Equipment - special permission
This commit is contained in:
“VeLiTi”
@@ -128,6 +128,14 @@ if ($command == 'update'){
|
||||
|
||||
$post_content['accounthierarchy'] = $accounthierarchy;
|
||||
|
||||
//CHECK for special permissions
|
||||
if (isAllowed('equipment_manage_edit',$profile,$permission,'U') === 0 && $owner_equipment === 0 ){
|
||||
$post_content['status'] = $equipment_data['status'];
|
||||
$post_content['serialnumber'] = $equipment_data['serialnumber'];
|
||||
$post_content['service_date'] = $equipment_data['service_date'];
|
||||
$post_content['warranty_date'] = $equipment_data['warranty_date'];
|
||||
}
|
||||
|
||||
}
|
||||
elseif ($command == 'insert'){
|
||||
$post_content['created'] = $date;
|
||||
|
||||
@@ -4,6 +4,7 @@ defined(page_security_key) or exit;
|
||||
//ini_set('display_startup_errors', '1');
|
||||
//error_reporting(E_ALL);
|
||||
$page = 'equipment_manage';
|
||||
$page_edit = 'equipment_manage_edit';
|
||||
//Check if allowed
|
||||
if (isAllowed($page,$_SESSION['profile'],$_SESSION['permission'],'R') === 0){
|
||||
header('location: index.php');
|
||||
@@ -13,6 +14,7 @@ if (isAllowed($page,$_SESSION['profile'],$_SESSION['permission'],'R') === 0){
|
||||
$update_allowed = isAllowed($page ,$_SESSION['profile'],$_SESSION['permission'],'U');
|
||||
$delete_allowed = isAllowed($page ,$_SESSION['profile'],$_SESSION['permission'],'D');
|
||||
$create_allowed = isAllowed($page ,$_SESSION['profile'],$_SESSION['permission'],'C');
|
||||
$update_allowed_special = isAllowed($page_edit ,$_SESSION['profile'],$_SESSION['permission'],'U');
|
||||
|
||||
// Default input product values
|
||||
$equipment = [
|
||||
@@ -60,7 +62,7 @@ if (isset($_GET['equipmentID'])) {
|
||||
//------------------------------------
|
||||
$equipment_owner = (($equipment['createdby'] == $_SESSION['username'])? 1 : 0);
|
||||
|
||||
if ($update_allowed === 1 || $equipment_owner === 1){
|
||||
if ($update_allowed === 1 || $equipment_owner === 1 || $update_allowed_special === 1){
|
||||
if (isset($_POST['submit'])) {
|
||||
//GET ALL POST DATA
|
||||
$data = json_encode($_POST, JSON_UNESCAPED_UNICODE);
|
||||
@@ -150,7 +152,7 @@ foreach ($products as $product){
|
||||
$view .= '<div class="content-block tab-content active">
|
||||
<div class="form responsive-width-100">
|
||||
<label for="status">'.$equipment_label3.'</label>
|
||||
<select id="status" name="status">
|
||||
<select id="status" name="'.($update_allowed_special==1? 'status':'').'">
|
||||
<option value="0" '.($equipment['status']==0?' selected':'').'>'.$status0_text .'</option>
|
||||
<option value="1" '.($equipment['status']==1?' selected':'').'>'.$status1_text .'</option>
|
||||
<option value="2" '.($equipment['status']==2?' selected':'').'>'.$status2_text .'</option>
|
||||
@@ -163,15 +165,15 @@ $view .= '<div class="content-block tab-content active">
|
||||
'.$product_option_list.'
|
||||
</select>
|
||||
<label for="serialnumber">'.$equipment_label2.'</label>
|
||||
<input id="name" type="text" name="serialnumber" placeholder="'.$equipment_label2.'" value="'.$equipment['serialnumber'].'" required">
|
||||
<input id="name" type="text" name="'.($update_allowed_special==1? 'serialnumber':'').'" placeholder="'.$equipment_label2.'" value="'.$equipment['serialnumber'].'" required">
|
||||
<label for="hardware">'.$equipment_label5.'</label>
|
||||
<input id="name" type="text" name="hw_version" placeholder="'.$equipment_label5.'" value="'.$equipment['hw_version'].'">
|
||||
<label for="hardware">'.$equipment_label6.'</label>
|
||||
<input id="name" type="text" name="sw_version" placeholder="'.$equipment_label6.'" value="'.$equipment['sw_version'].'">
|
||||
<label for="service_date">'.$equipment_label7.'</label>
|
||||
<input id="name" type="date" name="warranty_date" placeholder="'.$equipment_label7.'" value="'.$equipment['warranty_date'].'" style="width:80%;">
|
||||
<input id="name" type="date" name="'.($update_allowed_special==1? 'warranty_date':'').'" placeholder="'.$equipment_label7.'" value="'.$equipment['warranty_date'].'" style="width:80%;">
|
||||
<label for="service_date">'.$equipment_label8.'</label>
|
||||
<input id="name" type="date" name="service_date" placeholder="'.$equipment_label8.'" value="'.$equipment['service_date'].'" style="width:80%;">
|
||||
<input id="name" type="date" name="'.($update_allowed_special==1? 'service_date':'').'" placeholder="'.$equipment_label8.'" value="'.$equipment['service_date'].'" style="width:80%;">
|
||||
<input type="hidden" name="rowID" value="'.$equipment_ID.'">
|
||||
<input type="hidden" name="old_status" value="'.$equipment['status'].'">
|
||||
</div>
|
||||
@@ -221,7 +223,7 @@ $view .= '<div class="content-block tab-content">
|
||||
<input id="name" type="text" name="" placeholder="'.$general_createdby.'" value="'.$equipment['createdby'].'" readonly>
|
||||
<label for="productcode">'.$equipment_label11.'</label>
|
||||
<input id="name" type="text" name="order_ref" placeholder="'.$equipment_label11.'" value="'.$equipment['order_ref'].'">
|
||||
'.$changelog.'
|
||||
'.($update_allowed_special==1? $changelog:'').'
|
||||
</div>
|
||||
</div>';
|
||||
|
||||
|
||||
Reference in New Issue
Block a user