pcwvanbeers/assetmgt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Refactor permission checks across multiple files to utilize isAllowed function for better access control management. Updated hierarchy level checks in account, contracts, equipments, partners, users, and API endpoints to streamline permission validation. Enhanced download options visibility based on user permissions in various reports and management pages. Improved modal behavior and auto-installation process in software tool after payment success. Added new helper functions for building dynamic where clauses based on user hierarchy levels.

Browse Source
This commit is contained in:
“VeLiTi”
2026-01-28 14:32:49 +01:00
parent f7733b4113
commit 9e5f5581be
20 changed files with 360 additions and 133 deletions
Download Patch File Download Diff File Expand all files Collapse all files

BIN
.DS_Store vendored
View File

Binary file not shown.

4
account.php
View File

@@ -239,13 +239,13 @@ $soldto_id = explode("-",$account_hierarchy->soldto) ?? '';
//DISPLAY RELATED COMMUNICATION RECORDS
$view_communication = '';
if ($_SESSION['authorization']['permission'] == 3 || $_SESSION['authorization']['permission'] == 4){
if (isAllowed('communications',$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 0){
$view_communication = ' <a href="index.php?page=communications&partnerid='.$soldto_id[0].'" class="btn">'.$button_partner_assigned_communication.'</a>';
}
//DISPLAY RELATED USERS
$view_users ='';
if ($_SESSION['authorization']['permission'] == 3 || $_SESSION['authorization']['permission'] == 4){
if (isAllowed('users',$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 0){
$view_users = ' <a href="index.php?page=users&partnerid='.$soldto_id[0].'" class="btn">'.$button_partner_assigned_users.'</a>';
}

2
api/v1/post/accounts.php
View File

@@ -40,7 +40,7 @@ if ($id != ''){
$salesid_new = (($post_content['salesid'] != '' && $post_content['salesid'] != $accounthierarchy_old->salesid)? $post_content['salesid'] : $accounthierarchy_old->salesid);
$soldto_new = (($post_content['soldto'] != '' && $post_content['soldto'] != $accounthierarchy_old->soldto)? $post_content['soldto'] : $accounthierarchy_old->soldto);
if ($permission == 3 || $permission == 4){
if (getHierarchyLevel($partner) == 1 || getHierarchyLevel($partner) == 0){
//ADMIN ONLY ARE ALLOWED TO CHANGE SALES AND SOLD
$account = array(
"salesid"=>$salesid_new,

10
api/v1/post/contracts.php
View File

@@ -58,7 +58,7 @@ if ($id != ''){
$shipto_new = (($post_content['shipto'] != '' && $post_content['shipto'] != $contract_old->shipto)? $post_content['shipto'] : $contract_old->shipto);
$location_new = (($post_content['location'] != '' && $post_content['location'] != $contract_old->location)? $post_content['location'] : $contract_old->location);
if ($permission == 4){
if (getHierarchyLevel($partner) == 0){
//ADMIN+ ONLY ARE ALLOWED TO CHANGE SALES AND SOLD
$account = array(
"salesid"=>$salesid_new,
@@ -67,7 +67,7 @@ if ($id != ''){
"location"=>$location_new
);
}
elseif ($permission == 3) {
elseif (getHierarchyLevel($partner) == 1) {
//ADMIN ONLY ARE ALLOWED TO CHANGE SOLD
$account = array(
"salesid"=>$contract_old->salesid,
@@ -120,7 +120,7 @@ if ($id != ''){
}
else {
//ID is empty => INSERT / NEW RECORD
if ($permission == 4){
if (getHierarchyLevel($partner) == 0){
$account = array(
"salesid"=>$post_content['salesid'],
"soldto"=>$post_content['soldto'],
@@ -128,7 +128,7 @@ else {
"location"=>$post_content['location']
);
}
elseif ($permission == 3){
elseif (getHierarchyLevel($partner) == 1){
$account = array(
"salesid"=>$partner->salesid,
"soldto"=>$post_content['soldto'],
@@ -160,7 +160,7 @@ if (isset($post_content['servicetool'])){
if (isset($post_content['ignore_list'])){
$post_content['ignore_list'] = json_encode($post_content['ignore_list'], JSON_UNESCAPED_UNICODE);
//ONLY ADMINS ARE ALLOWED TO UPDATE IGNORE LIST
if ($permission != 3 && $permission != 4){
if (getHierarchyLevel($partner) != 1 && getHierarchyLevel($partner) != 0){
unset($post_content['ignore_list']);
}
}

