Travel reimburse feature added
This commit is contained in:
@@ -2,6 +2,7 @@
|
||||
|
||||
namespace api\classes;
|
||||
|
||||
use DateTime;
|
||||
use JetBrains\PhpStorm\NoReturn;
|
||||
|
||||
class API
|
||||
@@ -91,7 +92,7 @@ class API
|
||||
// When building a frontend page, you can still programmatically construct a builder array
|
||||
// and set it via $_GET like so after the API class creation:
|
||||
// $_GET['builder'] = [1 => ['where' => [0 => 'permission_uuid', 1 => $permission_uuid]]];
|
||||
if ($this->request_method !== 'GET' || $this->user_type === 'frontend') {
|
||||
if ($this->request_method !== 'GET') {
|
||||
$this->disableBuilder();
|
||||
}
|
||||
|
||||
@@ -335,6 +336,14 @@ class API
|
||||
if (!is_array($value)) return false;
|
||||
return $value;
|
||||
|
||||
case 'date':
|
||||
if (!is_string($value)) return false;
|
||||
if (!preg_match('/^\d{4}-\d{2}-\d{2}$/', $value)) {
|
||||
return false;
|
||||
}
|
||||
[$year, $month, $day] = explode('-', $value);
|
||||
return checkdate((int)$month, (int)$day, (int)$year);
|
||||
|
||||
default:
|
||||
return false;
|
||||
}
|
||||
@@ -599,12 +608,7 @@ class API
|
||||
if ($this->user_type === 'api') {
|
||||
http_response_code($code);
|
||||
header('Content-Type: application/json');
|
||||
if ($code === 200) {
|
||||
echo json_encode(reset($data));
|
||||
} else {
|
||||
echo json_encode($data);
|
||||
}
|
||||
|
||||
echo json_encode($data);
|
||||
exit;
|
||||
}
|
||||
|
||||
@@ -682,6 +686,12 @@ class API
|
||||
}
|
||||
}
|
||||
|
||||
protected function isValidDate(string $date): bool
|
||||
{
|
||||
$dt = DateTime::createFromFormat('Y-m-d', $date);
|
||||
return $dt && $dt->format('Y-m-d') === $date;
|
||||
}
|
||||
|
||||
protected function buildDynamicQuery(string $tableName): array
|
||||
{
|
||||
$this->allowedGetColumns = $this->loadTableColumns($tableName);
|
||||
@@ -699,20 +709,48 @@ class API
|
||||
}
|
||||
|
||||
foreach ($_GET['builder'] as $builder) {
|
||||
if (!isset($builder['where']) || !is_array($builder['where']) || count($builder['where']) !== 2) {
|
||||
continue;
|
||||
if (isset($builder['where']) && is_array($builder['where'])) {
|
||||
|
||||
if (count($builder['where']) !== 2) {
|
||||
continue;
|
||||
}
|
||||
|
||||
$column = $builder['where'][0];
|
||||
$value = $builder['where'][1];
|
||||
|
||||
if (!in_array($column, $this->allowedGetColumns, true)) {
|
||||
$this->apiOutput(400, ['error' => "The column $column is not allowed."]);
|
||||
}
|
||||
|
||||
$whereClauses[] = "$column = ?";
|
||||
$types .= 's';
|
||||
$values[] = $value;
|
||||
}
|
||||
|
||||
$column = $builder['where'][0];
|
||||
$value = $builder['where'][1];
|
||||
// BETWEEN (for DATE / range fields)
|
||||
if (isset($builder['between']) && is_array($builder['between'])) {
|
||||
|
||||
if (!in_array($column, $this->allowedGetColumns, true)) {
|
||||
$this->apiOutput(400, ['error' => 'The column ' . $column . ' is not allowed.']);
|
||||
if (count($builder['between']) !== 3) {
|
||||
continue;
|
||||
}
|
||||
|
||||
$column = $builder['between'][0];
|
||||
$from = $builder['between'][1];
|
||||
$to = $builder['between'][2];
|
||||
|
||||
if (!in_array($column, $this->allowedGetColumns, true)) {
|
||||
$this->apiOutput(400, ['error' => "The column $column is not allowed."]);
|
||||
}
|
||||
|
||||
if (!$this->isValidDate($from) || !$this->isValidDate($to)) {
|
||||
$this->apiOutput(400, ['error' => "Invalid date format for BETWEEN."]);
|
||||
}
|
||||
|
||||
$whereClauses[] = "$column BETWEEN ? AND ?";
|
||||
$types .= 'ss';
|
||||
$values[] = $from;
|
||||
$values[] = $to;
|
||||
}
|
||||
|
||||
$whereClauses[] = "$column = ?";
|
||||
$types .= 's';
|
||||
$values[] = $value;
|
||||
}
|
||||
|
||||
if (!empty($whereClauses)) {
|
||||
|
||||
Reference in New Issue
Block a user