$raw_receiving_quantity = parse_quantity($this->request->getPost('receiving_quantity'));
|
|
|
|
$description = $this->request->getPost('description', FILTER_SANITIZE_FULL_SPECIAL_CHARS); // TODO: Duplicated code
|
|
$serialnumber = $this->request->getPost('serialnumber', FILTER_SANITIZE_FULL_SPECIAL_CHARS) ?? '';
|
|
$discount_type = $this->request->getPost('discount_type', FILTER_SANITIZE_NUMBER_INT);
|
|
$discount = $discount_type
|
|
? parse_quantity(filter_var($this->request->getPost('discount'), FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION))
|
|
: parse_decimals(filter_var($this->request->getPost('discount'), FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION));
|
|
|
|
$receiving_quantity = filter_var($raw_receiving_quantity, FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION);
|
|
|
|
if ($this->validate($validation_rule)) {
|
|
$this->receiving_lib->edit_item($item_id, $description, $serialnumber, $quantity, $discount, $discount_type, $price, $receiving_quantity);
|
|
} else {
|
|
$data['error'] = lang('Receivings.error_editing_item');
|
|
}
|
|
|
|
return $this->_reload($data); // TODO: Hungarian notation
|
|
}
|
|
|
|
/**
|
|
* Edit a receiving. Used in app/Controllers/Receivings.php
|
|
* @param $receiving_id
|
|
* @return string
|
|
* @noinspection PhpUnused
|
|
*/
|
|
public function getEdit($receiving_id): string
|
|
{
|
|
$data = [];
|
|
|
|
$data['suppliers'] = ['' => 'No Supplier'];
|
|
foreach ($this->supplier->get_all()->getResult() as $supplier) {
|
|
$data['suppliers'][$supplier->person_id] = $supplier->first_name . ' ' . $supplier->last_name;
|
|
}
|
|
|
|
$data['employees'] = [];
|
|
foreach ($this->employee->get_all()->getResult() as $employee) {
|
|
$data['employees'][$employee->person_id] = $employee->first_name . ' ' . $employee->last_name;
|
|
}
|
|
|
|
$receiving_info = $this->receiving->get_info($receiving_id)->getRowArray();
|
|
$data['selected_supplier_name'] = !empty($receiving_info['supplier_id']) ? $receiving_info['company_name'] : '';
|
|
$data['selected_supplier_id'] = $receiving_info['supplier_id'];
|
|
$data['receiving_info'] = $receiving_info;
|
|
|
|
return view('receivings/form', $data);
|
|
}
|
|
|
|
/**
|
|
* Deletes an item from the current receiving. Used in app/Views/receivings/receiving.php
|
|
*
|
|
* @param $item_number
|
|
* @return string
|
|
* @noinspection PhpUnused
|
|
*/
|
|
public function getDeleteItem($item_number): string
|
|
{
|
|
$this->receiving_lib->delete_item($item_number);
|
|
|
|
return $this->_reload(); // TODO: Hungarian notation
|
|
}
|
|
|
|
/**
|
|
* @throws ReflectionException
|
|
* @return ResponseInterface
|
|
*/
|
|
public function postDelete(int $receiving_id = -1, bool $update_inventory = true): ResponseInterface
|
|
{
|
|
$employee_id = $this->employee->get_logged_in_employee_info()->person_id;
|
|
$receiving_ids = $receiving_id == -1 ? $this->request->getPost('ids', FILTER_SANITIZE_NUMBER_INT) : [$receiving_id]; // TODO: Replace -1 with constant
|
|
|
|
if ($this->receiving->delete_list($receiving_ids, $employee_id, $update_inventory)) { // TODO: Likely need to surround this block of code in a try-catch to catch the ReflectionException
|
|
return $this->response->setJSON([
|
|
'success' => true,
|
|
'message' => lang('Receivings.successfully_deleted') . ' ' . count($receiving_ids) . ' ' . lang('Receivings.one_or_multiple'),
