diff --git a/lib/NGCP/Panel/Controller/Invoice.pm b/lib/NGCP/Panel/Controller/Invoice.pm index f6003cbbc9..082b18ddf7 100644 --- a/lib/NGCP/Panel/Controller/Invoice.pm +++ b/lib/NGCP/Panel/Controller/Invoice.pm @@ -55,25 +55,33 @@ sub ajax_datatables_data :Chained('base') :PathPart('ajax') :Args(1) { sub base :Chained('invoice') :PathPart('') :CaptureArgs(1) { my ($self, $c, $reseller_id) = @_; - $c->log->debug('base'); + $c->log->debug("base: reseller_id=$reseller_id; uri_for=".$c->uri_for().";"); - unless($reseller_id && $reseller_id->is_int) { + my $error_exit_sub = sub { + my($log, $desc) = @_; + $desc //= $log; NGCP::Panel::Utils::Message->error( c => $c, - log => 'Invalid reseller id detected', - desc => $c->loc('Invalid reseller id detected'), + log => $log, + desc => $c->loc($desc), ); - $c->response->redirect($c->uri_for()); + NGCP::Panel::Utils::Navigation::back_or($c, $c->uri_for('/reseller')); + #$c->response->redirect($c->uri_for('/reseller')); + $c->detach(); + }; + unless($reseller_id && $reseller_id->is_int) { + $error_exit_sub->('Invalid reseller id detected'); return; } + $c->detach('/denied_page') if($c->user->roles eq "reseller" && $c->user->reseller_id != $reseller_id); + my $reseller = $c->model('DB')->resultset('resellers')->search({ status => { '!=' => 'terminated' }, id => $reseller_id }); - unless($reseller->first) { NGCP::Panel::Utils::Message->error( c => $c, @@ -82,6 +90,39 @@ sub base :Chained('invoice') :PathPart('') :CaptureArgs(1) { ); NGCP::Panel::Utils::Navigation::back_or($c, $c->uri_for('/reseller')); } + + my $backend = NGCP::Panel::Model::DB::InvoiceTemplate->new( schema => $c->model('DB') ); + my $in = $c->request->parameters; + $in->{provider_id} = $reseller_id; + $in->{c} = $c; + + foreach(qw/provider_id client_contract_id client_contact_id invoice_id tt_id/){ $in->{$_} //= ''; $c->log->debug("base: $_=".$in->{$_}.";");} + + + if($in->{client_contact_id}){ + if(!$backend->checkResellerClientContact($in)){ + $error_exit_sub->('Invalid contact id detected'); + return; + } + } + if($in->{client_contract_id}){ + if(!$backend->checkResellerClientContract($in)){ + $error_exit_sub->('Invalid contract id detected'); + return; + } + } + if($in->{invoice_id}){ + if(!$backend->checkResellerInvoice($in)){ + $error_exit_sub->('Invalid invoice id detected'); + return; + } + } + if($in->{tt_id}){ + if(!$backend->checkResellerInvoiceTemplate($in)){ + $error_exit_sub->('Invalid invoice template id detected'); + return; + } + } $c->stash( provider => $reseller->first, provider_rs => $reseller, @@ -198,7 +239,7 @@ sub provider_client_list :Chained('base') :PathPart('clients/list') :Args(0) { #$c->detach( $c->view() ); } -sub invoice_data :Chained('invoice') :PathPart('data') :Args(1) { +sub invoice_data :Chained('base') :PathPart('data') :Args(1) { my ($self, $c) = @_; my ($invoice_id) = pop; $c->log->debug('invoice_data'); diff --git a/lib/NGCP/Panel/Model/DB/InvoiceTemplate.pm b/lib/NGCP/Panel/Model/DB/InvoiceTemplate.pm index 805ffb6145..2c750639b7 100644 --- a/lib/NGCP/Panel/Model/DB/InvoiceTemplate.pm +++ b/lib/NGCP/Panel/Model/DB/InvoiceTemplate.pm @@ -522,4 +522,72 @@ sub get_contract_zonesfees_rs { return $zonecalls_rs; } +sub checkResellerClientContract{ + my($self,$in) = @_; + my $res = 0; + + if($in->{client_contract_id} && $in->{provider_id}){ + if(my $contract = $self->schema->resultset('contracts')->search({ + 