Refactor permission checks to utilize hierarchy levels for access control in equipment, partner, user, and mass update pages. Update conditions to validate permissions based on user hierarchy instead of fixed permission values.

2026-01-29 20:13:48 +01:00
parent 3043076dba
commit 8df518d0a2
4 changed files with 18 additions and 11 deletions
--- a/equipment.php
+++ b/equipment.php
@@ -461,13 +461,13 @@ $shipto_id = explode("-",$partner_data->shipto) ?? '';
 $partner_users_id = ($shipto_id[0] != '')? $shipto_id[0] : (($soldto_id[0] != '')? $soldto_id[0] : 1);

 $view_communication = '';
-if ($partner_users_id != 1 && ($_SESSION['authorization']['permission'] == 3 || $_SESSION['authorization']['permission'] == 4)){
+if ($partner_users_id != 1 && (isAllowed('communications',$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 1){
    $view_communication = ' <a href="index.php?page=communications&partnerid='.$partner_users_id.'" class="btn">'.$button_partner_assigned_communication.'</a>';
 }

 //DISPLAY RELATED USERS
 $view_users ='';
-if ($partner_users_id != 1 && ($_SESSION['authorization']['permission'] == 3 || $_SESSION['authorization']['permission'] == 4)){
+if ($partner_users_id != 1 && (isAllowed('users',$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 1)){
    $view_users = ' <a href="index.php?page=users&partnerid='.$partner_users_id.'" class="btn">'.$button_partner_assigned_users.'</a>';
 }

--- a/equipments_mass_update.php
+++ b/equipments_mass_update.php
@@ -202,7 +202,9 @@ $view .='<div class="content-block">
            <div class="form responsive-width-100" style="display: grid; grid-template-columns: repeat(auto-fit, minmax(300px, 1fr)); gap: 20px;">';

 // SHOW SALESID and SOLDTO ONLY TO ADMIN
-if ($_SESSION['authorization']['permission'] == 3 || $_SESSION['authorization']['permission'] == 4){
+$hierarchyLevel = getHierarchyLevel(json_decode($_SESSION['authorization']['partnerhierarchy']));
+
+if ($hierarchyLevel == 0 || $hierarchyLevel == 1){
    $view .='<div>
                    <label for="salesid">'.$general_salesid.'</label>
                    '.$salesid_dropdown.'
@@ -227,7 +229,7 @@ $view .='    <div>
            <div>
                <label for="status">'.$equipment_label3.'</label>
                <select id="status" name="status" required>';
-                        if ($_SESSION['authorization']['permission'] == 3 || $_SESSION['authorization']['permission'] == 4){
+                        if ($hierarchyLevel == 0 || $hierarchyLevel == 1){
                                                $view .= '<option value="0">'.$status0_text .'</option>
                                                        <option value="1">'.$status1_text .'</option>
                                                        <option value="2">'.$status2_text .'</option>';
--- a/partner.php
+++ b/partner.php
@@ -123,6 +123,8 @@ $view .= '<div class="tabs">
         </div>';

 //Define Service and partner enabled
+$hierarchyLevel = getHierarchyLevel(json_decode($_SESSION['authorization']['partnerhierarchy']));
+
 $view .= '<div class="content-block tab-content active">
            <div class="form responsive-width-100">
                <label for="status">'.$partner_status.'</label>
@@ -138,7 +140,7 @@ $view .= '<div class="content-block tab-content active">
                <label for="partnertype">'.$partner_partnertype.'</label>
                <select id="partnertype" name="partnertype" required>
                ';
-if ($_SESSION['authorization']['permission'] == 3 || $_SESSION['authorization']['permission'] == 4 ){
+if ($hierarchyLevel == 0 || $hierarchyLevel == 1){
 $view .= '          <option value="'.$partnertype1.'" '.($partner['partnertype']== $partnertype1?' selected':'').'>'.$partnertype1.'</option>
                    <option value="'.$partnertype2.'" '.($partner['partnertype']== $partnertype2?' selected':'').'>'.$partnertype2.'</option>';
 }
@@ -171,7 +173,7 @@ $view .= '<div class="tabs">
 $view .= '<div class="content-block tab-content">
            <div class="form responsive-width-100">
 ';
-if ($_SESSION['authorization']['permission'] == 3 || $_SESSION['authorization']['permission'] == 4){
+if ($hierarchyLevel == 0 || $hierarchyLevel == 1){
    $view .= '<label for="status">'.$general_salesid.'</label>';
    $view .= $salesid_dropdown;   
 }
--- a/user.php
+++ b/user.php
@@ -13,6 +13,8 @@ include_once './settings/settings_redirector.php';
 //SET ORIGIN FOR NAVIGATION
 $_SESSION['prev_origin_user'] = $_SERVER['REQUEST_URI'];

+$hierarchyLevel = getHierarchyLevel(json_decode($_SESSION['authorization']['partnerhierarchy']));
+
 $page = 'user';
 //Check if allowed
 if (isAllowed($page,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 0){
@@ -437,10 +439,10 @@ $view .= '</span>
                                <option value="2"'.($user->view == 2 ? ' selected' : '').'>'.($permission2 ?? 'Edit').'</option>
                                <option value="1"'.($user->view == 1 ? ' selected' : '').'>'.($permission1 ?? 'View').'</option>';

-if ($_SESSION['authorization']['permission'] == 3){
+if ($hierarchyLevel == 1){
    $view .= '<option value="4"'.($user->view == 4 ? ' selected' : '').'>'.($permission4 ?? 'Super Admin').'</option>';
 }
-if ($_SESSION['authorization']['permission'] == 4){
+if ($hierarchyLevel == 0){
    $view .= '<option value="4"'.($user->view == 4 ? ' selected' : '').'>'.($permission4 ?? 'Super Admin').'</option>
              <option value="5"'.($user->view == 5 ? ' selected' : '').'>'.($permission5 ?? 'System').'</option>';
 }
@@ -453,7 +455,8 @@ $view .= '              </select>
                        <td>
                            <span class="view-mode" style="'.$view_style.'">'.($user->settings ?? '-').'</span>';

-if ($_SESSION['authorization']['permission'] == 3 || $_SESSION['authorization']['permission'] == 4){
+
+if ($hierarchyLevel == 0 || $hierarchyLevel == 1){
    $view .= '<select class="edit-mode" name="settings" style="'.$edit_style.'">
                <option value="">-</option>';
    foreach ($all_profiles as $profile) {
@@ -490,7 +493,7 @@ $view .= '<div class="content-block">
            <div class="table order-table">
                <table>';

-if ($_SESSION['authorization']['permission'] == 3 || $_SESSION['authorization']['permission'] == 4){
+if ($hierarchyLevel == 0 || $hierarchyLevel == 1){
    $salesid_dropdown = listPartner('salesid', $_SESSION['authorization']['permission'], $partner_data->salesid ?? '', '');
    $soldto_dropdown = listPartner('soldto', $_SESSION['authorization']['permission'], $partner_data->soldto ?? '', '');

@@ -560,7 +563,7 @@ if (!$is_new_user) {
                    <td>
                        <span class="view-mode">'.$user->login_count.'</span>';

-    if ($_SESSION['authorization']['permission'] == 3 || $_SESSION['authorization']['permission'] == 4){
+    if ($hierarchyLevel == 0 || $hierarchyLevel == 1){
        $view .= '<input type="number" class="edit-mode" name="login_count" value="'.$user->login_count.'" style="display:none; width: 80px;">';
    } else {
        $view .= '<input type="hidden" name="login_count" value="'.$user->login_count.'">';