8
api/v1/post/equipments.php
View File

@@ -47,7 +47,7 @@ if ($id != ''){
$owner_equipment = (($equipment_data['createdby'] == $username)? 1 : 0);
if ($permission == 4){
if (getHierarchyLevel($partner) == 0){
//ADMIN+ ONLY ARE ALLOWED TO CHANGE SALES AND SOLD
$account = array(
"salesid"=>$salesid_new,
@@ -57,7 +57,7 @@ if ($id != ''){
"section"=>$section_new
);
}
elseif ($permission == 3) {
elseif (getHierarchyLevel($partner) == 1) {
//ADMIN ONLY ARE ALLOWED TO CHANGE SOLD
$account = array(
"salesid"=>$equipment_old->salesid,
@@ -79,7 +79,7 @@ if ($id != ''){
}
else {
//ID is empty => INSERT / NEW RECORD
if ($permission == 4){
if (getHierarchyLevel($partner) == 0){
$account = array(
"salesid"=>$post_content['salesid'],
"soldto"=>$post_content['soldto'],
@@ -89,7 +89,7 @@ else {
);
}
elseif ($permission == 3){
elseif (getHierarchyLevel($partner) == 1){
$account = array(
"salesid"=>$partner->salesid,
"soldto"=>$post_content['soldto'],

4
api/v1/post/partners.php
View File

@@ -41,7 +41,7 @@ if ($id != ''){
$salesid_new = (($post_content['salesid'] != '' && $post_content['salesid'] != $partnerhierarchy_old->salesid)? $post_content['salesid'] : $partnerhierarchy_old->salesid);
$soldto_new = (($post_content['soldto'] != '' && $post_content['soldto'] != $partnerhierarchy_old->soldto)? $post_content['soldto'] : $partnerhierarchy_old->soldto);
if ($permission == 3 || $permission == 4){
if (getHierarchyLevel($partner) == 1 || getHierarchyLevel($partner) == 0){
//ADMIN ONLY ARE ALLOWED TO CHANGE SALES AND SOLD
$account = array(
"salesid"=>$salesid_new,
@@ -56,7 +56,7 @@ if ($id != ''){
}
else {
//ID is empty => INSERT / NEW RECORD
if ($permission == 3 || $permission == 4){
if (getHierarchyLevel($partner) == 1 || getHierarchyLevel($partner) == 0){
//ADMIN ONLY ARE ALLOWED TO CHANGE SALES AND SOLD
$account = array(
"salesid"=>$partner->salesid,

8
api/v1/post/users.php
View File

@@ -50,7 +50,7 @@ $soldto_new = ((isset($post_content['soldto']) && $post_content['soldto'] != ''
$shipto_new = (($post_content['shipto'] != '' && $post_content['shipto'] != $partnerhierarchy_old->shipto)? $post_content['shipto'] : $partnerhierarchy_old->shipto);
$location_new = (($post_content['location'] != '' && $post_content['location'] != $partnerhierarchy_old->location)? $post_content['location'] : $partnerhierarchy_old->location);
if ($permission == 4){
if (getHierarchyLevel($partner) == 0){
//ADMIN+ ONLY ARE ALLOWED TO CHANGE SALES AND SOLD
$account = array(
"salesid"=>$salesid_new,
@@ -58,7 +58,7 @@ $location_new = (($post_content['location'] != '' && $post_content['location'] !
"shipto"=>$shipto_new,
"location"=>$location_new
);
}elseif ($permission == 3) {
}elseif (getHierarchyLevel($partner) == 1) {
//ADMIN ONLY ARE ALLOWED TO CHANGE SOLD
$account = array(
"salesid"=>$partner->salesid,
@@ -77,7 +77,7 @@ $location_new = (($post_content['location'] != '' && $post_content['location'] !
}
} elseif ($command == 'insert') {
//ID is empty => INSERT / NEW RECORD
if ($permission == 4){
if (getHierarchyLevel($partner) == 0){
//ADMIN+ ONLY ARE ALLOWED TO CHANGE SALES AND SOLD
$account = array(
"salesid"=>$post_content['salesid'],
@@ -86,7 +86,7 @@ $location_new = (($post_content['location'] != '' && $post_content['location'] !
"location"=>$post_content['location']
);
}
elseif ($permission == 3){
elseif (getHierarchyLevel($partner) == 1){
//ADMIN ONLY ARE ALLOWED TO CHANGE SOLD
$account = array(
"salesid"=>$partner->salesid,

