pcwvanbeers/assetmgt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'development' into test

Browse Source
This commit is contained in:
“VeLiTi”
2026-01-30 10:56:58 +01:00
parent 0274647483 2427d40273
commit 9d33b37b8b
20 changed files with 105 additions and 64 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
api/v0/get/user_credentials.php
View File

@@ -14,7 +14,6 @@ $stmt->execute([$userkey, $userkey]);
$user_data = $stmt->fetch(); $user_data = $stmt->fetch();
//Define User data //Define User data
$partnerhierarchy = $user_data['partnerhierarchy']; $partnerhierarchy = $user_data['partnerhierarchy'];
$permission = userRights($user_data['view']);
$profile= getUserPermissions($pdo, $user_data['id']); $profile= getUserPermissions($pdo, $user_data['id']);
$username = $user_data['username']; $username = $user_data['username'];
$useremail = $user_data['email']; $useremail = $user_data['email'];
@@ -22,6 +21,7 @@ $servicekey = $user_data['service'];
$partner = json_decode($partnerhierarchy); $partner = json_decode($partnerhierarchy);
$language = $user_data['language']; $language = $user_data['language'];
$clientsecret = $user_data['userkey']; $clientsecret = $user_data['userkey'];
$permission = getHierarchyLevel($partner); //upgrade from userrights(view)
//Update Lastlogin //Update Lastlogin
$logindate = date('Y-m-d H:i:s'); $logindate = date('Y-m-d H:i:s');

4
api/v1/get/application.php
View File

@@ -179,9 +179,9 @@ switch ($action) {
case 'geolocation': case 'geolocation':
if ($whereclause == ''){ if ($whereclause == ''){
$whereclause = 'WHERE geolocation is not null OR geolocation != "["",""]"'; $whereclause = 'WHERE geolocation is not null AND geolocation != \'["",""]\'';
} else { } else {
$whereclause .= ' AND geolocation is not null OR geolocation != "["",""]'; $whereclause .= ' AND geolocation is not null AND geolocation != \'["",""]\'';
} }
$sql = 'SELECT distinct(geolocation) FROM equipment e '.$whereclause.''; $sql = 'SELECT distinct(geolocation) FROM equipment e '.$whereclause.'';

2
api/v1/get/user_credentials.php
View File

@@ -16,7 +16,6 @@ if ($stmt->rowCount() == 1) {
$user_data = $stmt->fetch(); $user_data = $stmt->fetch();
//Define User data //Define User data
$partnerhierarchy = $user_data['partnerhierarchy']; $partnerhierarchy = $user_data['partnerhierarchy'];
$permission = userRights($user_data['view']);
$profile= getUserPermissions($pdo, $user_data['id']); $profile= getUserPermissions($pdo, $user_data['id']);
$username = $user_data['username']; $username = $user_data['username'];
$useremail = $user_data['email']; $useremail = $user_data['email'];
@@ -24,6 +23,7 @@ if ($stmt->rowCount() == 1) {
$language = $user_data['language']; $language = $user_data['language'];
$partner = json_decode($partnerhierarchy); $partner = json_decode($partnerhierarchy);
$clientsecret = $user_data['userkey']; $clientsecret = $user_data['userkey'];
$permission = getHierarchyLevel($partner); //upgrade from userrights(view)
//Update Lastlogin //Update Lastlogin
$logindate = date('Y-m-d H:i:s'); $logindate = date('Y-m-d H:i:s');

6
api/v1/post/equipments.php
View File

@@ -217,18 +217,18 @@ $clause_insert = substr($clause_insert, 2); //Clean clause - remove first comma
$input_insert = substr($input_insert, 1); //Clean clause - remove first comma $input_insert = substr($input_insert, 1); //Clean clause - remove first comma
//QUERY AND VERIFY ALLOWED //QUERY AND VERIFY ALLOWED
if ($command == 'update' && (isAllowed('equipment_manage',$profile,$permission,'U') === 1 || isAllowed('equipments_mass_update',$profile,$permission,'U') === 1 || $owner_equipment === 1)){ if ($command == 'update' && (isAllowed('equipment',$profile,$permission,'U') === 1 || isAllowed('equipments_mass_update',$profile,$permission,'U') === 1 || $owner_equipment === 1)){
$sql = 'UPDATE equipment SET '.$clause.' WHERE rowID = ? '.$whereclause.''; $sql = 'UPDATE equipment SET '.$clause.' WHERE rowID = ? '.$whereclause.'';
$execute_input[] = $id; $execute_input[] = $id;
$stmt = $pdo->prepare($sql); $stmt = $pdo->prepare($sql);
$stmt->execute($execute_input); $stmt->execute($execute_input);
} }
elseif ($command == 'insert' && isAllowed('equipment_manage',$profile,$permission,'C') === 1){ elseif ($command == 'insert' && isAllowed('equipment',$profile,$permission,'C') === 1){
$sql = 'INSERT INTO equipment ('.$clause_insert.') VALUES ('.$input_insert.')'; $sql = 'INSERT INTO equipment ('.$clause_insert.') VALUES ('.$input_insert.')';
$stmt = $pdo->prepare($sql); $stmt = $pdo->prepare($sql);
$stmt->execute($execute_input); $stmt->execute($execute_input);
} }
elseif ($command == 'delete' && (isAllowed('equipment_manage',$profile,$permission,'D') === 1 || $owner_equipment === 1)){ elseif ($command == 'delete' && (isAllowed('equipment',$profile,$permission,'D') === 1 || $owner_equipment === 1)){
//delete equipment //delete equipment
$stmt = $pdo->prepare('DELETE FROM equipment WHERE rowID = ? '.$whereclause.''); $stmt = $pdo->prepare('DELETE FROM equipment WHERE rowID = ? '.$whereclause.'');
$stmt->execute([ $id ]); $stmt->execute([ $id ]);

