AS1024
/
itflow
mirror of https://github.com/itflow-org/itflow
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1072 from itflow-org/post-perms-maint 

More enforcing user permissions
This commit is contained in:
Johnny 2024-09-29 00:30:25 -04:00 committed by GitHub
parent e94aae7940 928d723a77
commit 635b1f903a
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
24 changed files with 137 additions and 95 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
client_asset_edit_modal.php
View File

@ -37,7 +37,7 @@
<hr>
<div class="tab-content">
<div class="tab-content" <?php if (lookupUserPermission('module_support') <= 1) { echo 'inert'; } ?>>
<div class="tab-pane fade show active" id="pills-details<?php echo $asset_id; ?>">

2
client_asset_interface_edit_modal.php
View File

@ -12,7 +12,7 @@
<input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
<input type="hidden" name="interface_id" value="<?php echo $interface_id; ?>">
<div class="modal-body bg-white">
<div class="modal-body bg-white" <?php if (lookupUserPermission('module_support') <= 1) { echo 'inert'; } ?>>
<div class="form-group">
<label>Interface Name</label>

2
client_certificate_edit_modal.php
View File

@ -26,7 +26,7 @@
<hr>
<div class="tab-content">
<div class="tab-content" <?php if (lookupUserPermission('module_support') <= 1) { echo 'inert'; } ?>>
<div class="tab-pane fade show active" id="pillsEditDetails">

2
client_domain_edit_modal.php
View File

@ -26,7 +26,7 @@
<hr>
<div class="tab-content">
<div class="tab-content" <?php if (lookupUserPermission('module_support') <= 1) { echo 'inert'; } ?>>
<div class="tab-pane fade show active" id="pills-overview">

2
client_location_edit_modal.php
View File

@ -30,7 +30,7 @@
<hr>
<div class="tab-content">
<div class="tab-content" <?php if (lookupUserPermission('module_client') <= 1) { echo 'inert'; } ?>>
<div class="tab-pane fade show active" id="pills-details<?php echo $location_id; ?>">

2
client_login_edit_modal.php
View File

@ -26,7 +26,7 @@
<hr>
<div class="tab-content">
<div class="tab-content" <?php if (lookupUserPermission('module_credential') <= 1) { echo 'inert'; } ?>>
<div class="tab-pane fade show active" id="pills-details<?php echo $login_id; ?>">

34
client_logins.php
View File

@ -49,7 +49,8 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<div class="card-header py-2">
<h3 class="card-title mt-2"><i class="fa fa-fw fa-key mr-2"></i>Credentials</h3>
<div class="card-tools">
<div class="btn-group">
<?php if (lookupUserPermission("module_credential") >= 2) { ?>
<div class="btn-group">
<button type="button" class="btn btn-primary" data-toggle="modal" data-target="#addLoginModal" <?php if (!isset($_COOKIE['user_encryption_session_key'])) { echo "disabled"; } ?>>
<i class="fas fa-plus mr-2"></i>New Credential
</button>
@ -66,6 +67,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<?php } ?>
</div>
</div>
<?php } ?>
</div>
</div>
<div class="card-body">
@ -296,23 +298,23 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#shareModal" onclick="populateShareModal(<?php echo "$client_id, 'Login', $login_id"; ?>)">
<i class="fas fa-fw fa-share mr-2"></i>Share
</a>
<?php if ($session_user_role == 3) { ?>
<?php if (lookupUserPermission("module_credential") >= 2) { ?>
<?php if ($login_archived_at) { ?>
<div class="dropdown-divider"></div>
<a class="dropdown-item text-info confirm-link" href="post.php?unarchive_login=<?php echo $login_id; ?>">
<i class="fas fa-fw fa-redo mr-2"></i>Unarchive
</a>
<?php if ($config_destructive_deletes_enable) { ?>
<div class="dropdown-divider"></div>
<a class="dropdown-item text-danger text-bold confirm-link" href="post.php?delete_login=<?php echo $login_id; ?>">
<i class="fas fa-fw fa-trash mr-2"></i>Delete
</a>
<?php } ?>
<div class="dropdown-divider"></div>
<a class="dropdown-item text-info confirm-link" href="post.php?unarchive_login=<?php echo $login_id; ?>">
<i class="fas fa-fw fa-redo mr-2"></i>Unarchive
</a>
<?php if (lookupUserPermission("module_credential") >= 3) { ?>
<div class="dropdown-divider"></div>
<a class="dropdown-item text-danger text-bold confirm-link" href="post.php?delete_login=<?php echo $login_id; ?>">
<i class="fas fa-fw fa-trash mr-2"></i>Delete
<?php } ?>
</a>
<?php } else { ?>
<div class="dropdown-divider"></div>
<a class="dropdown-item text-danger confirm-link" href="post.php?archive_login=<?php echo $login_id; ?>">
<i class="fas fa-fw fa-archive mr-2"></i>Archive
</a>
<div class="dropdown-divider"></div>
<a class="dropdown-item text-danger confirm-link" href="post.php?archive_login=<?php echo $login_id; ?>">
<i class="fas fa-fw fa-archive mr-2"></i>Archive
</a>
<?php } ?>
<?php } ?>
</div>