2
api/v2/post/accounts.php
View File

@@ -38,7 +38,7 @@ if ($id != ''){
$salesid_new = ((isset($post_content['salesid']) && $post_content['salesid'] != '' && $post_content['salesid'] != $accounthierarchy_old->salesid)? $post_content['salesid'] : $accounthierarchy_old->salesid);
$soldto_new = ((isset($post_content['soldto']) && $post_content['soldto'] != '' && $post_content['soldto'] != $accounthierarchy_old->soldto)? $post_content['soldto'] : $accounthierarchy_old->soldto);
if ($permission == 3 || $permission == 4){
if (getHierarchyLevel($partner) == 1 || getHierarchyLevel($partner) == 0){
//ADMIN ONLY ARE ALLOWED TO CHANGE SALES AND SOLD
$account = array(
"salesid"=>$salesid_new,

10
api/v2/post/contracts.php
View File

@@ -58,7 +58,7 @@ if ($id != ''){
$shipto_new = ((isset($post_content['shipto']) && $post_content['shipto'] != '' && $post_content['shipto'] != $contract_old->shipto)? $post_content['shipto'] : $contract_old->shipto);
$location_new = ((isset($post_content['location']) && $post_content['location'] != '' && $post_content['location'] != $contract_old->location)? $post_content['location'] : $contract_old->location);
if ($permission == 4){
if (getHierarchyLevel($partner) == 0){
//ADMIN+ ONLY ARE ALLOWED TO CHANGE SALES AND SOLD
$account = array(
"salesid"=>$salesid_new,
@@ -67,7 +67,7 @@ if ($id != ''){
"location"=>$location_new
);
}
elseif ($permission == 3) {
elseif (getHierarchyLevel($partner) == 1) {
//ADMIN ONLY ARE ALLOWED TO CHANGE SOLD
$account = array(
"salesid"=>$contract_old->salesid,
@@ -120,7 +120,7 @@ if ($id != ''){
}
else {
//ID is empty => INSERT / NEW RECORD
if ($permission == 4){
if (getHierarchyLevel($partner) == 0){
$account = array(
"salesid"=>$post_content['salesid'],
"soldto"=>$post_content['soldto'],
@@ -128,7 +128,7 @@ else {
"location"=>$post_content['location']
);
}
elseif ($permission == 3){
elseif (getHierarchyLevel($partner) == 1){
$account = array(
"salesid"=>$partner->salesid,
"soldto"=>$post_content['soldto'],
@@ -161,7 +161,7 @@ if (isset($post_content['ignore_list'])){
$post_content['ignore_list'] = json_encode($post_content['ignore_list'], JSON_UNESCAPED_UNICODE);
//ONLY ADMINS ARE ALLOWED TO UPDATE IGNORE LIST
if ($permission != 3 && $permission != 4){
if (getHierarchyLevel($partner) != 1 && getHierarchyLevel($partner) != 0){
unset($post_content['ignore_list']);
}
}

8
api/v2/post/equipments.php
View File

@@ -47,7 +47,7 @@ if ($id != ''){
$owner_equipment = (($equipment_data['createdby'] == $username)? 1 : 0);
if ($permission == 4){
if (getHierarchyLevel($partner) == 0){
//ADMIN+ ONLY ARE ALLOWED TO CHANGE SALES AND SOLD
$account = array(
"salesid"=>$salesid_new,
@@ -57,7 +57,7 @@ if ($id != ''){
"section"=>$section_new
);
}
elseif ($permission == 3) {
elseif (getHierarchyLevel($partner) == 1) {
//ADMIN ONLY ARE ALLOWED TO CHANGE SOLD
$account = array(
"salesid"=>$equipment_old->salesid,
@@ -79,7 +79,7 @@ if ($id != ''){
}
else {
//ID is empty => INSERT / NEW RECORD
if ($permission == 4){
if (getHierarchyLevel($partner) == 0){
$account = array(
"salesid"=>$post_content['salesid'],
"soldto"=>$post_content['soldto'],
@@ -89,7 +89,7 @@ else {
);
}
elseif ($permission == 3){
elseif (getHierarchyLevel($partner) == 1){
$account = array(
"salesid"=>$partner->salesid,
"soldto"=>$post_content['soldto'],

