pcwvanbeers/assetmgt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Refactor user session handling and permissions management

Browse Source 
- Updated session variables to use 'authorization' array instead of 'username' for user identification across multiple files.
- Introduced a new function `getUserPermissions` to consolidate user permissions retrieval based on assigned roles.
- Modified API calls to use the new authorization structure and updated endpoints to v2.
- Enhanced language support by adding 'PL' to the list of supported languages.
- Cleaned up redundant code and improved session management during user login and registration processes.
- Added a new API endpoint for fetching user permissions based on user ID.
This commit is contained in:
“VeLiTi”
2026-01-19 15:29:16 +01:00
parent 782050c3ca
commit 24481279d5
99 changed files with 683 additions and 539 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
equipment_manage.php
View File

@@ -1,7 +1,7 @@
<?php
defined(page_security_key) or exit;
if (debug && debug_id == $_SESSION['id']){
if (debug && debug_id == $_SESSION['authorization']['id']){
ini_set('display_errors', '1');
ini_set('display_startup_errors', '1');
error_reporting(E_ALL);
@@ -10,24 +10,24 @@ if (debug && debug_id == $_SESSION['id']){
$page = 'equipment_manage';
$page_edit = 'equipment_manage_edit';
//Check if allowed
if (isAllowed($page,$_SESSION['profile'],$_SESSION['permission'],'R') === 0){
if (isAllowed($page,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'R') === 0){
header('location: index.php');
exit;
}
//PAGE Security
$update_allowed = isAllowed($page ,$_SESSION['profile'],$_SESSION['permission'],'U');
$delete_allowed = isAllowed($page ,$_SESSION['profile'],$_SESSION['permission'],'D');
$create_allowed = isAllowed($page ,$_SESSION['profile'],$_SESSION['permission'],'C');
$update_allowed_special = isAllowed($page_edit ,$_SESSION['profile'],$_SESSION['permission'],'U');
$update_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'U');
$delete_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'D');
$create_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'C');
$update_allowed_special = isAllowed($page_edit ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'U');
// Default input product values
$equipment = [
'rowID' => '',
'productrowid' => '',
'created' => '',
'createdby' => $_SESSION['username'],
'createdby' => $_SESSION['authorization']['clientID'],
'status' => 1,
'accounthierarchy' => $_SESSION['partnerhierarchy'],
'accounthierarchy' => $_SESSION['authorization']['partnerhierarchy'],
'serialnumber' => '',
'hw_version' => '',
'sw_version' => '',
@@ -77,7 +77,7 @@ if (isset($_GET['equipmentID'])) {
//------------------------------------
//CHECK IF USER IS ALSO CREATOR OF RECORD THEN OVERRIDE UPDATE_ALLOWED
//------------------------------------
$equipment_owner = (($equipment['createdby'] == $_SESSION['username'])? 1 : 0);
$equipment_owner = (($equipment['createdby'] == $_SESSION['authorization']['clientID'])? 1 : 0);
if ($update_allowed === 1 || $equipment_owner === 1 || $update_allowed_special === 1){
if (isset($_POST['submit'])) {
@@ -216,10 +216,10 @@ $view .= '<div class="tabs">
//GET PARTNERDATA
$partner_data = json_decode($equipment['accounthierarchy']);
//BUID UP DROPDOWNS
$salesid_dropdown = listPartner('salesid',$_SESSION['permission'],$partner_data->salesid,'');
$soldto_dropdown = listPartner('soldto',$_SESSION['permission'],$partner_data->soldto,'');
$shipto_dropdown = listPartner('shipto',$_SESSION['permission'],$partner_data->shipto,'');
$location_dropdown = listPartner('location',$_SESSION['permission'],$partner_data->location,'');
$salesid_dropdown = listPartner('salesid',$_SESSION['authorization']['permission'],$partner_data->salesid,'');
$soldto_dropdown = listPartner('soldto',$_SESSION['authorization']['permission'],$partner_data->soldto,'');
$shipto_dropdown = listPartner('shipto',$_SESSION['authorization']['permission'],$partner_data->shipto,'');
$location_dropdown = listPartner('location',$_SESSION['authorization']['permission'],$partner_data->location,'');
if (isset($partner_data->section)){$section = getPartnerName($partner_data->section) ?? 'Not specified';} else {$section = 'Not specified';}