From 9e5f5581bee848ba5b2e781ba6ec5b3607dda8be Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=80=9CVeLiTi=E2=80=9D?= <“info@veliti.nl”> Date: Wed, 28 Jan 2026 14:32:49 +0100 Subject: [PATCH] Refactor permission checks across multiple files to utilize isAllowed function for better access control management. Updated hierarchy level checks in account, contracts, equipments, partners, users, and API endpoints to streamline permission validation. Enhanced download options visibility based on user permissions in various reports and management pages. Improved modal behavior and auto-installation process in software tool after payment success. Added new helper functions for building dynamic where clauses based on user hierarchy levels. --- .DS_Store | Bin 12292 -> 12292 bytes account.php | 4 +- api/v1/post/accounts.php | 2 +- api/v1/post/contracts.php | 10 +- api/v1/post/equipments.php | 8 +- api/v1/post/partners.php | 4 +- api/v1/post/users.php | 8 +- api/v2/post/accounts.php | 2 +- api/v2/post/contracts.php | 10 +- api/v2/post/equipments.php | 8 +- api/v2/post/users.php | 8 +- assets/.DS_Store | Bin 6148 -> 6148 bytes assets/functions.php | 276 +++++++++++++++++++++++++------------ cartests.php | 2 +- equipments.php | 2 +- report_healthindex.php | 2 +- rmas.php | 2 +- softwaretool.php | 139 ++++++++++++++++++- translation_manage.php | 4 +- user.php | 2 +- 20 files changed, 360 insertions(+), 133 deletions(-) diff --git a/.DS_Store b/.DS_Store index 9d4c452e8d05565dc11a62679d1101247abf067b..8f764648eda816b2498ef5584f36f7e42e03a7c9 100644 GIT binary patch delta 171 zcmZokXi1ph&uFtT;4m9!T1s(pQht68<78&`7d#9M42(bw1RUI(4@!u$Y*y!a!px|% znMZ(`Ns@yhjUkhvh#{AuoFNfNr@}OE<`!DVD8mVq010O^q%xEM73MLd!xS)X-X<)` r!^ppxM}eIgVdrLM<>}0m_bM4|UM{B0xS37kGt1@&D!Uk=LW+z46_78p delta 121 zcmZokXi1ph&uFsoldto) ?? ''; //DISPLAY RELATED COMMUNICATION RECORDS $view_communication = ''; -if ($_SESSION['authorization']['permission'] == 3 || $_SESSION['authorization']['permission'] == 4){ +if (isAllowed('communications',$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 0){ $view_communication = ' '.$button_partner_assigned_communication.''; } //DISPLAY RELATED USERS $view_users =''; -if ($_SESSION['authorization']['permission'] == 3 || $_SESSION['authorization']['permission'] == 4){ +if (isAllowed('users',$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 0){ $view_users = ' '.$button_partner_assigned_users.''; } diff --git a/api/v1/post/accounts.php b/api/v1/post/accounts.php index 072c4bf..26049a7 100644 --- a/api/v1/post/accounts.php +++ b/api/v1/post/accounts.php @@ -40,7 +40,7 @@ if ($id != ''){ $salesid_new = (($post_content['salesid'] != '' && $post_content['salesid'] != $accounthierarchy_old->salesid)? $post_content['salesid'] : $accounthierarchy_old->salesid); $soldto_new = (($post_content['soldto'] != '' && $post_content['soldto'] != $accounthierarchy_old->soldto)? $post_content['soldto'] : $accounthierarchy_old->soldto); - if ($permission == 3 || $permission == 4){ + if (getHierarchyLevel($partner) == 1 || getHierarchyLevel($partner) == 0){ //ADMIN ONLY ARE ALLOWED TO CHANGE SALES AND SOLD $account = array( "salesid"=>$salesid_new, diff --git a/api/v1/post/contracts.php b/api/v1/post/contracts.php index 498f164..12f90e7 100644 --- a/api/v1/post/contracts.php +++ b/api/v1/post/contracts.php @@ -58,7 +58,7 @@ if ($id != ''){ $shipto_new = (($post_content['shipto'] != '' && $post_content['shipto'] != $contract_old->shipto)? $post_content['shipto'] : $contract_old->shipto); $location_new = (($post_content['location'] != '' && $post_content['location'] != $contract_old->location)? $post_content['location'] : $contract_old->location); - if ($permission == 4){ + if (getHierarchyLevel($partner) == 0){ //ADMIN+ ONLY ARE ALLOWED TO CHANGE SALES AND SOLD $account = array( "salesid"=>$salesid_new, @@ -67,7 +67,7 @@ if ($id != ''){ "location"=>$location_new ); } - elseif ($permission == 3) { + elseif (getHierarchyLevel($partner) == 1) { //ADMIN ONLY ARE ALLOWED TO CHANGE SOLD $account = array( "salesid"=>$contract_old->salesid, @@ -120,7 +120,7 @@ if ($id != ''){ } else { //ID is empty => INSERT / NEW RECORD - if ($permission == 4){ + if (getHierarchyLevel($partner) == 0){ $account = array( "salesid"=>$post_content['salesid'], "soldto"=>$post_content['soldto'], @@ -128,7 +128,7 @@ else { "location"=>$post_content['location'] ); } - elseif ($permission == 3){ + elseif (getHierarchyLevel($partner) == 1){ $account = array( "salesid"=>$partner->salesid, "soldto"=>$post_content['soldto'], @@ -160,7 +160,7 @@ if (isset($post_content['servicetool'])){ if (isset($post_content['ignore_list'])){ $post_content['ignore_list'] = json_encode($post_content['ignore_list'], JSON_UNESCAPED_UNICODE); //ONLY ADMINS ARE ALLOWED TO UPDATE IGNORE LIST - if ($permission != 3 && $permission != 4){ + if (getHierarchyLevel($partner) != 1 && getHierarchyLevel($partner) != 0){ unset($post_content['ignore_list']); } } diff --git a/api/v1/post/equipments.php b/api/v1/post/equipments.php index 7200512..198012c 100644 --- a/api/v1/post/equipments.php +++ b/api/v1/post/equipments.php @@ -47,7 +47,7 @@ if ($id != ''){ $owner_equipment = (($equipment_data['createdby'] == $username)? 1 : 0); - if ($permission == 4){ + if (getHierarchyLevel($partner) == 0){ //ADMIN+ ONLY ARE ALLOWED TO CHANGE SALES AND SOLD $account = array( "salesid"=>$salesid_new, @@ -57,7 +57,7 @@ if ($id != ''){ "section"=>$section_new ); } - elseif ($permission == 3) { + elseif (getHierarchyLevel($partner) == 1) { //ADMIN ONLY ARE ALLOWED TO CHANGE SOLD $account = array( "salesid"=>$equipment_old->salesid, @@ -79,7 +79,7 @@ if ($id != ''){ } else { //ID is empty => INSERT / NEW RECORD - if ($permission == 4){ + if (getHierarchyLevel($partner) == 0){ $account = array( "salesid"=>$post_content['salesid'], "soldto"=>$post_content['soldto'], @@ -89,7 +89,7 @@ else { ); } - elseif ($permission == 3){ + elseif (getHierarchyLevel($partner) == 1){ $account = array( "salesid"=>$partner->salesid, "soldto"=>$post_content['soldto'], diff --git a/api/v1/post/partners.php b/api/v1/post/partners.php index 6f1be77..ea07e22 100644 --- a/api/v1/post/partners.php +++ b/api/v1/post/partners.php @@ -41,7 +41,7 @@ if ($id != ''){ $salesid_new = (($post_content['salesid'] != '' && $post_content['salesid'] != $partnerhierarchy_old->salesid)? $post_content['salesid'] : $partnerhierarchy_old->salesid); $soldto_new = (($post_content['soldto'] != '' && $post_content['soldto'] != $partnerhierarchy_old->soldto)? $post_content['soldto'] : $partnerhierarchy_old->soldto); - if ($permission == 3 || $permission == 4){ + if (getHierarchyLevel($partner) == 1 || getHierarchyLevel($partner) == 0){ //ADMIN ONLY ARE ALLOWED TO CHANGE SALES AND SOLD $account = array( "salesid"=>$salesid_new, @@ -56,7 +56,7 @@ if ($id != ''){ } else { //ID is empty => INSERT / NEW RECORD - if ($permission == 3 || $permission == 4){ + if (getHierarchyLevel($partner) == 1 || getHierarchyLevel($partner) == 0){ //ADMIN ONLY ARE ALLOWED TO CHANGE SALES AND SOLD $account = array( "salesid"=>$partner->salesid, diff --git a/api/v1/post/users.php b/api/v1/post/users.php index 1d35037..96ca3b1 100644 --- a/api/v1/post/users.php +++ b/api/v1/post/users.php @@ -50,7 +50,7 @@ $soldto_new = ((isset($post_content['soldto']) && $post_content['soldto'] != '' $shipto_new = (($post_content['shipto'] != '' && $post_content['shipto'] != $partnerhierarchy_old->shipto)? $post_content['shipto'] : $partnerhierarchy_old->shipto); $location_new = (($post_content['location'] != '' && $post_content['location'] != $partnerhierarchy_old->location)? $post_content['location'] : $partnerhierarchy_old->location); - if ($permission == 4){ + if (getHierarchyLevel($partner) == 0){ //ADMIN+ ONLY ARE ALLOWED TO CHANGE SALES AND SOLD $account = array( "salesid"=>$salesid_new, @@ -58,7 +58,7 @@ $location_new = (($post_content['location'] != '' && $post_content['location'] ! "shipto"=>$shipto_new, "location"=>$location_new ); - }elseif ($permission == 3) { + }elseif (getHierarchyLevel($partner) == 1) { //ADMIN ONLY ARE ALLOWED TO CHANGE SOLD $account = array( "salesid"=>$partner->salesid, @@ -77,7 +77,7 @@ $location_new = (($post_content['location'] != '' && $post_content['location'] ! } } elseif ($command == 'insert') { //ID is empty => INSERT / NEW RECORD - if ($permission == 4){ + if (getHierarchyLevel($partner) == 0){ //ADMIN+ ONLY ARE ALLOWED TO CHANGE SALES AND SOLD $account = array( "salesid"=>$post_content['salesid'], @@ -86,7 +86,7 @@ $location_new = (($post_content['location'] != '' && $post_content['location'] ! "location"=>$post_content['location'] ); } - elseif ($permission == 3){ + elseif (getHierarchyLevel($partner) == 1){ //ADMIN ONLY ARE ALLOWED TO CHANGE SOLD $account = array( "salesid"=>$partner->salesid, diff --git a/api/v2/post/accounts.php b/api/v2/post/accounts.php index 6e7af66..eddcce5 100644 --- a/api/v2/post/accounts.php +++ b/api/v2/post/accounts.php @@ -38,7 +38,7 @@ if ($id != ''){ $salesid_new = ((isset($post_content['salesid']) && $post_content['salesid'] != '' && $post_content['salesid'] != $accounthierarchy_old->salesid)? $post_content['salesid'] : $accounthierarchy_old->salesid); $soldto_new = ((isset($post_content['soldto']) && $post_content['soldto'] != '' && $post_content['soldto'] != $accounthierarchy_old->soldto)? $post_content['soldto'] : $accounthierarchy_old->soldto); - if ($permission == 3 || $permission == 4){ + if (getHierarchyLevel($partner) == 1 || getHierarchyLevel($partner) == 0){ //ADMIN ONLY ARE ALLOWED TO CHANGE SALES AND SOLD $account = array( "salesid"=>$salesid_new, diff --git a/api/v2/post/contracts.php b/api/v2/post/contracts.php index 9ecb7bb..74621e4 100644 --- a/api/v2/post/contracts.php +++ b/api/v2/post/contracts.php @@ -58,7 +58,7 @@ if ($id != ''){ $shipto_new = ((isset($post_content['shipto']) && $post_content['shipto'] != '' && $post_content['shipto'] != $contract_old->shipto)? $post_content['shipto'] : $contract_old->shipto); $location_new = ((isset($post_content['location']) && $post_content['location'] != '' && $post_content['location'] != $contract_old->location)? $post_content['location'] : $contract_old->location); - if ($permission == 4){ + if (getHierarchyLevel($partner) == 0){ //ADMIN+ ONLY ARE ALLOWED TO CHANGE SALES AND SOLD $account = array( "salesid"=>$salesid_new, @@ -67,7 +67,7 @@ if ($id != ''){ "location"=>$location_new ); } - elseif ($permission == 3) { + elseif (getHierarchyLevel($partner) == 1) { //ADMIN ONLY ARE ALLOWED TO CHANGE SOLD $account = array( "salesid"=>$contract_old->salesid, @@ -120,7 +120,7 @@ if ($id != ''){ } else { //ID is empty => INSERT / NEW RECORD - if ($permission == 4){ + if (getHierarchyLevel($partner) == 0){ $account = array( "salesid"=>$post_content['salesid'], "soldto"=>$post_content['soldto'], @@ -128,7 +128,7 @@ else { "location"=>$post_content['location'] ); } - elseif ($permission == 3){ + elseif (getHierarchyLevel($partner) == 1){ $account = array( "salesid"=>$partner->salesid, "soldto"=>$post_content['soldto'], @@ -161,7 +161,7 @@ if (isset($post_content['ignore_list'])){ $post_content['ignore_list'] = json_encode($post_content['ignore_list'], JSON_UNESCAPED_UNICODE); //ONLY ADMINS ARE ALLOWED TO UPDATE IGNORE LIST - if ($permission != 3 && $permission != 4){ + if (getHierarchyLevel($partner) != 1 && getHierarchyLevel($partner) != 0){ unset($post_content['ignore_list']); } } diff --git a/api/v2/post/equipments.php b/api/v2/post/equipments.php index f7adcc8..9057ddb 100644 --- a/api/v2/post/equipments.php +++ b/api/v2/post/equipments.php @@ -47,7 +47,7 @@ if ($id != ''){ $owner_equipment = (($equipment_data['createdby'] == $username)? 