8
api/v2/post/users.php
View File

@@ -50,7 +50,7 @@ $soldto_new = (array_key_exists('soldto', $post_content)) ? $post_content['soldt
$shipto_new = (array_key_exists('shipto', $post_content)) ? $post_content['shipto'] : ($partnerhierarchy_old->shipto ?? '');
$location_new = (array_key_exists('location', $post_content)) ? $post_content['location'] : ($partnerhierarchy_old->location ?? '');
if ($permission == 4){
if (getHierarchyLevel($partner) == 0){
//ADMIN+ ONLY ARE ALLOWED TO CHANGE SALES AND SOLD
$account = array(
"salesid"=>$salesid_new,
@@ -58,7 +58,7 @@ $location_new = (array_key_exists('location', $post_content)) ? $post_content['l
"shipto"=>$shipto_new,
"location"=>$location_new
);
}elseif ($permission == 3) {
}elseif (getHierarchyLevel($partner) == 1) {
//ADMIN ONLY ARE ALLOWED TO CHANGE SOLD
$account = array(
"salesid"=>$partner->salesid,
@@ -77,7 +77,7 @@ $location_new = (array_key_exists('location', $post_content)) ? $post_content['l
}
} elseif ($command == 'insert') {
//ID is empty => INSERT / NEW RECORD
if ($permission == 4){
if (getHierarchyLevel($partner) == 0){
//ADMIN+ ONLY ARE ALLOWED TO CHANGE SALES AND SOLD
$account = array(
"salesid"=>$post_content['salesid'],
@@ -86,7 +86,7 @@ $location_new = (array_key_exists('location', $post_content)) ? $post_content['l
"location"=>$post_content['location']
);
}
elseif ($permission == 3){
elseif (getHierarchyLevel($partner) == 1){
//ADMIN ONLY ARE ALLOWED TO CHANGE SOLD
$account = array(
"salesid"=>$partner->salesid,

BIN
assets/.DS_Store vendored
View File

Binary file not shown.

