Justicea83/Account.cpp

## Account.cpp
bool Account::isApprovedAccountantClient(SQLite& db, const int64_t accountID) {
    const string domain = Account::getDomain(db,accountID);

    const bool hasApprovedAccountantDomainAdmin = !DB::read(db,
                                     "SELECT 1 "
                                     "FROM sharedNameValuePairs s "
                                     "INNER JOIN accounts sa ON sa.accountID = s.accountID "
                                     "WHERE s.name GLOB 'expensify_adminPermissions_*'"
                                     "AND s.ownerAccountID = (SELECT accountID FROM accounts WHERE email = " + SQ(domain) + ") "
                                     "AND ( -- domain admin is EA! "
                                     "(SELECT 1 FROM nameValuePairs WHERE name = 'private_approvedAccountant' "
                                     "AND accountID = s.accountID) = 'APPROVED_ACCOUNTANT' "
                                     "-- domain admin is on a domain flagged as EA! "
                                     "OR (SELECT 1 FROM nameValuePairs WHERE name = 'private_approvedAccountant' "
                                     "AND accountID = (SELECT accountID FROM accounts "
                                     "WHERE email = '+@' || SUBSTR(SUBSTR(sa.email, INSTR(sa.email, '@') + 1), INSTR(SUBSTR(sa.email, INSTR(sa.email, '@') + 1), '@') + 1))) = 'APPROVED_ACCOUNTANT';")
                                     .empty();
    if(hasApprovedAccountantDomainAdmin) return hasApprovedAccountantDomainAdmin;

    return !DB::read(db,
            "SELECT 1 "
            "FROM sharedNameValuePairs s "
            "INNER JOIN accounts sa ON sa.accountID = s.accountID "
            "WHERE s.name GLOB 'expensify_policy*' "
            "AND s.ownerAccountID = " + SQ(accountID) + " "
            "AND s.permissions IN ( 'read, write, share, own','read,write,share,own') "
            "AND ( -- policy admin is EA! "
            "(SELECT value FROM nameValuePairs WHERE name = 'private_approvedAccountant' AND accountID = s.accountID) = 'APPROVED_ACCOUNTANT' "
            "-- policy admin is on a domain flagged as EA! "
            "OR (SELECT value FROM nameValuePairs WHERE name = 'private_approvedAccountant' "
            "AND accountID = (SELECT accountID FROM accounts WHERE email = '+@' || SUBSTR(SUBSTR(sa.email, INSTR(sa.email, '@') + 1), INSTR(SUBSTR(sa.email, INSTR(sa.email, '@') + 1), '@') + 1))) = 'APPROVED_ACCOUNTANT' "
            ");")
            .empty();
}
	bool Account::isApprovedAccountantClient(SQLite& db, const int64_t accountID) {
	const string domain = Account::getDomain(db,accountID);

	const bool hasApprovedAccountantDomainAdmin = !DB::read(db,
	"SELECT 1 "
	"FROM sharedNameValuePairs s "
	"INNER JOIN accounts sa ON sa.accountID = s.accountID "
	"WHERE s.name GLOB 'expensify_adminPermissions_*'"
	"AND s.ownerAccountID = (SELECT accountID FROM accounts WHERE email = " + SQ(domain) + ") "
	"AND ( -- domain admin is EA! "
	"(SELECT 1 FROM nameValuePairs WHERE name = 'private_approvedAccountant' "
	"AND accountID = s.accountID) = 'APPROVED_ACCOUNTANT' "
	"-- domain admin is on a domain flagged as EA! "
	"OR (SELECT 1 FROM nameValuePairs WHERE name = 'private_approvedAccountant' "
	"AND accountID = (SELECT accountID FROM accounts "
	"WHERE email = '+@' \|\| SUBSTR(SUBSTR(sa.email, INSTR(sa.email, '@') + 1), INSTR(SUBSTR(sa.email, INSTR(sa.email, '@') + 1), '@') + 1))) = 'APPROVED_ACCOUNTANT';")
	.empty();
	if(hasApprovedAccountantDomainAdmin) return hasApprovedAccountantDomainAdmin;

	return !DB::read(db,
	"SELECT 1 "
	"FROM sharedNameValuePairs s "
	"INNER JOIN accounts sa ON sa.accountID = s.accountID "
	"WHERE s.name GLOB 'expensify_policy*' "
	"AND s.ownerAccountID = " + SQ(accountID) + " "
	"AND s.permissions IN ( 'read, write, share, own','read,write,share,own') "
	"AND ( -- policy admin is EA! "
	"(SELECT value FROM nameValuePairs WHERE name = 'private_approvedAccountant' AND accountID = s.accountID) = 'APPROVED_ACCOUNTANT' "
	"-- policy admin is on a domain flagged as EA! "
	"OR (SELECT value FROM nameValuePairs WHERE name = 'private_approvedAccountant' "
	"AND accountID = (SELECT accountID FROM accounts WHERE email = '+@' \|\| SUBSTR(SUBSTR(sa.email, INSTR(sa.email, '@') + 1), INSTR(SUBSTR(sa.email, INSTR(sa.email, '@') + 1), '@') + 1))) = 'APPROVED_ACCOUNTANT' "
	");")
	.empty();
	}