pcwvanbeers/assetmgt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Refactor user session handling and permissions management

Browse Source 
- Updated session variables to use 'authorization' array instead of 'username' for user identification across multiple files.
- Introduced a new function `getUserPermissions` to consolidate user permissions retrieval based on assigned roles.
- Modified API calls to use the new authorization structure and updated endpoints to v2.
- Enhanced language support by adding 'PL' to the list of supported languages.
- Cleaned up redundant code and improved session management during user login and registration processes.
- Added a new API endpoint for fetching user permissions based on user ID.
This commit is contained in:
“VeLiTi”
2026-01-19 15:29:16 +01:00
parent 782050c3ca
commit 24481279d5
99 changed files with 683 additions and 539 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
equipments_mass_update.php
View File

@@ -1,7 +1,7 @@
<?php
defined(page_security_key) or exit;
if (debug && debug_id == $_SESSION['id']){
if (debug && debug_id == $_SESSION['authorization']['id']){
ini_set('display_errors', '1');
ini_set('display_startup_errors', '1');
error_reporting(E_ALL);
@@ -12,14 +12,14 @@ include_once './settings/settings_redirector.php';
$page = 'equipments_mass_update';
//Check if allowed
if (isAllowed($page,$_SESSION['profile'],$_SESSION['permission'],'R') === 0){
if (isAllowed($page,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'R') === 0){
header('location: index.php');
exit;
}
//PAGE Security
$update_allowed = isAllowed($page ,$_SESSION['profile'],$_SESSION['permission'],'U');
$delete_allowed = isAllowed($page ,$_SESSION['profile'],$_SESSION['permission'],'D');
$create_allowed = isAllowed($page ,$_SESSION['profile'],$_SESSION['permission'],'C');
$update_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'U');
$delete_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'D');
$create_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'C');
//GET Details from URL
$GET_VALUES = urlGETdetails($_GET) ?? '';
@@ -188,12 +188,12 @@ $view .= '<form action="" method="post" id="mass_update_form">
//BUID UP DROPDOWNS
$partner = json_decode($_SESSION['partnerhierarchy'],true);
$partner = json_decode($_SESSION['authorization']['partnerhierarchy'],true);
$salesid_dropdown = listPartner('salesid',$_SESSION['permission'],$partner['salesid'],'yes');
$soldto_dropdown = listPartner('soldto',$_SESSION['permission'],'','yes');
$shipto_dropdown = listPartner('shipto',$_SESSION['permission'],'','');
$location_dropdown = listPartner('location',$_SESSION['permission'],'','');
$salesid_dropdown = listPartner('salesid',$_SESSION['authorization']['permission'],$partner['salesid'],'yes');
$soldto_dropdown = listPartner('soldto',$_SESSION['authorization']['permission'],'','yes');
$shipto_dropdown = listPartner('shipto',$_SESSION['authorization']['permission'],'','');
$location_dropdown = listPartner('location',$_SESSION['authorization']['permission'],'','');
$view .='<div class="content-block">
<div class="block-header">
@@ -202,7 +202,7 @@ $view .='<div class="content-block">
<div class="form responsive-width-100" style="display: grid; grid-template-columns: repeat(auto-fit, minmax(300px, 1fr)); gap: 20px;">';
// SHOW SALESID and SOLDTO ONLY TO ADMIN
if ($_SESSION['permission'] == 3 || $_SESSION['permission'] == 4){
if ($_SESSION['authorization']['permission'] == 3 || $_SESSION['authorization']['permission'] == 4){
$view .='<div>
<label for="salesid">'.$general_salesid.'</label>
'.$salesid_dropdown.'
@@ -227,7 +227,7 @@ $view .=' <div>
<div>
<label for="status">'.$equipment_label3.'</label>
<select id="status" name="status" required>';
if ($_SESSION['permission'] == 3 || $_SESSION['permission'] == 4){
if ($_SESSION['authorization']['permission'] == 3 || $_SESSION['authorization']['permission'] == 4){
$view .= '<option value="0">'.$status0_text .'</option>
<option value="1">'.$status1_text .'</option>
<option value="2">'.$status2_text .'</option>';