AQQA#52750 - tmpl_logo.gif aangepast

svn path=/Website/branches/v2017.2/; revision=37492

APPL/ALG/alg_district_list.inc

@@ -131,6 +131,11 @@ function district_list(pautfunction, params)
       sqln += " AND d.alg_district_key = " + dis_key;
       }
 
+   if (params.distr_descr)
+      {
+        sqln += " AND UPPER(d.alg_district_omschrijving) LIKE " + safe.quoted_sql_wild(params.distr_descr + "%");
+      }
+
    else if (reg_key)
       {
       sqln += " AND d.alg_regio_key = " + reg_key;

APPL/ALG/alg_district_search.asp

@@ -52,10 +52,14 @@ var authparams = alg.checkAutorisation();
                                                                   regiokey: regio_key,
                                                                   districtkey: district_key,
                                                                   startlevel: 0, // Regio
-                                                                  eindlevel: 1, // District
+                                                                  eindlevel: 0, // Regio
                                                                   whenEmpty: L("lcl_search_generic")
                                                                 });
 %>
+              <tr class="primsearch">
+                <td class="label"><label><%=L("lcl_estate_district_man_descr")%>:</label></td>
+                <td><input type="text" class="wildcard" id="distr_descr" name="distr_descr" value=""></td>
+              </tr>
               </table>
             </td><!-- end column 1 -->
             <td class="searchkolom2">

APPL/ALG/alg_district_search_list.asp

@@ -4,9 +4,9 @@
      $Id$
 
     File:        alg_district_search_list.asp
-    Description: 
-    Parameters: 
-    Context:     
+    Description:
+    Parameters:
+    Context:
     Note:
 */ %>
 
@@ -23,12 +23,14 @@ var outputmode = getQParamInt("outputmode", 0); //  0 = screen, 1 = print, 2 = e
 var showall = getQParamInt("showall", 0) == 1;
 var reg_key = getQParamInt("regiokey", -1); // Regio
 var dis_key = getQParamInt("districtkey", -1); // District
+var distr_descr = getQParam("distr_descr", ""); // Districtomschrijving
 
 district_list ( "*",
               {  outputmode: outputmode,
                  showall: showall,
                  reg_key: (reg_key != -1? reg_key : null),
-                 dis_key: (dis_key != -1? dis_key : null)
+                 dis_key: (dis_key != -1? dis_key : null),
+                 distr_descr: distr_descr
               }
              );
 %>

APPL/ALG/alg_edit_gebouw.asp

@@ -188,7 +188,7 @@ else
                        label: L("lcl_delivery_address"),
                        adresKey:  mld_adres,
                        emptyOption: "",
-                       filtcode: "A",
+                       filtercode: "A",
                        readonly: !this_alg.writeman
                     }) ;
         manRWFIELD("bld_x",  "fld",          L("lcl_geoxcoord"),        bld_x, {maxlength: 25});

APPL/ALG/alg_locatie_list.inc

@@ -195,11 +195,13 @@ function locatie_list(pautfunction, params)
     {
       sqln += " AND d.alg_regio_key = " + reg_key;
     }
-    
-    if (params.loc_code)
-        sqln += " AND UPPER(l.alg_locatie_code) LIKE " + safe.quoted_sql_wild(params.loc_code + "%");    
 
-    sqln += " ORDER BY l.alg_locatie_upper ASC "
+    if (params.loc_code)
+        sqln += " AND UPPER(l.alg_locatie_code) LIKE " + safe.quoted_sql_wild(params.loc_code + "%");
+    if (params.loc_descr)
+        sqln += " AND UPPER(l.alg_locatie_omschrijving) LIKE " + safe.quoted_sql_wild(params.loc_descr + "%");
+
+    sqln += " ORDER BY UPPER(alg_district_omschrijving), UPPER(alg_locatie_code)";
 
     var addurl = "appl/alg/alg_locatie.asp";
 //  addurl += buildTransitParam(["loc_key", "bld_key", "flo_key", "room_key"], params)  // TODO: welke allemaal?

APPL/ALG/alg_locatie_search.asp

@@ -53,7 +53,7 @@ var authparams = alg.checkAutorisation();
                                                                   districtkey: district_key,
                                                                   locatiekey: locatie_key,
                                                                   startlevel: 1, // District
-                                                                  eindlevel: 2, // locatie
+                                                                  eindlevel: 2, // Locatie
                                                                   whenEmpty: L("lcl_search_generic")  // want filter
                                                                 });
 %>
@@ -61,6 +61,10 @@ var authparams = alg.checkAutorisation();
                 <td class="label"><label><%=L("lcl_estate_locatie_man_code")%>:</label></td>
                 <td><input type="text" class="wildcard" id="loc_code" name="loc_code" value=""></td>
               </tr>
+              <tr class="primsearch">
+                <td class="label"><label><%=L("lcl_estate_locatie_man_descr")%>:</label></td>
+                <td><input type="text" class="wildcard" id="loc_descr" name="loc_descr" value=""></td>
+              </tr>
               </table>
             </td><!-- end column 1 -->
 

APPL/ALG/alg_locatie_search_list.asp

@@ -3,10 +3,10 @@
      $Revision$
      $Id$
 
-    File:       
-    Description: 
-    Parameters:  
-    Context:     
+    File:
+    Description:
+    Parameters:
+    Context:
     Note:
 */ %>
 
@@ -26,6 +26,7 @@ var reg_key = getQParamInt("regiokey", -1); // Regio
 var dis_key = getQParamInt("districtkey", -1); // District
 var loc_key = getQParamInt("locatiekey", -1); // Locatie
 var loc_code = getQParam("loc_code", ""); // Locatiecode
+var loc_descr = getQParam("loc_descr", ""); // Locatienaam
 
 locatie_list ( "*",
               {  outputmode: outputmode,
@@ -33,7 +34,8 @@ locatie_list ( "*",
                  reg_key: (reg_key != -1? reg_key : null),
                  dis_key: (dis_key != -1? dis_key : null),
                  loc_key: (loc_key != -1? loc_key : null),
-                 loc_code: loc_code,                 
+                 loc_code: loc_code,
+                 loc_descr: loc_descr,
                  noref: (noref != -1? noref : null)
               }
              );

APPL/ALG/alg_ruimte.asp

@@ -114,7 +114,7 @@ else
       var insman_read = authparamsINSMAN;
       if (insman_read)
       {
-          var page4="../INS/ins_list.asp?embedded=1&tiny=1&ruimtekey=" + room_key
+          var page4="../INS/ins_list.asp?embedded=1&tiny=1&inacObjIncl=1&ruimtekey=" + room_key
           IFRAMER("insdeel", page4, { initHeight: "450px" } );
       }
       var authparamsCNTUSE = user.checkAutorisation("WEB_CNTUSE", true);

APPL/ALG/alg_show_gebouw.asp

@@ -89,10 +89,9 @@ oRs.Close();
 <%  if (S("alg_fg_remote_maps") != "" && bld_x && bld_y) { %>
       function openMaps(bldKey)
       {
-          fwnd = window.open('../cad/ShowGoogleMap.asp?bld_key=' + bldKey, 'FGShow',
+          FcltMgr.windowopen('../cad/ShowGoogleMap.asp?bld_key=' + bldKey, 'FGShow',
                              "width=800, height=600, directories=no, location=no, menubar=no,"
                            + "resizable=yes, status=no, titlebar=yes, toolbar=no");
-          fwnd.focus()
           return;
       }
 <%  } %>
@@ -129,7 +128,7 @@ oRs.Close();
                            { gebouwkey: bld_key,
                              startlevel: 2, //Locatie
                              eindlevel: 3, // Gebouw
-                             moreinfo: true,
+                             moreinfo: true,  // wel beetje suf om door te linken naar jezelf
                              readonly: true
                            });
         sql = "SELECT alg_srtgebouw_key"
@@ -145,7 +144,11 @@ oRs.Close();
                        suppressEmpty: true,
                        readonly: true
                      });
-        ROFIELDTR("fld", L("lcl_estate_gebouw_man_code"), bld_code, {suppressEmpty:true});
+        params = { infoPointer: { Url: "appl/shared/status_info.asp?bld_key=" + bld_key,
+                                  Title: L("lcl_status_details") + " " + bld_naam
+                                }
+                 }
+        ROFIELDTR("fld", L("lcl_estate_gebouw_man_code"), bld_code, params);
         ROFIELDTR("fld", L("lcl_estate_gebouw_man_opmerk"), bld_opmerk, {suppressEmpty:true});
         sql = "SELECT prs_kostenplaats_key"
             + "     , k.prs_kostenplaats_nr || ' ' || k.prs_kostenplaats_omschrijving"

APPL/ALG/alg_show_locatie.asp

@@ -86,10 +86,9 @@ oRs.Close();
 <%  if (S("alg_fg_remote_maps") != "" && loc_x && loc_y) {  %>
       function openMaps(locKey)
       {
-          fwnd = window.open('../cad/ShowGoogleMap.asp?loc_key=' + locKey, 'FGShow',
+          FcltMgr.windowopen('../cad/ShowGoogleMap.asp?loc_key=' + locKey, 'FGShow',
                              "width=800, height=600, directories=no, location=no, menubar=no,"
                            + "resizable=yes, status=no, titlebar=yes, toolbar=no");
-          fwnd.focus()
           return;
       }
 <%  } %>

APPL/ALG/alg_srtruimte.asp

@@ -289,7 +289,7 @@ else if (srtruimte_key > 0 && mode == "delete")
             target="hidFrameSubmit"
             onSubmit="alg_submit()">
 <%
-        BLOCK_START("algInfo", safe.html(L("lcl_general_properties")));
+        BLOCK_START("algInfo", L("lcl_general_properties"));
 
             ROFIELDTR(                  "fld",      L("lcl_key"),                     srtruimte_key);
             myFIELD("omschrijving",     "fld",      L("lcl_descr"),                   srtr_info.alg_srtruimte_omschrijving, { translate: {fld: "mld_afmeldtekst_naam", key: srtruimte_key} });

APPL/API/api_mldsoap.asp

@@ -17,6 +17,7 @@
     THIS_FILE = "appl/api/api_mldsoap.asp";
 %>
 <!-- #include file="../Shared/common.inc" -->
+<!-- #include file="../Shared/kenmerk_common.inc" -->
 <!-- #include file="../Shared/xml_converter.inc" -->
 <!-- #include file="../Shared/save2db.inc" -->
 <!-- #include file="../Shared/flexfiles.inc" -->
@@ -38,6 +39,7 @@ var xmlReq = Server.CreateObject("MSXML2.DOMDocument.6.0");
 if (API.apidata.stylesheet)
 {
     var iXsl = Server.CreateObject("MSXML2.DOMDocument.6.0");
+    iXsl.resolveExternals = true; // XSL kan includes hebben
     if( ! iXsl.load(Server.MapPath(API.apidata.stylesheet)) )
     {
         API.error("Could not load XSL " + API.apidata.stylesheet + "\n" + iXsl.parseError.reason);
@@ -86,6 +88,7 @@ var meldingen = xmlReq.getElementsByTagName("melding");
 for (i = 0; i < meldingen.length; i++)
 {
   resultcode = -1;
+  resulttekst = "";
   // Lees per node de (optionele) tags en waarden.
   var fields = []; // Bij te werken velden.
   var ext_id        = meldingen[i].getAttribute("key");
@@ -262,9 +265,12 @@ for (i = 0; i < meldingen.length; i++)
         if (meld_oms)
           fields.push({ dbs: "mld_melding_omschrijving",  typ: "varchar",   val: meld_oms,     track: L("lcl_mld_inf_Omschrijving"),  len: 4000 });
 
-        var mldUpd = buildTrackingUpdate("mld_melding", "mld_melding_key = " + mld_key, fields, { noValidateToken: true });
-        Oracle.Execute(mldUpd.sql);
-        mld.trackmeldingupdate(mld_key, L("lcl_mld_is_updatedbysoap").format(mld_key) + "\n" + mldUpd.trackarray.join("\n"));
+        if (fields.length>0)
+        {
+            var mldUpd = buildTrackingUpdate("mld_melding", "mld_melding_key = " + mld_key, fields, { noValidateToken: true });
+            Oracle.Execute(mldUpd.sql);
+            mld.trackmeldingupdate(mld_key, L("lcl_mld_is_updatedbysoap").format(mld_key) + "\n" + mldUpd.trackarray.join("\n"));
+        }
 
         // De kenmerken.
         upsertKenmerk(mldkenmerken, stdmld_key, mld_key);
@@ -441,11 +447,20 @@ for (i = 0; i < meldingen.length; i++)
           {
              __DoLog(pResult.errmsg, "#00FF00");
           }
+          // De hookfunctie kan de stdmelding aanpassen.
+          if (pResult.stdmld_key)
+          {
+             // check de paden van de flexfiles als de stdmeldingkey aangepast is
+             mld.keepFlexDocuments(mld_key, stdmld_key, pResult.stdmld_key);
+          }
         }
       } // end geldige stdmld_key
     } // end insert
   } // end geldige ext_id
 
+  if (resultcode > 0)
+    __DoLog("api_mldsoap fail.\nResultcode: {0}\nReturntekst: {1}".format(resultcode, resulttekst), "#00FF00");
+
   var binfo = {returncode: resultcode,
                returntekst: resulttekst,
                // executed:sql,   // debug

APPL/API/api_opdrsoap.asp

@@ -55,9 +55,14 @@ if ("ORDremark" in API.apidata.options)
 var tsql = "-";     // Voor tijdelijke statement.
 var sql = "-";      // De uiteindelijke insert/update-sql.
 var xmlReq = Server.CreateObject("MSXML2.DOMDocument.6.0");
+
+//if (API.apidata.loglevel) __Log2File(Request, API.APIname + "_IN1");
+
 if (API.apidata.stylesheet)
 {
   var iXsl = Server.CreateObject("MSXML2.DOMDocument.6.0");
+  iXsl.resolveExternals = true; // XSL kan includes hebben
+
   if( ! iXsl.load(Server.MapPath(API.apidata.stylesheet)) )
   {
       API.error("Could not load XSL " + API.apidata.stylesheet + "\n" + iXsl.parseError.reason);
@@ -79,7 +84,18 @@ if (API.apidata.stylesheet)
   inputXML.transformNodeToObject(iXsl, xmlReq);
 }
 else
+{
   xmlReq.load(Request);
+  if (xmlReq.parseError.errorCode != 0)
+  {
+    __DoLog( "Error loading XML: "
+                 + xmlReq.parseError.errorCode
+                 + "\n" + xmlReq.parseError.reason
+                 + " regel " + xmlReq.parseError.line
+                 + "(" + xmlReq.parseError.linepos + ")"
+             , "#ff0000");
+  }
+}
 
 if (API.apidata.loglevel) __Log2File(xmlReq.xml, API.APIname + "_TUSSEN");
 
@@ -140,6 +156,7 @@ for (i=0; i < opdrachten.length; i++)
   var meldingtekst    = XMLval(opdrachten[i], "meldingtekst"); // NEW
   var onderwerp       = XMLval(opdrachten[i], "onderwerp"); // NEW
   var opdr_kpn        = XMLval(opdrachten[i], "kostenplaats");
+  var flag            = parseInt(XMLval(opdrachten[i], "flag"), 10);
 
   var txt_mut_datum   = XMLval(opdrachten[i], "mut_datum"); // UPD
   var opdrstatus      = XMLval(opdrachten[i], "status"); // UPD
@@ -183,6 +200,7 @@ for (i=0; i < opdrachten.length; i++)
   {
      voor_key = oRs("prs_perslid_key").value;
   }
+  oRs.Close();
 
   // Kijk of er een opdracht bestaat met dit externe opdracht nummer.
   // Ben je bang dat het nummer vaker voorkomt dan kun je deze prefixen in de xsl
@@ -200,6 +218,7 @@ for (i=0; i < opdrachten.length; i++)
      // Als het externe opdracht nummer al bestaat weten we zeker dat het om een update gaat.
      opdraction = "update";
   }
+  oRs.Close();
 
   if (opdraction == "insert")
   {
@@ -231,6 +250,12 @@ for (i=0; i < opdrachten.length; i++)
               resulttekst = "Undefined stdmelding " + stdm_key;
             }
 
+            if (isNaN(voor_key))
+            {
+              resultcode = 3;
+              resulttekst = "Undefined 'voor': " + voor_email;
+            }
+
             // Hier heb ik een geldige stdm_key.
             if (resultcode == -1) // Nog steeds geen fouten.
             { // Bepaal kostenplaats via voor-user
@@ -384,6 +409,12 @@ for (i=0; i < opdrachten.length; i++)
         fields.push({ dbs: "mld_opdr_omschrijving",      typ: "varchar",  val: opdrachttekst, len: 4000 });
       }
 
+      // Flag, ignore if invalid
+      if (!isNaN(flag) && flag >= 0 && flag < S("mld_opdracht_flags"))
+      {
+        fields.push({ dbs: "mld_opdr_flag",      typ: "number",  val: flag });
+      }
+
       var mldIns = buildInsert("mld_opdr", fields, { noValidateToken: true });
       var sql = mldIns.sql;
       var err = Oracle.Execute(sql, true);
@@ -404,7 +435,7 @@ for (i=0; i < opdrachten.length; i++)
       mld.updatemeldingstatus (mld_key, 0);
     }
   }
-  else if (opdraction == "update")
+  else if (opdraction == "update" || opdraction == "note")
   {   // Bestaande opdracht zoeken
     var idarr = opdrid.split('/');
     mld_key = parseInt(idarr[0], 10);
@@ -433,6 +464,13 @@ for (i=0; i < opdrachten.length; i++)
       }
       oRs.Close();
     }
+    if (opdraction == "note" && resultcode == -1) // Nog steeds geen fouten.
+    {
+       tsql = "INSERT INTO mld_opdr_note(mld_opdr_key, prs_perslid_key, mld_opdr_note_omschrijving)"
+            + " VALUES (" + opdr_key + "," + user_key + "," + safe.quoted_sql(opdropmerking) + ")";
+       Oracle.Execute(tsql);
+       resultcode = 0;   // we zijn klaar.
+    }
   }
   else
   {
@@ -530,6 +568,13 @@ for (i=0; i < opdrachten.length; i++)
       if (autoorder) // Ooit: net als appendRemark via json configureerbaar maken?
         mld_fields.push({ dbs: "mld_melding_einddatum",  typ: "date",    val: opdrgereeddate, track: L("lcl_mld_enddate") });
     }
+
+    // Flag, ignore if invalid
+    if (!isNaN(flag) && flag >= 0 && flag < S("mld_opdracht_flags"))
+    {
+      opdr_fields.push({ dbs: "mld_opdr_flag",  typ: "number",    val: flag });
+    }
+
     // We weten nu de updates, straks voeren we deze pas uit
     // Eerst de eventuele statuswijzigingen
     var newstatus = -1;
@@ -781,6 +826,10 @@ for (i=0; i < opdrachten.length; i++)
   {
     resultcode = 0; // Ik heb gedaan wat ik moest en mocht doen voor deze opdracht.
   }
+  else if (resultcode > 0)
+  {
+    __DoLog("api_opdrsoap fail.\nResultcode: {0}\nReturntekst: {1}".format(resultcode, resulttekst), "#00FF00");
+  }
 
   var binfo = {
                returncode: resultcode,

APPL/API/shorturl.asp

@@ -152,6 +152,11 @@ __Log("== Entering shorturl.asp ==");
         }
 
         var url = oRs("fac_bookmark_path").Value;
+        if (url.indexOf("{$*}") > 0) // default.asp?Jumpto=cust/uwva/pacta.asp{$*}
+        {
+            url = url.replace("{$*}", safe.url("?" + rest));
+            rest = "";
+        }
         var refresher = oRs("fac_bookmark_refreshtime").Value;
         var bookmark_naam = oRs("fac_bookmark_naam").Value;
 

APPL/API2/TESTER/api2_tester.asp

@@ -39,7 +39,7 @@ var fac_id = Request.QueryString("fac_id").Count > 0&&String(Request.QueryString
     <body style='background-color:#E5EAF1; font-family: Helvetica; font-size: 0.8em;'>
         <form method="post" onsubmit="doSubmit();return false;">
           <table>
-            <th colspan="2">FACILITOR API2 tester  -  FOR INTERNAL USE ONLY [ <a href="<%=safe.htmlattr(HTTP.urlzelf())%>/api2/" target="_blank">API reference</a> ]</th>
+            <th colspan="2">FACILITOR API2 tester  -  FOR INTERNAL USE ONLY [ <a href="<%=safe.htmlattr(HTTP.urlzelf())%>/api2/" target="_blank" rel="noopener noreferrer">API reference</a> ]</th>
             <tr><td><label>Format</label></td>
                 <td><input type='radio' id='format' name='format' value='json' checked='1'>json</input>
                     <input type='radio' id='format' name='format' value='xml'>xml</input>

APPL/API2/api2.inc

@@ -12,6 +12,7 @@
 */
 %>
 <!-- #include file="../Shared/save2db.inc" -->
+<!-- #include file="api2_tools.inc" -->
 <%
 api2 = {
     form2JSONdata: function _form2JSONdata(model, params, formfields) // Maak een jsondata-object voor gebruik vanuit model_xxx.inc
@@ -176,6 +177,9 @@ api2 = {
                             continue;
                         if (filterval < 0 && field.typ == "key")
                             continue;
+                        if (filter == "like" && typeof filterval == "string" &&
+                           (filterval.toUpperCase() == "NULL" || filterval.toUpperCase() == "NOT NULL"))
+                            continue; // niet compatible met "like" filter
                     }
 
                     // Voor ranges komt de naam (misschien) niet letterlijk voor, maar (mogelijk) met start_ of end_ ervoor
@@ -188,11 +192,19 @@ api2 = {
                             filterval1 = filterval;
                         if ((filterval1 === "" || filterval1 === null) && (filterval2 === "" || filterval2 === null))
                             continue;
+                        if (typeof filterval1 == "string" && (filterval1.toUpperCase() == "NULL" || filterval1.toUpperCase() == "NOT NULL"))
+                            continue; // niet compatible met "range" filter
                     }
                     // Nu is ook voor ranges alles weer normaal
                     var clause;
                     var operand = " = ";
-                    switch (field.typ)
+                    if (filterval && typeof filterval == "string" &&
+                       (filterval.toUpperCase() == "NULL" || filterval.toUpperCase() == "NOT NULL"))
+                    {
+                        operand = " IS ";
+                        var safe_val = filterval;
+                    }
+                    else switch (field.typ)
                     {
                         case "key":
                             if (!filterval)
@@ -302,6 +314,8 @@ api2 = {
                                 var safe_val = 0;
                             else
                                 var safe_val = parseInt(filterval, 10);
+                            if (field.invert)
+                                safe_val = (safe_val==1?0:1);
                             if (isNaN(safe_val))
                             {
                                 return ["0=1"]; // niets gevonden
@@ -775,10 +789,12 @@ api2 = {
                             if (field.foreign.desc_is_unique) // Dan mag je die bij saven ook opgeven
                             {
                                 field.typ = "sql";
-                                newval = "(SELECT {0} FROM {1} WHERE {2} = {3})".format(field.foreign.key,
-                                                                                        field.foreign.tbl,
-                                                                                        field.foreign.desc,
-                                                                                        safe.quoted_sql(newval.name));
+                                var where = "{0} = {1}".format(field.foreign.desc, safe.quoted_sql(newval.name));
+                                if (typeof field.foreign.desc_is_unique == "string")
+                                    where += " AND " + field.foreign.desc_is_unique;
+                                newval = "(SELECT {0} FROM {1} WHERE {2})".format(field.foreign.key,
+                                                                                  field.foreign.tbl,
+                                                                                  where);
                             }
                         }
                     }
@@ -878,11 +894,14 @@ api2 = {
                             existing_includes[inckey].found = true;
                         }
                     }
-                    for (oldi in existing_includes)
+                    if (!incmodel.keyfield) // niet voor custom_fields
                     {
-                        if (!existing_includes[oldi].found)
+                        for (oldi in existing_includes)
                         {
-                            incmodel.REST_DELETE(params, oldi);
+                            if (!existing_includes[oldi].found)
+                            {
+                                incmodel.REST_DELETE(params, oldi);
+                            }
                         }
                     }
                 }
@@ -894,6 +913,8 @@ api2 = {
         }
     },
     // Geeft de GET terug van een enkel veld
+    // Onder bepaalde omstandigheden wordt deze functie *heel* veel aangroepen
+    // Houd hem daarom efficient.
     sql2jsonval: function _sql2jsonval(oRs, fld, model)
     {
         var field = model.fields[fld];
@@ -901,26 +922,27 @@ api2 = {
         if (field.val instanceof Function)
             var val = field.val(oRs, field, model, sqlfieldname);
         else if (field.dbs.indexOf(".") < 0)
-        {
             var val = oRs(sqlfieldname).Value;
-        }
         else
             var val = oRs(field.dbs.split(".")[1]).Value;
 
-        if (field.typ == "check" || field.typ == "check0")
-        {
-            if (field.invert)
-                val = (val==1?0:1);
-        }
-
-        if (val === null)
+        if (val === null && !field.invert)
             return val;
-        if (field.typ == "date")
-            val = new Date(val);
-        if (field.typ == "datetime")
-            val = new Date(val);
-        if (field.typ == "time") // In de database ondersteunen we dit niet maar komt voor bij fac_report
-            val = new Date(val);
+
+        switch (field.typ)
+        {
+            case "check":
+            case "check0":
+                if (field.invert)
+                    val = (val==1?0:1);
+                return val;
+                break;
+            case "date":
+            case "datetime":
+            case "time": // In de database ondersteunen we dit niet maar komt voor bij fac_report
+                return new Date(val);
+            break;
+        }
         // Wat te doen met lege waarde
         //  action: null
         //  action: {key: null, name: null}
@@ -1068,10 +1090,10 @@ api2 = {
         var oRs = Oracle.Execute(sql, params.errmsg);
         if (params.errmsg && oRs.friendlyMsg)
         {
-                var record = {};
-                record[model.list.columns[0]] = oRs.friendlyMsg;
-                data.push(record);
-                return data;
+            var record = {};
+            record[model.list.columns[0]] = oRs.friendlyMsg;
+            data.push(record);
+            return data;
         }
 
         var lastkey = 0;
@@ -1084,6 +1106,8 @@ api2 = {
             limit = params.filter.limit;
         if (params.filter.nolimit || limit == -1)
             limit = 99999999; // Excel/CSV alles tonen
+
+        var to_skip = params.filter.offset || 0;
         while (!oRs.Eof)
         {
             if (data.length >= limit) // Alleen nog maar tellen
@@ -1102,6 +1126,7 @@ api2 = {
                 oRs.MoveNext();
                 continue;
             }
+            var newrecord = true;
             if (model.primary)
             {
                 var key = oRs(model.primary).Value;
@@ -1114,13 +1139,18 @@ api2 = {
 
                     if (lastkey && !isEmptyObject(record)) // Record was er mogelijk uit gefilterd
                     {
-                        data.push(record);
+                        if (to_skip > 0)
+                            to_skip --;
+                        else
+                            data.push(record);
                         total_count ++;
                         if (data.length == limit)
                             continue; // alleen nog tellen, 'volgende' record niet meer opbouwen
                     }
                     var record = {};
                 }
+                else
+                    newrecord = false; // er komen nog wel include-records achteraan
             }
 
             // Complexe filtering die we niet voor elkaar kregen met een WHERE-clause
@@ -1135,21 +1165,24 @@ api2 = {
             }
 
             var fld;
-            for (fld in model.fields)
+            if (newrecord) // dan moeten de velden van het basis model eerst
             {
-                if (fld.substring(0,1) == "_")
-                    continue;
-                var field = model.fields[fld];
-                if (field.hidden)
-                    continue;
-                if ("fields" in params.filter && !inArray(fld, params.filter.fields.split(",")))
-                    continue;
+                for (fld in model.fields)
+                {
+                    if (fld.substring(0,1) == "_")
+                        continue;
+                    var field = model.fields[fld];
+                    if (field.hidden)
+                        continue;
+                    if ("fields" in params.filter && !inArray(fld, params.filter.fields.split(",")))
+                        continue;
 
-                var val = api2.sql2jsonval(oRs, fld, model)
-                //waarom was dit aanwezig?
-                //if (field.readonly && !val.id)
-                //    continue;
-                record[fld] = val;
+                    var val = api2.sql2jsonval(oRs, fld, model)
+                    //waarom was dit aanwezig?
+                    //if (field.readonly && !val.id)
+                    //    continue;
+                    record[fld] = val;
+                }
             }
             if (params.include && model.includes)
             {
@@ -1207,6 +1240,7 @@ api2 = {
             }
             oRs.MoveNext();
         }
+        oRs.Close();
         if (lastkey && data.length < limit)
         {
             total_count ++;
@@ -1215,11 +1249,11 @@ api2 = {
         if ("merged_model" in model) // de disc_params truc
         {
             model.merged_model.limit = limit;
-            //model.offset = offset;
+            model.merged_model.offset = params.filter.offset || 0;
             model.merged_model.total_count = total_count;
         }
         model.limit = limit;
-        //model.offset = offset;
+        model.offset = params.filter.offset || 0;
         model.total_count = total_count;
         return data;
     },
@@ -1438,7 +1472,10 @@ function generic_REST_GET(model, gparams)
                 for (var i = 0; i < params.orderby.length; i++)
                 {
                     var field = model.fields[params.orderby[i]];
-                    orderbys.push(field._foreignname || field.dbs);
+                    if (field.sql)
+                        orderbys.push(field.sql);
+                    else
+                        orderbys.push(field._foreignname || field.dbs);
                 }
             }
 
@@ -1560,7 +1597,7 @@ function generic_REST_POST(model, gparams)
 
             var err = Oracle.Execute(xxxIns.sql, true);
             if (err.friendlyMsg)
-                abort_with_warning(err.friendlyMsg);
+                api2.error(400, err.friendlyMsg); // Veronderstel Bad Request
 
             var inctrack = api2.process_includes(params, model, jsondata, the_key);
 
@@ -1612,22 +1649,29 @@ function generic_REST_PUT(model, gparams)
                 jsondata_dp[model.disc_params.joinfield] = the_key;
             }
 
-            var dbfields = api2.update_fields(params, model, jsondata);
-            var wheres = [model.fields["id"].dbs + "  = " + the_key];
-            var xxxUpd = buildTrackingUpdate(model.table, wheres.join(" AND " ), dbfields, { noValidateToken: true });
-            // TODO: Generieke tracking?
-
-            if (xxxUpd) // Misschien geen velden opgegeven.
+            if (params.custom_fields_only)
             {
-                var err = Oracle.Execute(xxxUpd.sql, true);
-                if (err.friendlyMsg)
-                    abort_with_warning(err.friendlyMsg);
-                if (model.trackcode)
-                    shared.trackaction(model.trackcode, the_key, xxxUpd.trackarray.join("\n"));
+                var xxxUpd = { trackarray: [] };
+            }
+            else
+            {
+                var dbfields = api2.update_fields(params, model, jsondata);
+                var wheres = [model.fields["id"].dbs + "  = " + the_key];
+                var xxxUpd = buildTrackingUpdate(model.table, wheres.join(" AND " ), dbfields, { noValidateToken: true });
+                // TODO: Generieke tracking?
+
+                if (xxxUpd) // Misschien geen velden opgegeven.
+                {
+                    var err = Oracle.Execute(xxxUpd.sql, true);
+                    if (err.friendlyMsg)
+                        api2.error(400, err.friendlyMsg); // Veronderstel Bad Request
+                    if (model.trackcode && xxxUpd.trackarray.length > 0)
+                        shared.trackaction(model.trackcode, the_key, L("lcl_updated") + "\n" + xxxUpd.trackarray.join("\n"));
+                }
             }
             var inctrack = api2.process_includes(params, model, jsondata, the_key);
 
-            if ("disc_params" in model)
+            if (!params.custom_fields_only && "disc_params" in model)
             {
                 // Nu de one-on-one tabel
                 var dbfields = api2.update_fields(params, model.disc_params.model, jsondata_dp);
@@ -1637,7 +1681,7 @@ function generic_REST_PUT(model, gparams)
                 {
                     var err = Oracle.Execute(xxxUpd.sql, true);
                     if (err.friendlyMsg)
-                        abort_with_warning(err.friendlyMsg);
+                        api2.error(400, err.friendlyMsg); // Veronderstel Bad Request
                 }
             }
 
@@ -1672,7 +1716,7 @@ function generic_REST_DELETE(model, gparams)
 
             var err = Oracle.Execute(sql, true);
             if (err.friendlyMsg)
-                abort_with_warning(err.friendlyMsg);
+                api2.error(400, err.friendlyMsg); // Veronderstel Bad Request
 
             return { key: the_key, warning: "" };
         }

APPL/API2/api2_dispatch.inc

@@ -55,7 +55,7 @@ var api2_mapper = {
     "emailsettings"           : { "filename": "appl/mgt/fac_email_setting.asp" },
     "exportfunctions"         : { "filename": "appl/mgt/fac_export_app.asp" },
     "authorizationfunctions"  : { "filename": "appl/mgt/fac_functie.asp" },
-    "authorizationgroups"     : { "filename": "appl/mgt/fac_groep.asp" },
+    "authorizationgroups"     : { "filename": "appl/api2/api_authorizationgroups.asp" },
     "authorizations"          : { "filename": "appl/mgt/fac_groeprechten.asp", "nodoc": true },
     "identityproviders"       : { "filename": "appl/mgt/aut_idp.asp" },
     "importfunctions"         : { "filename": "appl/mgt/fac_import_app.asp" },
@@ -82,7 +82,8 @@ var api2_mapper = {
     "servicelevels"           : { "filename": "appl/mgt/mld_dienstniveau.asp" },
     "issuedisciplines"        : { "filename": "appl/mgt/mld_discipline.asp" },
     "unproductivetimes"       : { "filename": "appl/mgt/mld_impropdr.asp" },
-    "issueproperties"         : { "filename": "appl/mgt/mld_kenmerk.asp" },
+    "issueproperties"         : { "filename": "appl/mgt/mld_mld_kenmerk.asp" },
+    "issueorderproperties"    : { "filename": "appl/mgt/mld_kenmerk.asp" },
     "expenses"                : { "filename": "appl/mgt/mld_kosten.asp" },
     "callsources"             : { "filename": "appl/mgt/mld_meldbron.asp" },
     "disciplinetypes"         : { "filename": "appl/mgt/mld_srtdiscipline.asp" },
@@ -94,7 +95,8 @@ var api2_mapper = {
     "workflowsteps"           : { "filename": "appl/mgt/mld_workflowstep.asp", "nodoc": true },
     "workflowexpressions"     : { "filename": "appl/mgt/mld_workflow_expression.asp" },
     "issuedisciplines"        : { "filename": "appl/api2/api_issuedisciplines.asp",         "module": "MLD" },
-    "orders"                  : { "filename": "appl/api2/api_orders.asp",                   "module": "MLD" },
+//    "orders"                  : { "filename": "appl/api2/api_orders.asp",                   "module": "MLD" },
+    "orders"                  : { "filename": "appl/bgt/mld_opdr.asp",                      "module": "MLD" },
     "issues"                  : { "filename": "appl/api2/api_issues.asp",                   "module": "MLD" },
     "issuetypes"              : { "filename": "appl/api2/api_issuetypes.asp",               "module": "MLD" },
     "pinboardcategories"      : { "filename": "appl/mgt/mrk_discipline.asp" },
@@ -105,7 +107,7 @@ var api2_mapper = {
     "costtypegroups"          : { "filename": "appl/mgt/prs_kostensoortgrp.asp" },
     "costcentregroups"        : { "filename": "appl/mgt/prs_kostenplaatsgrp.asp" },
     "costcentres"             : { "filename": "appl/mgt/prs_kostenplaats.asp" },
-    "persons"                 : { "filename": "appl/mgt/prs_perslid.asp", "nodoc": true },
+    "persons"                 : { "filename": "appl/api2/api_persons.asp", "nodoc": true },
     "mandates"                : { "filename": "appl/mgt/prs_perslidkostenplaats.asp" },
     "relationtypes"           : { "filename": "appl/mgt/prs_relatietype.asp" },
     "employeefunctions"       : { "filename": "appl/mgt/prs_srtperslid.asp" },
@@ -143,6 +145,8 @@ var api2_mapper = {
     "reports"                 : { "filename": "appl/api2/api_reports.asp",                  "module": "FAC", "nodoc": true },
     "invoices"                : { "filename": "appl/api2/api_invoices.asp",                 "module": "FIN" },
     "objects"                 : { "filename": "appl/api2/api_objects.asp",                  "module": "INS" },
+    "inspections"             : { "filename": "appl/api2/api_ins_deelsrtcontrole.asp",      "module": "INS" },
+    "statehistory"            : { "filename": "appl/mgt/ins_deel_state_history.asp",        "module": "INS" },
     "companies"               : { "filename": "appl/api2/api_companies.asp",                "module": "PRS" },
     "departments"             : { "filename": "appl/mgt/prs_afdeling.asp",                  "module": "PRS" },
 

APPL/API2/api2_rest.inc

@@ -18,47 +18,22 @@ var DEZE = this;
 api2_rest = {
     authenticate: function _authenticate()
     {
-        var APIKEY;
-        if (S("fac_api_key_in_url"))
-            APIKEY = getQParam("APIKEY", "");
-        if (!APIKEY && Request.ServerVariables("HTTP_X_FACILITOR_API_KEY").Count)
-            APIKEY = String(Request.ServerVariables("HTTP_X_FACILITOR_API_KEY")); // Meegegeven als X-FACILITOR-API-Key
-
-        if (!APIKEY && Session("user_key") > 0)
+        var method = String(Request.ServerVariables("REQUEST_METHOD"));
+        if (method != "GET" && Session("stateless") != 1) // Vereis dan wel het CSRF token
         {
-            user_key = Session("user_key"); // Hierdoor is de API intern te gebruiken zonder authenticatie
-            var method = String(Request.ServerVariables("REQUEST_METHOD"));
-            if (method != "GET") // Vereis dan wel het CSRF token
-            {
-                var token = Request.ServerVariables("HTTP_X_CSRF_TOKEN").Count   // Meegegeven als X-CSRF-TOKEN
-                                ? String(Request.ServerVariables("HTTP_X_CSRF_TOKEN"))
-                                : "";
-                protectRequest.validateToken(token);
-            }
+            var token = Request.ServerVariables("HTTP_X_CSRF_TOKEN").Count   // Meegegeven als X-CSRF-TOKEN
+                            ? String(Request.ServerVariables("HTTP_X_CSRF_TOKEN"))
+                            : "";
+            protectRequest.validateToken(token);
         }
-        else
+        if (user_key < 0)
         {
-            if (Session("user_key") > 0)
-                {} // Tijdens ontwikkeling heb je soms in tweede tab de GUI open. Laat dat ongemoeid.
-            else
-                Session.Abandon(); // Altijd, voor de zekerheid
-
-            var sql = "SELECT prs_perslid_key, prs_perslid_naam, prs_perslid_oslogin"
-                    + "  FROM prs_perslid"
-                    + " WHERE prs_perslid_verwijder IS NULL"
-                    + "   AND prs_perslid_apikey = " + safe.quoted_sql(APIKEY);
-            var oRs = Oracle.Execute(sql);
-            if (oRs.Eof || !APIKEY)
-            {
-                Response.Status = "401 Unauthorized";
-                // Sommige applicaties kunnen in reactie hierop een b64 encoded username:password sturen
-                // Die onderscheppen wij in LoginTry.asp uiteindelijk
-                if (S("basic_auth_realm"))
-                    Response.AddHeader("WWW-Authenticate", "Basic realm=\"" + S("basic_auth_realm") + "\"");
-                Response.End;
-            };
-            __Log("API2 User is: {0} ({1})".format(oRs("prs_perslid_naam").Value, oRs("prs_perslid_oslogin").Value));
-            /* global */ user_key = oRs("prs_perslid_key").Value;
+            Response.Status = "401 Unauthorized";
+            // Sommige applicaties kunnen in reactie hierop een b64 encoded username:password sturen
+            // Die onderscheppen wij in LoginTry.asp uiteindelijk
+            if (S("basic_auth_realm"))
+                Response.AddHeader("WWW-Authenticate", "Basic realm=\"" + S("basic_auth_realm") + "\"");
+            Response.End;
 
             if (typeof NO_ADDHEADER == "undefined" && Request.Servervariables("HTTP_FCLT_VERSION").Count > 0)
             {   // wordt opgepikt door FCLTAPI.DLL voor in de logging en daarna gestript. Niet in Fiddler dus
@@ -93,7 +68,6 @@ api2_rest = {
             oRs.Close()
         }
 
-        /* global */ user = new Perslid(user_key); // wordt mogelijk nog overruled door imporsonate
         CheckForLogging(Request.QueryString("logging")); // Nu pas kan autorisatie via user gecontroleerd worden
     },
 
