AS1024
/
itflow
mirror of https://github.com/itflow-org/itflow
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Custom Roles & Permissions 

Initial enforcement of custom roles & permissions - only on some pages via GET for now.
This commit is contained in:
wrongecho 2024-09-20 17:59:49 +01:00
parent 1390ca07f9
commit 10fafacefe
43 changed files with 469 additions and 345 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
accounts.php
View File

@ -6,6 +6,9 @@ $order = "ASC";
require_once "inc_all.php";
// Perms
enforceUserPermission('module_financial');
//Rebuild URL
$url_query_strings_sort = http_build_query($get_copy);

2
admin_roles.php
View File

@ -21,7 +21,7 @@ $sql = mysqli_query(
$num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
?>
<div class="alert alert-danger"><strong>Roles are not yet active/enforced - do not use.</strong><hr></div>
<div class="alert alert-warning"><strong>Roles are still in development. Permissions may not be fully be enforced.</strong><hr></div>
<div class="card card-dark">
<div class="card-header py-2">

6
admin_side_nav.php
View File

@ -22,6 +22,12 @@
<p>Users</p>
</a>
</li>
<li class="nav-item">
<a href="admin_roles.php" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "admin_roles.php") {echo "active";} ?>">
<i class="nav-icon fas fa-user-shield"></i>
<p>Roles</p>
</a>
</li>
<li class="nav-item">
<a href="admin_api.php" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "admin_api.php") {echo "active";} ?>">
<i class="nav-icon fas fa-key"></i>

3
budget.php
View File

@ -2,6 +2,9 @@
require_once "inc_all.php";
// Perms
enforceUserPermission('module_financial');
// Fetch categories
$query = "SELECT category_id, category_name FROM categories WHERE category_type ='Expense' AND category_archived_at IS NULL";
$result = mysqli_query($mysqli, $query);

16
check_login.php
View File

@ -38,20 +38,20 @@ $session_user_agent = sanitizeInput($_SERVER['HTTP_USER_AGENT']);
$session_user_id = intval($_SESSION['user_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM users, user_settings WHERE users.user_id = user_settings.user_id AND users.user_id = $session_user_id");
$sql = mysqli_query(
$mysqli,
"SELECT * FROM USERS
LEFT JOIN user_settings ON users.user_id = user_settings.user_id
LEFT JOIN user_roles ON user_settings.user_role = user_roles.user_role_id
WHERE users.user_id = $session_user_id"
);
$row = mysqli_fetch_array($sql);
$session_name = sanitizeInput($row['user_name']);
$session_email = $row['user_email'];
$session_avatar = $row['user_avatar'];
$session_token = $row['user_token'];
$session_user_role = intval($row['user_role']);
if ($session_user_role == 3) {
$session_user_role_display = "Administrator";
} elseif ($session_user_role == 2) {
$session_user_role_display = "Technician";
} else {
$session_user_role_display = "Accountant";
}
$session_user_role_display = sanitizeInput($row['user_role_name']);
if (isset($row['user_role_is_admin']) && $row['user_role_is_admin'] == 1) {
$session_is_admin = true;
}

3
client_assets.php
View File

@ -6,6 +6,9 @@ $order = "ASC";
require_once "inc_all_client.php";
// Perms
enforceUserPermission('module_support');
//Asset Type from GET
if (isset($_GET['type']) && ($_GET['type']) == 'workstation') {
$type_query = "asset_type = 'desktop' OR asset_type = 'laptop'";

2
client_certificates.php
View File

@ -6,6 +6,8 @@ $order = "ASC";
require_once "inc_all_client.php";
// Perms
enforceUserPermission('module_support');
//Rebuild URL
$url_query_strings_sort = http_build_query($get_copy);

2
client_documents.php
View File

@ -6,6 +6,8 @@ $order = "ASC";
require_once "inc_all_client.php";
// Perms
enforceUserPermission('module_support');
// Folder
if (!empty($_GET['folder_id'])) {

2
client_domains.php
View File

@ -6,6 +6,8 @@ $order = "ASC";
require_once "inc_all_client.php";
// Perms
enforceUserPermission('module_support');
//Rebuild URL
$url_query_strings_sort = http_build_query($get_copy);

2
client_invoices.php
View File

@ -6,6 +6,8 @@ $order = "DESC";
require_once "inc_all_client.php";
// Perms
enforceUserPermission('module_sales');
//Rebuild URL
$url_query_strings_sort = http_build_query($get_copy);

3
client_logins.php
View File

@ -6,6 +6,9 @@ $order = "ASC";
require_once "inc_all_client.php";
// Perms
enforceUserPermission('module_credential');
// Log when users load the Credentials/Logins page
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Credential', log_action = 'View', log_description = '$session_name viewed the Credentials page for client', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id");

