sanitize_orderby( isset( $args['orderby'] ) ? sanitize_key( wp_unslash( $args['orderby'] ) ) : 'name', array( 'name', 'total_quantity', 'available_quantity', 'is_active', 'updated_at' ), 'name' ); $order = $this->sanitize_order( isset( $args['order'] ) ? sanitize_key( wp_unslash( $args['order'] ) ) : 'ASC' ); $sql = "SELECT * FROM {$this->table} WHERE 1=1"; $params = array(); if ( '' !== $search ) { $like = '%' . $this->wpdb->esc_like( $search ) . '%'; $sql .= ' AND (name LIKE %s OR storage_location LIKE %s OR description LIKE %s)'; $params[] = $like; $params[] = $like; $params[] = $like; } if ( in_array( $status, array( 'active', 'inactive' ), true ) ) { $sql .= ' AND is_active = %d'; $params[] = 'active' === $status ? 1 : 0; } $sql .= " ORDER BY {$orderby} {$order}, id DESC"; if ( ! empty( $params ) ) { return $this->wpdb->get_results( $this->wpdb->prepare( $sql, $params ) ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared } return $this->wpdb->get_results( $sql ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared,WordPress.DB.DirectDatabaseQuery.DirectQuery } /** * Save or update one inventory item. * * @param array $data Item payload. * @param int $id Optional item ID. * @return int|false */ public function save_item( $data, $id = 0 ) { $payload = array( 'name' => $data['name'], 'total_quantity' => max( 0, (int) $data['total_quantity'] ), 'available_quantity' => max( 0, (int) $data['available_quantity'] ), 'storage_location' => isset( $data['storage_location'] ) ? $data['storage_location'] : '', 'description' => isset( $data['description'] ) ? $data['description'] : '', 'is_active' => ! empty( $data['is_active'] ) ? 1 : 0, 'updated_at' => $this->now(), ); if ( $payload['available_quantity'] > $payload['total_quantity'] ) { $payload['available_quantity'] = $payload['total_quantity']; } if ( $id > 0 ) { $result = $this->wpdb->update( $this->table, $payload, array( 'id' => absint( $id ) ), array( '%s', '%d', '%d', '%s', '%s', '%d', '%s' ), array( '%d' ) ); return false !== $result ? (int) $id : false; } $payload['created_at'] = $this->now(); $result = $this->wpdb->insert( $this->table, $payload, array( '%s', '%d', '%d', '%s', '%s', '%d', '%s', '%s' ) ); return false !== $result ? (int) $this->wpdb->insert_id : false; } /** * Check whether one item has open loans. * * @param int $item_id Item ID. * @return bool */ public function has_open_loans( $item_id ) { $item_id = absint( $item_id ); $table = $this->loans_table(); if ( $item_id < 1 || '' === $table ) { return false; } $count = (int) $this->wpdb->get_var( $this->wpdb->prepare( "SELECT COUNT(*) FROM {$table} WHERE item_id = %d AND status = %s", $item_id, 'open' ) ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared return $count > 0; } /** * Get total currently borrowed quantity for one item. * * @param int $item_id Item ID. * @return int */ public function get_open_borrowed_quantity( $item_id ) { $item_id = absint( $item_id ); $table = $this->loans_table(); if ( $item_id < 1 || '' === $table ) { return 0; } $sum = (int) $this->wpdb->get_var( $this->wpdb->prepare( "SELECT COALESCE(SUM(borrowed_quantity), 0) FROM {$table} WHERE item_id = %d AND status = %s", $item_id, 'open' ) ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared return max( 0, $sum ); } /** * Borrow an inventory item. * * @param int $item_id Item ID. * @param int $user_id Borrower user ID. * @param int $quantity Quantity. * @param string $due_date Optional due date. * @param string $note Optional note. * @return bool */ public function borrow_item( $item_id, $user_id, $quantity, $due_date = '', $note = '' ) { $item_id = absint( $item_id ); $user_id = absint( $user_id ); $quantity = max( 0, (int) $quantity ); $loan_tab = $this->loans_table(); if ( $item_id < 1 || $user_id < 1 || $quantity < 1 || '' === $loan_tab ) { return false; } $item = $this->find( $item_id ); if ( ! $item || (int) $item->available_quantity < $quantity ) { return false; } $this->wpdb->query( 'START TRANSACTION' ); // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery $inserted = $this->wpdb->insert( $loan_tab, array( 'item_id' => $item_id, 'user_id' => $user_id, 'borrowed_quantity' => $quantity, 'borrowed_at' => $this->now(), 'due_date' => '' !