276
assets/functions.php
View File

@@ -1507,101 +1507,179 @@ function ioAPIv2_FileUpload($api_call, $fileData, $additionalData = [], $token =
}
//------------------------------------------
// DEFINE WHERECLAUSE BASED ON ACCOUNTHIERARCHY ALL
// DEFINE WHERECLAUSE BASED ON ACCOUNTHIERARCHY
//------------------------------------------
function getWhereclause($table_name, $permission, $partner, $method) {
// API name converter to table
$table = [
"equipment" => "e.accounthierarchy",
"products" => "p.accounthierarchy",
"profile" => "partnerhierarchy",
"text_variables" => "tv.accounthierarchy",
"products_attributes_items" => "pat.accounthierarchy",
"products_attributes_groups" => "pag.accounthierarchy",
"pricelists" => "pls.accounthierarchy",
"pricelists_items" => "pli.accounthierarchy"
];
function getWhereclause($table_name,$permission,$partner,$method){
$table = ($table_name != '') ? $table[$table_name] : 'accounthierarchy';
$type = ($method == 'get') ? 'WHERE ' : ' AND ';
//api_name converter to table
$table =[
"equipment" => "e.accounthierarchy",
"products" => "p.accounthierarchy",
"profile" => "partnerhierarchy",
"text_variables" => "tv.accounthierarchy",
"products_attributes_items" => "pat.accounthierarchy",
"products_attributes_groups" => "pag.accounthierarchy",
"pricelists" => "pls.accounthierarchy",
"pricelists_items" => "pli.accounthierarchy"
];
// If permission is 4, grant full access (admin+)
if ($permission == '4' || $permission === 4) {
return array('', '');
}
$table = ($table_name != '') ? $table[$table_name] : 'accounthierarchy';
$type = ($method == 'get') ? 'WHERE ' : ' AND ';
//SoldTo is empty
if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
// Determine hierarchy level based on which fields are filled
$hierarchy_level = getHierarchyLevel($partner);
// Build condition based on hierarchy level
$condition = buildHierarchyCondition($partner, $hierarchy_level);
// Build whereclause
$whereclause = ($condition != '') ? $type . $table . ' LIKE "' . $condition . '"' : '';
//default whereclause
$whereclause = '';
switch ($permission) {
case '4':
$whereclause = '';
$condition = '';
break;
case '3':
$condition = '__salesid___'.$partner->salesid.'___soldto___%';
$whereclause = $type.$table.' like "'.$condition.'"';
break;
case '2':
$condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
$whereclause = $type.$table.' like "'.$condition.'"';
break;
default:
$condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search.'___shipto___'.substr($partner->shipto, 0, strpos($partner->shipto, "-")).'%___location___'.substr($partner->location, 0, strpos($partner->location, "-")).'%';
$whereclause = $type.$table.' like "'.$condition.'"';
break;
}
return array($whereclause,$condition);
return array($whereclause, $condition);
}
//------------------------------------------
// DEFINE WHERECLAUSE BASED ON ACCOUNTHIERARCHY SALES AND SOLD
//------------------------------------------
function getWhereclauselvl2($table_name,$permission,$partner,$method){
function getWhereclauselvl2($table_name, $permission, $partner, $method) {
// API name converter to table
$table = [
"pricelist" => "pls.accounthierarchy",
"communications" => "salesID",
"partners" => "salesID",
"discounts" => "d.accounthierarchy",
"invoice" => "inv.accounthierarchy",
"attributes" => "pat.accounthierarchy",
"config" => "pc.accounthierarchy",
"software" => "p.accounthierarchy",
"transactions" => "tx.accounthierarchy",
"dealers" => "d.accounthierarchy",
"categories" => "c.accounthierarchy",
"products_software_licenses" => "l.accounthierarchy"
];
//api_name converter to table
$table =[
"pricelist" => "pls.accounthierarchy",
"communications" => "salesID",
"partners" => "salesID",
"discounts" => "d.accounthierarchy",
"invoice" => "inv.accounthierarchy",
"attributes" => "pat.accounthierarchy",
"config" => "pc.accounthierarchy",
"software" => "p.accounthierarchy",
"transactions" => "tx.accounthierarchy",
"dealers" => "d.accounthierarchy",
"categories" => "c.accounthierarchy",
"products_software_licenses" => "l.accounthierarchy"
];
$table = ($table_name != '') ? $table[$table_name] : 'accounthierarchy';
$type = ($method == 'get') ? 'WHERE ' : ' AND ';
$table = ($table_name != '') ? $table[$table_name] : 'accounthierarchy';
$type = ($method == 'get') ? 'WHERE ' : ' AND ';
//SoldTo is empty
if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
// If permission is 4, grant full access (admin+)
if ($permission == '4' || $permission === 4) {
return array('', '');
}
//default whereclause
$whereclause = '';
// Determine hierarchy level (lvl2 only uses salesid and soldto)
$hierarchy_level = getHierarchyLevelLvl2($partner);
// Build condition based on hierarchy level
$condition = buildHierarchyConditionLvl2($partner, $hierarchy_level);
// Build whereclause
$whereclause = ($condition != '') ? $type . $table . ' LIKE "' . $condition . '"' : '';
switch ($permission) {
case '4':
$whereclause = '';
$condition = '';
break;
case '3':
$condition = '__salesid___'.$partner->salesid.'___soldto___%';
$whereclause = $type.$table.' like "'.$condition.'" ';
break;
default:
$condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
