AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-03-11 08:14:52 +00:00
Code Issues Packages Projects Releases Wiki Activity

Assets: remove client_id from edit asset modal as it should get the client_id in post, enforceClientAccess

Browse Source
This commit is contained in:
johnnyq
2026-03-06 16:13:56 -05:00
parent 3983c45cac
commit 8afa2dbf75
2 changed files with 82 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

85
agent/post/asset.php
View File

@@ -14,6 +14,8 @@ if (isset($_POST['add_asset'])) {
require_once 'asset_model.php';
enforceClientAccess();
$alert_extended = "";
mysqli_query($mysqli,"INSERT INTO assets SET asset_name = '$name', asset_description = '$description', asset_type = '$type', asset_make = '$make', asset_model = '$model', asset_serial = '$serial', asset_os = '$os', asset_uri = '$uri', asset_uri_2 = '$uri_2', asset_uri_client = '$uri_client', asset_location_id = $location, asset_vendor_id = $vendor, asset_contact_id = $contact, asset_status = '$status', asset_purchase_reference = '$purchase_reference', asset_purchase_date = $purchase_date, asset_warranty_expire = $warranty_expire, asset_install_date = $install_date, asset_physical_location = '$physical_location', asset_notes = '$notes', asset_favorite = $favorite, asset_client_id = $client_id");
@@ -81,12 +83,16 @@ if (isset($_POST['edit_asset'])) {
enforceUserPermission('module_support', 2);
require_once 'asset_model.php';
$asset_id = intval($_POST['asset_id']);
// Get Existing Photo
$sql = mysqli_query($mysqli,"SELECT asset_photo FROM assets WHERE asset_id = $asset_id");
// Get Existing Photo and assigned client_id
$sql = mysqli_query($mysqli,"SELECT asset_photo, asset_client_id FROM assets WHERE asset_id = $asset_id");
$row = mysqli_fetch_assoc($sql);
$existing_file_name = sanitizeInput($row['asset_photo']);
$client_id = intval($row['asset_client_id']);
enforceClientAccess();
mysqli_query($mysqli,"UPDATE assets SET asset_name = '$name', asset_description = '$description', asset_type = '$type', asset_make = '$make', asset_model = '$model', asset_serial = '$serial', asset_os = '$os', asset_uri = '$uri', asset_uri_2 = '$uri_2', asset_uri_client = '$uri_client', asset_location_id = $location, asset_vendor_id = $vendor, asset_contact_id = $contact, asset_status = '$status', asset_purchase_reference = '$purchase_reference', asset_purchase_date = $purchase_date, asset_warranty_expire = $warranty_expire, asset_install_date = $install_date, asset_physical_location = '$physical_location', asset_notes = '$notes', asset_favorite = $favorite WHERE asset_id = $asset_id");
@@ -153,6 +159,8 @@ if (isset($_GET['archive_asset'])) {
$asset_name = sanitizeInput($row['asset_name']);
$client_id = intval($row['asset_client_id']);
enforceClientAccess();
mysqli_query($mysqli,"UPDATE assets SET asset_archived_at = NOW() WHERE asset_id = $asset_id");
// Add to History
@@ -180,6 +188,8 @@ if (isset($_GET['restore_asset'])) {
$asset_name = sanitizeInput($row['asset_name']);
$client_id = intval($row['asset_client_id']);
enforceClientAccess();
mysqli_query($mysqli,"UPDATE assets SET asset_archived_at = NULL WHERE asset_id = $asset_id");
// Add to History
@@ -207,6 +217,8 @@ if (isset($_GET['delete_asset'])) {
$asset_name = sanitizeInput($row['asset_name']);
$client_id = intval($row['asset_client_id']);
enforceClientAccess();
mysqli_query($mysqli,"DELETE FROM assets WHERE asset_id = $asset_id");
logAction("Asset", "Delete", "$session_name deleted asset $asset_name", $client_id);
@@ -235,6 +247,8 @@ if (isset($_POST['bulk_assign_asset_tags'])) {
$asset_name = sanitizeInput($row['asset_name']);
$client_id = intval($row['asset_client_id']);