@@ -160,6 +134,12 @@ api2_rest = {
             /* global */ JSON_Result = true; // Zelf doen we er niets mee maar
                                              // shared.simple_page kijkt er naar
 
+        var orgError = api2.error;
+        api2.error = function (code, msg)
+        {
+            api2_rest.plugin.error_handler(code, msg, orgError);
+        }
+
         api2_rest.authenticate();
         // Kip-ei: de omzetting naar new model() mag pas als je geauthenticeerd bent
         // Hierboven willen we het echter al wel meegeven
@@ -175,20 +155,32 @@ api2_rest = {
             Response.Status = "405 Method not allowed";
             Response.End;
         }
-        if (!("REST_" + method in model))
+
+        var key = getQParamInt("id", -1); // Voor POST/PUT/DELETE
+
+        var jsondata = {};
+        var filter = shared.qs2json(model);
+        filter = api2_rest.plugin.transform_filter(filter);
+        var requestparams = { filter: filter, include: getQParamArray("include", []) };
+        if (filter.mode == "attachment" && !("includes" in model && "custom_fields" in model.includes))
+            api2.error(400, "Attachment not supported for this model");
+
+        if (filter.mode == "attachment")
+        {
+            if (key > 0 && method == "POST") // het bestand mag dan wel nieuw zijn (POST is van toepassing),
+                method = "PUT";              // intern is het een update van een bestaand record, dus PUT
+        }
+
+        if (!("REST_" + method in model) || !model["REST_" + method])
         {
             Response.Status = "501 Not Implemented";
             // TODO The response MUST include an Allow header containing a list of valid methods for the requested resource.
             Response.End;
         }
-        var jsondata = {};
-        var filter = shared.qs2json(model);
-        filter = api2_rest.plugin.transform_filter(filter);
-        var requestparams = { filter: filter, include: getQParamArray("include", []) };
 
         if (/PUT|POST/.test(method)) // Dan is er in de body data meegestuurd
         {
-            if (filter.mode == "attachment" && "custom_fields" in model.includes)
+            if (filter.mode == "attachment")
             {
                 // Body bevat application/octet-stream, dat lezen we later wel uit
             }
@@ -250,7 +242,6 @@ api2_rest = {
             }
         }
 
-        var key = getQParamInt("id", -1); // Voor POST/PUT/DELETE
         var isSingle = /PUT|POST|DELETE/.test(method) || (key > 0);  // PUT, POST en DELETE altijd single
 
         if (outputformat == "doc")
@@ -304,10 +295,13 @@ api2_rest = {
         {
             if (method == "DELETE")
             {
+                if (!(key > 0))
+                    api2.error(400, "Missing id");
                 var result = model["REST_" + method]( requestparams, key );
             }
-            else if (filter.mode == "attachment" && "custom_fields" in model.includes)
-            {   // GET/PUT/POST https://xxxx.facilitor.nl/trunk/api2/visitors/99685/attachments/1040/testfile.jpg"
+            else if (filter.mode == "attachment")
+            {   // GET/PUT/POST https://xxxx.facilitor.nl/api2/visitors/99685/attachments/1040/testfile.jpg" bestaande folder
+                // POST https://xxxx.facilitor.nl/api2/issues/0/attachments/1040/testfile.jpg" nieuw object, maakt TEMP aan
                 if (wasCodePage != 65001)
                 {
                     // Door de IIS rewriter is de filenaam in de url utf-8 encoded
@@ -341,17 +335,40 @@ api2_rest = {
                 {
                     var bytes = Request.TotalBytes;
                     if (bytes == 0)
-                    { // TODO
-                        //__DoLog("api_gen_import empty body posted", "#ffff00");
-                        //Response.Write("Error: no data posted for API import");
-                        //Response.End; // Grof maar anders AiAi, dat is nog erger
-                    }
+                        api2.error(400, "Empty file");
+
                     var fileStream = Server.CreateObject("ADODB.Stream");
                     fileStream.Type = 1; // adTypeBinary eerst nog
                     fileStream.Open();
-                    fileStream.Write(Request.BinaryRead(bytes));
+                    try
+                    {
+                        fileStream.Write(Request.BinaryRead(bytes));
+                    }
+                    catch(e)
+                    {
+                        var msg = L("lcl_shared_upload_error_start") + e.description + L("lcl_shared_upload_error_end");
+                        api2.error(400, msg);
+                    }
                     jsondata["custom_fields"][0]["attachments"][0].datastream = fileStream;
+                    if (key == 0) // new record
+                    {
+                        var token = model.includes["custom_fields"].model.REST_POST(requestparams, jsondata.custom_fields[0], -1);
+                        var record = { xflexparentkey: -1, propertyid: jsondata.custom_fields[0].propertyid};
+                        var fileparams = { getFiles: true, api2name: null, tmpfolder: token };
+                    }
+                    else
+                    {
+                        requestparams.custom_fields_only = true; // Voorkom bij nieuwe bijlage onnodige update vam hele issue
+                        model["REST_" + method](requestparams, jsondata, key); // via het hoofdmodel met authorisatie controle en alles
+                        var record = { xflexparentkey: key, propertyid: jsondata.custom_fields[0].propertyid};
+                        var fileparams = { getFiles: true, api2name: model.records_name };
+                    }
+                    var data = model.includes["custom_fields"].model.get_file_info(requestparams, record, fileparams );
+
+                    api2_rest.deliver(data, /* dummy model */ { record_name: "attachment" }, outputformat, true);
+                    return;
                 }
+                // Geen atachment dus door met de reguliere code
                 var data = model["REST_" + method](requestparams, jsondata, key);
                 if (method == "GET")
                 {
@@ -370,6 +387,8 @@ api2_rest = {
             }
             else if (model.record_name in jsondata) // een enkel record
             {
+                if (!(key > 0))
+                    api2.error(400, "Missing id");
                 if (jsondata[model.record_name] instanceof Array)
                     api2.error(400, "{0} should be single record only.".format(method))
 
@@ -440,7 +459,7 @@ api2_rest = {
             {
                 result.total_count = model.total_count;
                 result.limit = model.limit;
-                result.offset = 0;
+                result.offset = model.offset;
                 result[model.records_name] = data;
             }
 
@@ -613,8 +632,12 @@ api2_rest = {
 
         // str_antwoord heeft nu het te versturen antwoord
         // Bepaal eTag
-        var oCrypto = new ActiveXObject("SLNKDWF.Crypto");
-        var eTag = '"' + oCrypto.hex_sha1(String(S("cache_changecounter")) + "_" + str_antwoord).toLowerCase() + '"';
+        var eTag = api2_rest.plugin.get_eTag({}, resultdata);
+        if (!eTag)
+        {
+            var oCrypto = new ActiveXObject("SLNKDWF.Crypto");
+            var eTag = '"' + oCrypto.hex_sha1(String(S("cache_changecounter")) + "_" + str_antwoord).toLowerCase() + '"';
+        }
         Response.AddHeader("ETag", eTag);
         if (Request.ServerVariables("HTTP_IF_NONE_MATCH") == eTag)
         {   // We hebben een match! Effectief besparen wel alleen op dataverkeer, de queries zijn al geweest
@@ -749,7 +772,7 @@ api2_rest = {
             var arrayElement = xmlDoc.createElement(rootname);
             arrayElement.setAttribute("total_count", model.total_count);
             arrayElement.setAttribute("limit", model.limit);
-            arrayElement.setAttribute("offset", 0);
+            arrayElement.setAttribute("offset", model.offset);
 
             for (var i = 0; i < data.length; i++)
                 arrayElement.appendChild(record2json(data[i], record_name));
@@ -857,6 +880,16 @@ api2_rest = {
             hook = null;
             return outdata;
         },
+        error_handler: function(code, msg, orgHandler)
+        {
+            var hook = api2_rest.find_plugin();
+            if ("error_handler" in hook)
+                outdata = hook.error_handler(code, msg, orgHandler);
+            else
+                outdata = orgHandler(code, msg);
+            hook = null;
+            return outdata;
+        },
         transform_incoming: function(params, data)
         {
             var outdata = data;
@@ -876,6 +909,15 @@ api2_rest = {
                 outdata = hook.transform_outgoing(params, data);
             hook = null;
             return outdata;
+        },
+        get_eTag: function(params, data)
+        {
+            var outdata = null;
+            var hook = api2_rest.find_plugin();
+            if ("get_eTag" in hook)
+                outdata = hook.get_eTag(params, data);
+            hook = null;
+            return outdata;
         }
     }
 }
@@ -898,7 +940,7 @@ function RequestJSON()
     catch (e)
     {
         result = { error: e.description || (e.message + ": " + e.name) };
-        __DoLog("JSON eval faalt met: '{0}'\n{1}".format(result, jvraag), "ffff00");
+        __DoLog("JSON eval faalt met: '{0}'\n{1}".format(result.error, jvraag), "ffff00");
         return result ;
     }
     return { json: vraag };
@@ -932,7 +974,13 @@ function BytesToStr(bytes)
     stream.type = 2; // Text
     stream.charset = "utf-8";
 
-    var sOut = stream.readtext();
+    // Als onverhoopt toch windows-1252 is gestuurd met diacrieten gaf
+    // stream.readtext() een 'The parameter is incorrect'
+    // Vreemd genoeg lijkt het expliciet meegeven van een lengte dat te voorkomen.
+    // Die mag zelfs gewoon veel 'te lang' zijn.
+    // Merk op dat we windows-1252 niet ondersteunen, je moet echt utf-8 sturen
+    // (we hadden waarschijnlijk ook 99999999 kunnen kiezen)
+    var sOut = stream.readtext(stream.Size * 2);
     stream.close;
     return sOut;
 }

APPL/API2/api2_tools.inc

@@ -2,13 +2,14 @@
     $Revision$
     $Id$
 
-    File:           mgt_tools.inc
+    File:           api2_tools.inc
 
     Description:
 
     Context:
 
-    Notes:
+    Notes:          voorheen mgt/mgt_tools.inc maar de functies zijn essentieel
+                    voor vele modellen dus moet het in api2_tools.inc
 */
 %>
 <%

APPL/API2/api_authorizationgroups.asp

@@ -0,0 +1,26 @@
+<%@ language = "JavaScript" %>
+<% /*
+    $Revision$
+    $Id$
+
+    File:           api_authorizationgroups.asp
+
+    Description:    ALG_GEBOUW API
+    Parameters:
+    Context:        Door een remote systeem (geen persoon) om info uit FACILITOR te halen aan te roepen
+
+    Notes:          Eigen bestand zodat we internal: true kunnen meegeven
+*/
+    DOCTYPE_Disable = true;
+    ANONYMOUS_Allowed = 1; // Eigenlijk niet waar. We regelen echter alles zelf
+    THIS_FILE = "appl/api/api_authorizationgroups.asp";
+
+%>
+<!-- #include file="../Shared/common.inc" -->
+<!-- #include file="./api2_rest.inc" -->
+<!-- #include file="../Shared/json2.js" -->
+<!-- #include file="./model_fac_groep.inc" -->
+<%
+    var groep = new model_fac_groep(null, { internal: true }); // internal zodat PUT/POST/DELETE ook kunnen
+    api2_rest.process(groep);
+%>

APPL/API2/api_ins_deelsrtcontrole.asp

@@ -0,0 +1,25 @@
+<%@ language = "JavaScript" %>
+<% /*
+    $Revision$
+    $Id$
+
+    File:           api_ins_deelsrtcontrole.asp
+
+    Description:    Inspecties model
+    Parameters:
+    Context:        Door een remote systeem (geen persoon) om info uit FACILITOR te halen aan te roepen
+
+    Notes:
+*/
+    DOCTYPE_Disable = true;
+    ANONYMOUS_Allowed = 1; // Eigenlijk niet waar. We regelen echter alles zelf
+    THIS_FILE = "appl/api/api_ins_deelsrtcontrole.asp";
+
+%>
+<!-- #include file="../Shared/common.inc" -->
+<!-- #include file="./api2_rest.inc" -->
+<!-- #include file="../Shared/json2.js" -->
+<!-- #include file="./model_ins_deelsrtcontrole.inc" -->
+<%
+    api2_rest.process(model_ins_deelsrtcontrole);
+%>

APPL/API2/api_persons.asp

@@ -0,0 +1,26 @@
+<%@ language = "JavaScript" %>
+<% /*
+    $Revision$
+    $Id$
+
+    File:           api_persons.asp
+
+    Description:    ALG_GEBOUW API
+    Parameters:
+    Context:        Door een remote systeem (geen persoon) om info uit FACILITOR te halen aan te roepen
+
+    Notes:          Eigen bestand zodat we internal: true kunnen meegeven
+*/
+    DOCTYPE_Disable = true;
+    ANONYMOUS_Allowed = 1; // Eigenlijk niet waar. We regelen echter alles zelf
+    THIS_FILE = "appl/api/api_persons.asp";
+
+%>
+<!-- #include file="../Shared/common.inc" -->
+<!-- #include file="./api2_rest.inc" -->
+<!-- #include file="../Shared/json2.js" -->
+<!-- #include file="./model_prs_perslid.inc" -->
+<%
+    var perslid = new model_prs_perslid({ internal: true }); // internal zodat PUT/POST/DELETE ook kunnen
+    api2_rest.process(perslid);
+%>

APPL/API2/model_aut_client.inc

@@ -17,7 +17,7 @@ function model_aut_client(params)
     this.record_name = "autclient";
     this.table = "aut_client";
     this.primary = "aut_client_key";
-    this.autfunction = "WEB_FACFAC";
+    this.autfunction = params.internal?false:"WEB_FACTAB";
     this.record_title = L("aut_client");
     this.records_title = L("aut_client_m");
 
@@ -32,7 +32,8 @@ function model_aut_client(params)
             "dbs": "aut_client_id",
             "label": L("aut_client_code"),
             "typ": "varchar",
-            "filter": "exact"
+            "filter": "exact",
+            "caseinsensitive": true
         },
         "name": {
             "dbs": "aut_client_omschrijving",
@@ -58,6 +59,12 @@ function model_aut_client(params)
             "typ": "varchar",
             "defaultvalue": shared.random(32),
             "secret": true
+        },
+        "company": {
+            "dbs": "prs_bedrijf_key",
+            "label": L("prs_bedrijf_key"),
+            "typ": "key",
+            "foreign": "PRS_BEDRIJF"
         }
 /*        ,
         "redirect_uri": {
@@ -74,12 +81,8 @@ function model_aut_client(params)
               };
 
     this.REST_GET    = generic_REST_GET(this);
-    if (params.internal) // Dan geloof ik het wel
-    {
-        this.autfunction = false;
-        this.REST_POST   = generic_REST_POST(this);
-        this.REST_PUT    = generic_REST_PUT(this);
-        this.REST_DELETE = generic_REST_DELETE(this);
-    }
+    this.REST_POST   = generic_REST_POST(this);
+    this.REST_PUT    = generic_REST_PUT(this);
+    this.REST_DELETE = generic_REST_DELETE(this);
 }
 %>

APPL/API2/model_aut_client_perslid.inc

@@ -15,7 +15,7 @@ function model_aut_client_perslid(params)
     this.table = "aut_client_perslid";
     this.primary = "aut_client_perslid_key";
     this.autSELF = "person";
-    this.autfunction = "WEB_FACFAC";
+    this.autfunction = params.self?false:"WEB_FACFAC";
     this.record_title = L("aut_client_perslid");
     this.records_title = L("aut_client_perslid_m");
 
@@ -38,12 +38,23 @@ function model_aut_client_perslid(params)
                 "desc": "aut_client_omschrijving"
             }
         },
+        "registrationdate": {
+            "dbs": "aut_client_perslid_aanmaak",
+            "label": L("aut_client_perslid_aanmaak"),
+            "typ": "datetime",
+            "readonly": "true"
+        },
         "device_id": {
             "dbs": "aut_client_perslid_device_id",
-            "label": L("aut_client_perslid_device"),
+            "label": L("aut_client_perslid_device_id"),
             "typ": "varchar",
             "filter": "exact"
         },
+        "device_name": {
+            "dbs": "aut_client_perslid_device_name",
+            "label": L("aut_client_perslid_device_name"),
+            "typ": "varchar"
+        },
         "scope": {
             "dbs": "aut_client_perslid_scope",
             "label": L("aut_client_perslid_scope"),
@@ -95,7 +106,7 @@ function model_aut_client_perslid(params)
     };
 
     this.list = {
-        "columns": ["person", "scope", "device"]
+        "columns": ["person", "scope", "device_id", "accessdate", "login"]
     };
 
     this.REST_GET    = generic_REST_GET(this);
@@ -106,5 +117,20 @@ function model_aut_client_perslid(params)
         this.REST_PUT    = generic_REST_PUT(this);
         this.REST_DELETE = generic_REST_DELETE(this);
     }
+/*
+TODO: je eigen device_name mogen bewerken en registratie mogen verwijderen
+    if (params.self) // Alleen device_name bewerken
+    {
+        for (var fld in this.fields)
+        {
+            if (fld != 'device_name')
+            {
+                this.fields[fld].readonly = true;
+                if (!inArray(fld,["autclient", "autclient","registrationdate", "refreshdate"]))
+                    this.fields[fld].hidden_fld = true;
+            }
+        }
+    }
+*/
 }
 %>

APPL/API2/model_aut_idp_map.inc

@@ -53,10 +53,12 @@ function model_aut_idp_map(params)
                  + ";9;" + L("lcl_prs_person_email")
                  + ";10;" + L("lcl_prs_person_phone")
                  + ";11;" + L("lcl_prs_person_mobile")
+                 + ";12;" + L("prs_perslid_externid")
 
                  // De foreign's
                  + ";20;" + L("lcl_prs_person_function")
                  + ";21;" + L("lcl_prs_organisatie")
+                 + ";22;" + L("lcl_prs_profile")
                  //+ kostenplaats ondersteunen we niet, dat is in FACILITOR een organisatie of mandatering
 
                  // ";99;prs_perslid_key" gereserveerd voor intern gebruik

APPL/API2/model_aut_sp.inc

@@ -0,0 +1,116 @@
+<% /*
+    $Revision$
+    $Id$
+
+    File:           model_aut_sp.inc
+    Description:
+    Notes:
+*/
+
+%>
+<!-- #include file="./model_aut_sp_map.inc" -->
+<%
+function model_aut_sp(params)
+{
+    params = params || {};
+    this.records_name = "serviceproviders";
+    this.record_name = "serviceprovider";
+    this.table = "aut_sp";
+    this.primary = "aut_sp_key";
+    this.autfunction = params.internal?false:"WEB_FACTAB";
+    this.record_title = L("aut_sp");
+    this.records_title = L("aut_sp_m");
+
+    this.fields = {
+        "id": {
+            "dbs": "aut_sp_key",
+            "label": L("lcl_key"),
+            "typ": "key",
+            "seq": "aut_s_aut_sp_key"
+        },
+        "code": {
+            "dbs": "aut_sp_code",
+            "label": L("aut_sp_code"),
+            "typ": "varchar",
+            "filter": "exact"
+        },
+        "name": {
+            "dbs": "aut_sp_omschrijving",
+            "label": L("aut_sp_omschrijving"),
+            "typ": "varchar",
+            "required": true
+        },
+        "type": {
+            "dbs": "aut_sp_type",
+            "label": L("aut_sp_type"),
+            "typ": "key",
+            "required": true,
+            "LOV": L("aut_sp_typeLOV") // TODO?
+        },
+        "remark": {
+            "dbs": "aut_sp_opmerking",
+            "label": L("aut_sp_opmerking"),
+            "typ": "memo"
+        },
+        "secret": {
+            "dbs": "aut_sp_secret",
+            "label": L("aut_sp_secret"),
+            "typ": "varchar",
+            "defaultvalue": shared.random(32),
+            "secret": true
+        },
+        "audience": {
+            "dbs": "aut_sp_audience",
+            "label": L("aut_sp_audience"),
+            "typ": "varchar",
+            "placeholder": customerId + ".facilitor.nl"
+        },
+        "redirecturi": {
+            "dbs": "aut_sp_redirect_uri",
+            "label": L("aut_sp_redirect_uri"),
+            "typ": "varchar",
+            "placeholder": customerId + ".facilitor.nl"
+        },
+        "issuer": {
+            "dbs": "aut_sp_issuer",
+            "label": L("aut_sp_issuer"),
+            "typ": "varchar"
+        },
+        "algorithm": {
+            "dbs": "aut_sp_algorithm",
+            "label": L("aut_sp_algorithm"),
+            "typ": "varchar"
+        },
+        "authorization": {
+            "dbs": "fac_functie_key",
+            "label": L("aut_sp_functie_key"),
+            "typ": "key",
+            "foreign": "fac_functie"
+        },
+        "loglevel": {
+            "dbs": "aut_sp_loglevel",
+            "label": L("aut_sp_loglevel"),
+            "typ": "number",
+            "defaultvalue": 0
+        },
+        "internal": {
+            "dbs": "aut_sp_internal",
+            "label": L("aut_sp_internal"),
+            "typ": "check0",
+            "readonly": true
+        }
+    }
+
+    this.includes =
+               {  "spmappings": { model: new model_aut_sp_map(),
+                                  joinfield: "serviceprovider",
+                                  enable_update: true
+                                }
+              };
+
+    this.REST_GET    = generic_REST_GET(this);
+    this.REST_POST   = generic_REST_POST(this);
+    this.REST_PUT    = generic_REST_PUT(this);
+    this.REST_DELETE = generic_REST_DELETE(this);
+}
+%>

APPL/API2/model_aut_sp_map.inc

@@ -2,38 +2,39 @@
     $Revision$
     $Id$
 
-    File:           model_fac_sp_map.inc
+    File:           model_aut_sp_map.inc
     Description:    Door sp 'released attributes'
     Notes:
 */
 
-function model_fac_sp_map()
+function model_aut_sp_map(params)
 {
+    params = params || {};
     this.records_name = "spmappings";
     this.record_name = "spmapping";
-    this.table = "fac_sp_map";
-    this.primary = "fac_sp_map_key";
-    this.autfunction = "WEB_FACFAC";
-    this.record_title = L("fac_sp_map");
-    this.records_title = L("fac_sp_map_m");
+    this.table = "aut_sp_map";
+    this.primary = "aut_sp_map_key";
+    this.autfunction = params.internal?false:"WEB_FACTAB";
+    this.record_title = L("aut_sp_map");
+    this.records_title = L("aut_sp_map_m");
 
     this.fields = {
         "id": {
-            "dbs": "fac_sp_map_key",
+            "dbs": "aut_sp_map_key",
             "label": L("lcl_key"),
             "typ": "key",
-            "seq": "fac_s_fac_sp_map_key"
+            "seq": "fac_s_aut_sp_map_key"
         },
         "serviceprovider": {
-            "dbs": "fac_sp_key",
-            "label": L("fac_sp"),
+            "dbs": "aut_sp_key",
+            "label": L("aut_sp"),
             "typ": "key",
             "hidden_fld": true,
             "required": true
         },
         "name": {
-            "dbs": "fac_sp_map_from",
-            "label": L("fac_sp_map_from"),
+            "dbs": "aut_sp_map_from",
+            "label": L("aut_sp_map_from"),
             "typ": "key",
             "required": true,
             "LOV":   "1;"   + L("lcl_prs_person_login")
@@ -48,8 +49,8 @@ function model_fac_sp_map()
                   + ";101;" + L("fac_groeprechten_m")
         },
         "to": {
-            "dbs": "fac_sp_map_to",
-            "label": L("fac_sp_map_to"),
+            "dbs": "aut_sp_map_to",
+            "label": L("aut_sp_map_to"),
             "typ": "varchar",
             "required": true
         }

APPL/API2/model_bes_kenmerk.inc

@@ -4,13 +4,14 @@
 
     File:           model_bes_kenmerk.inc
 
-    Description:    Vanuit CodeCharge gegenereerd model voor bes_kenmerk
+    Description:    Model voor bes_kenmerk
 
     Context:
 
     Notes:
 */
 %>
+<!-- #include file="model_bes_srtkenmerk.inc"-->
 <%
 
 function model_bes_kenmerk(params)
@@ -165,6 +166,11 @@ function model_bes_kenmerk(params)
         }
     };
 
+    this.getPropertyType = function (kenmerkdata)
+    {
+        var typedata = api2.GET(new model_bes_srtkenmerk({internal: params.internal}), kenmerkdata.orderpropertytype.id);
+        return typedata;
+    }
 
     function buildBESKenmerkNiveauList()
     {

APPL/API2/model_bes_srtkenmerk.inc

@@ -13,14 +13,15 @@
 %>
 <%
 
-function model_bes_srtkenmerk()
+function model_bes_srtkenmerk(params)
 {
+    params = params || {};
     this.records_name = "orderpropertytypes";
     this.record_name = "orderpropertytype";
     this.table = "bes_srtkenmerk";
     this.primary = "bes_srtkenmerk_key";
     this.soft_delete = "bes_srtkenmerk_verwijder";
-    this.autfunction = "WEB_BESMGT";
+    this.autfunction = params.internal?false:"WEB_BESMGT";
     this.record_title = L("bes_srtkenmerk");
     this.records_title = L("bes_srtkenmerk_m");
 

APPL/API2/model_bez_kenmerk.inc

@@ -90,8 +90,11 @@ function model_bez_kenmerk(params)
         },
         "system": {
             "dbs": "bez_kenmerk_systeem",
-            "label": L("mgt_srtkenmerk_systeem"),
-            "typ": "check"
+            "label": L("mgt_kenmerk_systeem"),
+            "typ": "number",
+            "LOV": L("mgt_kenmerk_systeemLOV"),
+            "defaultvalue": 0,
+            "required": true
         },
         "length": {
             "dbs": "bez_kenmerk_lengte",

APPL/API2/model_bgt_budget.inc

@@ -14,6 +14,7 @@
 <!-- #include file="../bgt/bgt_tools.inc" -->
 <!-- #include file="../api2/model_bgt_budgetmutatie.inc" -->
 <%
+var v_checkauth = getQParamInt("id", 0) > 0;
 
 function model_bgt_budget()
 {
@@ -41,8 +42,8 @@ function model_bgt_budget()
             "typ": "key",
             "required": true,
             "insertonly": true,
-            "foreign": bgt_budgetdiscipline_foreign(),
-            "emptyoption": null
+            "foreign": bgt_budgetdiscipline_foreign(v_checkauth),
+            "showtransit": true
         },
         "budgetproject": {
             "dbs": "bgt_project_key",
@@ -51,15 +52,16 @@ function model_bgt_budget()
             "required": true,
             "insertonly": true,
             "foreign": bgt_budgetproject_foreign(),
-            "emptyoption": null
+            "showtransit": true
         },
         "budgetcostcategory": {
             "dbs": "bgt_kostenrubriek_key",
             "label": L("bgt_kostenrubriek_oms"),
             "typ": "key",
-            "required": false,
+            "required": true,
             "insertonly": true,
-            "foreign": bgt_budgetcostcategory_foreign()
+            "foreign": bgt_budgetcostcategory_foreign(),
+            "showtransit": true
         },
         "costtypegroup": {
             "dbs": "prs_kostensoortgrp_key",
@@ -68,6 +70,7 @@ function model_bgt_budget()
             "required": false,
             "insertonly": true,
             "foreign": bgt_costtypegroup_foreign(),
+            "showtransit": true,
             "LOVinit": "",
             "filter": "exact"
         },
@@ -77,11 +80,12 @@ function model_bgt_budget()
             "typ": "key",
             "required": false,
             "insertonly": true,
-            "foreign": bgt_costtype_foreign()
+            "foreign": bgt_costtype_foreign(),
+            "showtransit": true
         },
         "amountoriginal": {
             "dbs": "bgt_budget_bedrag_origineel",
-            "sql": "(BGT.getBudgetOpDatum(bgt_budget.bgt_budget_key, NULL))",
+            "sql": "(BGT.getBudgetOpDatum(bgt_budget.bgt_budget_key, 0, NULL))",
             "label": L("bgt_budget_origineel"),
             "typ": "float",
             "iscurrency": true,
@@ -89,7 +93,7 @@ function model_bgt_budget()
         },
         "amountmutation": {
             "dbs": "bgt_budget_bedrag_mutatie",
-            "sql": "(BGT.getBudgetMutaties(bgt_budget.bgt_budget_key, NULL, NULL))",
+            "sql": "(BGT.getBudgetMutaties(bgt_budget.bgt_budget_key, 0, NULL, NULL))",
             "label": L("bgt_budget_mutaties"),
             "typ": "float",
             "iscurrency": true,
@@ -101,7 +105,7 @@ function model_bgt_budget()
             "typ": "float",
             "iscurrency": true,
             "total": true,
-            "required": true
+            "defaultvalue": 0
             },
         "vat": {
             "dbs": "bgt_budget_btwbedrag",
@@ -109,14 +113,33 @@ function model_bgt_budget()
             "typ": "float",
             "iscurrency": true,
             "total": true,
-            "required": true
+            "defaultvalue": 0
             },
+        "amountincl": {
+            "dbs": "bgt_budget_bedrag_incl",
+            "sql": "bgt_budget_bedrag + bgt_budget_btwbedrag",
+            "label": L("lcl_fin_total_sum"),
+            "typ": "float",
+            "readonly": true,
+            "sqlshow": true,
+            "iscurrency": true,
+            "total": true,
+            "defaultvalue": "0",
+            "clone": false
+        },
         "contingency": {
           "dbs": "bgt_budget_isreserve",
           "label": L("bgt_budget_isreserve"),
           "typ": "check0",
           "defaultvalue": 0
         },
+        "account": {
+            "dbs": "prs_kostenplaats_key",
+            "label": L("bgt_budget_account"),
+            "typ": "key",
+            "foreign": bgt_account_foreign(),
+            "emptyoption": null
+        },
         "begin": {
             "dbs": "bgt_budget_begin",
             "label": L("bgt_budget_begin"),
@@ -139,16 +162,6 @@ function model_bgt_budget()
                 "desc": "prs_kostenplaatsgrp_oms"
             },
             "hidden_fld": true
-        },
-        "account": {
-            "dbs": "prs_kostenplaats_key",
-            "label": L("bgt_budget_account"),
-            "typ": "key",
-            "foreign": {
-                "tbl": "prs_kostenplaats",
-                "key": "prs_kostenplaats_key",
-                "desc": "prs_kostenplaats_nr"
-            }
         }
     };
 
@@ -166,13 +179,45 @@ function model_bgt_budget()
         ]
     };
 
+
     this.hook_pre_edit = function (obj, fld)
     {
+        var btw_data = {};
         if (obj.id > -1)
         {
             fld.amount.readonly = true;
             fld.vat.readonly = true;
+
+            var sql = "SELECT s.prs_kostensoort_btw"
+                    + "     , f.fin_btwtabelwaarde_perc"
+                    + "  FROM bgt_budget b"
+                    + "     , prs_kostensoort s"
+                    + "     , fin_btwtabelwaarde f"
+                    + " WHERE s.fin_btwtabelwaarde_key = f.fin_btwtabelwaarde_key"
+                    + "   AND b.prs_kostensoort_key = s.prs_kostensoort_key"
+                    + "   AND b.bgt_budget_key = " + obj.id;
+            var oRs = Oracle.Execute(sql);
+            if (!oRs.eof)
+            {
+                btw_data.btw_inc = oRs("prs_kostensoort_btw").Value;
+                btw_data.btw_val = oRs("fin_btwtabelwaarde_perc").Value;
+            }
+            oRs.Close();
         }
+        else
+        {
+            // Een nieuw budget heeft nog geen origineel- en mutatie-bedrag.
+            delete fld.amountoriginal;
+            delete fld.amountmutation;
+        }
+        %>
+        <script type="text/javascript">
+            var cur_mode = "budget_edit"; // Laat alleen de kostensoorten zien waaraan nog geen budget gekoppeld is.
+            var btw_data = <%=JSON.stringify(btw_data)%>;
+            <% if (obj.budgetdiscipline) { %> var budgetdiscipline = "<%=obj.budgetdiscipline.id%>"; <% } %>
+            <% if (obj.budgetproject)    { %> var budgetproject    = "<%=obj.budgetproject.id%>";    <% } %>
+        </script>
+        <%
     }
 
     this.hook_pre_post = function(params, obj)

APPL/API2/model_bgt_budgetmutatie.inc

@@ -132,11 +132,22 @@ function model_bgt_budgetmutatie()
             "typ": "float",
             "iscurrency": true
         },
+        "amounttoincl": {
+            "dbs": "bgt_budget_bedrag_naar_incl",
+            "sql": "bgt_budget_bedrag_naar + bgt_budget_btwbedrag_naar",
+            "label": L("lcl_fin_total_sum"),
+            "typ": "float",
+            "readonly": true,
+            "sqlshow": true,
+            "iscurrency": true,
+            "defaultvalue": "0"
+        },
         "amountdifference": {
             "dbs": "bgt_budget_bedrag_verschil",
             "sql": "COALESCE(bgt_budget_bedrag_van, 0) + COALESCE(bgt_budget_bedrag_naar, 0)",
             "label": L("bgt_budgetmutatie"),
             "typ": "float",
+            "readonly": true,
             "iscurrency": true,
             "total": true
         }
@@ -190,6 +201,7 @@ function model_bgt_budgetmutatie()
             }
             oRs.Close();
         }
+
 %>
     <script type="text/javascript">
         // Deze variabelen zijn nodig in bgt_budgetmutatie.js
@@ -207,14 +219,29 @@ function model_bgt_budgetmutatie()
 
         if ((!jsondata.amountto || jsondata.amountto == 0) && (!jsondata.vatto || jsondata.vatto == 0))
             abort_with_warning(L("bgt_budgetmutatie_err2").format(L("bgt_budgetmutatie_bedrag"), L("bgt_budgetmutatie_btwbedrag")));
+        jsondata.amountfrom = -1 * jsondata.amountto;
+        jsondata.vatfrom    = -1 * jsondata.vatto;
+    }
+
+    this.hook_pre_put = function (params, jsondata, key)
+    {
+        if ((!jsondata.amountto || jsondata.amountto == 0) && (!jsondata.vatto || jsondata.vatto == 0))
+            abort_with_warning(L("bgt_budgetmutatie_err2").format(L("bgt_budgetmutatie_bedrag"), L("bgt_budgetmutatie_btwbedrag")));
+        jsondata.amountfrom = -1 * jsondata.amountto;
+        jsondata.vatfrom    = -1 * jsondata.vatto;
     }
 
     var budget_key = getQParamInt("budgetcommon", -1);
+    var mutatie_key = getQParamInt("id", -1);
     if (budget_key > -1)
     {
+        var v_where = ( mutatie_key > -1
+                      ? "bgt_budgetmutatie_key = {0}".format(mutatie_key)
+                      : "bgt_budget_key_van = {0} or bgt_budget_key_naar = {0}".format(budget_key)
+                      );
         this.REST_GET = generic_REST_GET(this, {
             "GET": {
-                "wheres": ["bgt_budget_key_van = {0} or bgt_budget_key_naar = {0}".format(budget_key)]
+                "wheres": [v_where]
             }
         });
     }

APPL/API2/model_bgt_disc_params.inc

@@ -18,7 +18,7 @@ model_bgt_disc_params =
     "record_name": "budgetdisciplineparam",
     "table": "bgt_disc_params",
     "primary": "bgt_disc_params_key",
-    "autfunction": "WEB_BGTMAN",
+    "autfunction": "WEB_BGTMGT",
 
 
     "fields": {
@@ -47,7 +47,8 @@ model_bgt_disc_params =
         "startdate": {
             "dbs": "bgt_disc_params_startdatum",
             "label": L("bgt_discipline_startdatum"),
-            "typ": "date"
+            "typ": "date",
+            "autosize": true
         }
     }
 }

APPL/API2/model_bgt_discipline.inc

@@ -42,7 +42,7 @@ function _model_bgt_discipline()
   this.audit = { "childtable": "bgt_disc_params" }, // Parameters voor fac_audit.
   this.primary = "ins_discipline_key";
   this.soft_delete = "ins_discipline_verwijder";  // ik wil er eigenlijk liever niet standaard op kunnen filteren
-  this.autfunction = "WEB_BGTMAN";
+  this.autfunction = "WEB_BGTMGT";
   this.record_title = L("bgt_discipline");
   this.records_title = L("bgt_discipline_m");
 
@@ -79,11 +79,12 @@ function _model_bgt_discipline()
             "dbs": "ins_discipline_btw",
             "label": L("bgt_discipline_btw"),
             "typ": "check",
-            "default": "false"
+            "default": "false",
+            "hidden_fld": true
         }
     };
 
-    this.print = { xmlnode: "budget", where: "discipline"};
+//    this.print = { xmlnode: "budget", where: "discipline"};
 
     /* Velden van BGT_DISC_PARAMS komen er dynamisch bij */
     this.disc_params = {

APPL/API2/model_bgt_kostenrubriek.inc

@@ -45,7 +45,8 @@ function model_bgt_kostenrubriek()
                 "key": "bgt_project_key",
                 "desc": "bgt_project_omschrijving",
                 "where": "bgt_project_verwijder IS NULL"
-            }
+            },
+            "showtransit": true
         },
         "name": {
             "dbs": "bgt_kostenrubriek_oms",

APPL/API2/model_bgt_project.inc

@@ -12,6 +12,7 @@
 */
 %>
 <!-- #include file="../api2/model_bgt_kostenrubriek.inc" -->
+<!-- #include file="../bgt/bgt_tools.inc" -->
 <%
 
 function model_bgt_project()
@@ -48,7 +49,8 @@ function model_bgt_project()
                 "key": "ins_discipline_key",
                 "desc": "ins_discipline_omschrijving",
                 "where": "ins_discipline_module = 'BGT' AND ins_discipline_verwijder IS NULL"
-            }
+            },
+            "showtransit": true
         },
         "name": {
             "dbs": "bgt_project_omschrijving",
@@ -60,7 +62,8 @@ function model_bgt_project()
         "code": {
             "dbs": "bgt_project_code",
             "label": L("bgt_project_code"),
-            "typ": "varchar"
+            "typ": "varchar",
+            "required": true
         },
         "sequence": {
             "dbs": "bgt_project_volgnr",
@@ -71,11 +74,7 @@ function model_bgt_project()
             "dbs": "prs_kostenplaats_key",
             "label": L("bgt_budget_account"),
             "typ": "key",
-            "foreign": {
-                "tbl": "prs_kostenplaats",
-                "key": "prs_kostenplaats_key",
-                "desc": "prs_kostenplaats_nr"
-            }
+            "foreign": bgt_account_foreign()
         },
         "pricedate": {
             "dbs": "bgt_project_prijspeildatum",
@@ -94,7 +93,68 @@ function model_bgt_project()
         }
     };
 
-    this.print = { xmlnode: "budget", where: "project"};
+    //this.print = { xmlnode: "budget", where: "project"};
+
+    this.hook_pre_edit = function (obj, fld)
+    {
+        if (mode != "save")
+        {
+            var sql = "SELECT count(*)"
+                    + "  FROM bgt_kostenrubriek"
+                    + " WHERE bgt_project_key = " + obj.id;
+            var oRs = Oracle.Execute(sql);
+            if (oRs(0) == 0) // Een nieuw project, of een project waaraan nog geen rubrieken zijn gekoppeld.
+            {   // Voeg de selectie voor het standaardproject toe.
+                fld["import"] = {
+                    "dbs": "fac_usrtab.fac_usrtab_key",
+                    "label": "Standaard projectdata",
+                    "typ": "key",
+                    "foreign": {
+                        "tbl": "(SELECT d.fac_usrdata_key"
+                             + "      , d.fac_usrdata_code"
+                             + "   FROM fac_usrtab t"
+                             + "      , fac_usrdata d"
+                             + "  WHERE d.fac_usrtab_key = t.fac_usrtab_key"
+                             + "    AND t.fac_usrtab_naam = 'project_import')",
+                        "key": "fac_usrdata_key",
+                        "desc": "fac_usrdata_code"
+                    }
+                };
+            }
+            oRs.Close();
+
+            if (obj.id > 0)
+            {
+                fld["account"].foreign.tbl = bgt_account_foreign_tbl(obj.id);
+            }
+            else
+            {
+                fld["account"].hidden_fld = true;
+            }
+        }
+    }
+
+    this.hook_pre_post = function(params, obj)
+    {
+        // Controle op, en wijzigingen aan data voordat het record wordt toegevoegd.
+    }
+
+    this.hook_post_post = function(params, obj, key)
+    {
+        // Nadat het project-record is toegevoegd is de key hiervan bekend.
+        create_default_kostenplaatsgrp(key);
+        var data_key = getFParamInt("import", -1);
+        create_default_projectdata(key, data_key);
+    }
+
+    this.hook_pre_put = function(params, obj, key)
+    {
+        // Wordt alleen gebruikt bij wijzigen.
+        create_default_kostenplaatsgrp(key);
+        var data_key = getFParamInt("import", -1);
+        create_default_projectdata(key, data_key);
+    }
+
 
