AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-03-08 06:44:51 +00:00
Code Issues Packages Projects Releases Wiki Activity

Custom Roles & Permissions

Browse Source 
Initial enforcement of custom roles & permissions - only on some pages via GET for now.
This commit is contained in:
wrongecho
2024-09-20 17:59:49 +01:00
parent 1390ca07f9
commit 10fafacefe
43 changed files with 469 additions and 345 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
accounts.php
View File

@@ -6,6 +6,9 @@ $order = "ASC";
require_once "inc_all.php"; require_once "inc_all.php";
// Perms
enforceUserPermission('module_financial');
//Rebuild URL //Rebuild URL
$url_query_strings_sort = http_build_query($get_copy); $url_query_strings_sort = http_build_query($get_copy);

2
admin_roles.php
View File

@@ -21,7 +21,7 @@ $sql = mysqli_query(
$num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()")); $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
?> ?>
<div class="alert alert-danger"><strong>Roles are not yet active/enforced - do not use.</strong><hr></div> <div class="alert alert-warning"><strong>Roles are still in development. Permissions may not be fully be enforced.</strong><hr></div>
<div class="card card-dark"> <div class="card card-dark">
<div class="card-header py-2"> <div class="card-header py-2">

6
admin_side_nav.php
View File

@@ -22,6 +22,12 @@
<p>Users</p> <p>Users</p>
</a> </a>
</li> </li>
<li class="nav-item">
<a href="admin_roles.php" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "admin_roles.php") {echo "active";} ?>">
<i class="nav-icon fas fa-user-shield"></i>
<p>Roles</p>
</a>
</li>
<li class="nav-item"> <li class="nav-item">
<a href="admin_api.php" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "admin_api.php") {echo "active";} ?>"> <a href="admin_api.php" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "admin_api.php") {echo "active";} ?>">
<i class="nav-icon fas fa-key"></i> <i class="nav-icon fas fa-key"></i>

3
budget.php
View File

@@ -2,6 +2,9 @@
require_once "inc_all.php"; require_once "inc_all.php";
// Perms
enforceUserPermission('module_financial');
// Fetch categories // Fetch categories
$query = "SELECT category_id, category_name FROM categories WHERE category_type ='Expense' AND category_archived_at IS NULL"; $query = "SELECT category_id, category_name FROM categories WHERE category_type ='Expense' AND category_archived_at IS NULL";
$result = mysqli_query($mysqli, $query); $result = mysqli_query($mysqli, $query);

16
check_login.php
View File

@@ -38,20 +38,20 @@ $session_user_agent = sanitizeInput($_SERVER['HTTP_USER_AGENT']);
$session_user_id = intval($_SESSION['user_id']); $session_user_id = intval($_SESSION['user_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM users, user_settings WHERE users.user_id = user_settings.user_id AND users.user_id = $session_user_id"); $sql = mysqli_query(
$mysqli,
"SELECT * FROM USERS
LEFT JOIN user_settings ON users.user_id = user_settings.user_id
LEFT JOIN user_roles ON user_settings.user_role = user_roles.user_role_id
WHERE users.user_id = $session_user_id"
);
$row = mysqli_fetch_array($sql); $row = mysqli_fetch_array($sql);
$session_name = sanitizeInput($row['user_name']); $session_name = sanitizeInput($row['user_name']);
$session_email = $row['user_email']; $session_email = $row['user_email'];
$session_avatar = $row['user_avatar']; $session_avatar = $row['user_avatar'];
$session_token = $row['user_token']; $session_token = $row['user_token'];
$session_user_role = intval($row['user_role']); $session_user_role = intval($row['user_role']);
if ($session_user_role == 3) { $session_user_role_display = sanitizeInput($row['user_role_name']);
$session_user_role_display = "Administrator";
} elseif ($session_user_role == 2) {
$session_user_role_display = "Technician";
} else {
$session_user_role_display = "Accountant";
}
if (isset($row['user_role_is_admin']) && $row['user_role_is_admin'] == 1) { if (isset($row['user_role_is_admin']) && $row['user_role_is_admin'] == 1) {
$session_is_admin = true; $session_is_admin = true;
} }

3
client_assets.php
View File

@@ -6,6 +6,9 @@ $order = "ASC";
require_once "inc_all_client.php"; require_once "inc_all_client.php";
// Perms
enforceUserPermission('module_support');
//Asset Type from GET //Asset Type from GET
if (isset($_GET['type']) && ($_GET['type']) == 'workstation') { if (isset($_GET['type']) && ($_GET['type']) == 'workstation') {
$type_query = "asset_type = 'desktop' OR asset_type = 'laptop'"; $type_query = "asset_type = 'desktop' OR asset_type = 'laptop'";

2
client_certificates.php
View File

@@ -6,6 +6,8 @@ $order = "ASC";
require_once "inc_all_client.php"; require_once "inc_all_client.php";
// Perms
enforceUserPermission('module_support');
//Rebuild URL //Rebuild URL
$url_query_strings_sort = http_build_query($get_copy); $url_query_strings_sort = http_build_query($get_copy);

2
client_documents.php
View File

@@ -6,6 +6,8 @@ $order = "ASC";
require_once "inc_all_client.php"; require_once "inc_all_client.php";
// Perms
enforceUserPermission('module_support');
// Folder // Folder
if (!empty($_GET['folder_id'])) { if (!empty($_GET['folder_id'])) {

2
client_domains.php
View File

@@ -6,6 +6,8 @@ $order = "ASC";
require_once "inc_all_client.php"; require_once "inc_all_client.php";
// Perms
enforceUserPermission('module_support');
//Rebuild URL //Rebuild URL
$url_query_strings_sort = http_build_query($get_copy); $url_query_strings_sort = http_build_query($get_copy);