2
client_networks.php
View File

@ -6,6 +6,8 @@ $order = "ASC";
require_once "inc_all_client.php";
// Perms
enforceUserPermission('module_support');
//Rebuild URL
$url_query_strings_sb = http_build_query(array_merge($_GET, array('sort' => $sort, 'order' => $order)));

2
client_payments.php
View File

@ -6,6 +6,8 @@ $order = "DESC";
require_once "inc_all_client.php";
// Perms
enforceUserPermission('module_financial');
//Rebuild URL
$url_query_strings_sort = http_build_query($get_copy);

2
client_quotes.php
View File

@ -6,6 +6,8 @@ $order = "DESC";
require_once "inc_all_client.php";
// Perms
enforceUserPermission('module_sales');
//Rebuild URL
$url_query_strings_sort = http_build_query($get_copy);

3
client_racks.php
View File

@ -6,6 +6,9 @@ $order = "ASC";
require_once "inc_all_client.php";
// Perms
enforceUserPermission('module_support');
// Rebuild URL
$url_query_strings_sort = http_build_query($get_copy);

2
client_recurring_invoices.php
View File

@ -6,6 +6,8 @@ $order = "DESC";
require_once "inc_all_client.php";
// Perms
enforceUserPermission('module_sales');
//Rebuild URL
$url_query_strings_sort = http_build_query($get_copy);

2
client_recurring_tickets.php
View File

@ -6,6 +6,8 @@ $order = "ASC";
require_once "inc_all_client.php";
// Perms
enforceUserPermission('module_support');
//Rebuild URL
$url_query_strings_sort = http_build_query($get_copy);

2
client_services.php
View File

@ -6,6 +6,8 @@ $order = "ASC";
require_once "inc_all_client.php";
// Perms
enforceUserPermission('module_support');
//Rebuild URL
$url_query_strings_sort = http_build_query($get_copy);