     // if (!S("bgt_enabled"))
     // {
@@ -106,5 +166,37 @@ function model_bgt_project()
     this.REST_POST   = generic_REST_POST(this);
     this.REST_PUT    = generic_REST_PUT(this);
     this.REST_DELETE = generic_REST_DELETE(this);
+
+
+    function create_default_kostenplaatsgrp(key)
+    {
+        var sql_u = "SELECT count(*) aantal"
+                + "  FROM prs_kostenplaatsgrp"
+                + " WHERE bgt_project_key = " + key;
+        var oRs_u = Oracle.Execute(sql_u);
+        if (oRs_u("aantal").Value == 0)
+        {
+            var sql = "SELECT d.bgt_disc_params_code"
+                    + "     , p.bgt_project_code"
+                    + "  FROM bgt_disc_params d"
+                    + "     , bgt_project p"
+                    + " WHERE d.bgt_ins_discipline_key = p.ins_discipline_key"
+                    + "   AND p.bgt_project_key = " + key;
+            var oRs = Oracle.Execute(sql);
+            if (!oRs.eof)
+            {
+                var sql_i = "INSERT INTO prs_kostenplaatsgrp"
+                          + " (prs_kostenplaatsgrp_nr, prs_kostenplaatsgrp_oms, bgt_project_key)"
+                          + " VALUES"
+                          + " (" + safe.quoted_sql(oRs("bgt_disc_params_code").Value)
+                          + " ," + safe.quoted_sql(oRs("bgt_project_code").Value)
+                          + " ," + key
+                          + " )";
+                Oracle.Execute(sql_i);
+            }
+            oRs.Close();
+        }
+        oRs_u.Close();
+    }
 }
 %>

APPL/API2/model_buildings.inc

@@ -14,7 +14,6 @@
 %>
 <!-- #include file="../Shared/discxalg3d.inc"-->
 <!-- #include file="./model_custom_fields.inc"-->
-<!-- #include file="../mgt/mgt_tools.inc"-->
 <!-- #include file="./model_alg_kenmerk.inc"-->
 <%
 function model_buildings()

APPL/API2/model_cad_label.inc

@@ -11,7 +11,6 @@
     Notes:
 */
 %>
-<!-- #include file="../mgt/mgt_tools.inc" -->
 <%
 
 function model_cad_label()

APPL/API2/model_cad_thema.inc

@@ -11,7 +11,6 @@
     Notes:      TODO: JGL: Ik ben er nog niet helemaal uit hoe de bitjes netjes op te lossen
 */
 %>
-<!-- #include file="../mgt/mgt_tools.inc" -->
 <%
 
 function model_cad_thema()

APPL/API2/model_cnt_kenmerk.inc

@@ -4,13 +4,14 @@
 
     File:           model_cnt_kenmerk.inc
 
-    Description:    Vanuit CodeCharge gegenereerd model voor cnt_kenmerk
+    Description:    Model voor cnt_kenmerk
 
     Context:
 
     Notes:
 */
 %>
+<!-- #include file="model_cnt_srtkenmerk.inc"-->
 <%
 
 function model_cnt_kenmerk(params)
@@ -139,6 +140,11 @@ function model_cnt_kenmerk(params)
         }
     };
 
+    this.getPropertyType = function (kenmerkdata)
+    {
+        var typedata = api2.GET(new model_cnt_srtkenmerk({internal: params.internal}), kenmerkdata.contractpropertytype.id);
+        return typedata;
+    }
 
     this.hook_pre_edit = function (obj, fld)
     {

APPL/API2/model_cnt_srtkenmerk.inc

@@ -13,14 +13,15 @@
 %>
 <%
 
-function model_cnt_srtkenmerk()
+function model_cnt_srtkenmerk(params)
 {
+    params = params || {};
     this.records_name = "contractpropertytypes";
     this.record_name = "contractpropertytype";
     this.table = "cnt_srtkenmerk";
     this.primary = "cnt_srtkenmerk_key";
     this.soft_delete = "cnt_srtkenmerk_verwijder";
-    this.autfunction = "WEB_CNTMGT";
+    this.autfunction = params.internal?false:"WEB_CNTMGT";
     this.record_title = L("cnt_srtkenmerk");
     this.records_title = L("cnt_srtkenmerk_m");
 

APPL/API2/model_companies.inc

@@ -13,7 +13,6 @@
 %>
 <!-- #include file="../prs/prs.inc" -->
 <!-- #include file="./model_custom_fields.inc"-->
-<!-- #include file="../mgt/mgt_tools.inc"-->
 <!-- #include file="./model_prs_kenmerk.inc"-->
 <%
 

APPL/API2/model_ctr_disc_params.inc

@@ -46,6 +46,12 @@ model_ctr_disc_params =
             "label": L("ctr_ismjob"),
             "typ": "check0",
             "readonly": S("mjb_enabled") != 1
+        },
+        "stdmelding": {
+            "dbs": "mld_stdmelding_key",
+            "label": L("mld_stdmelding_key"),
+            "typ": "key",
+            "foreign": "mld_stdmelding"
         }
     }
 }

APPL/API2/model_ctr_scenario.inc

@@ -0,0 +1,83 @@
+<% /*
+    $Revision$
+    $Id$
+
+    File:           model_ctr_scenario.inc
+
+    Description:    Model voor scenario's
+
+    Context:
+
+    Notes:
+*/
+%>
+<!-- #include file="../ins/ins.inc" -->
+<%
+
+function model_ctr_scenario()
+{
+    this.records_name = "scenarios";
+    this.record_name = "scenario";
+    this.table = "ins_scenario";
+    this.primary = "ins_scenario_key";
+    this.autfunction = "WEB_CTRMGT";
+    this.record_title = L("ctr_scenario");
+    this.records_title = L("ctr_scenario_m");
+
+
+    this.fields = {
+        "id": {
+            "dbs": "ins_scenario_key",
+            "label": L("lcl_key"),
+            "typ": "key",
+            "required": true,
+            "filter": "exact",
+            "seq": "ins_s_ins_scenario_key"
+        },
+        "name": {
+            "dbs": "ins_scenario_omschrijving",
+            "label": L("ctr_scenario_omschrijving"),
+            "typ": "varchar",
+            "required": true,
+            "translate": true
+        },
+        "nrelements": {
+          "dbs": "nn_elements",
+          "sql": "(SELECT COUNT(*) FROM ins_srtcontroledl_xcp isx WHERE isx.ins_scenario_key = ins_scenario.ins_scenario_key)",
+          "label": L("ctr_scenario_aantal"),
+          "typ": "number"
+        },
+        "remark": {
+            "dbs": "ins_scenario_opmerking",
+            "label": L("ctr_scenario_opmerking"),
+            "typ": "varchar",
+            "translate": true
+        },
+        "created": {
+            "dbs": "ins_scenario_aanmaak",
+            "label": L("ctr_scenario_aanmaak"),
+            "typ": "date",
+            "readonly": true
+        },
+        "status": {
+            "dbs": "ins_scenario_status",
+            "label": L("ctr_scenario_status"),
+            "foreign": ins.getscenariostatustext,
+            "typ": "exact"
+        },
+        "person": {
+            "dbs": "prs_perslid_key",
+            "label": L("lcl_user"),
+            "typ": "key",
+            "foreign" : "prs_perslid",
+            readonly: true
+        }
+    };
+
+
+    this.REST_GET    = generic_REST_GET(this, { GET: { wheres: [ "ins_scenario_key <> 1"] }});
+    this.REST_POST   = generic_REST_POST(this);
+    this.REST_PUT    = generic_REST_PUT(this);
+    this.REST_DELETE = generic_REST_DELETE(this, {});
+}
+%>

APPL/API2/model_custom_fields.inc

@@ -21,14 +21,9 @@
 <!-- #include file="../Shared/resultset_flex.inc"-->
 <%
 
-function model_custom_fields(formodel, flexModule, flexParams)
+function model_custom_fields(formodel, flexModel, flexParams)
 {
-    var flexModel = null; // alleen nog niet bij issues
-    if (typeof flexModule != "string")
-    {
-        flexModel = flexModule;
-        flexModule = flexModel.module;
-    }
+    var flexModule = flexModel.module;
 
     flexParams         = flexParams || {};
     this.module        = flexModule;
@@ -93,34 +88,42 @@ function model_custom_fields(formodel, flexModule, flexParams)
         }
     };
 
+    this.get_file_info = function (params, record, fileparams)
+    {
+        var flexparam = flexProps(flexModule, record.xflexparentkey,
+                                  String(record.propertyid), flexParams.pNiveau,
+                                  fileparams);
+        var attachments = [];
+        for (var f in flexparam.files)
+        {
+            var file = flexparam.files[f];
+            var attachment = { name: file.name,
+                               date: file.date,
+                               size: file.size,
+                               content_url: file.deepurl,
+                               token: file.token,
+                               digest: file.digest };
+            switch (params.filter.fileencoding) // De enige twee encodings die we ondersteunen
+            {
+                case "base64":
+                    attachment.content_base64 = file.data;
+                    break;
+                case "hex":
+                    attachment.content_hex = file.data;
+                    break;
+            }
+            attachments.push(attachment);
+        };
+        return attachments;
+    }
     // Deze functie wordt na de GET aangeroepen. De bijlagen zijn zo afwijkend
     // dat ik dat niet fatsoenlijk in 'fields' verwerkt kreeg
     this.post_get = function (params, record)
         {
             if (record.type == 'F' || record.type == 'M')
             {
-                var flexparam = flexProps(flexModule, record.xflexparentkey, String(record.propertyid), flexParams.pNiveau,
-                                                { getFiles: true, getFileEncoded: params.filter.fileencoding, api2name: formodel.records_name });
-                record.attachments = [];
-                for (var f in flexparam.files)
-                {
-                    var file = flexparam.files[f];
-                    var attachment = { name: file.name,
-                                       date: file.date,
-                                       size: file.size,
-                                       content_url: file.deepurl,
-                                       digest: file.digest };
-                    switch (params.filter.fileencoding) // De enige twee encodings die we ondersteunen
-                    {
-                        case "base64":
-                            attachment.content_base64 = file.data;
-                            break;
-                        case "hex":
-                            attachment.content_hex = file.data;
-                            break;
-                    }
-                    record.attachments.push(attachment);
-                };
+                var fileparams = { getFiles: true, getFileEncoded: params.filter.fileencoding, api2name: formodel.records_name };
+                record.attachments = this.get_file_info(params, record, fileparams);
             }
             delete record["xflexparentkey"]; // nu niet meer nodig
         }
@@ -166,11 +169,24 @@ function model_custom_fields(formodel, flexModule, flexParams)
     {   // Let op: parameter the_key is de kenmerk_key, niet een een kenmerkwaarde_key
         // Merk op dat flexProps ook wel het type oplevert. Ik wil echter migreren naar modellen
         var kenmerkdata = api2.GET(flexModel, jsondata.propertyid);
-        // TODO: if (!kenmerkdata) en rechtencontrole
-        var typ = kenmerkdata.attributetype.id;
+
+
+
+
+        if ("attributetype" in kenmerkdata)
+        {
+            var typ = kenmerkdata.attributetype.id;
+        }
+        else
+        {
+            var typedata = flexModel.getPropertyType(kenmerkdata); // getPropertyType moet gedefinieerd zijn
+            var typ = typedata.attributetype.id;
+        }
         if (typ == 'F' || typ == 'M')
         {
-            var flexparams = flexProps(this.module, parent_key, the_key, flexParams.pNiveau);
+            if (!(parent_key > 0))
+                var tmpfolder =  safe.filename(shared.random(32));
+            var flexparams = flexProps(this.module, parent_key, the_key, flexParams.pNiveau, { tmpfolder: tmpfolder });
             // TODO: bij type F zorgen dat er <20><>n file overblijft
             for (var i = 0; i < jsondata.attachments.length; i++)
             {
@@ -193,13 +209,12 @@ function model_custom_fields(formodel, flexModule, flexParams)
                 }
                 else
                 {
-                    Response.Status = "422 Unprocessable Entity";
-                    Response.End;
+                    api2.error(422, L("lcl_shared_file_ext_not_allowed"));
                 }
             }
         }
 
-        if (typ != "M")
+        if (typ != "M" && parent_key > 0)
         {
             var sql = "BEGIN flx.setflex({0}".format(safe.quoted_sql(this.module))
                     + "                , {0}".format(the_key) // == jsondata.propertyid
@@ -207,14 +222,17 @@ function model_custom_fields(formodel, flexModule, flexParams)
                     + "                , {0}".format(safe.quoted_sql(flexParams.pNiveau))
                     + "                , {0});".format(safe.quoted_sql(jsondata.value))
                     + "END;"
-            Oracle.Execute(sql);
+            var err = Oracle.Execute(sql, true);
+            if (err.friendlyMsg)
+                api2.error(400, err.friendlyMsg);
         }
+        return tmpfolder;
     }
 
     if (flexModel) // nog even niet voor MLD
     this.REST_POST = function (params, jsondata, parent_key) /* add custom_field */
     {   // Voor flexvelden is er geen verschil tusen 'toevoegen' en 'bijwerken'
-        this.REST_PUT(params, jsondata, jsondata.propertyid, parent_key);
+        return this.REST_PUT(params, jsondata, jsondata.propertyid, parent_key);
     }
 
     this.disabled_REST_DELETE = function (params, the_key) /* remove custom_field */

APPL/API2/model_fac_groep.inc

@@ -57,13 +57,24 @@ function model_fac_groep(groep_key, params)
         "label": L("lcl_prs_substitutes"),
         "typ": "check0"
       },
+      "externalid": {
+          "dbs": "fac_groep_externid",
+          "label": L("fac_groep_externid"),
+          "typ": "varchar"
+      },
       "membercount": {
         "dbs": "nn_leden",
         "sql": "(SELECT COUNT(*) FROM fac_gebruikersgroep WHERE fac_groep.fac_groep_key = fac_gebruikersgroep.fac_groep_key)",
         "label": L("fac_groep_nn_leden"),
         "typ": "number"
+      },
+        "created": {
+        "dbs": "fac_groep_aanmaak",
+        "label": "Aanmaakdatum",
+        "typ": "datetime",
+        "readonly": true
       }
-    }
+    };
 
     this.includes = {
         "users": {
@@ -103,7 +114,17 @@ function model_fac_groep(groep_key, params)
                                + "         WHERE fgr.fac_functie_key = ff.fac_functie_key"
                                + "           AND ff.fac_functie_code = 'WEB_FACTAB')");
     }
-    this.REST_GET    = generic_REST_GET(this, xparams);
+    // _groepen geven we nooit mee
+
+    this.REST_GET = function (params)
+    {
+        if ("filter" in params && params.filter.nointernal)
+            xparams.GET.wheres.push("SUBSTR(fac_groep_omschrijving, 0, 1) <> '_'");
+
+        // Verder met de default
+        return generic_REST_GET(this, xparams)(params)
+    }
+
     this.REST_POST   = generic_REST_POST(this);
     this.REST_PUT    = generic_REST_PUT(this);
     this.REST_DELETE = generic_REST_DELETE(this);

APPL/API2/model_fac_session.inc

@@ -47,10 +47,11 @@ model_fac_session = // Internal only
             "label": L("fac_session_data"),
             "typ": "varchar"
         },
-        "creation": {
+        "created": {
             "dbs": "fac_session_aanmaak",
             "label": L("fac_session_aanmaak"),
-            "typ": "datetime"
+            "typ": "datetime",
+            "readonly": true
         },
         "expire": {
             "dbs": "fac_session_expire",

APPL/API2/model_fac_sp.inc

@@ -1,155 +0,0 @@
-<% /*
-    $Revision$
-    $Id$
-
-    File:           model_fac_sp.inc
-    Description:
-    Notes:
-*/
-
-%>
-<!-- #include file="./model_fac_sp_map.inc" -->
-<%
-function model_fac_sp()
-{
-    this.records_name = "identityproviders";
-    this.record_name = "identityprovider";
-    this.table = "fac_sp";
-    this.primary = "fac_sp_key";
-    this.autfunction = "WEB_FACFAC";
-    this.record_title = L("fac_sp");
-    this.records_title = L("fac_sp_m");
-
-    this.fields = {
-        "id": {
-            "dbs": "fac_sp_key",
-            "label": L("lcl_key"),
-            "typ": "key",
-            "seq": "fac_s_fac_sp_key"
-        },
-        "code": {
-            "dbs": "fac_sp_code",
-            "label": L("fac_sp_code"),
-            "typ": "varchar",
-            "filter": "exact"
-        },
-        "name": {
-            "dbs": "fac_sp_omschrijving",
-            "label": L("fac_sp_omschrijving"),
-            "typ": "varchar",
-            "required": true
-        },
-        "type": {
-            "dbs": "fac_sp_type",
-            "label": L("fac_sp_type"),
-            "typ": "key",
-            "required": true,
-            "LOV": L("fac_aut_typeLOV") // TODO?
-        },
-        "remark": {
-            "dbs": "fac_sp_opmerking",
-            "label": L("fac_sp_opmerking"),
-            "typ": "memo"
-        },
-        "secret": {
-            "dbs": "fac_sp_secret",
-            "label": L("fac_sp_secret"),
-            "typ": "varchar",
-            "defaultvalue": shared.random(32),
-            "secret": true
-        },
-        "audience": {
-            "dbs": "fac_sp_audience",
-            "label": L("fac_sp_audience"),
-            "typ": "varchar",
-            "placeholder": customerId + ".facilitor.nl"
-        },
-        "issuer": {
-            "dbs": "fac_sp_issuer",
-            "label": L("fac_sp_issuer"),
-            "typ": "varchar"
-        },
-        "algorithm": {
-            "dbs": "fac_sp_algorithm",
-            "label": L("fac_sp_algorithm"),
-            "typ": "varchar"
-        },
-        "timeout": {
-            "dbs": "fac_sp_clockskew",
-            "label": L("fac_sp_clockskew"),
-            "typ": "number",
-            "defaultvalue": 30
-        },
-        "duration": {
-            "dbs": "fac_sp_duration",
-            "label": L("fac_sp_duration"),
-            "typ": "number"
-        },
-        "remoteloginurl": {
-            "dbs": "fac_sp_remote_loginurl",
-            "label": L("fac_sp_remote_loginurl"),
-            "typ": "varchar"
-        },
-        "remotelogouturl": {
-            "dbs": "fac_sp_remote_logouturl",
-            "label": L("fac_sp_remote_logouturl"),
-            "typ": "varchar"
-        },
-        "ipfilter": {
-            "dbs": "fac_sp_ipfilter",
-            "label": L("fac_sp_ipfilter"),
-            "typ": "varchar"
-        },
-        "_currentIP" : {
-            "dbs": "",
-            "label": "Current IP",
-            "typ": "label",
-            "labelvalue": String(Request.ServerVariables("REMOTE_ADDR"))
-        },
-        "ipauto": {
-            "dbs": "fac_sp_ipauto",
-            "label": L("fac_sp_ipauto"),
-            "typ": "check0"
-        },
-/*
-        "company": {
-             "dbs": "prs_bedrijf_key",
-             "typ": "key",
-             "foreign": "prs_bedrijf",
-             "label": L("lcl_idp_company")
-        }
-        ,
-        "department": {
-             "dbs": "prs_afdeling_key",
-             "typ": "key",
-             "foreign": "prs_afdeling",
-             "label": L("lcl_idp_department")
-        },
-        "authorization": {
-            "dbs": "fac_functie_key",
-            "label": L("fac_sp_functie_key"),
-            "typ": "key",
-            "foreign": "fac_functie"
-        },
-*/
-        "internal": {
-            "dbs": "fac_sp_internal",
-            "label": L("fac_sp_internal"),
-            "typ": "check0",
-            "readonly": true
-        }
-    }
-
-    this.includes =
-               {  "spmappings": { model: new model_fac_sp_map(),
-                                  joinfield: "serviceprovider",
-                                  enable_update: true
-                                }
-              };
-
-    this.REST_GET    = generic_REST_GET(this);
-    this.REST_POST   = generic_REST_POST(this);
-    this.REST_PUT    = generic_REST_PUT(this);
-    this.REST_DELETE = generic_REST_DELETE(this);
-}
-%>

APPL/API2/model_fac_widget.inc

@@ -86,7 +86,8 @@ function model_fac_widget()
             "dbs": "fac_widget_aanmaak",
             "label": L("fac_widget_aanmaak"),
             "typ": "date",
-            "hidden_fld": true
+            "hidden_fld": true,
+            "readonly": true
         },
         "authorization": {
             "dbs": "fac_functie_key",

APPL/API2/model_fin_factuur.inc

@@ -40,49 +40,65 @@ function model_fin_factuur()
             "typ": "key",
             "required": true,
             "foreign": bgt_budgetdiscipline_foreign(),
-            "emptyoption": null
+            "showtransit": true
         },
         "budgetproject": {
             "dbs": "bgt_project.bgt_project_key",
             "label": L("bgt_project_omschrijving"),
             "typ": "key",
-            "foreign": bgt_budgetproject_foreign()
-        },
-        "budgetcostcategory": {
-            "dbs": "bgt_kostenrubriek.bgt_kostenrubriek_key",
-            "label": L("bgt_kostenrubriek_oms"),
-            "typ": "key",
-            "foreign": bgt_budgetcostcategory_foreign()
-        },
-        "costtypegroup": {
-            "dbs": "prs_kostensoortgrp.prs_kostensoortgrp_key",
-            "label": L("prs_kostensoortgrp_key"),
-            "typ": "key",
-            "foreign": bgt_costtypegroup_foreign()
+            "foreign": bgt_budgetproject_foreign(),
+            "showtransit": true
         },
         "costtype": {
             "dbs": "prs_kostensoort_key",
             "label": L("prs_kostensoort_key"),
             "typ": "key",
             "foreign": bgt_costtype_foreign(),
-            "hidden_fld": true
+            "required": false
+        },
+        "company": {
+            "dbs": "mld_opdr.mld_uitvoerende_keys",
+            "label": L("lcl_ord_company"),
+            "typ": "key",
+            "foreign": bgt_company_foreign(),
+            "showtransit": true
         },
         "order": {
             "dbs": "mld_opdr_key",
             "label": L("lcl_fin_mld_opdr"),
             "typ": "key",
             "required": true,
-            "foreign": {
-                "tbl": "mld_opdr",
-                "key": "mld_opdr_key",
-                "desc": "mld_opdr_omschrijving"
-            },
+            "foreign": bgt_order_foreign(),
+            "showtransit": true,
             "clone": false
         },
+        "additional": {
+            "dbs": "mld_opdr.mld_opdr_meerwerk",
+            "label": L("lcl_mld_opdr_meerwerk"),
+            "typ": "check0",
+            "defaultvalue": 0,
+            "filter": "exact",
+            "multiedit": true
+        },
+         "ordernr_sort": {
+            "dbs": "mld_opdr_ordernr_int",
+            "label": L("bgt_opdr_ordernr"),
+            "sql": "fac.safe_to_number(mld_opdr.mld_opdr_ordernr)",
+            "typ": "number",
+            "readonly": true
+        },
         "ordernr": {
             "dbs": "mld_opdr.mld_opdr_ordernr",
             "label": L("bgt_opdr_ordernr"),
-            "typ": "varchar"
+            "typ": "varchar",
+            "hidden_fld": true
+        },
+        "account": {
+            "dbs": "mld_opdr.prs_kostenplaats_key",
+            "label": L("bgt_budget_account"),
+            "typ": "key",
+            "foreign": bgt_account_foreign(),
+            "readonly": true
         },
         "invoice": {
             "dbs": "fin_factuur_nr",
@@ -106,7 +122,14 @@ function model_fin_factuur()
             "dbs": "fin_factuur_advies",
             "label": L("lcl_fin_adviesdatum"),
             "typ": "date",
-            "defaultvalue": new Date()
+            "defaultvalue": new Date(),
+            "multiedit": true
+        },
+        "isprinted": {
+            "dbs": "fin_factuur_bron",
+            "label": "Geprint",
+            "typ": "check0",
+            "multiedit": true
         },
         "month": {
             "dbs": "fin_factuur_boekmaand",
@@ -118,24 +141,24 @@ function model_fin_factuur()
             "label": L("lcl_fin_fin_status"),
             "typ": "key",
             "foreign": bgt_invoicestatus_foreign(),
-            "defaultvalue": "2",
-            "clone": false  // Krijgt nu de default waarde.
+            "defaultvalue": "6",
+            "clone": false,  // Krijgt nu de default waarde.
+            "multiedit": true
         },
         "total": {
             "dbs": "fin_factuur_totaal",
             "label": L("lcl_fin_CO_sum"),
             "typ": "float",
             "iscurrency": true,
-            "total": true,
-            "defaultvalue": "0"
+            "total": true
         },
         "totalvat": {
             "dbs": "fin_factuur_totaal_btw",
             "label": L("lcl_fin_btwsum"),
             "typ": "float",
+            "defaultvalue": 0,
             "iscurrency": true,
             "total": true,
-            "defaultvalue": "0",
             "clone": false
         },
         "totalincl": {
@@ -143,6 +166,8 @@ function model_fin_factuur()
             "sql": "fin_factuur_totaal + fin_factuur_totaal_btw",
             "label": L("lcl_fin_total_sum"),
             "typ": "float",
+            "readonly": true,
+            "sqlshow": true,
             "iscurrency": true,
             "total": true,
             "defaultvalue": "0",
@@ -162,19 +187,114 @@ function model_fin_factuur()
         ]
     };
 
-
     this.hook_pre_edit = function(obj, fld)
     {
-        // Bij klonen: id=-1, invoice=niet leeg. Dan een (volgende) volgnummer erachter zetten.
-        if (obj.invoice)
+        var btw_data = {};
+        if (obj.id > -1)
         {
+            var sql = "SELECT s.prs_kostensoort_btw"
+                    + "     , f.fin_btwtabelwaarde_perc"
+                    + "  FROM fin_factuur f"
+                    + "     , prs_kostensoort s"
+                    + "     , fin_btwtabelwaarde f"
+                    + " WHERE s.fin_btwtabelwaarde_key = f.fin_btwtabelwaarde_key"
+                    + "   AND f.prs_kostensoort_key = s.prs_kostensoort_key"
+                    + "   AND f.fin_factuur_key = " + obj.id;
+            var oRs = Oracle.Execute(sql);
+            if (!oRs.eof)
+            {
+                btw_data.btw_inc = oRs("prs_kostensoort_btw").Value;
+                btw_data.btw_val = oRs("fin_btwtabelwaarde_perc").Value;
+            }
+            oRs.Close();
+        }
+
+        %>
+        <script type="text/javascript">
+            var btw_data = <%=JSON.stringify(btw_data)%>;
+        </script>
+        <%
+
+        if (!obj.id && obj.invoice)
+        {
+            // Bij klonen: id=(bestaat niet), invoice=niet leeg. Dan een (volgende) volgnummer erachter zetten.
             var invoice = obj.invoice;
             var cur_inv = (invoice.indexOf("/") > -1 ? invoice.substring(0,invoice.indexOf("/")-1) : invoice);
             var cur_seq = (invoice.indexOf("/") > -1 ? invoice.substring(invoice.indexOf("/")+1) : 0);
-            cur_seq = (cur_seq ? cur_seq : 0);
+            cur_seq = parseInt(cur_seq ? cur_seq : 0);
+
+            var sql = "SELECT MAX(CASE WHEN INSTR(f.fin_factuur_nr, '/') > 0"
+                    + "                THEN TO_NUMBER(SUBSTR(f.fin_factuur_nr, INSTR(f.fin_factuur_nr, '/')+1))"
+                    + "                ELSE 0"
+                    + "           END) max_seq"
+                    + "  FROM bgt_kostenrubriek r"
+                    + "     , prs_kostensoortgrp g"
+                    + "     , prs_kostensoort s"
+                    + "     , mld_opdr o"
+                    + "     , fin_factuur f"
+                    + " WHERE r.bgt_kostenrubriek_key = g.bgt_kostenrubriek_key"
+                    + "   AND g.prs_kostensoortgrp_key = s.prs_kostensoortgrp_key"
+                    + "   AND s.prs_kostensoort_key = o.prs_kostensoort_key"
+                    + "   AND o.mld_opdr_key = f.mld_opdr_key"
+                    + "   AND r.bgt_project_key = " + obj.budgetproject.id
+                    + "   AND f.fin_factuur_nr LIKE " + safe.quoted_sql(cur_inv + "%");
+            var oRs = Oracle.Execute(sql);
+            cur_seq = oRs("max_seq").Value;
+            oRs.Close();
+
             var new_inv = cur_inv + "/" + (cur_seq + 1);
             obj.invoice = new_inv;
         }
+        else
+        {
+            var mld_opdr_key = getQParamInt("opdrachtcommon", -1);
+            if (obj.id == -1 && mld_opdr_key > -1)
+            {   // Nieuwe factuur bij bekende opdracht.
+                var sql = "SELECT p.ins_discipline_key"
+                        + "     , p.bgt_project_key"
+                        + "     , o.mld_uitvoerende_keys"
+                        + "     , s.prs_kostensoort_key"
+                        + "     , s.prs_kostensoort_oms"
+                        + "  FROM mld_opdr o"
+                        + "     , prs_kostensoort s"
+                        + "     , prs_kostensoortgrp g"
+                        + "     , bgt_kostenrubriek r"
+                        + "     , bgt_project p"
+                        + " WHERE p.bgt_project_key = r.bgt_project_key"
+                        + "   AND r.bgt_kostenrubriek_key = g.bgt_kostenrubriek_key"
+                        + "   AND g.prs_kostensoortgrp_key = s.prs_kostensoortgrp_key"
+                        + "   AND s.prs_kostensoort_key = o.prs_kostensoort_key"
+                        + "   AND o.mld_opdr_key = " + mld_opdr_key;
+                var oRs = Oracle.Execute(sql);
+                var v_order = mld_opdr_key;
+                var v_discipline = oRs("ins_discipline_key").Value;
+                var v_project = oRs("bgt_project_key").Value;
+                var v_soort = oRs("prs_kostensoort_key").Value;
+                var v_srtoms = oRs("prs_kostensoort_oms").Value;
+                var v_company = oRs("mld_uitvoerende_keys").Value;
+                oRs.Close();
+                // Er is geen QParam voor costtype gezet, dus deze zelf vullen.
+                obj.costtype = {id: v_soort, name: v_srtoms};
+            }
+            else
+            {
+                var v_order      = null;
+                var v_discipline = (obj.budgetdiscipline ? obj.budgetdiscipline.id : null);
+                var v_project    = (obj.budgetproject    ? obj.budgetproject.id    : null);
+                var v_soort      = (obj.costtype         ? obj.costtype.id         : null);
+                var v_company    = (obj.company          ? obj.company.id          : null);
+            }
+        %>
+        <script type="text/javascript">
+            var cur_mode = "<%=mode%>";  // = "edit"
+            <% if (v_order)      { %> var mldopdracht      = "<%=v_order%>";      <% } %>
+            <% if (v_discipline) { %> var budgetdiscipline = "<%=v_discipline%>"; <% } %>
+            <% if (v_project)    { %> var budgetproject    = "<%=v_project%>";    <% } %>
+            <% if (v_soort)      { %> var costtype         = "<%=v_soort%>";      <% } %>
+            <% if (v_company)    { %> var company          = "<%=v_company%>";    <% } %>
+        </script>
+        <%
+        }
         // De opdracht moet wel gewijzigd kunnen worden bij het klonen.
         if (!obj.id)
             fld.order.readonly = false;
@@ -182,11 +302,53 @@ function model_fin_factuur()
 
     this.hook_pre_post = function(params, obj)
     {
-        // Wordt alleen gebruikt bij toevoegen.
+        // Bij toevoegen van een factuur moet prs_kostensoort_key nog gevuld worden.
+        // Gebruik daarvoor die van mld_opdr.
+        setKostensoort(obj);
+        // Is het factuurnummer/volgnummer uniek binnen het project?
+        checkUniekFactuurnummer(-1, obj.budgetproject, obj.invoice);
     }
 
     this.hook_pre_put = function(params, obj, key)
-    {   //wijzigen factuur: bepaal ook opnieuw de som van de factuurregels.
+    {
+        // Bij wijzigen van factuur moet prs_kostensoort_key nog gevuld worden.
+        // Gebruik daarvoor die van mld_opdr.
+        setKostensoort(obj);
+        // Is de combinatie factuurnummer/volgnummer nog steeds uniek?
+        checkUniekFactuurnummer(key, obj.budgetproject, obj.invoice);
+    }
+
+    function setKostensoort(obj)
+    {
+        var sql = "SELECT o.prs_kostensoort_key"
+                + "  FROM mld_opdr o"
+                + " WHERE mld_opdr_key = " + obj.order;
+        var oRs = Oracle.Execute(sql);
+        if (!oRs.eof)
+        obj.costtype = (!oRs.eof ? oRs("prs_kostensoort_key").Value : NULL);
+        oRs.Close();
+    }
+
+    function checkUniekFactuurnummer(p_factuur_key, p_project_key, p_factuurnr)
+    {
+            var sql = "SELECT count(*) aantal"
+                    + "  FROM bgt_kostenrubriek r"
+                    + "     , prs_kostensoortgrp g"
+                    + "     , prs_kostensoort s"
+                    + "     , mld_opdr o"
+                    + "     , fin_factuur f"
+                    + " WHERE r.bgt_kostenrubriek_key = g.bgt_kostenrubriek_key"
+                    + "   AND g.prs_kostensoortgrp_key = s.prs_kostensoortgrp_key"
+                    + "   AND s.prs_kostensoort_key = o.prs_kostensoort_key"
+                    + "   AND o.mld_opdr_key = f.mld_opdr_key"
+                    + "   AND r.bgt_project_key = " + p_project_key
+                    + "   AND f.fin_factuur_nr = " + safe.quoted_sql(p_factuurnr)
+                    + (p_factuur_key != -1 ? "   AND f.fin_factuur_key <> " + p_factuur_key : "");
+            var oRs = Oracle.Execute(sql);
+            var uniek_factuurnr = (oRs("aantal").Value == 0);
+            oRs.Close();
+            if (!uniek_factuurnr)
+                abort_with_warning("Factuurnummer {0} bestaat al in dit project.".format(p_factuurnr));
     }
 
 
@@ -209,10 +371,10 @@ function model_fin_factuur()
                     "mld_opdr"
                 ],
                 wheres: [
-                    "fin_factuur.prs_kostensoort_key = prs_kostensoort.prs_kostensoort_key",
                     "prs_kostensoort.prs_kostensoortgrp_key = prs_kostensoortgrp.prs_kostensoortgrp_key",
                     "prs_kostensoortgrp.bgt_kostenrubriek_key = bgt_kostenrubriek.bgt_kostenrubriek_key",
                     "bgt_kostenrubriek.bgt_project_key = bgt_project.bgt_project_key",
+                    "mld_opdr.prs_kostensoort_key = prs_kostensoort.prs_kostensoort_key",
                     "mld_opdr.mld_opdr_key = fin_factuur.mld_opdr_key"
                 ]
             }

APPL/API2/model_fin_verkoopfactuur.inc

@@ -36,7 +36,7 @@ function model_fin_verkoopfactuurregels()
         "filter": "exact",
         "seq": "fin_s_fin_verkoopfactuur_key"
       },
-      "creation": {
+      "created": {
         "dbs": "fin_verkoopfactuur_aanmaak",
         "label": L("lcl_fin_verkoopfactuur_aanmaak"),
         "typ": "datetime",

APPL/API2/model_generic.inc

@@ -177,6 +177,8 @@ function model_generic(table, autfunction)
             case "CHAR":
             case "VARCHAR2":
                 field.typ = 'varchar';
+                if (ora_length > 50)
+                    field.typ = 'memo';
                 break;
             case "MLD_T_UITVOERTIJD":
                 field.typ = 'varchar';

APPL/API2/model_ins_controlemode.inc

@@ -11,7 +11,6 @@
     Notes:
 */
 %>
-<!-- #include file="../mgt/mgt_tools.inc" -->
 <%
 
 function model_ins_controlemode()

APPL/API2/model_ins_deel_state_history.inc

@@ -0,0 +1,60 @@
+<% /*
+    $Revision$
+    $Id$
+
+    File:           model_ins_deel_state_history.inc
+
+    Description:    State history model.
+    Parameters:
+    Context:
+
+    Notes:          Altijd readonly.
+                    Je moet WEB_INSUSE op de discipline hebben, er is (nog) geen 3D controle
+                    Verondersteld wordt dat je in de praktijk altijd filtert op
+                    bijvoorbeeld &start_statedate=2018-01-01T00:00:00Z
+*/
+
+%>
+<%
+function model_ins_deel_state_history(params)
+{
+    params = params || {};
+    this.table        = "ins_deel_state_history";
+    this.primary      = "ins_deel_state_history_key";
+    this.records_name = "statehistory";
+    this.record_name  = "statehistory";
+    this.autfunction = false; // Authorisatie alleen via ins_deel.ins_discipline_key
+
+    params.authparams = user.checkAutorisation("WEB_INSUSE");
+
+    this.fields = { "id"       : { dbs: "ins_deel_state_history_key",   typ: "key" },
+                    "object"   : { dbs: "ins_deel_key",                 typ: "key",    foreign: "ins_deel" },
+                    "state"    : { dbs: "ins_deel_state",               typ: "varchar" },
+                    "statedate": { dbs: "ins_deel_statedate",           typ: "datetime" },
+                    "remark"   : {
+                        "dbs": "ins_deel_state_history_opmerk",
+                        "typ": "memo"
+                    }
+                  };
+
+    var gparams = {
+            GET: {
+                tables: [
+                    "ins_deel"
+                ],
+                wheres: [
+                    "ins_deel_state_history.ins_deel_key = ins_deel.ins_deel_key",
+                    "ins_deel.ins_discipline_key IN"
+                            + " (SELECT ins_discipline_key"
+                            + "    FROM fac_v_webgebruiker"
+                            + "   WHERE fac_functie_key = " + params.authparams.autfunctionkey
+                            + "     AND prs_perslid_key = " + user_key
+                            + "     AND fac_gebruiker_prs_level_read < 9"
+                            + "     AND fac_gebruiker_alg_level_read < 9)"
+                ]
+            }
+        };
+    this.REST_GET    = generic_REST_GET(this, gparams);
+    // updaten doe je door ins_deel.ins_deel_state te wijzigen
+}
+%>

APPL/API2/model_ins_deelsrtcontrole.inc

@@ -0,0 +1,40 @@
+<% /*
+    $Revision$
+    $Id$
+
+    File:           model_ins_deelsrtcontrole.inc
+
+    Description:    Inspectie model.
+    Parameters:
+    Context:
+
+    Notes:          Extreem rudimentair, uitsluitend om flexkenmerken (bijlagen) te kunnen opslaan
+*/
+
+%>
+<!-- #include file="./model_custom_fields.inc"-->
+<!-- #include file="./model_ins_kenmerk.inc"-->
+<%
+function model_ins_deelsrtcontrole()
+{
+    this.table        = "ins_deelsrtcontrole";
+    this.primary      = "ins_deelsrtcontrole_key";
+    this.records_name = "objects";
+    this.record_name  = "object";
+    this.autfunction = false; // TODO?
+
+
+    this.fields = { "id"       : { dbs: "ins_deelsrtcontrole_key",   typ: "key" },
+                    "object"   : { dbs: "ins_deel_key",              typ: "key",    foreign: "ins_deel" }
+                  };
+
+    this.includes = { "custom_fields" : {
+                        "model": new model_custom_fields(this, new model_ins_kenmerk("C", { internal: true }), { readman: true, readuse: true }),
+                        "joinfield": "flexparentkey",
+                        "enable_update": true
+                    }
+              },
+    this.REST_GET    = generic_REST_GET(this);
+    this.REST_PUT    = generic_REST_PUT(this);
+}
+%>

APPL/API2/model_ins_kenmerk.inc

@@ -12,6 +12,7 @@
     Notes:
 */
 %>
+<!-- #include file="model_ins_srtkenmerk.inc"-->
 <%
 
 function model_ins_kenmerk(niveau, params)
@@ -181,6 +182,11 @@ function model_ins_kenmerk(niveau, params)
         }
     };
 
