From a5703a12a1769845c1de0e6a419e2a13f09a53bf Mon Sep 17 00:00:00 2001
From: Dennis Eichhorn <spl1nnes.com@googlemail.com>
Date: Fri, 8 Dec 2023 21:52:33 +0000
Subject: [PATCH] bug fixes

---
 Controller/ApiAttributeController.php |  4 +--
 Controller/ApiController.php          | 35 ++++++++++++++++++++++-----
 Controller/BackendController.php      |  2 +-
 ICAL.txt                              |  2 +-
 Models/Client.php                     |  4 +--
 Models/PermissionCategory.php         |  2 ++
 Theme/Backend/client-profile.tpl.php  | 30 +++++++++++++----------
 7 files changed, 54 insertions(+), 25 deletions(-)

diff --git a/Controller/ApiAttributeController.php b/Controller/ApiAttributeController.php
index acca81b..e619b01 100644
--- a/Controller/ApiAttributeController.php
+++ b/Controller/ApiAttributeController.php
@@ -377,7 +377,7 @@ final class ApiAttributeController extends Controller
      *
      * @api
      *
-     * @todo: implement
+     * @todo Implement API function
      *
      * @since 1.0.0
      */
@@ -448,7 +448,7 @@ final class ApiAttributeController extends Controller
      */
     public function apiClientAttributeValueDelete(RequestAbstract $request, ResponseAbstract $response, array $data = []) : void
     {
-        // @todo: I don't think values can be deleted? Only Attributes
+        // @todo I don't think values can be deleted? Only Attributes
         // However, It should be possible to remove UNUSED default values
         // either here or other function?
         // if (!empty($val = $this->validateAttributeValueDelete($request))) {
diff --git a/Controller/ApiController.php b/Controller/ApiController.php
index d9ebcb1..bffbbe5 100755
--- a/Controller/ApiController.php
+++ b/Controller/ApiController.php
@@ -15,7 +15,6 @@ declare(strict_types=1);
 namespace Modules\ClientManagement\Controller;
 
 use Modules\Admin\Models\Account;
-use Modules\Admin\Models\Address;
 use Modules\Admin\Models\AddressMapper;
 use Modules\Admin\Models\NullAccount;
 use Modules\Auditor\Models\Audit;
@@ -25,9 +24,11 @@ use Modules\ClientManagement\Models\Client;
 use Modules\ClientManagement\Models\ClientL11nMapper;
 use Modules\ClientManagement\Models\ClientL11nTypeMapper;
 use Modules\ClientManagement\Models\ClientMapper;
+use Modules\ClientManagement\Models\PermissionCategory;
 use Modules\Media\Models\MediaMapper;
 use Modules\Media\Models\PathSettings;
 use Modules\Organization\Models\UnitMapper;
+use phpOMS\Account\PermissionType;
 use phpOMS\Api\EUVAT\EUVATVies;
 use phpOMS\Api\Geocoding\Nominatim;
 use phpOMS\Localization\BaseStringL11n;
@@ -42,6 +43,7 @@ use phpOMS\Message\NotificationLevel;
 use phpOMS\Message\RequestAbstract;
 use phpOMS\Message\ResponseAbstract;
 use phpOMS\Model\Message\FormValidation;
+use phpOMS\Stdlib\Base\Address;
 use phpOMS\Uri\HttpUri;
 use phpOMS\Utils\StringUtils;
 
@@ -106,7 +108,7 @@ final class ApiController extends Controller
         $this->createModel($request->header->account, $client, ClientMapper::class, 'client', $request->getOrigin());
 
         // Set VAT Id
-        // @todo: move to separate function
+        // @todo move to separate function
         if ($request->hasData('vat_id')) {
             /** @var \Modules\Organization\Models\Unit $unit */
             $unit = UnitMapper::get()
@@ -338,7 +340,10 @@ final class ApiController extends Controller
      */
     private function updateMainAddressFromRequest(RequestAbstract $request, Address $address) : Address
     {
+        $address->name = $request->getDataString('name') ?? $address->name;
+        $address->fao = $request->getDataString('fao') ?? $address->fao;
         $address->address = $request->getDataString('address') ?? $address->address;
+        $address->addressAddition = $request->getDataString('addition') ?? $address->addressAddition;
         $address->postal  = $request->getDataString('postal') ?? $address->postal;
         $address->city    = $request->getDataString('city') ?? $address->city;
         $address->state   = $request->getDataString('state') ?? $address->state;
@@ -588,8 +593,17 @@ final class ApiController extends Controller
      */
     public function apiNoteUpdate(RequestAbstract $request, ResponseAbstract $response, array $data = []) : void
     {
-        // @todo: check permissions
-        $this->app->moduleManager->get('Editor', 'Api')->apiEditorDocUpdate($request, $response, $data);
+        $accountId = $request->header->account;
+        if (!$this->app->accountManager->get($accountId)->hasPermission(
+            PermissionType::MODIFY, $this->app->unitId, $this->app->appId, self::NAME, PermissionCategory::CLIENT_NOTE, $request->getDataInt('id'))
+        ) {
+            $this->fillJsonResponse($request, $response, NotificationLevel::HIDDEN, '', '', []);
+            $response->header->status = RequestStatusCode::R_403;
+
+            return;
+        }
+
+        $this->app->moduleManager->get('Editor', 'Api')->apiEditorUpdate($request, $response, $data);
     }
 
