f7a91737bc
- Added AJAX functionality to fetch role permissions for copying. - Introduced system role management with permission checks for updates. - Implemented role deletion with confirmation modal and backend handling. - Enhanced user role assignment migration scripts to transition from legacy profiles to RBAC. - Created SQL migration scripts for user roles and permissions mapping. - Updated user interface to support new role management features including copy permissions and system role indicators.
152 lines
4.5 KiB
PHP
152 lines
4.5 KiB
PHP
<?php
|
|
defined($security_key) or exit;
|
|
|
|
//------------------------------------------
|
|
// Marketing Files
|
|
//------------------------------------------
|
|
|
|
//Connect to DB
|
|
$pdo = dbConnect($dbname);
|
|
|
|
//SoldTo is empty
|
|
if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
|
|
|
|
//default whereclause
|
|
$whereclause = '';
|
|
|
|
//NEW ARRAY
|
|
$criterias = [];
|
|
$clause = '';
|
|
|
|
//Check for $_GET variables and build up clause
|
|
if(isset($get_content) && $get_content!=''){
|
|
//GET VARIABLES FROM URL
|
|
$requests = explode("&", $get_content);
|
|
//Check for keys and values
|
|
foreach ($requests as $y){
|
|
$v = explode("=", $y);
|
|
//INCLUDE VARIABLES IN ARRAY
|
|
$criterias[$v[0]] = $v[1];
|
|
|
|
if ($v[0] == 'page' || $v[0] =='p' || $v[0] =='totals' || $v[0] =='list' || $v[0] == 'action' || $v[0] =='success_msg' || $v[0] == '_t'){
|
|
//do nothing
|
|
}
|
|
elseif ($v[0] == 'folder_id') {
|
|
if ($v[1] === 'null' || $v[1] === '') {
|
|
$clause .= ' AND folder_id IS NULL';
|
|
} else {
|
|
$clause .= ' AND folder_id = :folder_id';
|
|
}
|
|
}
|
|
elseif ($v[0] == 'search') {
|
|
$clause .= ' AND (title LIKE :search OR original_filename LIKE :search)';
|
|
}
|
|
elseif ($v[0] == 'tag') {
|
|
$clause .= ' AND EXISTS (SELECT 1 FROM marketing_file_tags ft JOIN marketing_tags t ON ft.tag_id = t.id WHERE ft.file_id = mf.id AND t.tag_name = :tag)';
|
|
}
|
|
elseif ($v[0] == 'file_type') {
|
|
$clause .= ' AND file_type = :file_type';
|
|
}
|
|
else {
|
|
// Ignore unknown parameters
|
|
}
|
|
}
|
|
if ($whereclause == '' && $clause !=''){
|
|
$whereclause = 'WHERE '.substr($clause, 4);
|
|
} else {
|
|
$whereclause .= $clause;
|
|
}
|
|
}
|
|
|
|
//Set page
|
|
$pagina = 1;
|
|
if(isset($criterias['p']) && $criterias['p'] !='') {
|
|
$pagina = $criterias['p'];
|
|
}
|
|
|
|
//Set limit
|
|
$limit = 50;
|
|
if(isset($criterias['limit']) && $criterias['limit'] !='') {
|
|
$limit = intval($criterias['limit']);
|
|
}
|
|
$offset = ($pagina - 1) * $limit;
|
|
|
|
//check for totals call
|
|
if(isset($criterias['totals'])){
|
|
$sql = 'SELECT COUNT(*) as found FROM marketing_files mf '.$whereclause.' ';
|
|
$stmt = $pdo->prepare($sql);
|
|
|
|
// Bind parameters
|
|
if (!empty($criterias)) {
|
|
foreach ($criterias as $key => $value) {
|
|
if ($key !== 'totals' && $key !== 'page' && $key !== 'p' && $key !== 'limit' && $key !== 'action') {
|
|
if ($key == 'search') {
|
|
$stmt->bindValue(':'.$key, '%'.$value.'%');
|
|
} elseif ($key == 'folder_id' && ($value === 'null' || $value === '')) {
|
|
continue;
|
|
} else {
|
|
$stmt->bindValue(':'.$key, $value);
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
$stmt->execute();
|
|
$found = $stmt->fetchColumn();
|
|
echo $found;
|
|
exit;
|
|
}
|
|
|
|
// Main query
|
|
$sql = "SELECT
|
|
mf.*,
|
|
GROUP_CONCAT(mt.tag_name) as tags
|
|
FROM marketing_files mf
|
|
LEFT JOIN marketing_file_tags mft ON mf.id = mft.file_id
|
|
LEFT JOIN marketing_tags mt ON mft.tag_id = mt.id
|
|
" . $whereclause . "
|
|
GROUP BY mf.id
|
|
ORDER BY mf.created DESC
|
|
LIMIT " . $limit . " OFFSET " . $offset;
|
|
|
|
$stmt = $pdo->prepare($sql);
|
|
|
|
// Bind parameters
|
|
if (!empty($criterias)) {
|
|
foreach ($criterias as $key => $value) {
|
|
if ($key !== 'totals' && $key !== 'page' && $key !== 'p' && $key !== 'limit') {
|
|
if ($key == 'search') {
|
|
$stmt->bindValue(':'.$key, '%'.$value.'%');
|
|
} elseif ($key == 'folder_id' && ($value === 'null' || $value === '')) {
|
|
continue;
|
|
} else {
|
|
$stmt->bindValue(':'.$key, $value);
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
$stmt->execute();
|
|
$marketing_files = $stmt->fetchAll(PDO::FETCH_ASSOC);
|
|
|
|
// Process each file
|
|
foreach ($marketing_files as &$file) {
|
|
// Process tags
|
|
$file['tags'] = $file['tags'] ? explode(',', $file['tags']) : [];
|
|
|
|
// Format file size
|
|
$bytes = $file['file_size'];
|
|
if ($bytes >= 1073741824) {
|
|
$file['file_size_formatted'] = number_format($bytes / 1073741824, 2) . ' GB';
|
|
} elseif ($bytes >= 1048576) {
|
|
$file['file_size_formatted'] = number_format($bytes / 1048576, 2) . ' MB';
|
|
} elseif ($bytes >= 1024) {
|
|
$file['file_size_formatted'] = number_format($bytes / 1024, 2) . ' KB';
|
|
} else {
|
|
$file['file_size_formatted'] = $bytes . ' B';
|
|
}
|
|
}
|
|
|
|
// Return result
|
|
echo json_encode($marketing_files, JSON_UNESCAPED_UNICODE);
|
|
exit; |