+    this.getPropertyType = function (kenmerkdata)
+    {
+        var typedata = api2.GET(new model_ins_srtkenmerk({internal: params.internal}), kenmerkdata.objectpropertytype.id);
+        return typedata;
+    }
 
     this.list = {
         "columns": ["id",

APPL/API2/model_ins_srtcontrole.inc

@@ -12,7 +12,6 @@
 */
 %>
 <!-- #include file="./model_ins_kenmerk.inc"-->
-<!-- #include file="../mgt/mgt_tools.inc" -->
 <!-- #include file="./model_ctr_discipline.inc" -->
 <%
 function model_ins_srtcontrole()
@@ -24,29 +23,34 @@ function model_ins_srtcontrole()
     this.autfunction = "WEB_INSMGT";
     this.record_title = L("ins_srtcontrole");
     this.records_title = L("ins_srtcontrole_m");
-
+    this.trackcode = "CTRSUP";
 
     this.fields = {
         "id": {
             "dbs": "ins_srtcontrole_key",
             "label": L("lcl_key"),
             "typ": "key",
+            "infoPointer": { Url: "appl/shared/status_info.asp?urole=bo&inssc_key=", Title: L("lcl_key") + " " },
             "required": true,
             "filter": "exact",
-            "seq": "ins_s_ins_srtcontrole_key"
+            "seq": "ins_s_ins_srtcontrole_key",
+            "track": true
         },
         "level": {
             "dbs": "ins_srtcontrole_niveau",
             "label": L("ins_srtcontrole_niveau"),
             "typ": "varchar",
             "hidden_fld": true,
-            "LOV": fill_niveau_LOV()
+            "LOV": fill_niveau_LOV(),
+            "track": true,
+            "insertonly": true
         },
         "objectkey": {
             "dbs": "ins_srtinstallatie_key",
             "label": L("lcl_ins_object"),
             "typ": "key",
-            "hidden_fld": true
+            "hidden_fld": true,
+            "insertonly": true
         },
         "objectdiscipline": {
             "dbs": "ins_v_allsrtinstallatie.ins_discipline_key",
@@ -56,7 +60,8 @@ function model_ins_srtcontrole()
             "foreign": { "tbl": "ins_v_aanwezigdiscipline",
                          "key": "ins_discipline_key",
                          "desc": "ins_discipline_omschrijving"
-                       }
+                       },
+            "insertonly": true
         },
         "objectgroup": {
             "dbs": "ins_v_allsrtinstallatie.ins_srtgroep_key",
@@ -65,7 +70,8 @@ function model_ins_srtcontrole()
             "foreign": { "tbl": "ins_srtgroep",
                          "key": "ins_srtgroep_key",
                          "desc": "ins_srtgroep_omschrijving"
-                       }
+                       },
+            "insertonly": true
         },
         "objecttype": {
             "dbs": "ins_v_allsrtinstallatie.ins_srtdeel_key",
@@ -74,20 +80,23 @@ function model_ins_srtcontrole()
             "foreign": { "tbl": "ins_srtdeel",
                          "key": "ins_srtdeel_key",
                          "desc": "ins_srtdeel_omschrijving"
-                       }
+                       },
+            "insertonly": true
         },
         "name": {
             "dbs": "ins_srtcontrole_omschrijving",
             "label": L("ins_srtcontrole_omschrijving"),
             "typ": "varchar",
             "required": true,
-            "translate": true
+            "translate": true,
+            "track": true
         },
         "info": {
             "dbs": "ins_srtcontrole_info",
             "label": L("ins_srtcontrole_info"),
             "typ": "memo",
-            "translate": true
+            "translate": true,
+            "track": true
         },
         "taskdiscipline": {
             "dbs": "ctr_discipline_key",
@@ -97,46 +106,55 @@ function model_ins_srtcontrole()
                          "key": "ins_discipline_key",
                          "desc": "ins_discipline_omschrijving"
                        },
-            "required": true
+            "required": true,
+            "track": true
         },
         "inspectionmode": {
             "dbs": "ins_srtcontrole_mode",
             "label": L("ins_srtcontrole_mode"),
-            "typ": "key",
+            "typ": "number",
             "required": true,
-            "LOV": L("ins_srtcontrole_modeLOV")
+            "LOV": L("ins_srtcontrole_modeLOV"),
+            "track": true
         },
         "priority": {
             "dbs": "ins_srtcontrole_level",
             "label": L("ins_srtcontrole_level"),
             "typ": "number",
             "defaultvalue": 10,
-            "required": true
+            "required": true,
+            "multiedit": true,
+            "track": true
         },
         "period": {
             "dbs": "ins_srtcontrole_periode",
             "label": L("ins_srtcontrole_periode"),
             "typ": "float",
-            "required": true
+            "required": true,
+            "multiedit": true,
+            "track": true
         },
         "unit": {
             "dbs": "ins_srtcontrole_eenheid",
             "label": L("ins_srtcontrole_eenheid"),
-            "typ": "key",
+            "typ": "number",
             "required": true,
-            "LOV": L("ins_srtcontrole_eenheidLOV")
+            "LOV": L("ins_srtcontrole_eenheidLOV"),
+            "track": true
         },
         "bits": {
             "dbs": "ins_srtcontrole_bits",
             "label": L("ins_srtcontrole_bits"),
             "typ": "number",
-            "hidden_fld": true
+            "hidden_fld": true,
+            "track": true
         },
         "_moment": {
             "dbs": "",
             "label": L("ins_srtcontrole_moment"),
             "typ": "button",
-            "defaultvalue": L("lcl_select")
+            "defaultvalue": L("lcl_select"),
+            "track": true
         },
         "account": {
             "dbs": "prs_kostenplaats_key",
@@ -144,56 +162,73 @@ function model_ins_srtcontrole()
             "typ": "key",
             "foreign": "prs_kostenplaats",
             "foreignfiltercode": "A", // Alle kostenplaatsen tonen.
-            "filter": "exact"
+            "filter": "exact",
+            "track": true
         },
         "costs": {
             "dbs": "ins_srtcontrole_kosten",
             "label": L("ins_srtcontrole_kosten"),
             "iscurrency": true,
-            "typ": "float"
+            "typ": "float",
+            "multiedit": true,
+            "track": true
         },
         "costs2": {
             "dbs": "ins_srtcontrole_kosten2",
             "label": L("ins_srtcontrole_kosten2"),
             "iscurrency": true,
-            "typ": "float"
+            "typ": "float",
+            "multiedit": true,
+            "track": true
         },
         "costs3": {
             "dbs": "ins_srtcontrole_kosten3",
             "label": L("ins_srtcontrole_kosten3"),
             "iscurrency": true,
-            "typ": "float"
+            "typ": "float",
+            "multiedit": true,
+            "track": true
         },
         "material": {
             "dbs": "ins_srtcontrole_materiaal",
             "label": L("ins_srtcontrole_materiaal"),
             "iscurrency": true,
-            "typ": "float"
+            "typ": "float",
+            "multiedit": true,
+            "track": true
         },
         "hours": {
             "dbs": "ins_srtcontrole_uren",
             "label": L("ins_srtcontrole_uren"),
-            "typ": "float"
+            "typ": "float",
+            "multiedit": true,
+            "track": true
         },
         "enddate": {
             "dbs": "ins_srtcontrole_eind",
             "label": L("ins_srtcontrole_eind"),
-            "typ": "date"
+            "typ": "date",
+            "multiedit": true,
+            "track": true
         },
         "phasingouttime": {
             "dbs": "ins_srtcontrole_afbouwtijd",
             "label": L("ins_srtcontrole_afbouwtijd"),
-            "typ": "float"
+            "typ": "float",
+            "multiedit": true,
+            "track": true
         },
         "taskgroup": {
             "dbs": "ins_srtcontrole_groep",
             "label": L("ins_srtcontrole_groep"),
-            "typ": "varchar"
+            "typ": "varchar",
+            "track": true
         },
         "percentage": {
             "dbs": "ins_srtcontrole_percentage",
             "label": L("ins_srtcontrole_percentage"),
-            "typ": "float"
+            "typ": "float",
+            "track": true
         },
         "vat": {
             "dbs": "fin_btwtabelwaarde_key",
@@ -206,7 +241,14 @@ function model_ins_srtcontrole()
                                                     + "  FROM fin_btwtabelwaarde"
                                                     + " WHERE fin_btwtabelwaarde_key = " + S("fin_btw_default")
                                                     + ")"
-                       }
+                       },
+            "track": true
+        },
+        "issuetype": {
+            "dbs": "mld_stdmelding_key",
+            "label": L("mld_stdmelding_key"),
+            "typ": "key",
+            "foreign": "mld_stdmelding"
         },
         "options": {
             "dbs": "ins_srtcontrole_options",
@@ -245,12 +287,14 @@ function model_ins_srtcontrole()
                         }
                     ]
                 }
-            ]
+            ],
+            "track": true
         },
         "remark": {
             "dbs": "ins_srtcontrole_opmerking",
             "label": L("ins_srtcontrole_opmerking"),
-            "typ": "memo"
+            "typ": "memo",
+            "track": true
         }
     };
 

APPL/API2/model_ins_srtkenmerk.inc

@@ -13,14 +13,15 @@
 %>
 <%
 
-function model_ins_srtkenmerk()
+function model_ins_srtkenmerk(params)
 {
+    params = params || {};
     this.records_name = "objectpropertytypes";
     this.record_name = "objectpropertytype";
     this.table = "ins_srtkenmerk";
     this.primary = "ins_srtkenmerk_key";
     this.soft_delete = "ins_srtkenmerk_verwijder";
-    this.autfunction = "WEB_INSMGT";
+    this.autfunction = params.internal?false:"WEB_INSMGT";
     this.record_title = L("ins_srtkenmerk");
     this.records_title = L("ins_srtkenmerk_m");
 

APPL/API2/model_invoices.inc

@@ -25,7 +25,6 @@
 <!-- #include file="./model_invoicelines.inc"-->
 <!-- #include file="./model_custom_fields.inc"-->
 <!-- #include file="./model_fac_tracking.inc"-->
-<!-- #include file="../mgt/mgt_tools.inc"-->
 <!-- #include file="./model_fin_kenmerk.inc"-->
 
 <%

APPL/API2/model_issues.inc

@@ -22,7 +22,6 @@
 <!-- #include file="./model_custom_fields.inc"-->
 <!-- #include file="./model_fac_tracking.inc"-->
 <!-- #include file="./model_mld_kenmerk.inc"-->
-<!-- #include file="../mgt/mgt_tools.inc"-->
 <%
 
 function fnextendedStatus (oRs, field, model)
@@ -61,6 +60,10 @@ function model_issues(mld_key, params)
              "terrain"    : { dbs: "alg_v_allonroerendgoed.alg_terreinsector_key", typ: "key",      foreign: "alg_terreinsector",          label: L("lcl_room"),              track: true,  filter: "exact" },
              "parent"     : { dbs: "mld_melding_parentkey",                        typ: "key",      xforeign: "mld_melding",               label: L("lcl_mld_completion_in"), track: true,  filter: "exact" },
              "extern_id"  : { dbs: "mld_melding_externnr",                         typ: "varchar",                                         label: L("lcl_mld_externr"),       track: true,  filter: "exact" },
+             "kto_key"    : { dbs: "mld_melding_kto_key",                          typ: "key",                                             label: L("lcl_mld_linktoparent"),  track: true,  filter: "exact" },
+             "kto_type"   : { dbs: "mld_melding_kto_type",                         typ: "varchar",                                         label: L("lcl_mld_kto"),           track: true,  filter: "exact" },
+             "kto"        : { dbs: "mld_melding_kto",                              typ: "number",                                          label: L("lcl_mld_kto_invite"),    track: true,  filter: "exact" },
+             "priority"   : { dbs: "mld_melding_spoed",                            typ: "key",                                             label: L("lcl_mld_urg"),           track: true,  filter: "exact" },
              "xstatus"    : { dbs: "mld_melding_status",
                               val: fnextendedStatus,                               typ: "key",      foreign: mld.getmldstatustext,         label: L("lcl_extended_status"), track: true,  filter: "exact", readonly: true }
             };
@@ -68,9 +71,10 @@ function model_issues(mld_key, params)
     this.list = { columns: ["id", "name", "requestor", "description"] };
 
     this.includes =
-              { "custom_fields": { model: new model_custom_fields(this, "MLD" /*new model_mld_kenmerk() is alleen voor opdrachten*/,
+              { "custom_fields": { model: new model_custom_fields(this, new model_mld_kenmerk('M', { internal: true }),
                                          { pNiveau: "M", readman: true, readuse: true }),
-                                   joinfield: "flexparentkey"
+                                   joinfield: "flexparentkey",
+                                   "enable_update": true
                                  },
                 "tracking":      {
                                    model: new model_tracking(['melding']),
@@ -235,7 +239,7 @@ function model_issues(mld_key, params)
                 // Startdatum is vandaag: starttijd is huidige tijd.
                 // Startdatum is niet vandaag: starttijd is begin werkdag.
                 var startdate_is_today = (startdate.midnight().getTime() == sysdate.midnight().getTime());
-                startdate = (startdate_is_today? sysdate : startdatebegin);
+                params.data.startdate = (startdate_is_today? sysdate : startdatebegin);
             }
             else
             { // Bestaande melding
@@ -256,11 +260,11 @@ function model_issues(mld_key, params)
                     oRs_1.Close();
 
                     var startdatum_is_registratiedatum = (startdate.midnight().getTime() == registratiedatum.midnight().getTime());
-                    startdate = (startdatum_is_registratiedatum? registratiedatum : startdatebegin);
+                    params.data.startdate = (startdatum_is_registratiedatum? registratiedatum : startdatebegin);
                 }
                 else
                 { // else startdatum niet aanpassen.
-                    startdate = oldstartdate;
+                    params.data.startdate = oldstartdate;
                 }
                 oRs.Close();
             }
@@ -269,7 +273,7 @@ function model_issues(mld_key, params)
         {   // Situatie 2: Einddatum = COALESCE(huidige waarde, sysdate) + SLA
             if (params.isNew)
             {
-                startdate = new Date();
+                params.data.startdate = new Date();
             }
             else
             {
@@ -297,6 +301,7 @@ function model_issues(mld_key, params)
                 alg_onroerendgoed_keys = gebouwkey;
         }
         params.data.alg_onroerendgoed_keys = alg_onroerendgoed_keys;
+        return params;
     };
 
     function _analyze_fields (dbfields, params, jsondata) /* analyseer inkomende data, common voor PUT en POST */
@@ -385,30 +390,41 @@ function model_issues(mld_key, params)
 
             var this_mld = mld.func_enabled_melding(mld_key);
             user.auth_required_or_abort(this_mld.canChange);  // Geen wijzigingen toestaan bij onvoldoende rechten.
-            _pre_analyze_fields(params, jsondata);
-            // Verwijder voor PUT wat niet gewijzigd mag worden.
-            delete jsondata.name;
-            delete jsondata.contact;
-            delete jsondata.requestor;
-            delete jsondata.issuetype;
-            delete jsondata.location;
 
-            var dbfields = api2.update_fields(params, this, jsondata); // Build updater
-            _analyze_fields(dbfields, params, jsondata);
-            _validate_fields(dbfields, params, jsondata);
+            if (params.custom_fields_only)
+            {
+                var mldUpd = { trackarray: [] };
+            }
+            else
+            {
+                params = _pre_analyze_fields(params, jsondata);
+                // Verwijder voor PUT wat niet gewijzigd mag worden.
+                delete jsondata.name;
+                delete jsondata.contact;
+                delete jsondata.requestor;
+                delete jsondata.issuetype;
+                delete jsondata.location;
 
-            var wheres = [" mld_melding_key = " + mld_key];
-            var mldUpd = buildTrackingUpdate("mld_melding", wheres.join(" AND " ), dbfields, { noValidateToken: true });
+                var dbfields = api2.update_fields(params, this, jsondata); // Build updater
+                _analyze_fields(dbfields, params, jsondata);
+                _validate_fields(dbfields, params, jsondata);
 
-            var err = Oracle.Execute(mldUpd.sql, true);
-            if (err.friendlyMsg)
-                abort_with_warning(err.friendlyMsg);
+                var wheres = [" mld_melding_key = " + mld_key];
+                var mldUpd = buildTrackingUpdate("mld_melding", wheres.join(" AND " ), dbfields, { noValidateToken: true });
+
+                var err = Oracle.Execute(mldUpd.sql, true);
+                if (err.friendlyMsg)
+                    abort_with_warning(err.friendlyMsg);
+            }
 
             var mldtrack = api2.process_includes(params, this, jsondata, mld_key);
 
-            shared.trackaction("MLDUPD",
-                               mld_key,
-                               L("lcl_mld_is_mldupdtrack").format(mld_key) + (mldUpd.trackarray.length > 0? "\n" : "") + mldUpd.trackarray.join("\n"));
+            if (mldUpd.trackarray.length)
+            {
+                shared.trackaction("MLDUPD",
+                                   mld_key,
+                                   L("lcl_mld_is_mldupdtrack").format(mld_key) + (mldUpd.trackarray.length > 0? "\n" : "") + mldUpd.trackarray.join("\n"));
+            }
 
             if (jsondata.status > 0)
                mld.setmeldingstatus(mld_key, jsondata.status, "");
@@ -440,6 +456,10 @@ function model_issues(mld_key, params)
                 api2.error(500, "Account could not be validated");
             }
             jsondata.account = kpkey;
+            if (!jsondata.issuedate)
+                jsondata.issuedate = new Date();
+            if (!jsondata.priority)
+                jsondata.priority = 3;
 
             //
             if (!jsondata.contact) jsondata.contact = user_key; // Als er geen aanvrager opgegeven is, dan de huidige gebruiker invullen.
@@ -450,7 +470,7 @@ function model_issues(mld_key, params)
             }
 
             params.isNew = true;
-            _pre_analyze_fields(params, jsondata);
+            params = _pre_analyze_fields(params, jsondata);
 
             var this_mld = mld.func_enabled_mld(stdm_info.ins_discipline_key, "D");
             user.auth_required_or_abort(this_mld.canFEwrite || this_mld.canFOwrite);
@@ -459,16 +479,18 @@ function model_issues(mld_key, params)
             _analyze_fields(dbfields, params, jsondata);
             _validate_fields(dbfields, params, jsondata);
 
-            dbfields["alg"] =    { dbs: "mld_alg_onroerendgoed_keys", typ: "key",     val: (params.data.alg_onroerendgoed_keys==-1 ? null : params.data.alg_onroerendgoed_keys) };
-            dbfields["origin"] = { dbs: "mld_meldbron_key",           typ: "key",     val: S("mld_meldbron_key") };
-            dbfields["module"] = { dbs: "mld_melding_module",         typ: "varchar", val: "MLD" };
-            dbfields["issue"] =  { dbs: "mld_melding_key",            typ: "key",     seq: "mld_s_mld_melding_key" };
+            dbfields["alg"] =       { dbs: "mld_alg_onroerendgoed_keys", typ: "datetime", val: params.data.alg_onroerendgoed_keys == -1 ? null : params.data.alg_onroerendgoed_keys };
+            dbfields["origin"] =    { dbs: "mld_meldbron_key",           typ: "key",      val: jsondata.meldbron? jsondata.meldbron : S("mld_meldbron_key") };
+            dbfields["module"] =    { dbs: "mld_melding_module",         typ: "varchar",  val: "MLD" };
+            dbfields["issue"] =     { dbs: "mld_melding_key",            typ: "key",      seq: "mld_s_mld_melding_key" };
 
             var mldIns = buildInsert("mld_melding", dbfields, { noValidateToken: true });
             var new_key = mldIns.sequences["mld_melding_key"];
             var sql = mldIns.sql;
             Oracle.Execute(mldIns.sql);
 
+            var mldtrack = api2.process_includes(params, this, jsondata, new_key);
+
             mld.setmeldingstatus(new_key, (stdm.xmld_directklaar? 0 : 2)); // Zorgt ook voor tracking & daarmee notificatie
 
             if (stdm_info.xis_kto_answer) // die direct afmelden

APPL/API2/model_issuetypes.inc

@@ -104,7 +104,6 @@ function model_issuetypes(stdm_key, params)
         if (!xxx_array.length)
             shared.record_not_found();
         this.data = xxx_array[0];
-        this.data.discipline = new model_mld_discipline("MLD", this.data.discipline.id);
     }
 }
 

APPL/API2/model_locations.inc

@@ -14,7 +14,6 @@
 %>
 <!-- #include file="../Shared/discxalg3d.inc"-->
 <!-- #include file="./model_custom_fields.inc"-->
-<!-- #include file="../mgt/mgt_tools.inc" -->
 <!-- #include file="./model_alg_kenmerk.inc"-->
 <%
 function model_alg_locatie()

APPL/API2/model_mld_kenmerk.inc

@@ -4,19 +4,20 @@
 
     File:           model_mld_kenmerk.inc
 
-    Description:    Vanuit CodeCharge gegenereerd model voor mld_kenmerk
+    Description:    Model voor mld_kenmerk
 
     Context:
 
-    Notes:          LET OP: uitsluitend gebruikt voor opdracht kenmerken. Daar
-                    filteren we op en opdr_type is ook verplicht gemaakt.
-                    Melding kenmerken komen in dezelfde tabel maar die hebben
-                    eigen schermen via MLD\mld_kenmerk.asp
+    Notes:          Opdracht kenmerk definities worden ook aangemaakt via dit model
+                    Melding kenmerken definities komen in dezelfde tabel maar die hebben
+                    eigen bewerk schermen via MLD\mld_kenmerk.asp
+                    *Oproepen* via de API gaat voor MLD wel door dit bestand
 */
 %>
+<!-- #include file="model_mld_srtkenmerk.inc"-->
 <%
 
-function model_mld_kenmerk(params)
+function model_mld_kenmerk(niveau, params)
 {
     params = params || {};
     this.records_name = "issueproperties";
@@ -45,7 +46,7 @@ function model_mld_kenmerk(params)
             "typ": "varchar",
             "required": true,
             "hidden_fld": true,
-            "defaultvalue": "O"
+            "defaultvalue": "O" // omdat we MLD toch nog niet bewerken via dit bestand
         },
         "issuepropertytype": {
             "dbs": "mld_srtkenmerk_key",
@@ -78,7 +79,7 @@ function model_mld_kenmerk(params)
                 "key": "mld_typeopdr_key",
                 "desc": "mld_typeopdr_omschrijving"
             },
-            "required": true,
+            "required": true, // omdat we MLD toch nog niet bewerken via dit bestand
             "defaultvalue": null
         },
         "sequence": {
@@ -126,7 +127,7 @@ function model_mld_kenmerk(params)
             "typ": "memo",
             "translate": true
         },
-        "call": {
+        "issuetype": {
             "dbs": "mld_stdmelding_key",
             "label": L("mld_stdmelding_key"),
             "typ": "key",
@@ -158,22 +159,28 @@ function model_mld_kenmerk(params)
         }
     };
 
+    this.getPropertyType = function (kenmerkdata)
+    {
+        var typedata = api2.GET(new model_mld_srtkenmerk({internal: params.internal}), kenmerkdata.issuepropertytype.id);
+        return typedata;
+    }
 
     this.hook_pre_edit = function (obj, fld)
     {
     %>
-    <script type="text/javascript">
+    <script>
       var module = "MLD";
     </script>
     <%
     }
 
+    var gparams = {"GET": {}};
+    if (niveau == 'O')
+        gparams.GET = { wheres: [ "mld_kenmerk.mld_kenmerk_niveau = 'O'" ] };
+    else
+        gparams.GET = { wheres: [ "mld_kenmerk.mld_kenmerk_niveau IN ('T','D','S')" ] };
 
-    this.REST_GET    = generic_REST_GET(this, {
-        "GET": {
-            "wheres": ["mld_kenmerk_niveau = 'O'"]
-        }
-    });
+    this.REST_GET    = generic_REST_GET(this, gparams);
     this.REST_POST   = generic_REST_POST(this);
     this.REST_PUT    = generic_REST_PUT(this);
     this.REST_DELETE = generic_REST_DELETE(this);

APPL/API2/model_mld_opdr.inc

@@ -11,8 +11,10 @@
     Notes:
 */
 %>
-<!-- #include file="../mgt/mgt_tools.inc" -->
 <!-- #include file="../api2/model_fin_factuur.inc" -->
+<!-- #include file="./model_custom_fields.inc"-->
+<!-- #include file="./model_mld_kenmerk.inc"-->
+<!-- #include file="../bgt/bgt_tools.inc" -->
 <%
 
 function model_mld_opdr()
@@ -21,11 +23,15 @@ function model_mld_opdr()
     this.record_name = "order";
     this.table = "mld_opdr";
     this.primary = "mld_opdr_key";
-    this.autfunction = "WEB_BGTORD";
+    this.autfunction = S("bgt_enabled")==1?"WEB_BGTORD":"WEB_ORDBOF";
     this.record_title = L("lcl_fin_mld_opdr");
     this.records_title = L("lcl_fin_opdrachten");
 
-    this.fields = {
+    var fields_main_1 = {};
+    var fields_main_2 = {};
+    var fields_bgt_1 = {};
+
+    fields_main_1 = {
         "id": {
             "dbs": "mld_opdr_key",
             "label": L("lcl_key"),
@@ -34,73 +40,91 @@ function model_mld_opdr()
             "required": true,
             "filter": "exact",
             "seq": "mld_s_mld_opdr_key"
-        },
-        "budgetdiscipline": {
-            "dbs": "bgt_project.ins_discipline_key",
-            "label": L("bgt_discipline_omschrijving"),
-            "typ": "key",
-            "required": true,
-            "foreign": bgt_budgetdiscipline_foreign(),
-            "emptyoption": null
-        },
-        "budgetproject": {
-            "dbs": "bgt_project.bgt_project_key",
-            "label": L("bgt_project_omschrijving"),
-            "typ": "key",
-            "foreign": bgt_budgetproject_foreign()
-        },
-        "budgetcostcategory": {
-            "dbs": "bgt_kostenrubriek.bgt_kostenrubriek_key",
-            "label": L("bgt_kostenrubriek_oms"),
-            "typ": "key",
-            "foreign": bgt_budgetcostcategory_foreign()
-        },
-        "costtypegroup": {
-            "dbs": "prs_kostensoortgrp.prs_kostensoortgrp_key",
-            "label": L("prs_kostensoortgrp_key"),
-            "typ": "key",
-            "foreign": bgt_costtypegroup_foreign()
-        },
-        "costtype": {
-            "dbs": "prs_kostensoort_key",
-            "label": L("prs_kostensoort_key"),
-            "typ": "key",
-            "foreign": bgt_costtype_foreign()
-        },
+        }
+    };
+
+    if (S("bgt_enabled"))
+    {
+        fields_bgt_1 = {
+            "budgetdiscipline": {
+                "dbs": "bgt_project.ins_discipline_key",
+                "label": L("bgt_discipline_omschrijving"),
+                "typ": "key",
+                "required": true,
+                "foreign": bgt_budgetdiscipline_foreign(),
+                "showtransit": true
+            },
+            "budgetproject": {
+                "dbs": "bgt_project.bgt_project_key",
+                "label": L("bgt_project_omschrijving"),
+                "typ": "key",
+                "required": true,
+                "foreign": bgt_budgetproject_foreign(),
+                "showtransit": true
+            },
+            "budgetcostcategory": {
+                "dbs": "bgt_kostenrubriek.bgt_kostenrubriek_key",
+                "label": L("bgt_kostenrubriek_oms"),
+                "typ": "key",
+                "required": true,
+                "foreign": bgt_budgetcostcategory_foreign(),
+                "showtransit": true
+            },
+            "costtypegroup": {
+                "dbs": "prs_kostensoortgrp.prs_kostensoortgrp_key",
+                "label": L("prs_kostensoortgrp_key"),
+                "typ": "key",
+                "required": true,
+                "foreign": bgt_costtypegroup_foreign(),
+                "showtransit": true
+            },
+            "costtype": {
+                "dbs": "prs_kostensoort_key",
+                "label": L("prs_kostensoort_key"),
+                "typ": "key",
+                "required": true,
+                "foreign": bgt_costtype_foreign(),
+                "showtransit": true
+            }
+        };
+    }
+
+    fields_main_2 = {
         "company": {
             "dbs": "mld_uitvoerende_keys",
             "label": L("lcl_ord_company"),
             "typ": "key",
-            "foreign": {
-                "tbl": "prs_bedrijf",
-                "key": "prs_bedrijf_key",
-                "desc": "prs_bedrijf_naam"
-            }
+            "foreign": bgt_company_foreign()
         },
         "reference": {
             "dbs": "mld_opdr_id",
             "label": L("lcl_opdr_id"),
             "typ": "varchar"
+        },
+         "ordernr_sort": {
+            "dbs": "mld_opdr_ordernr_int",
+            "label": L("bgt_opdr_ordernr"),
+            "sql": "fac.safe_to_number(mld_opdr_ordernr)",
+            "typ": "number",
+            "readonly": true
         },
         "ordernr": {
             "dbs": "mld_opdr_ordernr",
             "label": L("bgt_opdr_ordernr"),
-            "typ": "varchar"
+            "typ": "varchar",
+            "hidden_fld": true
         },
         "sequence": {
             "dbs": "mld_opdr_bedrijfopdr_volgnr",
             "label": L("lcl_ins_volgnr"),
-            "typ": "number"
+            "typ": "number",
+            "defaultvalue": 0
         },
         "account": {
             "dbs": "prs_kostenplaats_key",
             "label": L("bgt_budget_account"),
             "typ": "key",
-            "foreign": {
-                "tbl": "prs_kostenplaats",
-                "key": "prs_kostenplaats_key",
-                "desc": "prs_kostenplaats_nr"
-            }
+            "foreign": bgt_account_foreign()
         },
         "description": {
             "dbs": "mld_opdr_omschrijving",
@@ -112,6 +136,26 @@ function model_mld_opdr()
             "label": L("bgt_contractdatum"),
             "typ": "date"
         },
+        "estimate": {
+            "dbs": "estimate",
+            "sql": "CASE WHEN mld_statusopdr_key=10 THEN mld_opdr_kosten END",
+            "sqlshow": true,
+            "hidden_fld": true,
+            "label": "Raming",
+            "typ": "float",
+            "iscurrency": true,
+            "total": true
+        },
+        "contracted": {
+            "dbs": "contracted",
+            "sql": "CASE WHEN mld_statusopdr_key<>10 THEN mld_opdr_kosten END",
+            "sqlshow": true,
+            "hidden_fld": true,
+            "label": L("bgt_gecontracteerd"),
+            "typ": "float",
+            "iscurrency": true,
+            "total": true
+        },
         "amount": {
             "dbs": "mld_opdr_kosten",
             "label": L("bgt_gecontracteerd"),
@@ -126,11 +170,25 @@ function model_mld_opdr()
             "iscurrency": true,
             "total": true
         },
+        "amountincl": {
+            "dbs": "mld_opdr_kosten_incl",
+            "sql": "mld_opdr_kosten + mld_opdr_kosten_btw",
+            "label": L("lcl_fin_total_sum"),
+            "typ": "float",
+            "readonly": true,
+            "sqlshow": true,
+            "iscurrency": true,
+            "total": true,
+            "defaultvalue": "0",
+            "clone": false
+        },
         "invoiced": {
             "dbs": "mld_opdr_gefactureerd",
             "sql": "(BGT.getGefactureerd(mld_opdr.mld_opdr_key, 0, NULL, NULL))",
             "label": L("bgt_facturen"),
             "typ": "float",
+            "readonly": true,
+            "sqlshow": true,
             "iscurrency": true,
             "total": true
         },
@@ -139,6 +197,8 @@ function model_mld_opdr()
             "sql": "(BGT.getTefactureren(mld_opdr.mld_opdr_key, 0, NULL, NULL))",
             "label": L("bgt_facturentogo"),
             "typ": "float",
+            "readonly": true,
+            "sqlshow": true,
             "iscurrency": true,
             "total": true
         },
@@ -174,35 +234,341 @@ function model_mld_opdr()
             "dbs": "mld_opdr_meerwerk",
             "label": L("lcl_mld_opdr_meerwerk"),
             "typ": "check0",
-            "defaultvalue": "0",
+            "defaultvalue": 0,
             "filter": "exact"
-        }
+      }
     };
 
-    this.includes = {
-        "invoices": {
-            "model": new model_fin_factuur(),
-            "joinfield": "order",
-            "enable_update": true
-        }
-    };
+    this.fields = object_merge({}, fields_main_1, (S("bgt_enabled") ? fields_bgt_1 : {}), fields_main_2);
 
-    var gparams = {
-        GET: {
-            tables: [
-                "prs_kostensoort",
-                "prs_kostensoortgrp",
-                "bgt_kostenrubriek",
-                "bgt_project"
-            ],
-            wheres: [
-                "mld_opdr.prs_kostensoort_key = prs_kostensoort.prs_kostensoort_key",
-                "prs_kostensoort.prs_kostensoortgrp_key = prs_kostensoortgrp.prs_kostensoortgrp_key",
-                "prs_kostensoortgrp.bgt_kostenrubriek_key = bgt_kostenrubriek.bgt_kostenrubriek_key",
-                "bgt_kostenrubriek.bgt_project_key = bgt_project.bgt_project_key"
-            ]
+
+
+    this.includes= {
+                    "custom_fields" : {
+                        "model": new model_custom_fields(this, new model_mld_kenmerk('O', { internal: true }), { pNiveau: "O" }),
+                        "joinfield": "flexparentkey",
+                        "enable_update": true
+                    }
+                   }
+
+    this.hook_pre_edit = function (obj, fld)
+    {
+        var btw_data = {};
+        if (obj.id > -1 || obj.ordernr_sort)
+        {
+            fld.ordernr.hidden_fld = false;
+            fld.ordernr.readonly = true;
         }
-    };
+
+        if (obj.id > -1)
+        {
+            var sql = "SELECT s.prs_kostensoort_btw"
+                    + "     , f.fin_btwtabelwaarde_perc"
+                    + "  FROM mld_opdr o"
+                    + "     , prs_kostensoort s"
+                    + "     , fin_btwtabelwaarde f"
+                    + " WHERE s.fin_btwtabelwaarde_key = f.fin_btwtabelwaarde_key"
+                    + "   AND o.prs_kostensoort_key = s.prs_kostensoort_key"
+                    + "   AND o.mld_opdr_key = " + obj.id;
+            var oRs = Oracle.Execute(sql);
+            if (!oRs.eof)
+            {
+                btw_data.btw_inc = oRs("prs_kostensoort_btw").Value;
+                btw_data.btw_val = oRs("fin_btwtabelwaarde_perc").Value || "0";
+            }
+            oRs.Close();
+        }
+
+        %>
+        <script type="text/javascript">
+            var btw_data = <%=JSON.stringify(btw_data)%>;
+            <% if (obj.budgetdiscipline)   { %> var budgetdiscipline   = "<%=obj.budgetdiscipline.id%>";   <% } %>
+            <% if (obj.budgetproject)      { %> var budgetproject      = "<%=obj.budgetproject.id%>";      <% } %>
+            <% if (obj.budgetcostcategory) { %> var budgetcostcategory = "<%=obj.budgetcostcategory.id%>"; <% } %>
+            <% if (obj.costtypegroup)      { %> var costtypegroup      = "<%=obj.costtypegroup.id%>";      <% } %>
+            <% if (obj.costtype)           { %> var costtype           = "<%=obj.costtype.id%>";           <% } %>
+        </script>
+        <%
+    }
+
+    this.hook_pre_post = function(params, obj)
+    {
+        var parent_key = getQParamInt("id", -1);
+        if (!obj.sequence && obj.sequence!=0)
+            abort_with_warning("Vul een volgnummer voor het contract in.");
+
+        var v_costtype = (obj.costtype ? obj.costtype : getQParamInt("costtype", -1));
+        checkAanwezigBudget(v_costtype);
+
+        if (parent_key > -1)  // Bij kopie van opdracht geen nieuw nummer genereren.
+        {
+            // Vul het contractnummer van het oorspronkelijke contract in.
+            var sql = "SELECT o.mld_opdr_ordernr"
+                    + "  FROM mld_opdr o"
+                    + " WHERE o.mld_opdr_key = " + parent_key;
+            var oRs = Oracle.Execute(sql);
+            obj.ordernr = oRs("mld_opdr_ordernr").Value;
+            oRs.Close();
+            // Kopie contract. Volgnummer moet uniek zijn binnen dit contractnummer.
+            checkUniekContractnummer(-1, obj.budgetproject.id, obj.ordernr, obj.sequence);
+        }
+        else
+        {
+            // Genereer een uniek volgnummer binnen het project voor een nieuwe opdracht.
+            var prj_key = (obj.budgetproject ? obj.budgetproject : project_key);
+            var sql = "SELECT COALESCE(MAX(TO_NUMBER(o.mld_opdr_ordernr)), 0) + 1 new_ordernr"
+                    + "  FROM bgt_project p"
+                    + "     , bgt_kostenrubriek r"
+                    + "     , prs_kostensoortgrp g"
+                    + "     , prs_kostensoort s"
+                    + "     , mld_opdr o"
+                    + " WHERE p.bgt_project_key = r.bgt_project_key"
+                    + "   AND r.bgt_kostenrubriek_key = g.bgt_kostenrubriek_key"
+                    + "   AND g.prs_kostensoortgrp_key = s.prs_kostensoortgrp_key"
+                    + "   AND s.prs_kostensoort_key = o.prs_kostensoort_key"
+                    + "   AND p.bgt_project_key = " + prj_key;
+            var oRs = Oracle.Execute(sql);
+            obj.ordernr = oRs("new_ordernr").Value;
+            oRs.Close();
+            // Nieuw contract, dus volgnummer is altijd uniek hierbinnen.
+        }
+
+        checkBudgetoverschrijding(obj.id, obj.costtype, obj.amount, obj.vat);
+    }
+
+    this.hook_pre_put = function(params, obj, key)
+    {
+        var v_costtype = (obj.costtype ? obj.costtype : getQParamInt("costtype", -1) );
+        checkAanwezigBudget(v_costtype);
+
+        // Is de combinatie projectnummer/volgnummer nog steeds uniek?
+        var sql = "SELECT p.bgt_project_key"
+                + "     , o.prs_kostensoort_key"
+                + "     , o.mld_opdr_ordernr"
+                + "  FROM bgt_project p"
+                + "     , bgt_kostenrubriek r"
+                + "     , prs_kostensoortgrp g"
+                + "     , prs_kostensoort s"
+                + "     , mld_opdr o"
+                + " WHERE p.bgt_project_key = r.bgt_project_key"
+                + "   AND r.bgt_kostenrubriek_key = g.bgt_kostenrubriek_key"
+                + "   AND g.prs_kostensoortgrp_key = s.prs_kostensoortgrp_key"
+                + "   AND s.prs_kostensoort_key = o.prs_kostensoort_key"
+                + "   AND o.mld_opdr_key = " + key;
+        var oRs = Oracle.Execute(sql);
+        var v_ordernr = oRs("mld_opdr_ordernr").Value;
+        var v_project_key = oRs("bgt_project_key").Value;
+        var v_cur_costtype_key = oRs("prs_kostensoort_key").Value;
+        oRs.Close();
+        checkUniekContractnummer(key, v_project_key, v_ordernr, obj.sequence);
+        if (v_cur_costtype_key != v_costtype)
+        {   // contract verplaatsen naar ander kostensoort
+            checkBudgetoverschrijding(obj.id, v_cur_costtype_key, 0, 0);      // bedrag van deze kostensoort verwijderen
+            checkBudgetoverschrijding(-1, v_costtype, obj.amount, obj.vat); // (aangepast) bedrag aan nieuwe kostensoort toevoegen
+            // facturen krijgen ook nieuwe kostensoort.
+            var sql = "UPDATE fin_factuur"
+                    + "   SET prs_kostensoort_key = " + v_costtype
+                    + " WHERE mld_opdr_key = " + key;
+            Oracle.Execute(sql);
+        }
+        else
+        {
+            checkBudgetoverschrijding(obj.id, v_costtype, obj.amount, obj.vat);
+        }
+    }
+
+    this.hook_pre_delete = function(params, key)
+    {
+        var sql = "SELECT MAX(o.prs_kostensoort_key) kostensoort"
+                + "     , COUNT(f.fin_factuur_key)   aantal"
+                + "  FROM mld_opdr    o"
+                + "     , fin_factuur f"
+                + " WHERE o.mld_opdr_key = f.mld_opdr_key(+)"
+                + "   AND o.mld_opdr_key = " + key;
+        var oRs = Oracle.Execute(sql);
+        var aantal_facturen = oRs("aantal").Value;
+        var prs_kostensoort = oRs("kostensoort").Value;
+        oRs.Close();
+        if (aantal_facturen > 0)
+            abort_with_warning("Verwijder eerst de facturen bij dit contract.");
+
+        // Eerst proberen of er automatisch terug geboekt moet worden doot bedrag te muteren naar 0.
+        checkBudgetoverschrijding(key, prs_kostensoort, 0, 0);
+    }
+
+
+    var gparams = {};
+    if (S("bgt_enabled") == 1)
+    {
+        gparams = {
+            GET: {
+                tables: [
+                    "prs_kostensoort",
+                    "prs_kostensoortgrp",
+                    "bgt_kostenrubriek",
+                    "bgt_project"
+                ],
+                wheres: [
+                    "mld_opdr.prs_kostensoort_key = prs_kostensoort.prs_kostensoort_key",
+                    "prs_kostensoort.prs_kostensoortgrp_key = prs_kostensoortgrp.prs_kostensoortgrp_key",
+                    "prs_kostensoortgrp.bgt_kostenrubriek_key = bgt_kostenrubriek.bgt_kostenrubriek_key",
+                    "bgt_kostenrubriek.bgt_project_key = bgt_project.bgt_project_key"
+                ]
+            }
+        };
+    }
+
+    function checkUniekContractnummer(p_contract_key, p_project_key, p_contractnr, p_volgnr)
+    {
+            var sql = "SELECT count(*) aantal"
+                    + "  FROM bgt_project p"
+                    + "     , bgt_kostenrubriek r"
+                    + "     , prs_kostensoortgrp g"
+                    + "     , prs_kostensoort s"
+                    + "     , mld_opdr o"
+                    + " WHERE p.bgt_project_key = r.bgt_project_key"
+                    + "   AND r.bgt_kostenrubriek_key = g.bgt_kostenrubriek_key"
+                    + "   AND g.prs_kostensoortgrp_key = s.prs_kostensoortgrp_key"
+                    + "   AND s.prs_kostensoort_key = o.prs_kostensoort_key"
+                    + "   AND p.bgt_project_key = " + p_project_key
+                    + "   AND o.mld_opdr_ordernr = " + safe.quoted_sql(p_contractnr)
+                    + "   AND o.mld_opdr_bedrijfopdr_volgnr = " + p_volgnr
+                    + (p_contract_key != -1 ? "   AND o.mld_opdr_key <> " + p_contract_key : "");
+            var oRs = Oracle.Execute(sql);
+            var uniek_contractnr = (oRs("aantal").Value == 0);
+            oRs.Close();
+            if (!uniek_contractnr)
+                abort_with_warning("Contractnummer {0}.{1} bestaat al in dit project.".format(p_contractnr, p_volgnr));
+    }
+
+    function checkAanwezigBudget(p_kostensoort_key)
+    {
+        // kostensoort moet een budget hebben, anders mag er geen contract aan gekoppeld worden.
+        var sql = "SELECT count(*) aantal"
+                + "  FROM bgt_budget"
+                + " WHERE prs_kostensoort_key = " + p_kostensoort_key;
+        var oRs = Oracle.Execute(sql);
+        var heeft_budget = oRs("aantal").Value == 1;
+        oRs.Close();
+        if (!heeft_budget)
+            abort_with_warning("Maak eerst een budget aan voor deze kostensoort voordat er contracten aan gekoppeld worden.");
+    }
+
+    function checkBudgetoverschrijding(data_id, data_costtype, data_amount, data_vat)
+    {
+        var sql = "SELECT MAX(b.bgt_budget_key)  budget_s"
+                + "     , MAX(c.bgt_budget_key)  budget_r"
+                + "     , MAX(COALESCE(b.bgt_budget_bedrag, 0)) budget_exc"
+                + "     , MAX(COALESCE(b.bgt_budget_btwbedrag, 0)) budget_btw"
+                + "  FROM bgt_budget b"
+                + "     , bgt_budgetmutatie m"
+                + "     , (SELECT r.bgt_project_key"
+                      + "       , bgt_budget_key"
+                      + "    FROM bgt_budget r"
+                      + "    WHERE r.bgt_budget_isreserve = 1"
+                      + " ) c"
+                + " WHERE b.bgt_project_key = c.bgt_project_key(+)"
+                + "   AND b.prs_kostensoort_key = " + data_costtype;
+        var oRs = Oracle.Execute(sql);
+        var budget_key_res = oRs("budget_r").Value;
+        var budget_key_srt = oRs("budget_s").Value;
+        var budget_exc     = oRs("budget_exc").Value;
+        var budget_btw     = oRs("budget_btw").Value;
+        oRs.Close();
+        if (budget_key_res == null)
+            abort_with_warning("Er is geen budget met kenmerk 'reserve' aanwezig voor dit project");
+
+        var amount_old_exc = 0;
+        var amount_old_btw = 0;
+        if (data_id > -1)
+        {
+            var sql = "SELECT COALESCE(t.mld_opdr_kosten, 0) amount_old_exc"
+                    + "     , COALESCE(t.mld_opdr_kosten_btw, 0) amount_old_btw"
+                    + "  FROM mld_opdr t"
+                    + " WHERE t.prs_kostensoort_key = " + data_costtype
+                    + "   AND t.mld_opdr_key = " + data_id;
+            var oRs = Oracle.Execute(sql);
+            amount_old_exc = oRs("amount_old_exc").Value;
+            amount_old_btw = oRs("amount_old_btw").Value;
+            oRs.Close();
+        }
+        var sql = "SELECT SUM(o.mld_opdr_kosten) amount_total_exc"
+                + "     , SUM(o.mld_opdr_kosten_btw) amount_total_btw"
+                + "  FROM mld_opdr o"
+                + " WHERE o.prs_kostensoort_key = " + data_costtype;
+        var oRs = Oracle.Execute(sql);
+        var amount_sum_exc = oRs("amount_total_exc").Value;
+        var amount_sum_btw = oRs("amount_total_btw").Value;
+        oRs.Close();
+        var sql = "SELECT SUM(m1.bgt_budget_bedrag_van) reserve_exc"
+                + "     , SUM(m1.bgt_budget_btwbedrag_van) reserve_btw"
+                + "  FROM bgt_budget b1"
+                + "     , bgt_budget b2"
+                + "     , bgt_budgetmutatie m1"
+                + " WHERE b2.bgt_budget_isreserve = 1"
+                + "   AND b1.bgt_project_key = b2.bgt_project_key"
+                + "   AND m1.bgt_budget_key_van = b2.bgt_budget_key"
+                + "   AND m1.bgt_budget_Key_naar = b1.bgt_budget_key"
+                + "   AND b1.prs_kostensoort_key = " + data_costtype;
+        var oRs = Oracle.Execute(sql);
+        var reserve_exc = oRs("reserve_exc").Value;
+        var reserve_btw = oRs("reserve_btw").Value;
+        oRs.Close();
+        //
+        var bedrag_exc = 0;
+        var bedrag_btw = 0;
+
+        if (amount_old_exc < data_amount)
+        {
+            // verhoging contractwaarde exc
+            var overschot_exc = budget_exc - amount_sum_exc - (data_amount - amount_old_exc);
+            bedrag_exc = (overschot_exc < 0 ? overschot_exc : 0);
+        }
+        else
+        {
+            // verlaging contractwaarde exc
+            var overschot_exc = reserve_exc - (data_amount - amount_old_exc);
+            bedrag_exc = -1 * (overschot_exc > 0 ? reserve_exc : (data_amount - amount_old_exc) );
+        }
+        //
+        if (amount_old_btw < data_vat)
+        {
+            // verhoging contractwaarde btw
+            var overschot_btw = budget_btw - amount_sum_btw - (data_vat - amount_old_btw);
+            bedrag_btw = (overschot_btw < 0 ? overschot_btw : 0);
+        }
+        else
+        {
+            // verlaging contractwaarde btw
+            var overschot_btw = reserve_btw - (data_vat - amount_old_btw);
+            bedrag_btw = -1 * (overschot_btw > 0 ? reserve_btw : (data_vat - amount_old_btw) );
+        }
+
+        var sql_m = "INSERT INTO bgt_budgetmutatie"
+                  + "( bgt_budgetmutatie_datum"
+                  + ", bgt_budgetmutatie_omschrijving"
+                  + ", prs_perslid_key" // not null!
+                  + ", bgt_budget_key_van"
+                  + ", bgt_budget_bedrag_van"
+                  + ", bgt_budget_btwbedrag_van"
+                  + ", bgt_budget_key_naar"
+                  + ", bgt_budget_bedrag_naar"
+                  + ", bgt_budget_btwbedrag_naar"
+//2017.3            + ", bgt_budgetmutatie_reserve"
+                  + ") VALUES"
+                  + "( SYSDATE"
+                  + ", 'AO Automatische overboeking'"
+                  + ", " + user_key
+                  + ", " + budget_key_res
+                  + ", " + bedrag_exc
+                  + ", " + bedrag_btw
+                  + ", " + budget_key_srt
+                  + ", " + (-1 * bedrag_exc)
+                  + ", " + (-1 * bedrag_btw)
+//2017.3            + ", 1"
+                  + ")";
+        Oracle.Execute(sql_m);
+    }
 
