diff --git a/.DS_Store b/.DS_Store index 9d4c452..8f76464 100644 Binary files a/.DS_Store and b/.DS_Store differ diff --git a/account.php b/account.php index 0a03500..5ebd2b1 100644 --- a/account.php +++ b/account.php @@ -239,13 +239,13 @@ $soldto_id = explode("-",$account_hierarchy->soldto) ?? ''; //DISPLAY RELATED COMMUNICATION RECORDS $view_communication = ''; -if ($_SESSION['authorization']['permission'] == 3 || $_SESSION['authorization']['permission'] == 4){ +if (isAllowed('communications',$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 0){ $view_communication = ' '.$button_partner_assigned_communication.''; } //DISPLAY RELATED USERS $view_users =''; -if ($_SESSION['authorization']['permission'] == 3 || $_SESSION['authorization']['permission'] == 4){ +if (isAllowed('users',$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 0){ $view_users = ' '.$button_partner_assigned_users.''; } diff --git a/api/v1/post/accounts.php b/api/v1/post/accounts.php index 072c4bf..26049a7 100644 --- a/api/v1/post/accounts.php +++ b/api/v1/post/accounts.php @@ -40,7 +40,7 @@ if ($id != ''){ $salesid_new = (($post_content['salesid'] != '' && $post_content['salesid'] != $accounthierarchy_old->salesid)? $post_content['salesid'] : $accounthierarchy_old->salesid); $soldto_new = (($post_content['soldto'] != '' && $post_content['soldto'] != $accounthierarchy_old->soldto)? $post_content['soldto'] : $accounthierarchy_old->soldto); - if ($permission == 3 || $permission == 4){ + if (getHierarchyLevel($partner) == 1 || getHierarchyLevel($partner) == 0){ //ADMIN ONLY ARE ALLOWED TO CHANGE SALES AND SOLD $account = array( "salesid"=>$salesid_new, diff --git a/api/v1/post/contracts.php b/api/v1/post/contracts.php index 498f164..12f90e7 100644 --- a/api/v1/post/contracts.php +++ b/api/v1/post/contracts.php @@ -58,7 +58,7 @@ if ($id != ''){ $shipto_new = (($post_content['shipto'] != '' && $post_content['shipto'] != $contract_old->shipto)? $post_content['shipto'] : $contract_old->shipto); $location_new = (($post_content['location'] != '' && $post_content['location'] != $contract_old->location)? $post_content['location'] : $contract_old->location); - if ($permission == 4){ + if (getHierarchyLevel($partner) == 0){ //ADMIN+ ONLY ARE ALLOWED TO CHANGE SALES AND SOLD $account = array( "salesid"=>$salesid_new, @@ -67,7 +67,7 @@ if ($id != ''){ "location"=>$location_new ); } - elseif ($permission == 3) { + elseif (getHierarchyLevel($partner) == 1) { //ADMIN ONLY ARE ALLOWED TO CHANGE SOLD $account = array( "salesid"=>$contract_old->salesid, @@ -120,7 +120,7 @@ if ($id != ''){ } else { //ID is empty => INSERT / NEW RECORD - if ($permission == 4){ + if (getHierarchyLevel($partner) == 0){ $account = array( "salesid"=>$post_content['salesid'], "soldto"=>$post_content['soldto'], @@ -128,7 +128,7 @@ else { "location"=>$post_content['location'] ); } - elseif ($permission == 3){ + elseif (getHierarchyLevel($partner) == 1){ $account = array( "salesid"=>$partner->salesid, "soldto"=>$post_content['soldto'], @@ -160,7 +160,7 @@ if (isset($post_content['servicetool'])){ if (isset($post_content['ignore_list'])){ $post_content['ignore_list'] = json_encode($post_content['ignore_list'], JSON_UNESCAPED_UNICODE); //ONLY ADMINS ARE ALLOWED TO UPDATE IGNORE LIST - if ($permission != 3 && $permission != 4){ + if (getHierarchyLevel($partner) != 1 && getHierarchyLevel($partner) != 0){ unset($post_content['ignore_list']); } } diff --git a/api/v1/post/equipments.php b/api/v1/post/equipments.php index 7200512..198012c 100644 --- a/api/v1/post/equipments.php +++ b/api/v1/post/equipments.php @@ -47,7 +47,7 @@ if ($id != ''){ $owner_equipment = (($equipment_data['createdby'] == $username)? 