pcwvanbeers/assetmgt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Refactor user role permission checks to utilize a unified 'user' scope for access control. Update user management permissions in user.php and users.php for consistency. Enhance listPartner function to apply hierarchy-based restrictions for partner retrieval.

Browse Source
This commit is contained in:
“VeLiTi”
2026-01-29 20:01:46 +01:00
parent 2dd054d145
commit 3043076dba
4 changed files with 31 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
assets/functions.php
View File

@@ -2847,28 +2847,37 @@ function serviceReport($history, $request, $country_code)
//------------------------------------------
// LIST PARTNER
//------------------------------------------
function listPartner($partnertype, $user_right, $input, $required)
function listPartner($partnertype, $user_right = null, $input, $required)
{
include dirname(__FILE__,2).'/settings/settings_redirector.php';
//BASED ON USERRIGHT DEFINE SQL AND DATA RETURNED
if ($user_right != 3 || $user_right !=4) {
//NOT ADMIN USER
$partner = json_decode($_SESSION['authorization']['partnerhierarchy']);
//SoldTo is empty
if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
//BUILD CONDITION
$condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
// Use hierarchy level instead of user_right
$partner = json_decode($_SESSION['authorization']['partnerhierarchy']);
$hierarchyLevel = getHierarchyLevel($partner);
// Only apply restrictions if hierarchy level is not 0 or 1
if ($hierarchyLevel != 0 && $hierarchyLevel != 1) {
// Build condition based on hierarchy
$condition = buildHierarchyConditionLvl2($partner, $hierarchyLevel);
$whereclause = 'AND salesID like ?';
}
else {//ADMIN USERS
$whereclause = '';
}
} else {
// Level 0 or 1: No restrictions or salesid-only level
$whereclause = '';
$condition = '';
}
$pdo = dbConnect($dbname);
$sql = 'SELECT distinct partnerID, partnername FROM partner WHERE partnertype = ? AND status = 1 '.$whereclause.'';
$stmt = $pdo->prepare($sql);
$stmt->execute([$partnertype, $condition]);
if ($whereclause != '') {
$sql = 'SELECT distinct partnerID, partnername FROM partner WHERE partnertype = ? AND status = 1 '.$whereclause.'';
$stmt = $pdo->prepare($sql);
$stmt->execute([$partnertype, $condition]);
} else {
$sql = 'SELECT distinct partnerID, partnername FROM partner WHERE partnertype = ? AND status = 1';
$stmt = $pdo->prepare($sql);
$stmt->execute([$partnertype]);
}
$partners = $stmt->fetchAll(PDO::FETCH_ASSOC);
if ($input !='' && !empty($input)){