 
     this.REST_GET    = generic_REST_GET(this, gparams);

APPL/API2/model_mld_srtkenmerk.inc

@@ -13,14 +13,15 @@
 %>
 <%
 
-function model_mld_srtkenmerk()
+function model_mld_srtkenmerk(params)
 {
+    params = params || {};
     this.records_name = "issuepropertytypes";
     this.record_name = "issuepropertytype";
     this.table = "mld_srtkenmerk";
     this.primary = "mld_srtkenmerk_key";
     this.soft_delete  = "mld_srtkenmerk_verwijder";
-    this.autfunction = "WEB_MLDMGT";
+    this.autfunction = params.internal?false:"WEB_MLDMGT";
     this.record_title = L("mld_srtkenmerk");
     this.records_title = L("mld_srtkenmerk_m");
 

APPL/API2/model_mld_typeopdr.inc

@@ -86,7 +86,8 @@ function model_mld_typeopdr()
             "dbs": "mld_typeopdr_afmeldmarge",
             "label": L("mld_typeopdr_afmeldmarge"),
             "typ": "number",
-            "defaultvalue": "0"
+            "defaultvalue": "0",
+            "multiedit": true
         },
         "visiblefe": {
             "dbs": "mld_typeopdr_zichtbaarfe",
@@ -102,13 +103,22 @@ function model_mld_typeopdr()
             "dbs": "mld_typeopdr_offertelimiet",
             "label": L("mld_typeopdr_offertelimiet"),
             "iscurrency": true,
-            "typ": "float"
+            "typ": "float",
+            "multiedit": true
         },
         "approval": {
             "dbs": "mld_typeopdr_gvs",
             "label": L("mld_typeopdr_gvs"),
             "iscurrency": true,
-            "typ": "float"
+            "typ": "float",
+            "multiedit": true
+        },
+        "approvalfiat": {
+            "dbs": "mld_typeopdr_fvs",
+            "label": L("mld_typeopdr_fvs"),
+            "iscurrency": true,
+            "typ": "float",
+            "multiedit": true
         },
         "nextissueordertype": {
             "dbs": "mld_typeopdr_typeopdr_key",
@@ -139,7 +149,8 @@ function model_mld_typeopdr()
             "label": L("mld_typeopdr_kosten_verplicht"),
             "typ": "number",
             "LOV": L("mld_typeopdr_kosten_verplichtLOV"),
-            "emptyoption": null
+            "emptyoption": null,
+            "multiedit": true
         },
         "slamode": {
             "dbs": "mld_typeopdr_slamode",
@@ -147,7 +158,8 @@ function model_mld_typeopdr()
             "typ": "number",
             "defaultvalue": "1",
             "LOV": L("mld_typeopdr_slamodeLOV"),
-            "emptyoption": null
+            "emptyoption": null,
+            "multiedit": true
         },
         "sequential": {
             "dbs": "mld_typeopdr_sequential",
@@ -155,7 +167,8 @@ function model_mld_typeopdr()
             "typ": "number",
             "defaultvalue": "0",
             "LOV": L("mld_typeopdr_seqmodeLOV"),
-            "emptyoption": null
+            "emptyoption": null,
+            "multiedit": true
         }
     };
 

APPL/API2/model_notes.inc

@@ -115,7 +115,7 @@ function model_notes(module)
             { "id"          : { dbs: tabel.id,                     typ: "key",     seq:     tabel.seq,     filter: "exact" },
               "author"      : { dbs: "prs_perslid_key",            typ: "key",     foreign: "prs_perslid", filter: "exact" },
               "description" : { dbs: tabel.naam + "_omschrijving", typ: "varchar",                         filter: "like"  },
-              "createdate"  : { dbs: tabel.naam + "_aanmaak",      typ: "datetime"},
+              "created"     : { dbs: tabel.naam + "_aanmaak",      typ: "datetime", "readonly": true},
               "parent"      : { dbs: tabel.parent + "_key",        typ: "key",                             filter: "exact" }
         };
 
@@ -197,7 +197,7 @@ function model_notes(module)
             //
             var dbfields = api2.update_fields(params, this, jsondata); // Build updater
 
-            var wheres = [ this.id.dbs + " = " + the_key];
+            var wheres = [ this.fields.id.dbs + " = " + the_key];
             wheres.push("prs_perslid = " + user_key);
 
             var xxxUpd = buildTrackingUpdate(this.table, wheres.join(" AND " ), dbfields, { noValidateToken: true });
@@ -209,7 +209,10 @@ function model_notes(module)
 
     this.REST_POST = function (params, jsondata) /* new note */
         {
-            params.filter.parent_key = jsondata.parent;
+            params.filter.parent_key = parseInt(jsondata.parent, 10);
+            if (!jsondata.author)
+                jsondata.author = user_key;
+
             _check_authorization(params, "POST");
             //
             var dbfields = api2.update_fields(params, this, jsondata); // Build updater

APPL/API2/model_objects.inc

@@ -39,12 +39,16 @@ model_objects =
              "owner"    : { dbs: "ins_v_deel_gegevens.prs_perslid_key",    typ: "key",     foreign: "prs_perslid" }
             },
 
+    // een include van model_ins_deel_state_history lijkt voor de hand te liggen
+    // maar gaf (vast oplosbare) problemen met een dubbele ins_deel in de query
+    // Bovendien wil je in de praktijk altijd een datumfilter op de statedatum hebben
+    // wat niet kan op een include. Doe daarom maar /api2/statehistory?object=16506&start_statedate=2017-11-01T12:20:16Z&fields=state,statedate
     includes: { "tracking": {
                                   model: new model_tracking(['deel']),
                                   joinfield: "trackingrefkey"
                             },
                 "custom_fields" : {
-                        "model": new model_custom_fields(this, new model_ins_kenmerk({ internal: true }), { readman: true, readuse: true }),
+                        "model": new model_custom_fields(this, new model_ins_kenmerk("D", { internal: true }), { readman: true, readuse: true }),
                         "joinfield": "flexparentkey",
                         "enable_update": true
                     }
@@ -55,7 +59,6 @@ model_objects =
             var autfunction = urole == "fe"? "WEB_INSUSE" : "WEB_INSMAN";
             params.authparams = user.checkAutorisation(autfunction, null, null, true); // pessimistisch
 
-            // TODO: Add authorization
             var query = api2.sqlfields(params, model_objects);
             query.wheres.push("ins_deel_verwijder IS NULL");
             // Toon standaard alleen de niet vervallen objecten, behalve als specifiek op object identificatie wordt gezocht.
@@ -73,6 +76,16 @@ model_objects =
                 query.wheres.push("ins_alg_ruimte_key_org IS NULL");
             }
 
+            // TODO: Add 3D authorization
+            // Alleen nog maar simpele 1D autorisatie
+            query.wheres.push(" ins_deel.ins_discipline_key IN"
+                            + " (SELECT ins_discipline_key"
+                            + "    FROM fac_v_webgebruiker"
+                            + "   WHERE fac_functie_key = " + params.authparams.autfunctionkey
+                            + "     AND prs_perslid_key = " + user_key
+                            + "     AND fac_gebruiker_prs_level_read < 9"
+                            + "     AND fac_gebruiker_alg_level_read < 9)");
+
             // TODO: We ondersteunen uitsluitend ruimte- werkplek- en persoonsgebonden objecten
             query.tables.push("ins_v_deel_gegevens");
             query.wheres.push("ins_deel.ins_alg_ruimte_type IN ('R', 'W', 'P') ");
@@ -94,15 +107,22 @@ model_objects =
         },
     REST_PUT: function (params, jsondata, the_key) /* update object */
         {
-            var dbfields = api2.update_fields(params, model_objects, jsondata); // Build updater
-            //model_objects._validate_fields(dbfields, params, jsondata);
+            if (params.custom_fields_only)
+            {
+                var insUpd = { trackarray: [] };
+            }
+            else
+            {
+                var dbfields = api2.update_fields(params, model_objects, jsondata); // Build updater
+                //model_objects._validate_fields(dbfields, params, jsondata);
 
-            // TODO: Autorization
-            var wheres = [" ins_deel_key = " + the_key];
-            var insUpd = buildTrackingUpdate("ins_deel", wheres.join(" AND " ), dbfields, { noValidateToken: true });
-            Oracle.Execute(insUpd.sql);
+                // TODO: Autorization
+                var wheres = [" ins_deel_key = " + the_key];
+                var insUpd = buildTrackingUpdate("ins_deel", wheres.join(" AND " ), dbfields, { noValidateToken: true });
+                Oracle.Execute(insUpd.sql);
+            }
 
-            //var beztrack = api2.process_includes(params, model_objects, jsondata, the_key);
+            var instrack = api2.process_includes(params, model_objects, jsondata, the_key);
 
             return { key: the_key };
         },

APPL/API2/model_orders.inc

@@ -23,7 +23,6 @@
 <!-- #include file="./model_notes.inc"-->
 <!-- #include file="./model_custom_fields.inc"-->
 <!-- #include file="./model_fac_tracking.inc"-->
-<!-- #include file="../mgt/mgt_tools.inc" -->
 <!-- #include file="./model_mld_kenmerk.inc"-->
 <%
 
@@ -87,8 +86,9 @@ function model_orders(opdr_key, params)
                            model: new model_notes("MLD"),
                            joinfield: "mld_opdr_key"
                          },
-                "custom_fields" : { model: new model_custom_fields(this, new model_mld_kenmerk({ internal: true }), { pNiveau: "O", readman: true, readuse: true }),
-                                    joinfield: "flexparentkey"
+                "custom_fields" : { model: new model_custom_fields(this, new model_mld_kenmerk('O', { internal: true }), { pNiveau: "O", readman: true, readuse: true }),
+                                    joinfield: "flexparentkey",
+                                    "enable_update": true
                                   },
                 "tracking": {
                                   model: new model_tracking(['opdracht']),
@@ -238,6 +238,7 @@ function model_orders(opdr_key, params)
                 + "     , mld_typeopdr_slamode"
                 + "     , mld_typeopdr_isofferte"
                 + "     , mld_typeopdr_gvs"
+                + "     , mld_typeopdr_fvs"
                 + "     , mld_typeopdr_kosten"
                 + "  FROM mld_typeopdr"
                 + " WHERE mld_typeopdr_key = " + params.mld_opdr.opdr_type;
@@ -246,6 +247,7 @@ function model_orders(opdr_key, params)
         params.mld_opdr.mld_typeopdr_slamode   = oRs("mld_typeopdr_slamode").Value;
         params.mld_opdr.mld_typeopdr_isofferte = oRs("mld_typeopdr_isofferte").Value;
         params.mld_opdr.mld_typeopdr_gvs       = oRs("mld_typeopdr_gvs").Value || 0;
+        params.mld_opdr.mld_typeopdr_fvs       = oRs("mld_typeopdr_fvs").Value || 0;
         var needKostenplaats = oRs("mld_typeopdr_kosten").Value == 1;
         oRs.Close();
 
@@ -349,6 +351,12 @@ function model_orders(opdr_key, params)
             var opdr_key = the_key;
             if (opdr_key == -1)
                 abort_with_warning("PUT needs record key in url.");
+            if (params.custom_fields_only)
+            {
+                var mldtrack = api2.process_includes(params, this, jsondata, opdr_key);
+                return { key: opdr_key };
+            }
+
             if (!jsondata.id) jsondata.id = opdr_key;       // huidige key altijd in jsondata
             //
             this._pre_analyze_fields(params, jsondata);
@@ -452,6 +460,7 @@ function model_orders(opdr_key, params)
             var disc_key         = params.mld_opdr.dis_key;
             var kostenplaats_key = params.mld_opdr.kostenplaats_key;
             var mld_typeopdr_gvs = params.mld_opdr.mld_typeopdr_gvs;
+            var mld_typeopdr_fvs = params.mld_opdr.mld_typeopdr_fvs || 0;
             var sla_mode         = params.mld_opdr.mld_typeopdr_slamode;
             var uitvoerende      = params.mld_opdr.uitvoerende;
             var act_key          = params.mld_opdr.act_key;
@@ -525,10 +534,7 @@ function model_orders(opdr_key, params)
                 // Eerste fiatteur (pkey) mag niet fiatteren want het zit boven zijn profiel limiet.
                 // De melder van de melding (user_key) mag niet zelf goedkeuren boven het bedrag can_selfapprove.
                 // tot_kosten > can_selfapprove => user_key als exclude key meegeven.
-                if (tot_kosten > S("can_selfapprove"))
-                  approver_key = prs.getKpVerantwoordelijkeExcept(kostenplaats_key, user_key);
-                else
-                  approver_key = prs.getKpVerantwoordelijke(kostenplaats_key);
+                approver_key = prs.getFiatteur(kostenplaats_key, (tot_kosten > S("can_selfapprove"))?user_key:-1, tot_kosten, disc_key);
                 for_approval = true;
               }
             }
@@ -660,7 +666,12 @@ function model_orders(opdr_key, params)
                 requestApproval = true;
             }
             else if (requestApproval)
+            {
+              if (tot_kosten < mld_typeopdr_fvs)
+                requestApproval = false; // Hoge fiat vrijstelling, toch niet nodig
+              else
                 status = 3; // Ter fiattering.
+            }
             // requestApproval heeft nu zijn definitieve waarde, en approver_key is geldig gedefinieerd.
 
             // Status en tracking altijd met de functie setopdrachtstatus
@@ -818,10 +829,7 @@ function model_orders(opdr_key, params)
                             // Het mandaat is al te hoog voor de melder/aanvrager van de melding.
                             // De melder/aanmaker van de melding mag niet zelf goedkeuren boven het bedrag can_selfapprove.
                             // tot_kosten > can_selfapprove => mld_info.melder_key als exclude key meegeven.
-                            if (tot_kosten > S("can_selfapprove"))
-                              approver_key = prs.getKpVerantwoordelijkeExcept(kostenplaats_key, mld_info.melder_key);
-                            else
-                              approver_key = prs.getKpVerantwoordelijke(kostenplaats_key);
+                            approver_key = prs.getFiatteur(kostenplaats_key, (tot_kosten > S("can_selfapprove"))?mld_info.melder_key:-1, tot_kosten, mld_info.disc);
                             if (approver_key == -1)
                                 abort_with_warning(L("lcl_bes_exceed_limit"));
                             refiat = true;
@@ -1093,7 +1101,9 @@ function model_orders(opdr_key, params)
                                     + "       mld_srtkenmerk t"
                                     + " WHERE m.mld_srtkenmerk_key = t.mld_srtkenmerk_key"
                                     + "   AND m.mld_kenmerk_key = "; /* wordt in saveFlexkenmerken uitgebreid */
-
+// TODO: deze saveFlexKenmerken moet via de standaard includes door model_custom_fields opgelost worden
+//       pas echter op: die verwacht een properyid voor elk kenmerk terwijl saveFlexKenmerken (nog) een 'id' verwacht
+//       In het bijzonder wordt in d:\Apps\Facilitor\Branch20172\CUST\ASLE\Appl ook nog de 'id' gezet!
             var flextrack =
                 saveFlexKenmerken(opdr_key, { kenmerkTable: "mld_kenmerkopdr",
                                               kenmerkParentKey : "mld_opdr_key",

APPL/API2/model_prs_afdeling.inc

@@ -13,7 +13,6 @@
 %>
 <!-- #include file="../prs/prs.inc" -->
 <!-- #include file="./model_custom_fields.inc"-->
-<!-- #include file="../mgt/mgt_tools.inc"-->
 <!-- #include file="./model_prs_kenmerk.inc"-->
 <%
 
@@ -29,7 +28,8 @@ function model_prs_afdeling()
     this.fields = {
         "id": {
             "dbs": "prs_afdeling_key",
-            "typ": "key"
+            "typ": "key",
+            "seq": "prs_s_prs_afdeling_key"
         },
         "name": {
             "dbs": "prs_afdeling_naam",
@@ -39,11 +39,10 @@ function model_prs_afdeling()
             "dbs": "prs_afdeling_omschrijving",
             "typ": "varchar"
         },
-        "company": {
-            "dbs": "prs_afdeling_key",
-            "label": L("lcl_prs_company"),
-            "typ": "key",
-            "foreign": "prs_afdeling"
+        "externalid": {
+            "dbs": "prs_afdeling_externid",
+            "label": L("prs_afdeling_externid"),
+            "typ": "varchar"
         },
         "parent": {
             "dbs": "prs_afdeling_parentkey",
@@ -52,7 +51,19 @@ function model_prs_afdeling()
             "foreign": "prs_afdeling"
         },
         "company": {
-            "dbs": "pa.prs_bedrijf_key",
+            "dbs": "prs_bedrijf_key",
+            "label": L("lcl_prs_company"),
+            "typ": "key",
+            "foreign": {
+                "tbl": "prs_bedrijf",
+                "key": "prs_bedrijf_key",
+                "desc": "prs_bedrijf_naam",
+                "desc_is_unique": "prs_bedrijf_verwijder IS NULL"
+            }
+        },
+        "xcompany": {
+            "dbs": "top_prs_bedrijf_key",
+            "sql": "pa.prs_bedrijf_key",
             "label": L("lcl_prs_company"),
             "typ": "key",
             "foreign": "prs_bedrijf"
@@ -64,9 +75,15 @@ function model_prs_afdeling()
             "foreign": {
                 "tbl": "prs_kostenplaats",
                 "key": "prs_kostenplaats_key",
-                "desc": "prs_kostenplaats_nr"
-            },
-            "multiedit": true
+                "desc": "prs_kostenplaats_nr",
+                "desc_is_unique": "prs_kostenplaats_verwijder IS NULL"
+            }
+        },
+            "created": {
+            "dbs": "prs_afdeling_aanmaak",
+            "label": "Aanmaakdatum",
+            "typ": "datetime",
+            "readonly": true
         }
     };
 
@@ -84,7 +101,7 @@ function model_prs_afdeling()
                     }
                   }
 
-    var authparamsUSE = user.checkAutorisation("WEB_PRSUSE", true);
+    var authparamsUSE = user.checkAutorisation("WEB_PRSUSE");
     if (authparamsUSE.PRSreadlevel == 0) // prs_bedrijf
     {
         gparams["GET"].wheres.push("pa.prs_bedrijf_key = " + user.afdeling().prs_bedrijf_key());
@@ -103,11 +120,9 @@ function model_prs_afdeling()
     }
 
 
-    this.REST_GET   = generic_REST_GET(this, gparams);
-
-    // (even) nog geen updates
-    //this.REST_POST   = generic_REST_POST(this);
-    //this.REST_PUT    = generic_REST_PUT(this);
-    //this.REST_DELETE = generic_REST_DELETE(this);
+    this.REST_GET    = generic_REST_GET(this, gparams);
+    this.REST_POST   = generic_REST_POST(this);
+    this.REST_PUT    = generic_REST_PUT(this);
+    this.REST_DELETE = generic_REST_DELETE(this);
 }
 %>

APPL/API2/model_prs_kostenplaats.inc

@@ -11,7 +11,7 @@
     Notes:
 */
 %>
-<!-- #include file="../api2/model_prs_kostensoort.inc" -->
+<!-- #include file="../bgt/bgt_tools.inc" -->
 <%
 
 function model_prs_kostenplaats()
@@ -21,8 +21,8 @@ function model_prs_kostenplaats()
     this.table = "prs_kostenplaats";
     this.primary = "prs_kostenplaats_key";
     this.autfunction = (S("bgt_enabled")==1 ? ["WEB_FINMSU", "WEB_BGTMGT"] : ["WEB_FINMSU"]);
-    this.record_title = L("lcl_account");
-    this.records_title = L("lcl_menu_fin_kostenplaatsen");
+    this.record_title = (S("bgt_enabled")==1 ? L("bgt_kostenplaats") : L("lcl_account"));
+    this.records_title = (S("bgt_enabled")==1 ? L("bgt_kostenplaats_m") : L("lcl_menu_fin_kostenplaatsen"));
     this.soft_delete = "prs_kostenplaats_verwijder";
 
     this.fields = {
@@ -35,6 +35,30 @@ function model_prs_kostenplaats()
             "filter": "exact",
             "seq": "prs_s_prs_kostenplaats_key"
         },
+        "budgetdiscipline": {
+            "dbs": "bgt_project.ins_discipline_key",
+            "label": L("bgt_discipline_omschrijving"),
+            "typ": "key",
+            "required": true,
+            "foreign": bgt_budgetdiscipline_foreign(),
+            "showtransit": true
+        },
+        "budgetproject": {
+            "dbs": "bgt_project.bgt_project_key",
+            "label": L("bgt_project_omschrijving"),
+            "typ": "key",
+            "required": true,
+            "foreign": bgt_budgetproject_foreign(),
+            "showtransit": true
+        },
+        "costgroup": {
+            "dbs": "prs_kostenplaatsgrp_key",
+            "label": L("lcl_prs_kostenpl_group"),
+            "typ": "key",
+            "required": true,
+            "foreign": bgt_accountgroup_foreign(),
+            "showtransit": true
+        },
         "name": {
             "dbs": "prs_kostenplaats_nr",
             "label": L("lcl_prs_dept_name"),
@@ -60,16 +84,6 @@ function model_prs_kostenplaats()
             "dbs": "prs_kostenplaats_eind",
             "label": L("lcl_end_date"),
             "typ": "date"
-            },
-        "costgroup": {
-            "dbs": "prs_kostenplaatsgrp_key",
-            "label": L("lcl_prs_kostenpl_group"),
-            "typ": "key",
-            "foreign": {
-                "tbl": "prs_kostenplaatsgrp",
-                "key": "prs_kostenplaatsgrp_key",
-                "desc": "prs_kostenplaatsgrp_oms"
-            }
         },
         "person": {
             "dbs": "prs_perslid_key",
@@ -99,13 +113,99 @@ function model_prs_kostenplaats()
             "dbs": "prs_kostenplaats_fiat",
             "label": L("lcl_prs_kpnfiat"),
             "typ": "check0"
+        },
+        "module": {
+            "dbs": "prs_kostenplaats_module",
+            "label":  L("bgt_discipline_module"),
+            "typ": "varchar",
+            "hidden_fld": true,
+            "defaultvalue": "PRJ"
         }
     };
 
-    this.REST_GET    = generic_REST_GET(this);
-    // Nog even readonly
-    //this.REST_POST   = generic_REST_POST(this);
-    //this.REST_PUT    = generic_REST_PUT(this);
-    //this.REST_DELETE = generic_REST_DELETE(this);
+    if (S("bgt_enabled")) // alleen voor budgetcontrole, de rest nog even readonly
+    {
+        // Deze hoeven ze niet voor BGT te zien:
+        delete this.fields.begin;
+        delete this.fields.end;
+        delete this.fields.person;
+        delete this.fields.costlimit;
+        delete this.fields.limitperiod;
+        delete this.fields.external;
+        delete this.fields.approval;
+        this.fields.costgroup.hidden_fld = true;  // Deze wordt bepaald uit de gekozen project/deelproject.
+
+        this.hook_pre_edit = function (obj, fld)
+        {
+        %>
+        <script>
+            <% if (obj.budgetdiscipline) { %> var budgetdiscipline = "<%=obj.budgetdiscipline.id%>"; <% } %>
+            <% if (obj.budgetproject)    { %> var budgetproject    = "<%=obj.budgetproject.id%>";    <% } %>
+        </script>
+        <%
+        }
+
+        this.hook_pre_post = function (params, jsondata)
+        {
+            var v_discipline_key = jsondata.budgetdiscipline || getQParamInt("budgetdiscipline", -1);
+            var v_project_key    = jsondata.budgetproject    || getQParamInt("budgetproject", -1);
+            if (v_discipline_key > 0 && v_project_key > 0)
+            {
+                var sql_e = "SELECT prs_kostenplaatsgrp_key"
+                          + "  FROM prs_kostenplaatsgrp kpg"
+                          + " WHERE kpg.bgt_project_key = " + v_project_key;
+                var oRs_e = Oracle.Execute(sql_e);
+                var v_kostenplaatsgrp_key = (!oRs_e.eof ? oRs_e("prs_kostenplaatsgrp_key").Value : -1);
+                oRs_e.Close();
+                //
+                if (v_kostenplaatsgrp_key == -1 && v_project_key > 0)
+                {
+                    // Ontbrekende verwijzing tussen kostenplaats en project toevoegen.
+                    var sql = "INSERT INTO prs_kostenplaatsgrp"
+                            + " (bgt_project_key, prs_kostenplaatsgrp_nr, prs_kostenplaatsgrp_oms)"
+                            + "     SELECT " + v_project_key
+                            + "          , d.bgt_disc_params_code"
+                            + "          , p.bgt_project_code"
+                            + "      FROM bgt_project p"
+                            + "         , bgt_disc_params d"
+                            + "     WHERE p.ins_discipline_key = d.bgt_ins_discipline_key"
+                            + "       AND p.bgt_project_key = " + v_project_key;
+                    Oracle.Execute(sql);
+                    //
+                    oRs_e = Oracle.Execute(sql_e);
+                    v_kostenplaatsgrp_key = (!oRs_e.eof ? oRs_e("prs_kostenplaatsgrp_key").Value : -1);
+                    oRs_e.Close();
+                    //
+                    if (v_kostenplaatsgrp_key == -1)
+                        abort_with_warning("Er is een fout opgetreden bij het aanmaken van de kostenplaatsgroep");
+                }
+                //
+                jsondata.costgroup = v_kostenplaatsgrp_key;
+            }
+        }
+
+        this.REST_GET    = generic_REST_GET(this, {
+            "GET": {
+                "tables": [ "prs_kostenplaatsgrp"
+                          , "bgt_project"
+                          ],
+                "wheres": [ "prs_kostenplaatsgrp.bgt_project_key = bgt_project.bgt_project_key"
+                          , "prs_kostenplaatsgrp.prs_kostenplaatsgrp_key = prs_kostenplaats.prs_kostenplaatsgrp_key"
+                          ]
+            }
+        });
+        this.REST_POST   = generic_REST_POST(this);
+        this.REST_PUT    = generic_REST_PUT(this);
+        this.REST_DELETE = generic_REST_DELETE(this);
+    }
+    else
+    {
+        delete this.fields.budgetdiscipline;
+        delete this.fields.budgetproject;
+        this.REST_GET    = generic_REST_GET(this);
+        this.REST_POST   = generic_REST_POST(this);
+        this.REST_PUT    = generic_REST_PUT(this);
+        this.REST_DELETE = generic_REST_DELETE(this);
+    }
 }
 %>

APPL/API2/model_prs_kostenplaatsgrp.inc

@@ -4,7 +4,7 @@
 
     File:           model_prs_kostenplaatsgrp.inc
 
-    Description:    Vanuit CodeCharge gegenereerd model voor prs_kostenplaatsgrp
+    Description:    Model voor prs_kostenplaatsgrp
 
     Context:
 
@@ -48,12 +48,23 @@ function model_prs_kostenplaatsgrp()
             "label": L("lcl_prs_number"),
             "typ": "varchar",
             "translate": true,
-            "required": true,
             "filter": "like"
         },
         "person": {
             "dbs": "prs_perslid_key",
-            "label": L("lcl_prs_budgethouder"),
+            "label": L("prs_kostenplaatsgrp_fiat1_key").format(S("mld_opdr_kpg_fin_limit1")),
+            "typ": "key",
+            "foreign" : "prs_perslid"
+        },
+        "personfiat2": {
+            "dbs": "prs_kostenplaatsgrp_fiat2_key",
+            "label": L("prs_kostenplaatsgrp_fiat2_key").format(S("mld_opdr_kpg_fin_limit1"), S("mld_opdr_kpg_fin_limit2")),
+            "typ": "key",
+            "foreign" : "prs_perslid"
+        },
+        "personfiat3": {
+            "dbs": "prs_kostenplaatsgrp_fiat3_key",
+            "label": L("prs_kostenplaatsgrp_fiat3_key").format(S("mld_opdr_kpg_fin_limit2")),
             "typ": "key",
             "foreign" : "prs_perslid"
         },
@@ -69,9 +80,36 @@ function model_prs_kostenplaatsgrp()
             "LOV":  "0;" + L("lcl_prs_none") +
                    ";1;" + L("lcl_prs_month") +
                    ";2;" + L("lcl_prs_year")
+        },
+        "kpcount": {
+          "dbs": "nn_leden",
+          "sql": "(SELECT COUNT(*) "
+                + "  FROM prs_kostenplaats"
+                + " WHERE prs_kostenplaats.prs_kostenplaatsgrp_key = prs_kostenplaatsgrp.prs_kostenplaatsgrp_key"
+                + "   AND prs_kostenplaats_verwijder IS NULL)",
+          "label": L("lcl_menu_fin_kostenplaatsen"),
+          "readonly": true,
+          "typ": "number"
         }
     };
 
+if (0) {
+        sql = "SELECT SUM(k.prs_kostenplaats_limiet) gebruikt_budget"
+            + "  FROM prs_kostenplaatsgrp kpg"
+            + "     , prs_kostenplaats k"
+            + " WHERE kpg.prs_kostenplaatsgrp_key = k.prs_kostenplaatsgrp_key"
+            + "   AND kpg.prs_kostenplaatsgrp_key = " + kpngroep_key;
+        oRs = Oracle.Execute(sql);
+        var gebruikt_budget = oRs("gebruikt_budget").Value;
+        oRs.close();
+        if (kpngrp_limiet - gebruikt_budget > 0)
+        {
+          BLOCK_START("kpnGrp", L("lcl_prs_budgettering"));
+          ROFIELDTR("fldfreebudget" + (gebruikt_budget > kpngrp_limiet? " hot" : ""), L("lcl_prs_afwijking_budget") + " " + L("lcl_valutasign"), safe.curr(kpngrp_limiet - gebruikt_budget), {suppressEmpty: true});
+          BLOCK_END();
+        }
+}
+
     if (S("bgt_enabled"))
     {
         this.fields["budgetproject"] = {
@@ -90,9 +128,15 @@ function model_prs_kostenplaatsgrp()
     }
 
     this.REST_GET    = generic_REST_GET(this);
-    // Nog even readonly
-    //this.REST_POST   = generic_REST_POST(this);
-    //this.REST_PUT    = generic_REST_PUT(this);
-    //this.REST_DELETE = generic_REST_DELETE(this);
+    this.REST_POST   = generic_REST_POST(this);
+    this.REST_PUT    = function (params, jsondata, the_key)
+                        {
+                            if (prs.exceeds_budgetkps(the_key, jsondata.grouplimit))
+                            { // Is de som van de kostenplaatslimieten(budgetten) lager dan de limiet(budget) van hun kostenplaatsgroep.
+                              abort_with_warning(L("lcl_prs_exceed_limitkpg"));
+                            }
+                            return generic_REST_PUT(this)(params, jsondata, the_key);
+                        }
+    this.REST_DELETE = generic_REST_DELETE(this);
 }
 %>

APPL/API2/model_prs_kostensoort.inc

@@ -35,8 +35,11 @@ function model_prs_kostensoort()
     this.record_title = L("prs_kostensoort");
     this.records_title = L("prs_kostensoort_m");
 
+    var fields_main = {};
+    var fields_ext = {};
 