401
client_side_nav.php
View File

@ -51,37 +51,36 @@
</a>
</li>
<?php if ($config_module_enable_ticketing == 1 && lookupUserPermission("module_support") >= 1) { ?>
<li class="nav-header mt-3">SUPPORT</li>
<?php if ($config_module_enable_ticketing == 1) { ?>
<li class="nav-header mt-3">SUPPORT</li>
<li class="nav-item">
<a href="client_tickets.php?client_id=<?php echo $client_id; ?>" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "client_tickets.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-life-ring"></i>
<p>
Tickets
<?php
if ($num_active_tickets > 0) { ?>
<span class="right badge <?php if ($num_active_tickets > 0) { ?> badge-danger <?php } ?> text-light"><?php echo $num_active_tickets; ?></span>
<?php } ?>
<li class="nav-item">
<a href="client_tickets.php?client_id=<?php echo $client_id; ?>" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "client_tickets.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-life-ring"></i>
<p>
Tickets
<?php
if ($num_active_tickets > 0) { ?>
<span class="right badge <?php if ($num_active_tickets > 0) { ?> badge-danger <?php } ?> text-light"><?php echo $num_active_tickets; ?></span>
<?php } ?>
</p>
</a>
</li>
</p>
</a>
</li>
<li class="nav-item">
<a href="client_recurring_tickets.php?client_id=<?php echo $client_id; ?>" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "client_recurring_tickets.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-redo-alt"></i>
<p>
Recurring
<?php
if ($num_scheduled_tickets) { ?>
<span class="right badge"><?php echo $num_scheduled_tickets; ?></span>
<?php } ?>
<li class="nav-item">
<a href="client_recurring_tickets.php?client_id=<?php echo $client_id; ?>" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "client_recurring_tickets.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-redo-alt"></i>
<p>
Recurring
<?php
if ($num_scheduled_tickets) { ?>
<span class="right badge"><?php echo $num_scheduled_tickets; ?></span>
<?php } ?>
</p>
</a>
</li>
</p>
</a>
</li>
<?php } ?>
@ -113,199 +112,207 @@
<?php if ($config_module_enable_itdoc == 1) { ?>
<li class="nav-header mt-3">DOCUMENTATION</li>
<li class="nav-header mt-3">DOCUMENTATION</li>
<li class="nav-item">
<a href="client_assets.php?client_id=<?php echo $client_id; ?>" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "client_assets.php" || basename($_SERVER["PHP_SELF"]) == "client_asset_details.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-desktop"></i>
<p>
Assets
<?php
if ($num_assets > 0) { ?>
<span class="right badge text-light"><?php echo $num_assets; ?></span>
<?php } ?>
</p>
</a>
</li>
<?php if (lookupUserPermission("module_support") >= 1) { ?>
<li class="nav-item">
<a href="client_assets.php?client_id=<?php echo $client_id; ?>" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "client_assets.php" || basename($_SERVER["PHP_SELF"]) == "client_asset_details.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-desktop"></i>
<p>
Assets
<?php
if ($num_assets > 0) { ?>
<span class="right badge text-light"><?php echo $num_assets; ?></span>
<?php } ?>
</p>
</a>
</li>
<li class="nav-item">
<a href="client_software.php?client_id=<?php echo $client_id; ?>" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "client_software.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-cube"></i>
<p>
Licenses
<?php
if ($num_software > 0) { ?>
<span class="right badge <?php if ($num_software_expiring > 0) { ?> badge-warning text-dark <?php } ?> <?php if ($num_software_expired > 0) { ?> badge-danger <?php } ?> text-white"><?php echo $num_software; ?></span>
<?php } ?>
</p>
</a>
</li>
<li class="nav-item">
<a href="client_software.php?client_id=<?php echo $client_id; ?>" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "client_software.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-cube"></i>
<p>
Licenses
<?php
if ($num_software > 0) { ?>
<span class="right badge <?php if ($num_software_expiring > 0) { ?> badge-warning text-dark <?php } ?> <?php if ($num_software_expired > 0) { ?> badge-danger <?php } ?> text-white"><?php echo $num_software; ?></span>
<?php } ?>
</p>
</a>
</li>
<li class="nav-item">
<a href="client_logins.php?client_id=<?php echo $client_id; ?>" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "client_logins.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-key"></i>
<p>
Credentials
<?php
if ($num_logins > 0) { ?>
<span class="right badge text-light"><?php echo $num_logins; ?></span>
<?php } ?>
</p>
</a>
</li>
<li class="nav-item">
<a href="client_logins.php?client_id=<?php echo $client_id; ?>" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "client_logins.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-key"></i>
<p>
Credentials
<?php
if ($num_logins > 0) { ?>
<span class="right badge text-light"><?php echo $num_logins; ?></span>
<?php } ?>
</p>
</a>
</li>
<li class="nav-item">
<a href="client_networks.php?client_id=<?php echo $client_id; ?>" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "client_networks.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-network-wired"></i>
<p>
Networks
<?php
if ($num_networks > 0) { ?>
<span class="right badge text-light"><?php echo $num_networks; ?></span>
<?php } ?>
</p>
</a>
</li>
<li class="nav-item">
<a href="client_networks.php?client_id=<?php echo $client_id; ?>" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "client_networks.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-network-wired"></i>
<p>
Networks
<?php
if ($num_networks > 0) { ?>
<span class="right badge text-light"><?php echo $num_networks; ?></span>
<?php } ?>
</p>
</a>
</li>
<li class="nav-item">
<a href="client_racks.php?client_id=<?php echo $client_id; ?>" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "client_racks.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-server"></i>
<p>
Racks
<?php
if ($num_racks > 0) { ?>
<span class="right badge text-light"><?php echo $num_racks; ?></span>
<?php } ?>
</p>
</a>
</li>
<li class="nav-item">
<a href="client_racks.php?client_id=<?php echo $client_id; ?>" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "client_racks.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-server"></i>
<p>
Racks
<?php
if ($num_racks > 0) { ?>
<span class="right badge text-light"><?php echo $num_racks; ?></span>
<?php } ?>
</p>
</a>
</li>
<li class="nav-item">
<a href="client_certificates.php?client_id=<?php echo $client_id; ?>" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "client_certificates.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-lock"></i>
<p>
Certificates
<li class="nav-item">
<a href="client_certificates.php?client_id=<?php echo $client_id; ?>" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "client_certificates.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-lock"></i>
<p>
Certificates
<?php
if ($num_certificates > 0) { ?>
<span class="right badge <?php if ($num_certificates_expiring > 0) { ?> badge-warning text-dark <?php } ?> <?php if ($num_certificates_expired > 0) { ?> badge-danger <?php } ?> text-white"><?php echo $num_certificates; ?></span>
<?php } ?>
</p>
</a>
</li>
<?php
if ($num_certificates > 0) { ?>
<span class="right badge <?php if ($num_certificates_expiring > 0) { ?> badge-warning text-dark <?php } ?> <?php if ($num_certificates_expired > 0) { ?> badge-danger <?php } ?> text-white"><?php echo $num_certificates; ?></span>