1 : 0); - if ($permission == 4){ + if (getHierarchyLevel($partner) == 0){ //ADMIN+ ONLY ARE ALLOWED TO CHANGE SALES AND SOLD $account = array( "salesid"=>$salesid_new, @@ -57,7 +57,7 @@ if ($id != ''){ "section"=>$section_new ); } - elseif ($permission == 3) { + elseif (getHierarchyLevel($partner) == 1) { //ADMIN ONLY ARE ALLOWED TO CHANGE SOLD $account = array( "salesid"=>$equipment_old->salesid, @@ -79,7 +79,7 @@ if ($id != ''){ } else { //ID is empty => INSERT / NEW RECORD - if ($permission == 4){ + if (getHierarchyLevel($partner) == 0){ $account = array( "salesid"=>$post_content['salesid'], "soldto"=>$post_content['soldto'], @@ -89,7 +89,7 @@ else { ); } - elseif ($permission == 3){ + elseif (getHierarchyLevel($partner) == 1){ $account = array( "salesid"=>$partner->salesid, "soldto"=>$post_content['soldto'], diff --git a/api/v1/post/partners.php b/api/v1/post/partners.php index 6f1be77..ea07e22 100644 --- a/api/v1/post/partners.php +++ b/api/v1/post/partners.php @@ -41,7 +41,7 @@ if ($id != ''){ $salesid_new = (($post_content['salesid'] != '' && $post_content['salesid'] != $partnerhierarchy_old->salesid)? $post_content['salesid'] : $partnerhierarchy_old->salesid); $soldto_new = (($post_content['soldto'] != '' && $post_content['soldto'] != $partnerhierarchy_old->soldto)? $post_content['soldto'] : $partnerhierarchy_old->soldto); - if ($permission == 3 || $permission == 4){ + if (getHierarchyLevel($partner) == 1 || getHierarchyLevel($partner) == 0){ //ADMIN ONLY ARE ALLOWED TO CHANGE SALES AND SOLD $account = array( "salesid"=>$salesid_new, @@ -56,7 +56,7 @@ if ($id != ''){ } else { //ID is empty => INSERT / NEW RECORD - if ($permission == 3 || $permission == 4){ + if (getHierarchyLevel($partner) == 1 || getHierarchyLevel($partner) == 0){ //ADMIN ONLY ARE ALLOWED TO CHANGE SALES AND SOLD $account = array( "salesid"=>$partner->salesid, diff --git a/api/v1/post/users.php b/api/v1/post/users.php index 1d35037..96ca3b1 100644 --- a/api/v1/post/users.php +++ b/api/v1/post/users.php @@ -50,7 +50,7 @@ $soldto_new = ((isset($post_content['soldto']) && $post_content['soldto'] != '' $shipto_new = (($post_content['shipto'] != '' && $post_content['shipto'] != $partnerhierarchy_old->shipto)? $post_content['shipto'] : $partnerhierarchy_old->shipto); $location_new = (($post_content['location'] != '' && $post_content['location'] != $partnerhierarchy_old->location)? $post_content['location'] : $partnerhierarchy_old->location); - if ($permission == 4){ + if (getHierarchyLevel($partner) == 0){ //ADMIN+ ONLY ARE ALLOWED TO CHANGE SALES AND SOLD $account = array( "salesid"=>$salesid_new, @@ -58,7 +58,7 @@ $location_new = (($post_content['location'] != '' && $post_content['location'] ! "shipto"=>$shipto_new, "location"=>$location_new ); - }elseif ($permission == 3) { + }elseif (getHierarchyLevel($partner) == 1) { //ADMIN ONLY ARE ALLOWED TO CHANGE SOLD $account = array( "salesid"=>$partner->salesid, @@ -77,7 +77,7 @@ $location_new = (($post_content['location'] != '' && $post_content['location'] ! } } elseif ($command == 'insert') { //ID is empty => INSERT / NEW RECORD - if ($permission == 4){ + if (getHierarchyLevel($partner) == 0){ //ADMIN+ ONLY ARE ALLOWED TO CHANGE SALES AND SOLD $account = array( "salesid"=>$post_content['salesid'], @@ -86,7 +86,7 @@ $location_new = (($post_content['location'] != '' && $post_content['location'] ! "location"=>$post_content['location'] ); } - elseif ($permission == 3){ + elseif (getHierarchyLevel($partner) == 1){ //ADMIN ONLY ARE ALLOWED TO CHANGE SOLD $account = array( "salesid"=>$partner->salesid, diff --git a/api/v2/post/accounts.php b/api/v2/post/accounts.php index 6e7af66..eddcce5 100644 --- a/api/v2/post/accounts.php +++ b/api/v2/post/accounts.php @@ -38,7 +38,7 @@ if ($id != ''){ $salesid_new = ((isset($post_content['salesid']) && $post_content['salesid'] != '' && $post_content['salesid'] != $accounthierarchy_old->salesid)? $post_content['salesid'] : $accounthierarchy_old->salesid); $soldto_new = ((isset($post_content['soldto']) && $post_content['soldto'] != '' && $post_content['soldto'] != $accounthierarchy_old->soldto)? $post_content['soldto'] : $accounthierarchy_old->soldto); - if ($permission == 3 || $permission == 4){ + if (getHierarchyLevel($partner) == 1 || getHierarchyLevel($partner) == 0){ //ADMIN ONLY ARE ALLOWED TO CHANGE SALES AND SOLD $account = array( "salesid"=>$salesid_new, diff --git a/api/v2/post/contracts.php b/api/v2/post/contracts.php index 9ecb7bb..74621e4 100644 --- a/api/v2/post/contracts.php +++ b/api/v2/post/contracts.php @@ -58,7 +58,7 @@ if ($id != ''){ $shipto_new = ((isset($post_content['shipto']) && $post_content['shipto'] != '' && $post_content['shipto'] != $contract_old->shipto)? $post_content['shipto'] : $contract_old->shipto); $location_new = ((isset($post_content['location']) && $post_content['location'] != '' && $post_content['location'] != $contract_old->location)? $post_content['location'] : $contract_old->location); - if ($permission == 4){ + if (getHierarchyLevel($partner) == 0){ //ADMIN+ ONLY ARE ALLOWED TO CHANGE SALES AND SOLD $account = array( "salesid"=>$salesid_new, @@ -67,7 +67,7 @@ if ($id != ''){ "location"=>$location_new ); } - elseif ($permission == 3) { + elseif (getHierarchyLevel($partner) == 1) { //ADMIN ONLY ARE ALLOWED TO CHANGE SOLD $account = array( "salesid"=>$contract_old->salesid, @@ -120,7 +120,7 @@ if ($id != ''){ } else { //ID is empty => INSERT / NEW RECORD - if ($permission == 4){ + if (getHierarchyLevel($partner) == 0){ $account = array( "salesid"=>$post_content['salesid'], "soldto"=>$post_content['soldto'], @@ -128,7 +128,7 @@ else { "location"=>$post_content['location'] ); } - elseif ($permission == 3){ + elseif (getHierarchyLevel($partner) == 1){ $account = array( "salesid"=>$partner->salesid, "soldto"=>$post_content['soldto'], @@ -161,7 +161,7 @@ if (isset($post_content['ignore_list'])){ $post_content['ignore_list'] = json_encode($post_content['ignore_list'], JSON_UNESCAPED_UNICODE); //ONLY ADMINS ARE ALLOWED TO UPDATE IGNORE LIST - if ($permission != 3 && $permission != 4){ + if (getHierarchyLevel($partner) != 1 && getHierarchyLevel($partner) != 0){ unset($post_content['ignore_list']); } } diff --git a/api/v2/post/equipments.php b/api/v2/post/equipments.php index f7adcc8..9057ddb 100644 --- a/api/v2/post/equipments.php +++ b/api/v2/post/equipments.php @@ -47,7 +47,7 @@ if ($id != ''){ $owner_equipment = (($equipment_data['createdby'] == $username)? 1 : 0); - if ($permission == 4){ + if (getHierarchyLevel($partner) == 0){ //ADMIN+ ONLY ARE ALLOWED TO CHANGE SALES AND SOLD $account = array( "salesid"=>$salesid_new, @@ -57,7 +57,7 @@ if ($id != ''){ "section"=>$section_new ); } - elseif ($permission == 3) { + elseif (getHierarchyLevel($partner) == 1) { //ADMIN ONLY ARE ALLOWED TO CHANGE SOLD $account = array( "salesid"=>$equipment_old->salesid, @@ -79,7 +79,7 @@ if ($id != ''){ } else { //ID is empty => INSERT / NEW RECORD - if ($permission == 4){ + if (getHierarchyLevel($partner) == 0){ $account = array( "salesid"=>$post_content['salesid'], "soldto"=>$post_content['soldto'], @@ -89,7 +89,7 @@ else { ); } - elseif ($permission == 3){ + elseif (getHierarchyLevel($partner) == 1){ $account = array( "salesid"=>$partner->salesid, "soldto"=>$post_content['soldto'], diff --git a/api/v2/post/users.php b/api/v2/post/users.php index 6532102..5f608d0 100644 --- a/api/v2/post/users.php +++ b/api/v2/post/users.php @@ -50,7 +50,7 @@ $soldto_new = (array_key_exists('soldto', $post_content)) ? $post_content['soldt $shipto_new = (array_key_exists('shipto', $post_content)) ? $post_content['shipto'] : ($partnerhierarchy_old->shipto ?? ''); $location_new = (array_key_exists('location', $post_content)) ? $post_content['location'] : ($partnerhierarchy_old->location ?? ''); - if ($permission == 4){ + if (getHierarchyLevel($partner) == 0){ //ADMIN+ ONLY ARE ALLOWED TO CHANGE SALES AND SOLD $account = array( "salesid"=>$salesid_new, @@ -58,7 +58,7 @@ $location_new = (array_key_exists('location', $post_content)) ? $post_content['l "shipto"=>$shipto_new, "location"=>$location_new ); - }elseif ($permission == 3) { + }elseif (getHierarchyLevel($partner) == 1) { //ADMIN ONLY ARE ALLOWED TO CHANGE SOLD $account = array( "salesid"=>$partner->salesid, @@ -77,7 +77,7 @@ $location_new = (array_key_exists('location', $post_content)) ? $post_content['l } } elseif ($command == 'insert') { //ID is empty => INSERT / NEW RECORD - if ($permission == 4){ + if (getHierarchyLevel($partner) == 0){ //ADMIN+ ONLY ARE ALLOWED TO CHANGE SALES AND SOLD $account = array( "salesid"=>$post_content['salesid'], @@ -86,7 +86,7 @@ $location_new = (array_key_exists('location', $post_content)) ? $post_content['l "location"=>$post_content['location'] ); } - elseif ($permission == 3){ + elseif (getHierarchyLevel($partner) == 1){ //ADMIN ONLY ARE ALLOWED TO CHANGE SOLD $account = array( "salesid"=>$partner->salesid, diff --git a/assets/.DS_Store b/assets/.DS_Store index 1ba4cf5..7502f1f 100644 Binary files a/assets/.DS_Store and b/assets/.DS_Store differ diff --git a/assets/functions.php b/assets/functions.php index 2d8d875..4d7e3fc 100644 --- a/assets/functions.php +++ b/assets/functions.php @@ -1507,101 +1507,179 @@ function ioAPIv2_FileUpload($api_call, $fileData, $additionalData = [], $token = } //------------------------------------------ -// DEFINE WHERECLAUSE BASED ON ACCOUNTHIERARCHY ALL +// DEFINE WHERECLAUSE BASED ON ACCOUNTHIERARCHY //------------------------------------------ +function getWhereclause($table_name, $permission, $partner, $method) { + // API name converter to table + $table = [ + "equipment" => "e.accounthierarchy", + "products" => "p.accounthierarchy", + "profile" => "partnerhierarchy", + "text_variables" => "tv.accounthierarchy", + "products_attributes_items" => "pat.accounthierarchy", + "products_attributes_groups" => "pag.accounthierarchy", + "pricelists" => "pls.accounthierarchy", + "pricelists_items" => "pli.accounthierarchy" + ]; -function getWhereclause($table_name,$permission,$partner,$method){ + $table = ($table_name != '') ? $table[$table_name] : 'accounthierarchy'; + $type = ($method == 'get') ? 'WHERE ' : ' AND '; - //api_name converter to table - $table =[ - "equipment" => "e.accounthierarchy", - "products" => "p.accounthierarchy", - "profile" => "partnerhierarchy", - "text_variables" => "tv.accounthierarchy", - "products_attributes_items" => "pat.accounthierarchy", - "products_attributes_groups" => "pag.accounthierarchy", - "pricelists" => "pls.accounthierarchy", - "pricelists_items" => "pli.accounthierarchy" - ]; + // If permission is 4, grant full access (admin+) + if ($permission == '4' || $permission === 4) { + return array('', ''); + } - $table = ($table_name != '') ? $table[$table_name] : 'accounthierarchy'; - $type = ($method == 'get') ? 'WHERE ' : ' AND '; - //SoldTo is empty - if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';} + // Determine hierarchy level based on which fields are filled + $hierarchy_level = getHierarchyLevel($partner); + + // Build condition based on hierarchy level + $condition = buildHierarchyCondition($partner, $hierarchy_level); + + // Build whereclause + $whereclause = ($condition != '') ? $type . $table . ' LIKE "' . $condition . '"' : ''; - //default whereclause - $whereclause = ''; - - switch ($permission) { - case '4': - $whereclause = ''; - $condition = ''; - break; - case '3': - $condition = '__salesid___'.$partner->salesid.'___soldto___%'; - $whereclause = $type.$table.' like "'.$condition.'"'; - break; - case '2': - $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search; - $whereclause = $type.$table.' like "'.$condition.'"'; - break; - default: - $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search.'___shipto___'.substr($partner->shipto, 0, strpos($partner->shipto, "-")).'%___location___'.substr($partner->location, 0, strpos($partner->location, "-")).'%'; - $whereclause = $type.$table.' like "'.