1 : 0); - if ($permission == 4){ + if (getHierarchyLevel($partner) == 0){ //ADMIN+ ONLY ARE ALLOWED TO CHANGE SALES AND SOLD $account = array( "salesid"=>$salesid_new, @@ -57,7 +57,7 @@ if ($id != ''){ "section"=>$section_new ); } - elseif ($permission == 3) { + elseif (getHierarchyLevel($partner) == 1) { //ADMIN ONLY ARE ALLOWED TO CHANGE SOLD $account = array( "salesid"=>$equipment_old->salesid, @@ -79,7 +79,7 @@ if ($id != ''){ } else { //ID is empty => INSERT / NEW RECORD - if ($permission == 4){ + if (getHierarchyLevel($partner) == 0){ $account = array( "salesid"=>$post_content['salesid'], "soldto"=>$post_content['soldto'], @@ -89,7 +89,7 @@ else { ); } - elseif ($permission == 3){ + elseif (getHierarchyLevel($partner) == 1){ $account = array( "salesid"=>$partner->salesid, "soldto"=>$post_content['soldto'], diff --git a/api/v2/post/users.php b/api/v2/post/users.php index 6532102..5f608d0 100644 --- a/api/v2/post/users.php +++ b/api/v2/post/users.php @@ -50,7 +50,7 @@ $soldto_new = (array_key_exists('soldto', $post_content)) ? $post_content['soldt $shipto_new = (array_key_exists('shipto', $post_content)) ? $post_content['shipto'] : ($partnerhierarchy_old->shipto ?? ''); $location_new = (array_key_exists('location', $post_content)) ? $post_content['location'] : ($partnerhierarchy_old->location ?? ''); - if ($permission == 4){ + if (getHierarchyLevel($partner) == 0){ //ADMIN+ ONLY ARE ALLOWED TO CHANGE SALES AND SOLD $account = array( "salesid"=>$salesid_new, @@ -58,7 +58,7 @@ $location_new = (array_key_exists('location', $post_content)) ? $post_content['l "shipto"=>$shipto_new, "location"=>$location_new ); - }elseif ($permission == 3) { + }elseif (getHierarchyLevel($partner) == 1) { //ADMIN ONLY ARE ALLOWED TO CHANGE SOLD $account = array( "salesid"=>$partner->salesid, @@ -77,7 +77,7 @@ $location_new = (array_key_exists('location', $post_content)) ? $post_content['l } } elseif ($command == 'insert') { //ID is empty => INSERT / NEW RECORD - if ($permission == 4){ + if (getHierarchyLevel($partner) == 0){ //ADMIN+ ONLY ARE ALLOWED TO CHANGE SALES AND SOLD $account = array( "salesid"=>$post_content['salesid'], @@ -86,7 +86,7 @@ $location_new = (array_key_exists('location', $post_content)) ? $post_content['l "location"=>$post_content['location'] ); } - elseif ($permission == 3){ + elseif (getHierarchyLevel($partner) == 1){ //ADMIN ONLY ARE ALLOWED TO CHANGE SOLD $account = array( "salesid"=>$partner->salesid, diff --git a/assets/.DS_Store b/assets/.DS_Store index 1ba4cf5a23caa3cca1ed969ea790723f77e30419..7502f1f324f78f13bfed6b98ca295d7072285086 100644 GIT binary patch delta 55 zcmZoMXfc@J&&a(oU^g=(_hcRxV<`@X6oy2G5+F_j;$nu>w3OoHr2PCG#?3Y?>zFsQ IbNuB80FWLJ3jhEB delta 31 ncmZoMXfc@J&&ahgU^g=(*JK_R "e.accounthierarchy", + "products" => "p.accounthierarchy", + "profile" => "partnerhierarchy", + "text_variables" => "tv.accounthierarchy", + "products_attributes_items" => "pat.accounthierarchy", + "products_attributes_groups" => "pag.accounthierarchy", + "pricelists" => "pls.accounthierarchy", + "pricelists_items" => "pli.accounthierarchy" + ]; -function getWhereclause($table_name,$permission,$partner,$method){ + $table = ($table_name != '') ? $table[$table_name] : 'accounthierarchy'; + $type = ($method == 'get') ? 'WHERE ' : ' AND '; - //api_name converter to table - $table =[ - "equipment" => "e.accounthierarchy", - "products" => "p.accounthierarchy", - "profile" => "partnerhierarchy", - "text_variables" => "tv.accounthierarchy", - "products_attributes_items" => "pat.accounthierarchy", - "products_attributes_groups" => "pag.accounthierarchy", - "pricelists" => "pls.accounthierarchy", - "pricelists_items" => "pli.accounthierarchy" - ]; + // If permission is 4, grant full access (admin+) + if ($permission == '4' || $permission === 4) { + return array('', ''); + } - $table = ($table_name != '') ? $table[$table_name] : 'accounthierarchy'; - $type = ($method == 'get') ? 'WHERE ' : ' AND '; - //SoldTo is empty - if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';} + // Determine hierarchy level based on which fields are filled + $hierarchy_level = getHierarchyLevel($partner); + + // Build condition based on hierarchy level + $condition = buildHierarchyCondition($partner, $hierarchy_level); + + // Build whereclause + $whereclause = ($condition != '') ? $type . $table . ' LIKE "' . $condition . '"' : ''; - //default whereclause - $whereclause = ''; - - switch ($permission) { - case '4': - $whereclause = ''; - $condition = ''; - break; - case '3': - $condition = '__salesid___'.$partner->salesid.'___soldto___%'; - $whereclause = $type.$table.' like "'.