$whereclause = $type.$table.' like "'.$condition.'"';
break;
}
return array($whereclause,$condition);
return array($whereclause, $condition);
}
// Helper function to determine hierarchy level for full hierarchy (4 levels)
function getHierarchyLevel($partner) {
// Level 4: All fields filled (salesid, soldto, shipto, location)
if (!empty($partner->salesid) && !empty($partner->soldto) &&
!empty($partner->shipto) && !empty($partner->location)) {
return 4;
}
// Level 3: salesid, soldto, shipto filled (location empty)
if (!empty($partner->salesid) && !empty($partner->soldto) &&
!empty($partner->shipto) && empty($partner->location)) {
return 3;
}
// Level 2: salesid, soldto filled (shipto and location empty)
if (!empty($partner->salesid) && !empty($partner->soldto) &&
empty($partner->shipto) && empty($partner->location)) {
return 2;
}
// Level 1: Only salesid filled
if (!empty($partner->salesid) && empty($partner->soldto)) {
return 1;
}
// Level 0: No restrictions (all access)
return 0;
}
// Helper function to determine hierarchy level for lvl2 (2 levels only)
function getHierarchyLevelLvl2($partner) {
// Level 2: salesid and soldto filled
if (!empty($partner->salesid) && !empty($partner->soldto)) {
return 2;
}
// Level 1: Only salesid filled
if (!empty($partner->salesid) && empty($partner->soldto)) {
return 1;
}
// Level 0: No restrictions (all access)
return 0;
}
// Helper function to build condition string for full hierarchy
function buildHierarchyCondition($partner, $level) {
$condition = '';
switch ($level) {
case 4: // Exact match on all 4 levels
$condition = '__salesid___' . $partner->salesid .
'___soldto___' . substr($partner->soldto, 0, strpos($partner->soldto, "-")) . '-' .
substr($partner->soldto, strpos($partner->soldto, "-") + 1) .
'___shipto___' . substr($partner->shipto, 0, strpos($partner->shipto, "-")) . '-' .
substr($partner->shipto, strpos($partner->shipto, "-") + 1) .
'___location___' . substr($partner->location, 0, strpos($partner->location, "-")) . '-' .
substr($partner->location, strpos($partner->location, "-") + 1) . '%';
break;
case 3: // Match salesid, soldto, shipto - all locations under this shipto
$condition = '__salesid___' . $partner->salesid .
'___soldto___' . substr($partner->soldto, 0, strpos($partner->soldto, "-")) . '-' .
substr($partner->soldto, strpos($partner->soldto, "-") + 1) .
'___shipto___' . substr($partner->shipto, 0, strpos($partner->shipto, "-")) . '-%';
break;
case 2: // Match salesid, soldto - all shiptos and locations under this soldto
$condition = '__salesid___' . $partner->salesid .
'___soldto___' . substr($partner->soldto, 0, strpos($partner->soldto, "-")) . '-%';
break;
case 1: // Match salesid only - all soldtos, shiptos, and locations under this salesid
$condition = '__salesid___' . $partner->salesid . '___soldto___%';
break;
case 0: // No restrictions
$condition = '';
break;
}
return $condition;
}
// Helper function to build condition string for lvl2
function buildHierarchyConditionLvl2($partner, $level) {
$condition = '';
switch ($level) {
case 2: // Match salesid and soldto
$condition = '__salesid___' . $partner->salesid .
'___soldto___' . substr($partner->soldto, 0, strpos($partner->soldto, "-")) . '-%';
break;
case 1: // Match salesid only
$condition = '__salesid___' . $partner->salesid . '___soldto___%';
break;
case 0: // No restrictions
$condition = '';
break;
}
return $condition;
}
//+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
//get user profile||$profile=settings, $permision = userright()
//+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
@@ -1648,6 +1726,7 @@ function getProfile($profile, $permission){
$always_allowed = [
'com_log' => 'CRU',
'application' => 'CRU',
'user_role_assignments' => 'R',
'user_permissions' => 'R',
'software_update' => 'R',
'software_download' => 'R',
@@ -1662,10 +1741,19 @@ function getProfile($profile, $permission){
return 1;
}
// 2. Check always_allowed list
if (isset($always_allowed[$access_element]) && str_contains($always_allowed[$access_element], $action)) {
return 1;
// 2. Check always_allowed list (supports multi-action like 'RU')
if (isset($always_allowed[$access_element])) {
$actions = str_split($action);
$all_in_allowed = true;
foreach ($actions as $single_action) {
if (!str_contains($always_allowed[$access_element], $single_action)) {
$all_in_allowed = false;
break;
}
}
if ($all_in_allowed) {
return 1;
}
}
// 3. Check RBAC permissions array (from getUserPermissions())
@@ -1680,10 +1768,20 @@ function getProfile($profile, $permission){
'D' => 'can_delete'
];
$permission_key = $action_map[$action] ?? null;
// Check each action in the string (supports 'R', 'RU', 'CRUD', etc.)
$actions = str_split($action);
$all_allowed = true;
if ($permission_key && isset($element_permissions[$permission_key]) && $element_permissions[$permission_key] == 1) {
foreach ($actions as $single_action) {
$permission_key = $action_map[$single_action] ?? null;
if (!$permission_key || !isset($element_permissions[$permission_key]) || $element_permissions[$permission_key] != 1) {
$all_allowed = false;
break;
}
}
if ($all_allowed) {
return 1;
}

