diff --git a/application/controllers/api/frontend/v1/Bank.php b/application/controllers/api/frontend/v1/Bank.php
index f177e318a..e2e5790cc 100644
--- a/application/controllers/api/frontend/v1/Bank.php
+++ b/application/controllers/api/frontend/v1/Bank.php
@@ -13,7 +13,7 @@
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
- * along with this program. If not, see .
+ * along with this program. If not, see .
*/
if (! defined('BASEPATH')) exit('No direct script access allowed');
@@ -38,6 +38,9 @@ class Bank extends FHCAPI_Controller
'postBankData' => self::PERM_LOGGED
));
+ // Load language phrases
+ $this->loadPhrases(array('person'));
+
// Loads model Bankverbindung_model
$this->load->model('person/Bankverbindung_model', 'BankverbindungModel');
}
@@ -67,7 +70,7 @@ class Bank extends FHCAPI_Controller
FROM
public.tbl_bankverbindung bv
WHERE bv.person_id = ?
- ORDER BY update_date DESC, bv.insertamum DESC
+ ORDER BY bv.insertamum DESC, update_date DESC
LIMIT 1',
array($loggedPersonId)
);
@@ -84,11 +87,19 @@ class Bank extends FHCAPI_Controller
*/
public function postBankData()
{
- // Person id of the logged user
+ // UID and Person id of the logged user
+ $loggedUID = getAuthUID();
$loggedPersonId = getAuthPersonId();
// If null then not authenticated then terminate
- if ($loggedPersonId == null) $this->terminateWithError('Not logged user/User without an associated person', self::ERROR_TYPE_AUTH);
+ if ($loggedUID == null) $this->terminateWithError('Not logged user/User without UID', self::ERROR_TYPE_AUTH);
+ if ($loggedPersonId == null) $this->terminateWithError('Not logged user/User without Person Id', self::ERROR_TYPE_AUTH);
+
+ // Loads model Mitarbeiter_model
+ $this->load->model('ressource/Mitarbeiter_model', 'MitarbeiterModel');
+
+ // Checks if the logged user is an amployee, in case stop the execution
+ if ($this->MitarbeiterModel->isMitarbeiter($loggedUID)) $this->terminateWithValidationErrors(array('' => $this->p->t('person', 'notForEmployees')));
// Loads the CI validation library
$this->load->library('form_validation');
@@ -99,7 +110,15 @@ class Bank extends FHCAPI_Controller
$this->form_validation->set_rules(self::IBAN_PARAM, null, array('required', 'alpha_numeric_spaces'));
// Run the validation and checks the result
- if (!$this->form_validation->run()) $this->terminateWithError('The required data are not valid or missing', self::ERROR_TYPE_VALIDATION);
+ if (!$this->form_validation->run()) $this->terminateWithValidationErrors($this->form_validation->error_array());
+
+ // Checks if the provided BIC is fine
+ $bic = preg_replace("/[^A-Za-z0-9 ]/", '', $this->input->post(self::BIC_PARAM));
+ if (!$this->_checkBic($bic)) $this->terminateWithValidationErrors(array('bic' => $this->p->t('person', 'notValidaBIC')));
+
+ // Checks if the provided IBAN is fine using the php-iban library
+ $iban = preg_replace("/[^A-Za-z0-9 ]/", '', $this->input->post(self::IBAN_PARAM));
+ if (!verify_iban($iban)) $this->terminateWithValidationErrors(array('iban' => $this->p->t('person', 'notValidaIBAN')));
// Check if there is at least a record in the bank data table
$bankDataResult = $this->BankverbindungModel->execReadOnlyQuery(
@@ -110,7 +129,7 @@ class Bank extends FHCAPI_Controller
FROM
public.tbl_bankverbindung bv
WHERE bv.person_id = ?
