Fix Voucher Permission

system/autoload/Paginator.php

@@ -18,10 +18,14 @@ class Paginator
         $page = (int)(empty(_get('p')) ? 1 : _get('p'));
         $pagination = "";
         foreach($colVal as $k=>$v) {
-            if(strpos($v,'%') === false) {
+            if(!is_array($v) && strpos($v,'%') === false) {
                 $table = $table->where($k, $v);
             }else{
-                $table = $table->where_like($k, $v);
+                if(is_array($v)){
+                    $table = $table->where_in($k, $v);
+                }else{
+                    $table = $table->where_like($k, $v);
+                }
             }
         }
         $totalReq = $table->count();

system/controllers/prepaid.php

@@ -273,24 +273,55 @@ switch ($action) {
         break;
 
     case 'voucher':
-        $ui->assign('xfooter', '<script type="text/javascript" src="ui/lib/c/voucher.js"></script>');
         $ui->assign('_title', Lang::T('Prepaid Vouchers'));
-        $code = _post('code');
+        $limit = 10;
-        if ($code != '') {
+        $page = _get('p', 0);
-            $ui->assign('code', $code);
+        $pageNow = $page * $limit;
-            $paginator = Paginator::build(ORM::for_table('tbl_voucher'), ['code' => '%' . $code . '%'], $code);
+        $search = _req('search');
-            $d = ORM::for_table('tbl_plans')->where('enabled', '1')
+        if ($search != '') {
-                ->join('tbl_voucher', array('tbl_plans.id', '=', 'tbl_voucher.id_plan'))
+            if (in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) {
-                ->where_like('tbl_voucher.code', '%' . $code . '%')
+                $d = ORM::for_table('tbl_plans')->where('enabled', '1')
-                ->offset($paginator['startpoint'])
+                    ->join('tbl_voucher', array('tbl_plans.id', '=', 'tbl_voucher.id_plan'))
-                ->limit($paginator['limit'])
+                    ->where_like('tbl_voucher.code', '%' . $search . '%')
-                ->find_many();
+                    ->offset($pageNow)
+                    ->limit($limit)
+                    ->findArray();
+            } else if ($admin['user_type'] == 'Agent') {
+                $sales = [];
+                $sls = ORM::for_table('tbl_users')->select('id')->where('root', $admin['id'])->findArray();
+                foreach ($sls as $s) {
+                    $sales[] = $s['id'];
+                }
+                $sales[] = $admin['id'];
+                $d = ORM::for_table('tbl_plans')
+                    ->join('tbl_voucher', array('tbl_plans.id', '=', 'tbl_voucher.id_plan'))
+                    ->where_in('generated_by', $sales)
+                    ->where_like('tbl_voucher.code', '%' . $search . '%')
+                    ->offset($pageNow)
+                    ->limit($limit)
+                    ->findArray();
+            }
         } else {
-            $paginator = Paginator::build(ORM::for_table('tbl_voucher'));
+            if (in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) {
-            $d = ORM::for_table('tbl_plans')->where('enabled', '1')
+                $d = ORM::for_table('tbl_plans')->where('enabled', '1')
-                ->join('tbl_voucher', array('tbl_plans.id', '=', 'tbl_voucher.id_plan'))
+                    ->join('tbl_voucher', array('tbl_plans.id', '=', 'tbl_voucher.id_plan'))
-                ->offset($paginator['startpoint'])
+                    ->offset($pageNow)
-                ->limit($paginator['limit'])->find_many();
+                    ->limit($limit)
+                    ->findArray();
+            } else if ($admin['user_type'] == 'Agent') {
+                $sales = [];
+                $sls = ORM::for_table('tbl_users')->select('id')->where('root', $admin['id'])->findArray();
+                foreach ($sls as $s) {
+                    $sales[] = $s['id'];
+                }
+                $sales[] = $admin['id'];
+                $d = ORM::for_table('tbl_plans')
+                    ->join('tbl_voucher', array('tbl_plans.id', '=', 'tbl_voucher.id_plan'))
+                    ->where_in('generated_by', $sales)
+                    ->offset($pageNow)
+                    ->limit($limit)
+                    ->findArray();
+            }
         }
         // extract admin
         $admins = [];
@@ -316,8 +347,8 @@ switch ($action) {
         }
         $ui->assign('admins', $admins);
         $ui->assign('d', $d);
-        $ui->assign('_code', $code);
+        $ui->assign('search', $search);
-        $ui->assign('paginator', $paginator);
+        $ui->assign('page', $page);
         run_hook('view_list_voucher'); #HOOK
         $ui->display('voucher.tpl');
         break;
@@ -371,48 +402,53 @@ switch ($action) {
                 ->where('tbl_voucher.status', '0')
                 ->where('tbl_plans.id', $planid)
                 ->where_gt('tbl_voucher.id', $from_id)
-                ->limit($limit)
+                ->limit($limit);
-                ->find_many();
             $vc = ORM::for_table('tbl_plans')
                 ->join('tbl_voucher', array('tbl_plans.id', '=', 'tbl_voucher.id_plan'))
                 ->where('tbl_voucher.status', '0')
                 ->where('tbl_plans.id', $planid)
-                ->where_gt('tbl_voucher.id', $from_id)
+                ->where_gt('tbl_voucher.id', $from_id);
-                ->count();
         } else if ($from_id == 0 && $planid > 0) {
             $v = ORM::for_table('tbl_plans')
                 ->join('tbl_voucher', array('tbl_plans.id', '=', 'tbl_voucher.id_plan'))
                 ->where('tbl_voucher.status', '0')
                 ->where('tbl_plans.id', $planid)
-                ->limit($limit)
+                ->limit($limit);
-                ->find_many();
             $vc = ORM::for_table('tbl_plans')
                 ->join('tbl_voucher', array('tbl_plans.id', '=', 'tbl_voucher.id_plan'))
                 ->where('tbl_voucher.status', '0')
-                ->where('tbl_plans.id', $planid)
+                ->where('tbl_plans.id', $planid);
-                ->count();
         } else if ($from_id > 0 && $planid == 0) {
             $v = ORM::for_table('tbl_plans')
                 ->join('tbl_voucher', array('tbl_plans.id', '=', 'tbl_voucher.id_plan'))
                 ->where('tbl_voucher.status', '0')
                 ->where_gt('tbl_voucher.id', $from_id)
-                ->limit($limit)
+                ->limit($limit);
-                ->find_many();
             $vc = ORM::for_table('tbl_plans')
                 ->join('tbl_voucher', array('tbl_plans.id', '=', 'tbl_voucher.id_plan'))
                 ->where('tbl_voucher.status', '0')
-                ->where_gt('tbl_voucher.id', $from_id)
+                ->where_gt('tbl_voucher.id', $from_id);
-                ->count();
         } else {
             $v = ORM::for_table('tbl_plans')
                 ->join('tbl_voucher', array('tbl_plans.id', '=', 'tbl_voucher.id_plan'))
                 ->where('tbl_voucher.status', '0')
-                ->limit($limit)
+                ->limit($limit);
-                ->find_many();
             $vc = ORM::for_table('tbl_plans')
                 ->join('tbl_voucher', array('tbl_plans.id', '=', 'tbl_voucher.id_plan'))
-                ->where('tbl_voucher.status', '0')
+                ->where('tbl_voucher.status', '0');
-                ->count();
+        }
+        if (in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) {
+            $v = $v->find_many();
+            $vc = $vc->count();
+        } else {
+            $sales = [];
+            $sls = ORM::for_table('tbl_users')->select('id')->where('root', $admin['id'])->findArray();
+            foreach ($sls as $s) {
+                $sales[] = $s['id'];
+            }
+            $sales[] = $admin['id'];
+            $v = $v->where_in('generated_by', $sales)->find_many();
+            $vc = $vc->where_in('generated_by', $sales)->count();
         }
         $template = file_get_contents("pages/Voucher.html");
         $template = str_replace('[[company_name]]', $config['CompanyName'], $template);
@@ -509,10 +545,24 @@ switch ($action) {
         break;
 