     /**
@@ -607,7 +621,16 @@ final class ApiController extends Controller
      */
     public function apiNoteDelete(RequestAbstract $request, ResponseAbstract $response, array $data = []) : void
     {
-        // @todo: check permissions
-        $this->app->moduleManager->get('Editor', 'Api')->apiEditorDocDelete($request, $response, $data);
+        $accountId = $request->header->account;
+        if (!$this->app->accountManager->get($accountId)->hasPermission(
+            PermissionType::DELETE, $this->app->unitId, $this->app->appId, self::NAME, PermissionCategory::CLIENT_NOTE, $request->getDataInt('id'))
+        ) {
+            $this->fillJsonResponse($request, $response, NotificationLevel::HIDDEN, '', '', []);
+            $response->header->status = RequestStatusCode::R_403;
+
+            return;
+        }
+
+        $this->app->moduleManager->get('Editor', 'Api')->apiEditorDelete($request, $response, $data);
     }
 }
diff --git a/Controller/BackendController.php b/Controller/BackendController.php
index edaf31e..51f258d 100755
--- a/Controller/BackendController.php
+++ b/Controller/BackendController.php
@@ -228,7 +228,7 @@ final class BackendController extends Controller
 
         // Get item profile image
         // It might not be part of the 5 newest item files from above
-        // @todo: It would be nice to have something like this as a default method in the model e.g.
+        // @todo It would be nice to have something like this as a default method in the model e.g.
         // ItemManagement::getRelations()->with('types')->where(...);
         // This should return the relations and NOT the model itself
         $query   = new Builder($this->app->dbPool->get());
diff --git a/ICAL.txt b/ICAL.txt
index 019045f..f1b55ed 100755
--- a/ICAL.txt
+++ b/ICAL.txt
@@ -1,6 +1,6 @@
 # Individual Contributor License Agreement ("CLA") 1.0
 
-Thank you for your interest in Karaka-Management (the "Company"). In order to clarify the intellectual property license granted with Contributions from any person or entity, the Company must provide a Contributor License Agreement ("CLA") on file that has been made available to each Contributor. This license is for your protection as a Contributor as well as the protection of the Company and its users; it does not change your rights to use your own Contributions for any other purpose.
+Thank you for your interest in Jingga e. K. (the "Company"). In order to clarify the intellectual property license granted with Contributions from any person or entity, the Company must provide a Contributor License Agreement ("CLA") on file that has been made available to each Contributor. This license is for your protection as a Contributor as well as the protection of the Company and its users; it does not change your rights to use your own Contributions for any other purpose.
 
 By contributing to the Company You accept and agree to the following terms and conditions for Your present and future Contributions submitted to the Company. In return, the Company shall not use Your Contributions in a way that is contrary to the public benefit or inconsistent with its bylaws in effect at the time of the Contribution. Except for the license granted herein to the Company and recipients of software distributed by the Company, You reserve all right, title, and interest in and to Your Contributions.
 
diff --git a/Models/Client.php b/Models/Client.php
index f4adcaa..7f1f804 100755
--- a/Models/Client.php
+++ b/Models/Client.php
@@ -15,13 +15,13 @@ declare(strict_types=1);
 namespace Modules\ClientManagement\Models;
 
 use Modules\Admin\Models\Account;
-use Modules\Admin\Models\Address;
-use Modules\Admin\Models\NullAddress;
 use Modules\Editor\Models\EditorDoc;
 use Modules\Payment\Models\Payment;
 use Modules\Profile\Models\ContactElement;
 use Modules\Profile\Models\NullContactElement;
 use Modules\Profile\Models\Profile;
+use phpOMS\Stdlib\Base\Address;
+use phpOMS\Stdlib\Base\NullAddress;
 
