168 lines
4.9 KiB
PHP
168 lines
4.9 KiB
PHP
<?php
|
|
defined($security_key) or exit;
|
|
|
|
//------------------------------------------
|
|
// User Roles
|
|
//------------------------------------------
|
|
//Connect to DB
|
|
$pdo = dbConnect($dbname);
|
|
|
|
//------------------------------------------
|
|
//NEW ARRAY
|
|
//------------------------------------------
|
|
$criterias = [];
|
|
$clause = '';
|
|
|
|
//------------------------------------------
|
|
//Check for $_GET variables and build up clause
|
|
//------------------------------------------
|
|
if(isset($get_content) && $get_content!=''){
|
|
//GET VARIABLES FROM URL
|
|
$requests = explode("&", $get_content);
|
|
//Check for keys and values
|
|
foreach ($requests as $y){
|
|
$v = explode("=", $y);
|
|
//INCLUDE VARIABLES IN ARRAY
|
|
$criterias[$v[0]] = $v[1];
|
|
if ($v[0] == 'page' || $v[0] =='p' || $v[0] =='totals' || $v[0] =='success_msg' || $v[0] =='sort' || $v[0] =='all'){
|
|
//do nothing
|
|
}
|
|
elseif ($v[0] == 'rowid') {
|
|
//build up search by ID
|
|
$clause .= ' AND r.rowID = :'.$v[0];
|
|
}
|
|
elseif ($v[0] == 'status') {
|
|
//Update status based on status
|
|
$clause .= ' AND r.is_active = :'.$v[0];
|
|
}
|
|
elseif ($v[0] == 'search') {
|
|
//build up search
|
|
$clause .= ' AND (r.name LIKE :'.$v[0].' OR r.description LIKE :'.$v[0].')';
|
|
}
|
|
elseif ($v[0] == 'name') {
|
|
//build up name search
|
|
$clause .= ' AND r.name = :'.$v[0];
|
|
}
|
|
else {
|
|
//create clause
|
|
$clause .= ' AND r.'.$v[0].' = :'.$v[0];
|
|
}
|
|
}
|
|
}
|
|
|
|
//Filter system roles for users without delete permission on user_roles
|
|
if (isAllowed('user_roles', $profile, $permission, 'D') !== 1) {
|
|
$clause .= ' AND r.is_system != 1 AND r.role_hierarchy >= '.$permission;
|
|
}
|
|
|
|
//Build WHERE clause
|
|
$whereclause = '';
|
|
if ($clause != ''){
|
|
$whereclause = 'WHERE '.substr($clause, 4);
|
|
}
|
|
|
|
// GET SORT INDICATOR
|
|
$sort_indicator = $criterias['sort'] ?? '';
|
|
|
|
switch ($sort_indicator){
|
|
case 1:
|
|
$sort = ' r.name ASC ';
|
|
break;
|
|
case 2:
|
|
$sort = ' r.name DESC ';
|
|
break;
|
|
case 3:
|
|
$sort = ' r.created ASC ';
|
|
break;
|
|
case 4:
|
|
$sort = ' r.created DESC ';
|
|
break;
|
|
default:
|
|
$sort = ' r.rowID ';
|
|
break;
|
|
}
|
|
|
|
if (isset($criterias['totals']) && $criterias['totals'] ==''){
|
|
//Request for total rows
|
|
$sql = 'SELECT count(*) as count FROM user_roles r '.$whereclause;
|
|
}
|
|
elseif (isset($criterias['all']) && $criterias['all'] ==''){
|
|
//Return all records (no paging)
|
|
$sql = 'SELECT r.*,
|
|
(SELECT COUNT(*) FROM role_access_permissions WHERE role_id = r.rowID) as permission_count
|
|
FROM user_roles r '.$whereclause.' ORDER BY '.$sort;
|
|
}
|
|
else {
|
|
//SQL with permission count
|
|
$sql = 'SELECT r.*,
|
|
(SELECT COUNT(*) FROM role_access_permissions WHERE role_id = r.rowID) as permission_count
|
|
FROM user_roles r '.$whereclause.' ORDER BY '.$sort.' LIMIT :page,:num_rows';
|
|
}
|
|
|
|
$stmt = $pdo->prepare($sql);
|
|
|
|
//------------------------------------------
|
|
//Bind to query
|
|
//------------------------------------------
|
|
if (!empty($criterias)){
|
|
foreach ($criterias as $key => $value){
|
|
$key_condition = ':'.$key;
|
|
if (str_contains($sql, $key_condition)){
|
|
if ($key == 'search'){
|
|
$search_value = '%'.$value.'%';
|
|
$stmt->bindValue($key, $search_value, PDO::PARAM_STR);
|
|
}
|
|
elseif ($key == 'p'){
|
|
//Do nothing (bug)
|
|
}
|
|
else {
|
|
$stmt->bindValue($key, $value, PDO::PARAM_STR);
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
//------------------------------------------
|
|
// Debuglog
|
|
//------------------------------------------
|
|
if (debug){
|
|
$message = $date.';'.$sql.';'.$username;
|
|
debuglog($message);
|
|
}
|
|
|
|
//------------------------------------------
|
|
//Add paging details
|
|
//------------------------------------------
|
|
$page_rows = $page_rows_equipment ?? 20;
|
|
|
|
if(isset($criterias['totals']) && $criterias['totals']==''){
|
|
$stmt->execute();
|
|
$messages = $stmt->fetch();
|
|
$messages = $messages[0];
|
|
}
|
|
elseif(isset($criterias['all']) && $criterias['all']==''){
|
|
//Return all records (no paging)
|
|
$stmt->execute();
|
|
$messages = $stmt->fetchAll(PDO::FETCH_ASSOC);
|
|
}
|
|
else {
|
|
$current_page = isset($criterias['p']) && is_numeric($criterias['p']) ? (int)$criterias['p'] : 1;
|
|
$stmt->bindValue('page', ($current_page - 1) * $page_rows, PDO::PARAM_INT);
|
|
$stmt->bindValue('num_rows', $page_rows, PDO::PARAM_INT);
|
|
//Execute Query
|
|
$stmt->execute();
|
|
//Get results
|
|
$messages = $stmt->fetchAll(PDO::FETCH_ASSOC);
|
|
}
|
|
|
|
//------------------------------------------
|
|
//JSON_EnCODE
|
|
//------------------------------------------
|
|
$messages = json_encode($messages, JSON_UNESCAPED_UNICODE);
|
|
//------------------------------------------
|
|
//Send results
|
|
//------------------------------------------
|
|
echo $messages;
|
|
|
|
?>
|