2
client_invoices.php
View File

@@ -6,6 +6,8 @@ $order = "DESC";
require_once "inc_all_client.php"; require_once "inc_all_client.php";
// Perms
enforceUserPermission('module_sales');
//Rebuild URL //Rebuild URL
$url_query_strings_sort = http_build_query($get_copy); $url_query_strings_sort = http_build_query($get_copy);

3
client_logins.php
View File

@@ -6,6 +6,9 @@ $order = "ASC";
require_once "inc_all_client.php"; require_once "inc_all_client.php";
// Perms
enforceUserPermission('module_credential');
// Log when users load the Credentials/Logins page // Log when users load the Credentials/Logins page
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Credential', log_action = 'View', log_description = '$session_name viewed the Credentials page for client', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id"); mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Credential', log_action = 'View', log_description = '$session_name viewed the Credentials page for client', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id");

2
client_networks.php
View File

@@ -6,6 +6,8 @@ $order = "ASC";
require_once "inc_all_client.php"; require_once "inc_all_client.php";
// Perms
enforceUserPermission('module_support');
//Rebuild URL //Rebuild URL
$url_query_strings_sb = http_build_query(array_merge($_GET, array('sort' => $sort, 'order' => $order))); $url_query_strings_sb = http_build_query(array_merge($_GET, array('sort' => $sort, 'order' => $order)));

2
client_payments.php
View File

@@ -6,6 +6,8 @@ $order = "DESC";
require_once "inc_all_client.php"; require_once "inc_all_client.php";
// Perms
enforceUserPermission('module_financial');
//Rebuild URL //Rebuild URL
$url_query_strings_sort = http_build_query($get_copy); $url_query_strings_sort = http_build_query($get_copy);

2
client_quotes.php
View File

@@ -6,6 +6,8 @@ $order = "DESC";
require_once "inc_all_client.php"; require_once "inc_all_client.php";
// Perms
enforceUserPermission('module_sales');
//Rebuild URL //Rebuild URL
$url_query_strings_sort = http_build_query($get_copy); $url_query_strings_sort = http_build_query($get_copy);

3
client_racks.php
View File

@@ -6,6 +6,9 @@ $order = "ASC";
require_once "inc_all_client.php"; require_once "inc_all_client.php";
// Perms
enforceUserPermission('module_support');
// Rebuild URL // Rebuild URL
$url_query_strings_sort = http_build_query($get_copy); $url_query_strings_sort = http_build_query($get_copy);

2
client_recurring_invoices.php
View File

@@ -6,6 +6,8 @@ $order = "DESC";
require_once "inc_all_client.php"; require_once "inc_all_client.php";
// Perms
enforceUserPermission('module_sales');
//Rebuild URL //Rebuild URL
$url_query_strings_sort = http_build_query($get_copy); $url_query_strings_sort = http_build_query($get_copy);

2
client_recurring_tickets.php
View File

@@ -6,6 +6,8 @@ $order = "ASC";
require_once "inc_all_client.php"; require_once "inc_all_client.php";
// Perms
enforceUserPermission('module_support');
//Rebuild URL //Rebuild URL
$url_query_strings_sort = http_build_query($get_copy); $url_query_strings_sort = http_build_query($get_copy);

2
client_services.php
View File

@@ -6,6 +6,8 @@ $order = "ASC";
require_once "inc_all_client.php"; require_once "inc_all_client.php";
// Perms
enforceUserPermission('module_support');
//Rebuild URL //Rebuild URL
$url_query_strings_sort = http_build_query($get_copy); $url_query_strings_sort = http_build_query($get_copy);