2
client_network_edit_modal.php
View File

@ -29,7 +29,7 @@
<hr>
<div class="tab-content">
<div class="tab-content" <?php if (lookupUserPermission('module_support') <= 1) { echo 'inert'; } ?>>
<div class="tab-pane fade show active" id="pillsEditDetails">

2
client_rack_edit_modal.php
View File

@ -26,7 +26,7 @@
<hr>
<div class="tab-content">
<div class="tab-content" <?php if (lookupUserPermission('module_support') <= 1) { echo 'inert'; } ?>>
<div class="tab-pane fade show active" id="pills-rack-details<?php echo $rack_id; ?>">

2
client_service_edit_modal.php
View File

@ -28,7 +28,7 @@
<hr>
<div class="tab-content">
<div class="tab-content" <?php if (lookupUserPermission('module_support') <= 1) { echo 'inert'; } ?>>
<div class="tab-pane fade show active" id="pills-overview<?php echo $service_id ?>">

2
client_software_edit_modal.php
View File

@ -32,7 +32,7 @@
<hr>
<div class="tab-content">
<div class="tab-content" <?php if (lookupUserPermission('module_support') <= 1) { echo 'inert'; } ?>>
<div class="tab-pane fade show active" id="pills-details<?php echo $software_id; ?>">

2
invoice_edit_modal.php
View File

@ -10,7 +10,7 @@
<form action="post.php" method="post" autocomplete="off">
<input type="hidden" name="invoice_id" value="<?php echo $invoice_id; ?>">
<div class="modal-body bg-white">
<div class="modal-body bg-white" <?php if (lookupUserPermission('module_sales') <= 1) { echo 'inert'; } ?>>
<div class="form-group">
<label>Invoice Date <strong class="text-danger">*</strong></label>

4
post/location.php
View File

@ -8,7 +8,7 @@ if(isset($_POST['add_location'])){
validateTechRole();
require_once 'post/client_locations_model.php';
require_once 'post/location_model.php';
if(!file_exists("uploads/clients/$client_id")) {
@ -67,7 +67,7 @@ if(isset($_POST['edit_location'])){
validateTechRole();
require_once 'post/client_locations_model.php';
require_once 'post/location_model.php';
$location_id = intval($_POST['location_id']);

2
post/client_locations_model.php → post/location_model.php
View File

@ -11,4 +11,4 @@ $phone = preg_replace("/[^0-9]/", '',$_POST['phone']);
$hours = sanitizeInput($_POST['hours']);
$notes = sanitizeInput($_POST['notes']);
$contact = intval($_POST['contact']);
$location_primary = intval($_POST['location_primary']);
$location_primary = intval($_POST['location_primary']);