4
api/v2/get/application.php
View File

@@ -179,9 +179,9 @@ switch ($action) {
case 'geolocation': case 'geolocation':
if ($whereclause == ''){ if ($whereclause == ''){
$whereclause = 'WHERE geolocation is not null OR geolocation != "["",""]"'; $whereclause = 'WHERE geolocation is not null AND geolocation != \'["",""]\'';
} else { } else {
$whereclause .= ' AND geolocation is not null OR geolocation != "["",""]'; $whereclause .= ' AND geolocation is not null AND geolocation != \'["",""]\'';
} }
$sql = 'SELECT distinct(geolocation) FROM equipment e '.$whereclause.''; $sql = 'SELECT distinct(geolocation) FROM equipment e '.$whereclause.'';

2
api/v2/get/user_credentials.php
View File

@@ -18,7 +18,6 @@ if ($stmt->rowCount() == 1) {
$user_data = $stmt->fetch(); $user_data = $stmt->fetch();
//Define User data //Define User data
$partnerhierarchy = $user_data['partnerhierarchy']; $partnerhierarchy = $user_data['partnerhierarchy'];
$permission = userRights($user_data['view']);
$profile= getUserPermissions($pdo, $user_data['id']); //getProfile($user_data['settings'],$permission); $profile= getUserPermissions($pdo, $user_data['id']); //getProfile($user_data['settings'],$permission);
$username = $user_data['username']; $username = $user_data['username'];
$useremail = $user_data['email']; $useremail = $user_data['email'];
@@ -26,6 +25,7 @@ if ($stmt->rowCount() == 1) {
$language = $user_data['language']; $language = $user_data['language'];
$partner = json_decode($partnerhierarchy); $partner = json_decode($partnerhierarchy);
$clientsecret = $user_data['userkey']; $clientsecret = $user_data['userkey'];
$permission = getHierarchyLevel($partner); //upgrade from userrights(view)
//Update Lastlogin //Update Lastlogin
$logindate = date('Y-m-d H:i:s'); $logindate = date('Y-m-d H:i:s');

6
api/v2/post/equipments.php
View File

@@ -224,18 +224,18 @@ $clause_insert = substr($clause_insert, 2); //Clean clause - remove first comma
$input_insert = substr($input_insert, 1); //Clean clause - remove first comma $input_insert = substr($input_insert, 1); //Clean clause - remove first comma
//QUERY AND VERIFY ALLOWED //QUERY AND VERIFY ALLOWED
if ($command == 'update' && (isAllowed('equipment_manage',$profile,$permission,'U') === 1 || isAllowed('equipments_mass_update',$profile,$permission,'U') === 1 || $owner_equipment === 1)){ if ($command == 'update' && (isAllowed('equipment',$profile,$permission,'U') === 1 || isAllowed('equipments_mass_update',$profile,$permission,'U') === 1 || $owner_equipment === 1)){
$sql = 'UPDATE equipment SET '.$clause.' WHERE rowID = ? '.$whereclause.''; $sql = 'UPDATE equipment SET '.$clause.' WHERE rowID = ? '.$whereclause.'';
$execute_input[] = $id; $execute_input[] = $id;
$stmt = $pdo->prepare($sql); $stmt = $pdo->prepare($sql);
$stmt->execute($execute_input); $stmt->execute($execute_input);
} }
elseif ($command == 'insert' && isAllowed('equipment_manage',$profile,$permission,'C') === 1){ elseif ($command == 'insert' && isAllowed('equipment',$profile,$permission,'C') === 1){
$sql = 'INSERT INTO equipment ('.$clause_insert.') VALUES ('.$input_insert.')'; $sql = 'INSERT INTO equipment ('.$clause_insert.') VALUES ('.$input_insert.')';
$stmt = $pdo->prepare($sql); $stmt = $pdo->prepare($sql);
$stmt->execute($execute_input); $stmt->execute($execute_input);
} }
elseif ($command == 'delete' && (isAllowed('equipment_manage',$profile,$permission,'D') === 1 || $owner_equipment === 1)){ elseif ($command == 'delete' && (isAllowed('equipment',$profile,$permission,'D') === 1 || $owner_equipment === 1)){
//delete equipment //delete equipment
$stmt = $pdo->prepare('DELETE FROM equipment WHERE rowID = ? '.$whereclause.''); $stmt = $pdo->prepare('DELETE FROM equipment WHERE rowID = ? '.$whereclause.'');
$stmt->execute([ $id ]); $stmt->execute([ $id ]);