401
client_side_nav.php
View File

@@ -51,37 +51,36 @@
</a> </a>
</li> </li>
<?php if ($config_module_enable_ticketing == 1 && lookupUserPermission("module_support") >= 1) { ?>
<li class="nav-header mt-3">SUPPORT</li>
<?php if ($config_module_enable_ticketing == 1) { ?> <li class="nav-item">
<li class="nav-header mt-3">SUPPORT</li> <a href="client_tickets.php?client_id=<?php echo $client_id; ?>" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "client_tickets.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-life-ring"></i>
<p>
Tickets
<?php
if ($num_active_tickets > 0) { ?>
<span class="right badge <?php if ($num_active_tickets > 0) { ?> badge-danger <?php } ?> text-light"><?php echo $num_active_tickets; ?></span>
<?php } ?>
<li class="nav-item"> </p>
<a href="client_tickets.php?client_id=<?php echo $client_id; ?>" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "client_tickets.php") { echo "active"; } ?>"> </a>
<i class="nav-icon fas fa-life-ring"></i> </li>
<p>
Tickets
<?php
if ($num_active_tickets > 0) { ?>
<span class="right badge <?php if ($num_active_tickets > 0) { ?> badge-danger <?php } ?> text-light"><?php echo $num_active_tickets; ?></span>
<?php } ?>
</p> <li class="nav-item">
</a> <a href="client_recurring_tickets.php?client_id=<?php echo $client_id; ?>" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "client_recurring_tickets.php") { echo "active"; } ?>">
</li> <i class="nav-icon fas fa-redo-alt"></i>
<p>
Recurring
<?php
if ($num_scheduled_tickets) { ?>
<span class="right badge"><?php echo $num_scheduled_tickets; ?></span>
<?php } ?>
<li class="nav-item"> </p>
<a href="client_recurring_tickets.php?client_id=<?php echo $client_id; ?>" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "client_recurring_tickets.php") { echo "active"; } ?>"> </a>
<i class="nav-icon fas fa-redo-alt"></i> </li>
<p>
Recurring
<?php
if ($num_scheduled_tickets) { ?>
<span class="right badge"><?php echo $num_scheduled_tickets; ?></span>
<?php } ?>
</p>
</a>
</li>
<?php } ?> <?php } ?>
@@ -113,199 +112,207 @@
<?php if ($config_module_enable_itdoc == 1) { ?> <?php if ($config_module_enable_itdoc == 1) { ?>
<li class="nav-header mt-3">DOCUMENTATION</li> <li class="nav-header mt-3">DOCUMENTATION</li>
<li class="nav-item"> <?php if (lookupUserPermission("module_support") >= 1) { ?>
<a href="client_assets.php?client_id=<?php echo $client_id; ?>" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "client_assets.php" || basename($_SERVER["PHP_SELF"]) == "client_asset_details.php") { echo "active"; } ?>"> <li class="nav-item">
<i class="nav-icon fas fa-desktop"></i> <a href="client_assets.php?client_id=<?php echo $client_id; ?>" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "client_assets.php" || basename($_SERVER["PHP_SELF"]) == "client_asset_details.php") { echo "active"; } ?>">
<p> <i class="nav-icon fas fa-desktop"></i>
Assets <p>
<?php Assets
if ($num_assets > 0) { ?> <?php
<span class="right badge text-light"><?php echo $num_assets; ?></span> if ($num_assets > 0) { ?>
<?php } ?> <span class="right badge text-light"><?php echo $num_assets; ?></span>
</p> <?php } ?>
</a> </p>
</li> </a>
</li>
<li class="nav-item"> <li class="nav-item">
<a href="client_software.php?client_id=<?php echo $client_id; ?>" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "client_software.php") { echo "active"; } ?>"> <a href="client_software.php?client_id=<?php echo $client_id; ?>" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "client_software.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-cube"></i> <i class="nav-icon fas fa-cube"></i>
<p> <p>
Licenses Licenses
<?php <?php
if ($num_software > 0) { ?> if ($num_software > 0) { ?>
<span class="right badge <?php if ($num_software_expiring > 0) { ?> badge-warning text-dark <?php } ?> <?php if ($num_software_expired > 0) { ?> badge-danger <?php } ?> text-white"><?php echo $num_software; ?></span> <span class="right badge <?php if ($num_software_expiring > 0) { ?> badge-warning text-dark <?php } ?> <?php if ($num_software_expired > 0) { ?> badge-danger <?php } ?> text-white"><?php echo $num_software; ?></span>
<?php } ?> <?php } ?>
</p> </p>
</a> </a>
</li> </li>
<li class="nav-item"> <li class="nav-item">
<a href="client_logins.php?client_id=<?php echo $client_id; ?>" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "client_logins.php") { echo "active"; } ?>"> <a href="client_logins.php?client_id=<?php echo $client_id; ?>" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "client_logins.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-key"></i> <i class="nav-icon fas fa-key"></i>
<p> <p>
Credentials Credentials
<?php <?php
if ($num_logins > 0) { ?> if ($num_logins > 0) { ?>
<span class="right badge text-light"><?php echo $num_logins; ?></span> <span class="right badge text-light"><?php echo $num_logins; ?></span>
<?php } ?> <?php } ?>
</p> </p>
</a> </a>
</li> </li>
<li class="nav-item"> <li class="nav-item">
<a href="client_networks.php?client_id=<?php echo $client_id; ?>" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "client_networks.php") { echo "active"; } ?>"> <a href="client_networks.php?client_id=<?php echo $client_id; ?>" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "client_networks.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-network-wired"></i> <i class="nav-icon fas fa-network-wired"></i>
<p> <p>
Networks Networks
<?php <?php
if ($num_networks > 0) { ?> if ($num_networks > 0) { ?>
<span class="right badge text-light"><?php echo $num_networks; ?></span> <span class="right badge text-light"><?php echo $num_networks; ?></span>
<?php } ?> <?php } ?>
</p> </p>
</a> </a>
</li> </li>
<li class="nav-item"> <li class="nav-item">
<a href="client_racks.php?client_id=<?php echo $client_id; ?>" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "client_racks.php") { echo "active"; } ?>"> <a href="client_racks.php?client_id=<?php echo $client_id; ?>" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "client_racks.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-server"></i> <i class="nav-icon fas fa-server"></i>
<p> <p>
Racks Racks
<?php <?php
if ($num_racks > 0) { ?> if ($num_racks > 0) { ?>
<span class="right badge text-light"><?php echo $num_racks; ?></span> <span class="right badge text-light"><?php echo $num_racks; ?></span>
<?php } ?> <?php } ?>
</p> </p>
</a> </a>
</li> </li>
<li class="nav-item"> <li class="nav-item">
<a href="client_certificates.php?client_id=<?php echo $client_id; ?>" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "client_certificates.php") { echo "active"; } ?>"> <a href="client_certificates.php?client_id=<?php echo $client_id; ?>" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "client_certificates.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-lock"></i> <i class="nav-icon fas fa-lock"></i>
<p> <p>
Certificates Certificates
<?php <?php
if ($num_certificates > 0) { ?> if ($num_certificates > 0) { ?>
<span class="right badge <?php if ($num_certificates_expiring > 0) { ?> badge-warning text-dark <?php } ?> <?php if ($num_certificates_expired > 0) { ?> badge-danger <?php } ?> text-white"><?php echo $num_certificates; ?></span> <span class="right badge <?php if ($num_certificates_expiring > 0) { ?> badge-warning text-dark <?php } ?> <?php if ($num_certificates_expired > 0) { ?> badge-danger <?php } ?> text-white"><?php echo $num_certificates; ?></span>
<?php } ?> <?php } ?>
</p> </p>
</a> </a>
</li> </li>
<li class="nav-item"> <li class="nav-item">