|
|
'ids' => $receiving_ids
|
|
]);
|
|
} else {
|
|
return $this->response->setJSON(['success' => false, 'message' => lang('Receivings.cannot_be_deleted')]);
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Removes a supplier from a receiving. Used in app/Views/receivings/receiving.php
|
|
*
|
|
* @return string
|
|
* @noinspection PhpUnused
|
|
*/
|
|
public function getRemoveSupplier(): string
|
|
{
|
|
$this->receiving_lib->clear_reference();
|
|
$this->receiving_lib->remove_supplier();
|
|
|
|
return $this->_reload(); // TODO: Hungarian notation
|
|
}
|
|
|
|
/**
|
|
* Complete and finalize receiving. Used in app/Views/receivings/receiving.php
|
|
*
|
|
* @return string
|
|
* @throws ReflectionException
|
|
* @noinspection PhpUnused
|
|
*/
|
|
public function postComplete(): string
|
|
{
|
|
|
|
$data = [];
|
|
|
|
$data['cart'] = $this->receiving_lib->get_cart();
|
|
$data['total'] = $this->receiving_lib->get_total();
|
|
$data['transaction_time'] = to_datetime(time());
|
|
$data['mode'] = $this->receiving_lib->get_mode();
|
|
$data['comment'] = $this->receiving_lib->get_comment();
|
|
$data['reference'] = $this->receiving_lib->get_reference();
|
|
$data['payment_type'] = $this->request->getPost('payment_type', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
|
$data['show_stock_locations'] = $this->stock_location->show_locations('receivings');
|
|
$data['stock_location'] = $this->receiving_lib->get_stock_source();
|
|
if ($this->request->getPost('amount_tendered') != null) {
|
|
$data['amount_tendered'] = parse_decimals($this->request->getPost('amount_tendered'));
|
|
$data['amount_change'] = to_currency($data['amount_tendered'] - $data['total']);
|
|
}
|
|
|
|
$employee_id = $this->employee->get_logged_in_employee_info()->person_id;
|
|
$employee_info = $this->employee->get_info($employee_id);
|
|
$data['employee'] = $employee_info->first_name . ' ' . $employee_info->last_name;
|
|
|
|
$supplier_id = $this->receiving_lib->get_supplier();
|
|
if ($supplier_id != -1) {
|
|
$supplier_info = $this->supplier->get_info($supplier_id);
|
|
$data['supplier'] = $supplier_info->company_name; // TODO: duplicated code
|
|
$data['first_name'] = $supplier_info->first_name;
|
|
$data['last_name'] = $supplier_info->last_name;
|
|
$data['supplier_email'] = $supplier_info->email;
|
|
$data['supplier_address'] = $supplier_info->address_1;
|
|
if (!empty($supplier_info->zip) or !empty($supplier_info->city)) {
|
|
$data['supplier_location'] = $supplier_info->zip . ' ' . $supplier_info->city;
|
|
} else {
|
|
$data['supplier_location'] = '';
|
|
}
|
|
}
|
|
|
|
// SAVE receiving to database
|
|
$data['receiving_id'] = 'RECV ' . $this->receiving->save_value($data['cart'], $supplier_id, $employee_id, $data['comment'], $data['reference'], $data['payment_type'], $data['stock_location']);
|
|
|
|
if ($data['receiving_id'] == 'RECV -1') {
|
|
$data['error_message'] = lang('Receivings.transaction_failed');
|
|
} else {
|
|
$data['barcode'] = $this->barcode_lib->generate_receipt_barcode($data['receiving_id']);
|
|
}
|
|
|
|
$data['print_after_sale'] = $this->receiving_lib->is_print_after_sale();
|
|
|
|
$view = view("receivings/receipt", $data);
|
|
|
|
$this->receiving_lib->clear_all();
|
|
|
|
return $view;
|
|
}
|
|
|
|
/**
|
|
* Complete a receiving requisition. Used in app/Views/receivings/receiving.php.