-    this.fields = {
+
+    fields_main = {
         "id": {
             "dbs": "prs_kostensoort_key",
             "label": L("lcl_key"),
@@ -50,20 +53,16 @@ function model_prs_kostensoort()
             "dbs": "prs_kostensoortgrp_key",
             "label": L("prs_kostensoortgrp_key"),
             "required": true,
-            //"insertonly" : true,
             "typ": "key",
-            "foreign": {
-                "tbl": "prs_kostensoortgrp",
-                "key": "prs_kostensoortgrp_key",
-                "desc": "prs_kostensoortgrp_oms"
-            },
+            "foreign": bgt_costtypegroup_foreign(),
             "LOVinit": "",
             "filter": "exact",
-            "multiedit": true
+            "multiedit": true,
+            "showtransit": true
         },
         "name": {
             "dbs": "prs_kostensoort_oms",
-            "label": L("prs_kostensoort_oms"),
+            "label": (S("bgt_enabled") ? L("prs_kostensoort_opmerking") : L("prs_kostensoort_oms")),
             "typ": "varchar",
             "required": true,  /* proberen */
             "translate": true,
@@ -72,24 +71,24 @@ function model_prs_kostensoort()
         },
         "remark": {
             "dbs": "prs_kostensoort_opmerking",
-            "label": L("prs_kostensoort_opmerking"),
+            "label": (S("bgt_enabled") ? L("prs_kostensoort_oms") : L("prs_kostensoort_opmerking")),
             "typ": "varchar",
             "required": (S("bgt_enabled") ? false : true),
+            "hidden_fld": (S("bgt_enabled") ? true : false),
             "filter": "like"
         },
         "altcode": {
             "dbs": "prs_kostensoort_altcode",
-            "label": L("prs_kostensoort_altcode"),
-            "typ": "varchar"
+            "label": (S("bgt_enabled") ? L("prs_kostensoort_oms") : L("prs_kostensoort_altcode")),
+            "typ": "varchar",
+            "required": (S("bgt_enabled") ? true : false)
         },
-
         "refcode": {
             "dbs": "prs_kostensoort_refcode",
             "label": L("prs_kostensoort_refcode"),
             "typ": "varchar",
             "translate": true
         },
-
         "charge": {
             "dbs": "prs_kostensoort_doorbelasten",
             "label": L("prs_kostensoort_doorbelasten"),
@@ -116,11 +115,7 @@ function model_prs_kostensoort()
             "dbs": "prs_kostenplaats_key",
             "label": L("prs_kostenplaats_key"),
             "typ": "key",
-            "foreign": {
-                "tbl": "prs_kostenplaats",
-                "key": "prs_kostenplaats_key",
-                "desc": "prs_kostenplaats_nr"
-            },
+            "foreign": bgt_account_foreign(),
             "multiedit": true
         }
     };
@@ -128,7 +123,45 @@ function model_prs_kostensoort()
 
     if (S("bgt_enabled")) // alleen voor budgetcontrole
     {
+        // Via Admin moet de context discipline/project toegevoegd worden.
+        fields_ext = {
+            "budgetdiscipline": {
+                "dbs": "bgt_project.ins_discipline_key",
+                "label": L("bgt_discipline_omschrijving"),
+                "typ": "key",
+                "required": true,
+                "foreign": bgt_budgetdiscipline_foreign(),
+                "showtransit": true
+            },
+            "budgetproject": {
+                "dbs": "bgt_project.bgt_project_key",
+                "label": L("bgt_project_omschrijving"),
+                "typ": "key",
+                "required": true,
+                "foreign": bgt_budgetproject_foreign(),
+                "showtransit": true
+            },
+            "budgetcostcategory": {
+                "dbs": "bgt_kostenrubriek.bgt_kostenrubriek_key",
+                "label": L("bgt_kostenrubriek"),
+                "typ": "key",
+                "required": true,
+                "foreign": bgt_budgetcostcategory_foreign(),
+                "showtransit": true
+            },
+            "costcategorycode": {
+                "dbs": "bgt_kostenrubriek.bgt_kostenrubriek_code",
+                "label": L("bgt_kostenrubriek_code"),
+                "typ": "varchar",
+                "readonly": true
+            }
+        };
+        this.fields = object_merge({}, fields_ext, fields_main);
+
         delete this.fields.charge;
+        delete this.fields.refcode;
+        this.fields.inclvat.hidden_fld = true;
+        this.fields.costcentre.label = L("bgt_budget_account");
         this.includes = {
             "budgets": {
                 "model": new model_bgt_budget(),
@@ -136,10 +169,87 @@ function model_prs_kostensoort()
                 "enable_update": true
             }
         };
-        this.print = { xmlnode: "budget", where: "kostensoort"};
+//        this.print = { xmlnode: "budget", where: "kostensoort"};
+
+        this.hook_pre_show = function (obj, fld)
+        {
+            delete this.fields.costcategorycode;
+        }
+
+        this.hook_pre_edit = function (obj, fld)
+        {
+            if ((obj.id > -1) || (obj.costtypegroup && obj.costtypegroup.id > -1))
+            {
+                this.fields.budgetdiscipline.hidden_fld = false;
+                this.fields.budgetdiscipline.readonly = true;
+                this.fields.budgetproject.hidden_fld = false;
+                this.fields.budgetproject.readonly = true;
+                this.fields.budgetcostcategory.hidden_fld = false;
+                this.fields.budgetcostcategory.readonly = true;
+
+                delete this.fields.costcategorycode;
+            }
+
+            if (obj.costtypegroup && obj.costtypegroup.id != -1)
+            {   // Nog even de parent gegevens erbij halen zodat deze readonly getoond worden.
+                var sql = "SELECT p.ins_discipline_key"
+                        + "     , p.bgt_project_key"
+                        + "     , r.bgt_kostenrubriek_key"
+                        + "     , dp.bgt_disc_params_code ||' - '|| di.ins_discipline_omschrijving oms_disc"
+                        + "     , p.bgt_project_code ||' - '|| p.bgt_project_omschrijving oms_proj"
+                        + "     , r.bgt_kostenrubriek_oms oms_rubr"
+                        + "  FROM bgt_disc_params    dp"
+                        + "     , ins_tab_discipline di"
+                        + "     , bgt_project        p"
+                        + "     , bgt_kostenrubriek  r"
+                        + "     , prs_kostensoortgrp g"
+                        + " WHERE dp.bgt_ins_discipline_key = p.ins_discipline_key"
+                        + "   AND di.ins_discipline_key = p.ins_discipline_key"
+                        + "   AND p.bgt_project_key = r.bgt_project_key"
+                        + "   AND r.bgt_kostenrubriek_key = g.bgt_kostenrubriek_key"
+                        + "   AND g.prs_kostensoortgrp_key = " + obj.costtypegroup.id
+                var oRs = Oracle.Execute(sql);
+                if (!oRs.eof)
+                {
+                    obj.budgetdiscipline = {id:oRs("ins_discipline_key").Value, name: oRs("oms_disc").Value};
+                    obj.budgetproject = {id: oRs("bgt_project_key").Value, name: oRs("oms_proj").Value};
+                    obj.budgetcostcategory = {id: oRs("bgt_kostenrubriek_key").Value, name: oRs("oms_rubr").Value};
+                }
+                oRs.Close();
+            }
+            var prj_key = (obj.budgetproject ? obj.budgetproject.id : -1);
+            fld["costcentre"].foreign.tbl = bgt_account_foreign_tbl(prj_key);
+            fld["costcentre"].multiedit = false;
+
+            %>
+            <script type="text/javascript">
+                <% if (obj.budgetdiscipline)   { %> var budgetdiscipline   = "<%=obj.budgetdiscipline.id%>";   <% } %>
+                <% if (obj.budgetproject)      { %> var budgetproject      = "<%=obj.budgetproject.id%>";      <% } %>
+                <% if (obj.budgetcostcategory) { %> var budgetcostcategory = "<%=obj.budgetcostcategory.id%>"; <% } %>
+                <% if (obj.costtypegroup)      { %> var costtypegroup      = "<%=obj.costtypegroup.id%>";      <% } %>
+            </script>
+            <%
+        }
+
+        this.REST_GET = generic_REST_GET(this, {
+            "GET": {
+                "tables": [
+                    "bgt_project",
+                    "bgt_kostenrubriek",
+                    "prs_kostensoortgrp"
+                ],
+                "wheres": [
+                    "bgt_project.bgt_project_key = bgt_kostenrubriek.bgt_project_key",
+                    "bgt_kostenrubriek.bgt_kostenrubriek_key = prs_kostensoortgrp.bgt_kostenrubriek_key",
+                    "prs_kostensoortgrp.prs_kostensoortgrp_key = prs_kostensoort.prs_kostensoortgrp_key"
+                ]
+            }
+        });
+
     }
     else
     {
+        this.fields = fields_main;
         delete this.fields.vat;
         this.includes = {
             "costcombinations": {
@@ -149,10 +259,8 @@ function model_prs_kostensoort()
                 "multiadd": "group"
             }
         };
+        this.REST_GET    = generic_REST_GET(this);
     }
-
-
-    this.REST_GET    = generic_REST_GET(this);
     this.REST_POST   = generic_REST_POST(this);
     this.REST_PUT    = generic_REST_PUT(this);
     this.REST_DELETE = generic_REST_DELETE(this);

APPL/API2/model_prs_kostensoortgrp.inc

@@ -11,6 +11,7 @@
     Notes:
 */
 %>
+<!-- #include file="../api2/model_bgt_budget.inc" -->
 <!-- #include file="../api2/model_prs_kostensoort.inc" -->
 <%
 
@@ -24,7 +25,11 @@ function model_prs_kostensoortgrp()
     this.record_title = L("prs_kostensoortgrp");
     this.records_title = L("prs_kostensoortgrp_m");
 
-    this.fields = {
+    var fields_main = {};
+    var fields_ext = {};
+
+
+    fields_main = {
         "id": {
             "dbs": "prs_kostensoortgrp_key",
             "label": L("lcl_key"),
@@ -38,13 +43,10 @@ function model_prs_kostensoortgrp()
             "dbs" : "bgt_kostenrubriek_key",
             "label": L("bgt_kostenrubriek"),
             "typ": "key",
-            //"required": true, /* TODO alleen als BGT */
-            "insertonly" : true,
-            "foreign": {
-                "tbl": "bgt_kostenrubriek",
-                "key": "bgt_kostenrubriek_key",
-                "desc": "bgt_kostenrubriek_oms"
-            }
+            "required": true,
+            "insertonly": true,
+            "foreign": bgt_budgetcostcategory_foreign(),
+            "showtransit": true
         },
         "name": {
             "dbs": "prs_kostensoortgrp_oms",
@@ -62,12 +64,93 @@ function model_prs_kostensoortgrp()
         }
     };
 
-    if (S("bgt_enabled")) // alleen voor budgetcontrole
+    if (S("bgt_enabled"))
     {
-        this.print = { xmlnode: "budget", where: "kostengroep"};
-    }
+        // Via Admin moet de context discipline/project toegevoegd worden.
+        fields_ext = {
+            "budgetdiscipline": {
+                "dbs": "bgt_project.ins_discipline_key",
+                "label": L("bgt_discipline_omschrijving"),
+                "typ": "key",
+                "required": true,
+                "foreign": bgt_budgetdiscipline_foreign(),
+                "showtransit": true
+            },
+            "budgetproject": {
+                "dbs": "bgt_project.bgt_project_key",
+                "label": L("bgt_project_omschrijving"),
+                "typ": "key",
+                "required": true,
+                "foreign": bgt_budgetproject_foreign(),
+                "showtransit": true
+            }
+        };
+        this.fields = object_merge({}, fields_ext, fields_main);
 
-    this.REST_GET    = generic_REST_GET(this);
+
+        this.hook_pre_edit = function (obj, fld)
+        {
+            if ((obj.id > -1) || (obj.budgetcostcategory && obj.budgetcostcategory.id > -1))
+            {
+                this.fields.budgetdiscipline.hidden_fld = false;
+                this.fields.budgetdiscipline.readonly = true;
+                this.fields.budgetproject.hidden_fld = false;
+                this.fields.budgetproject.readonly = true;
+            }
+
+            if (obj.budgetcostcategory && obj.budgetcostcategory.id != -1)
+            {   // Nog even de parent gegevens erbij halen zodat deze readonly getoond worden.
+                var sql = "SELECT p.ins_discipline_key"
+                        + "     , p.bgt_project_key"
+                        + "     , r.bgt_kostenrubriek_key"
+                        + "     , dp.bgt_disc_params_code ||' - '|| di.ins_discipline_omschrijving oms_disc"
+                        + "     , p.bgt_project_code ||' - '|| p.bgt_project_omschrijving oms_proj"
+                        + "  FROM bgt_disc_params    dp"
+                        + "     , ins_tab_discipline di"
+                        + "     , bgt_project        p"
+                        + "     , bgt_kostenrubriek  r"
+                        + " WHERE dp.bgt_ins_discipline_key = p.ins_discipline_key"
+                        + "   AND di.ins_discipline_key = p.ins_discipline_key"
+                        + "   AND p.bgt_project_key = r.bgt_project_key"
+                        + "   AND r.bgt_kostenrubriek_key = " + obj.budgetcostcategory.id;
+                var oRs = Oracle.Execute(sql);
+                if (!oRs.eof)
+                {
+                    obj.budgetdiscipline = {id:oRs("ins_discipline_key").Value, name: oRs("oms_disc").Value};
+                    obj.budgetproject = {id: oRs("bgt_project_key").Value, name: oRs("oms_proj").Value};
+                }
+                oRs.Close();
+            }
+
+            %>
+            <script type="text/javascript">
+                <% if (obj.budgetdiscipline)   { %> var budgetdiscipline   = "<%=obj.budgetdiscipline.id%>";   <% } %>
+                <% if (obj.budgetproject)      { %> var budgetproject      = "<%=obj.budgetproject.id%>";      <% } %>
+                <% if (obj.budgetcostcategory) { %> var budgetcostcategory = "<%=obj.budgetcostcategory.id%>"; <% } %>
+                <% if (obj.costtypegroup)      { %> var costtypegroup      = "<%=obj.costtypegroup.id%>";      <% } %>
+            </script>
+            <%
+        }
+
+        this.REST_GET = generic_REST_GET(this, {
+            "GET": {
+                "tables": [
+                    "bgt_project",
+                    "bgt_kostenrubriek"
+                ],
+                "wheres": [
+                    "bgt_kostenrubriek.bgt_kostenrubriek_key = prs_kostensoortgrp.bgt_kostenrubriek_key",
+                    "bgt_kostenrubriek.bgt_project_key = bgt_project.bgt_project_key"
+                ]
+            }
+        });
+    }
+    else
+    {
+        this.fields = fields_main;
+        delete this.fields.budgetcostcategory;
+        this.REST_GET    = generic_REST_GET(this);
+    }
     this.REST_POST   = generic_REST_POST(this);
     this.REST_PUT    = generic_REST_PUT(this);
     this.REST_DELETE = generic_REST_DELETE(this);

APPL/API2/model_prs_perslid.inc

@@ -20,7 +20,6 @@
 <!-- #include file="../api2/model_fac_tracking.inc"-->
 <!-- #include file="../api2/model_fac_gebruikersgroep.inc" -->
 <!-- #include file="./model_prs_kenmerk.inc"-->
-<!-- #include file="../mgt/mgt_tools.inc"-->
 <%
 
 function fnApiToken(oRs, field, model)
@@ -43,6 +42,7 @@ function model_prs_perslid(params)
     this.records_name = "persons";
     this.record_name = "person";
     this.table = "prs_perslid";
+    this.trackcode = "PRSUPD";
     this.audit = { // Parameters voor fac_audit.
         "childtable": "fac_gebruikersgroep",
         "childaudit": {"sql":   "SELECT fac_audit_tabelkey"
@@ -51,11 +51,11 @@ function model_prs_perslid(params)
                               + "   AND fac_audit_waarde_oud IN ('{1}')"
         }
     };
-    this.softdelete = true;
+    this.soft_delete = "prs_perslid_verwijder";
     this.primary = "prs_perslid_key";
     this.record_title = L("prs_perslid");
     this.records_title = L("prs_perslid_m");
-    this.autfunction = false; // we controleren zelf
+    this.autfunction = params.internal?false:"WEB_PRSSYS"; // we controleren zelf
 
     this.fields = {
         "id": {
@@ -87,12 +87,17 @@ function model_prs_perslid(params)
             "label": L("lcl_prs_person_title"),
             "typ": "varchar"
         },
+        "employeenumber": {
+            "dbs": "prs_perslid_nr",
+            "label": L("lcl_prs_person_nr"),
+            "typ": "varchar"
+        },
         "initials": {
             "dbs": "prs_perslid_voorletters",
             "label": L("lcl_prs_person_initials"),
             "typ": "varchar"
         },
-        "prefix": {
+        "middlename": {
             "dbs": "prs_perslid_tussenvoegsel",
             "label": L("lcl_prs_person_tussen"),
             "typ": "varchar"
@@ -131,6 +136,12 @@ function model_prs_perslid(params)
             "typ": "varchar",
             "filter": "exact"
         },
+        "externallogin": {
+            "dbs": "prs_perslid_externoslogin",
+            "label": L("prs_perslid_externoslogin"),
+            "typ": "varchar",
+            "filter": "exact"
+        },
         "employment": {
             "dbs": "prs_perslid_dienstverband",
             "label": L("lcl_prs_person_dienstverband"),
@@ -146,6 +157,17 @@ function model_prs_perslid(params)
             "label": L("lcl_prs_person_einddatum"),
             "typ": "date"
         },
+        "created": {
+            "dbs": "prs_perslid_aanmaak",
+            "label": L("prs_perslid_aanmaak"),
+            "typ": "datetime",
+            "readonly": true
+        },
+        "deactivated": {
+            "dbs": "prs_perslid_inactief",
+            "label": L("prs_perslid_inactief"),
+            "typ": "datetime"
+        },
         "function": {
             "dbs": "prs_srtperslid_key",
             "label": L("lcl_prs_person_function"),
@@ -154,7 +176,18 @@ function model_prs_perslid(params)
                 "tbl": "prs_srtperslid",
                 "key": "prs_srtperslid_key",
                 "desc": "prs_srtperslid_omschrijving",
-                "desc_is_unique": true
+                "desc_is_unique": "prs_srtperslid_verwijder IS NULL"
+            }
+        },
+        "profile": {
+            "dbs": "fac_profiel_key",
+            "label": L("fac_profiel"),
+            "typ": "key",
+            "foreign": {
+                "tbl": "fac_profiel",
+                "key": "fac_profiel_key",
+                "desc": "fac_profiel_omschrijving",
+                "desc_is_unique": true // wordt overigens niet afgedwongen
             }
         },
         "department": {
@@ -163,6 +196,11 @@ function model_prs_perslid(params)
             "typ": "key",
             "foreign": "prs_afdeling"
         },
+        "externalid": {
+            "dbs": "prs_perslid_externid",
+            "label": L("prs_perslid_externid"),
+            "typ": "varchar"
+        },
         "company": {
             "dbs": "pa.prs_bedrijf_key",
             "label": L("lcl_prs_company"),
@@ -244,6 +282,9 @@ function model_prs_perslid(params)
                 query.wheres.push("prs_perslid.prs_perslid_key = " + user_key);
             else
             {
+				// Zonder PRSSYS heb je hier niets mee te maken
+                query.wheres.push("SUBSTR(prs_perslid_oslogin, 0, 1) <> '_'");
+
                 // TODO: Ook nog ALG autorisatie?
                 if (authparamsUSE.PRSreadlevel == 0) // prs_bedrijf
                 {
@@ -278,9 +319,40 @@ function model_prs_perslid(params)
             return json;
         };
 
-    if (params.internal) // bijvoorbeeld idp die personen kan aanmaken
+    // We willen vooral dat je via Admin/Autorisatie personen niet met API kunt bewerken
+    if (!params.readonly) // wel bijvoorbeeld idp die personen kan aanmaken of SCIM api
     {
-        this.REST_POST   = generic_REST_POST(this);
+        this.REST_POST = function (params, jsondata, parent_key)
+        {
+            if (jsondata.externalid)
+            {   // Als hij al verwijderd bestond reanimeren we
+                // Onze eigen REST_GET geeft nooit verwijderde records, daarom via SQL
+                var sql = "SELECT prs_perslid_key, "
+                        + "       prs_perslid_verwijder"
+                        + "  FROM prs_perslid"
+                        + " WHERE prs_perslid_externid = " + safe.quoted_sql(jsondata.externalid)
+                        + "   AND prs_perslid_verwijder IS NOT NULL";
+                var oRs = Oracle.Execute(sql);
+                if (!oRs.Eof)
+                {
+                    var the_key = oRs("prs_perslid_key").Value;
+                    var verwijder = new Date(oRs("prs_perslid_verwijder").Value);
+                    oRs.Close();
+                    var sql = "UPDATE prs_perslid"
+                            + "   SET prs_perslid_verwijder = NULL"
+                            + " WHERE prs_perslid_key = " + the_key;
+                    Oracle.Execute(sql);
+                    shared.trackaction("PRSLOG", the_key, "User was deleted on {0}, now reanimated.".format(toDateTimeString(verwijder, true)));
+
+                    return generic_REST_PUT(this)(params, jsondata, the_key); // bijwerken
+                }
+                oRs.Close();
+                // doorvallen naar gewone POST
+            }
+            // Else gewoon een nieuwe
+            return generic_REST_POST(this)(params, jsondata, parent_key)
+        }
+
         this.REST_PUT    = generic_REST_PUT(this);
         this.REST_DELETE = generic_REST_DELETE(this);
     }

APPL/API2/model_reportcolumns.inc

@@ -119,6 +119,7 @@ function model_reportcolumns(usrrap_key, params)
             "datatype",
             "visible",
             "filter",
+            "filterdefault",
             "group"
         ],
         rowClass: this.fnrowClass

APPL/API2/model_reports.inc

@@ -301,9 +301,9 @@ function report_GET(params)
 {
     // Als parameters niet in de url zijn meegegeven is waarschijnlijk rechtstreeks de list
     // aangeroepen. Pak dan de geconfigureerde defaults
-    def(params.filter, "scf_pivot", (this.list.autoPivot & 2)?2:0);
-    def(params.filter, "scf_graph", (this.list.autoGraph & 2) == 2?"on":"");
-    def(params.filter, "scf_cond",  (this.list.autoCond  & 2) == 2?"on":"");
+    def(params.filter, "scf_pivot", (this.list.autoPivot & 2) ? 1 : 0);
+    def(params.filter, "scf_graph", (this.list.autoGraph & 2) == 2 ? "on" : "");
+    def(params.filter, "scf_cond",  (this.list.autoCond  & 2) == 2 ? "on" : "");
 
     if (!params.columns)
     {

APPL/API2/model_res_kenmerk.inc

@@ -11,6 +11,7 @@
     Notes:
 */
 %>
+<!-- #include file="model_res_srtkenmerk.inc"-->
 <%
 function model_res_kenmerk(params)
 {
@@ -124,6 +125,11 @@ function model_res_kenmerk(params)
         }
     };
 
+    this.getPropertyType = function (kenmerkdata)
+    {
+        var typedata = api2.GET(new model_res_srtkenmerk({internal: params.internal}), kenmerkdata.bookingpropertytype.id);
+        return typedata;
+    }
 
     function buildVerplichtingList()
     {   // LOV waarden voor required.

APPL/API2/model_res_ruimte.inc

@@ -249,7 +249,7 @@ function model_res_ruimte()
             "dbs": "res_ruimte_extern_id",
             "label": L("res_ruimte_extern_id"),
             "typ": "varchar"
-        }
+        }  
     };
 
     // veld "res_ruimte_extern_id" alleen te wijzigen met PRSSYS rechten.
@@ -268,7 +268,7 @@ function model_res_ruimte()
             "joinfield": "bookingroom",
             "multiadd": "bookingconfiguration",
             "enable_update": true
-        }
+        }       
     };
 
     // res_v_alg_ruimte_gegevens levert voor een koppelzaal meerdere records waardoor de opstelling ook meervoudig wordt weergegeven.

APPL/API2/model_res_srtkenmerk.inc

@@ -12,14 +12,15 @@
 */
 %>
 <%
-function model_res_srtkenmerk()
+function model_res_srtkenmerk(params)
 {
+    params = params || {};
     this.records_name = "bookingpropertytypes";
     this.record_name = "bookingpropertytype";
     this.table = "res_srtkenmerk";
     this.primary = "res_srtkenmerk_key";
     this.soft_delete = "res_srtkenmerk_verwijder";
-    this.autfunction = "WEB_RESMGT";
+    this.autfunction = params.internal?false:"WEB_RESMGT";
     this.record_title = L("mgt_srtkenmerk");
     this.records_title = L("mgt_srtkenmerk_m");
 

APPL/API2/model_reservations.inc

@@ -318,8 +318,8 @@ function model_reservations(rsv_key, params)
             _validate_fields(dbfields, params, jsondata);
 
             // Eerst een nieuw res_reservering record aanmaken
-            var resfields = { "id":     { dbs: "res_reservering_key",      typ: "key",      seq: "res_s_res_reservering_key" },
-                              "create": { dbs: "res_reservering_aanmaak",  typ: "datetime", val: new Date() }
+            var resfields = { "id":      { dbs: "res_reservering_key",      typ: "key",      seq: "res_s_res_reservering_key" },
+                              "created": { dbs: "res_reservering_aanmaak",  typ: "datetime", val: new Date() }
                             };
             var resIns = buildInsert("res_reservering", resfields, { noValidateToken: true });
             var reservering_key = resIns.sequences["res_reservering_key"];

APPL/API2/model_rooms.inc

@@ -15,7 +15,6 @@
 <!-- #include file="./model_cadcontours.inc" -->
 <!-- #include file="./model_custom_fields.inc"-->
 <!-- #include file="./model_fac_tracking.inc"-->
-<!-- #include file="../mgt/mgt_tools.inc"-->
 <!-- #include file="./model_alg_kenmerk.inc"-->
 <!-- #include file="./model_prs_ruimteafdeling.inc"-->
 <%

APPL/API2/model_visitors.inc

@@ -15,7 +15,6 @@
 <!-- #include file="../Shared/discxalg3d.inc"-->
 <!-- #include file="../bez/bez.inc" -->
 <!-- #include file="./model_custom_fields.inc"-->
-<!-- #include file="../mgt/mgt_tools.inc"-->
 <!-- #include file="./model_bez_kenmerk.inc"-->
 <%
 function model_visitors()

APPL/API2/plugins/scimgroups.wsc

@@ -0,0 +1,233 @@
+<?xml version="1.0"?>
+<component>
+<?component error="true" debug="true"?>
+<registration
+	description="scimgroups"
+	progid="flexwhere.WSC"
+	version="1.00"
+	classid="{6D817B6F-9D08-4636-AAD9-8BD7C5EFF56A}"
+>
+</registration>
+
+<public>
+
+<!-- properties -->
+
+<!-- methods -->
+	<method name="initialize">
+		<PARAMETER name="params"/>
+	</method>
+	<method name="error_handler">
+		<PARAMETER name="code"/>
+		<PARAMETER name="msg"/>
+		<PARAMETER name="orgHandler"/>
+	</method>
+	<method name="transform_filter">
+		<PARAMETER name="filter"/>
+	</method>
+	<method name="transform_outgoing">
+		<PARAMETER name="params"/>
+		<PARAMETER name="data"/>
+	</method>
+	<method name="transform_incoming">
+		<PARAMETER name="params"/>
+		<PARAMETER name="data"/>
+	</method>
+	<method name="get_eTag">
+		<PARAMETER name="params"/>
+		<PARAMETER name="data"/>
+	</method>
+</public>
+
+<script language="javascript">
+<![CDATA[
+
+/*	properties	*/
+
+
+/*	methods	*/
+/*
+/*
+    $Id$
+
+    File:   scimgroups.wsc
+*/
+/* Globals */
+var FCLT;
+
+
+function initialize(params)
+{
+    FCLT = params;
+}
+
+function error_handler(code, msg, orgHandler)
+{
+    code = code || 500;
+    var data = {
+        "schemas" : ["urn:ietf:params:scim:api:messages:2.0:Error"],
+        "scimType": "invalidValue",
+        "detail"  : msg,
+        "status"  : code
+    };
+
+    FCLT.DEZE.Response.ContentType = "application/json";
+    FCLT.DEZE.Response.Write(FCLT.DEZE.JSON.stringify(data, null, 2));
+    var codestr = String(code);
+    if (typeof code == "number")
+    {
+        var codestr = { 400: "Bad request",
+                        403: "Forbidden",
+                        404: "Not Found",
+                        422: "Unprocessable Entity" }[code];
+        if (codestr)
+            code = code + " " + codestr;
+    }
+    FCLT.DEZE.Response.Status = code;
+    FCLT.DEZE.Response.End;
+}
+
+function transform_filter(filter)
+{
+    if ("count" in filter)
+        filter.limit = filter.count;
+    if ("startIndex" in filter)
+        filter.offset = filter.startIndex - 1;
+    if ("filter" in filter)
+    {
+        // Ontvangen filter: "filter": "id eq \"KFSG_authorizationgroup_703\""
+        var v_filter = filter.filter.replace ("id eq \"" + FCLT.DEZE.customerId + "_authorizationgroup_", "");
+        v_filter = v_filter.replace("\"", "");
+        filter.id = v_filter;
+    }
+    filter.nointernal = 1;
+    return filter;
+}
+
+function get_eTag(params, data)
+{
+    if (data && typeof data == "object" && "meta" in data)
+        return data.meta.version;
+    return null;
+}
+
+function transform_incoming(params, data)
+{
+    FCLT.DEZE.__Log(data);
+    var authorizationgroup =
+    {
+        name         : data["displayName"],
+        externalid   : data["externalId"]
+    };
+
+    var groep_key = data["id"].replace (FCLT.DEZE.customerId + "_authorizationgroup_", "");
+
+    var sql = "DELETE fac_rapport WHERE fac_rapport_node = 'SCIMGROUPS'";
+    FCLT.DEZE.Oracle.Execute(sql);
+
+    if (data["members"])
+    {
+        var oRs;
+        var member_id;
+        for (var j = 0; j < data["members"].length; j++)
+        {
+            if (data["members"][j].value)
+            {
+                member = data["members"][j].value;
+                member_id = member.replace (FCLT.DEZE.customerId + "_person_", "");
+                if (isNaN(member_id)) {
+                    error_handler(500, "Ongeldige gebruiker", "");
+                }
+                sql = "INSERT INTO fac_rapport (fac_rapport_node, fac_rapport_regel, fac_rapport_volgnr) "
+                    + " VALUES('SCIMGROUPS', " + groep_key + ", " + FCLT.DEZE.safe.quoted_sql(member_id) + ")";
+                oRs = FCLT.DEZE.Oracle.Execute(sql);
+            }
+        }
+        // We slaan de groep key tijdelijk op in fac_arapport_regel
+        // en de perslid_key in het volgnummer omdat deze uniek moet zijn.
+        sql = "INSERT INTO fac_gebruikersgroep ( fac_groep_key, prs_perslid_key) "
+            + "SELECT fac_rapport_regel, fac_rapport_volgnr FROM fac_rapport r "
+            + " WHERE NOT EXISTS (SELECT fac_gebruikersgroep_key "
+            + "                     FROM fac_gebruikersgroep gg WHERE gg.prs_perslid_key = fac_rapport_volgnr AND gg.fac_groep_key = r.fac_rapport_regel)";
+        FCLT.DEZE.Oracle.Execute(sql);
+
+        sql = "DELETE fac_gebruikersgroep gg "
+            + " WHERE fac_groep_key = " + groep_key
+            + "   AND NOT EXISTS (SELECT fac_rapport_volgnr "
+            + "                     FROM fac_rapport r WHERE gg.prs_perslid_key = fac_rapport_volgnr AND gg.fac_groep_key = r.fac_rapport_regel)";
+        FCLT.DEZE.Oracle.Execute(sql);
+        //oRs.Close();
+    }
+
+    //FCLT.DEZE.__DoLog(authorizationgroup);
+
+    return { authorizationgroup: authorizationgroup };
+}
+
+function transform_one_group(params, authorizationgroup)
+{
+    FCLT.DEZE.__Log(authorizationgroup);
+    var unique = FCLT.DEZE.customerId + "_authorizationgroup_" + String(authorizationgroup.id);
+    var onegroup = {
+           "displayName":authorizationgroup.name,
+           "externalId":authorizationgroup.externalid,
+           "id":unique,
+           "schemas":[
+              "urn:ietf:params:scim:schemas:core:2.0:Group",
+              "urn:ietf:params:scim:schemas:extension:enterprise:2.0:Group"
+           ],
+           "members":[],
+           "meta":{
+              "created":authorizationgroup.created,
+              "lastModified":authorizationgroup.lastchange?authorizationgroup.lastchange:authorizationgroup.created,
+              "location":FCLT.DEZE.HTTP.urlzelf() + "/appl/SCIM/Groups/" + unique,
+              "resourceType":"Group"
+           }
+        }
+
+    for (var j = 0; j < authorizationgroup.users.length; j++)
+    {
+        var user = authorizationgroup.users[j];
+        var unique = FCLT.DEZE.customerId + "_person_" + String(user.person.id);
+        onegroup.members.push({
+                 "value":unique,
+                 "type":"User",
+                 "$ref":FCLT.DEZE.HTTP.urlzelf() + "/appl/SCIM/Users/" + unique,
+                 "display":user.person.name
+              })
+    }
+    var oCrypto = new ActiveXObject("SLNKDWF.Crypto");
+    var eTag = '"' + oCrypto.hex_sha1(FCLT.DEZE.JSON.stringify(onegroup)).toLowerCase() + '"';
+    onegroup.meta["version"] = "W/" + eTag; // Weak eTag?
+    return onegroup;
+}
+
+function transform_outgoing(params, data)
+{
+    if ("authorizationgroup" in data)
+    {
+        var oneauthorizationgroup = transform_one_group(params, data.authorizationgroup);
+        return oneauthorizationgroup;
+    }
+    if ("authorizationgroups" in data)
+    {
+        var allgroups = [];
+        for (var i = 0; i < data.authorizationgroups.length; i++)
+        {
+            var authorizationgroup = data.authorizationgroups[i];
+            allgroups.push(transform_one_group(params, authorizationgroup));
+        }
+
+        return {
+        	"totalResults": data.total_count,
+        	"itemsPerPage": allgroups.length,
+        	"startIndex": 1,
+        	"schemas": ["urn:ietf:params:scim:api:messages:2.0:ListResponse"],
+        	"Resources": allgroups
+        };
+    }
+}
+
+]]>
+</script>
+</component>

APPL/API2/plugins/scimorgunits.wsc

@@ -0,0 +1,213 @@
+<?xml version="1.0"?>
+<component>
+<?component error="true" debug="true"?>
+<registration
+	description="scimOrgunits"
+	progid="scimOrgunits.WSC"
+	version="1.00"
+	classid="{6D817B6F-9D08-4636-AAD9-8BD7C5EFF56A}"
+>
+</registration>
+
+<public>
+
+<!-- properties -->
+
+<!-- methods -->
+	<method name="initialize">
+		<PARAMETER name="params"/>
+	</method>
+	<method name="error_handler">
+		<PARAMETER name="code"/>
+		<PARAMETER name="msg"/>
+		<PARAMETER name="orgHandler"/>
+	</method>
+	<method name="transform_filter">
+		<PARAMETER name="filter"/>
+	</method>
+	<method name="transform_outgoing">
+		<PARAMETER name="params"/>
+		<PARAMETER name="data"/>
+	</method>
+	<method name="transform_incoming">
+		<PARAMETER name="params"/>
+		<PARAMETER name="data"/>
+	</method>
+	<method name="get_eTag">
+		<PARAMETER name="params"/>
+		<PARAMETER name="data"/>
+	</method>
+</public>
+
+<script language="javascript">
+<![CDATA[
+
+/*	properties	*/
+
+
+/*	methods	*/
+/*
+/*
+    $Id$
+
+    File:   scimorgunits.wsc
+*/
+/* Globals */
+var FCLT;
+
+// De omschrijving van de objecten in FACILITOR moet FW1, FW2 etc. zijn
+var scimgroups_srtdeel_key = 258418;
+
+function initialize(params)
+{
+    FCLT = params;
+}
+
+function error_handler(code, msg, orgHandler)
+{
+    code = code || 500;
+    var data = {
+        "schemas" : ["urn:ietf:params:scim:api:messages:2.0:Error"],
+        "scimType": "invalidValue",
+        "detail"  : msg,
+        "status"  : code
+    };
+
+    FCLT.DEZE.Response.ContentType = "application/json";
+    FCLT.DEZE.Response.Write(FCLT.DEZE.JSON.stringify(data, null, 2));
+    var codestr = String(code);
+    if (typeof code == "number")
+    {
+        var codestr = { 400: "Bad request",
+                        403: "Forbidden",
+                        404: "Not Found",
+                        422: "Unprocessable Entity" }[code];
+        if (codestr)
+            code = code + " " + codestr;
+    }
+    FCLT.DEZE.Response.Status = code;
+    FCLT.DEZE.Response.End;
+}
+
+function transform_filter(filter)
+{
+    if ("count" in filter)
+        filter.limit = filter.count;
+    if ("startIndex" in filter) {
+        filter.offset = filter.startIndex - 1;
+        filter.showall = 1;
+    }
+    if ("filter" in filter) 
+    {
+        // Ontvangen filter: "filter": "id eq \"KFSG_department_703\""
+        var v_filter = filter.filter.replace ("id eq \"" + FCLT.DEZE.customerId + "_department_", "");
+        v_filter = v_filter.replace("\"", "");
+        filter.id = v_filter;       
+    }
+    return filter;
+}
+
+function get_eTag(params, data)
+{
+    if (data && typeof data == "object" && "meta" in data)
+        return data.meta.version;
+    return null;
+}
+
+function transform_incoming(params, data)
+{
+//FCLT.DEZE.__DoLog(data);
+    var department =
+    {
+        id         : data["id"],
+        externalid : data["externalId"],
+		  description: data["code"],
+		  name		 : data["externalId"],
+		  company    : { name: "Schiphol Group" }
+
+    };
+
+    if ("costCenter" in data && data["costCenter"] != "") 
+    {
+        department.costcentre = { name: data["costCenter"] }; // id mag achterwege blijven omdat desc_is_unique
+        var sql = "SELECT prs_kostenplaats_key FROM prs_kostenplaats "
+                + "WHERE prs_kostenplaats_verwijder IS NULL "
+                + "  AND prs_kostenplaats_nr = " + FCLT.DEZE.safe.quoted_sql(department.costcentre.name);
+        var oRs = FCLT.DEZE.Oracle.Execute(sql);
+        if (oRs.eof)
+        {
+            sql = "INSERT INTO prs_kostenplaats (prs_kostenplaats_nr, prs_kostenplaats_omschrijving, prs_kostenplaats_module) "
+                + "VALUES (" + FCLT.DEZE.safe.quoted_sql(department.costcentre.name) + "," + FCLT.DEZE.safe.quoted_sql(department.costcentre.name) + ",'PRS')";
+            FCLT.DEZE.Oracle.Execute(sql);
+        }
+        oRs.Close();
+    }
+    else
+        department.costcentre = { name: "" };
+        
+    return { department: department };
+}
+
+function transform_one_department(params, department)
+{
+    FCLT.DEZE.__Log(department);
+
+
+    var unique = FCLT.DEZE.customerId + "_department_" + String(department.id);
+
+    var onedepartment = {
+           "code":department.description,
+           "externalid":department.externalid,
+           "id":unique,
+           "schemas":[
+              "urn:ietf:params:scim:schemas:extension:2.0:OrgUnit",
+              "urn:ietf:params:scim:schemas:extension:enterprise:2.0:OrgUnit"
+           ],
+           "meta":{
+              "created":department.created,
+              "lastModified":department.lastchange?department.lastchange:department.created,
+              "location":FCLT.DEZE.HTTP.urlzelf() + "/appl/SCIM/OrgUnits/" + unique,
+              "resourceType":"OrgUnit"
+           }
+        }
+
+    if (department.costcentre)
+    {
+       onedepartment.costCenter = department.costcentre.name;
+    }
+
+    var oCrypto = new ActiveXObject("SLNKDWF.Crypto");
+    var eTag = '"' + oCrypto.hex_sha1(FCLT.DEZE.JSON.stringify(onedepartment)).toLowerCase() + '"';
+    onedepartment.meta["version"] = "W/" + eTag; // Weak eTag?
+    return onedepartment;
+}
+
+function transform_outgoing(params, data)
+{
+    if ("department" in data)
+    {
+        var onedepartment = transform_one_department(params, data.department);
+        return onedepartment;
+    }
+    if ("departments" in data)
+    {
+        var alldepartments = [];
+        for (var i = 0; i < data.departments.length; i++)
+        {
+            var department = data.departments[i];
+            alldepartments.push(transform_one_department(params, department));
+        }
+
+        return {
+        	"totalResults": data.total_count,
+        	"itemsPerPage": alldepartments.length,
+        	"startIndex": 1,
+        	"schemas": ["urn:ietf:params:scim:api:messages:2.0:ListResponse"],
+        	"Resources": alldepartments
+        };
+    }
+}
+
+]]>
+</script>
+</component>