<?php } ?>
</p>
</a>
</li>
<li class="nav-item">
<a href="client_domains.php?client_id=<?php echo $client_id; ?>" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "client_domains.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-globe"></i>
<p>
Domains
<li class="nav-item">
<a href="client_domains.php?client_id=<?php echo $client_id; ?>" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "client_domains.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-globe"></i>
<p>
Domains
<?php
if ($num_domains > 0) { ?>
<span class="right badge <?php if ($num_domains_expiring > 0) { ?> badge-warning text-dark<?php } ?> <?php if ($num_domains_expired > 0) { ?> badge-danger <?php } ?> text-white"><?php echo $num_domains; ?></span>
<?php } ?>
</p>
</a>
</li>
<?php
if ($num_domains > 0) { ?>
<span class="right badge <?php if ($num_domains_expiring > 0) { ?> badge-warning text-dark<?php } ?> <?php if ($num_domains_expired > 0) { ?> badge-danger <?php } ?> text-white"><?php echo $num_domains; ?></span>
<?php } ?>
</p>
</a>
</li>
<li class="nav-item">
<a href="client_services.php?client_id=<?php echo $client_id; ?>" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "client_services.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-stream"></i>
<p>
Services
<?php
if ($num_services > 0) { ?>
<span class="right badge text-light"><?php echo $num_services; ?></span>
<?php } ?>
</p>
</a>
</li>
<li class="nav-item">
<a href="client_services.php?client_id=<?php echo $client_id; ?>" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "client_services.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-stream"></i>
<p>
Services
<?php
if ($num_services > 0) { ?>
<span class="right badge text-light"><?php echo $num_services; ?></span>
<?php } ?>
</p>
</a>
</li>
<li class="nav-item">
<a href="client_documents.php?client_id=<?php echo $client_id; ?>" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "client_documents.php" || basename($_SERVER["PHP_SELF"]) == "client_document_details.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-folder"></i>
<p>
Documents
<?php
if ($num_documents > 0) { ?>
<span class="right badge text-light"><?php echo $num_documents; ?></span>
<?php } ?>
</p>
</a>
</li>
<li class="nav-item">
<a href="client_documents.php?client_id=<?php echo $client_id; ?>" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "client_documents.php" || basename($_SERVER["PHP_SELF"]) == "client_document_details.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-folder"></i>
<p>
Documents
<?php
if ($num_documents > 0) { ?>
<span class="right badge text-light"><?php echo $num_documents; ?></span>
<?php } ?>
</p>
</a>
</li>
<?php } ?>
<li class="nav-item">
<a href="client_files.php?client_id=<?php echo $client_id; ?>" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "client_files.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-paperclip"></i>
<p>
Files
<?php
if ($num_files > 0) { ?>
<span class="right badge text-light"><?php echo $num_files; ?></span>
<?php } ?>
</p>
</a>
</li>
<!-- Allow files even without module_support for things like contracts, etc. ) -->
<li class="nav-item">
<a href="client_files.php?client_id=<?php echo $client_id; ?>" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "client_files.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-paperclip"></i>
<p>
Files
<?php
if ($num_files > 0) { ?>
<span class="right badge text-light"><?php echo $num_files; ?></span>
<?php } ?>
</p>
</a>
</li>
<?php } ?>
<?php if ($session_user_role == 1 || $session_user_role > 2 && $config_module_enable_accounting == 1) { ?>
<?php if ($config_module_enable_accounting == 1) { ?>
<li class="nav-header mt-3">FINANCE</li>
<li class="nav-item">
<a href="client_invoices.php?client_id=<?php echo $client_id; ?>" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "client_invoices.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-file-invoice"></i>
<p>
Invoices
<?php
if ($num_invoices > 0) { ?>
<span class="right badge <?php if ($num_invoices_open > 0) { ?> badge-danger <?php } ?> text-light"><?php echo $num_invoices; ?></span>
<?php } ?>
</p>
</a>
</li>
<?php if (lookupUserPermission("module_sales") >= 1) { ?>
<li class="nav-item">
<a href="client_recurring_invoices.php?client_id=<?php echo $client_id; ?>" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "client_recurring_invoices.php" || basename($_SERVER["PHP_SELF"]) == "client_recurring_invoice.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-redo-alt"></i>
<p>
Recurring
<?php
if ($num_recurring > 0) { ?>
<span class="right badge"><?php echo $num_recurring; ?></span>
<?php } ?>
</p>
</a>
</li>
<li class="nav-item">
<a href="client_invoices.php?client_id=<?php echo $client_id; ?>" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "client_invoices.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-file-invoice"></i>
<p>
Invoices
<?php
if ($num_invoices > 0) { ?>
<span class="right badge <?php if ($num_invoices_open > 0) { ?> badge-danger <?php } ?> text-light"><?php echo $num_invoices; ?></span>
<?php } ?>
</p>
</a>
</li>
<li class="nav-item">
<a href="client_recurring_invoices.php?client_id=<?php echo $client_id; ?>" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "client_recurring_invoices.php" || basename($_SERVER["PHP_SELF"]) == "client_recurring_invoice.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-redo-alt"></i>
<p>
Recurring
<?php
if ($num_recurring > 0) { ?>
<span class="right badge"><?php echo $num_recurring; ?></span>
<?php } ?>
</p>
</a>
</li>
<li class="nav-item">
<a href="client_quotes.php?client_id=<?php echo $client_id; ?>" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "client_quotes.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-comment-dollar"></i>
<p>
Quotes
<?php
if ($num_quotes > 0) { ?>
<span class="right badge text-light"><?php echo $num_quotes; ?></span>
<?php } ?>
</p>
</a>
</li>
<li class="nav-item">
<a href="client_quotes.php?client_id=<?php echo $client_id; ?>" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "client_quotes.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-comment-dollar"></i>
<p>
Quotes
<?php
if ($num_quotes > 0) { ?>
<span class="right badge text-light"><?php echo $num_quotes; ?></span>
<?php } ?>
</p>
</a>
</li>
<li class="nav-item">
<a href="client_payments.php?client_id=<?php echo $client_id; ?>" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "client_payments.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-credit-card"></i>
<p>
Payments
<?php
if ($num_payments > 0) { ?>
<span class="right badge text-light"><?php echo $num_payments; ?></span>
<?php } ?>
</p>
</a>
</li>
<?php } ?>
<?php if (lookupUserPermission("module_financial") >= 1) { ?>
<li class="nav-item">
<a href="client_payments.php?client_id=<?php echo $client_id; ?>" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "client_payments.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-credit-card"></i>
<p>
Payments
<?php
if ($num_payments > 0) { ?>
<span class="right badge text-light"><?php echo $num_payments; ?></span>
<?php } ?>
</p>
</a>
</li>
<?php } ?>
<li class="nav-item">
<a href="client_trips.php?client_id=<?php echo $client_id; ?>" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "client_trips.php") { echo "active"; } ?>">