|
|
*
|
|
* @return string
|
|
* @throws ReflectionException
|
|
* @noinspection PhpUnused
|
|
*/
|
|
public function postRequisitionComplete(): string
|
|
{
|
|
if ($this->receiving_lib->get_stock_source() != $this->receiving_lib->get_stock_destination()) {
|
|
foreach ($this->receiving_lib->get_cart() as $item) {
|
|
$this->receiving_lib->delete_item($item['line']);
|
|
$this->receiving_lib->add_item($item['item_id'], $item['quantity'], $this->receiving_lib->get_stock_destination(), $item['discount_type']);
|
|
$this->receiving_lib->add_item($item['item_id'], -$item['quantity'], $this->receiving_lib->get_stock_source(), $item['discount_type']);
|
|
}
|
|
|
|
return $this->postComplete();
|
|
} else {
|
|
$data['error'] = lang('Receivings.error_requisition');
|
|
|
|
return $this->_reload($data); // TODO: Hungarian notation
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Gets the receipt for a receiving. Used in app/Views/receivings/form.php
|
|
*
|
|
* @param $receiving_id
|
|
* @return string
|
|
* @noinspection PhpUnused
|
|
*/
|
|
public function getReceipt($receiving_id): string
|
|
{
|
|
$receiving_info = $this->receiving->get_info($receiving_id)->getRowArray();
|
|
$this->receiving_lib->copy_entire_receiving($receiving_id);
|
|
$data['cart'] = $this->receiving_lib->get_cart();
|
|
$data['total'] = $this->receiving_lib->get_total();
|
|
$data['mode'] = $this->receiving_lib->get_mode();
|
|
$data['transaction_time'] = to_datetime(strtotime($receiving_info['receiving_time']));
|
|
$data['show_stock_locations'] = $this->stock_location->show_locations('receivings');
|
|
$data['payment_type'] = $receiving_info['payment_type'];
|
|
$data['reference'] = $this->receiving_lib->get_reference();
|
|
$data['receiving_id'] = 'RECV ' . $receiving_id;
|
|
$data['barcode'] = $this->barcode_lib->generate_receipt_barcode($data['receiving_id']);
|
|
$employee_info = $this->employee->get_info($receiving_info['employee_id']);
|
|
$data['employee'] = $employee_info->first_name . ' ' . $employee_info->last_name;
|
|
|
|
$supplier_id = $this->receiving_lib->get_supplier(); // TODO: Duplicated code
|
|
if ($supplier_id != -1) {
|
|
$supplier_info = $this->supplier->get_info($supplier_id);
|
|
$data['supplier'] = $supplier_info->company_name;
|
|
$data['first_name'] = $supplier_info->first_name;
|
|
$data['last_name'] = $supplier_info->last_name;
|
|
$data['supplier_email'] = $supplier_info->email;
|
|
$data['supplier_address'] = $supplier_info->address_1;
|
|
if (!empty($supplier_info->zip) or !empty($supplier_info->city)) {
|
|
$data['supplier_location'] = $supplier_info->zip . ' ' . $supplier_info->city;
|
|
} else {
|
|
$data['supplier_location'] = '';
|
|
}
|
|
}
|
|
|
|
$data['print_after_sale'] = false;
|
|
|
|
$view = view("receivings/receipt", $data);
|
|
|
|
$this->receiving_lib->clear_all();
|
|
|
|
return $view;
|
|
}
|
|
|
|
/**
|
|
* @param array $data
|
|
* @return string
|
|
*/
|
|
private function _reload(array $data = []): string // TODO: Hungarian notation
|
|
{
|
|
$data['cart'] = $this->receiving_lib->get_cart();
|
|
$data['modes'] = ['receive' => lang('Receivings.receiving'), 'return' => lang('Receivings.return')];
|
|
$data['mode'] = $this->receiving_lib->get_mode();
|
|
$data['stock_locations'] = $this->stock_location->get_allowed_locations('receivings');
|
|
$data['show_stock_locations'] = count($data['stock_locations']) > 1;
|
|