<a href="client_domains.php?client_id=<?php echo $client_id; ?>" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "client_domains.php") { echo "active"; } ?>"> <a href="client_domains.php?client_id=<?php echo $client_id; ?>" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "client_domains.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-globe"></i> <i class="nav-icon fas fa-globe"></i>
<p> <p>
Domains Domains
<?php <?php
if ($num_domains > 0) { ?> if ($num_domains > 0) { ?>
<span class="right badge <?php if ($num_domains_expiring > 0) { ?> badge-warning text-dark<?php } ?> <?php if ($num_domains_expired > 0) { ?> badge-danger <?php } ?> text-white"><?php echo $num_domains; ?></span> <span class="right badge <?php if ($num_domains_expiring > 0) { ?> badge-warning text-dark<?php } ?> <?php if ($num_domains_expired > 0) { ?> badge-danger <?php } ?> text-white"><?php echo $num_domains; ?></span>
<?php } ?> <?php } ?>
</p> </p>
</a> </a>
</li> </li>
<li class="nav-item"> <li class="nav-item">
<a href="client_services.php?client_id=<?php echo $client_id; ?>" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "client_services.php") { echo "active"; } ?>"> <a href="client_services.php?client_id=<?php echo $client_id; ?>" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "client_services.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-stream"></i> <i class="nav-icon fas fa-stream"></i>
<p> <p>
Services Services
<?php <?php
if ($num_services > 0) { ?> if ($num_services > 0) { ?>
<span class="right badge text-light"><?php echo $num_services; ?></span> <span class="right badge text-light"><?php echo $num_services; ?></span>
<?php } ?> <?php } ?>
</p> </p>
</a> </a>
</li> </li>
<li class="nav-item"> <li class="nav-item">
<a href="client_documents.php?client_id=<?php echo $client_id; ?>" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "client_documents.php" || basename($_SERVER["PHP_SELF"]) == "client_document_details.php") { echo "active"; } ?>"> <a href="client_documents.php?client_id=<?php echo $client_id; ?>" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "client_documents.php" || basename($_SERVER["PHP_SELF"]) == "client_document_details.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-folder"></i> <i class="nav-icon fas fa-folder"></i>
<p> <p>
Documents Documents
<?php <?php
if ($num_documents > 0) { ?> if ($num_documents > 0) { ?>
<span class="right badge text-light"><?php echo $num_documents; ?></span> <span class="right badge text-light"><?php echo $num_documents; ?></span>
<?php } ?> <?php } ?>
</p> </p>
</a> </a>
</li> </li>
<?php } ?>
<li class="nav-item"> <!-- Allow files even without module_support for things like contracts, etc. ) -->
<a href="client_files.php?client_id=<?php echo $client_id; ?>" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "client_files.php") { echo "active"; } ?>"> <li class="nav-item">
<i class="nav-icon fas fa-paperclip"></i> <a href="client_files.php?client_id=<?php echo $client_id; ?>" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "client_files.php") { echo "active"; } ?>">
<p> <i class="nav-icon fas fa-paperclip"></i>
Files <p>
<?php Files
if ($num_files > 0) { ?> <?php
<span class="right badge text-light"><?php echo $num_files; ?></span> if ($num_files > 0) { ?>
<?php } ?> <span class="right badge text-light"><?php echo $num_files; ?></span>
</p> <?php } ?>
</a> </p>
</li> </a>
</li>
<?php } ?> <?php } ?>
<?php if ($session_user_role == 1 || $session_user_role > 2 && $config_module_enable_accounting == 1) { ?> <?php if ($config_module_enable_accounting == 1) { ?>
<li class="nav-header mt-3">FINANCE</li> <li class="nav-header mt-3">FINANCE</li>
<li class="nav-item"> <?php if (lookupUserPermission("module_sales") >= 1) { ?>
<a href="client_invoices.php?client_id=<?php echo $client_id; ?>" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "client_invoices.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-file-invoice"></i>
<p>
Invoices
<?php
if ($num_invoices > 0) { ?>
<span class="right badge <?php if ($num_invoices_open > 0) { ?> badge-danger <?php } ?> text-light"><?php echo $num_invoices; ?></span>
<?php } ?>
</p>
</a>
</li>
<li class="nav-item"> <li class="nav-item">
<a href="client_recurring_invoices.php?client_id=<?php echo $client_id; ?>" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "client_recurring_invoices.php" || basename($_SERVER["PHP_SELF"]) == "client_recurring_invoice.php") { echo "active"; } ?>"> <a href="client_invoices.php?client_id=<?php echo $client_id; ?>" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "client_invoices.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-redo-alt"></i> <i class="nav-icon fas fa-file-invoice"></i>
<p> <p>
Recurring Invoices
<?php <?php
if ($num_recurring > 0) { ?> if ($num_invoices > 0) { ?>
<span class="right badge"><?php echo $num_recurring; ?></span> <span class="right badge <?php if ($num_invoices_open > 0) { ?> badge-danger <?php } ?> text-light"><?php echo $num_invoices; ?></span>
<?php } ?> <?php } ?>
</p> </p>
</a> </a>
</li> </li>
<li class="nav-item">
<a href="client_recurring_invoices.php?client_id=<?php echo $client_id; ?>" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "client_recurring_invoices.php" || basename($_SERVER["PHP_SELF"]) == "client_recurring_invoice.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-redo-alt"></i>
<p>
Recurring
<?php
if ($num_recurring > 0) { ?>
<span class="right badge"><?php echo $num_recurring; ?></span>
<?php } ?>
</p>
</a>
</li>
<li class="nav-item"> <li class="nav-item">
<a href="client_quotes.php?client_id=<?php echo $client_id; ?>" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "client_quotes.php") { echo "active"; } ?>"> <a href="client_quotes.php?client_id=<?php echo $client_id; ?>" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "client_quotes.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-comment-dollar"></i> <i class="nav-icon fas fa-comment-dollar"></i>
<p> <p>
Quotes Quotes
<?php <?php
if ($num_quotes > 0) { ?> if ($num_quotes > 0) { ?>
<span class="right badge text-light"><?php echo $num_quotes; ?></span> <span class="right badge text-light"><?php echo $num_quotes; ?></span>
<?php } ?> <?php } ?>
</p> </p>
</a> </a>
</li> </li>
<li class="nav-item"> <?php } ?>
<a href="client_payments.php?client_id=<?php echo $client_id; ?>" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "client_payments.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-credit-card"></i> <?php if (lookupUserPermission("module_financial") >= 1) { ?>
<p> <li class="nav-item">
Payments <a href="client_payments.php?client_id=<?php echo $client_id; ?>" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "client_payments.php") { echo "active"; } ?>">
<?php <i class="nav-icon fas fa-credit-card"></i>
if ($num_payments > 0) { ?> <p>
<span class="right badge text-light"><?php echo $num_payments; ?></span> Payments
<?php } ?> <?php
</p> if ($num_payments > 0) { ?>
</a> <span class="right badge text-light"><?php echo $num_payments; ?></span>
</li> <?php } ?>
</p>
</a>
</li>
<?php } ?>
<li class="nav-item"> <li class="nav-item">
<a href="client_trips.php?client_id=<?php echo $client_id; ?>" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "client_trips.php") { echo "active"; } ?>"> <a href="client_trips.php?client_id=<?php echo $client_id; ?>" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "client_trips.php") { echo "active"; } ?>">