$condition.'"'; - break; - case '2': - $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search; - $whereclause = $type.$table.' like "'.$condition.'"'; - break; - default: - $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search.'___shipto___'.substr($partner->shipto, 0, strpos($partner->shipto, "-")).'%___location___'.substr($partner->location, 0, strpos($partner->location, "-")).'%'; - $whereclause = $type.$table.' like "'.$condition.'"'; - break; - } - - return array($whereclause,$condition); + return array($whereclause, $condition); } -//------------------------------------------ -// DEFINE WHERECLAUSE BASED ON ACCOUNTHIERARCHY SALES AND SOLD -//------------------------------------------ -function getWhereclauselvl2($table_name,$permission,$partner,$method){ +function getWhereclauselvl2($table_name, $permission, $partner, $method) { + // API name converter to table + $table = [ + "pricelist" => "pls.accounthierarchy", + "communications" => "salesID", + "partners" => "salesID", + "discounts" => "d.accounthierarchy", + "invoice" => "inv.accounthierarchy", + "attributes" => "pat.accounthierarchy", + "config" => "pc.accounthierarchy", + "software" => "p.accounthierarchy", + "transactions" => "tx.accounthierarchy", + "dealers" => "d.accounthierarchy", + "categories" => "c.accounthierarchy", + "products_software_licenses" => "l.accounthierarchy" + ]; - //api_name converter to table - $table =[ - "pricelist" => "pls.accounthierarchy", - "communications" => "salesID", - "partners" => "salesID", - "discounts" => "d.accounthierarchy", - "invoice" => "inv.accounthierarchy", - "attributes" => "pat.accounthierarchy", - "config" => "pc.accounthierarchy", - "software" => "p.accounthierarchy", - "transactions" => "tx.accounthierarchy", - "dealers" => "d.accounthierarchy", - "categories" => "c.accounthierarchy", - "products_software_licenses" => "l.accounthierarchy" - ]; + $table = ($table_name != '') ? $table[$table_name] : 'accounthierarchy'; + $type = ($method == 'get') ? 'WHERE ' : ' AND '; - $table = ($table_name != '') ? $table[$table_name] : 'accounthierarchy'; - $type = ($method == 'get') ? 'WHERE ' : ' AND '; - - //SoldTo is empty - if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';} + // If permission is 4, grant full access (admin+) + if ($permission == '4' || $permission === 4) { + return array('', ''); + } - //default whereclause - $whereclause = ''; + // Determine hierarchy level (lvl2 only uses salesid and soldto) + $hierarchy_level = getHierarchyLevelLvl2($partner); + + // Build condition based on hierarchy level + $condition = buildHierarchyConditionLvl2($partner, $hierarchy_level); + + // Build whereclause + $whereclause = ($condition != '') ? $type . $table . ' LIKE "' . $condition . '"' : ''; - switch ($permission) { - case '4': - $whereclause = ''; - $condition = ''; - break; - case '3': - $condition = '__salesid___'.$partner->salesid.'___soldto___%'; - $whereclause = $type.$table.' like "'.$condition.'" '; - break; - default: - $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search; - $whereclause = $type.$table.' like "'.$condition.'"'; - break; -} - - return array($whereclause,$condition); + return array($whereclause, $condition); } +// Helper function to determine hierarchy level for full hierarchy (4 levels) +function getHierarchyLevel($partner) { + // Level 4: All fields filled (salesid, soldto, shipto, location) + if (!empty($partner->salesid) && !empty($partner->soldto) && + !empty($partner->shipto) && !empty($partner->location)) { + return 4; + } + // Level 3: salesid, soldto, shipto filled (location empty) + if (!empty($partner->salesid) && !empty($partner->soldto) && + !empty($partner->shipto) && empty($partner->location)) { + return 3; + } + // Level 2: salesid, soldto filled (shipto and location empty) + if (!empty($partner->salesid) && !empty($partner->soldto) && + empty($partner->shipto) && empty($partner->location)) { + return 2; + } + // Level 1: Only salesid filled + if (!empty($partner->salesid) && empty($partner->soldto)) { + return 1; + } + // Level 0: No restrictions (all access) + return 