12
api/v2/post/user_role_assignments.php
View File

@@ -17,7 +17,7 @@ $date = date('Y-m-d H:i:s');
//------------------------------------------ //------------------------------------------
// BATCH UPDATE - Update all roles for a user // BATCH UPDATE - Update all roles for a user
//------------------------------------------ //------------------------------------------
if (isset($post_content['batch_update']) && isset($post_content['user_id']) && isAllowed('user_manage',$profile,$permission,'U') === 1){ if (isset($post_content['batch_update']) && isset($post_content['user_id']) && isAllowed('user',$profile,$permission,'U') === 1){
$user_id = $post_content['user_id']; $user_id = $post_content['user_id'];
$selected_roles = $post_content['roles'] ?? []; $selected_roles = $post_content['roles'] ?? [];
@@ -48,11 +48,11 @@ if (isset($post_content['batch_update']) && isset($post_content['user_id']) && i
if ($existing){ if ($existing){
//Reactivate existing assignment //Reactivate existing assignment
$stmt = $pdo->prepare('UPDATE user_role_assignments SET is_active = 1, assigned_by = ?, assigned_at = ?, updatedby = ?, updated = ? WHERE rowID = ?'); $stmt = $pdo->prepare('UPDATE user_role_assignments SET is_active = 1, assigned_by = ?, assigned_at = ?, updatedby = ?, updated = ? WHERE rowID = ?');
$stmt->execute([$username, $date, $username, $date, $existing['rowID']]); $stmt->execute([$username, $date, $username, $date, $$username]);
} else { } else {
//Create new assignment //Create new assignment
$stmt = $pdo->prepare('INSERT INTO user_role_assignments (user_id, role_id, is_active, assigned_by, assigned_at, created, createdby) VALUES (?, ?, 1, ?, ?, ?, ?)'); $stmt = $pdo->prepare('INSERT INTO user_role_assignments (user_id, role_id, is_active, assigned_by, assigned_at, created, createdby) VALUES (?, ?, 1, ?, ?, ?, ?)');
$stmt->execute([$user_id, $role_id, $username, $date, $date, $userkey]); $stmt->execute([$user_id, $role_id, $username, $date, $date, $username]);
} }
} }
} }
@@ -105,13 +105,13 @@ else {
$input_insert = substr($input_insert, 1); $input_insert = substr($input_insert, 1);
//QUERY AND VERIFY ALLOWED //QUERY AND VERIFY ALLOWED
if ($command == 'update' && isAllowed('user_manage',$profile,$permission,'U') === 1){ if ($command == 'update' && isAllowed('user',$profile,$permission,'U') === 1){
$sql = 'UPDATE user_role_assignments SET '.$clause.' WHERE rowID = ?'; $sql = 'UPDATE user_role_assignments SET '.$clause.' WHERE rowID = ?';
$execute_input[] = $id; $execute_input[] = $id;
$stmt = $pdo->prepare($sql); $stmt = $pdo->prepare($sql);
$stmt->execute($execute_input); $stmt->execute($execute_input);
} }
elseif ($command == 'insert' && isAllowed('user_manage',$profile,$permission,'C') === 1){ elseif ($command == 'insert' && isAllowed('user',$profile,$permission,'C') === 1){
//Check if this user-role combination already exists (including inactive ones) //Check if this user-role combination already exists (including inactive ones)
$stmt = $pdo->prepare('SELECT rowID, is_active FROM user_role_assignments WHERE user_id = ? AND role_id = ? LIMIT 1'); $stmt = $pdo->prepare('SELECT rowID, is_active FROM user_role_assignments WHERE user_id = ? AND role_id = ? LIMIT 1');
$stmt->execute([$post_content['user_id'], $post_content['role_id']]); $stmt->execute([$post_content['user_id'], $post_content['role_id']]);
@@ -131,7 +131,7 @@ else {
$stmt->execute($execute_input); $stmt->execute($execute_input);
} }
} }
elseif ($command == 'delete' && isAllowed('user_manage',$profile,$permission,'D') === 1){ elseif ($command == 'delete' && isAllowed('user',$profile,$permission,'D') === 1){
//Soft delete by setting is_active to 0 //Soft delete by setting is_active to 0
$stmt = $pdo->prepare('UPDATE user_role_assignments SET is_active = 0, updatedby = ?, updated = ? WHERE rowID = ?'); $stmt = $pdo->prepare('UPDATE user_role_assignments SET is_active = 0, updatedby = ?, updated = ? WHERE rowID = ?');
$stmt->execute([$username, $date, $id]); $stmt->execute([$username, $date, $id]);

