diff --git a/add_user_modal.php b/add_user_modal.php index d1ca894a..ab38cef3 100644 --- a/add_user_modal.php +++ b/add_user_modal.php @@ -10,102 +10,80 @@
- - -
- -
- -
- -
- -
-
- -
- -
+
+ +
+
+
- -
- -
-
- -
- -
-
- -
- -
-
- -
- -
-
-
- - -
- +
+
-
- - - -
- - -
- - - -
- -
-
- -
- -
+
+ +
+
+
- +
+
+
+ +
+
+ +
+ +
+
+ +
+ +
+
+ +
+ +
+
+ +
+ +
+
+ +
+ +
+
+ +
+ +
diff --git a/add_vendor_modal.php b/add_vendor_modal.php index 79aca15a..c1870761 100644 --- a/add_vendor_modal.php +++ b/add_vendor_modal.php @@ -66,21 +66,6 @@
-
- -
-
- -
- -
-
-
@@ -126,6 +111,21 @@
+
+ +
+
+ +
+ +
+
+
diff --git a/check_login.php b/check_login.php index 64e70969..edfdb582 100644 --- a/check_login.php +++ b/check_login.php @@ -1,19 +1,23 @@ \ No newline at end of file diff --git a/db.sql b/db.sql index 5e45b806..2b6e2d4e 100644 --- a/db.sql +++ b/db.sql @@ -528,6 +528,25 @@ CREATE TABLE `payments` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4; /*!40101 SET character_set_client = @saved_cs_client */; +-- +-- Table structure for table `permissions` +-- + +DROP TABLE IF EXISTS `permissions`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `permissions` ( + `permission_id` int(11) NOT NULL AUTO_INCREMENT, + `permission_level` tinyint(1) NOT NULL, + `permission_default_company` int(11) NOT NULL, + `permission_companies` varchar(500) NOT NULL, + `permission_clients` varchar(500) DEFAULT NULL, + `permission_actions` tinyint(1) DEFAULT NULL, + `user_id` int(11) NOT NULL, + PRIMARY KEY (`permission_id`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8; +/*!40101 SET character_set_client = @saved_cs_client */; + -- -- Table structure for table `products` -- @@ -831,19 +850,6 @@ CREATE TABLE `trips` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4; /*!40101 SET character_set_client = @saved_cs_client */; --- --- Table structure for table `user_companies` --- - -DROP TABLE IF EXISTS `user_companies`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE `user_companies` ( - `user_id` int(11) NOT NULL, - `company_id` int(11) NOT NULL -) ENGINE=InnoDB DEFAULT CHARSET=utf8; -/*!40101 SET character_set_client = @saved_cs_client */; - -- -- Table structure for table `user_keys` -- @@ -921,4 +927,4 @@ CREATE TABLE `vendors` ( /*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */; /*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */; --- Dump completed on 2021-01-27 14:21:51 +-- Dump completed on 2021-01-29 21:26:58 diff --git a/edit_user_modal.php b/edit_user_modal.php index 7aca88e5..4a6e6fe2 100644 --- a/edit_user_modal.php +++ b/edit_user_modal.php @@ -51,6 +51,48 @@
+ +
+ +
+
+ +
+ +
+
+ +
+ +
+
+ +
+ +
+
+
diff --git a/edit_vendor_modal.php b/edit_vendor_modal.php index f7f1b54c..5ec3ece5 100644 --- a/edit_vendor_modal.php +++ b/edit_vendor_modal.php @@ -66,21 +66,6 @@
-
- -
-
- -
- -
-
-
@@ -126,6 +111,21 @@
+
+ +
+
+ +
+ +
+
+
diff --git a/post.php b/post.php index 792be31f..cb461d37 100644 --- a/post.php +++ b/post.php @@ -16,7 +16,7 @@ use PHPMailer\PHPMailer\Exception; if(isset($_GET['switch_company'])){ $company_id = intval($_GET['switch_company']); - $session_company_id = $company_id; + mysqli_query($mysqli,"UPDATE permissions SET permission_default_company = $company_id WHERE user_id = $session_user_id"); $_SESSION['alert_type'] = "info"; $_SESSION['alert_message'] = "Switched Companies!"; @@ -30,9 +30,11 @@ if(isset($_POST['add_user'])){ $name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['name']))); $email = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['email']))); $password = md5($_POST['password']); + $company = intval($_POST['company']); + $level = intval($_POST['level']); $client_id = intval($_POST['client']); - mysqli_query($mysqli,"INSERT INTO users SET name = '$name', email = '$email', password = '$password', created_at = NOW()"); + mysqli_query($mysqli,"INSERT INTO users SET name = '$name', email = '$email', password = '$password', default_company = $company, created_at = NOW()"); $user_id = mysqli_insert_id($mysqli); @@ -46,16 +48,11 @@ if(isset($_POST['add_user'])){ $file_name = basename($path); move_uploaded_file($_FILES['file']['tmp_name'], $path); } - + //Set Avatar mysqli_query($mysqli,"UPDATE users SET avatar = '$path' WHERE user_id = $user_id"); - if(isset($_POST['company'])){ - if(is_array($_POST['company'])) { - foreach($_POST['company'] as $company_id){ - mysqli_query($mysqli,"INSERT INTO user_companies SET user_id = $user_id, company_id = $company_id"); - } - } - } + //Create Permissions + mysqli_query($mysqli,"INSERT INTO permissions SET permission_level = $level, permission_default_company = $company, permission_companies = $company, user_id = $user_id"); //logging mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'User', log_action = 'Created', log_description = '$name', log_created_at = NOW()"); @@ -78,12 +75,10 @@ if(isset($_POST['edit_user'])){ }else{ $password = md5($password); } + $company = intval($_POST['company']); + $level = intval($_POST['level']); $path = strip_tags(mysqli_real_escape_string($mysqli,$_POST['current_avatar_path'])); - if(!file_exists("uploads/users/$user_id")) { - mkdir("uploads/users/$user_id"); - } - if($_FILES['file']['tmp_name']!