From 8df518d0a26ac8e75159ab7cef10628c3a3eee72 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E2=80=9CVeLiTi=E2=80=9D?= <“info@veliti.nl”>
Date: Thu, 29 Jan 2026 20:13:48 +0100
Subject: [PATCH] Refactor permission checks to utilize hierarchy levels for
 access control in equipment, partner, user, and mass update pages. Update
 conditions to validate permissions based on user hierarchy instead of fixed
 permission values.

---
 equipment.php              |  4 ++--
 equipments_mass_update.php |  6 ++++--
 partner.php                |  6 ++++--
 user.php                   | 13 ++++++++-----
 4 files changed, 18 insertions(+), 11 deletions(-)

diff --git a/equipment.php b/equipment.php
index e52af6d..99faeb1 100644
--- a/equipment.php
+++ b/equipment.php
@@ -461,13 +461,13 @@ $shipto_id = explode("-",$partner_data->shipto) ?? '';
 $partner_users_id = ($shipto_id[0] != '')? $shipto_id[0] : (($soldto_id[0] != '')? $soldto_id[0] : 1);
 
 $view_communication = '';
-if ($partner_users_id != 1 && ($_SESSION['authorization']['permission'] == 3 || $_SESSION['authorization']['permission'] == 4)){
+if ($partner_users_id != 1 && (isAllowed('communications',$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 1){
     $view_communication = ' <a href="index.php?page=communications&partnerid='.$partner_users_id.'" class="btn">'.$button_partner_assigned_communication.'</a>';
 }
 
 //DISPLAY RELATED USERS
 $view_users ='';
-if ($partner_users_id != 1 && ($_SESSION['authorization']['permission'] == 3 || $_SESSION['authorization']['permission'] == 4)){
+if ($partner_users_id != 1 && (isAllowed('users',$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 1)){
     $view_users = ' <a href="index.php?page=users&partnerid='.$partner_users_id.'" class="btn">'.$button_partner_assigned_users.'</a>';
 }
 
diff --git a/equipments_mass_update.php b/equipments_mass_update.php
index 1bbc639..146818b 100644
--- a/equipments_mass_update.php
+++ b/equipments_mass_update.php
@@ -202,7 +202,9 @@ $view .='<div class="content-block">
             <div class="form responsive-width-100" style="display: grid; grid-template-columns: repeat(auto-fit, minmax(300px, 1fr)); gap: 20px;">';
 
 // SHOW SALESID and SOLDTO ONLY TO ADMIN
-if ($_SESSION['authorization']['permission'] == 3 || $_SESSION['authorization']['permission'] == 4){
+$hierarchyLevel = getHierarchyLevel(json_decode($_SESSION['authorization']['partnerhierarchy']));
+
+if ($hierarchyLevel == 0 || $hierarchyLevel == 1){
     $view .='<div>
                     <label for="salesid">'.$general_salesid.'</label>
                     '.$salesid_dropdown.'
@@ -227,7 +229,7 @@ $view .='    <div>
             <div>
                 <label for="status">'.$equipment_label3.'</label>
                 <select id="status" name="status" required>';
-                        if ($_SESSION['authorization']['permission'] == 3 || $_SESSION['authorization']['permission'] == 4){
+                        if ($hierarchyLevel == 0 || $hierarchyLevel == 1){
                                                 $view .= '<option value="0">'.$status0_text .'</option>
                                                         <option value="1">'.$status1_text .'</option>
                                                         <option value="2">'.$status2_text .'</option>';
diff --git a/partner.php b/partner.php
index 4ef20c9..ff1cddf 100644
--- a/partner.php
+++ b/partner.php
@@ -123,6 +123,8 @@ $view .= '<div class="tabs">
          </div>';
 
