From 6d59876f03e37038b2014a0b09c80ebfe2840c9b Mon Sep 17 00:00:00 2001
From: Steve Blamey <sblamey@uzerp.com>
Date: Wed, 8 May 2024 14:52:47 +0100
Subject: [PATCH] PordersController::createinvoice, do not allow multiple
 supplier GRN selections

- Clear saved selections between purchase orders
- Check that GRNs match the supplier on save

Bug: Purchase invoice created for one supplier contains lines from another suppliers order

To reproduce:

- Create invoice from an order and select some lines. Don't save.
- Go to another order for a different supplier, create invoice and select some lines. Save.
- The order for the second supplier now has all the lines selected from both suppliers.

Cancelling or deleting lines will have now impact on the order at this point. Invoiced lines will remain invoiced.

closes #271
---
 .../controllers/PordersController.php             | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/modules/public_pages/erp/order/purchase_order/controllers/PordersController.php b/modules/public_pages/erp/order/purchase_order/controllers/PordersController.php
index ed0dd6b6..e6f6fe12 100755
--- a/modules/public_pages/erp/order/purchase_order/controllers/PordersController.php
+++ b/modules/public_pages/erp/order/purchase_order/controllers/PordersController.php
@@ -1827,9 +1827,14 @@ public function createinvoice()
         $this->view->set('invoicedate', date(DATE_FORMAT));
 
         // get data from persistent selection session
-
         $key = 'purchase_order-porders-createinvoice';
 
+        // Clear any existing selections if the user is coming directly
+        // from the purchase order sidebar.
+        if (isset($this->_data['order_number'])) {
+            unset($_SESSION['persistent_selection'][$key]);
+        }
+
         $selected_rows = array();
         $net_total = 0; // this should be a number... not a string
 
@@ -1892,11 +1897,19 @@ public function saveinvoice()
 
             $rows = $poreceivedlines->load($sh, null, RETURN_ROWS);
 
+            $order_supplier = $this->_data['plmaster_id'];
+
             if ($rows) {
 
                 foreach ($rows as $received_line) {
                     // Create an invoice line for each selected GRN line
                     $supplier = $received_line['plmaster_id'];
+
+                    // Guard against UI bugs that result in GRNs from multiple suppliers being selected
+                    if ($supplier !== $order_supplier) {
+                        $errors[] = "GRN {$received_line['gr_number']} does not belong to this supplier";
+                    }
+
                     $porderline = DataObjectFactory::Factory('POrderLine');
                     $porderline->load($received_line['orderline_id']);