Travel reimburse feature added

This commit is contained in:
2026-07-07 22:48:57 +02:00
parent e1ef2456ea
commit 30269316b2
29 changed files with 21392 additions and 26 deletions

View File

@@ -2,6 +2,7 @@
namespace api\classes;
use DateTime;
use JetBrains\PhpStorm\NoReturn;
class API
@@ -91,7 +92,7 @@ class API
// When building a frontend page, you can still programmatically construct a builder array
// and set it via $_GET like so after the API class creation:
// $_GET['builder'] = [1 => ['where' => [0 => 'permission_uuid', 1 => $permission_uuid]]];
if ($this->request_method !== 'GET' || $this->user_type === 'frontend') {
if ($this->request_method !== 'GET') {
$this->disableBuilder();
}
@@ -335,6 +336,14 @@ class API
if (!is_array($value)) return false;
return $value;
case 'date':
if (!is_string($value)) return false;
if (!preg_match('/^\d{4}-\d{2}-\d{2}$/', $value)) {
return false;
}
[$year, $month, $day] = explode('-', $value);
return checkdate((int)$month, (int)$day, (int)$year);
default:
return false;
}
@@ -599,12 +608,7 @@ class API
if ($this->user_type === 'api') {
http_response_code($code);
header('Content-Type: application/json');
if ($code === 200) {
echo json_encode(reset($data));
} else {
echo json_encode($data);
}
echo json_encode($data);
exit;
}
@@ -682,6 +686,12 @@ class API
}
}
protected function isValidDate(string $date): bool
{
$dt = DateTime::createFromFormat('Y-m-d', $date);
return $dt && $dt->format('Y-m-d') === $date;
}
protected function buildDynamicQuery(string $tableName): array
{
$this->allowedGetColumns = $this->loadTableColumns($tableName);
@@ -699,20 +709,48 @@ class API
}
foreach ($_GET['builder'] as $builder) {
if (!isset($builder['where']) || !is_array($builder['where']) || count($builder['where']) !== 2) {
continue;
if (isset($builder['where']) && is_array($builder['where'])) {
if (count($builder['where']) !== 2) {
continue;
}
$column = $builder['where'][0];
$value = $builder['where'][1];
if (!in_array($column, $this->allowedGetColumns, true)) {
$this->apiOutput(400, ['error' => "The column $column is not allowed."]);
}
$whereClauses[] = "$column = ?";
$types .= 's';
$values[] = $value;
}
$column = $builder['where'][0];
$value = $builder['where'][1];
// BETWEEN (for DATE / range fields)
if (isset($builder['between']) && is_array($builder['between'])) {
if (!in_array($column, $this->allowedGetColumns, true)) {
$this->apiOutput(400, ['error' => 'The column ' . $column . ' is not allowed.']);
if (count($builder['between']) !== 3) {
continue;
}
$column = $builder['between'][0];
$from = $builder['between'][1];
$to = $builder['between'][2];
if (!in_array($column, $this->allowedGetColumns, true)) {
$this->apiOutput(400, ['error' => "The column $column is not allowed."]);
}
if (!$this->isValidDate($from) || !$this->isValidDate($to)) {
$this->apiOutput(400, ['error' => "Invalid date format for BETWEEN."]);
}
$whereClauses[] = "$column BETWEEN ? AND ?";
$types .= 'ss';
$values[] = $from;
$values[] = $to;
}
$whereClauses[] = "$column = ?";
$types .= 's';
$values[] = $value;
}
if (!empty($whereClauses)) {