Merge branch 'development' into test
This commit is contained in:
“VeLiTi”
@@ -14,7 +14,6 @@ $stmt->execute([$userkey, $userkey]);
|
||||
$user_data = $stmt->fetch();
|
||||
//Define User data
|
||||
$partnerhierarchy = $user_data['partnerhierarchy'];
|
||||
$permission = userRights($user_data['view']);
|
||||
$profile= getUserPermissions($pdo, $user_data['id']);
|
||||
$username = $user_data['username'];
|
||||
$useremail = $user_data['email'];
|
||||
@@ -22,6 +21,7 @@ $servicekey = $user_data['service'];
|
||||
$partner = json_decode($partnerhierarchy);
|
||||
$language = $user_data['language'];
|
||||
$clientsecret = $user_data['userkey'];
|
||||
$permission = getHierarchyLevel($partner); //upgrade from userrights(view)
|
||||
|
||||
//Update Lastlogin
|
||||
$logindate = date('Y-m-d H:i:s');
|
||||
|
||||
@@ -179,9 +179,9 @@ switch ($action) {
|
||||
case 'geolocation':
|
||||
|
||||
if ($whereclause == ''){
|
||||
$whereclause = 'WHERE geolocation is not null OR geolocation != "["",""]"';
|
||||
$whereclause = 'WHERE geolocation is not null AND geolocation != \'["",""]\'';
|
||||
} else {
|
||||
$whereclause .= ' AND geolocation is not null OR geolocation != "["",""]';
|
||||
$whereclause .= ' AND geolocation is not null AND geolocation != \'["",""]\'';
|
||||
}
|
||||
$sql = 'SELECT distinct(geolocation) FROM equipment e '.$whereclause.'';
|
||||
|
||||
|
||||
@@ -16,7 +16,6 @@ if ($stmt->rowCount() == 1) {
|
||||
$user_data = $stmt->fetch();
|
||||
//Define User data
|
||||
$partnerhierarchy = $user_data['partnerhierarchy'];
|
||||
$permission = userRights($user_data['view']);
|
||||
$profile= getUserPermissions($pdo, $user_data['id']);
|
||||
$username = $user_data['username'];
|
||||
$useremail = $user_data['email'];
|
||||
@@ -24,6 +23,7 @@ if ($stmt->rowCount() == 1) {
|
||||
$language = $user_data['language'];
|
||||
$partner = json_decode($partnerhierarchy);
|
||||
$clientsecret = $user_data['userkey'];
|
||||
$permission = getHierarchyLevel($partner); //upgrade from userrights(view)
|
||||
|
||||
//Update Lastlogin
|
||||
$logindate = date('Y-m-d H:i:s');
|
||||
|
||||
@@ -217,18 +217,18 @@ $clause_insert = substr($clause_insert, 2); //Clean clause - remove first comma
|
||||
$input_insert = substr($input_insert, 1); //Clean clause - remove first comma
|
||||
|
||||
//QUERY AND VERIFY ALLOWED
|
||||
if ($command == 'update' && (isAllowed('equipment_manage',$profile,$permission,'U') === 1 || isAllowed('equipments_mass_update',$profile,$permission,'U') === 1 || $owner_equipment === 1)){
|
||||
if ($command == 'update' && (isAllowed('equipment',$profile,$permission,'U') === 1 || isAllowed('equipments_mass_update',$profile,$permission,'U') === 1 || $owner_equipment === 1)){
|
||||
$sql = 'UPDATE equipment SET '.$clause.' WHERE rowID = ? '.$whereclause.'';
|
||||
$execute_input[] = $id;
|
||||
$stmt = $pdo->prepare($sql);
|
||||
$stmt->execute($execute_input);
|
||||
}
|
||||
elseif ($command == 'insert' && isAllowed('equipment_manage',$profile,$permission,'C') === 1){
|
||||
elseif ($command == 'insert' && isAllowed('equipment',$profile,$permission,'C') === 1){
|
||||
$sql = 'INSERT INTO equipment ('.$clause_insert.') VALUES ('.$input_insert.')';
|
||||
$stmt = $pdo->prepare($sql);
|
||||
$stmt->execute($execute_input);
|
||||
}
|
||||
elseif ($command == 'delete' && (isAllowed('equipment_manage',$profile,$permission,'D') === 1 || $owner_equipment === 1)){
|
||||
elseif ($command == 'delete' && (isAllowed('equipment',$profile,$permission,'D') === 1 || $owner_equipment === 1)){
|
||||
//delete equipment
|
||||
$stmt = $pdo->prepare('DELETE FROM equipment WHERE rowID = ? '.$whereclause.'');
|
||||
$stmt->execute([ $id ]);
|
||||
|
||||
@@ -179,9 +179,9 @@ switch ($action) {
|
||||
case 'geolocation':
|
||||
|
||||
if ($whereclause == ''){
|
||||
$whereclause = 'WHERE geolocation is not null OR geolocation != "["",""]"';
|
||||
$whereclause = 'WHERE geolocation is not null AND geolocation != \'["",""]\'';
|
||||
} else {
|
||||