 //Define Service and partner enabled
+$hierarchyLevel = getHierarchyLevel(json_decode($_SESSION['authorization']['partnerhierarchy']));
+
 $view .= '<div class="content-block tab-content active">
             <div class="form responsive-width-100">
                 <label for="status">'.$partner_status.'</label>
@@ -138,7 +140,7 @@ $view .= '<div class="content-block tab-content active">
                 <label for="partnertype">'.$partner_partnertype.'</label>
                 <select id="partnertype" name="partnertype" required>
                 ';
-if ($_SESSION['authorization']['permission'] == 3 || $_SESSION['authorization']['permission'] == 4 ){
+if ($hierarchyLevel == 0 || $hierarchyLevel == 1){
 $view .= '          <option value="'.$partnertype1.'" '.($partner['partnertype']== $partnertype1?' selected':'').'>'.$partnertype1.'</option>
                     <option value="'.$partnertype2.'" '.($partner['partnertype']== $partnertype2?' selected':'').'>'.$partnertype2.'</option>';
 }
@@ -171,7 +173,7 @@ $view .= '<div class="tabs">
 $view .= '<div class="content-block tab-content">
             <div class="form responsive-width-100">
 ';
-if ($_SESSION['authorization']['permission'] == 3 || $_SESSION['authorization']['permission'] == 4){
+if ($hierarchyLevel == 0 || $hierarchyLevel == 1){
     $view .= '<label for="status">'.$general_salesid.'</label>';
     $view .= $salesid_dropdown;   
 }
diff --git a/user.php b/user.php
index 99f621d..54c12d3 100644
--- a/user.php
+++ b/user.php
@@ -13,6 +13,8 @@ include_once './settings/settings_redirector.php';
 //SET ORIGIN FOR NAVIGATION
 $_SESSION['prev_origin_user'] = $_SERVER['REQUEST_URI'];
 
+$hierarchyLevel = getHierarchyLevel(json_decode($_SESSION['authorization']['partnerhierarchy']));
+
 $page = 'user';
 //Check if allowed
 if (isAllowed($page,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 0){
@@ -437,10 +439,10 @@ $view .= '</span>
                                 <option value="2"'.($user->view == 2 ? ' selected' : '').'>'.($permission2 ?? 'Edit').'</option>
                                 <option value="1"'.($user->view == 1 ? ' selected' : '').'>'.($permission1 ?? 'View').'</option>';
 
-if ($_SESSION['authorization']['permission'] == 3){
+if ($hierarchyLevel == 1){
     $view .= '<option value="4"'.($user->view == 4 ? ' selected' : '').'>'.($permission4 ?? 'Super Admin').'</option>';
 }
-if ($_SESSION['authorization']['permission'] == 4){
+if ($hierarchyLevel == 0){
     $view .= '<option value="4"'.($user->view == 4 ? ' selected' : '').'>'.($permission4 ?? 'Super Admin').'</option>
               <option value="5"'.($user->view == 5 ? ' selected' : '').'>'.($permission5 ?? 'System').'</option>';
 }
@@ -453,7 +455,8 @@ $view .= '              </select>
                         <td>
                             <span class="view-mode" style="'.$view_style.'">'.($user->settings ?? '-').'</span>';
 
-if ($_SESSION['authorization']['permission'] == 3 || $_SESSION['authorization']['permission'] == 4){
+
+if ($hierarchyLevel == 0 || $hierarchyLevel == 1){
     $view .= '<select class="edit-mode" name="settings" style="'.$edit_style.'">
                 <option value="">-</option>';
     foreach ($all_profiles as $profile) {
@@ -490,7 +493,7 @@ $view .= '<div class="content-block">
             <div class="table order-table">
                 <table>';
 
-if ($_SESSION['authorization']['permission'] == 3 || $_SESSION['authorization']['permission'] == 4){
+if ($hierarchyLevel == 0 || $hierarchyLevel == 1){
     $salesid_dropdown = listPartner('salesid', $_SESSION['authorization']['permission'], $partner_data->salesid ?? '', '');
     $soldto_dropdown = listPartner('soldto', $_SESSION['authorization']['permission'], $partner_data->soldto ?? '', '');
 
@@ -560,7 +563,7 @@ if (!$is_new_user) {
                     <td>
                         <span class="view-mode">'.$user->login_count.'</span>';
 
-    if ($_SESSION['authorization']['permission'] == 3 || $_SESSION['authorization']['permission'] == 4){
+    if ($hierarchyLevel == 0 || $hierarchyLevel == 1){
         $view .= '<input type="number" class="edit-mode" name="login_count" value="'.$user->login_count.'" style="display:none; width: 80px;">';
     } else {
         $view .= '<input type="hidden" name="login_count" value="'.$user->login_count.'">';