31
post/login.php
View File

@ -6,10 +6,9 @@
if (isset($_POST['add_login'])) {
validateTechRole();
require_once 'post/client_logins_model.php';
enforceUserPermission('module_credential', 2);
require_once 'post/login_model.php';
mysqli_query($mysqli,"INSERT INTO logins SET login_name = '$name', login_description = '$description', login_uri = '$uri', login_uri_2 = '$uri_2', login_username = '$username', login_password = '$password', login_otp_secret = '$otp_secret', login_note = '$note', login_important = $important, login_contact_id = $contact_id, login_vendor_id = $vendor_id, login_asset_id = $asset_id, login_software_id = $software_id, login_client_id = $client_id");
@ -26,10 +25,9 @@ if (isset($_POST['add_login'])) {
if (isset($_POST['edit_login'])) {
validateTechRole();
require_once 'post/client_logins_model.php';
enforceUserPermission('module_credential', 2);
require_once 'post/login_model.php';
$login_id = intval($_POST['login_id']);
@ -55,7 +53,7 @@ if (isset($_POST['edit_login'])) {
if(isset($_GET['archive_login'])){
validateTechRole();
enforceUserPermission('module_credential', 2);
$login_id = intval($_GET['archive_login']);
@ -79,6 +77,8 @@ if(isset($_GET['archive_login'])){
if(isset($_GET['unarchive_login'])){
enforceUserPermission('module_credential', 2);
$login_id = intval($_GET['unarchive_login']);
// Get Name and Client ID for logging and alert message
@ -99,7 +99,7 @@ if(isset($_GET['unarchive_login'])){
if (isset($_GET['delete_login'])) {
validateAdminRole();
enforceUserPermission('module_credential', 3);
$login_id = intval($_GET['delete_login']);
@ -128,7 +128,8 @@ if (isset($_GET['delete_login'])) {
}
if (isset($_POST['bulk_archive_logins'])) {
validateAdminRole();
enforceUserPermission('module_credential', 2);
validateCSRFToken($_POST['csrf_token']);
$count = 0; // Default 0
@ -166,7 +167,9 @@ if (isset($_POST['bulk_archive_logins'])) {
}
if (isset($_POST['bulk_unarchive_logins'])) {
validateAdminRole();
enforceUserPermission('module_credential', 2);
validateCSRFToken($_POST['csrf_token']);
$count = 0; // Default 0
@ -205,7 +208,9 @@ if (isset($_POST['bulk_unarchive_logins'])) {
}
if (isset($_POST['bulk_delete_logins'])) {
validateAdminRole();
enforceUserPermission('module_credential', 3);
validateCSRFToken($_POST['csrf_token']);
$count = 0; // Default 0
@ -250,7 +255,7 @@ if (isset($_POST['bulk_delete_logins'])) {
if (isset($_POST['export_client_logins_csv'])) {
validateAdminRole();
enforceUserPermission('module_credential');
$client_id = intval($_POST['client_id']);
@ -301,7 +306,7 @@ if (isset($_POST['export_client_logins_csv'])) {
if (isset($_POST["import_client_logins_csv"])) {
validateTechRole();
enforceUserPermission('module_credential', 2);
$client_id = intval($_POST['client_id']);
$file_name = $_FILES["file"]["tmp_name"];

1
post/client_logins_model.php → post/login_model.php
View File

@ -1,4 +1,5 @@
<?php
// Model of reusable variables for client credentials/logins - not to be confused with the ITFLow login process
$client_id = intval($_POST['client_id']);
$name = sanitizeInput($_POST['name']);
$description = sanitizeInput($_POST['description']);