6
api/v2/post/user_roles.php
View File

@@ -55,7 +55,7 @@ $clause_insert = substr($clause_insert, 2);
$input_insert = substr($input_insert, 1); $input_insert = substr($input_insert, 1);
//QUERY AND VERIFY ALLOWED //QUERY AND VERIFY ALLOWED
if ($command == 'update' && isAllowed('user_role_manage',$profile,$permission,'U') === 1){ if ($command == 'update' && isAllowed('user_roles',$profile,$permission,'U') === 1){
$sql = 'UPDATE user_roles SET '.$clause.' WHERE rowID = ?'; $sql = 'UPDATE user_roles SET '.$clause.' WHERE rowID = ?';
$execute_input[] = $id; $execute_input[] = $id;
$stmt = $pdo->prepare($sql); $stmt = $pdo->prepare($sql);
@@ -82,7 +82,7 @@ if ($command == 'update' && isAllowed('user_role_manage',$profile,$permission,'U
} }
} }
} }
elseif ($command == 'insert' && isAllowed('user_role_manage',$profile,$permission,'C') === 1){ elseif ($command == 'insert' && isAllowed('user_roles',$profile,$permission,'C') === 1){
$sql = 'INSERT INTO user_roles ('.$clause_insert.') VALUES ('.$input_insert.')'; $sql = 'INSERT INTO user_roles ('.$clause_insert.') VALUES ('.$input_insert.')';
$stmt = $pdo->prepare($sql); $stmt = $pdo->prepare($sql);
$stmt->execute($execute_input); $stmt->execute($execute_input);
@@ -106,7 +106,7 @@ elseif ($command == 'insert' && isAllowed('user_role_manage',$profile,$permissio
} }
} }
} }
elseif ($command == 'delete' && isAllowed('user_role_manage',$profile,$permission,'D') === 1){ elseif ($command == 'delete' && isAllowed('user_roles',$profile,$permission,'D') === 1){
//Delete role permissions first (foreign key constraint) //Delete role permissions first (foreign key constraint)
$stmt = $pdo->prepare('DELETE FROM role_access_permissions WHERE role_id = ?'); $stmt = $pdo->prepare('DELETE FROM role_access_permissions WHERE role_id = ?');
$stmt->execute([$id]); $stmt->execute([$id]);

7
api/v2/post/users.php
View File

@@ -266,10 +266,17 @@ elseif ($command == 'insert' && isAllowed('user',$profile,$permission,'C') === 1
$stmt = $pdo->prepare($sql); $stmt = $pdo->prepare($sql);
$stmt->execute($execute_input); $stmt->execute($execute_input);
// Get the new user ID
$new_user_id = $pdo->lastInsertId();
//STEP 2- Send to user //STEP 2- Send to user
$mail_location = (file_exists($_SERVER['DOCUMENT_ROOT'].'/custom/'.$domain.'/mail/email_template_new.php') ? $_SERVER['DOCUMENT_ROOT'].'/custom/'.$domain.'/mail/email_template_new.php' : './assets/mail/email_template_new.php'); $mail_location = (file_exists($_SERVER['DOCUMENT_ROOT'].'/custom/'.$domain.'/mail/email_template_new.php') ? $_SERVER['DOCUMENT_ROOT'].'/custom/'.$domain.'/mail/email_template_new.php' : './assets/mail/email_template_new.php');
include_once $mail_location; include_once $mail_location;
send_mail($post_content['email'],$subject,$message,'',''); send_mail($post_content['email'],$subject,$message,'','');
// Return the new user ID
$result = json_encode(['id' => (int)$new_user_id], JSON_UNESCAPED_UNICODE);
echo $result;
} else { } else {
//------------------------------------------ //------------------------------------------
//JSON_ENCODE //JSON_ENCODE