='') { //delete old avatar file unlink($path); @@ -96,6 +91,9 @@ if(isset($_POST['edit_user'])){ mysqli_query($mysqli,"UPDATE users SET name = '$name', email = '$email', password = '$password', avatar = '$path', updated_at = NOW() WHERE user_id = $user_id"); + //Create Permissions + mysqli_query($mysqli,"UPDATE permissions SET permission_level = $level, permission_default_company = $company WHERE user_id = $user_id"); + //logging mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'User', log_action = 'Modified', log_description = '$name', log_created_at = NOW()"); @@ -105,11 +103,30 @@ if(isset($_POST['edit_user'])){ } +if(isset($_POST['edit_user_companies'])){ + + $user_id = intval($_POST['user_id']); + $companies = $_POST['companies']; + + //Turn the Array into a string with , seperation + $companies_imploded = implode(",",$companies); + + mysqli_query($mysqli,"UPDATE permissions SET permission_companies = '$companies_imploded' WHERE user_id = $user_id"); + + //logging + mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'User', log_action = 'Modified', log_description = '$name', log_created_at = NOW()"); + + $_SESSION['alert_message'] = "Companies $company added to user $user_id!"; + + header("Location: users.php"); + +} + if(isset($_GET['delete_user'])){ $user_id = intval($_GET['delete_user']); mysqli_query($mysqli,"DELETE FROM users WHERE user_id = $user_id"); - mysqli_query($mysqli,"DELETE FROM user_companies WHERE user_id = $user_id"); + mysqli_query($mysqli,"DELETE FROM permissions WHERE user_id = $user_id"); mysqli_query($mysqli,"DELETE FROM logs WHERE user_id = $user_id"); mysqli_query($mysqli,"DELETE FROM tickets WHERE ticket_created_by = $user_id"); mysqli_query($mysqli,"DELETE FROM tickets WHERE ticket_closed_by = $user_id"); diff --git a/setup.php b/setup.php index 12040b49..bc526227 100644 --- a/setup.php +++ b/setup.php @@ -196,7 +196,8 @@ if(isset($_POST['add_company_settings'])){ mkdir("uploads/settings/$company_id"); mkdir("uploads/tmp/$company_id"); - mysqli_query($mysqli,"INSERT INTO user_companies SET user_id = $user_id, company_id = $company_id"); + //Create Permissions + mysqli_query($mysqli,"INSERT INTO permissions SET permission_level = 5, permission_default_company = $company_id, permission_companies = $company_id, user_id = $user_id"); mysqli_query($mysqli,"INSERT INTO settings SET company_id = $company_id, config_company_name = '$config_company_name', config_company_country = '$config_company_country', config_company_address = '$config_company_address', config_company_city = '$config_company_city', config_company_state = '$config_company_state', config_company_zip = '$config_company_zip', config_company_phone = '$config_company_phone', config_company_site = '$config_company_site', config_invoice_prefix = 'INV-', config_invoice_next_number = 1, config_invoice_overdue_reminders = '1,3,7', config_quote_prefix = 'QUO-', config_quote_next_number = 1, config_api_key = '$config_api_key', config_recurring_auto_send_invoice = 1, config_default_net_terms = 7, config_records_per_page = 10, config_send_invoice_reminders = 0, config_enable_cron = 0, config_ticket_next_number = 1"); diff --git a/user_companies_modal.php b/user_companies_modal.php new file mode 100644 index 00000000..c9878e5b --- /dev/null +++ b/user_companies_modal.php @@ -0,0 +1,50 @@ + \ No newline at end of file diff --git a/users.php b/users.php index 9c98e688..14318c75 100644 --- a/users.php +++ b/users.php @@ -40,8 +40,9 @@ $disp = "DESC"; } - $sql = mysqli_query($mysqli,"SELECT SQL_CALC_FOUND_ROWS * FROM users - WHERE name LIKE '%$q%' OR email LIKE '%$q%' + $sql = mysqli_query($mysqli,"SELECT SQL_CALC_FOUND_ROWS * FROM users, permissions + WHERE users.user_id = permissions.user_id + AND (name LIKE '%$q%' OR email LIKE '%$q%') ORDER BY $sb $o LIMIT $record_from, $record_to"); $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()")); @@ -71,7 +72,7 @@ Name Email - Type + Access Level Status Last Login Action @@ -86,7 +87,24 @@ $email = $row['email']; $password = $row['password']; $avatar = $row['avatar']; - $client_id = $row['client_id']; + $permission_default_company = $row['permission_default_company']; + $permission_level = $row['permission_level']; + if($permission_level == 5){ + $permission_level_display = "Global Administrator"; + }elseif($permission_level == 4){ + $permission_level_display = "Administrator"; + }elseif($permission_level == 3){ + $permission_level_display = "Technician"; + }elseif($permission_level == 2){ + $permission_level_display = "IT Contractor"; + }else{ + $permission_level_display = "Accounting"; + } + $permission_companies = $row['permission_companies']; + $permission_companies_array = explode(",",$permission_companies); + $permission_clients = $row['permission_clients']; + $permission_clients_array = explode(",",$permission_clients); + $permission_actions = $row['permission_actions']; $initials = initials($name); $sql_last_login = mysqli_query($mysqli,"SELECT * FROM logs @@ -109,14 +127,14 @@
- +
- Client - Status + + -
@@ -125,17 +143,20 @@
Edit + Companies +
Delete
- + +