2
client_software.php
View File

@@ -6,6 +6,8 @@ $order = "ASC";
require_once "inc_all_client.php"; require_once "inc_all_client.php";
// Perms
enforceUserPermission('module_support');
//Rebuild URL //Rebuild URL
$url_query_strings_sort = http_build_query($get_copy); $url_query_strings_sort = http_build_query($get_copy);

3
client_tickets.php
View File

@@ -7,6 +7,9 @@ $order = "DESC";
require_once "inc_all_client.php"; require_once "inc_all_client.php";
// Perms
enforceUserPermission('module_support');
if (isset($_GET['status']) && ($_GET['status']) == 'Closed') { if (isset($_GET['status']) && ($_GET['status']) == 'Closed') {
$status = 'Closed'; $status = 'Closed';
$ticket_status_snippet = "ticket_resolved_at IS NOT NULL"; $ticket_status_snippet = "ticket_resolved_at IS NOT NULL";

2
client_vendors.php
View File

@@ -6,6 +6,8 @@ $order = "ASC";
require_once "inc_all_client.php"; require_once "inc_all_client.php";
// Perms
enforceUserPermission('module_client');
//Rebuild URL //Rebuild URL
$url_query_strings_sort = http_build_query($get_copy); $url_query_strings_sort = http_build_query($get_copy);

3
clients.php
View File

@@ -6,6 +6,9 @@ $order = "DESC";
require_once "inc_all.php"; require_once "inc_all.php";
// Perms
enforceUserPermission('module_client');
// Leads Query // Leads Query
$leads = 0; $leads = 0;

3
expenses.php
View File

@@ -6,6 +6,9 @@ $order = "DESC";
require_once "inc_all.php"; require_once "inc_all.php";
// Perms
enforceUserPermission('module_financial');
// Account Filter // Account Filter
if (isset($_GET['account']) & !empty($_GET['account'])) { if (isset($_GET['account']) & !empty($_GET['account'])) {
$account_query = 'AND (expense_account_id = ' . intval($_GET['account']) . ')'; $account_query = 'AND (expense_account_id = ' . intval($_GET['account']) . ')';

8
functions.php
View File

@@ -1322,7 +1322,11 @@ function enforceUserPermission($module, $check_access_level = 1) {
if (!$permitted_access_level || $permitted_access_level < $check_access_level) { if (!$permitted_access_level || $permitted_access_level < $check_access_level) {
$_SESSION['alert_type'] = "danger"; $_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED; $_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]); $map = [
exit(WORDING_ROLECHECK_FAILED); "1" => "read",
"2" => "write",
"3" => "full"
];
exit(WORDING_ROLECHECK_FAILED . "<br>Tell your admin: $map[$check_access_level] access to $module is not permitted for your role.");
} }
} }

4
inc_all_admin.php
View File

@@ -6,7 +6,9 @@ require_once "functions.php";
require_once "check_login.php"; require_once "check_login.php";
validateAdminRole(); if (!isset($session_is_admin) || !$session_is_admin) {
exit(WORDING_ROLECHECK_FAILED . "<br>Tell your admin: Your role does not have admin access.");
}
require_once "header.php"; require_once "header.php";

3
inc_all_client.php
View File

@@ -6,6 +6,9 @@ require_once "functions.php";
require_once "check_login.php"; require_once "check_login.php";
// Perms
enforceUserPermission('module_client');
if (isset($_GET['client_id'])) { if (isset($_GET['client_id'])) {
$client_id = intval($_GET['client_id']); $client_id = intval($_GET['client_id']);

3
inc_all_reports.php
View File

@@ -6,6 +6,9 @@ require_once "functions.php";
require_once "check_login.php"; require_once "check_login.php";
// Reporting Perms
enforceUserPermission('module_reporting');
require_once "header.php"; require_once "header.php";
require_once "top_nav.php"; require_once "top_nav.php";

3
invoices.php
View File

@@ -6,6 +6,9 @@ $order = "DESC";
require_once "inc_all.php"; require_once "inc_all.php";
// Perms
enforceUserPermission('module_sales');
$row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT COUNT('invoice_id') AS num FROM invoices WHERE invoice_status = 'Sent'")); $row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT COUNT('invoice_id') AS num FROM invoices WHERE invoice_status = 'Sent'"));
$sent_count = $row['num']; $sent_count = $row['num'];

2
payments.php
View File

@@ -6,6 +6,8 @@ $order = "DESC";
require_once "inc_all.php"; require_once "inc_all.php";
// Perms
enforceUserPermission('module_financial');
// Payment Method Filter // Payment Method Filter
if (isset($_GET['method']) & !empty($_GET['method'])) { if (isset($_GET['method']) & !empty($_GET['method'])) {