27
post/network.php
View File

@ -8,18 +8,7 @@ if (isset($_POST['add_network'])) {
validateTechRole();
$client_id = intval($_POST['client_id']);
$name = sanitizeInput($_POST['name']);
$description = sanitizeInput($_POST['description']);
$vlan = intval($_POST['vlan']);
$network = sanitizeInput($_POST['network']);
$subnet = sanitizeInput($_POST['subnet']);
$gateway = sanitizeInput($_POST['gateway']);
$primary_dns = sanitizeInput($_POST['primary_dns']);
$secondary_dns = sanitizeInput($_POST['secondary_dns']);
$dhcp_range = sanitizeInput($_POST['dhcp_range']);
$notes = sanitizeInput($_POST['notes']);
$location_id = intval($_POST['location']);
require_once 'post/login_model.php';
mysqli_query($mysqli,"INSERT INTO networks SET network_name = '$name', network_description = '$description', network_vlan = $vlan, network = '$network', network_subnet = '$subnet', network_gateway = '$gateway', network_primary_dns = '$primary_dns', network_secondary_dns = '$secondary_dns', network_dhcp_range = '$dhcp_range', network_notes = '$notes', network_location_id = $location_id, network_client_id = $client_id");
@ -39,18 +28,8 @@ if (isset($_POST['edit_network'])) {
validateTechRole();
$network_id = intval($_POST['network_id']);
$name = sanitizeInput($_POST['name']);
$description = sanitizeInput($_POST['description']);
$vlan = intval($_POST['vlan']);
$network = sanitizeInput($_POST['network']);
$subnet = sanitizeInput($_POST['subnet']);
$gateway = sanitizeInput($_POST['gateway']);
$primary_dns = sanitizeInput($_POST['primary_dns']);
$secondary_dns = sanitizeInput($_POST['secondary_dns']);
$dhcp_range = sanitizeInput($_POST['dhcp_range']);
$notes = sanitizeInput($_POST['notes']);
$location_id = intval($_POST['location']);
$client_id = intval($_POST['client_id']);
require_once 'post/login_model.php';
mysqli_query($mysqli,"UPDATE networks SET network_name = '$name', network_description = '$description', network_vlan = $vlan, network = '$network', network_subnet = '$subnet', network_gateway = '$gateway', network_primary_dns = '$primary_dns', network_secondary_dns = '$secondary_dns', network_dhcp_range = '$dhcp_range', network_notes = '$notes', network_location_id = $location_id WHERE network_id = $network_id");

13
post/network_model.php Normal file
View File

@ -0,0 +1,13 @@
<?php
$name = sanitizeInput($_POST['name']);
$description = sanitizeInput($_POST['description']);
$vlan = intval($_POST['vlan']);
$network = sanitizeInput($_POST['network']);
$subnet = sanitizeInput($_POST['subnet']);
$gateway = sanitizeInput($_POST['gateway']);
$primary_dns = sanitizeInput($_POST['primary_dns']);
$secondary_dns = sanitizeInput($_POST['secondary_dns']);
$dhcp_range = sanitizeInput($_POST['dhcp_range']);
$notes = sanitizeInput($_POST['notes']);
$location_id = intval($_POST['location']);
$client_id = intval($_POST['client_id']);