$whereclause .= ' AND geolocation is not null OR geolocation != "["",""]';
|
||||
$whereclause .= ' AND geolocation is not null AND geolocation != \'["",""]\'';
|
||||
}
|
||||
$sql = 'SELECT distinct(geolocation) FROM equipment e '.$whereclause.'';
|
||||
|
||||
|
||||
@@ -18,7 +18,6 @@ if ($stmt->rowCount() == 1) {
|
||||
$user_data = $stmt->fetch();
|
||||
//Define User data
|
||||
$partnerhierarchy = $user_data['partnerhierarchy'];
|
||||
$permission = userRights($user_data['view']);
|
||||
$profile= getUserPermissions($pdo, $user_data['id']); //getProfile($user_data['settings'],$permission);
|
||||
$username = $user_data['username'];
|
||||
$useremail = $user_data['email'];
|
||||
@@ -26,6 +25,7 @@ if ($stmt->rowCount() == 1) {
|
||||
$language = $user_data['language'];
|
||||
$partner = json_decode($partnerhierarchy);
|
||||
$clientsecret = $user_data['userkey'];
|
||||
$permission = getHierarchyLevel($partner); //upgrade from userrights(view)
|
||||
|
||||
//Update Lastlogin
|
||||
$logindate = date('Y-m-d H:i:s');
|
||||
|
||||
@@ -224,18 +224,18 @@ $clause_insert = substr($clause_insert, 2); //Clean clause - remove first comma
|
||||
$input_insert = substr($input_insert, 1); //Clean clause - remove first comma
|
||||
|
||||
//QUERY AND VERIFY ALLOWED
|
||||
if ($command == 'update' && (isAllowed('equipment_manage',$profile,$permission,'U') === 1 || isAllowed('equipments_mass_update',$profile,$permission,'U') === 1 || $owner_equipment === 1)){
|
||||
if ($command == 'update' && (isAllowed('equipment',$profile,$permission,'U') === 1 || isAllowed('equipments_mass_update',$profile,$permission,'U') === 1 || $owner_equipment === 1)){
|
||||
$sql = 'UPDATE equipment SET '.$clause.' WHERE rowID = ? '.$whereclause.'';
|
||||
$execute_input[] = $id;
|
||||
$stmt = $pdo->prepare($sql);
|
||||
$stmt->execute($execute_input);
|
||||
}
|
||||
elseif ($command == 'insert' && isAllowed('equipment_manage',$profile,$permission,'C') === 1){
|
||||
elseif ($command == 'insert' && isAllowed('equipment',$profile,$permission,'C') === 1){
|
||||
$sql = 'INSERT INTO equipment ('.$clause_insert.') VALUES ('.$input_insert.')';
|
||||
$stmt = $pdo->prepare($sql);
|
||||
$stmt->execute($execute_input);
|
||||
}
|
||||
elseif ($command == 'delete' && (isAllowed('equipment_manage',$profile,$permission,'D') === 1 || $owner_equipment === 1)){
|
||||
elseif ($command == 'delete' && (isAllowed('equipment',$profile,$permission,'D') === 1 || $owner_equipment === 1)){
|
||||
//delete equipment
|
||||
$stmt = $pdo->prepare('DELETE FROM equipment WHERE rowID = ? '.$whereclause.'');
|
||||
$stmt->execute([ $id ]);
|
||||
|
||||
@@ -17,7 +17,7 @@ $date = date('Y-m-d H:i:s');
|
||||
//------------------------------------------
|
||||
// BATCH UPDATE - Update all roles for a user
|
||||
//------------------------------------------
|
||||
if (isset($post_content['batch_update']) && isset($post_content['user_id']) && isAllowed('user_manage',$profile,$permission,'U') === 1){
|
||||
if (isset($post_content['batch_update']) && isset($post_content['user_id']) && isAllowed('user',$profile,$permission,'U') === 1){
|
||||
$user_id = $post_content['user_id'];
|
||||
$selected_roles = $post_content['roles'] ?? [];
|
||||
|
||||
@@ -48,11 +48,11 @@ if (isset($post_content['batch_update']) && isset($post_content['user_id']) && i
|
||||
if ($existing){
|
||||
//Reactivate existing assignment
|
||||
$stmt = $pdo->prepare('UPDATE user_role_assignments SET is_active = 1, assigned_by = ?, assigned_at = ?, updatedby = ?, updated = ? WHERE rowID = ?');
|
||||
$stmt->execute([$username, $date, $username, $date, $existing['rowID']]);
|
||||
$stmt->execute([$username, $date, $username, $date, $$username]);
|
||||
} else {
|
||||
//Create new assignment
|
||||
$stmt = $pdo->prepare('INSERT INTO user_role_assignments (user_id, role_id, is_active, assigned_by, assigned_at, created, createdby) VALUES (?, ?, 1, ?, ?, ?, ?)');
|
||||
$stmt->execute([$user_id, $role_id, $username, $date, $date, $userkey]);
|
||||