3
products.php
View File

@@ -6,6 +6,9 @@ $order = "ASC";
require_once "inc_all.php"; require_once "inc_all.php";
// Perms
enforceUserPermission('module_sales');
// Category Filter // Category Filter
if (isset($_GET['category']) & !empty($_GET['category'])) { if (isset($_GET['category']) & !empty($_GET['category'])) {
$category_query = 'AND (category_id = ' . intval($_GET['category']) . ')'; $category_query = 'AND (category_id = ' . intval($_GET['category']) . ')';

3
projects.php
View File

@@ -6,6 +6,9 @@ $order = "ASC";
require_once "inc_all.php"; require_once "inc_all.php";
// Perms
enforceUserPermission('module_support');
// Status Query // Status Query
$status = 0; $status = 0;

2
quotes.php
View File

@@ -6,6 +6,8 @@ $order = "DESC";
require_once "inc_all.php"; require_once "inc_all.php";
// Perms
enforceUserPermission('module_sales');
//Rebuild URL //Rebuild URL
$url_query_strings_sort = http_build_query($get_copy); $url_query_strings_sort = http_build_query($get_copy);

2
recurring_expenses.php
View File

@@ -6,6 +6,8 @@ $order = "ASC";
require_once "inc_all.php"; require_once "inc_all.php";
// Perms
enforceUserPermission('module_financial');
//Rebuild URL //Rebuild URL
$url_query_strings_sort = http_build_query($get_copy); $url_query_strings_sort = http_build_query($get_copy);

3
recurring_invoices.php
View File

@@ -6,6 +6,9 @@ $order = "ASC";
require_once "inc_all.php"; require_once "inc_all.php";
// Perms
enforceUserPermission('module_sales');
//Rebuild URL //Rebuild URL
$url_query_strings_sort = http_build_query($get_copy); $url_query_strings_sort = http_build_query($get_copy);

3
recurring_tickets.php
View File

@@ -6,6 +6,9 @@ $order = "ASC";
require_once "inc_all.php"; require_once "inc_all.php";
// Perms
enforceUserPermission('module_support');
// Ticket client access snippet // Ticket client access snippet
$rec_ticket_permission_snippet = ''; $rec_ticket_permission_snippet = '';
if (!empty($client_access_string)) { if (!empty($client_access_string)) {

3
report_assets.php
View File

@@ -6,7 +6,8 @@ $order = "ASC";
require_once "inc_all_reports.php"; require_once "inc_all_reports.php";
validateTechRole(); // Perms
enforceUserPermission('module_support');
//Asset Type from GET //Asset Type from GET
if (isset($_GET['type']) && ($_GET['type']) == 'workstation') { if (isset($_GET['type']) && ($_GET['type']) == 'workstation') {