APPL/API2/plugins/scimusers.wsc

@@ -0,0 +1,289 @@
+<?xml version="1.0"?>
+<component>
+<?component error="true" debug="true"?>
+<registration
+	description="scimusers"
+	progid="scimusers.WSC"
+	version="1.00"
+	classid="{6D817B6F-9D08-4636-AAD9-8BD7C5EFF56A}"
+>
+</registration>
+
+<public>
+
+<!-- properties -->
+
+<!-- methods -->
+	<method name="initialize">
+		<PARAMETER name="params"/>
+	</method>
+	<method name="error_handler">
+		<PARAMETER name="code"/>
+		<PARAMETER name="msg"/>
+		<PARAMETER name="orgHandler"/>
+	</method>
+	<method name="transform_filter">
+		<PARAMETER name="filter"/>
+	</method>
+	<method name="transform_outgoing">
+		<PARAMETER name="params"/>
+		<PARAMETER name="data"/>
+	</method>
+	<method name="transform_incoming">
+		<PARAMETER name="params"/>
+		<PARAMETER name="data"/>
+	</method>
+	<method name="get_eTag">
+		<PARAMETER name="params"/>
+		<PARAMETER name="data"/>
+	</method>
+</public>
+
+<script language="javascript">
+<![CDATA[
+
+/*	properties	*/
+
+
+/*	methods	*/
+/*
+/*
+    $Id$
+
+    File:   scimusers.wsc
+*/
+/* Globals */
+var FCLT;
+
+function initialize(params)
+{
+    FCLT = params;
+}
+
+function error_handler(code, msg, orgHandler)
+{
+    code = code || 500;
+    var data = {
+        "schemas" : ["urn:ietf:params:scim:api:messages:2.0:Error"],
+        "scimType": "invalidValue",
+        "detail"  : msg,
+        "status"  : code
+    };
+
+    FCLT.DEZE.Response.ContentType = "application/json";
+    FCLT.DEZE.Response.Write(FCLT.DEZE.JSON.stringify(data, null, 2));
+    var codestr = String(code);
+    if (typeof code == "number")
+    {
+        var codestr = { 400: "Bad request",
+                        403: "Forbidden",
+                        404: "Not Found",
+                        422: "Unprocessable Entity" }[code];
+        if (codestr)
+            code = code + " " + codestr;
+    }
+    FCLT.DEZE.Response.Status = code;
+    FCLT.DEZE.Response.End;
+}
+
+function transform_filter(filter)
+{
+    if ("count" in filter)
+        filter.limit = filter.count;
+    if ("startIndex" in filter)
+        filter.offset = filter.startIndex - 1;
+    if ("filter" in filter)
+    {
+        // Ontvangen filter: "filter": "id eq \"KFSG_person_703\""
+        var v_filter = filter.filter.replace ("id eq \"" + FCLT.DEZE.customerId + "_person_", "");
+        v_filter = v_filter.replace("\"", "");
+        filter.id = v_filter;
+    }
+    return filter;
+}
+
+function get_eTag(params, data)
+{
+    if (data && typeof data == "object" && "meta" in data)
+        return data.meta.version;
+    return null;
+}
+
+function get_element(data)
+{
+   if (data == undefined) data = "";
+   return data;
+}
+
+function transform_incoming(params, data)
+{
+    var enterprise = data["urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"];
+    var facilitor = data["urn:ietf:params:scim:schemas:extension:facilitor:2.0:User"];
+
+    var person =
+    {
+        login        : get_element(data["userName"]),
+        externallogin: get_element(data["userName"]),
+        externalid   : get_element(data["externalId"]),
+        lastname     : get_element(data["name"]["familyName"]),
+        middlename   : get_element(data["name"]["middleName"]),
+        firstname    : get_element(data["name"]["givenName"]),
+        deactivated  : data["active"]?null:new Date(),
+        employeenumber : get_element(enterprise["employeeNumber"])
+    };
+    
+    person["function"] = { name: "Onbekend" }; // geen onderdeel van de interface
+
+
+    var dep_id = "";
+    if (facilitor["orgUnit"] && facilitor["orgUnit"]["value"] )
+        dep_id = facilitor["orgUnit"]["value"].replace (FCLT.DEZE.customerId + "_department_", "");
+    else
+        dep_id = 1; // bij het aanmaken van een nieuwe persoon is de afdeling nog leeg. Dan tijdelijke even onder onbekend hangen.
+
+    if (facilitor["initials"])
+        person.initials = get_element(facilitor["initials"]);
+
+    person["department"] = { id: dep_id };
+ 
+    if (data["emails"] && data["emails"][0])
+    {
+       person.email = get_element(data["emails"][0].value); // type:work/primary:true opzoeken ?
+    }
+     
+    person.mobile = "";
+    person.phone = "";
+    if (data.phoneNumbers)
+    {
+        for (var j = 0; j < data["phoneNumbers"].length; j++)
+        {   if (data["phoneNumbers"][j]["type"] == 'mobile')
+            {
+                person.mobile = get_element(data["phoneNumbers"][j].value);
+            }
+            if (data["phoneNumbers"][j]["type"] == 'work')
+            {
+                person.phone = get_element(data["phoneNumbers"][j].value);
+            }
+        }
+    }
+
+    return { person: person };
+}
+
+function transform_one_person(params, person)
+{
+    var unique = FCLT.DEZE.customerId + "_person_" + String(person.id);
+ 
+    var oneuser = {
+           "userName":person.externallogin || person.login,
+           "id":unique,
+           "name":{
+              "formatted":person.name,
+              "familyName":person.lastname
+           },
+           "schemas":[
+              "urn:ietf:params:scim:schemas:core:2.0:User",
+              "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"
+           ],
+           "displayName":person.name,
+           "active": !person.deactivated,
+           "meta":{
+              "created":person.created,
+              "lastModified":person.lastchange?person.lastchange:person.created,
+              "location":FCLT.DEZE.HTTP.urlzelf() + "/appl/SCIM/Users/" + unique,
+              "resourceType":"User"
+           },
+           "groups":[],
+           "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User" :
+               {
+                   "employeeNumber":person.employeenumber
+               },
+           "urn:ietf:params:scim:schemas:extension:facilitor:2.0:User" :
+               {
+               "orgunit":
+                  {
+                     "value":FCLT.DEZE.customerId + "_department_" + String(person.department.id),
+                     "$ref":FCLT.DEZE.HTTP.urlzelf() + "/appl/SCIM/OrgUnits/" + FCLT.DEZE.customerId + "_department_" + String(person.department.id)
+                  },
+               "initials":person.initials
+               }
+        }
+
+
+    if (person.middlename) oneuser.name.middleName = person.middlename;
+    if (person.firstname) oneuser.name.givenName = person.firstname;
+    if (person.externalid) oneuser.externalId =person.externalid;
+    if (person.email) 
+    { 
+        oneuser.emails = [
+              {
+                 "value":person.email,
+                 "type":"work",
+                 "primary":true
+              }];
+    }
+
+    var phoneNumbers = [];
+    
+    if (person.mobile) 
+           phoneNumbers.push(
+              {
+                 "value":person.mobile,
+                 "type":"mobile",
+                 "primary":true
+              });
+    if (person.phone) 
+    phoneNumbers.push(
+              {
+                 "value":person.phone,
+                 "type":"work",
+                 "primary":false
+              });
+    oneuser.phoneNumbers = phoneNumbers;
+        
+    var allgroups = [];
+    for (var j = 0; j < person.authorization.length; j++)
+    {
+        var group = person.authorization[j];
+        var unique = FCLT.DEZE.customerId + "_authorizationgroup_" + String(group.authorizationgroup.id);
+        oneuser.groups.push({
+                 "value":unique,
+                 "$ref":FCLT.DEZE.HTTP.urlzelf() + "/appl/SCIM/Groups/" + unique,
+                 "display":group.authorizationgroup.name
+              })
+    }
+    var oCrypto = new ActiveXObject("SLNKDWF.Crypto");
+    var eTag = '"' + oCrypto.hex_sha1(FCLT.DEZE.JSON.stringify(oneuser)).toLowerCase() + '"';
+    oneuser.meta["version"] = "W/" + eTag; // Weak eTag?
+    return oneuser;
+}
+
+function transform_outgoing(params, data)
+{
+    if ("person" in data)
+    {
+        var oneperson = transform_one_person(params, data.person);
+        return oneperson;
+    }
+    if ("persons" in data)
+    {
+        var allusers = [];
+        for (var i = 0; i < data.persons.length; i++)
+        {
+            var person = data.persons[i]; // _ users zijn er al wel uitgefiltert
+            allusers.push(transform_one_person(params, person));
+        }
+
+        return {
+        	"totalResults": data.total_count,
+        	"itemsPerPage": allusers.length,
+        	"startIndex": (data.offset || 0) + 1,
+        	"schemas": ["urn:ietf:params:scim:api:messages:2.0:ListResponse"],
+        	"Resources": allusers
+        };
+    }
+}
+
+]]>
+</script>
+</component>

APPL/AUT/LogOff.asp

@@ -37,6 +37,7 @@ if (Session("org_user_key") > 0)
 else
 {
     result.return_url = S("logoff_return_url");
+    var allow_auto_sso = false;
     if (Session("idp_key") > 0)
     {
         var sql = "SELECT aut_idp_remote_logouturl"
@@ -44,11 +45,14 @@ else
                 + " WHERE aut_idp_key = " + Session("idp_key");
         var oRs = Oracle.Execute(sql);
         if (oRs("aut_idp_remote_logouturl").Value)
+        {
             result.return_url = oRs("aut_idp_remote_logouturl").Value;
+            allow_auto_sso = true;
+        }
         oRs.Close();
     }
 
-    doLogoff();
+    doLogoff(allow_auto_sso);
 }
 Response.Write(JSON.stringify(result));
 Response.End;

APPL/AUT/LoggedOff.asp

@@ -0,0 +1,23 @@
+<%@language = "javascript" %>
+<% /*
+    $Revision$
+    $Id$
+
+    File:           LoggedOff.asp
+    Description:    Toont simpelweg de tekst 'U bent uitgelogd' met een linkje terug naar het inlogscherm
+    Parameters:
+    Context:        Bestand kan geconfigureerd worden als aut_idp_remote_logouturl
+    Note:           Handig voor omgevingen waar de SSO op ip-adres automatisch
+                    verloopt maar waar je geen goede generieke aut_idp_remote_logouturl weet
+                    Dan kun je verwijzen naar ../aut/LoggedOff.asp
+
+*/
+ANONYMOUS_Allowed = 1;
+%>
+<!-- #include file="../Shared/common.inc" -->
+<!-- #include file="../Shared/iface.inc" -->
+<!-- #include file="./login.inc" -->
+<%
+    var lcl_loggedoff = "U bent nu afgemeld van FACILITOR.<br>Sluit uw browser of klik <a href='{0}'>hier</a> om weer aan te melden.".format(rooturl + "/");
+    shared.simpel_page(lcl_loggedoff);
+%>

APPL/AUT/Login.inc

@@ -18,14 +18,17 @@
 <!-- #include file="../api2/model_prs_perslid.inc" -->
 <%
 // Elders is prs_key geauthenticeerd. Registreer die hier als de actieve gebruiker.
+// stateless komen we hier al niet
 function doLogin(prs_key, params)
 {
     __Log("==== doLogin " + prs_key);
     params = params || {};
     // Paranoia mode
     var sql = "SELECT prs_perslid_login"
+            + "     , prs_perslid_einddatum"
             + "  FROM prs_perslid"
             + " WHERE prs_perslid_verwijder IS NULL"
+            + "   AND prs_perslid_inactief IS NULL"
             + "   AND prs_perslid_key = " + prs_key;
     var oRs = Oracle.Execute(sql);
     if (oRs.Eof)
@@ -34,8 +37,20 @@ function doLogin(prs_key, params)
         eval("INTERNAL_ERROR_INVALID_LOGIN_" + prs_key);
     }
     var first_login = (oRs("prs_perslid_login").Value == null);
+    var einddatum = oRs("prs_perslid_einddatum").Value != null?new Date(oRs("prs_perslid_einddatum").Value): null;
     oRs.Close();
 
+    if (S("prs_einddatum_login_grace") >= 0 && einddatum)
+    {
+        var last_allow_login = einddatum;
+        last_allow_login.setDate(last_allow_login.getDate() + S("prs_einddatum_login_grace"))
+        if (new Date().midnight() > last_allow_login)
+        {
+            doLogoff();
+            shared.simpel_page(L("lcl_einddatum_login_expired"));
+        }
+    }
+
     if ("isFACFACinternal" in params) // vanuit JWT-sso
     {
         var deze = new Perslid(prs_key);
@@ -54,12 +69,6 @@ function doLogin(prs_key, params)
         }
     }
 
-    // Alvast nieuwe user_key loggen zodat je ziet wie er inlogt.
-    if (typeof NO_ADDHEADER == "undefined" && user_key != prs_key && Request.Servervariables("HTTP_FCLT_VERSION").Count > 0)
-    {   // wordt opgepikt door FCLTAPI.DLL voor in de logging en daarna gestript. Niet in Fiddler te zien dus
-        Response.AddHeader ("FCLT_USERID", customerId + "\\" + String(prs_key));
-    }
-
     /* global */ user_key = prs_key;
     //user_lang = oRs(1).Value; // globale moet er nog uit!
     if (typeof LCL_Disable == "undefined")
@@ -74,7 +83,7 @@ function doLogin(prs_key, params)
     var ip = String(Request.ServerVariables("REMOTE_ADDR"));
     Session("last_ip") = ip; // onthouden voor ip_locking
 
-    if (!params.noFacSession) // AAEN infobord krijgt er anders 10 per minuut
+    if (!params.noFacSession && !params.stateless) // Oldstyle API krijgt er anders te veel
     {
         // Nu maar eens oudere opruimen. Effectief blijft altijd
         // de laatste sessie van een gebruiker staan.
@@ -86,7 +95,7 @@ function doLogin(prs_key, params)
         var agent = String(Request.ServerVariables("HTTP_USER_AGENT"));
 
         // Welbeschouwd gebruiken we het volgende FAC_SESSION record nooit, we werken
-        // altijd met ASPSESSION==>IIS SESSION==>user_key
+        // altijd met ASPSESSION cookie==>IIS SESSION==>user_key
         var sql = "INSERT INTO fac_session"
                + "    (fac_session_sessionid_hash,"
                + "     prs_perslid_key,"
@@ -141,7 +150,7 @@ function doLogin(prs_key, params)
     oRs.Close();
 
     // FACFAC tracken we altijd
-    if (!params.noFacSession) // fac_scan_cust genereert er anders te veel
+    if (!params.noFacSession && !params.stateless) // fac_scan_cust genereert er anders te veel
     {
         if (user.has("WEB_FACFAC"))
             shared.trackaction("PRSLOG", user_key, L("lcl_logged_on").format(Session("ASPFIXATION").slice(-6)));
@@ -167,16 +176,6 @@ function doLogin(prs_key, params)
                 + " )";
         Oracle.Execute(sql, true);
     }
-    else
-    {
-        __Log("Welcome.asp expired?");
-        var sql = "DELETE FROM fac_menu"
-                + " WHERE fac_menu_altgroep = 5"
-                + "   AND fac_menu_alturl = " + safe.quoted_sql(S("fac_firstlogin_url"))
-                + "   AND prs_perslid_key = " + user_key
-                + "   AND fac_menu_aanmaak < SYSDATE - " + S("fac_firstlogin_expire");
-        Oracle.Execute(sql, true);
-    }
 
     var fac_lang = getQParamSafe("fac_lang", "").toUpperCase(); // overrule via param
     // Liever geen session maar m_connections heeft dit al nodig voor zijn fac.initsession
@@ -187,12 +186,21 @@ function doLogin(prs_key, params)
 
     return true;
 }
+function doLoginStateless(prs_key, params)
+{
+    /* global */ user_key = prs_key;
+    Session("user_key") = user_key; // Nu ben je pas *echt* ingelogd
+    /* global */ user = new Perslid(user_key); // wordt mogelijk nog overruled door imporsonate
+    Session("stateless") = 1;
+    Session.Abandon(); // Altijd, voor de zekerheid
+}
 
 // Session.Abondon is gevaarlijk: dan verlies je ook CustomerID etc.
 // Bovendien krijg je met IIS dan nog steeds geen nieuwe ASPSESSIONID
-function doLogoff()
+function doLogoff(allow_auto_sso)
 {
-    Session("no_sso") = 1; // Voorkom autosso
+    if (!allow_auto_sso)
+        Session("no_sso") = 1; // Voorkom auto_sso
     Session.Contents.Remove("user_key");
     Session.Contents.Remove("ASPFIXATION");
     Session.Contents.Remove("must_reset_password");
@@ -245,7 +253,7 @@ function makeSessionCookie (sessionData)
        +     "fac.makehash(" + safe.quoted_sql(sessionId) + "), "
        +     user_key + ", "
        +     safe.quoted_sql(sessionData) + ", "
-       + "   sysdate + " + S("login_remember_days") + ", " // sessie timeout op een half jaar.
+       + "   sysdate + " + S("login_remember_days") + ", " // sessie timeout op 30 dagen.
        +     safe.quoted_sql(agent, 256) + ","
        +     safe.quoted_sql(ip, 64) + " )"
     Oracle.Execute(sql);
@@ -363,16 +371,16 @@ function testpassword(prs_key, wachtwoord, pmobile)
     if (!wachtwoord)
         return false;
 
-    var sql = " SELECT prs_perslid_key"
-            + "      , prs_perslid_flags"
-            + "      , prs_perslid_authenticatie"
-            + "      , prs_perslid_authenticatie_exp"
-            + "      , prs_perslid_salt"
-            + "      , prs_perslid_wachtwoord_hash"
-            + "      , prs_perslid_oslogin"
-            + "      , prs_perslid_apikey"
-            + "   FROM prs_perslid"
-            + "  WHERE prs_perslid_key = " + prs_key;
+    var sql = "SELECT prs_perslid_key"
+            + "     , prs_perslid_flags"
+            + "     , prs_perslid_authenticatie"
+            + "     , prs_perslid_authenticatie_exp"
+            + "     , prs_perslid_salt"
+            + "     , prs_perslid_wachtwoord_hash"
+            + "     , prs_perslid_oslogin"
+            + "     , prs_perslid_apikey"
+            + "  FROM prs_perslid"
+            + " WHERE prs_perslid_key = " + prs_key;
     var oRs = Oracle.Execute(sql);
 
     var passsalt = oRs("prs_perslid_salt").Value;
@@ -383,14 +391,19 @@ function testpassword(prs_key, wachtwoord, pmobile)
     var oslogin = oRs("prs_perslid_oslogin").Value;
     oRs.Close();
 
-    if (pmobile==1 && mobauth) // Mobile 'verzonnen' wachtwoord
+    if (mobauth && mobauthexp && new Date() <= mobauthexp) // Mobile 'verzonnen' wachtwoord nog niet verlopen?
     {
         var mobww = wachtwoord.toLowerCase(); // wij sturen lowercase base32
         mobww = mobww.replace(/0/i, 'o'); // 0 / 1 / 8 komen daar niet in voor
         mobww = mobww.replace(/1/i, 'l');
         mobww = mobww.replace(/8/i, 'b');
-        if (mobauth == mobww && mobauthexp && new Date() <= mobauthexp)
+        if (mobauth == mobww)
         {
+            var sql = "UPDATE prs_perslid" // geen hergebruik
+                    + "   SET prs_perslid_authenticatie = NULL"
+                    + " WHERE prs_perslid_key = " + prs_key;
+            Oracle.Execute(sql);
+
             return true; // Goed
         }
         __Log("Mobile token check failed");
@@ -427,7 +440,7 @@ function testpassword(prs_key, wachtwoord, pmobile)
         oRs.Close();
         if (!found)
             return false;
-        // else TODO upgraden!
+        // else iets verderop upgraden!
         var workfactor = 0;
     }
     else // new style
@@ -474,11 +487,11 @@ function setpassword(prs_key, wachtwoord, expired)
     {
         var passsalt = shared.random(32);
         var workfactor = S("prs_password_hash_factor");
-        var is_hash = pbkdf2(wachtwoord, passsalt, workfactor);
+        var new_hash = pbkdf2(wachtwoord, passsalt, workfactor);
         var sql = "UPDATE prs_perslid"  // Ooit expire op SYSDATE + fac.getsetting ('prs_password_expiration') als die is gevuld
                 + "   SET prs_perslid_wachtwoord_exp = " + (expired?"SYSDATE":"NULL")
                 + "     , prs_perslid_salt = " + safe.quoted_sql(passsalt)
-                + "     , prs_perslid_wachtwoord_hash = " + safe.quoted_sql('1${0}${1}'.format(workfactor, is_hash))
+                + "     , prs_perslid_wachtwoord_hash = " + safe.quoted_sql('1${0}${1}'.format(workfactor, new_hash))
                 + " WHERE prs_perslid_key = " + prs_key;
         Oracle.Execute(sql);
     }
@@ -486,13 +499,12 @@ function setpassword(prs_key, wachtwoord, expired)
 
 function testotp (prs_key, otprequest)
 {
-    var sql = " SELECT prs_perslid_otpsecret"
-            + "      , prs_perslid_otpcounter"
-            + "   FROM prs_perslid"
-            + "  WHERE prs_perslid_key = " + prs_key;
+    var sql = "SELECT prs_perslid_otpsecret"
+            + "     , prs_perslid_otpcounter"
+            + "  FROM prs_perslid"
+            + " WHERE prs_perslid_key = " + prs_key;
 
     var oRs = Oracle.Execute(sql);
-
     var otpsecret = oRs("prs_perslid_otpsecret").Value;
     var otpcounter = oRs("prs_perslid_otpcounter").Value || -1;
     oRs.Close();
@@ -536,6 +548,7 @@ function verify_otp (prs_key, otprequest, otpsecret, otpcounter)
     return otp_oke;
 }
 
+// Op basis van usernaam/wachtwoord gaan we iemand authenticeren
 function getIdentity(username, wachtwoord, params)
 {
     var result = { success: false, fail_reason: L("lcl_login_wrong") };
@@ -544,7 +557,7 @@ function getIdentity(username, wachtwoord, params)
     if (!username || username == 'undefined')
         return result;
 
-    if (username.indexOf("\\") > -1)
+    if (username.indexOf("\\") > -1 && S("aut_login_strip_domain") == 1)
         username = username.split("\\")[1]; // strip domain name
 
     // Brute force protection
@@ -601,32 +614,37 @@ function getIdentity(username, wachtwoord, params)
         var oSLNKDWF = new ActiveXObject("SLNKDWF.About");
         // maximaal 80 seconde slapen, anders ASP-timeout
         var sleepsec = Math.min(80, S("prs_login_lockout_delay") * Math.pow(S("prs_login_lockout_delayfactor"), founddata.count - 1));
+        __Log("Vanwege {0} pogingen ga ik {1}ms slapen".format(founddata.count, 1000*sleepsec), "ffd0d0");
         oSLNKDWF.Sleep(1000 * sleepsec);
     }
 
     var logins = [];
+    logins.push(" prs_perslid_apikey = " + safe.quoted_sql(username, 128)); // Die mag altijd wel
     if (S("login_use_email"))
     {
         logins.push(" upper(prs_perslid_email) = " + safe.quoted_sql_upper(username));
     }
-    else if (getQParam("API", ""))
-    {
-        logins.push(" prs_perslid_apikey = " + safe.quoted_sql_upper(username, 128));
-        wachtwoord = null;
-    }
     else
     {
         logins.push(" prs_perslid_oslogin = " + safe.quoted_sql_upper(username, 30));
         logins.push(" prs_perslid_oslogin2 = " + safe.quoted_sql_upper(username, 30));
     }
-    var sql = " SELECT prs_perslid_key, "
-            + "        prs_perslid_flags"
-            + "      , prs_perslid_otpsecret"
-            + "      , prs_perslid_otpcounter"
-            + "   FROM prs_perslid"
-            + "  WHERE prs_perslid_verwijder IS NULL"
-            + "    AND (" + logins.join(" OR ") + ")"
-            + "    AND BITAND(prs_perslid_flags, 1+4+8) = 0"; // 2==unconfirmed staan we nog heel even toe
+
+    var block_flags = 4+8; // Niet grouped of blocked, 2==unconfirmed staan we nog heel even toe
+    if (!params.stateless)
+    {
+        block_flags += 1; // systemuser ook niet interactief
+    }
+    var sql = "SELECT prs_perslid_key "
+            + "     , prs_perslid_flags"
+            + "     , prs_perslid_otpsecret"
+            + "     , prs_perslid_otpcounter"
+            + "     , prs_perslid_apikey"
+            + "  FROM prs_perslid"
+            + " WHERE prs_perslid_verwijder IS NULL"
+            + "   AND prs_perslid_inactief IS NULL"
+            + "   AND (" + logins.join(" OR ") + ")"
+            + "   AND BITAND(prs_perslid_flags, " + block_flags + ") = 0";
 
     var oRs = Oracle.Execute(sql);
     if (oRs.Eof) // Gebruikersnaam niet eens gevonden
@@ -637,9 +655,11 @@ function getIdentity(username, wachtwoord, params)
         var usStart = oSLNKDWF.usTimer;
         var test_hash = oCrypto.hex_pbkdf2("password", "salt", Math.pow(2, workfactor - 5), 20); // 1/32e van een echt wachtwoord als test
         var tmicro = oSLNKDWF.usTimer - usStart;
+        __Log("Vanwege niet gevonden gebruiker {0}ms slapen".format(Math.round(tmicro / 1000 * 32)), "ffd0d0");
         var oSLNKDWF = new ActiveXObject("SLNKDWF.About");
-        var sleepmsec = Math.min(80000, tmicro / 1000 * 32);
+        var sleepmsec = Math.min(80000, tmicro / 1000 * 31);
         oSLNKDWF.Sleep(sleepmsec);
+        oRs.Close();
         return result;
     }
 
@@ -647,7 +667,13 @@ function getIdentity(username, wachtwoord, params)
     var otpcounter = oRs("prs_perslid_otpcounter").Value || -1;
 
     var found = false;
-    if (/* nog niet vanuit SAML/default.asp params.noPassword && */ wachtwoord == null) // SSO
+    if (oRs("prs_perslid_apikey").Value === username)
+    {
+        params.stateless = true;
+        wachtwoord = null; // die is verder irrelevant
+        found = true; // En zijn we verder wel klaar
+    }
+    else if (/* nog niet vanuit SAML/default.asp params.noPassword && */ wachtwoord == null) // SSO
         found = true; // En zijn we verder wel klaar
     else
         found = testpassword(oRs("prs_perslid_key").Value, wachtwoord, params.mobile);
@@ -722,7 +748,12 @@ function tryLogin(username, wachtwoord, params)
         return false;
 
     if (ident.user_key > 0)
-        doLogin(ident.user_key, params);
+    {
+        if (ident.stateless || params.stateless)
+            doLoginStateless(ident.user_key, params);
+        else
+            doLogin(ident.user_key, params);
+    }
 
     return true;
 }
@@ -1002,11 +1033,6 @@ function SimpleSSO()
         __Log('User#2a = '+username);
     }
     if (username !='' && username!='undefined') {
-        // Strip domain name
-        while( (i = username.indexOf('\\')) >= 0 ) {
-            l = username.length;
-            if( i < l-1 ) username = username.substring(i+1,l);
-        }
         tryLogin(username, null, { noPassword: true });
     }
 }
@@ -1034,11 +1060,6 @@ function IntegratedSSO()
      }
     if (username !='' && username!='UNDEFINED')
     {
-        // Strip domain name
-        while( (i = username.indexOf('\\')) >= 0 ) {
-            l = username.length;
-            if( i < l-1 ) username = username.substring(i+1,l);
-        }
         tryLogin(username, null, { noPassword: true });
     }
 }
@@ -1048,20 +1069,24 @@ function jwt_create(perslid_key, aud)
 {
     var thisPrs = new Perslid(perslid_key)
 
-    var sp_key = -1;
-
     var sql = "SELECT *"
-            + "  FROM fac_sp"
-            + " WHERE fac_sp_audience = " + safe.quoted_sql(aud); // TODO ook issuer meenemen?
+            + "  FROM aut_sp"
+            + " WHERE aut_sp_audience = " + safe.quoted_sql(aud); // TODO ook issuer meenemen?
     var oRs = Oracle.Execute(sql);
     if (oRs.Eof)
         shared.internal_error("Service provider for '{0}' is not configured for {1}".format(safe.html(aud), customerId));
-    sp_key = oRs("fac_sp_key").value;
+    var sp_key = oRs("aut_sp_key").value;
+    if (oRs("aut_sp_loglevel").Value > 0)
+      __Logging = oRs("aut_sp_loglevel").Value;
+
+    if (oRs("fac_functie_key").Value)
+        user.checkAutorisation(oRs("fac_functie_key").Value); // dan moet je die hebben
+
     var params = {
-                   usermapping: oRs("fac_sp_usermapping").Value,
-                   iss: oRs("fac_sp_issuer").Value,
+                   usermapping: oRs("aut_sp_usermapping").Value,
+                   iss: oRs("aut_sp_issuer").Value,
                    aud: aud,
-                   secret: oRs("fac_sp_secret").Value
+                   secret: oRs("aut_sp_secret").Value
                  };
     oRs.Close();
 
@@ -1073,18 +1098,18 @@ function jwt_create(perslid_key, aud)
         aud: params.aud
     }
 
-    // fac_sp_map bevat de attributen die wij vrijgeven voor deze SP
+    // aut_sp_map bevat de attributen die wij vrijgeven voor deze SP
 
     if (sp_key > 0)
     {
         var sql = "SELECT *"
-                + "  FROM fac_sp_map"
-                + " WHERE fac_sp_key = " + sp_key;
+                + "  FROM aut_sp_map"
+                + " WHERE aut_sp_key = " + sp_key;
         var oRs = Oracle.Execute(sql);
         while (!oRs.Eof)
         {
-            var clm = oRs("fac_sp_map_to").Value; // zo gaat hij heten in de JWT
-            switch (oRs("fac_sp_map_from").Value) // zie model_fac_sp_map.inc voor codering
+            var clm = oRs("aut_sp_map_to").Value; // zo gaat hij heten in de JWT
+            switch (oRs("aut_sp_map_from").Value) // zie model_aut_sp_map.inc voor codering
             {
                 // Zo veel mogelijk volgens http://openid.net/specs/openid-connect-basic-1_0.html#StandardClaims
                 case 1: claim[clm] = thisPrs.oslogin();
@@ -1266,6 +1291,8 @@ function trySSO(ssocode)
 
     var isFACFACinternal = oRs("aut_idp_internal").Value != 0;
     var ip_restrict = oRs("aut_idp_ipfilter").Value;
+    if (oRs("aut_idp_ipauto").Value)
+        ip_restrict = ""; // dan is het geen te forceren filter
     if (isFACFACinternal && S("idp_internal_anyuser"))
         ip_restrict = ""; // dan niet al te moeilijk doen
     var ip_ok = true;
@@ -1284,7 +1311,7 @@ function trySSO(ssocode)
     }
 
     if (!ip_ok)
-        shared.internal_error("IP {0} not allowed for IDP '{0}'".format(ip, ssocode)); // TODO of 400 code forbidden?
+        shared.internal_error("IP {0} not allowed for IDP '{1}' ({2})".format(ip, ssocode, oRs("aut_idp_omschrijving").Value)); // TODO of 400 code forbidden?
 
     var return_to = String(Request.ServerVariables("URL")).substr(rooturl.length) + "?" + String(Request.ServerVariables("QUERY_STRING"));
     return_to = return_to.replace(/^\/default.asp/i, "/"); // default.asp vooraan hoeft niet, ik wil cleane url
@@ -1353,14 +1380,14 @@ function process_claim(claim, idp_data, params)
         {
             case 1: // login
                 settings.overrule_setting("login_use_email", 0);
-                tryLogin(claim[idpm.from], null, { noPassword: true, idp_code: idp_data.code, noFacSession: params.by_bearer, isFACFACinternal: isFACFACinternal });
+                tryLogin(claim[idpm.from], null, { noPassword: true, idp_code: idp_data.code, stateless: params.by_bearer, isFACFACinternal: isFACFACinternal });
                 break;
             case 9: // email
                 settings.overrule_setting("login_use_email", 1);
-                tryLogin(claim[idpm.from], null, { noPassword: true, idp_code: idp_data.code, noFacSession: params.by_bearer, isFACFACinternal: isFACFACinternal });
+                tryLogin(claim[idpm.from], null, { noPassword: true, idp_code: idp_data.code, stateless: params.by_bearer, isFACFACinternal: isFACFACinternal });
                 break;
             case 99: // internal, prs_perslid_key
-                doLogin(parseInt(claim[idpm.from], 10), { noFacSession: params.by_bearer, idp_code: idp_data.code, isFACFACinternal: isFACFACinternal });
+                doLogin(parseInt(claim[idpm.from], 10), { stateless: params.by_bearer, idp_code: idp_data.code, isFACFACinternal: isFACFACinternal });
                 break;
             default:
                 if (idpm.name.id > 1000) // Flexkenmerk
@@ -1377,7 +1404,7 @@ function process_claim(claim, idp_data, params)
                     var oRs = Oracle.Execute(sql);
                     if (!oRs.Eof)
                     {
-                        doLogin(oRs("prs_perslid_key").Value, { noFacSession: params.by_bearer, idp_code: idp_data.code, isFACFACinternal: isFACFACinternal });
+                        doLogin(oRs("prs_perslid_key").Value, { stateless: params.by_bearer, idp_code: idp_data.code, isFACFACinternal: isFACFACinternal });
                     }
                     oRs.Close();
                 }
@@ -1397,218 +1424,227 @@ function process_claim(claim, idp_data, params)
        || user_key > 0 && idp_data.autocreate.id & 2   // en/ of bijwerken
        )
     {
-        var persdata = {  };
-        for (var i =0; i < idp_data.idpmappings.length; i++)
-        {
-            var idpm = idp_data.idpmappings[i];
-            var val = idpm["default"];
-            if (idpm.from in claim)
-                val = claim[idpm.from];
+        process_claim_update(claim, idp_data, params)
+    }
+}
 