$stmt->execute([$user_id, $role_id, $username, $date, $date, $username]);
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -105,13 +105,13 @@ else {
|
||||
$input_insert = substr($input_insert, 1);
|
||||
|
||||
//QUERY AND VERIFY ALLOWED
|
||||
if ($command == 'update' && isAllowed('user_manage',$profile,$permission,'U') === 1){
|
||||
if ($command == 'update' && isAllowed('user',$profile,$permission,'U') === 1){
|
||||
$sql = 'UPDATE user_role_assignments SET '.$clause.' WHERE rowID = ?';
|
||||
$execute_input[] = $id;
|
||||
$stmt = $pdo->prepare($sql);
|
||||
$stmt->execute($execute_input);
|
||||
}
|
||||
elseif ($command == 'insert' && isAllowed('user_manage',$profile,$permission,'C') === 1){
|
||||
elseif ($command == 'insert' && isAllowed('user',$profile,$permission,'C') === 1){
|
||||
//Check if this user-role combination already exists (including inactive ones)
|
||||
$stmt = $pdo->prepare('SELECT rowID, is_active FROM user_role_assignments WHERE user_id = ? AND role_id = ? LIMIT 1');
|
||||
$stmt->execute([$post_content['user_id'], $post_content['role_id']]);
|
||||
@@ -131,7 +131,7 @@ else {
|
||||
$stmt->execute($execute_input);
|
||||
}
|
||||
}
|
||||
elseif ($command == 'delete' && isAllowed('user_manage',$profile,$permission,'D') === 1){
|
||||
elseif ($command == 'delete' && isAllowed('user',$profile,$permission,'D') === 1){
|
||||
//Soft delete by setting is_active to 0
|
||||
$stmt = $pdo->prepare('UPDATE user_role_assignments SET is_active = 0, updatedby = ?, updated = ? WHERE rowID = ?');
|
||||
$stmt->execute([$username, $date, $id]);
|
||||
|
||||
@@ -55,7 +55,7 @@ $clause_insert = substr($clause_insert, 2);
|
||||
$input_insert = substr($input_insert, 1);
|
||||
|
||||
//QUERY AND VERIFY ALLOWED
|
||||
if ($command == 'update' && isAllowed('user_role_manage',$profile,$permission,'U') === 1){
|
||||
if ($command == 'update' && isAllowed('user_roles',$profile,$permission,'U') === 1){
|
||||
$sql = 'UPDATE user_roles SET '.$clause.' WHERE rowID = ?';
|
||||
$execute_input[] = $id;
|
||||
$stmt = $pdo->prepare($sql);
|
||||
@@ -82,7 +82,7 @@ if ($command == 'update' && isAllowed('user_role_manage',$profile,$permission,'U
|
||||
}
|
||||
}
|
||||
}
|
||||
elseif ($command == 'insert' && isAllowed('user_role_manage',$profile,$permission,'C') === 1){
|
||||
elseif ($command == 'insert' && isAllowed('user_roles',$profile,$permission,'C') === 1){
|
||||
$sql = 'INSERT INTO user_roles ('.$clause_insert.') VALUES ('.$input_insert.')';
|
||||
$stmt = $pdo->prepare($sql);
|
||||
$stmt->execute($execute_input);
|
||||
@@ -106,7 +106,7 @@ elseif ($command == 'insert' && isAllowed('user_role_manage',$profile,$permissio
|
||||
}
|
||||
}
|
||||
}
|
||||
elseif ($command == 'delete' && isAllowed('user_role_manage',$profile,$permission,'D') === 1){
|
||||
elseif ($command == 'delete' && isAllowed('user_roles',$profile,$permission,'D') === 1){
|
||||
//Delete role permissions first (foreign key constraint)
|
||||
$stmt = $pdo->prepare('DELETE FROM role_access_permissions WHERE role_id = ?');
|
||||
$stmt->execute([$id]);
|
||||
|
||||
@@ -266,10 +266,17 @@ elseif ($command == 'insert' && isAllowed('user',$profile,$permission,'C') === 1
|
||||
$stmt = $pdo->prepare($sql);
|
||||
$stmt->execute($execute_input);
|
||||
|
||||
// Get the new user ID
|
||||
$new_user_id = $pdo->lastInsertId();
|
||||
|
||||
//STEP 2- Send to user
|
||||
$mail_location = (file_exists($_SERVER['DOCUMENT_ROOT'].'/custom/'.$domain.'/mail/email_template_new.php') ? $_SERVER['DOCUMENT_ROOT'].'/custom/'.$domain.'/mail/email_template_new.php' : './assets/mail/email_template_new.php');
|
||||
include_once $mail_location;
|
||||
send_mail($post_content['email'],$subject,$message,'','');
|
||||
|
||||
// Return the new user ID
|
||||
$result = json_encode(['id' => (int)$new_user_id], JSON_UNESCAPED_UNICODE);
|
||||
echo $result;
|
||||
} else {
|
||||
//------------------------------------------
|
||||
//JSON_ENCODE
|
||||
|
||||
Reference in New Issue
Block a user