174
reports_side_nav.php
View File

@@ -15,92 +15,103 @@
<ul class="nav nav-pills nav-sidebar flex-column mt-2" data-widget="treeview" data-accordion="false"> <ul class="nav nav-pills nav-sidebar flex-column mt-2" data-widget="treeview" data-accordion="false">
<?php if ($session_user_role == 1 || $session_user_role == 3 && $config_module_enable_accounting == 1) { ?> <?php if ($config_module_enable_accounting == 1) { ?>
<li class="nav-header">FINANCIAL</li> <li class="nav-header">FINANCIAL</li>
<li class="nav-item"> <?php if (lookupUserPermission("module_financial") >= 1) { ?>
<a href="report_income_summary.php" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "report_income_summary.php") { echo "active"; } ?>">
<i class="far fa-circle nav-icon"></i> <li class="nav-item">
<p>Income</p> <a href="report_income_summary.php" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "report_income_summary.php") { echo "active"; } ?>">
</a> <i class="far fa-circle nav-icon"></i>
</li> <p>Income</p>
<li class="nav-item"> </a>
<a href="report_income_by_client.php" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "report_income_by_client.php") { echo "active"; } ?>"> </li>
<i class="far fa-user nav-icon"></i> <li class="nav-item">
<p>Income By Client</p> <a href="report_income_by_client.php" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "report_income_by_client.php") { echo "active"; } ?>">
</a> <i class="far fa-user nav-icon"></i>
</li> <p>Income By Client</p>
<li class="nav-item"> </a>
<a href="report_recurring_by_client.php" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "report_recurring_by_client.php") { echo "active"; } ?>"> </li>
<i class="fa fa-sync nav-icon"></i> <li class="nav-item">
<p>Recurring Income By Client</p> <a href="report_recurring_by_client.php" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "report_recurring_by_client.php") { echo "active"; } ?>">
</a> <i class="fa fa-sync nav-icon"></i>
</li> <p>Recurring Income By Client</p>
<li class="nav-item"> </a>
<a href="report_clients_with_balance.php" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "report_clients_with_balance.php") { echo "active"; } ?>"> </li>
<i class="fa fa-exclamation-triangle nav-icon"></i> <li class="nav-item">
<p>Clients with a Balance</p> <a href="report_clients_with_balance.php" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "report_clients_with_balance.php") { echo "active"; } ?>">
</a> <i class="fa fa-exclamation-triangle nav-icon"></i>
</li> <p>Clients with a Balance</p>
<li class="nav-item"> </a>
<a href="report_expense_summary.php" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "report_expense_summary.php") { echo "active"; } ?>"> </li>
<i class="far fa-credit-card nav-icon"></i> <li class="nav-item">
<p>Expense</p> <a href="report_expense_summary.php" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "report_expense_summary.php") { echo "active"; } ?>">
</a> <i class="far fa-credit-card nav-icon"></i>
</li> <p>Expense</p>
<li class="nav-item"> </a>
<a href="report_expense_by_vendor.php" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "report_expense_by_vendor.php") { echo "active"; } ?>"> </li>
<i class="far fa-building nav-icon"></i> <li class="nav-item">
<p>Expense By Vendor</p> <a href="report_expense_by_vendor.php" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "report_expense_by_vendor.php") { echo "active"; } ?>">
</a> <i class="far fa-building nav-icon"></i>
</li> <p>Expense By Vendor</p>
<li class="nav-item"> </a>
<a href="report_budget.php" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "report_budget.php") { echo "active"; } ?>"> </li>
<i class="fas fa-list nav-icon"></i> <li class="nav-item">
<p>Budget</p> <a href="report_budget.php" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "report_budget.php") { echo "active"; } ?>">
</a> <i class="fas fa-list nav-icon"></i>
</li> <p>Budget</p>
<li class="nav-item"> </a>
<a href="report_tax_summary.php" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "report_tax_summary.php") { echo "active"; } ?>"> </li>
<i class="fas fa-percent nav-icon"></i> <li class="nav-item">
<p>Tax Summary</p> <a href="report_tax_summary.php" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "report_tax_summary.php") { echo "active"; } ?>">
</a> <i class="fas fa-percent nav-icon"></i>
</li> <p>Tax Summary</p>
<li class="nav-item"> </a>
<a href="report_profit_loss.php" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "report_profit_loss.php") { echo "active"; } ?>"> </li>
<i class="fas fa-file-invoice-dollar nav-icon"></i> <li class="nav-item">
<p>Profit & Loss</p> <a href="report_profit_loss.php" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "report_profit_loss.php") { echo "active"; } ?>">
</a> <i class="fas fa-file-invoice-dollar nav-icon"></i>
</li> <p>Profit & Loss</p>
<li class="nav-item"> </a>
<a href="report_tickets_unbilled.php" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "report_tickets_unbilled.php") { echo "active"; } ?>"> </li>
<i class="nav-icon fas fa-life-ring"></i>
<p>Unbilled Tickets</p> <?php } ?>
</a>
</li> <?php if (lookupUserPermission("module_sales") >= 1) { ?>
<li class="nav-item">
<a href="report_tickets_unbilled.php" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "report_tickets_unbilled.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-life-ring"></i>
<p>Unbilled Tickets</p>
</a>
</li>
<?php } ?>
<?php } // End financial reports IF statement ?> <?php } // End financial reports IF statement ?>
<?php if ($session_user_role == 2 || $session_user_role == 3) { ?>
<li class="nav-header">TECHNICAL</li>
<li class="nav-item">
<a href="report_ticket_summary.php" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "report_ticket_summary.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-life-ring"></i>
<p>Tickets</p>
</a>
</li>
<li class="nav-item"> <li class="nav-header">TECHNICAL</li>
<a href="report_ticket_by_client.php" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "report_ticket_by_client.php") { echo "active"; } ?>"> <?php if ($config_module_enable_ticketing) { ?>
<i class="nav-icon fas fa-life-ring"></i> <li class="nav-item">
<p>Tickets by Client</p> <a href="report_ticket_summary.php" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "report_ticket_summary.php") { echo "active"; } ?>">
</a> <i class="nav-icon fas fa-life-ring"></i>
</li> <p>Tickets</p>
<li class="nav-item"> </a>
<a href="report_password_rotation.php" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "report_password_rotation.php") { echo "active"; } ?>"> </li>
<i class="nav-icon fas fa-life-ring"></i>
<p>Password rotation</p> <li class="nav-item">
</a> <a href="report_ticket_by_client.php" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "report_ticket_by_client.php") { echo "active"; } ?>">
</li> <i class="nav-icon fas fa-life-ring"></i>
<p>Tickets by Client</p>
</a>
</li>
<?php } ?>
<?php if (lookupUserPermission("module_credential") >= 1) { ?>
<li class="nav-item">
<a href="report_password_rotation.php" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "report_password_rotation.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-life-ring"></i>
<p>Password rotation</p>
</a>
</li>
<?php } ?>
<li class="nav-header">OVERVIEWS</li> <li class="nav-header">OVERVIEWS</li>
@@ -116,7 +127,6 @@
<p>All Domains</p> <p>All Domains</p>
</a> </a>
</li> </li>
<?php } // End technical reports IF statement ?>
</ul> </ul>

2
revenues.php
View File

@@ -6,6 +6,8 @@ $order = "DESC";
require_once "inc_all.php"; require_once "inc_all.php";
// Perms
enforceUserPermission('module_financial');
//Rebuild URL //Rebuild URL
$url_query_strings_sort = http_build_query($get_copy); $url_query_strings_sort = http_build_query($get_copy);