2
cartests.php
View File

@@ -112,7 +112,7 @@ $view .= '
<a class="btn alt" href="index.php?page=cartests">'.$general_filters_clear.'</a>';
//SHOW DOWNLOAD TO EXCELL OPTION ONLY TO ADMIN USERS
if ($_SESSION['authorization']['permission'] == 3 || $_SESSION['authorization']['permission'] == 4){
if (isAllowed('cartests',$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'D') === 0){
$view .= '<a class="btn alt" href="index.php?page=cartests&download=">
<i class="fa-solid fa-download"></i> Download
</a>';

2
equipments.php
View File

@@ -192,7 +192,7 @@ $view .= '
<a class="btn alt" href="index.php?page=equipments">X</a>';
//SHOW DOWNLOAD TO EXCELL OPTION ONLY TO ADMIN USERS
if ($_SESSION['authorization']['permission'] == 3 || $_SESSION['authorization']['permission'] == 4){
if (isAllowed('equipments',$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'CRU') === 0){
$view .= '<a class="btn alt" href="index.php?page=equipments&download=">
<i class="fa-solid fa-download"></i>
</a>';

2
report_healthindex.php
View File

@@ -135,7 +135,7 @@ $view .= '
';
//SHOW DOWNLOAD TO EXCELL OPTION ONLY TO ADMIN USERS
if ($_SESSION['authorization']['permission'] == 3 || $_SESSION['authorization']['permission'] == 4){
if (isAllowed('report_healthindex',$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'CRU') === 0){
$view .='<div class="filters">
<a href="index.php?page=report_healthindex&download="><i class="fa-solid fa-download"></i></a>
</div>';

2
rmas.php
View File

@@ -113,7 +113,7 @@ $view .= '
<a class="btn alt" href="index.php?page=rmas">'.$general_filters_clear.'</a>';
//SHOW DOWNLOAD TO EXCELL OPTION ONLY TO ADMIN USERS
if ($_SESSION['authorization']['permission'] == 3 || $_SESSION['authorization']['permission'] == 4){
if (isAllowed('rmas',$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'CRU') === 0){
$view .= '<a class="btn alt" href="index.php?page=rmas&download=">
<i class="fa-solid fa-download"></i> Download
</a>';

139
softwaretool.php
View File

@@ -124,16 +124,19 @@ if ($payment_return && $payment_return_status) {
$payment_modal = '
<div id="paymentModal" class="modal" style="display: flex; position: fixed; top: 0; left: 0; width: 100%; height: 100%; background: rgba(0,0,0,0.5); z-index: 1000; align-items: center; justify-content: center;">
<div class="modal-content" style="background: white; border-radius: 12px; max-width: 500px; margin: 20px; box-shadow: 0 10px 40px rgba(0,0,0,0.3); position: relative;">
<span class="close" onclick="closePaymentModal()" style="position: absolute; top: 15px; right: 20px; font-size: 28px; font-weight: bold; color: #999; cursor: pointer;">&times;</span>
<div style="text-align: center; padding: 40px 30px;">
<i class="fa-solid fa-check-circle" style="font-size: 64px; color: #28a745; margin-bottom: 20px;"></i>
<i class="fa-solid fa-spinner fa-spin" style="font-size: 64px; color: #28a745; margin-bottom: 20px;"></i>
<h2 style="color: #155724; margin-bottom: 15px;">Payment Successful!</h2>
<p style="margin-bottom: 10px; color: #333;">Your payment has been processed. Please reconnect your device to apply the software upgrade.</p>
<p style="margin-bottom: 10px; color: #333;">Preparing your software installation...</p>
<p style="font-size: 12px; color: #666; margin-bottom: 25px;">Order ID: '.htmlspecialchars($payment_return).'</p>
<button onclick="closePaymentModal()" class="btn" style="padding: 12px 30px;">Continue</button>
<p style="font-size: 14px; color: #666;">Please keep your device connected</p>
</div>
</div>
</div>';
</div>
<script>
// Trigger automatic installation after payment success
window.PAYMENT_SUCCESS_ORDER_ID = "'.htmlspecialchars($payment_return).'";
</script>';
} else if ($transaction['payment_status'] == 0 || $transaction['payment_status'] == 101) {
// Payment pending
$payment_modal = '
@@ -362,6 +365,132 @@ echo '
}
};
// Automatically trigger installation after successful payment
window.triggerAutoInstallAfterPayment = async function() {
if (typeof window.PAYMENT_SUCCESS_ORDER_ID === \'undefined\') {
return; // Not a payment success return
}
const orderId = window.PAYMENT_SUCCESS_ORDER_ID;
console.log("Payment success detected for order:", orderId);
try {
// Step 1: Connect to device and read serial number, version, hardware
console.log("Step 1: Connecting to device and reading information...");
await connectDeviceForSoftware();
// Wait for device reading to complete
await new Promise(resolve => setTimeout(resolve, 2000));
// Step 2: Verify device is connected and serial number is read
if (!deviceSerialNumber) {
throw new Error("Device not connected or serial number not read. Please ensure your device is connected.");
}
console.log("Device connected - SN:", deviceSerialNumber, "Version:", deviceVersion, "HW:", deviceHwVersion);
// Step 3: Fetch payment details to get the purchased version_id
console.log("Step 2: Fetching payment details...");