32
post/quote.php
View File

@ -6,6 +6,8 @@
if (isset($_POST['add_quote'])) {
enforceUserPermission('module_sales', 2);
require_once 'post/quote_model.php';
$client = intval($_POST['client']);
@ -35,6 +37,8 @@ if (isset($_POST['add_quote'])) {
if (isset($_POST['add_quote_copy'])) {
enforceUserPermission('module_sales', 2);
$quote_id = intval($_POST['quote_id']);
$client_id = intval($_POST['client']);
$date = sanitizeInput($_POST['date']);
@ -90,6 +94,8 @@ if (isset($_POST['add_quote_copy'])) {
if (isset($_POST['add_quote_to_invoice'])) {
enforceUserPermission('module_sales', 2);
$quote_id = intval($_POST['quote_id']);
$date = sanitizeInput($_POST['date']);
$client_net_terms = intval($_POST['client_net_terms']);
@ -147,6 +153,8 @@ if (isset($_POST['add_quote_to_invoice'])) {
if (isset($_POST['add_quote_item'])) {
enforceUserPermission('module_sales', 2);
$quote_id = intval($_POST['quote_id']);
$name = sanitizeInput($_POST['name']);
$description = sanitizeInput($_POST['description']);
@ -196,6 +204,8 @@ if (isset($_POST['add_quote_item'])) {
if (isset($_POST['quote_note'])) {
enforceUserPermission('module_sales', 2);
$quote_id = intval($_POST['quote_id']);
$note = sanitizeInput($_POST['note']);
@ -209,6 +219,8 @@ if (isset($_POST['quote_note'])) {
if (isset($_POST['edit_quote'])) {
enforceUserPermission('module_sales', 2);
require_once 'post/quote_model.php';
$quote_id = intval($_POST['quote_id']);
@ -235,6 +247,9 @@ if (isset($_POST['edit_quote'])) {
}
if (isset($_GET['delete_quote'])) {
enforceUserPermission('module_sales', 3);
$quote_id = intval($_GET['delete_quote']);
mysqli_query($mysqli,"DELETE FROM quotes WHERE quote_id = $quote_id");
@ -268,6 +283,9 @@ if (isset($_GET['delete_quote'])) {
}
if (isset($_GET['delete_quote_item'])) {
enforceUserPermission('module_sales', 2);
$item_id = intval($_GET['delete_quote_item']);
$sql = mysqli_query($mysqli,"SELECT * FROM invoice_items WHERE item_id = $item_id");
@ -297,6 +315,8 @@ if (isset($_GET['delete_quote_item'])) {
if (isset($_GET['mark_quote_sent'])) {
enforceUserPermission('module_sales', 2);
$quote_id = intval($_GET['mark_quote_sent']);
mysqli_query($mysqli,"UPDATE quotes SET quote_status = 'Sent' WHERE quote_id = $quote_id");
@ -314,6 +334,8 @@ if (isset($_GET['mark_quote_sent'])) {
if (isset($_GET['accept_quote'])) {
enforceUserPermission('module_sales', 2);
$quote_id = intval($_GET['accept_quote']);
mysqli_query($mysqli,"UPDATE quotes SET quote_status = 'Accepted' WHERE quote_id = $quote_id");
@ -331,6 +353,8 @@ if (isset($_GET['accept_quote'])) {
if (isset($_GET['decline_quote'])) {
enforceUserPermission('module_sales', 2);
$quote_id = intval($_GET['decline_quote']);
mysqli_query($mysqli,"UPDATE quotes SET quote_status = 'Declined' WHERE quote_id = $quote_id");
@ -348,6 +372,8 @@ if (isset($_GET['decline_quote'])) {
if (isset($_GET['email_quote'])) {
enforceUserPermission('module_sales', 2);
$quote_id = intval($_GET['email_quote']);
$sql = mysqli_query($mysqli,"SELECT * FROM quotes
@ -422,6 +448,9 @@ if (isset($_GET['email_quote'])) {
}
if(isset($_POST['export_client_quotes_csv'])){
enforceUserPermission('module_sales');
$client_id = intval($_POST['client_id']);
//get records from database
@ -464,6 +493,8 @@ if(isset($_POST['export_client_quotes_csv'])){
if (isset($_POST['update_quote_item_order'])) {
enforceUserPermission('module_sales', 2);
if ($_POST['update_quote_item_order'] == 'up') {
$item_id = intval($_POST['item_id']);
$item_quote_id = intval($_POST['item_quote_id']);
@ -488,7 +519,6 @@ if (isset($_POST['update_quote_item_order'])) {
}
mysqli_query($mysqli,"UPDATE invoice_items SET item_order = $item_order WHERE item_quote_id = $item_quote_id AND item_order = $new_item_order");
mysqli_query($mysqli,"UPDATE invoice_items SET item_order = $new_item_order WHERE item_id = $item_id");