$condition.'"'; - break; - } - - return array($whereclause,$condition); + return array($whereclause, $condition); } -//------------------------------------------ -// DEFINE WHERECLAUSE BASED ON ACCOUNTHIERARCHY SALES AND SOLD -//------------------------------------------ -function getWhereclauselvl2($table_name,$permission,$partner,$method){ +function getWhereclauselvl2($table_name, $permission, $partner, $method) { + // API name converter to table + $table = [ + "pricelist" => "pls.accounthierarchy", + "communications" => "salesID", + "partners" => "salesID", + "discounts" => "d.accounthierarchy", + "invoice" => "inv.accounthierarchy", + "attributes" => "pat.accounthierarchy", + "config" => "pc.accounthierarchy", + "software" => "p.accounthierarchy", + "transactions" => "tx.accounthierarchy", + "dealers" => "d.accounthierarchy", + "categories" => "c.accounthierarchy", + "products_software_licenses" => "l.accounthierarchy" + ]; - //api_name converter to table - $table =[ - "pricelist" => "pls.accounthierarchy", - "communications" => "salesID", - "partners" => "salesID", - "discounts" => "d.accounthierarchy", - "invoice" => "inv.accounthierarchy", - "attributes" => "pat.accounthierarchy", - "config" => "pc.accounthierarchy", - "software" => "p.accounthierarchy", - "transactions" => "tx.accounthierarchy", - "dealers" => "d.accounthierarchy", - "categories" => "c.accounthierarchy", - "products_software_licenses" => "l.accounthierarchy" - ]; + $table = ($table_name != '') ? $table[$table_name] : 'accounthierarchy'; + $type = ($method == 'get') ? 'WHERE ' : ' AND '; - $table = ($table_name != '') ? $table[$table_name] : 'accounthierarchy'; - $type = ($method == 'get') ? 'WHERE ' : ' AND '; - - //SoldTo is empty - if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';} + // If permission is 4, grant full access (admin+) + if ($permission == '4' || $permission === 4) { + return array('', ''); + } - //default whereclause - $whereclause = ''; + // Determine hierarchy level (lvl2 only uses salesid and soldto) + $hierarchy_level = getHierarchyLevelLvl2($partner); + + // Build condition based on hierarchy level + $condition = buildHierarchyConditionLvl2($partner, $hierarchy_level); + + // Build whereclause + $whereclause = ($condition != '') ? $type . $table . ' LIKE "' . $condition . '"' : ''; - switch ($permission) { - case '4': - $whereclause = ''; - $condition = ''; - break; - case '3': - $condition = '__salesid___'.$partner->salesid.'___soldto___%'; - $whereclause = $type.$table.' like "'.$condition.'" '; - break; - default: - $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search; - $whereclause = $type.$table.' like "'.$condition.'"'; - break; -} - - return array($whereclause,$condition); + return array($whereclause, $condition); } +// Helper function to determine hierarchy level for full hierarchy (4 levels) +function getHierarchyLevel($partner) { + // Level 4: All fields filled (salesid, soldto, shipto, location) + if (!empty($partner->salesid) && !empty($partner->soldto) && + !empty($partner->shipto) && !empty($partner->location)) { + return 4; + } + // Level 3: salesid, soldto, shipto filled (location empty) + if (!empty($partner->salesid) && !empty($partner->soldto) && + !empty($partner->shipto) && empty($partner->location)) { + return 3; + } + // Level 2: salesid, soldto filled (shipto and location empty) + if (!empty($partner->salesid) && !empty($partner->soldto) && + empty($partner->shipto) && empty($partner->location)) { + return 2; + } + // Level 1: Only salesid filled + if (!empty($partner->salesid) && empty($partner->soldto)) { + return 1; + } + // Level 0: No restrictions (all access) + return 0; +} + +// Helper function to determine hierarchy level for lvl2 (2 levels only) +function getHierarchyLevelLvl2($partner) { + // Level 2: salesid and soldto filled + if (!empty($partner->salesid) && !empty($partner->soldto)) { + return 2; + } + // Level 1: Only salesid filled + if (!empty($partner->salesid) && empty($partner->soldto)) { + return 1; + } + // Level 0: No restrictions (all access) + return 