boha_admin/app
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
758be819c3e0d0670b248b9977686e510ad93957
app/api/admin/invoices.php
Simon 758be819c3 feat: P4 backend kvalita - SELECT * fix, overdue konsolidace, Validator 
- SELECT * nahrazen explicitnimi sloupci ve 22 PHP souborech (69+ vyskytu)
- users-handlers.php: password_hash explicitne vyloucen z dotazu
- Overdue detekce presunuta do invoices.php routeru (1x pred dispatch misto 3x v handlerech)
- Validator.php: validacni helper s pravidly required, string, int, email, in, numeric
- PaginationHelper: PHPStan typy opraveny

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-12 18:42:42 +01:00

111 lines
3.7 KiB
PHP
Raw Blame History

<?php
/**
* BOHA Automation - Invoices CRUD API
*
* GET /api/admin/invoices.php - Seznam faktur
* GET /api/admin/invoices.php?action=detail&id=X - Detail faktury
* GET /api/admin/invoices.php?action=next_number - Dalsi cislo faktury
* GET /api/admin/invoices.php?action=order_data&id=X - Data objednavky pro pre-fill
* GET /api/admin/invoices.php?action=stats - KPI statistiky (month, year)
* POST /api/admin/invoices.php - Vytvoreni faktury
* PUT /api/admin/invoices.php?id=X - Uprava faktury / zmena stavu
* DELETE /api/admin/invoices.php?id=X - Smazani faktury
*/
declare(strict_types=1);
require_once dirname(__DIR__) . '/config.php';
require_once dirname(__DIR__) . '/includes/JWTAuth.php';
require_once dirname(__DIR__) . '/includes/AuditLog.php';
require_once dirname(__DIR__) . '/includes/CnbRates.php';
require_once dirname(__DIR__) . '/includes/PaginationHelper.php';
require_once __DIR__ . '/handlers/invoices-handlers.php';
setCorsHeaders();
setSecurityHeaders();
setNoCacheHeaders();
header('Content-Type: application/json; charset=utf-8');
$authData = JWTAuth::requireAuth();
AuditLog::setUser($authData['user_id'], $authData['user']['username'] ?? 'unknown');
$method = $_SERVER['REQUEST_METHOD'];
$action = $_GET['action'] ?? '';
$id = isset($_GET['id']) ? (int) $_GET['id'] : null;
try {
$pdo = db();
// Overdue detekce - jednou pred dispatchem (misto v kazdem handleru)
if ($method === 'GET') {
$pdo->exec("UPDATE invoices SET status = 'overdue' WHERE status = 'issued' AND due_date < CURDATE()");
}
switch ($method) {
case 'GET':
requirePermission($authData, 'invoices.view');
switch ($action) {
case 'detail':
if (!$id) {
errorResponse('ID faktury je povinné');
}
handleGetDetail($pdo, $id);
break;
case 'next_number':
requirePermission($authData, 'invoices.create');
handleGetNextNumber($pdo);
break;
case 'order_data':
requirePermission($authData, 'invoices.create');
if (!$id) {
errorResponse('ID objednávky je povinné');
}
handleGetOrderData($pdo, $id);
break;
case 'stats':
requirePermission($authData, 'invoices.view');
handleGetStats($pdo);
break;
default:
handleGetList($pdo);
}
break;
case 'POST':
requirePermission($authData, 'invoices.create');
handleCreateInvoice($pdo, $authData);
break;
case 'PUT':
requirePermission($authData, 'invoices.edit');
if (!$id) {
errorResponse('ID faktury je povinné');
}
handleUpdateInvoice($pdo, $id);
break;
case 'DELETE':
requirePermission($authData, 'invoices.delete');
if (!$id) {
errorResponse('ID faktury je povinné');
}
handleDeleteInvoice($pdo, $id);
break;
default:
errorResponse('Metoda není povolena', 405);
}
} catch (PDOException $e) {
error_log('Invoices API error: ' . $e->getMessage());
if (DEBUG_MODE) {
errorResponse('Chyba databáze: ' . $e->getMessage(), 500);
} else {
errorResponse('Chyba databáze', 500);
}
}
// --- Status transitions ---
/** @return list<string> */
Reference in New Issue View Git Blame Copy Permalink