== $due_date ? $due_date : null, 'returned_at' => null, 'note' => $note, 'return_note' => '', 'status' => 'open', 'created_at' => $this->now(), 'updated_at' => $this->now(), ), array( '%d', '%d', '%d', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s' ) ); if ( false === $inserted ) { $this->wpdb->query( 'ROLLBACK' ); // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery return false; } $updated = $this->wpdb->update( $this->table, array( 'available_quantity' => max( 0, (int) $item->available_quantity - $quantity ), 'updated_at' => $this->now(), ), array( 'id' => $item_id ), array( '%d', '%s' ), array( '%d' ) ); if ( false === $updated ) { $this->wpdb->query( 'ROLLBACK' ); // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery return false; } $this->wpdb->query( 'COMMIT' ); // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery return true; } /** * Return one open loan. * * @param int $loan_id Loan ID. * @param string $return_note Optional return note. * @return bool */ public function return_loan( $loan_id, $return_note = '' ) { $loan_id = absint( $loan_id ); $loan_tab = $this->loans_table(); if ( $loan_id < 1 || '' === $loan_tab ) { return false; } $loan = $this->wpdb->get_row( $this->wpdb->prepare( "SELECT * FROM {$loan_tab} WHERE id = %d", $loan_id ) ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared if ( ! $loan || 'open' !== $loan->status ) { return false; } $item = $this->find( (int) $loan->item_id ); if ( ! $item ) { return false; } $this->wpdb->query( 'START TRANSACTION' ); // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery $updated_loan = $this->wpdb->update( $loan_tab, array( 'status' => 'returned', 'returned_at' => $this->now(), 'return_note' => $return_note, 'updated_at' => $this->now(), ), array( 'id' => $loan_id ), array( '%s', '%s', '%s', '%s' ), array( '%d' ) ); if ( false === $updated_loan ) { $this->wpdb->query( 'ROLLBACK' ); // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery return false; } $new_available = min( (int) $item->total_quantity, (int) $item->available_quantity + (int) $loan->borrowed_quantity ); $updated_item = $this->wpdb->update( $this->table, array( 'available_quantity' => $new_available, 'updated_at' => $this->now(), ), array( 'id' => (int) $loan->item_id ), array( '%d', '%s' ), array( '%d' ) ); if ( false === $updated_item ) { $this->wpdb->query( 'ROLLBACK' ); // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery return false; } $this->wpdb->query( 'COMMIT' ); // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery return true; } /** * Get open loans with item and borrower information. * * @return array */ public function get_open_loans() { $table = $this->loans_table(); if ( '' === $table ) { return array(); } $sql = "SELECT l.*, i.name AS item_name, u.display_name AS borrower_name FROM {$table} l LEFT JOIN {$this->table} i ON i.id = l.item_id LEFT JOIN {$this->wpdb->users} u ON u.ID = l.user_id WHERE l.status = %s ORDER BY l.borrowed_at DESC, l.id DESC"; return $this->wpdb->get_results( $this->wpdb->prepare( $sql, 'open' ) ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared } /** * Get latest loan history entries. * * @param int $limit Number of rows. * @return array */ public function get_recent_loans( $limit = 20 ) { $table = $this->loans_table(); $limit = max( 1, min( 200, (int) $limit ) ); if ( '' === $table ) { return array(); } $sql = "SELECT l.*, i.name AS item_name, u.display_name AS borrower_name FROM {$table} l LEFT JOIN {$this->table} i ON i.id = l.item_id LEFT JOIN {$this->wpdb->users} u ON u.ID = l.user_id ORDER BY l.borrowed_at DESC, l.id DESC LIMIT %d"; return $this->wpdb->get_results( $this->wpdb->prepare( $sql, $limit ) ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared } }