Check if ticket has timesheets before deleting

Leantime · Sep 21, 2024 · 2d2ef6b · 2d2ef6b
1 parent a768bf3
commit 2d2ef6b
Show file tree

Hide file tree

Showing 5 changed files with 76 additions and 9 deletions.
diff --git a/app/Core/Middleware/InitialHeaders.php b/app/Core/Middleware/InitialHeaders.php
@@ -26,7 +26,7 @@ public function handle(IncomingRequest $request, Closure $next): Response
         $cspParts = [
             "default-src 'self' 'unsafe-inline'",
             "base-uri 'self';",
-            "script-src 'self' 'unsafe-inline' unpkg.com",
+            "script-src 'self' 'unsafe-inline' unpkg.com blob:",
             "font-src 'self'  data:",
             "img-src 'self' *.leantime.io *.amazonaws.com data: blob: marketplace.localhost",
             "frame-src 'self' *.google.com *.microsoft.com *.live.com",

diff --git a/app/Domain/Tickets/Controllers/DelTicket.php b/app/Domain/Tickets/Controllers/DelTicket.php
@@ -36,10 +36,26 @@ public function get(): Response
 
             //Only admins
             if (Auth::userIsAtLeast(Roles::$editor)) {
+
+
+
                 if (isset($_GET['id'])) {
                     $id = (int)($_GET['id']);
+
+                    try{
+
+                        $this->ticketService->canDelete($id);
+
+                    }catch(\Exception $e) {
+
+                        $this->tpl->assign("error", $e->getMessage());
+                        return $this->tpl->displayPartial('tickets.delTicket');
+                    }
+
+                    $this->tpl->assign("error", "");
                     $this->tpl->assign('ticket', $this->ticketService->getTicket($id));
                     return $this->tpl->displayPartial('tickets.delTicket');
+
                 } else {
                     return $this->tpl->display('errors.error404', responseCode: 404);
                 }

diff --git a/app/Domain/Tickets/Services/Tickets.php b/app/Domain/Tickets/Services/Tickets.php
@@ -1787,6 +1787,24 @@ public function delete($id): array|bool
             return false;
         }
 
+        public function canDelete($id) {
+
+            $ticket = $this->getTicket($id);
+
+            if(empty($ticket)) {
+                throw new \Exception ("Task does not exist");
+            }
+
+            $hasLoggedHours = $this->timesheetsRepo->getTimesheetsByTicket($id);
+
+            if($hasLoggedHours) {
+                throw new \Exception ("Task has timesheets attached, delete all timesheets first or consider archiving the task");
+            }
+
+            return true;
+
+        }
+
         /**
          * @param $id
          * @return bool|string[]

diff --git a/app/Domain/Tickets/Templates/delTicket.tpl.php b/app/Domain/Tickets/Templates/delTicket.tpl.php
@@ -4,21 +4,27 @@
     $$var = $val; // necessary for blade refactor
 }
 $ticket = $tpl->get("ticket");
+$error = $tpl->get("error");
 ?>
 
 
 <h4 class="widgettitle title-light"><?php echo $tpl->__("subtitles.delete") ?></h4>
 
-<?php if (is_object($ticket)) { ?>
-<form method="post" action="<?=BASE_URL ?>/tickets/delTicket/<?=$ticket->id?>">
-    <p><?php echo $tpl->__('text.confirm_ticket_deletion'); ?></p><br />
-    <input type="submit" value="<?php echo $tpl->__('buttons.yes_delete'); ?>" name="del" class="button" />
+<?php if(!empty($error)) { ?>
+    <?=$error ?>
+<?php }else{ ?>
 
-        <a class="btn btn-primary" href="#/tickets/showTicket/<?php echo $ticket->id ?>"><?php echo $tpl->__('buttons.back'); ?></a>
+    <?php if (is_object($ticket)) { ?>
+        <form method="post" action="<?=BASE_URL ?>/tickets/delTicket/<?=$ticket->id?>">
+            <p><?php echo $tpl->__('text.confirm_ticket_deletion'); ?></p><br />
+            <input type="submit" value="<?php echo $tpl->__('buttons.yes_delete'); ?>" name="del" class="button" />
 
+            <a class="btn btn-primary" href="#/tickets/showTicket/<?php echo $ticket->id ?>"><?php echo $tpl->__('buttons.back'); ?></a>
 
-</form>
 
-<?php } else { ?>
-    <p>Ticket not found</p>
+        </form>
+
+    <?php } else { ?>
+        <p>Ticket not found</p>
+    <?php } ?>
 <?php } ?>
diff --git a/app/Domain/Timesheets/Repositories/Timesheets.php b/app/Domain/Timesheets/Repositories/Timesheets.php
@@ -529,6 +529,33 @@ public function getLoggedHoursForTicket(int $ticketId): array
         return $returnValues;
     }
 
+    public function getTimesheetsByTicket($id) {
+
+        $query = "SELECT
+                YEAR(zp_timesheets.workDate) AS year,
+                zp_timesheets.workdate,
+                DATE_FORMAT(zp_timesheets.workDate, '%Y-%m-%d') AS utc,
+                DATE_FORMAT(zp_timesheets.workDate, '%M') AS monthName,
+                DATE_FORMAT(zp_timesheets.workDate, '%m') AS month,
+                SUM(ROUND(zp_timesheets.hours, 2)) AS sum
+            FROM
+                zp_timesheets
+            WHERE
+                zp_timesheets.ticketId = :ticketId
+                AND workDate <> '0000-00-00 00:00:00' AND workDate <> '1969-12-31 00:00:00'
+            GROUP BY DATE_FORMAT(zp_timesheets.workDate, '%Y-%m-%d')
+            ORDER BY utc";
+
+        $call = $this->dbcall(func_get_args());
+
+        $call->prepare($query);
+        $call->bindValue(':ticketId', $id);
+
+        $values = $call->fetchAll();
+
+        return $values;
+    }
+
     /**
      * isClocked - Checks to see whether a user is clocked in
      *