42
assets/functions.php
View File

@@ -1726,6 +1726,7 @@ function getProfile($profile, $permission){
$always_allowed = [ $always_allowed = [
'com_log' => 'CRU', 'com_log' => 'CRU',
'application' => 'CRU', 'application' => 'CRU',
'user_roles' => 'R',
'user_role_assignments' => 'R', 'user_role_assignments' => 'R',
'user_permissions' => 'R', 'user_permissions' => 'R',
'products_software' => 'R', 'products_software' => 'R',
@@ -2847,28 +2848,37 @@ function serviceReport($history, $request, $country_code)
//------------------------------------------ //------------------------------------------
// LIST PARTNER // LIST PARTNER
//------------------------------------------ //------------------------------------------
function listPartner($partnertype, $user_right, $input, $required) function listPartner($partnertype, $user_right = null, $input, $required)
{ {
include dirname(__FILE__,2).'/settings/settings_redirector.php'; include dirname(__FILE__,2).'/settings/settings_redirector.php';
//BASED ON USERRIGHT DEFINE SQL AND DATA RETURNED // Use hierarchy level instead of user_right
if ($user_right != 3 || $user_right !=4) { $partner = json_decode($_SESSION['authorization']['partnerhierarchy']);
//NOT ADMIN USER $hierarchyLevel = getHierarchyLevel($partner);
$partner = json_decode($_SESSION['authorization']['partnerhierarchy']);
//SoldTo is empty // Only apply restrictions if hierarchy level is not 0 or 1
if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';} if ($hierarchyLevel != 0 && $hierarchyLevel != 1) {
//BUILD CONDITION // Build condition based on hierarchy
$condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search; $condition = buildHierarchyConditionLvl2($partner, $hierarchyLevel);
$whereclause = 'AND salesID like ?'; $whereclause = 'AND salesID like ?';
} } else {
else {//ADMIN USERS // Level 0 or 1: No restrictions or salesid-only level
$whereclause = ''; $whereclause = '';
} $condition = '';
}
$pdo = dbConnect($dbname); $pdo = dbConnect($dbname);
$sql = 'SELECT distinct partnerID, partnername FROM partner WHERE partnertype = ? AND status = 1 '.$whereclause.'';
$stmt = $pdo->prepare($sql); if ($whereclause != '') {
$stmt->execute([$partnertype, $condition]); $sql = 'SELECT distinct partnerID, partnername FROM partner WHERE partnertype = ? AND status = 1 '.$whereclause.'';
$stmt = $pdo->prepare($sql);
$stmt->execute([$partnertype, $condition]);
} else {
$sql = 'SELECT distinct partnerID, partnername FROM partner WHERE partnertype = ? AND status = 1';
$stmt = $pdo->prepare($sql);
$stmt->execute([$partnertype]);
}
$partners = $stmt->fetchAll(PDO::FETCH_ASSOC); $partners = $stmt->fetchAll(PDO::FETCH_ASSOC);
if ($input !='' && !empty($input)){ if ($input !='' && !empty($input)){

4
equipment.php
View File

@@ -461,13 +461,13 @@ $shipto_id = explode("-",$partner_data->shipto) ?? '';
$partner_users_id = ($shipto_id[0] != '')? $shipto_id[0] : (($soldto_id[0] != '')? $soldto_id[0] : 1); $partner_users_id = ($shipto_id[0] != '')? $shipto_id[0] : (($soldto_id[0] != '')? $soldto_id[0] : 1);
$view_communication = ''; $view_communication = '';
if ($partner_users_id != 1 && ($_SESSION['authorization']['permission'] == 3 || $_SESSION['authorization']['permission'] == 4)){ if ($partner_users_id != 1 && (isAllowed('communications',$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 1)){
$view_communication = ' <a href="index.php?page=communications&partnerid='.$partner_users_id.'" class="btn">'.$button_partner_assigned_communication.'</a>'; $view_communication = ' <a href="index.php?page=communications&partnerid='.$partner_users_id.'" class="btn">'.$button_partner_assigned_communication.'</a>';
} }
//DISPLAY RELATED USERS //DISPLAY RELATED USERS
$view_users =''; $view_users ='';
if ($partner_users_id != 1 && ($_SESSION['authorization']['permission'] == 3 || $_SESSION['authorization']['permission'] == 4)){ if ($partner_users_id != 1 && (isAllowed('users',$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 1)){
$view_users = ' <a href="index.php?page=users&partnerid='.$partner_users_id.'" class="btn">'.$button_partner_assigned_users.'</a>'; $view_users = ' <a href="index.php?page=users&partnerid='.$partner_users_id.'" class="btn">'.$button_partner_assigned_users.'</a>';
} }

2
equipment_manage.php
View File

@@ -7,7 +7,7 @@ if (debug && debug_id == $_SESSION['authorization']['id']){
error_reporting(E_ALL); error_reporting(E_ALL);
} }
$page = 'equipment_manage'; $page = 'equipment';
$page_edit = 'equipment_manage_edit'; $page_edit = 'equipment_manage_edit';
//Check if allowed //Check if allowed
if (isAllowed($page,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 0){ if (isAllowed($page,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 0){

2
equipments.php
View File

@@ -22,7 +22,7 @@ if (isAllowed($page,$_SESSION['authorization']['permissions'],$_SESSION['authori
exit; exit;
} }
//PAGE Security //PAGE Security
$page_manage = 'equipment_manage'; $page_manage = 'equipment';
$update_allowed = isAllowed($page_manage ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'U'); $update_allowed = isAllowed($page_manage ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'U');
$delete_allowed = isAllowed($page_manage ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'D'); $delete_allowed = isAllowed($page_manage ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'D');
$create_allowed = isAllowed($page_manage ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'C'); $create_allowed = isAllowed($page_manage ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'C');