const serviceToken = document.getElementById("servicetoken")?.innerHTML || \'\';
const paymentResponse = await fetch(link + `/v2/payment?payment_id=${orderId}`, {
method: "GET",
headers: {
"Authorization": "Bearer " + serviceToken
}
});
if (!paymentResponse.ok) {
throw new Error("Could not verify payment details");
}
const paymentData = await paymentResponse.json();
console.log("Payment data:", paymentData);
const purchasedVersionId = paymentData.version_id;
if (!purchasedVersionId) {
throw new Error("No version_id found in payment data");
}
console.log("Purchased version_id:", purchasedVersionId);
// Step 4: Call software_update API to get available options
// After payment, the purchased version should now be free (price = 0)
console.log("Step 3: Fetching software options from software_update...");
const updateUrl = link + "/v2/software_update/sn=" + deviceSerialNumber +
(deviceVersion ? "&version=" + deviceVersion : "") +
(deviceHwVersion ? "&hw_version=" + deviceHwVersion : "");
const updateResponse = await fetch(updateUrl, {
method: "GET",
headers: {
"Authorization": "Bearer " + serviceToken,
"Content-Type": "application/json"
}
});
const options = await updateResponse.json();
console.log("Software options received:", options);
if (options.error || !options || options.length === 0) {
throw new Error("No software updates available for this device");
}
// Step 5: Find the purchased version by matching version_id
// After payment, it should be returned with price = 0 (free/licensed)
const selectedOption = options.find(opt => opt.version_id === purchasedVersionId);
if (!selectedOption) {
throw new Error(`Purchased version (ID: ${purchasedVersionId}) not found in available options. Please try manually.`);
}
// Verify it has a download source
if (!selectedOption.source) {
throw new Error("Selected software option has no download link");
}
console.log("Found purchased version:", selectedOption);
console.log("Version price:", selectedOption.price, "(should be 0 after license activation)");
await logCommunication(`Auto-install: Starting installation of ${selectedOption.name} v${selectedOption.version} (version_id: ${purchasedVersionId})`, \'sent\');
// Step 6: Start automatic installation
console.log("Step 4: Starting installation...");
await downloadAndInstallSoftware(selectedOption);
// Close the payment modal after starting installation
setTimeout(() => {
closePaymentModal();
}, 2000);
} catch (error) {
console.error("Auto-installation failed:", error);
await logCommunication(`Auto-installation error: ${error.message}`, \'error\');
// Update modal to show error with actionable message
const modal = document.getElementById("paymentModal");
if (modal) {
const modalContent = modal.querySelector(\'.modal-content > div\');
if (modalContent) {
modalContent.innerHTML = `
<i class="fa-solid fa-exclamation-circle" style="font-size: 64px; color: #dc3545; margin-bottom: 20px;"></i>
<h2 style="color: #721c24; margin-bottom: 15px;">Auto-Installation Failed</h2>
<p style="margin-bottom: 10px; color: #333;">${error.message}</p>
<p style="font-size: 14px; color: #666; margin-bottom: 25px;">Please close this popup and manually connect your device to install the software.</p>
<button onclick="closePaymentModal()" class="btn" style="padding: 12px 30px;">Continue</button>
`;
}
}
}
};
// Trigger auto-install when payment success is detected
if (typeof window.PAYMENT_SUCCESS_ORDER_ID !== \'undefined\') {
// Wait for page to fully load and JavaScript to initialize, then trigger
setTimeout(() => {
triggerAutoInstallAfterPayment();
}, 2000);
}
// Close modal on background click
document.addEventListener("click", function(e) {
const helpModal = document.getElementById("helpModal");

4
translation_manage.php
View File

@@ -66,7 +66,7 @@ if (isset($_GET['rowID'])) {
if ($responses === 'NOK'){
} else {
if ($_SESSION['authorization']['permission'] == 4){
if (isAllowed('translations',$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'CRUD') === 0){
generateLanguageFile($_POST['language_key'],$_SESSION['authorization']['userkey']);
}
header('Location: index.php?page=translation_manage&rowID='.$_GET['rowID'].'');
@@ -99,7 +99,7 @@ if (isset($_GET['rowID'])) {
if ($NOK_error == 0){
//NO errors generatelanguagefile
if ($_SESSION['authorization']['permission'] == 4){
if (isAllowed('translations',$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'CRUD') === 0){
generateLanguageFile($attr_language,$_SESSION['authorization']['userkey']);
}
}

2
user.php
View File

@@ -411,7 +411,7 @@ $view .= '</div>'; // Close content-block
$view .= '</div>'; // Close content-block-wrapper
// Permissions Block
$view .= '<div class="content-block">
$view .= '<div class="content-block" style="display:none">
<div class="block-header">
<i class="fa-solid fa-key fa-sm"></i>'.($view_user_permissions ?? 'Permissions').'
</div>