0; +} + +// Helper function to determine hierarchy level for lvl2 (2 levels only) +function getHierarchyLevelLvl2($partner) { + // Level 2: salesid and soldto filled + if (!empty($partner->salesid) && !empty($partner->soldto)) { + return 2; + } + // Level 1: Only salesid filled + if (!empty($partner->salesid) && empty($partner->soldto)) { + return 1; + } + // Level 0: No restrictions (all access) + return 0; +} + +// Helper function to build condition string for full hierarchy +function buildHierarchyCondition($partner, $level) { + $condition = ''; + + switch ($level) { + case 4: // Exact match on all 4 levels + $condition = '__salesid___' . $partner->salesid . + '___soldto___' . substr($partner->soldto, 0, strpos($partner->soldto, "-")) . '-' . + substr($partner->soldto, strpos($partner->soldto, "-") + 1) . + '___shipto___' . substr($partner->shipto, 0, strpos($partner->shipto, "-")) . '-' . + substr($partner->shipto, strpos($partner->shipto, "-") + 1) . + '___location___' . substr($partner->location, 0, strpos($partner->location, "-")) . '-' . + substr($partner->location, strpos($partner->location, "-") + 1) . '%'; + break; + + case 3: // Match salesid, soldto, shipto - all locations under this shipto + $condition = '__salesid___' . $partner->salesid . + '___soldto___' . substr($partner->soldto, 0, strpos($partner->soldto, "-")) . '-' . + substr($partner->soldto, strpos($partner->soldto, "-") + 1) . + '___shipto___' . substr($partner->shipto, 0, strpos($partner->shipto, "-")) . '-%'; + break; + + case 2: // Match salesid, soldto - all shiptos and locations under this soldto + $condition = '__salesid___' . $partner->salesid . + '___soldto___' . substr($partner->soldto, 0, strpos($partner->soldto, "-")) . '-%'; + break; + + case 1: // Match salesid only - all soldtos, shiptos, and locations under this salesid + $condition = '__salesid___' . $partner->salesid . '___soldto___%'; + break; + + case 0: // No restrictions + $condition = ''; + break; + } + + return $condition; +} + +// Helper function to build condition string for lvl2 +function buildHierarchyConditionLvl2($partner, $level) { + $condition = ''; + + switch ($level) { + case 2: // Match salesid and soldto + $condition = '__salesid___' . $partner->salesid . + '___soldto___' . substr($partner->soldto, 0, strpos($partner->soldto, "-")) . '-%'; + break; + + case 1: // Match salesid only + $condition = '__salesid___' . $partner->salesid . '___soldto___%'; + break; + + case 0: // No restrictions + $condition = ''; + break; + } + + return $condition; +} + + //+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ //get user profile||$profile=settings, $permision = userright() //+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ @@ -1648,6 +1726,7 @@ function getProfile($profile, $permission){ $always_allowed = [ 'com_log' => 'CRU', 'application' => 'CRU', + 'user_role_assignments' => 'R', 'user_permissions' => 'R', 'software_update' => 'R', 'software_download' => 'R', @@ -1662,10 +1741,19 @@ function getProfile($profile, $permission){ return 1; } - // 2. Check always_allowed list - if (isset($always_allowed[$access_element]) && str_contains($always_allowed[$access_element], $action)) { - - return 1; + // 2. Check always_allowed list (supports multi-action like 'RU') + if (isset($always_allowed[$access_element])) { + $actions = str_split($action); + $all_in_allowed = true; + foreach ($actions as $single_action) { + if (!str_contains($always_allowed[$access_element], $single_action)) { + $all_in_allowed = false; + break; + } + } + if ($all_in_allowed) { + return 1; + } } // 3. Check RBAC permissions array (from getUserPermissions()) @@ -1680,10 +1768,20 @@ function getProfile($profile, $permission){ 'D' => 'can_delete' ]; - $permission_key = $action_map[$action] ?? null; + // Check each action in the string (supports 'R', 'RU', 'CRUD', etc.) + $actions = str_split($action); + $all_allowed = true; - if ($permission_key && isset($element_permissions[$permission_key]) && $element_permissions[$permission_key] == 1) { - + foreach ($actions as $single_action) { + $permission_key = $action_map[$single_action] ?? null; + + if (!