20
equipments_mass_update.php
View File

@@ -68,8 +68,18 @@ if ($update_allowed === 1){
$output_excel[$val]['productname'] = ${$responses->productname} ?? $responses->productname; $output_excel[$val]['productname'] = ${$responses->productname} ?? $responses->productname;
$output_excel[$val]['order_ref'] = $_POST['order_ref']; $output_excel[$val]['order_ref'] = $_POST['order_ref'];
$output_excel[$val]['status'] = $_POST['status']; $output_excel[$val]['status'] = $_POST['status'];
$output_excel[$val]['salesid'] = $_POST['salesid'];
$output_excel[$val]['soldto'] = $_POST['soldto']; // Only include salesid/soldto if form fields were visible (hierarchy 0-1)
$hierarchyLevel = getHierarchyLevel(json_decode($_SESSION['authorization']['partnerhierarchy']));
if ($hierarchyLevel == 0 || $hierarchyLevel == 1) {
if (isset($_POST['salesid'])) {
$output_excel[$val]['salesid'] = $_POST['salesid'];
}
if (isset($_POST['soldto'])) {
$output_excel[$val]['soldto'] = $_POST['soldto'];
}
}
if (!empty($_POST['shipto']) || $_POST['shipto'] !=''){ if (!empty($_POST['shipto']) || $_POST['shipto'] !=''){
$output_excel[$val]['shipto'] = $_POST['shipto']; $output_excel[$val]['shipto'] = $_POST['shipto'];
} }
@@ -202,7 +212,9 @@ $view .='<div class="content-block">
<div class="form responsive-width-100" style="display: grid; grid-template-columns: repeat(auto-fit, minmax(300px, 1fr)); gap: 20px;">'; <div class="form responsive-width-100" style="display: grid; grid-template-columns: repeat(auto-fit, minmax(300px, 1fr)); gap: 20px;">';
// SHOW SALESID and SOLDTO ONLY TO ADMIN // SHOW SALESID and SOLDTO ONLY TO ADMIN
if ($_SESSION['authorization']['permission'] == 3 || $_SESSION['authorization']['permission'] == 4){ $hierarchyLevel = getHierarchyLevel(json_decode($_SESSION['authorization']['partnerhierarchy']));
if ($hierarchyLevel == 0 || $hierarchyLevel == 1){
$view .='<div> $view .='<div>
<label for="salesid">'.$general_salesid.'</label> <label for="salesid">'.$general_salesid.'</label>
'.$salesid_dropdown.' '.$salesid_dropdown.'
@@ -227,7 +239,7 @@ $view .=' <div>
<div> <div>
<label for="status">'.$equipment_label3.'</label> <label for="status">'.$equipment_label3.'</label>
<select id="status" name="status" required>'; <select id="status" name="status" required>';
if ($_SESSION['authorization']['permission'] == 3 || $_SESSION['authorization']['permission'] == 4){ if ($hierarchyLevel == 0 || $hierarchyLevel == 1){
$view .= '<option value="0">'.$status0_text .'</option> $view .= '<option value="0">'.$status0_text .'</option>
<option value="1">'.$status1_text .'</option> <option value="1">'.$status1_text .'</option>
<option value="2">'.$status2_text .'</option>'; <option value="2">'.$status2_text .'</option>';

15
index.php
View File

@@ -29,16 +29,23 @@ include_once dirname(__FILE__).'/settings/countries.php';
//+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ //+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
//GET USER PERMISSION ASSIGNED //GET USER PERMISSION ASSIGNED
//+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ //+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
if (!isset($_SESSION['authorization']['id'])){ if (!isset($_SESSION['authorization']['id']) && isset($_SESSION['authorization']['userkey'])){
$api_url = '/v2/user_permissions/userkey='.$_SESSION['authorization']['userkey']; $api_url = '/v2/user_permissions/userkey='.$_SESSION['authorization']['userkey'];
$responses = ioServer($api_url,''); $responses = ioServer($api_url,'');
//Decode Payload //Decode Payload
if (!empty($responses)){$responses = json_decode($responses,true);}else{$responses = null;} if (!empty($responses)){$responses = json_decode($responses,true);}else{$responses = null;}
//STORE DATA IN SESSION //STORE DATA IN SESSION
foreach($responses as $key => $value){ if (is_array($responses) && !isset($responses['error_code'])) {
$_SESSION['authorization'][$key] = $value; foreach($responses as $key => $value){
$_SESSION['authorization'][$key] = $value;
}
} else {
// API call failed or returned error - redirect to login with error message
session_destroy();
header('location: login.php?error=session_expired');
die();
} }
} }