-            switch (idpm.name.id) // zie model_aut_idp_map.inc voor codering
+function process_claim_update(claim, idp_data, params)
+{
+    var isFACFACinternal = idp_data.internal != 0;
+    var persdata = {  };
+    for (var i =0; i < idp_data.idpmappings.length; i++)
+    {
+        var idpm = idp_data.idpmappings[i];
+        var val = idpm["default"];
+        if (idpm.from in claim)
+            val = claim[idpm.from];
+
+        switch (idpm.name.id) // zie model_aut_idp_map.inc voor codering
+        {
+            case  1: persdata["login"]         = val; break;
+            case  2: persdata["lastname"]      = val; break;
+            case  3: persdata["firstname"]     = val; break;
+            case  4: persdata["middlename"]    = val; break;
+            case  5: persdata["initials"]      = val; break;
+            case  6: persdata["gender"]        = val; break;
+            case  7: persdata["phone"]         = val; break;
+            case  8: persdata["title"]         = val; break;
+            case  9: persdata["email"]         = val; break;
+            case 10: persdata["phone"]         = val; break;
+            case 11: persdata["mobile"]        = val; break;
+            case 12: persdata["externalid"]    = val; break;
+            // de foreigns
+            case 20: if (val)
+                        persdata["function"]   = { name: val }; break; // Kan omdat fields.function.desc_is_unique is gezet
+            case 21: if (val) // afdeling
             {
-                case 1: persdata["login"]          = val; break;
-                case 2: persdata["lastname"]       = val; break;
-                case 3: persdata["firstname"]      = val; break;
-                case 4: persdata["prefix"]         = val; break;
-                case 5: persdata["initials"]       = val; break;
-                case 6: persdata["gender"]         = val; break;
-                case 7: persdata["phone"]          = val; break;
-                case 8: persdata["title"]          = val; break;
-                case 9: persdata["email"]          = val; break;
-                case 10: persdata["phone"]         = val; break;
-                case 11: persdata["mobile"]        = val; break;
-                // de foreigns
-                case 20: if (val)
-                            persdata["function"]   = { name: val }; break; // Kan omdat fields.function.desc_is_unique is gezet
-                case 21: if (val) // afdeling
+                // Zoek afdeling
+                var sql = "SELECT prs_afdeling_key"
+                        + "  FROM prs_v_afdeling"
+                        + " WHERE prs_afdeling_verwijder IS NULL"
+                        + "   AND prs_afdeling_upper = " + safe.quoted_sql_upper(val);
+                if (idp_data.department)
                 {
-                    // Zoek afdeling
-                    var sql = "SELECT prs_afdeling_key"
-                            + "  FROM prs_v_afdeling"
-                            + " WHERE prs_afdeling_verwijder IS NULL"
-                            + "   AND prs_afdeling_upper = " + safe.quoted_sql_upper(val);
-                    if (idp_data.department)
-                    {
-                        sql += " AND prs_afdeling_parentkey = " + idp_data.department.id;
-                    }
-                    else
-                    {
-                        if  (idp_data.company)
-                            sql += " AND prs_bedrijf_key = " + idp_data.company.id;
-                    }
-                    var oRs = Oracle.Execute(sql);
-                    if (oRs.Eof)
-                    {
-                        __Log("Claimed department {0} not found".format(val));
-                        // Er komt eventueel wel een fallback naar idp_data.department.id
-                    }
-                    else
-                    {
-                        var afd_key = oRs("prs_afdeling_key").Value;
-                        oRs.MoveNext();
-                        if (!oRs.Eof)
-                            shared.internal_error("Claimed department {0} not unique".format(val));
-
-                        persdata["department"] = afd_key;
-                    }
-                    oRs.Close();
-                    break;
-                }
-                // De 1-n
-                case 100: persdata.authorisation   = val; break;
-                case 101: persdata.workplace       = val; break;
-                // case 102: persdata.workplacevirtual       = val; break;
-                // case 103: reserved voor mandatering?
-                default:
-                    if (idpm.name.id > 1000)
-                        set_custom_field(persdata, idpm.name.id - 1000, val, "C");
-                    break;
-            }
-        }
-        // Klantspecifieke check functie (hookfunction) voor de invoer
-        var pResult = new HookResult();
-        if (!custfunc.aut_process_claim(persdata, claim, idp_data, pResult))
-        {
-          abort_with_warning(pResult.errmsg);
-        }
-
-        if (!("department" in persdata))
-        {
-            if (!idp_data.department)
-                shared.internal_error("Department is not configured for Identity Provider {0} ({1})".format(idp_data.code, idp_data.name));
-
-            persdata["department"] = idp_data.department.id; // dan moet die ingevuld zijn
-        }
-
-        if (user_key < 0)
-            __Log("User automatically created with data:");
-        else
-            __Log("User automatically updated with data:");
-        __Log(persdata);
-
-        var persparams = {};
-        var person = new model_prs_perslid({ internal: true }); // Internal: true om dit (nog) anoniem te mogen doen
-        if (user_key > 0) // bijwerken
-        {
-            person.REST_PUT( persparams, persdata, user_key );
-        }
-        else // nieuwe
-        {
-            var prs = person.REST_POST( persparams, persdata );
-            __DoLog("Created user '{0} {1}' with key {2} for idp '{3}'".format(persdata["firstname"], persdata["lastname"], prs.key, idp_data.code));
-            // De nieuw aangemaakte gebruiker inloggen:
-            doLogin(prs.key, { idp_code: idp_data.code, isFACFACinternal: isFACFACinternal });
-            // En nu pas kunnen we tracken
-            shared.trackaction("PRSUPD", prs.key, "Created user '{0} {1}' for idp '{2}'".format(persdata["firstname"], persdata["lastname"], idp_data.code));
-        }
-        // Nu authorisatie groepen nog bijwerken
-        // Via het model was me even iets te hoog gegrepen: ik zou toch (nog) de id's er bij moeten halen
-        if ("authorisation" in persdata)
-        {   // authorisation bevat gebruikersgroepen gescheiden door '|' of ';'
-            /* SHIB: Within each CGI variable or header (see below), multiple attribute values
-               are separated by a semicolon, and semicolons in values are escaped with a backslash.
-               The data should be interpreted as UTF-8, which is a superset of ASCII.
-             */
-
-            var autharr = persdata["authorisation"].toLowerCase().split(/[;\|]/); // lowerCase, insensitive dus
-            var sql = "DELETE FROM fac_gebruikersgroep"
-                    + " WHERE prs_perslid_key = " + user_key
-                    + "   AND fac_groep_key NOT IN (SELECT fac_groep_key "
-                    + "                               FROM fac_groep"
-                    + "                              WHERE LOWER(fac_groep_omschrijving) IN ({0})".format(safe.quoted_sql_join(autharr))
-                    + "                                 OR SUBSTR(fac_groep_omschrijving, 1, 1) = '_'" // Die blijven altijd
-                    + "                             )";
-            Oracle.Execute(sql);
-            var sql = "INSERT INTO fac_gebruikersgroep(prs_perslid_key, fac_groep_key)"
-                    + "  SELECT " + user_key + ", fac_groep_key"
-                    + "    FROM fac_groep fg"
-                    + "   WHERE LOWER(fac_groep_omschrijving) IN ({0})".format(safe.quoted_sql_join(autharr))
-                    + "     AND SUBSTR(fac_groep_omschrijving, 1, 1) <> '_'" // Die nooit
-                    + "     AND NOT EXISTS (SELECT 1"
-                    + "                       FROM fac_gebruikersgroep fg2"
-                    + "                      WHERE fg2.fac_groep_key = fg.fac_groep_key"
-                    + "                        AND fg2.prs_perslid_key = " + user_key + ")";
-            Oracle.Execute(sql);
-        }
-
-        if ("workplace" in persdata)
-        {
-            // Eerst oude werkplekken ophalen
-            var sql = "SELECT pw.prs_werkplek_key, UPPER(alg_plaatsaanduiding) alg_plaatsaanduiding"
-                    + "  FROM prs_perslidwerkplek pw, prs_werkplek wp, alg_v_plaatsaanduiding"
-                    + " WHERE pw.prs_perslid_key = " + user_key
-                    + "   AND pw.prs_werkplek_key = wp.prs_werkplek_key"
-                    + "   AND wp.prs_werkplek_type = 0" // alleen vaste plekken
-                    + "   AND alg_onroerendgoed_keys = wp.prs_alg_ruimte_key"
-                    + "   AND alg_onroerendgoed_type = 'R'";
-
-            var oRs = Oracle.Execute(sql);
-            var oldWP = {};
-            while (!oRs.Eof)
-            {
-                oldWP[oRs("alg_plaatsaanduiding").Value] = oRs("prs_werkplek_key").Value;
-                oRs.MoveNext();
-            }
-            oRs.Close();
-
-            // workplace bevat ruimtes gescheiden door '|' of ';'
-            // (we ondersteunen alleen impliciete werkplekken, geen 'named')
-            // Codering moet volgens alg_v_plaatsaanduiding zijn (locatiecode-gebouwcode-verdiepingcode-ruimtenr)
-            // Als er een '@' voor staat is het een virtuele werkplek
-            persdata["workplace"] = persdata["workplace"] || "";
-            var workplacearr = persdata["workplace"].split(/[;\|]/);
-            for (var i = 0; i < workplacearr.length; i++)
-            {
-                var wpcode = workplacearr[i];
-                var virtual = 0;
-                if (wpcode.substr(0, 1) == '@')
-                {
-                    virtual = 1;
-                    wpcode = wpcode.substr(1);
-                }
-
-                if (wpcode in oldWP)
-                {
-                    delete oldWP[wpcode]; // Hoeven we straks niet te wissen
-                }
-                else // Toevoegen
-                {
-                    var sql = "SELECT alg_onroerendgoed_keys"
-                            + "  FROM alg_v_plaatsaanduiding"
-                            + " WHERE alg_onroerendgoed_type = 'R'"
-                            + "   AND UPPER(alg_plaatsaanduiding) = " + safe.quoted_sql_upper(wpcode);
-                    var oRs = Oracle.Execute(sql);
-                    if (!oRs.Eof)
-                    {
-                        delete oldWP[wpcode.toUpperCase()]; // Die zal hergebruikt worden
-                        var okey = oRs("alg_onroerendgoed_keys").Value;
-                        sql = "BEGIN"
-                            + "  prs.movetoruimte ({0}, {1}, '{2}', {3}); ".format(user_key, okey, 'G', virtual) // G want maar <20><>n werkplek per gebouw
-                            + "END;";
-                        Oracle.Execute(sql);
-                    }
-                    else
-                        __Log("Workplace '{0}' not found".format(workplacearr[i]));
-                    oRs.Close();
-                }
-            }
-            for (wpcode in oldWP) // restant opruimen
-            {
-                __Log("Persoon verwijderen van WP {0}, wp-key {1}".format(wpcode, oldWP[wpcode]));
-                if (S("prs_werkplek_implicit") == 1)
-                {
-                    var sql = "DELETE FROM prs_werkplek"
-                            + " WHERE prs_werkplek_key = " + oldWP[wpcode];
+                    sql += " AND prs_afdeling_parentkey = " + idp_data.department.id;
                 }
                 else
                 {
-                    var sql = "DELETE FROM prs_perslid_werkplek"
-                            + " WHERE prs_perslid_key = " + user_key
-                            + "   AND prs_werkplek_key = " + oldWP[wpcode];
+                    if  (idp_data.company)
+                        sql += " AND prs_bedrijf_key = " + idp_data.company.id;
                 }
-                Oracle.Execute(sql);
+                var oRs = Oracle.Execute(sql);
+                if (oRs.Eof)
+                {
+                    __Log("Claimed department {0} not found".format(val));
+                    // Er komt eventueel wel een fallback naar idp_data.department.id
+                }
+                else
+                {
+                    var afd_key = oRs("prs_afdeling_key").Value;
+                    oRs.MoveNext();
+                    if (!oRs.Eof)
+                        shared.internal_error("Claimed department {0} not unique".format(val));
+
+                    persdata["department"] = afd_key;
+                }
+                oRs.Close();
+                break;
             }
+            case 22: if (val)
+                        persdata["profile"]   = { name: val }; break; // Kan omdat fields.function.desc_is_unique is gezet
+            // De 1-n
+            case 100: persdata.authorisation   = val; break;
+            case 101: persdata.workplace       = val; break;
+            // case 102: persdata.workplacevirtual       = val; break;
+            // case 103: reserved voor mandatering?
+            default:
+                if (idpm.name.id > 1000)
+                    set_custom_field(persdata, idpm.name.id - 1000, val, "C");
+                break;
+        }
+    }
+    // Klantspecifieke check functie (hookfunction) voor de invoer
+    var pResult = new HookResult();
+    if (!custfunc.aut_process_claim(persdata, claim, idp_data, pResult))
+    {
+      abort_with_warning(pResult.errmsg);
+    }
+
+    if (!("department" in persdata))
+    {
+        if (!idp_data.department)
+            shared.internal_error("Department is not configured for Identity Provider {0} ({1})".format(idp_data.code, idp_data.name));
+
+        persdata["department"] = idp_data.department.id; // dan moet die ingevuld zijn
+    }
+
+    if (user_key < 0)
+        __Log("User automatically created with data:");
+    else
+        __Log("User automatically updated with data:");
+    __Log(persdata);
+
+    var persparams = {};
+    var person = new model_prs_perslid({ internal: true }); // Internal: true om dit (nog) anoniem te mogen doen
+    if (user_key > 0) // bijwerken
+    {
+        person.REST_PUT( persparams, persdata, user_key );
+    }
+    else // nieuwe
+    {
+        var prs = person.REST_POST( persparams, persdata );
+        __DoLog("Created user '{0} {1}' with key {2} for idp '{3}'".format(persdata["firstname"], persdata["lastname"], prs.key, idp_data.code));
+        // De nieuw aangemaakte gebruiker inloggen:
+        doLogin(prs.key, { idp_code: idp_data.code, isFACFACinternal: isFACFACinternal });
+        // En nu pas kunnen we tracken
+        shared.trackaction("PRSUPD", prs.key, "Created user '{0} {1}' for idp '{2}'".format(persdata["firstname"], persdata["lastname"], idp_data.code));
+    }
+    // Nu authorisatie groepen nog bijwerken
+    // Via het model was me even iets te hoog gegrepen: ik zou toch (nog) de id's er bij moeten halen
+    if ("authorisation" in persdata)
+    {   // authorisation bevat gebruikersgroepen gescheiden door '|' of ';'
+        /* SHIB: Within each CGI variable or header (see below), multiple attribute values
+           are separated by a semicolon, and semicolons in values are escaped with a backslash.
+           The data should be interpreted as UTF-8, which is a superset of ASCII.
+         */
+
+        var autharr = persdata["authorisation"].toLowerCase().split(/[;\|]/); // lowerCase, insensitive dus
+        var sql = "DELETE FROM fac_gebruikersgroep"
+                + " WHERE prs_perslid_key = " + user_key
+                + "   AND fac_groep_key NOT IN (SELECT fac_groep_key "
+                + "                               FROM fac_groep"
+                + "                              WHERE LOWER(fac_groep_omschrijving) IN ({0})".format(safe.quoted_sql_join(autharr))
+                + "                                 OR SUBSTR(fac_groep_omschrijving, 1, 1) = '_'" // Die blijven altijd
+                + "                             )";
+        Oracle.Execute(sql);
+        var sql = "INSERT INTO fac_gebruikersgroep(prs_perslid_key, fac_groep_key)"
+                + "  SELECT " + user_key + ", fac_groep_key"
+                + "    FROM fac_groep fg"
+                + "   WHERE LOWER(fac_groep_omschrijving) IN ({0})".format(safe.quoted_sql_join(autharr))
+                + "     AND SUBSTR(fac_groep_omschrijving, 1, 1) <> '_'" // Die nooit
+                + "     AND NOT EXISTS (SELECT 1"
+                + "                       FROM fac_gebruikersgroep fg2"
+                + "                      WHERE fg2.fac_groep_key = fg.fac_groep_key"
+                + "                        AND fg2.prs_perslid_key = " + user_key + ")";
+        Oracle.Execute(sql);
+    }
+
+    if ("workplace" in persdata)
+    {
+        // Eerst oude werkplekken ophalen
+        var sql = "SELECT pw.prs_werkplek_key, UPPER(alg_plaatsaanduiding) alg_plaatsaanduiding"
+                + "  FROM prs_perslidwerkplek pw, prs_werkplek wp, alg_v_plaatsaanduiding"
+                + " WHERE pw.prs_perslid_key = " + user_key
+                + "   AND pw.prs_werkplek_key = wp.prs_werkplek_key"
+                + "   AND wp.prs_werkplek_type = 0" // alleen vaste plekken
+                + "   AND alg_onroerendgoed_keys = wp.prs_alg_ruimte_key"
+                + "   AND alg_onroerendgoed_type = 'R'";
+
+        var oRs = Oracle.Execute(sql);
+        var oldWP = {};
+        while (!oRs.Eof)
+        {
+            oldWP[oRs("alg_plaatsaanduiding").Value] = oRs("prs_werkplek_key").Value;
+            oRs.MoveNext();
+        }
+        oRs.Close();
+
+        // workplace bevat ruimtes gescheiden door '|' of ';'
+        // (we ondersteunen alleen impliciete werkplekken, geen 'named')
+        // Codering moet volgens alg_v_plaatsaanduiding zijn (locatiecode-gebouwcode-verdiepingcode-ruimtenr)
+        // Als er een '@' voor staat is het een virtuele werkplek
+        persdata["workplace"] = persdata["workplace"] || "";
+        var workplacearr = persdata["workplace"].split(/[;\|]/);
+        for (var i = 0; i < workplacearr.length; i++)
+        {
+            var wpcode = workplacearr[i];
+            var virtual = 0;
+            if (wpcode.substr(0, 1) == '@')
+            {
+                virtual = 1;
+                wpcode = wpcode.substr(1);
+            }
+
+            if (wpcode in oldWP)
+            {
+                delete oldWP[wpcode]; // Hoeven we straks niet te wissen
+            }
+            else // Toevoegen
+            {
+                var sql = "SELECT alg_onroerendgoed_keys"
+                        + "  FROM alg_v_plaatsaanduiding"
+                        + " WHERE alg_onroerendgoed_type = 'R'"
+                        + "   AND UPPER(alg_plaatsaanduiding) = " + safe.quoted_sql_upper(wpcode);
+                var oRs = Oracle.Execute(sql);
+                if (!oRs.Eof)
+                {
+                    delete oldWP[wpcode.toUpperCase()]; // Die zal hergebruikt worden
+                    var okey = oRs("alg_onroerendgoed_keys").Value;
+                    sql = "BEGIN"
+                        + "  prs.movetoruimte ({0}, {1}, '{2}', {3}); ".format(user_key, okey, 'G', virtual) // G want maar <20><>n werkplek per gebouw
+                        + "END;";
+                    Oracle.Execute(sql);
+                }
+                else
+                    __Log("Workplace '{0}' not found".format(workplacearr[i]));
+                oRs.Close();
+            }
+        }
+        for (wpcode in oldWP) // restant opruimen
+        {
+            __Log("Persoon verwijderen van WP {0}, wp-key {1}".format(wpcode, oldWP[wpcode]));
+            if (S("prs_werkplek_implicit") == 1)
+            {
+                var sql = "DELETE FROM prs_werkplek"
+                        + " WHERE prs_werkplek_key = " + oldWP[wpcode];
+            }
+            else
+            {
+                var sql = "DELETE FROM prs_perslid_werkplek"
+                        + " WHERE prs_perslid_key = " + user_key
+                        + "   AND prs_werkplek_key = " + oldWP[wpcode];
+            }
+            Oracle.Execute(sql);
         }
     }
 }

APPL/AUT/SAML/default.asp

@@ -71,6 +71,8 @@
 
     if (user_key > 0)
     {
+        // Onthouden hoe je bent binnengekomen zodat logout naar logout_url kan leiden
+        Session("idp_key") = idp_data.id;
         var return_to = getQParam("return_to", "/") || "/";
         Response.Redirect(rooturl + return_to);
     }

APPL/AUT/getapptoken.asp

@@ -24,6 +24,8 @@ var JSON_Result = true;
     var client_id = getQParam("client_id");
     var device_id = getQParam("device_id", "AUTO_" + shared.random(32)); // optional device identification
                                                                          // Hetzelfde device krijgt altijd hetzelfde token terug
+    var device_name = getQParam("device_name", "<unkwown>"); // Friendly name naar de gebruiker toe
+
     var model_client = new model_aut_client({ internal: true });
     var client_data = api2.GET(model_client, { filter: { "code": client_id } }); // sp moet er dan zijn voor Service Provider
     if (!client_data && client_id == "FCLTAPP1") // Voor FCLTAPP1 ondersteunen we auto-create
@@ -46,7 +48,7 @@ var JSON_Result = true;
         client_data = api2.GET(model_client, result.key );
     }
     if (!client_data)
-        INTERNAL_ERROR_MISSING_SP;
+        shared.internal_error("Client-registration for {0} not found".format(client_id));
 
     var model_client_perslid = new model_aut_client_perslid({ internal: true });
     // Soms nieuwe cp_data maken. Het kan zijn dat je een ander device aan het registreren bent
@@ -56,6 +58,7 @@ var JSON_Result = true;
         var cp_data = { "autclient"   : client_data.id,
                         "scope"       : "*",
                         "device_id"   : device_id,
+                        "device_name" : device_name,
                         "refreshtoken": '1$' + customerId + "_" + shared.random(32), // unused yet
                         "refreshdate" : new Date(),
                         "accesstoken" : '1$' + customerId + "_" + shared.random(32), // Does not expire yet?
@@ -65,7 +68,7 @@ var JSON_Result = true;
                       }
         var result = model_client_perslid.REST_POST({}, cp_data);
         // "App {0} aanmelding voor {1}/{2}";
-        shared.trackaction("PRSLOG", user_key, L("lcl_client_perslid_registered").format(client_id, getQParam("device_name", "<unkwown>"), device_id));
+        shared.trackaction("PRSLOG", user_key, L("lcl_client_perslid_registered").format(client_id, device_name, device_id));
 
         cp_data = api2.GET(model_client_perslid, result.key );
     }
@@ -91,6 +94,11 @@ var JSON_Result = true;
         "issued_at": Math.floor(cp_data.accessdate.getTime() / 1000)
         // "refresh_url": HTTP.urlzelf() + "/appl/aut/getapptoken.asp?client_id={0}&auth={1}".format(sp, spp_data.refreshtoken)
     }
+    // een accesstoken wordt eventueel weer opgevangen in loginTry via http header X-FACILITOR-ACCESS-TOKEN
+
+    Session("aut_client_key") = cp_data.autclient.id;
+    Session("aut_client_name") = cp_data.autclient.name;
+
     Response.Write(JSON.stringify(result));
     Response.End;
 %>

APPL/AUT/loginTry.asp

@@ -6,11 +6,24 @@
     Met vernieuwde kennis zou ik dit bestand authenticate.asp noemen
 
     We weten niet wie de gebruiker is.
-    Probeer op allerlei manieren SSO
+    Probeer op allerlei manieren te authentiseren
     Als het lukt geven we een user_key terug in Session("user_key");
     Als het niet lukt zal doorgaans door common.inc verder gegaan worden in de interactieve Logon.asp
 
     LET OP: Dit bestand wordt via Server.Transfer vanuit Common.inc aangeroepen
+
+    We onderscheiden twee soorten authenticatie
+    Statefull
+        Dit is voor een interactieve gebruiker met een browser. Initieel wordt op
+        allerlei manieren authenticatie geprobeerd maar daarna wordt de user_key
+        in een Session opgeslagen en de volgende keer wordt via een Session-coolie
+        vanuit die session de authenticatie gedaan
+        In prs_perslid_login wordt het laatste moment van inloggen bijgewrkt
+        Er wordt een fac_session record aangemaakt (waar we verder weinig mee doen)
+    Stateless
+        Dit is voor API aanroepen. ELKE aanroep komt de authenticatie opnieuw
+        mee. Dit wordt niet geregistreerd in prs_perslid_login
+        Er wordt een Session.abandon gedaan om niet te veel IIS sessies te houden
 */
 DOCTYPE_Disable = 1;
 ANONYMOUS_Allowed = 1;
@@ -46,6 +59,47 @@ if (typeof Session("sso_sgf") == "string") // Vanuit FACWS001-portal/ sso_sgf.as
     Session.Contents.Remove("sso_sgf_realuser");
 }
 
+// De stateless varianten proberen we eerst, die worden tenslotte potentieel vaak uitgevoerd
+if (user_key < 0)
+{
+    var APIKEY;
+    if (S("fac_api_key_in_url"))
+        APIKEY = getQParam("APIKEY", "");
+    if (!APIKEY && Request.ServerVariables("HTTP_X_FACILITOR_API_KEY").Count)
+        APIKEY = String(Request.ServerVariables("HTTP_X_FACILITOR_API_KEY")); // Meegegeven als X-FACILITOR-API-Key
+    if (APIKEY)
+    {
+        var sql = "SELECT prs_perslid_key, prs_perslid_naam, prs_perslid_oslogin"
+                + "  FROM prs_perslid"
+                + " WHERE prs_perslid_verwijder IS NULL"
+                + "   AND prs_perslid_apikey = " + safe.quoted_sql(APIKEY);
+        var oRs = Oracle.Execute(sql);
+        if (!oRs.Eof)
+        {
+            __Log("API2 User is: {0} ({1})".format(oRs("prs_perslid_naam").Value, oRs("prs_perslid_oslogin").Value));
+            doLoginStateless(oRs("prs_perslid_key").Value);
+        }
+        // else negeren
+        oRs.Close()
+    }
+}
+
+if (user_key < 0)
+{
+    var auth = String(Request.ServerVariables("HTTP_AUTHORIZATION"));
+    if (auth.match(/^Basic /i))
+    {
+        var b64 = auth.substring(6);
+        var plain = decode_b64(b64);
+        if (plain.split(":").length > 1)
+        {
+            var ww = plain.split(":");
+            ww.shift();
+            tryLogin(plain.split(":")[0], ww.join(":"), { stateless: true }); // Behoudt eventuele ':' in wachtwoord
+        }
+    }
+}
+
 if (user_key < 0)
     SimpleSSO(); // de base64 simple sso
 
@@ -64,24 +118,7 @@ if (user_key < 0) // Probeer de user_key uit een cookie te halen
 
 if (user_key < 0)
 {
-    var auth = String(Request.ServerVariables("HTTP_AUTHORIZATION"));
-    if (auth.match(/^Basic /))
-    {
-        __Log("Found Authorization: Basic");
-        var b64 = auth.substring(6);
-        var plain = decode_b64(b64);
-        if (plain.split(":").length > 1)
-        {
-            var ww = plain.split(":");
-            ww.shift();
-            tryLogin(plain.split(":")[0], ww.join(":")); // Behoudt eventuele ':' in wachtwoord
-        }
-    }
-}
-
-if (user_key < 0)
-{
-    var auth = String(Request.ServerVariables("HTTP_X_FACILITOR_ACCESS_TOKEN"));
+    var auth = String(Request.ServerVariables("HTTP_X_FACILITOR_ACCESS_TOKEN")); // Deze is aangemaakt in /aut/getapptoken.asp
     if (auth.match(/^1\$/)) // Mode 1$xxxxxxx
     {
         __Log("Found HTTP_X_FACILITOR_ACCESS_TOKEN");
@@ -92,6 +129,8 @@ if (user_key < 0)
         {
             doLogin(cp_data.person.id);
             model_client_perslid.REST_PUT({}, { login: new Date() }, cp_data.id);
+            Session("aut_client_key") = cp_data.autclient.id;
+            Session("aut_client_name") = cp_data.autclient.name;
         }
     }
 }
@@ -269,7 +308,7 @@ if (user_key < 0 && APIname)
     var API = new API_func(); // controleert vanzelf
 
     if (API.apidata.prs_perslid_key)
-        doLogin(API.apidata.prs_perslid_key, { noFacSession: true });
+        doLogin(API.apidata.prs_perslid_key, { stateless: true });
 }
 
 // LogOff.asp kan Session("no_sso") gezet hebben
@@ -294,8 +333,40 @@ if (user_key < 0 && S("os_logon")
         IntegratedSSO(); // Voor licentieklanten
 }
 
-//if (user_key < 0)
-//    trySSO("DEFAULT"); // zal je standaard naar het loginscherm sturen
+// Tenslotte proberen we automatische iDP's
+if (user_key < 0
+        && typeof Session("no_sso") == "undefined"
+        && !Request.ServerVariables("HTTP_X_FACILITOR_API_KEY").Count
+        && !Request.QueryString("APIKEY").Count)
+{
+    var ip = String(Request.ServerVariables("REMOTE_ADDR"));
+    var sql = "SELECT aut_idp_code"
+            + "     , aut_idp_ipfilter"
+            + "  FROM aut_idp"
+            + " WHERE aut_idp_internal = 0"
+            + "   AND aut_idp_ipauto = 1"
+            + "   AND aut_idp_ipfilter IS NOT NULL"
+            + " ORDER BY aut_idp_ipfilter"; // liefst wil ik sorteren met CIDR met de meeste significante bits (specifiekste) eerst?
+    var oRs = Oracle.Execute(sql);
+    while (user_key < 0 && !oRs.Eof)
+    {
+        var ip_restrict = oRs("aut_idp_ipfilter").Value;
+        var ip_ok = IP.inAnySubnet(ip, ip_restrict);
+        if (IP.inAnySubnet(ip, ip_restrict))
+            trySSO(oRs("aut_idp_code").Value);
+        oRs.MoveNext();
+    }
+    oRs.Close();
+}
+
+if (user_key > 0) // dan hebben we (nu) een nieuwe user
+{
+    // Alvast nieuwe user_key loggen zodat je ziet wie er inlogt.
+    if (typeof NO_ADDHEADER == "undefined" && Request.Servervariables("HTTP_FCLT_VERSION").Count > 0)
+    {   // wordt opgepikt door FCLTAPI.DLL voor in de logging en daarna gestript. Niet in Fiddler dus
+        Response.AddHeader ("FCLT_USERID", customerId + "\\" + String(user_key));
+    }
+}
 
 __Log("== Leaving loginTry.asp ==");
 

APPL/BES/bes.inc

@@ -183,7 +183,7 @@
           }
           else
           {
-            BLOCK_START("besInfo" , L("lcl_bes_key") + " " + S("bes_bestelling_prefix") + bes_bestelling.bes_key + (bes_bestelling.parent_key? "*" : ""));
+            BLOCK_START("besInfo" , L("lcl_bes_key") + " " + S("bes_bestelling_prefix") + bes_bestelling.bes_key + (bes_bestelling.parent_key? "*" : ""));
               if (bes_bestelling.satisfaction)
                   AFIELDTR("fld", L("lcl_res_beoordeling"), "", "", {rating: {score: bes_bestelling.satisfaction, note: bes_bestelling.satisfaction_op} });
 
@@ -394,12 +394,6 @@
 
             var staffel_info = bes.staffel_info(srtdeel_arr, amount_arr);
 
-            // Kan ik zelf fiatteren?: true:  totaalbedrag <= can_selfapprove
-            //                         false  totaalbedrag > can_selfapprove
-            // deze mag/hoeft niet meer te fiatteren
-            var exclude_fiatter =
-                "COALESCE(b.bes_bestelling_fiat_user, " + (staffel_info.totaalbedrag <= S("can_selfapprove")? -1 : "b.prs_perslid_key") + ") ";
-
             // Get info of existing BES_BESTELLING
             var sql = "SELECT b.bes_bestelling_status"
                     + "     , b.bes_bestelling_datum"
@@ -417,7 +411,6 @@
                     + "     , m.mld_adres_key"
                     + "     , b.bes_bestelling_leverdatum"
                     + "     , b.bes_bestelling_retourvan_key"
-                    + "     , prs.getkpverantwoordelijke (b.prs_kostenplaats_key, " + S("prs_approvemethod") + ", " + exclude_fiatter + ") fiatteur_key"
                     + "     , b.bes_bestelling_fiat_user"
                     + "     , b.bes_bestelling_korting"
                     + "     , b.bes_bestelling_levkosten"
@@ -461,7 +454,6 @@
                 afleverruimte       : oRs("bes_bestelling_plaats").Value,
                 rfoDeliverydate     : new Date(oRs("bes_bestelling_leverdatum").Value),
                 rfoRetourVan        : oRs("bes_bestelling_retourvan_key").Value,
-                fiatteur_key        : oRs("fiatteur_key").Value, // degene die het moet doen
                 bes_bestelling_fiat_user : oRs("bes_bestelling_fiat_user").Value, // degene die al geweest is
                 rfoBesKosten        : oRs("bes_bestelling_korting").Value,
                 rfoLevKosten        : oRs("bes_bestelling_levkosten").Value,
@@ -479,10 +471,17 @@
             }
             oRs.close();
 
+            // Kan ik zelf fiatteren?: true:  totaalbedrag <= can_selfapprove
+            //                         false  totaalbedrag > can_selfapprove
+            // deze mag/hoeft niet meer te fiatteren
+            var exclude_fiatter =
+                    bes_bestelling.bes_bestelling_fiat_user || (staffel_info.totaalbedrag <= S("can_selfapprove")? -1 : bes_bestelling.perslid_key);
+
             // Nu de info die indirect uit de bestelaanvraag regels afgeleid moet worden
             // Merk op dat het datamodel bestellingen uit meerdere catalogi ondersteund maar
             // de interface niet. Daarom kan hieronder de MAX(bsg.ins_discipline_key) om <20><>n record te krijgen
             var sql = "SELECT MAX(bsg.ins_discipline_key) ins_discipline_key"
+                    + "     , prs.getfiatteur (" + bes_bestelling.kostenplaats_key + ", " + exclude_fiatter + ", " + staffel_info.totaalbedrag + ", MAX(bsg.ins_discipline_key)) fiatteur_key"
                     + "     , SUM(bi.bes_bestelling_item_aantal * bi.bes_bestelling_item_prijs) totaal"
                     + "     , SUM(bi.bes_bestelling_item_aantalontv) aantalontv"
                     + "     , MAX(bsg.bes_srtgroep_key) bes_srtgroep_key" // Wordt gebruikt tbv. singlegroep en dan is er maar eentje
@@ -510,10 +509,11 @@
             if (oRs("ins_discipline_key").Value == null)
                 shared.internal_error("BES: no item lines.");
 
-            bes_bestelling.dis_key      = oRs("ins_discipline_key").Value,
-            bes_bestelling.srtgroep     = oRs("bes_srtgroep_key").Value,
-            bes_bestelling.singlegroep  = oRs("singlegroep").Value == 1,
-            bes_bestelling.inclBTW      = oRs("inclBTW").Value || 0,
+            bes_bestelling.dis_key      = oRs("ins_discipline_key").Value;
+            bes_bestelling.fiatteur_key = oRs("fiatteur_key").Value; // degene die het moet doen
+            bes_bestelling.srtgroep     = oRs("bes_srtgroep_key").Value;
+            bes_bestelling.singlegroep  = oRs("singlegroep").Value == 1;
+            bes_bestelling.inclBTW      = oRs("inclBTW").Value || 0;
             bes_bestelling.totaal       = oRs("totaal").Value || 0;
             bes_bestelling.aantalontv   = oRs("aantalontv").Value || 0;
             if (oRs("aantal_bedrijf").Value == 1) // Anders te ingewikkeld
@@ -1366,37 +1366,29 @@
 
       getApprover: function(params)
       { // Bepaalde de fiatteur (KP verantwoordelijke of KPG verantwoordlijke).
+        // Levert altijd de eerste fiatteur op maar controleert wel alvast of (als zijn
+        // budget niet echt genoeg is) of de KPG verantwoordelijke wel voldoende budget
+        // heeft. Anders stokt het verderop in het proces.
         var prs_key = params.prs_key;
-        var prs_key_voor = params.prs_key_voor;
         var dis_key = params.dis_key;
         var kp_key = params.kp_key;
         var totaalbedrag = params.totaalbedrag;
 
-        var bes_bestelling = params.bes_bestelling;
-        var bes_disc_info = params.bes_disc_info;
-        var pgb = bes_disc_info.disc_params_pgb;
-        var autoacceptrfo = bes_disc_info.disc_params_autoacceptrfo;
-
-        var isFE = params.isFE;
-        var oldStatus = params.oldStatus;
-        var act_mode = params.act_mode;
-
-        var approver_key = -1;
-        if (prs_key > 0 && totaalbedrag > S("can_selfapprove"))
-          approver_key = prs.getKpVerantwoordelijkeExcept(kp_key, prs_key);
-        else
-          approver_key = prs.getKpVerantwoordelijke(kp_key);
+        var approver_key = prs.getFiatteur(kp_key, totaalbedrag > S("can_selfapprove")?prs_key:-1, totaalbedrag, dis_key);
         __Log('Eerstgevonden fiatteur: ' + approver_key);
         if (approver_key == -1) {
           // geen fiatteur gevonden, bestellen niet mogelijk
           __Log('bestelling afgebroken');
           abort_with_warning(L("lcl_bes_no_fiatteur"));
         }
-        if (budget.exceeds_profiel(totaalbedrag, approver_key, dis_key))
+        // Bij methode 3 heeft getfiatteur() al gekeken naar de profielen en heeft daarbij al
+        // tot en met de kpgroepverantwoordelijke gekeken. Als de opgeleverde perslid die
+        // kpgroepverantw is, ga je hier geen hogere meer vinden. Niet doen dan dus.
+        if (S("prs_approvemethod") != 3 && budget.exceeds_profiel(totaalbedrag, approver_key, dis_key))
         { // de gevonden fiatteur heeft onvoldoende profiel, is er een hogere (kpngroepverantwoordelijke)
           // Let wel: alleen controle of hij er bestaat. Wie het is doen we nog niets mee hier.
           __Log('voldoet niet');
-          var nextapprover_key = prs.getKpVerantwoordelijkeExcept(kp_key, approver_key);
+          var nextapprover_key = prs.getFiatteur(kp_key, approver_key, totaalbedrag, dis_key);
           __Log('Vervolgensgevonden fiatteur: ' + nextapprover_key);
           if (nextapprover_key == -1 || budget.exceeds_profiel(totaalbedrag, nextapprover_key, dis_key))
           {
@@ -1529,7 +1521,7 @@
       upsert_deel: function _upsert_deel(dis_key, params)
       {
           if (!("srtdeel_btw" in params))
-            params.srtdeel_btw = 21.0;
+            params.srtdeel_btw = 21.0; // Wordt vaak in custfunctions.wsc/hook bes_punch_receive gecorrigeerd
           if (!("srtgroep_omschrijving" in params) && params.srtgroep_key > 0)
           { // upsert_srtdeel werkt alleen op basis van omschrijving, helaas (nog) niet op srtgroep_key
             var sql = "SELECT bes_srtgroep_omschrijving"

APPL/BES/bes_approve.asp

@@ -66,19 +66,23 @@ for (var i = 0; i < ingesloten.length; i++)
   var totaal = ingesloten[i].totaal - ingesloten[i].rfoBesKosten + ingesloten[i].rfoLevKosten;
   // als het valt binnen onze limiet (of eigenlijk: degene die nu moet fiatteren als we vervanger zijn) dan zijn we klaar
   // TODO in de volgende versie (zie docu PF) meerlaags fiattering met prs.getfiatteur() vgl opdr_approve.asp
+  // NB: de fiatteur kan nu direct de kpg-er zijn
+
   if (!budget.exceeds_profiel(totaal, ingesloten[i].fiatteur_key, ingesloten[i].dis_key))
-  { // Klaar met fiatteren.
+  {
+    // Klaar met fiatteren.
     bes.setbestellingstatus(ingesloten[i].bes_key, 3); // helemaal Gefiatteerd
 
     // Afhankelijk van de fiatterings/acceptatie flow zijn dit de acties:
-    // 1) "Fiatteur -> "BESBOF": bes_disc_params_fiatflow = 0 (fiatteren en dan accepteren).
+    // 1) "Fiatteur -> BESBOF":  bes_disc_params_fiatflow = 0 (fiatteren en dan accepteren).
     //                           Als het totaalbedrag onder de eerste bestellimiet is hoeft niet geaccepteerd te worden.
     //                           De status kan dan naar "Geaccepteerd(4)" of naar status "Besteld(5)" als de setting auto_order is gezet.
     //                           Dit is de standaard flow.
     // 2) "BESBOF -> Fiatteur":  bes_disc_params_fiatflow = 1 (accepteren en dan fiatteren).
     //                           De eventuele acceptatie heeft al plaatsgevonden. De status kan naar "Besteld(5)" als de setting auto_order is gezet.
+
     if (ingesloten[i].disc_params_fiatflow == 0)
-    { // "Fiatteur -> "BESBOF"
+    { // "Fiatteur -> BESBOF"
       if (ingesloten[i].totaal <= ingesloten[i].disc_params_bestellimiet)
       {
         bes.setbestellingstatus(ingesloten[i].bes_key, 4); // Geaccepteerd door BO
@@ -97,11 +101,13 @@ for (var i = 0; i < ingesloten.length; i++)
     // Nog wel even tracken
     shared.trackaction("BESFIT", ingesloten[i].bes_key);
 
-    // vervolgens naar kostenplaatsgroep fiatteur sturen
+    // vervolgens naar de volgende/kostenplaatsgroep fiatteur sturen
     // Fiatteringsproces moet gevolgd worden op de naam van de "voor wie" (bestelling voor)
     // Als bes_disc_params_for_others niet is gezet zijn perslid_key en perslid_key_voor identiek
     // Haal de kostenplaatsgroep verantwoordelijke/fiatteur op. De kolom b.bes_bestelling_fiat_user is gevuld met de user_key).
-    sql = "SELECT prs.getkpverantwoordelijke (b.prs_kostenplaats_key, 1, COALESCE (b.bes_bestelling_fiat_user, -1)) kpg_fiatteur_key"
+    // Geen methode 3 dus bedrag/ discipline hoeft er niet in. Strikt genomen wordt hier gewoon de volgende bepaald omdat we de
+    // eerste uitsluiten, volgens de huidige structuren is dat de kpgverantwoordelijk maar dat is niet cruciaal.
+    sql = "SELECT prs.getfiatteur (b.prs_kostenplaats_key, COALESCE (b.bes_bestelling_fiat_user, -1), NULL, NULL) kpg_fiatteur_key"
         + "  FROM bes_bestelling b"
         + " WHERE b.bes_bestelling_key = " + ingesloten[i].bes_key;
     var oRs = Oracle.Execute(sql);

APPL/BES/bes_bedrijf_srtprod.asp

@@ -155,7 +155,7 @@ var TransitParam = buildTransitParam(["klant_key", "srtprod_key", "srtprod_keys"
         var prod = srtprod_keys.length  + " L("lcl_producten")";
     }
 
-      BLOCK_START("besWeging", safe.html(prod));
+      BLOCK_START("besWeging", prod);
         ROFIELDTR("fld", L("lcl_company"), bedrijf);
         RWFIELDTR("weging", "fld", L("lcl_bes_weging"), safe.editablefloat(weging), {datatype: "float", html: "onBlur='calcTotal()'"});
         RWFIELDTR("prijs", "fld", L("lcl_bes_price_per_unity"), safe.editablefloat(prijs), {datatype: "float", html: "onBlur='calcTotal()'"});

APPL/BES/bes_bestelling.asp

@@ -198,8 +198,7 @@ transitParam = buildTransitParam(["punch", "voorraad", "mld_key", "artikel_key",
                             newWindow = true;
                       %>
                             punchwindow = true; // voorkomt 'hot'
-                            var wnd = window.open(punch_url);
-                            try { wnd.focus(); } catch (e) { };
+                            FcltMgr.windowopen(punch_url);
                       <% }  else { %>
                             window.location.href=punch_url;
                       <% } %>

APPL/BES/bes_bestelling.js

@@ -52,8 +52,9 @@ var bes_supAddress = "";
 
 function navigateToSupplier()
 {
-  fwnd = window.open(bes_supAddress, 'Supplier','');
-  try { fwnd.focus(); } catch (e) { };
+  FcltMgr.windowopen(bes_supAddress);
+  // Unsafe:
+  // FcltMgr.windowopen(bes_supAddress, 'Supplier','');
 }
 
 function onChangeArtikelgroep()

APPL/BES/bes_edit_bestelling.asp

@@ -713,7 +713,7 @@ else // nieuwe bestelling. Defaults bepalen
                              label: L("lcl_delivery_address"),
                              adresKey:  bes_bestelling.mld_adres_key,
                              emptyOption: "",
-                             filtcode: "A",
+                             filtercode: "A",
                              autlevel: ALGreadlevel,
                              onChange: "onChangeAdres",
                              readonly: aflever_readonly || (adres_key > 0 && bes_key < 0),
@@ -763,7 +763,7 @@ else // nieuwe bestelling. Defaults bepalen
         <% // ======== BLOCK om itemregels toe te voegen ========
         if (this_bes.canItemsChange)
         {
-          BLOCK_START("besItemSel" , L("lcl_bes_selectieblok") + " " + safe.html(bes_disc_info.discipline_omschrijving) + " " + (bes_bestelling.inclBTW? L("lcl_shared_inclBTW") : L("lcl_shared_exclBTW")));
+          BLOCK_START("besItemSel" , L("lcl_bes_selectieblok") + " " + bes_disc_info.discipline_omschrijving + " " + (bes_bestelling.inclBTW? L("lcl_shared_inclBTW") : L("lcl_shared_exclBTW")));
 
           if (bes_disc_info.isFreeArticle)
           {

APPL/BES/bes_edit_opdr.asp

@@ -214,7 +214,7 @@ var this_bestelopdr = bes.func_enabled_bestelopdracht(opdr_key);
                            label: L("lcl_bes_adres_lev"),
                            adresKey:  bes_bestelopdr.mld_adres_key_lev,
                            emptyOption: (bes_bestelopdr.mld_adres_key_lev < 0? null : ""),
-                           filtcode: "A",
+                           filtercode: "A",
                            autlevel: authparams.ALGreadlevel
                         }) ;
 
@@ -223,7 +223,7 @@ var this_bestelopdr = bes.func_enabled_bestelopdracht(opdr_key);
                            label: L("lcl_bes_adres_fac"),
                            adresKey:  bes_bestelopdr.mld_adres_key_fac,
                            emptyOption: (bes_bestelopdr.mld_adres_key_fac < 0? null : ""),
-                           filtcode: "F",
+                           filtercode: "F",
                            autlevel: authparams.ALGreadlevel
                         }) ;
         RWTEXTAREATR("opmerk", "fldtxt", L("lcl_remark"), bes_bestelopdr.opmerking, {html: "rows='3'", suppressEmpty: true}); // Afhandeling, reden niet akkoord

APPL/BES/bes_list.inc

@@ -1704,11 +1704,11 @@ function bes_list (pautfunction, params)
               + "       WHERE k.prs_kostenplaats_key = b.prs_kostenplaats_key) budgethouder"
             + "     , SUM(i.bes_bestelling_item_aantal) aantal"
             + "     , MAX(bes_bestelopdr_item_key) isordered"
-            + "     , (SELECT " + S("prs_pers_string")
-              + "        FROM prs_perslid p"
-              + "       WHERE p.prs_perslid_key = prs.getkpverantwoordelijke (b.prs_kostenplaats_key, " + S("prs_approvemethod") + ", " + exclude_fiatter + ")) fiatteur"
-            + "     , (SELECT " + S("prs_pers_string")
-              + "        FROM prs_perslid p"
+            + "     , (SELECT prs_perslid_naam_full"
+              + "        FROM prs_v_perslid_fullnames_all p"
+              + "       WHERE p.prs_perslid_key = prs.getfiatteur (b.prs_kostenplaats_key, " + exclude_fiatter + ", " + totaalbedrag + ", bd.ins_discipline_key)) fiatteur"
+            + "     , (SELECT prs_perslid_naam_full"
+              + "        FROM prs_v_perslid_fullnames_all p"
               + "       WHERE p.prs_perslid_key = b.bes_bestelling_fiat_user) fiat_user"
             + "     , bd.ins_discipline_key"
             + "     , l.alg_locatie_key"
@@ -1902,7 +1902,7 @@ function bes_list (pautfunction, params)
             var fiatflow = oRs("bes_disc_params_fiatflow").Value;
             if (((fiatflow == 0 && m_stat == 4) || (fiatflow == 1 && m_stat == 3)) &&
                 !oRs("isordered").Value)
-                return fncolStatusOmschr(oRs) + "<br>Nog geen opdracht"; // + L("lcl_bes_no_order_yet");
+                return fncolStatusOmschr(oRs) + "<br>" + L("lcl_bes_no_order_yet");
             else
                 return fncolStatusOmschr(oRs);
         }