2
client_software.php
View File

@ -6,6 +6,8 @@ $order = "ASC";
require_once "inc_all_client.php";
// Perms
enforceUserPermission('module_support');
//Rebuild URL
$url_query_strings_sort = http_build_query($get_copy);

3
client_tickets.php
View File

@ -7,6 +7,9 @@ $order = "DESC";
require_once "inc_all_client.php";
// Perms
enforceUserPermission('module_support');
if (isset($_GET['status']) && ($_GET['status']) == 'Closed') {
$status = 'Closed';
$ticket_status_snippet = "ticket_resolved_at IS NOT NULL";

2
client_vendors.php
View File

@ -6,6 +6,8 @@ $order = "ASC";
require_once "inc_all_client.php";
// Perms
enforceUserPermission('module_client');
//Rebuild URL
$url_query_strings_sort = http_build_query($get_copy);

3
clients.php
View File

@ -6,6 +6,9 @@ $order = "DESC";
require_once "inc_all.php";
// Perms
enforceUserPermission('module_client');
// Leads Query
$leads = 0;

3
expenses.php
View File

@ -6,6 +6,9 @@ $order = "DESC";
require_once "inc_all.php";
// Perms
enforceUserPermission('module_financial');
// Account Filter
if (isset($_GET['account']) & !empty($_GET['account'])) {
$account_query = 'AND (expense_account_id = ' . intval($_GET['account']) . ')';

8
functions.php
View File

@ -1322,7 +1322,11 @@ function enforceUserPermission($module, $check_access_level = 1) {
if (!$permitted_access_level || $permitted_access_level < $check_access_level) {
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit(WORDING_ROLECHECK_FAILED);
$map = [
"1" => "read",
"2" => "write",
"3" => "full"
];
exit(WORDING_ROLECHECK_FAILED . "<br>Tell your admin: $map[$check_access_level] access to $module is not permitted for your role.");
}
}

4
inc_all_admin.php
View File

@ -6,7 +6,9 @@ require_once "functions.php";
require_once "check_login.php";
validateAdminRole();
if (!isset($session_is_admin) || !$session_is_admin) {
exit(WORDING_ROLECHECK_FAILED . "<br>Tell your admin: Your role does not have admin access.");
}
require_once "header.php";

3
inc_all_client.php
View File

@ -6,6 +6,9 @@ require_once "functions.php";
require_once "check_login.php";
// Perms
enforceUserPermission('module_client');
if (isset($_GET['client_id'])) {
$client_id = intval($_GET['client_id']);

3
inc_all_reports.php
View File

@ -6,6 +6,9 @@ require_once "functions.php";
require_once "check_login.php";
// Reporting Perms
enforceUserPermission('module_reporting');
require_once "header.php";
require_once "top_nav.php";

3
invoices.php
View File

@ -6,6 +6,9 @@ $order = "DESC";
require_once "inc_all.php";
// Perms
enforceUserPermission('module_sales');
$row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT COUNT('invoice_id') AS num FROM invoices WHERE invoice_status = 'Sent'"));
$sent_count = $row['num'];

2
payments.php
View File

@ -6,6 +6,8 @@ $order = "DESC";
require_once "inc_all.php";
// Perms
enforceUserPermission('module_financial');
// Payment Method Filter
if (isset($_GET['method']) & !empty($_GET['method'])) {

3
products.php
View File

@ -6,6 +6,9 @@ $order = "ASC";
require_once "inc_all.php";
// Perms
enforceUserPermission('module_sales');
// Category Filter
if (isset($_GET['category']) & !empty($_GET['category'])) {
$category_query = 'AND (category_id = ' . intval($_GET['category']) . ')';