32
quote.php
View File

@ -117,7 +117,7 @@ if (isset($_GET['quote_id'])) {
<div class="row">
<div class="col-8">
<?php if ($quote_status == 'Draft') { ?>
<?php if ($quote_status == 'Draft' && lookupUserPermission("module_sales") >= 2) { ?>
<button class="btn btn-primary dropdown-toggle" type="button" data-toggle="dropdown">
<i class="fas fa-paper-plane mr-2"></i>Send
</button>
@ -160,9 +160,11 @@ if (isset($_GET['quote_id'])) {
<a class="dropdown-item" href="#" data-toggle="modal" onclick="populateQuoteEditModal(<?php echo $quote_id ?>)" data-target="#editQuoteModal">
<i class="fa fa-fw fa-edit text-secondary mr-2"></i>Edit
</a>
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#addQuoteCopyModal<?php echo $quote_id; ?>">
<i class="fa fa-fw fa-copy text-secondary mr-2"></i>Copy
</a>
<?php if (lookupUserPermission("module_sales") >= 2) { ?>
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#addQuoteCopyModal<?php echo $quote_id; ?>">
<i class="fa fa-fw fa-copy text-secondary mr-2"></i>Copy
</a>
<?php } ?>
<div class="dropdown-divider"></div>
<a class="dropdown-item" href="#" onclick="window.print();">
<i class="fa fa-fw fa-print text-secondary mr-2"></i>Print
@ -178,10 +180,12 @@ if (isset($_GET['quote_id'])) {
<a class="dropdown-item" target="_blank" href="guest_view_quote.php?quote_id=<?php echo "$quote_id&url_key=$quote_url_key"; ?>">
<i class="fa fa-fw fa-link text-secondary mr-2"></i>Guest URL
</a>
<div class="dropdown-divider"></div>
<a class="dropdown-item text-danger text-bold confirm-link" href="post.php?delete_quote=<?php echo $quote_id; ?>">
<i class="fa fa-fw fa-times mr-2"></i>Delete
</a>
<?php if (lookupUserPermission("module_sales") >= 3) { ?>
<div class="dropdown-divider"></div>
<a class="dropdown-item text-danger text-bold confirm-link" href="post.php?delete_quote=<?php echo $quote_id; ?>">
<i class="fa fa-fw fa-times mr-2"></i>Delete
</a>
<?php } ?>
</div>
</div>
</div>
@ -306,7 +310,7 @@ if (isset($_GET['quote_id'])) {
<tr>
<td class="d-print-none">
<?php if ($quote_status !== "Invoiced" && $quote_status !== "Accepted" && $quote_status !== "Declined") { ?>
<?php if ($quote_status !== "Invoiced" && $quote_status !== "Accepted" && $quote_status !== "Declined" && lookupUserPermission("module_sales") >= 2) { ?>
<div class="dropdown">
<button class="btn btn-sm btn-light" type="button" data-toggle="dropdown">
<i class="fas fa-ellipsis-v"></i>
@ -351,7 +355,7 @@ if (isset($_GET['quote_id'])) {
?>
<tr class="d-print-none" <?php if ($quote_status == "Invoiced" || $quote_status == "Accepted" || $quote_status == "Declined") {
<tr class="d-print-none" <?php if ($quote_status == "Invoiced" || $quote_status == "Accepted" || $quote_status == "Declined" || lookupUserPermission("module_sales") <= 1) {
echo "hidden";
} ?>>
<form action="post.php" method="post" autocomplete="off">
@ -414,9 +418,11 @@ if (isset($_GET['quote_id'])) {
<div class="card-header text-bold">
Notes
<div class="card-tools d-print-none">
<a href="#" class="btn btn-light btn-tool" data-toggle="modal" data-target="#quoteNoteModal">
<i class="fas fa-edit"></i>
</a>
<?php if (lookupUserPermission("module_sales") >= 2) { ?>
<a href="#" class="btn btn-light btn-tool" data-toggle="modal" data-target="#quoteNoteModal">
<i class="fas fa-edit"></i>
</a>
<?php } ?>
</div>
</div>
<div class="card-body">