0; +} + +// Helper function to build condition string for full hierarchy +function buildHierarchyCondition($partner, $level) { + $condition = ''; + + switch ($level) { + case 4: // Exact match on all 4 levels + $condition = '__salesid___' . $partner->salesid . + '___soldto___' . substr($partner->soldto, 0, strpos($partner->soldto, "-")) . '-' . + substr($partner->soldto, strpos($partner->soldto, "-") + 1) . + '___shipto___' . substr($partner->shipto, 0, strpos($partner->shipto, "-")) . '-' . + substr($partner->shipto, strpos($partner->shipto, "-") + 1) . + '___location___' . substr($partner->location, 0, strpos($partner->location, "-")) . '-' . + substr($partner->location, strpos($partner->location, "-") + 1) . '%'; + break; + + case 3: // Match salesid, soldto, shipto - all locations under this shipto + $condition = '__salesid___' . $partner->salesid . + '___soldto___' . substr($partner->soldto, 0, strpos($partner->soldto, "-")) . '-' . + substr($partner->soldto, strpos($partner->soldto, "-") + 1) . + '___shipto___' . substr($partner->shipto, 0, strpos($partner->shipto, "-")) . '-%'; + break; + + case 2: // Match salesid, soldto - all shiptos and locations under this soldto + $condition = '__salesid___' . $partner->salesid . + '___soldto___' . substr($partner->soldto, 0, strpos($partner->soldto, "-")) . '-%'; + break; + + case 1: // Match salesid only - all soldtos, shiptos, and locations under this salesid + $condition = '__salesid___' . $partner->salesid . '___soldto___%'; + break; + + case 0: // No restrictions + $condition = ''; + break; + } + + return $condition; +} + +// Helper function to build condition string for lvl2 +function buildHierarchyConditionLvl2($partner, $level) { + $condition = ''; + + switch ($level) { + case 2: // Match salesid and soldto + $condition = '__salesid___' . $partner->salesid . + '___soldto___' . substr($partner->soldto, 0, strpos($partner->soldto, "-")) . '-%'; + break; + + case 1: // Match salesid only + $condition = '__salesid___' . $partner->salesid . '___soldto___%'; + break; + + case 0: // No restrictions + $condition = ''; + break; + } + + return $condition; +} + + //+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ //get user profile||$profile=settings, $permision = userright() //+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ @@ -1648,6 +1726,7 @@ function getProfile($profile, $permission){ $always_allowed = [ 'com_log' => 'CRU', 'application' => 'CRU', + 'user_role_assignments' => 'R', 'user_permissions' => 'R', 'software_update' => 'R', 'software_download' => 'R', @@ -1662,10 +1741,19 @@ function getProfile($profile, $permission){ return 1; } - // 2. Check always_allowed list - if (isset($always_allowed[$access_element]) && str_contains($always_allowed[$access_element], $action)) { - - return 1; + // 2. Check always_allowed list (supports multi-action like 'RU') + if (isset($always_allowed[$access_element])) { + $actions = str_split($action); + $all_in_allowed = true; + foreach ($actions as $single_action) { + if (!str_contains($always_allowed[$access_element], $single_action)) { + $all_in_allowed = false; + break; + } + } + if ($all_in_allowed) { + return 1; + } } // 3. Check RBAC permissions array (from getUserPermissions()) @@ -1680,10 +1768,20 @@ function getProfile($profile, $permission){ 'D' => 'can_delete' ]; - $permission_key = $action_map[$action] ?? null; + // Check each action in the string (supports 'R', 'RU', 'CRUD', etc.) + $actions = str_split($action); + $all_allowed = true; - if ($permission_key && isset($element_permissions[$permission_key]) && $element_permissions[$permission_key] == 1) { - + foreach ($actions as $single_action) { + $permission_key = $action_map[$single_action] ?? null; + + if (!$permission_key || !isset($element_permissions[$permission_key]) || $element_permissions[$permission_key] != 1) { + $all_allowed = false; + break; + } + } + + if ($all_allowed) { return 1; } diff --git a/cartests.php b/cartests.php index 8fb8062..eb2a160 100644 --- a/cartests.php +++ b/cartests.php @@ -112,7 +112,7 @@ $view .