110
side_nav.php
View File

@@ -17,61 +17,66 @@
<p>Dashboard</p> <p>Dashboard</p>
</a> </a>
</li> </li>
<li class="nav-item"> <?php if (lookupUserPermission("module_client") >= 1) { ?>
<a href="clients.php" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "clients.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-users"></i>
<p>
Clients
<?php if ($num_active_clients) { ?>
<span class="right badge text-light"><?php echo $num_active_clients; ?></span>
<?php } ?>
</p>
</a>
</li>
<?php if ($session_user_role >= 2 && $config_module_enable_ticketing == 1) { ?>
<li class="nav-header mt-3">SUPPORT</li>
<li class="nav-item"> <li class="nav-item">
<a href="tickets.php" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "tickets.php" || basename($_SERVER["PHP_SELF"]) == "ticket.php") { echo "active"; } ?>"> <a href="clients.php" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "clients.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-life-ring"></i> <i class="nav-icon fas fa-users"></i>
<p> <p>
Tickets Clients
<?php if ($num_active_tickets) { ?> <?php if ($num_active_clients) { ?>
<span class="right badge text-light"><?php echo $num_active_tickets; ?></span> <span class="right badge text-light"><?php echo $num_active_clients; ?></span>
<?php } ?> <?php } ?>
</p>
</a>
</li>
<li class="nav-item">
<a href="recurring_tickets.php" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "recurring_tickets.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-redo-alt"></i>
<p>
Recurring
<?php if ($num_recurring_tickets) { ?>
<span class="right badge text-light"><?php echo $num_recurring_tickets; ?></span>
<?php } ?>
</p>
</a>
</li>
<li class="nav-item">
<a href="projects.php" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "projects.php" || basename($_SERVER["PHP_SELF"]) == "project_details.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-project-diagram"></i>
<p>
Projects
<?php if ($num_active_projects) { ?>
<span class="right badge text-light"><?php echo $num_active_projects; ?></span>
<?php } ?>
</p> </p>
</a> </a>
</li> </li>
<?php } ?> <?php } ?>
<?php if (lookupUserPermission("module_support") >= 1) { ?>
<?php if ($config_module_enable_ticketing == 1) { ?>
<li class="nav-header mt-3">SUPPORT</li>
<li class="nav-item">
<a href="tickets.php" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "tickets.php" || basename($_SERVER["PHP_SELF"]) == "ticket.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-life-ring"></i>
<p>
Tickets
<?php if ($num_active_tickets) { ?>
<span class="right badge text-light"><?php echo $num_active_tickets; ?></span>
<?php } ?>
</p>
</a>
</li>
<li class="nav-item">
<a href="recurring_tickets.php" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "recurring_tickets.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-redo-alt"></i>
<p>
Recurring
<?php if ($num_recurring_tickets) { ?>
<span class="right badge text-light"><?php echo $num_recurring_tickets; ?></span>
<?php } ?>
</p>
</a>
</li>
<li class="nav-item">
<a href="projects.php" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "projects.php" || basename($_SERVER["PHP_SELF"]) == "project_details.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-project-diagram"></i>
<p>
Projects
<?php if ($num_active_projects) { ?>
<span class="right badge text-light"><?php echo $num_active_projects; ?></span>
<?php } ?>
</p>
</a>
</li>
<?php } ?>
<?php } ?>
<li class="nav-item"> <li class="nav-item">
<a href="calendar_events.php" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "calendar_events.php") { echo "active"; } ?>"> <a href="calendar_events.php" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "calendar_events.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-calendar-alt"></i> <i class="nav-icon fas fa-calendar-alt"></i>
<p>Calendar</p> <p>Calendar</p>
</a> </a>
</li> </li>
<?php if ($config_module_enable_accounting == 1) { ?> <?php if ($config_module_enable_accounting == 1 && lookupUserPermission("module_sales") >= 1) { ?>
<li class="nav-header mt-3">SALES</li> <li class="nav-header mt-3">SALES</li>
<li class="nav-item"> <li class="nav-item">
<a href="quotes.php" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "quotes.php" || basename($_SERVER["PHP_SELF"]) == "quote.php") { echo "active"; } ?>"> <a href="quotes.php" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "quotes.php" || basename($_SERVER["PHP_SELF"]) == "quote.php") { echo "active"; } ?>">
@@ -119,7 +124,7 @@
</a> </a>
</li> </li>
<?php } ?> <?php } ?>
<?php if ($session_user_role == 1 || ($session_user_role == 3 && $config_module_enable_accounting == 1)) { ?> <?php if ($config_module_enable_accounting == 1 && lookupUserPermission("module_financial") >= 1) { ?>
<li class="nav-header mt-3">FINANCE</li> <li class="nav-header mt-3">FINANCE</li>
<li class="nav-item"> <li class="nav-item">
<a href="payments.php" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "payments.php") { echo "active"; } ?>"> <a href="payments.php" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "payments.php") { echo "active"; } ?>">
@@ -175,13 +180,16 @@
</a> </a>
</li> </li>
<?php } ?> <?php } ?>
<li class="nav-item mt-3">
<a href="report_income_summary.php" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "report_income_summary.php") { echo "active"; } ?>"> <?php if (lookupUserPermission("module_reporting") >= 1) { ?>
<i class="fas fa-chart-line nav-icon"></i> <li class="nav-item mt-3">
<p>Reports</p> <a href="report_income_summary.php" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "report_income_summary.php") { echo "active"; } ?>">
<i class="fas fa-angle-right nav-icon float-right"></i> <i class="fas fa-chart-line nav-icon"></i>
</a> <p>Reports</p>
</li> <i class="fas fa-angle-right nav-icon float-right"></i>
</a>
</li>
<?php } ?>
<?php <?php
$sql_custom_links = mysqli_query($mysqli, "SELECT * FROM custom_links WHERE custom_link_location = 1 AND custom_link_archived_at IS NULL $sql_custom_links = mysqli_query($mysqli, "SELECT * FROM custom_links WHERE custom_link_location = 1 AND custom_link_archived_at IS NULL

3
ticket.php
View File

@@ -1,6 +1,9 @@
<?php <?php
require_once "inc_all.php"; require_once "inc_all.php";
// Perms
enforceUserPermission('module_support');
// Initialize the HTML Purifier to prevent XSS // Initialize the HTML Purifier to prevent XSS
require "plugins/htmlpurifier/HTMLPurifier.standalone.php"; require "plugins/htmlpurifier/HTMLPurifier.standalone.php";

3
tickets.php
View File

@@ -7,6 +7,9 @@ $order = "DESC";
require_once "inc_all.php"; require_once "inc_all.php";
// Perms
enforceUserPermission('module_support');
// Ticket status from GET // Ticket status from GET
if (isset($_GET['status']) && is_array($_GET['status']) && !empty($_GET['status'])) { if (isset($_GET['status']) && is_array($_GET['status']) && !empty($_GET['status'])) {
// Sanitize each element of the status array // Sanitize each element of the status array

3
transfers.php
View File

@@ -5,6 +5,9 @@ $order = "DESC";
require_once "inc_all.php"; require_once "inc_all.php";
// Perms
enforceUserPermission('module_financial');
// Account Transfer From Filter // Account Transfer From Filter
if (isset($_GET['account_from']) & !empty($_GET['account_from'])) { if (isset($_GET['account_from']) & !empty($_GET['account_from'])) {
$account_from_query = 'AND (expense_account_id = ' . intval($_GET['account_from']) . ')'; $account_from_query = 'AND (expense_account_id = ' . intval($_GET['account_from']) . ')';