5
login.php
View File

@@ -53,6 +53,11 @@ $username = $password = '';
$username_err = $password_err = ''; $username_err = $password_err = '';
$retry = 0; $retry = 0;
// Check for error parameter from redirects
if (isset($_GET['error']) && $_GET['error'] === 'session_expired') {
$password_err = $password_err_2 ?? 'Session expired or invalid. Please login again.';
}
// Process submitted form data // Process submitted form data
if ($_SERVER['REQUEST_METHOD'] === 'POST') { if ($_SERVER['REQUEST_METHOD'] === 'POST') {

6
partner.php
View File

@@ -123,6 +123,8 @@ $view .= '<div class="tabs">
</div>'; </div>';
//Define Service and partner enabled //Define Service and partner enabled
$hierarchyLevel = getHierarchyLevel(json_decode($_SESSION['authorization']['partnerhierarchy']));
$view .= '<div class="content-block tab-content active"> $view .= '<div class="content-block tab-content active">
<div class="form responsive-width-100"> <div class="form responsive-width-100">
<label for="status">'.$partner_status.'</label> <label for="status">'.$partner_status.'</label>
@@ -138,7 +140,7 @@ $view .= '<div class="content-block tab-content active">
<label for="partnertype">'.$partner_partnertype.'</label> <label for="partnertype">'.$partner_partnertype.'</label>
<select id="partnertype" name="partnertype" required> <select id="partnertype" name="partnertype" required>
'; ';
if ($_SESSION['authorization']['permission'] == 3 || $_SESSION['authorization']['permission'] == 4 ){ if ($hierarchyLevel == 0 || $hierarchyLevel == 1){
$view .= ' <option value="'.$partnertype1.'" '.($partner['partnertype']== $partnertype1?' selected':'').'>'.$partnertype1.'</option> $view .= ' <option value="'.$partnertype1.'" '.($partner['partnertype']== $partnertype1?' selected':'').'>'.$partnertype1.'</option>
<option value="'.$partnertype2.'" '.($partner['partnertype']== $partnertype2?' selected':'').'>'.$partnertype2.'</option>'; <option value="'.$partnertype2.'" '.($partner['partnertype']== $partnertype2?' selected':'').'>'.$partnertype2.'</option>';
} }
@@ -171,7 +173,7 @@ $view .= '<div class="tabs">
$view .= '<div class="content-block tab-content"> $view .= '<div class="content-block tab-content">
<div class="form responsive-width-100"> <div class="form responsive-width-100">
'; ';
if ($_SESSION['authorization']['permission'] == 3 || $_SESSION['authorization']['permission'] == 4){ if ($hierarchyLevel == 0 || $hierarchyLevel == 1){
$view .= '<label for="status">'.$general_salesid.'</label>'; $view .= '<label for="status">'.$general_salesid.'</label>';
$view .= $salesid_dropdown; $view .= $salesid_dropdown;
} }