= ' '.$general_filters_clear.''; //SHOW DOWNLOAD TO EXCELL OPTION ONLY TO ADMIN USERS -if ($_SESSION['authorization']['permission'] == 3 || $_SESSION['authorization']['permission'] == 4){ +if (isAllowed('cartests',$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'D') === 0){ $view .= ' Download '; diff --git a/equipments.php b/equipments.php index ce10695..0d1e811 100644 --- a/equipments.php +++ b/equipments.php @@ -192,7 +192,7 @@ $view .= ' X'; //SHOW DOWNLOAD TO EXCELL OPTION ONLY TO ADMIN USERS -if ($_SESSION['authorization']['permission'] == 3 || $_SESSION['authorization']['permission'] == 4){ +if (isAllowed('equipments',$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'CRU') === 0){ $view .= ' '; diff --git a/report_healthindex.php b/report_healthindex.php index 2f6d47f..50c5b82 100644 --- a/report_healthindex.php +++ b/report_healthindex.php @@ -135,7 +135,7 @@ $view .= ' '; //SHOW DOWNLOAD TO EXCELL OPTION ONLY TO ADMIN USERS -if ($_SESSION['authorization']['permission'] == 3 || $_SESSION['authorization']['permission'] == 4){ +if (isAllowed('report_healthindex',$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'CRU') === 0){ $view .='
'; diff --git a/rmas.php b/rmas.php index 18bb132..3513b04 100644 --- a/rmas.php +++ b/rmas.php @@ -113,7 +113,7 @@ $view .= ' '.$general_filters_clear.''; //SHOW DOWNLOAD TO EXCELL OPTION ONLY TO ADMIN USERS -if ($_SESSION['authorization']['permission'] == 3 || $_SESSION['authorization']['permission'] == 4){ +if (isAllowed('rmas',$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'CRU') === 0){ $view .= ' Download '; diff --git a/softwaretool.php b/softwaretool.php index e1251d9..0a23dab 100644 --- a/softwaretool.php +++ b/softwaretool.php @@ -124,16 +124,19 @@ if ($payment_return && $payment_return_status) { $payment_modal = ' '; + + '; } else if ($transaction['payment_status'] == 0 || $transaction['payment_status'] == 101) { // Payment pending $payment_modal = ' @@ -362,6 +365,132 @@ echo ' } }; + // Automatically trigger installation after successful payment + window.triggerAutoInstallAfterPayment = async function() { + if (typeof window.PAYMENT_SUCCESS_ORDER_ID === \'undefined\') { + return; // Not a payment success return + } + + const orderId = window.PAYMENT_SUCCESS_ORDER_ID; + console.log("Payment success detected for order:", orderId); + + try { + // Step 1: Connect to device and read serial number, version, hardware + console.log("Step 1: Connecting to device and reading information..."); + await connectDeviceForSoftware(); + + // Wait for device reading to complete + await new Promise(resolve => setTimeout(resolve, 2000)); + + // Step 2: Verify device is connected and serial number is read + if (!deviceSerialNumber) { + throw new Error("Device not connected or serial number not read. Please ensure your device is connected."); + } + + console.log("Device connected - SN:", deviceSerialNumber, "Version:", deviceVersion, "HW:", deviceHwVersion); + + // Step 3: Fetch payment details to get the purchased version_id + console.log("Step 2: Fetching payment details..."); + const serviceToken = document.getElementById("servicetoken")?.innerHTML || \'\'; + + const paymentResponse = await fetch(link + `/v2/payment?payment_id=${orderId}`, { + method: "GET", + headers: { + "Authorization": "Bearer " + serviceToken + } + }); + + if (!paymentResponse.ok) { + throw new Error("Could not verify payment details"); + } + + const paymentData = await paymentResponse.json(); + console.log("Payment data:", paymentData); + + const purchasedVersionId = paymentData.version_id; + if (!purchasedVersionId) { + throw new Error("No version_id found in payment data"); + } + + console.log("Purchased version_id:", purchasedVersionId); + + // Step 4: Call software_update API to get available options + // After payment, the