 /**
  * Client class.
diff --git a/Models/PermissionCategory.php b/Models/PermissionCategory.php
index 5f843a6..b3a0d4e 100755
--- a/Models/PermissionCategory.php
+++ b/Models/PermissionCategory.php
@@ -29,4 +29,6 @@ abstract class PermissionCategory extends Enum
     public const CLIENT = 1;
 
     public const ANALYSIS = 2;
+
+    public const CLIENT_NOTE = 3;
 }
diff --git a/Theme/Backend/client-profile.tpl.php b/Theme/Backend/client-profile.tpl.php
index 6ad7700..3dce793 100755
--- a/Theme/Backend/client-profile.tpl.php
+++ b/Theme/Backend/client-profile.tpl.php
@@ -133,24 +133,28 @@ echo $this->data['nav']->render();
                         </div>
                         <div class="portlet-body">
                             <table class="layout wf-100">
-                                <?php if (!empty($client->mainAddress->addition)) : ?>
-                                    <tr><td><label for="iName1"><?= $this->getHtml('Addition'); ?></label>
-                                <tr><td><input type="text" id="iName1" name="name1" value="<?= $this->printHtml($client->mainAddress->addition); ?>">
+                                <?php if (!empty($client->mainAddress->fao)) : ?>
+                                    <tr><td><label for="iFAO"><?= $this->getHtml('FAO'); ?></label>
+                                    <tr><td><input type="text" id="iFAO" name="fao" value="<?= $this->printHtml($client->mainAddress->fao); ?>">
                                 <?php endif; ?>
-                                <tr><td><label for="iName1"><?= $this->getHtml('Address'); ?></label>
-                                <tr><td><input type="text" id="iName1" name="name1" value="<?= $this->printHtml($client->mainAddress->address); ?>" required>
-                                <tr><td><label for="iName1"><?= $this->getHtml('Postal'); ?></label>
-                                <tr><td><input type="text" id="iName1" name="name1" value="<?= $this->printHtml($client->mainAddress->postal); ?>" required>
-                                <tr><td><label for="iName1"><?= $this->getHtml('City'); ?></label>
-                                <tr><td><input type="text" id="iName1" name="name1" value="<?= $this->printHtml($client->mainAddress->city); ?>" required>
-                                <tr><td><label for="iName1"><?= $this->getHtml('Country'); ?></label>
-                                <tr><td><select name="country">
+                                <tr><td><label for="iAddress"><?= $this->getHtml('Address'); ?></label>
+                                <tr><td><input type="text" id="iAddress" name="address" value="<?= $this->printHtml($client->mainAddress->address); ?>" required>
+                                <?php if (!empty($client->mainAddress->addressAddition)) : ?>
+                                    <tr><td><label for="iAddition"><?= $this->getHtml('Addition'); ?></label>
+                                    <tr><td><input type="text" id="iAddition" name="addition" value="<?= $this->printHtml($client->mainAddress->addressAddition); ?>">
+                                <?php endif; ?>
+                                <tr><td><label for="iPostal"><?= $this->getHtml('Postal'); ?></label>
+                                <tr><td><input type="text" id="iPostal" name="postal" value="<?= $this->printHtml($client->mainAddress->postal); ?>" required>
+                                <tr><td><label for="iCity"><?= $this->getHtml('City'); ?></label>
+                                <tr><td><input type="text" id="iCity" name="city" value="<?= $this->printHtml($client->mainAddress->city); ?>" required>
+                                <tr><td><label for="iCountry"><?= $this->getHtml('Country'); ?></label>
+                                <tr><td><select id="iCountry" name="country">
                                     <?php foreach ($countryCodes as $code3 => $code2) : ?>
                                         <option value="<?= $this->printHtml($code2); ?>"<?= $this->printHtml($code2 === $client->mainAddress->getCountry() ? ' selected' : ''); ?>><?= $this->printHtml($countries[$code3]); ?>
                                         <?php endforeach; ?>
                                     </select>
-                                <tr><td><label for="iName1"><?= $this->getHtml('Map'); ?></label>
-                                <tr><td><div id="clientMap" class="map" data-lat="<?= $client->mainAddress->lat; ?>" data-lon="<?= $client->mainAddress->lon; ?>"></div>
+                                <tr><td><label for="iClientMap"><?= $this->getHtml('Map'); ?></label>
+                                <tr><td><div id="iClientMap" class="map" data-lat="<?= $client->mainAddress->lat; ?>" data-lon="<?= $client->mainAddress->lon; ?>"></div>
                             </table>
                         </div>
                     </section>