'contact.reseller_id' => $in->{provider_id}, + 'me.id' => $in->{client_contract_id}, + },{ + 'join' => 'contact', + })->first){ + $res = $contract->get_column('id'); + } + } + return $res; +} + +sub checkResellerClientContact{ + my($self,$in) = @_; + my $res = 0; + + if($in->{client_contact_id} && $in->{provider_id}){ + if(my $contact = $self->schema->resultset('contacts')->search({ + 'reseller_id' => $in->{provider_id}, + 'id' => $in->{client_contact_id}, + })->first){ + $res = $contact->get_column('id'); + } + } + return $res; +} + +sub checkResellerInvoice{ + my($self,$in) = @_; + my $res = 0; + + if($in->{invoice_id} && $in->{provider_id}){ + if(my $invoice = $self->schema->resultset('invoices')->search({ + 'contact.reseller_id' => $in->{provider_id}, + 'id' => $in->{client_contact_id}, + },{ + 'join' => { 'contract_balances' => { 'contract' => 'contact' }}, + })->first){ + $res = $invoice->get_column('id'); + } + } + return $res; +} + +sub checkResellerInvoiceTemplate{ + my($self,$in) = @_; + my $res = 0; + #no warnings 'uninitialized'; + #$in->{c}->log->debug("checkResellerInvoiceTemplate: tt_id=".$in->{tt_id}.";provider_id=".$in->{provider_id}.";"); + + if($in->{tt_id} && $in->{provider_id}){ + #$in->{c}->log->debug("checkResellerInvoiceTemplate: tt_id=".$in->{tt_id}.";provider_id=".$in->{provider_id}.";"); + if(my $tt = $self->schema->resultset('invoice_templates')->search({ + 'reseller_id' => $in->{provider_id}, + 'id' => $in->{tt_id}, + })->first){ + $res = $tt->get_column('id'); + } + } + #$in->{c}->log->debug("checkResellerInvoiceTemplate: res=".$res.";"); + return $res; +} + 1; \ No newline at end of file diff --git a/share/templates/invoice/list.tt b/share/templates/invoice/list.tt index c1a4ba9b04..3e2294c8ce 100644 --- a/share/templates/invoice/list.tt +++ b/share/templates/invoice/list.tt @@ -148,8 +148,19 @@ function applyClientFilter(table,tr,contact_id){ { name => 'contract_balances.free_time_balance', title => c.loc('Free Time balance')}, ]; helper.dt_buttons = [ - { name = c.loc('Delete'), uri = "javascript:fetch_into(\\'messages\\', \\'" _ c.uri_for_action('/invoice/invoice_delete', [ provider.id ] ) _ "\\',\\'invoice_id='+full.contract_balances_invoice_id+'\\',function(){\$(\\'#" _ helper.identifier _ "_table\\').DataTable().fnDraw();});void(0);", class = 'btn-small btn-secondary', icon = 'icon-trash', attributes= ' cancel-hide="1"' }, - { name = c.loc('View invoice PDF'), uri = "javascript:window.open(\\'/invoice/data/' + full.contract_balances_invoice_id + '\\',\\'_blank\\');void(0);", class = 'btn-small btn-primary', icon = 'icon-edit' }, + { + name = c.loc('Delete'), + uri = "javascript:fetch_into(\\'messages\\', \\'" _ c.uri_for_action('/invoice/invoice_delete', [ provider.id ] ) _ "\\',\\'invoice_id='+full.contract_balances_invoice_id+'\\',function(){\$(\\'#" _ helper.identifier _ "_table\\').DataTable().fnDraw();});void(0);", + class = 'btn-small btn-secondary', + icon = 'icon-trash', + attributes= ' cancel-hide="1"' + }, + { + name = c.loc('View invoice PDF'), + uri = "javascript:window.open(\\'" _ c.uri_for_action('/invoice/invoice_data', [ provider.id ] ) _ "/' + full.contract_balances_invoice_id + '\\',\\'_blank\\');void(0);", + class = 'btn-small btn-primary', + icon = 'icon-edit' + }, ]; helper.ajax_uri = c.uri_for_action( '/invoice/ajax_datatables_data', [ provider.id, 'invoice_list_data' ] ) ; initHelperAuto();