18
user.php
View File

@@ -13,6 +13,8 @@ include_once './settings/settings_redirector.php';
//SET ORIGIN FOR NAVIGATION //SET ORIGIN FOR NAVIGATION
$_SESSION['prev_origin_user'] = $_SERVER['REQUEST_URI']; $_SESSION['prev_origin_user'] = $_SERVER['REQUEST_URI'];
$hierarchyLevel = getHierarchyLevel(json_decode($_SESSION['authorization']['partnerhierarchy']));
$page = 'user'; $page = 'user';
//Check if allowed //Check if allowed
if (isAllowed($page,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 0){ if (isAllowed($page,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 0){
@@ -21,10 +23,9 @@ if (isAllowed($page,$_SESSION['authorization']['permissions'],$_SESSION['authori
} }
//PAGE Security //PAGE Security
$page_manage = 'user_manage';
$update_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'U'); $update_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'U');
$delete_allowed = isAllowed($page_manage ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'D'); $delete_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'D');
$create_allowed = isAllowed($page_manage ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'C'); $create_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'C');
//GET Details from URL //GET Details from URL
$user_ID = $_GET['id'] ?? ''; $user_ID = $_GET['id'] ?? '';
@@ -438,10 +439,10 @@ $view .= '</span>
<option value="2"'.($user->view == 2 ? ' selected' : '').'>'.($permission2 ?? 'Edit').'</option> <option value="2"'.($user->view == 2 ? ' selected' : '').'>'.($permission2 ?? 'Edit').'</option>
<option value="1"'.($user->view == 1 ? ' selected' : '').'>'.($permission1 ?? 'View').'</option>'; <option value="1"'.($user->view == 1 ? ' selected' : '').'>'.($permission1 ?? 'View').'</option>';
if ($_SESSION['authorization']['permission'] == 3){ if ($hierarchyLevel == 1){
$view .= '<option value="4"'.($user->view == 4 ? ' selected' : '').'>'.($permission4 ?? 'Super Admin').'</option>'; $view .= '<option value="4"'.($user->view == 4 ? ' selected' : '').'>'.($permission4 ?? 'Super Admin').'</option>';
} }
if ($_SESSION['authorization']['permission'] == 4){ if ($hierarchyLevel == 0){
$view .= '<option value="4"'.($user->view == 4 ? ' selected' : '').'>'.($permission4 ?? 'Super Admin').'</option> $view .= '<option value="4"'.($user->view == 4 ? ' selected' : '').'>'.($permission4 ?? 'Super Admin').'</option>
<option value="5"'.($user->view == 5 ? ' selected' : '').'>'.($permission5 ?? 'System').'</option>'; <option value="5"'.($user->view == 5 ? ' selected' : '').'>'.($permission5 ?? 'System').'</option>';
} }
@@ -454,7 +455,8 @@ $view .= ' </select>
<td> <td>
<span class="view-mode" style="'.$view_style.'">'.($user->settings ?? '-').'</span>'; <span class="view-mode" style="'.$view_style.'">'.($user->settings ?? '-').'</span>';
if ($_SESSION['authorization']['permission'] == 3 || $_SESSION['authorization']['permission'] == 4){
if ($hierarchyLevel == 0 || $hierarchyLevel == 1){
$view .= '<select class="edit-mode" name="settings" style="'.$edit_style.'"> $view .= '<select class="edit-mode" name="settings" style="'.$edit_style.'">
<option value="">-</option>'; <option value="">-</option>';
foreach ($all_profiles as $profile) { foreach ($all_profiles as $profile) {
@@ -491,7 +493,7 @@ $view .= '<div class="content-block">
<div class="table order-table"> <div class="table order-table">
<table>'; <table>';
if ($_SESSION['authorization']['permission'] == 3 || $_SESSION['authorization']['permission'] == 4){ if ($hierarchyLevel == 0 || $hierarchyLevel == 1){
$salesid_dropdown = listPartner('salesid', $_SESSION['authorization']['permission'], $partner_data->salesid ?? '', ''); $salesid_dropdown = listPartner('salesid', $_SESSION['authorization']['permission'], $partner_data->salesid ?? '', '');
$soldto_dropdown = listPartner('soldto', $_SESSION['authorization']['permission'], $partner_data->soldto ?? '', ''); $soldto_dropdown = listPartner('soldto', $_SESSION['authorization']['permission'], $partner_data->soldto ?? '', '');
@@ -561,7 +563,7 @@ if (!$is_new_user) {
<td> <td>
<span class="view-mode">'.$user->login_count.'</span>'; <span class="view-mode">'.$user->login_count.'</span>';
if ($_SESSION['authorization']['permission'] == 3 || $_SESSION['authorization']['permission'] == 4){ if ($hierarchyLevel == 0 || $hierarchyLevel == 1){
$view .= '<input type="number" class="edit-mode" name="login_count" value="'.$user->login_count.'" style="display:none; width: 80px;">'; $view .= '<input type="number" class="edit-mode" name="login_count" value="'.$user->login_count.'" style="display:none; width: 80px;">';
} else { } else {
$view .= '<input type="hidden" name="login_count" value="'.$user->login_count.'">'; $view .= '<input type="hidden" name="login_count" value="'.$user->login_count.'">';

4
users.php
View File

@@ -133,8 +133,6 @@ $view .= '
<th class="responsive-hidden">'.$User_service.'</th> <th class="responsive-hidden">'.$User_service.'</th>
<th>'.$User_username.'</th> <th>'.$User_username.'</th>
<th>'.$User_partnerhierarchy.'</th> <th>'.$User_partnerhierarchy.'</th>
<th>'.$User_permission.'</th>
<th>'.$User_profile.'</th>
<th class="responsive-hidden">'.$User_lastlogin.'</th> <th class="responsive-hidden">'.$User_lastlogin.'</th>
</tr> </tr>
</thead> </thead>
@@ -164,8 +162,6 @@ $view .= '
<td class="responsive-hidden">'.(($response->service && $response->service !='')? '<span class="status enabled">'.$enabled:'<span class="status">'.$disabled).'</td> <td class="responsive-hidden">'.(($response->service && $response->service !='')? '<span class="status enabled">'.$enabled:'<span class="status">'.$disabled).'</td>
<td>'.$response->username.'</td> <td>'.$response->username.'</td>
<td>'.$partner_hierarchy.'</td> <td>'.$partner_hierarchy.'</td>
<td>'.$$permission_user.'</td>
<td>'.$response->settings.'</td>
<td class="responsive-hidden">'.getRelativeTime($response->lastlogin).'</td> <td class="responsive-hidden">'.getRelativeTime($response->lastlogin).'</td>
</tr> </tr>
'; ';