$permission_key || !isset($element_permissions[$permission_key]) || $element_permissions[$permission_key] != 1) { + $all_allowed = false; + break; + } + } + + if ($all_allowed) { return 1; } diff --git a/cartests.php b/cartests.php index 8fb8062..eb2a160 100644 --- a/cartests.php +++ b/cartests.php @@ -112,7 +112,7 @@ $view .= ' '.$general_filters_clear.''; //SHOW DOWNLOAD TO EXCELL OPTION ONLY TO ADMIN USERS -if ($_SESSION['authorization']['permission'] == 3 || $_SESSION['authorization']['permission'] == 4){ +if (isAllowed('cartests',$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'D') === 0){ $view .= ' Download '; diff --git a/equipments.php b/equipments.php index ce10695..0d1e811 100644 --- a/equipments.php +++ b/equipments.php @@ -192,7 +192,7 @@ $view .= ' X'; //SHOW DOWNLOAD TO EXCELL OPTION ONLY TO ADMIN USERS -if ($_SESSION['authorization']['permission'] == 3 || $_SESSION['authorization']['permission'] == 4){ +if (isAllowed('equipments',$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'CRU') === 0){ $view .= ' '; diff --git a/report_healthindex.php b/report_healthindex.php index 2f6d47f..50c5b82 100644 --- a/report_healthindex.php +++ b/report_healthindex.php @@ -135,7 +135,7 @@ $view .= ' '; //SHOW DOWNLOAD TO EXCELL OPTION ONLY TO ADMIN USERS -if ($_SESSION['authorization']['permission'] == 3 || $_SESSION['authorization']['permission'] == 4){ +if (isAllowed('report_healthindex',$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'CRU') === 0){ $view .='
'; diff --git a/rmas.php b/rmas.php index 18bb132..3513b04 100644 --- a/rmas.php +++ b/rmas.php @@ -113,7 +113,7 @@ $view .= ' '.$general_filters_clear.''; //SHOW DOWNLOAD TO EXCELL OPTION ONLY TO ADMIN USERS -if ($_SESSION['authorization']['permission'] == 3 || $_SESSION['authorization']['permission'] == 4){ +if (isAllowed('rmas',$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'CRU') === 0){ $view .= ' Download '; diff --git a/softwaretool.php b/softwaretool.php index e1251d9..0a23dab 100644 --- a/softwaretool.php +++ b/softwaretool.php @@ -124,16 +124,19 @@ if ($payment_return && $payment_return_status) { $payment_modal = ' '; + + '; } else if ($transaction['payment_status'] == 0 || $transaction['payment_status'] == 101) { // Payment pending $payment_modal = ' @@ -362,6 +365,132 @@ echo ' } }; + // Automatically trigger installation after successful payment + window.triggerAutoInstallAfterPayment = async function() { + if (typeof window.PAYMENT_SUCCESS_ORDER_ID === \'undefined\') { + return; // Not a payment success return + } + + const orderId = window.PAYMENT_SUCCESS_ORDER_ID; + console.log("Payment success detected for order:", orderId); + + try { + // Step 1: Connect to device and read serial number, version, hardware + console.log("Step 1: Connecting to device and reading information..."); + await connectDeviceForSoftware(); + + // Wait for device reading to complete + await new Promise(resolve => setTimeout(resolve, 2000)); + + // Step 2: Verify device is connected and serial number is read + if (!deviceSerialNumber) { + throw new Error("Device not connected or serial number not read. Please ensure your device is connected."); + } + + console.log("Device connected - SN:", deviceSerialNumber, "Version:", deviceVersion, "HW:", deviceHwVersion); + + // Step 3: Fetch payment details to get the purchased version_id + console.log("Step 2: Fetching payment details..."); + const serviceToken = document.getElementById("servicetoken")?.innerHTML || \'\'; + + const paymentResponse = await fetch(link + `/v2/payment?payment_id=${orderId}`, { + method: "GET", + headers: { + "Authorization": "Bearer " + serviceToken + } + }); + + if (!paymentResponse.ok) { + throw new Error("Could not verify payment details"); + } + + const paymentData = await paymentResponse.json(); + console.log("Payment data:", paymentData); + + const purchasedVersionId = paymentData.version_id; + if (!purchasedVersionId) { + throw new Error("No version_id found in payment data"); + } + + console.log("Purchased