- ORDER BY update_date DESC, bv.insertamum DESC
+ ORDER BY bv.insertamum DESC, update_date DESC
LIMIT 1',
array($loggedPersonId)
);
@@ -128,10 +147,11 @@ class Bank extends FHCAPI_Controller
getData($bankDataResult)[0]->bankverbindung_id,
array(
'name' => $this->input->post(self::BANK_NAME_PARAM),
- 'bic' => $this->input->post(self::BIC_PARAM),
- 'iban' => $this->input->post(self::IBAN_PARAM),
+ 'bic' => $bic,
+ 'iban' => $iban,
'updateamum' => 'NOW()',
'verrechnung' => true,
+ 'updatevon' => $loggedUID,
'typ' => 'p'
)
);
@@ -147,6 +167,7 @@ class Bank extends FHCAPI_Controller
'iban' => $this->input->post(self::IBAN_PARAM),
'insertamum' => 'NOW()',
'verrechnung' => true,
+ 'insertvon' => $loggedUID,
'typ' => 'p'
)
);
@@ -158,5 +179,14 @@ class Bank extends FHCAPI_Controller
// If everything was fine then return a success
$this->terminateWithSuccess('Database updated');
}
+
+ /**
+ * Generic BIC check
+ */
+ private function _checkBic($bic)
+ {
+ // Check if the provided BIC is fine
+ return preg_match("^([a-zA-Z]){4}([a-zA-Z]){2}([0-9a-zA-Z]){2}([0-9a-zA-Z]{3})?$^", $bic) == 1;
+ }
}
diff --git a/composer.json b/composer.json
index 216d315d9..dd0ca8c5f 100644
--- a/composer.json
+++ b/composer.json
@@ -443,7 +443,8 @@
"vuejs/vuejs3": "3.3.8",
"vuejs/vuerouter4": "4.1.3",
"vuejs/vuedatepicker_js": "7.2.0",
- "vuejs/vuedatepicker_css": "7.2.0"
+ "vuejs/vuedatepicker_css": "7.2.0",
+ "globalcitizen/php-iban": "^4.2"
},
"config": {
"bin-dir": "vendor/bin"
diff --git a/composer.lock b/composer.lock
index 27132ecff..4b82bfa97 100644
--- a/composer.lock
+++ b/composer.lock
@@ -4,7 +4,7 @@
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
"This file is @generated automatically"
],
- "content-hash": "01ea35652d88680f8262c5365828eb46",
+ "content-hash": "c8657e3fd4c04892bc4e86cd11c8cc51",
"packages": [
{
"name": "afarkas/html5shiv",
@@ -955,6 +955,41 @@
"abandoned": true,
"time": "2020-12-11T09:56:16+00:00"
},
+ {
+ "name": "globalcitizen/php-iban",
+ "version": "v4.2.3",
+ "source": {
+ "type": "git",
+ "url": "https://github.com/globalcitizen/php-iban.git",
+ "reference": "d8d2b7c60ba01286fc625763618760aa3b684c00"
+ },
+ "dist": {
+ "type": "zip",
+ "url": "https://api.github.com/repos/globalcitizen/php-iban/zipball/d8d2b7c60ba01286fc625763618760aa3b684c00",
+ "reference": "d8d2b7c60ba01286fc625763618760aa3b684c00",
+ "shasum": ""
+ },
+ "require": {
+ "php": "^5.4 || ^5.5 || ^5.6 || ^7.0 || ^7.4 || ^8.0 || ^8.1"
+ },
+ "type": "library",
+ "autoload": {
+ "files": [
+ "oophp-iban.php",
+ "php-iban.php"
+ ]
+ },
+ "notification-url": "https://packagist.org/downloads/",
+ "license": [
+ "LGPL-3.0-only"
+ ],
+ "description": "php-iban is a library for parsing and validating IBAN (and IIBAN) bank account information.",
+ "support": {
+ "issues": "https://github.com/globalcitizen/php-iban/issues",
+ "source": "https://github.com/globalcitizen/php-iban/tree/v4.2.3"
+ },
+ "time": "2024-03-25T00:37:02+00:00"
+ },
{
"name": "joeldbirch/superfish",
"version": "1.7.9",
diff --git a/public/js/components/Cis/BankData.js b/public/js/components/Cis/BankData.js
index 4d8c90198..4f5142d9a 100644
--- a/public/js/components/Cis/BankData.js
+++ b/public/js/components/Cis/BankData.js
@@ -34,6 +34,7 @@ export default {
},
methods: {
save() {
+ this.$refs.form.clearValidation();
this.$refs.form.factory.bankData.postBankData(this.bankName, this.bic, this.iban)
.then(result => {
this.$emit('saved', result.data);
@@ -63,36 +64,40 @@ export default {