3
projects.php
View File

@ -6,6 +6,9 @@ $order = "ASC";
require_once "inc_all.php";
// Perms
enforceUserPermission('module_support');
// Status Query
$status = 0;

2
quotes.php
View File

@ -6,6 +6,8 @@ $order = "DESC";
require_once "inc_all.php";
// Perms
enforceUserPermission('module_sales');
//Rebuild URL
$url_query_strings_sort = http_build_query($get_copy);

2
recurring_expenses.php
View File

@ -6,6 +6,8 @@ $order = "ASC";
require_once "inc_all.php";
// Perms
enforceUserPermission('module_financial');
//Rebuild URL
$url_query_strings_sort = http_build_query($get_copy);

3
recurring_invoices.php
View File

@ -6,6 +6,9 @@ $order = "ASC";
require_once "inc_all.php";
// Perms
enforceUserPermission('module_sales');
//Rebuild URL
$url_query_strings_sort = http_build_query($get_copy);

3
recurring_tickets.php
View File

@ -6,6 +6,9 @@ $order = "ASC";
require_once "inc_all.php";
// Perms
enforceUserPermission('module_support');
// Ticket client access snippet
$rec_ticket_permission_snippet = '';
if (!empty($client_access_string)) {

3
report_assets.php
View File

@ -6,7 +6,8 @@ $order = "ASC";
require_once "inc_all_reports.php";
validateTechRole();
// Perms
enforceUserPermission('module_support');
//Asset Type from GET
if (isset($_GET['type']) && ($_GET['type']) == 'workstation') {