version_id:", purchasedVersionId); + + // Step 4: Call software_update API to get available options + // After payment, the purchased version should now be free (price = 0) + console.log("Step 3: Fetching software options from software_update..."); + const updateUrl = link + "/v2/software_update/sn=" + deviceSerialNumber + + (deviceVersion ? "&version=" + deviceVersion : "") + + (deviceHwVersion ? "&hw_version=" + deviceHwVersion : ""); + + const updateResponse = await fetch(updateUrl, { + method: "GET", + headers: { + "Authorization": "Bearer " + serviceToken, + "Content-Type": "application/json" + } + }); + + const options = await updateResponse.json(); + console.log("Software options received:", options); + + if (options.error || !options || options.length === 0) { + throw new Error("No software updates available for this device"); + } + + // Step 5: Find the purchased version by matching version_id + // After payment, it should be returned with price = 0 (free/licensed) + const selectedOption = options.find(opt => opt.version_id === purchasedVersionId); + + if (!selectedOption) { + throw new Error(`Purchased version (ID: ${purchasedVersionId}) not found in available options. Please try manually.`); + } + + // Verify it has a download source + if (!selectedOption.source) { + throw new Error("Selected software option has no download link"); + } + + console.log("Found purchased version:", selectedOption); + console.log("Version price:", selectedOption.price, "(should be 0 after license activation)"); + await logCommunication(`Auto-install: Starting installation of ${selectedOption.name} v${selectedOption.version} (version_id: ${purchasedVersionId})`, \'sent\'); + + // Step 6: Start automatic installation + console.log("Step 4: Starting installation..."); + await downloadAndInstallSoftware(selectedOption); + + // Close the payment modal after starting installation + setTimeout(() => { + closePaymentModal(); + }, 2000); + + } catch (error) { + console.error("Auto-installation failed:", error); + await logCommunication(`Auto-installation error: ${error.message}`, \'error\'); + + // Update modal to show error with actionable message + const modal = document.getElementById("paymentModal"); + if (modal) { + const modalContent = modal.querySelector(\'.modal-content > div\'); + if (modalContent) { + modalContent.innerHTML = ` + +

Auto-Installation Failed

+

${error.message}

+

Please close this popup and manually connect your device to install the software.

+ + `; + } + } + } + }; + + // Trigger auto-install when payment success is detected + if (typeof window.PAYMENT_SUCCESS_ORDER_ID !== \'undefined\') { + // Wait for page to fully load and JavaScript to initialize, then trigger + setTimeout(() => { + triggerAutoInstallAfterPayment(); + }, 2000); + } + // Close modal on background click document.addEventListener("click", function(e) { const helpModal = document.getElementById("helpModal"); diff --git a/translation_manage.php b/translation_manage.php index 2cb4d47..4bcb0b3 100644 --- a/translation_manage.php +++ b/translation_manage.php @@ -66,7 +66,7 @@ if (isset($_GET['rowID'])) { if ($responses === 'NOK'){ } else { - if ($_SESSION['authorization']['permission'] == 4){ + if (isAllowed('translations',$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'CRUD') === 0){ generateLanguageFile($_POST['language_key'],$_SESSION['authorization']['userkey']); } header('Location: index.php?page=translation_manage&rowID='.$_GET['rowID'].''); @@ -99,7 +99,7 @@ if (isset($_GET['rowID'])) { if ($NOK_error == 0){ //NO errors generatelanguagefile - if ($_SESSION['authorization']['permission'] == 4){ + if (isAllowed('translations',$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'CRUD') === 0){ generateLanguageFile($attr_language,$_SESSION['authorization']['userkey']); } } diff --git a/user.php b/user.php index c36c70e..65b1504 100644 --- a/user.php +++ b/user.php @@ -411,7 +411,7 @@ $view .= ''; // Close content-block $view .= ''; // Close content-block-wrapper // Permissions Block -$view .= '
+$view .= '