2
quote_edit_modal.php
View File

@ -11,7 +11,7 @@
<form action="post.php" method="post" autocomplete="off">
<input type="hidden" name="quote_id" id="editQuoteID" value="">
<div class="modal-body bg-white">
<div class="modal-body bg-white" <?php if (lookupUserPermission('module_sales') <= 1) { echo 'inert'; } ?>>
<div class="form-group">
<label>Quote Date</label>

28
quotes.php
View File

@ -29,7 +29,9 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<div class="card-header py-2">
<h3 class="card-title mt-2"><i class="fa fa-comment-dollar mr-2"></i>Quotes</h3>
<div class="card-tools">
<?php if (lookupUserPermission("module_sales") >= 2) { ?>
<button type="button" class="btn btn-primary" data-toggle="modal" data-target="#addQuoteModal"><i class="fas fa-plus mr-2"></i>New Quote</button>
<?php } ?>
</div>
</div>
@ -200,19 +202,23 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<a class="dropdown-item" href="#" data-toggle="modal" onclick="populateQuoteEditModal(<?php echo $quote_id ?>)" data-target="#editQuoteModal">
<i class="fas fa-fw fa-edit mr-2"></i>Edit
</a>
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#addQuoteCopyModal<?php echo $quote_id; ?>">
<i class="fas fa-fw fa-copy mr-2"></i>Copy
</a>
<div class="dropdown-divider"></div>
<?php if (!empty($config_smtp_host)) { ?>
<a class="dropdown-item" href="post.php?email_quote=<?php echo $quote_id; ?>">
<i class="fas fa-fw fa-paper-plane mr-2"></i>Email
<?php if (lookupUserPermission("module_sales") >= 2) { ?>
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#addQuoteCopyModal<?php echo $quote_id; ?>">
<i class="fas fa-fw fa-copy mr-2"></i>Copy
</a>
<div class="dropdown-divider"></div>
<?php if (!empty($config_smtp_host)) { ?>
<div class="dropdown-divider"></div>
<a class="dropdown-item" href="post.php?email_quote=<?php echo $quote_id; ?>">
<i class="fas fa-fw fa-paper-plane mr-2"></i>Email
</a>
<?php } ?>
<?php if (lookupUserPermission("module_sales") >= 3) { ?>
<div class="dropdown-divider"></div>
<a class="dropdown-item text-danger text-bold confirm-link" href="post.php?delete_quote=<?php echo $quote_id; ?>">
<i class="fas fa-fw fa-trash mr-2"></i>Delete
</a>
<?php } ?>
<?php } ?>
<a class="dropdown-item text-danger text-bold confirm-link" href="post.php?delete_quote=<?php echo $quote_id; ?>">
<i class="fas fa-fw fa-trash mr-2"></i>Delete
</a>
</div>
</div>
</td>

2
recurring_ticket_edit_modal.php
View File

@ -29,7 +29,7 @@
</li>
</ul>
<div class="tab-content">
<div class="tab-content" <?php if (lookupUserPermission('module_support') <= 1) { echo 'inert'; } ?>>
<div class="tab-pane fade show active" id="pills-edit-details">

2
ticket_edit_modal.php
View File

@ -38,7 +38,7 @@
<hr>
<div class="tab-content">
<div class="tab-content" <?php if (lookupUserPermission('module_support') <= 1) { echo 'inert'; } ?>>
<div class="tab-pane fade show active" id="pills-details<?php echo $ticket_id; ?>">