     case 'voucher-view':
-        if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) {
+        $id = $routes[2];
+        if (in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) {
             $voucher = ORM::for_table('tbl_voucher')->find_one($id);
         } else {
-            $voucher = ORM::for_table('tbl_voucher')->where('generated_by', $admin['id'])->find_one($id);
+            $sales = [];
+            $sls = ORM::for_table('tbl_users')->select('id')->where('root', $admin['id'])->findArray();
+            foreach ($sls as $s) {
+                $sales[] = $s['id'];
+            }
+            $sales[] = $admin['id'];
+            $voucher = ORM::for_table('tbl_voucher')
+                ->find_one($id);
+            if (!in_array($voucher['generated_by'], $sales)) {
+                r2(U . 'prepaid/voucher/', 'e', Lang::T('Voucher Not Found'));
+            }
+        }
+        if (!$voucher) {
+            r2(U . 'prepaid/voucher/', 'e', Lang::T('Voucher Not Found'));
         }
         $plan = ORM::for_table('tbl_plans')->find_one($d['id_plan']);
         if ($voucher && $plan) {

system/lan/english.json

@@ -425,5 +425,7 @@
     "Add_User": "Add User",
     "Send_Notification": "Send Notification",
     "Code": "Code",
-    "Send_To_Customer": "Send To Customer"
+    "Send_To_Customer": "Send To Customer",
+    "Prev": "Prev",
+    "Voucher_Not_Found": "Voucher Not Found"
 }

ui/ui/sections/header.tpl

@@ -41,6 +41,22 @@
             }
         }
 
+        @media only screen and (max-width: 40em) {
+            thead th:not(:first-child) {
+                display: none;
+            }
+
+            td,
+            th {
+                display: block;
+            }
+
+            td[data-th]:before {
+                content: attr(data-th);
+            }
+        }
+
+
         .text1line {
             display: block;
             /* or inline-block */
@@ -343,20 +359,20 @@
 
             <section class="content">
                 {if isset($notify)}
-                <script>
+                    <script>
-                    // Display SweetAlert toast notification
+                        // Display SweetAlert toast notification
-                    Swal.fire({
+                        Swal.fire({
-                        icon: '{if $notify_t == "s"}success{else}error{/if}',
+                            icon: '{if $notify_t == "s"}success{else}error{/if}',
-                        title: '{$notify}',
+                            title: '{$notify}',
-                        toast: true,
+                            toast: true,
-                        position: 'top-end',
+                            position: 'top-end',
-                        showConfirmButton: false,
+                            showConfirmButton: false,
-                        timer: 5000,
+                            timer: 5000,
-                        timerProgressBar: true,
+                            timerProgressBar: true,
-                        didOpen: (toast) => {
+                            didOpen: (toast) => {
-                            toast.addEventListener('mouseenter', Swal.stopTimer)
+                                toast.addEventListener('mouseenter', Swal.stopTimer)
-                            toast.addEventListener('mouseleave', Swal.resumeTimer)
+                                toast.addEventListener('mouseleave', Swal.resumeTimer)
-                        }
+                            }
-                    });
+                        });
-                </script>
+                    </script>
-                {/if}
+{/if}