178
reports_side_nav.php
View File

@ -15,95 +15,106 @@
<ul class="nav nav-pills nav-sidebar flex-column mt-2" data-widget="treeview" data-accordion="false">
<?php if ($session_user_role == 1 || $session_user_role == 3 && $config_module_enable_accounting == 1) { ?>
<?php if ($config_module_enable_accounting == 1) { ?>
<li class="nav-header">FINANCIAL</li>
<li class="nav-item">
<a href="report_income_summary.php" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "report_income_summary.php") { echo "active"; } ?>">
<i class="far fa-circle nav-icon"></i>
<p>Income</p>
</a>
</li>
<li class="nav-item">
<a href="report_income_by_client.php" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "report_income_by_client.php") { echo "active"; } ?>">
<i class="far fa-user nav-icon"></i>
<p>Income By Client</p>
</a>
</li>
<li class="nav-item">
<a href="report_recurring_by_client.php" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "report_recurring_by_client.php") { echo "active"; } ?>">
<i class="fa fa-sync nav-icon"></i>
<p>Recurring Income By Client</p>
</a>
</li>
<li class="nav-item">
<a href="report_clients_with_balance.php" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "report_clients_with_balance.php") { echo "active"; } ?>">
<i class="fa fa-exclamation-triangle nav-icon"></i>
<p>Clients with a Balance</p>
</a>
</li>
<li class="nav-item">
<a href="report_expense_summary.php" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "report_expense_summary.php") { echo "active"; } ?>">
<i class="far fa-credit-card nav-icon"></i>
<p>Expense</p>
</a>
</li>
<li class="nav-item">
<a href="report_expense_by_vendor.php" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "report_expense_by_vendor.php") { echo "active"; } ?>">
<i class="far fa-building nav-icon"></i>
<p>Expense By Vendor</p>
</a>
</li>
<li class="nav-item">
<a href="report_budget.php" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "report_budget.php") { echo "active"; } ?>">
<i class="fas fa-list nav-icon"></i>
<p>Budget</p>
</a>
</li>
<li class="nav-item">
<a href="report_tax_summary.php" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "report_tax_summary.php") { echo "active"; } ?>">
<i class="fas fa-percent nav-icon"></i>
<p>Tax Summary</p>
</a>
</li>
<li class="nav-item">
<a href="report_profit_loss.php" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "report_profit_loss.php") { echo "active"; } ?>">
<i class="fas fa-file-invoice-dollar nav-icon"></i>
<p>Profit & Loss</p>
</a>
</li>
<li class="nav-item">
<a href="report_tickets_unbilled.php" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "report_tickets_unbilled.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-life-ring"></i>
<p>Unbilled Tickets</p>
</a>
</li>
<?php if (lookupUserPermission("module_financial") >= 1) { ?>
<li class="nav-item">
<a href="report_income_summary.php" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "report_income_summary.php") { echo "active"; } ?>">
<i class="far fa-circle nav-icon"></i>
<p>Income</p>
</a>
</li>
<li class="nav-item">
<a href="report_income_by_client.php" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "report_income_by_client.php") { echo "active"; } ?>">
<i class="far fa-user nav-icon"></i>
<p>Income By Client</p>
</a>
</li>
<li class="nav-item">
<a href="report_recurring_by_client.php" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "report_recurring_by_client.php") { echo "active"; } ?>">
<i class="fa fa-sync nav-icon"></i>
<p>Recurring Income By Client</p>
</a>
</li>
<li class="nav-item">
<a href="report_clients_with_balance.php" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "report_clients_with_balance.php") { echo "active"; } ?>">
<i class="fa fa-exclamation-triangle nav-icon"></i>
<p>Clients with a Balance</p>
</a>
</li>
<li class="nav-item">
<a href="report_expense_summary.php" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "report_expense_summary.php") { echo "active"; } ?>">
<i class="far fa-credit-card nav-icon"></i>
<p>Expense</p>
</a>
</li>
<li class="nav-item">
<a href="report_expense_by_vendor.php" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "report_expense_by_vendor.php") { echo "active"; } ?>">
<i class="far fa-building nav-icon"></i>
<p>Expense By Vendor</p>
</a>
</li>
<li class="nav-item">
<a href="report_budget.php" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "report_budget.php") { echo "active"; } ?>">
<i class="fas fa-list nav-icon"></i>
<p>Budget</p>
</a>
</li>
<li class="nav-item">
<a href="report_tax_summary.php" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "report_tax_summary.php") { echo "active"; } ?>">
<i class="fas fa-percent nav-icon"></i>
<p>Tax Summary</p>
</a>
</li>
<li class="nav-item">
<a href="report_profit_loss.php" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "report_profit_loss.php") { echo "active"; } ?>">
<i class="fas fa-file-invoice-dollar nav-icon"></i>
<p>Profit & Loss</p>
</a>
</li>
<?php } ?>
<?php if (lookupUserPermission("module_sales") >= 1) { ?>
<li class="nav-item">
<a href="report_tickets_unbilled.php" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "report_tickets_unbilled.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-life-ring"></i>
<p>Unbilled Tickets</p>
</a>
</li>
<?php } ?>
<?php } // End financial reports IF statement ?>
<?php if ($session_user_role == 2 || $session_user_role == 3) { ?>
<li class="nav-header">TECHNICAL</li>
<li class="nav-item">
<a href="report_ticket_summary.php" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "report_ticket_summary.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-life-ring"></i>
<p>Tickets</p>
</a>
</li>
<li class="nav-item">
<a href="report_ticket_by_client.php" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "report_ticket_by_client.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-life-ring"></i>
<p>Tickets by Client</p>
</a>
</li>
<li class="nav-item">
<a href="report_password_rotation.php" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "report_password_rotation.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-life-ring"></i>
<p>Password rotation</p>
</a>
</li>
<li class="nav-header">TECHNICAL</li>
<?php if ($config_module_enable_ticketing) { ?>
<li class="nav-item">
<a href="report_ticket_summary.php" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "report_ticket_summary.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-life-ring"></i>
<p>Tickets</p>
</a>
</li>
<li class="nav-item">
<a href="report_ticket_by_client.php" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "report_ticket_by_client.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-life-ring"></i>
<p>Tickets by Client</p>
</a>
</li>
<?php } ?>
<?php if (lookupUserPermission("module_credential") >= 1) { ?>
<li class="nav-item">
<a href="report_password_rotation.php" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "report_password_rotation.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-life-ring"></i>
<p>Password rotation</p>
</a>
</li>
<?php } ?>
<li class="nav-header">OVERVIEWS</li>
<li class="nav-item">
<a href="report_assets.php" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "report_assets.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-desktop"></i>
@ -116,7 +127,6 @@
<p>All Domains</p>
</a>
</li>
<?php } // End technical reports IF statement ?>
</ul>

2
revenues.php
View File

@ -6,6 +6,8 @@ $order = "DESC";
require_once "inc_all.php";
// Perms
enforceUserPermission('module_financial');
//Rebuild URL
$url_query_strings_sort = http_build_query($get_copy);

