From 3e4770e27397640a95b787cf20f85cb35c31df28 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E2=80=9CVeLiTi=E2=80=9D?= <“info@veliti.nl”>
Date: Fri, 22 Mar 2024 09:33:15 +0100
Subject: [PATCH] Equipment - special permission

---
 api/v1/post/equipments.php |  8 ++++++++
 equipment_manage.php       | 14 ++++++++------
 2 files changed, 16 insertions(+), 6 deletions(-)

diff --git a/api/v1/post/equipments.php b/api/v1/post/equipments.php
index 2466594..afba649 100644
--- a/api/v1/post/equipments.php
+++ b/api/v1/post/equipments.php
@@ -128,6 +128,14 @@ if ($command == 'update'){
 
     $post_content['accounthierarchy'] = $accounthierarchy;
 
+    //CHECK for special permissions
+    if (isAllowed('equipment_manage_edit',$profile,$permission,'U') === 0 && $owner_equipment === 0 ){
+        $post_content['status'] = $equipment_data['status'];
+        $post_content['serialnumber'] = $equipment_data['serialnumber'];
+        $post_content['service_date'] = $equipment_data['service_date'];
+        $post_content['warranty_date'] = $equipment_data['warranty_date'];
+    } 
+   
 }
 elseif ($command == 'insert'){
     $post_content['created'] = $date;
diff --git a/equipment_manage.php b/equipment_manage.php
index 43ae9a4..48c6e14 100644
--- a/equipment_manage.php
+++ b/equipment_manage.php
@@ -4,6 +4,7 @@ defined(page_security_key) or exit;
 //ini_set('display_startup_errors', '1');
 //error_reporting(E_ALL);
 $page = 'equipment_manage';
+$page_edit = 'equipment_manage_edit';
 //Check if allowed
 if (isAllowed($page,$_SESSION['profile'],$_SESSION['permission'],'R') === 0){
     header('location: index.php');
@@ -13,6 +14,7 @@ if (isAllowed($page,$_SESSION['profile'],$_SESSION['permission'],'R') === 0){
 $update_allowed = isAllowed($page ,$_SESSION['profile'],$_SESSION['permission'],'U');
 $delete_allowed = isAllowed($page ,$_SESSION['profile'],$_SESSION['permission'],'D');
 $create_allowed = isAllowed($page ,$_SESSION['profile'],$_SESSION['permission'],'C');
+$update_allowed_special = isAllowed($page_edit ,$_SESSION['profile'],$_SESSION['permission'],'U');
 
 // Default input product values
 $equipment = [
@@ -60,7 +62,7 @@ if (isset($_GET['equipmentID'])) {
     //------------------------------------
     $equipment_owner = (($equipment['createdby'] == $_SESSION['username'])? 1 : 0);
     
-    if ($update_allowed === 1 || $equipment_owner === 1){
+    if ($update_allowed === 1 || $equipment_owner === 1 || $update_allowed_special === 1){
         if (isset($_POST['submit'])) {
             //GET ALL POST DATA
             $data = json_encode($_POST, JSON_UNESCAPED_UNICODE);
@@ -150,7 +152,7 @@ foreach ($products as $product){
 $view .= '<div class="content-block tab-content active">
             <div class="form responsive-width-100">
                 <label for="status">'.$equipment_label3.'</label>
-                <select id="status" name="status">
+                <select id="status" name="'.($update_allowed_special==1? 'status':'').'">
                     <option value="0" '.($equipment['status']==0?' selected':'').'>'.$status0_text .'</option>
                     <option value="1" '.($equipment['status']==1?' selected':'').'>'.$status1_text .'</option>
                     <option value="2" '.($equipment['status']==2?' selected':'').'>'.$status2_text .'</option>
@@ -163,15 +165,15 @@ $view .= '<div class="content-block tab-content active">
                 '.$product_option_list.'
                 </select>
                 <label for="serialnumber">'.$equipment_label2.'</label>
-                <input id="name" type="text" name="serialnumber" placeholder="'.$equipment_label2.'" value="'.$equipment['serialnumber'].'" required">
+                <input id="name" type="text" name="'.($update_allowed_special==1? 'serialnumber':'').'" placeholder="'.$equipment_label2.'" value="'.$equipment['serialnumber'].'" required">
                 <label for="hardware">'.$equipment_label5.'</label>
                 <input id="name" type="text" name="hw_version" placeholder="'.$equipment_label5.'" value="'.$equipment['hw_version'].'">
                 <label for="hardware">'.$equipment_label6.'</label>
                 <input id="name" type="text" name="sw_version" placeholder="'.$equipment_label6.'" value="'.$equipment['sw_version'].'">
                 <label for="service_date">'.$equipment_label7.'</label>
-                <input id="name" type="date" name="warranty_date" placeholder="'.$equipment_label7.'" value="'.$equipment['warranty_date'].'" style="width:80%;">
+                <input id="name" type="date" name="'.($update_allowed_special==1? 'warranty_date':'').'" placeholder="'.$equipment_label7.'" value="'.$equipment['warranty_date'].'" style="width:80%;">
                 <label for="service_date">'.$equipment_label8.'</label>
-                <input id="name" type="date" name="service_date" placeholder="'.$equipment_label8.'" value="'.$equipment['service_date'].'" style="width:80%;">
+                <input id="name" type="date" name="'.($update_allowed_special==1? 'service_date':'').'" placeholder="'.$equipment_label8.'" value="'.$equipment['service_date'].'" style="width:80%;">
                 <input type="hidden" name="rowID" value="'.$equipment_ID.'">
                 <input type="hidden" name="old_status" value="'.$equipment['status'].'">   
             </div>
@@ -221,7 +223,7 @@ $view .= '<div class="content-block tab-content">
             <input id="name" type="text" name="" placeholder="'.$general_createdby.'" value="'.$equipment['createdby'].'" readonly>
             <label for="productcode">'.$equipment_label11.'</label>
             <input id="name" type="text" name="order_ref" placeholder="'.$equipment_label11.'" value="'.$equipment['order_ref'].'">
-            '.$changelog.'
+            '.($update_allowed_special==1? $changelog:'').'
         </div>      
     </div>';