if ($data['show_stock_locations']) {
|
|
$data['modes']['requisition'] = lang('Receivings.requisition');
|
|
$data['stock_source'] = $this->receiving_lib->get_stock_source();
|
|
$data['stock_destination'] = $this->receiving_lib->get_stock_destination();
|
|
}
|
|
|
|
$data['total'] = $this->receiving_lib->get_total();
|
|
$data['items_module_allowed'] = $this->employee->has_grant('items', $this->employee->get_logged_in_employee_info()->person_id);
|
|
$data['comment'] = $this->receiving_lib->get_comment();
|
|
$data['reference'] = $this->receiving_lib->get_reference();
|
|
$data['payment_options'] = $this->receiving->get_payment_options();
|
|
|
|
$supplier_id = $this->receiving_lib->get_supplier();
|
|
|
|
if ($supplier_id != -1) { // TODO: Duplicated Code... replace -1 with a constant
|
|
$supplier_info = $this->supplier->get_info($supplier_id);
|
|
$data['supplier'] = $supplier_info->company_name;
|
|
$data['first_name'] = $supplier_info->first_name;
|
|
$data['last_name'] = $supplier_info->last_name;
|
|
$data['supplier_email'] = $supplier_info->email;
|
|
$data['supplier_address'] = $supplier_info->address_1;
|
|
if (!empty($supplier_info->zip) or !empty($supplier_info->city)) {
|
|
$data['supplier_location'] = $supplier_info->zip . ' ' . $supplier_info->city;
|
|
} else {
|
|
$data['supplier_location'] = '';
|
|
}
|
|
}
|
|
|
|
$data['print_after_sale'] = $this->receiving_lib->is_print_after_sale();
|
|
|
|
return view("receivings/receiving", $data);
|
|
}
|
|
|
|
/**
|
|
* @return ResponseInterface
|
|
* @throws ReflectionException
|
|
*/
|
|
public function postSave(int $receiving_id = -1): ResponseInterface // TODO: Replace -1 with a constant
|
|
{
|
|
$newdate = $this->request->getPost('date', FILTER_SANITIZE_FULL_SPECIAL_CHARS); // TODO: newdate does not follow naming conventions
|
|
|
|
$date_formatter = date_create_from_format($this->config['dateformat'] . ' ' . $this->config['timeformat'], $newdate);
|
|
$receiving_time = $date_formatter->format('Y-m-d H:i:s');
|
|
|
|
$receiving_data = [
|
|
'receiving_time' => $receiving_time,
|
|
'supplier_id' => $this->request->getPost('supplier_id') ? $this->request->getPost('supplier_id', FILTER_SANITIZE_NUMBER_INT) : null,
|
|
'employee_id' => $this->request->getPost('employee_id', FILTER_SANITIZE_NUMBER_INT),
|
|
'comment' => $this->request->getPost('comment', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
|
|
'reference' => $this->request->getPost('reference') != '' ? $this->request->getPost('reference', FILTER_SANITIZE_FULL_SPECIAL_CHARS) : null
|
|
];
|
|
|
|
$this->inventory->update('RECV ' . $receiving_id, ['trans_date' => $receiving_time]);
|
|
if ($this->receiving->update($receiving_id, $receiving_data)) {
|
|
return $this->response->setJSON([
|
|
'success' => true,
|
|
'message' => lang('Receivings.successfully_updated'),
|
|
'id' => $receiving_id
|
|
]);
|
|
} else {
|
|
return $this->response->setJSON([
|
|
'success' => false,
|
|
'message' => lang('Receivings.unsuccessfully_updated'),
|
|
'id' => $receiving_id
|
|
]);
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Cancel an in-process receiving. Used in app/Views/receivings/receiving.php
|
|
*
|
|
* @return string
|
|
* @noinspection PhpUnused
|
|
*/
|
|
public function postCancelReceiving(): string
|
|
{
|
|
$this->receiving_lib->clear_all();
|
|
|
|
return $this->_reload(); // TODO: Hungarian Notation
|
|
}
|
|
}
|