110
side_nav.php
View File

@ -17,61 +17,66 @@
<p>Dashboard</p>
</a>
</li>
<li class="nav-item">
<a href="clients.php" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "clients.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-users"></i>
<p>
Clients
<?php if ($num_active_clients) { ?>
<span class="right badge text-light"><?php echo $num_active_clients; ?></span>
<?php } ?>
</p>
</a>
</li>
<?php if ($session_user_role >= 2 && $config_module_enable_ticketing == 1) { ?>
<li class="nav-header mt-3">SUPPORT</li>
<?php if (lookupUserPermission("module_client") >= 1) { ?>
<li class="nav-item">
<a href="tickets.php" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "tickets.php" || basename($_SERVER["PHP_SELF"]) == "ticket.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-life-ring"></i>
<a href="clients.php" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "clients.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-users"></i>
<p>
Tickets
<?php if ($num_active_tickets) { ?>
<span class="right badge text-light"><?php echo $num_active_tickets; ?></span>
<?php } ?>
</p>
</a>
</li>
<li class="nav-item">
<a href="recurring_tickets.php" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "recurring_tickets.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-redo-alt"></i>
<p>
Recurring
<?php if ($num_recurring_tickets) { ?>
<span class="right badge text-light"><?php echo $num_recurring_tickets; ?></span>
<?php } ?>
</p>
</a>
</li>
<li class="nav-item">
<a href="projects.php" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "projects.php" || basename($_SERVER["PHP_SELF"]) == "project_details.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-project-diagram"></i>
<p>
Projects
<?php if ($num_active_projects) { ?>
<span class="right badge text-light"><?php echo $num_active_projects; ?></span>
<?php } ?>
Clients
<?php if ($num_active_clients) { ?>
<span class="right badge text-light"><?php echo $num_active_clients; ?></span>
<?php } ?>
</p>
</a>
</li>
<?php } ?>
<?php if (lookupUserPermission("module_support") >= 1) { ?>
<?php if ($config_module_enable_ticketing == 1) { ?>
<li class="nav-header mt-3">SUPPORT</li>
<li class="nav-item">
<a href="tickets.php" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "tickets.php" || basename($_SERVER["PHP_SELF"]) == "ticket.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-life-ring"></i>
<p>
Tickets
<?php if ($num_active_tickets) { ?>
<span class="right badge text-light"><?php echo $num_active_tickets; ?></span>
<?php } ?>
</p>
</a>
</li>
<li class="nav-item">
<a href="recurring_tickets.php" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "recurring_tickets.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-redo-alt"></i>
<p>
Recurring
<?php if ($num_recurring_tickets) { ?>
<span class="right badge text-light"><?php echo $num_recurring_tickets; ?></span>
<?php } ?>
</p>
</a>
</li>
<li class="nav-item">
<a href="projects.php" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "projects.php" || basename($_SERVER["PHP_SELF"]) == "project_details.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-project-diagram"></i>
<p>
Projects
<?php if ($num_active_projects) { ?>
<span class="right badge text-light"><?php echo $num_active_projects; ?></span>
<?php } ?>
</p>
</a>
</li>
<?php } ?>
<?php } ?>
<li class="nav-item">
<a href="calendar_events.php" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "calendar_events.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-calendar-alt"></i>
<p>Calendar</p>
</a>
</li>
<?php if ($config_module_enable_accounting == 1) { ?>
<?php if ($config_module_enable_accounting == 1 && lookupUserPermission("module_sales") >= 1) { ?>
<li class="nav-header mt-3">SALES</li>
<li class="nav-item">
<a href="quotes.php" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "quotes.php" || basename($_SERVER["PHP_SELF"]) == "quote.php") { echo "active"; } ?>">
@ -119,7 +124,7 @@
</a>
</li>
<?php } ?>
<?php if ($session_user_role == 1 || ($session_user_role == 3 && $config_module_enable_accounting == 1)) { ?>
<?php if ($config_module_enable_accounting == 1 && lookupUserPermission("module_financial") >= 1) { ?>
<li class="nav-header mt-3">FINANCE</li>
<li class="nav-item">
<a href="payments.php" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "payments.php") { echo "active"; } ?>">
@ -175,13 +180,16 @@
</a>
</li>
<?php } ?>
<li class="nav-item mt-3">
<a href="report_income_summary.php" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "report_income_summary.php") { echo "active"; } ?>">
<i class="fas fa-chart-line nav-icon"></i>
<p>Reports</p>
<i class="fas fa-angle-right nav-icon float-right"></i>
</a>
</li>
<?php if (lookupUserPermission("module_reporting") >= 1) { ?>
<li class="nav-item mt-3">
<a href="report_income_summary.php" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "report_income_summary.php") { echo "active"; } ?>">
<i class="fas fa-chart-line nav-icon"></i>
<p>Reports</p>
<i class="fas fa-angle-right nav-icon float-right"></i>
</a>
</li>
<?php } ?>
<?php
$sql_custom_links = mysqli_query($mysqli, "SELECT * FROM custom_links WHERE custom_link_location = 1 AND custom_link_archived_at IS NULL

3
ticket.php
View File

@ -1,6 +1,9 @@
<?php
require_once "inc_all.php";
// Perms
enforceUserPermission('module_support');
// Initialize the HTML Purifier to prevent XSS
require "plugins/htmlpurifier/HTMLPurifier.standalone.php";

3
tickets.php
View File

@ -7,6 +7,9 @@ $order = "DESC";
require_once "inc_all.php";
// Perms
enforceUserPermission('module_support');
// Ticket status from GET
if (isset($_GET['status']) && is_array($_GET['status']) && !empty($_GET['status'])) {
// Sanitize each element of the status array

3
transfers.php
View File

@ -5,6 +5,9 @@ $order = "DESC";
require_once "inc_all.php";
// Perms
enforceUserPermission('module_financial');
// Account Transfer From Filter
if (isset($_GET['account_from']) & !empty($_GET['account_from'])) {
$account_from_query = 'AND (expense_account_id = ' . intval($_GET['account_from']) . ')';