purchased version should now be free (price = 0) + console.log("Step 3: Fetching software options from software_update..."); + const updateUrl = link + "/v2/software_update/sn=" + deviceSerialNumber + + (deviceVersion ? "&version=" + deviceVersion : "") + + (deviceHwVersion ? "&hw_version=" + deviceHwVersion : ""); + + const updateResponse = await fetch(updateUrl, { + method: "GET", + headers: { + "Authorization": "Bearer " + serviceToken, + "Content-Type": "application/json" + } + }); + + const options = await updateResponse.json(); + console.log("Software options received:", options); + + if (options.error || !options || options.length === 0) { + throw new Error("No software updates available for this device"); + } + + // Step 5: Find the purchased version by matching version_id + // After payment, it should be returned with price = 0 (free/licensed) + const selectedOption = options.find(opt => opt.version_id === purchasedVersionId); + + if (!selectedOption) { + throw new Error(`Purchased version (ID: ${purchasedVersionId}) not found in available options. Please try manually.`); + } + + // Verify it has a download source + if (!selectedOption.source) { + throw new Error("Selected software option has no download link"); + } + + console.log("Found purchased version:", selectedOption); + console.log("Version price:", selectedOption.price, "(should be 0 after license activation)"); + await logCommunication(`Auto-install: Starting installation of ${selectedOption.name} v${selectedOption.version} (version_id: ${purchasedVersionId})`, \'sent\'); + + // Step 6: Start automatic installation + console.log("Step 4: Starting installation..."); + await downloadAndInstallSoftware(selectedOption); + + // Close the payment modal after starting installation + setTimeout(() => { + closePaymentModal(); + }, 2000); + + } catch (error) { + console.error("Auto-installation failed:", error); + await logCommunication(`Auto-installation error: ${error.message}`, \'error\'); + + // Update modal to show error with actionable message + const modal = document.getElementById("paymentModal"); + if (modal) { + const modalContent = modal.querySelector(\'.modal-content > div\'); + if (modalContent) { + modalContent.innerHTML = ` + +

Auto-Installation Failed

+

${error.message}

+

Please close this popup and manually connect your device to install the software.

+ + `; + } + } + } + }; + + // Trigger auto-install when payment success is detected + if (typeof window.PAYMENT_SUCCESS_ORDER_ID !== \'undefined\') { + // Wait for page to fully load and JavaScript to initialize, then trigger + setTimeout(() => { + triggerAutoInstallAfterPayment(); + }, 2000); + } + // Close modal on background click document.addEventListener("click", function(e) { const helpModal = document.getElementById("helpModal"); diff --git a/translation_manage.php b/translation_manage.php index 2cb4d47..4bcb0b3 100644 --- a/translation_manage.php +++ b/translation_manage.php @@ -66,7 +66,7 @@ if (isset($_GET['rowID'])) { if ($responses === 'NOK'){ } else { - if ($_SESSION['authorization']['permission'] == 4){ + if (isAllowed('translations',$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'CRUD') === 0){ generateLanguageFile($_POST['language_key'],$_SESSION['authorization']['userkey']); } header('Location: index.php?page=translation_manage&rowID='.$_GET['rowID'].''); @@ -99,7 +99,7 @@ if (isset($_GET['rowID'])) { if ($NOK_error == 0){ //NO errors generatelanguagefile - if ($_SESSION['authorization']['permission'] == 4){ + if (isAllowed('translations',$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'CRUD') === 0){ generateLanguageFile($attr_language,$_SESSION['authorization']['userkey']); } } diff --git a/user.php b/user.php index c36c70e..65b1504 100644 --- a/user.php +++ b/user.php @@ -411,7 +411,7 @@ $view .= ''; // Close content-block $view .= ''; // Close content-block-wrapper // Permissions Block -$view .= '
+$view .= '