enforceClientAccess();
if($_POST['remove_tags']) {
mysqli_query($mysqli, "DELETE FROM asset_tags WHERE asset_tag_asset_id = $asset_id");
}
@@ -277,6 +291,8 @@ if (isset($_POST['bulk_assign_asset_location'])) {
$location_name = sanitizeInput($row['location_name']);
$client_id = intval($row['location_client_id']);
enforceClientAccess();
// Assign Location to Selected Assets
if (isset($_POST['asset_ids'])) {
@@ -292,6 +308,8 @@ if (isset($_POST['bulk_assign_asset_location'])) {
$asset_name = sanitizeInput($row['asset_name']);
$client_id = intval($row['asset_client_id']);
enforceClientAccess();
mysqli_query($mysqli,"UPDATE assets SET asset_location_id = $location_id WHERE asset_id = $asset_id");
logAction("Asset", "Edit", "$session_name assigned asset $asset_name to location $location_name", $client_id, $asset_id);
@@ -330,6 +348,8 @@ if (isset($_POST['bulk_assign_asset_physical_location'])) {
$asset_name = sanitizeInput($row['asset_name']);
$client_id = intval($row['asset_client_id']);
enforceClientAccess();
mysqli_query($mysqli,"UPDATE assets SET asset_physical_location = '$physical_location' WHERE asset_id = $asset_id");
logAction("Asset", "Edit", "$session_name set asset $asset_name to physical location $physical_location", $client_id, $asset_id);
@@ -353,6 +373,8 @@ if (isset($_POST['bulk_transfer_client_asset'])) {
$new_client_id = intval($_POST['bulk_client_id']);
enforceClientAccess($new_client_id);
// Transfer selected asset to new client
if (isset($_POST['asset_ids'])) {
@@ -373,6 +395,8 @@ if (isset($_POST['bulk_transfer_client_asset'])) {
$current_client_id = intval($row['asset_client_id']);
$current_client_name = sanitizeInput($row['client_name']);
enforceClientAccess($current_client_id);
// Get new client name for logging
$new_client_name = sanitizeInput(getFieldById('clients', $new_client_id, 'client_name'));
@@ -445,6 +469,8 @@ if (isset($_POST['bulk_assign_asset_contact'])) {
$contact_name = sanitizeInput($row['contact_name']);
$client_id = intval($row['contact_client_id']);
enforceClientAccess();
// Assign Contact to Selected Assets
if (isset($_POST['asset_ids'])) {
@@ -495,6 +521,8 @@ if (isset($_POST['bulk_edit_asset_status'])) {
$asset_name = sanitizeInput($row['asset_name']);
$client_id = intval($row['asset_client_id']);
enforceClientAccess();
mysqli_query($mysqli,"UPDATE assets SET asset_status = '$status' WHERE asset_id = $asset_id");
logAction("Asset", "Edit", "$session_name set status to $status on $asset_name", $client_id, $asset_id);
@@ -533,6 +561,8 @@ if (isset($_POST['bulk_favorite_assets'])) {
$asset_name = sanitizeInput($row['asset_name']);
$client_id = intval($row['asset_client_id']);
enforceClientAccess();
mysqli_query($mysqli,"UPDATE assets SET asset_favorite = 1 WHERE asset_id = $asset_id");
logAction("Asset", "Edit", "$session_name marked asset $asset_name a favorite", $client_id, $asset_id);
@@ -569,6 +599,8 @@ if (isset($_POST['bulk_unfavorite_assets'])) {
$asset_name = sanitizeInput($row['asset_name']);
$client_id = intval($row['asset_client_id']);
enforceClientAccess();
mysqli_query($mysqli,"UPDATE assets SET asset_favorite = 0 WHERE asset_id = $asset_id");
logAction("Asset", "Edit", "$session_name unfavorited asset $asset_name", $client_id, $asset_id);
@@ -605,6 +637,8 @@ if (isset($_POST['bulk_archive_assets'])) {
$asset_name = sanitizeInput($row['asset_name']);
$client_id = intval($row['asset_client_id']);
enforceClientAccess();
mysqli_query($mysqli,"UPDATE assets SET asset_archived_at = NOW() WHERE asset_id = $asset_id");
logAction("Asset", "Archive", "$session_name archived asset $asset_name", $client_id, $asset_id);
@@ -644,6 +678,8 @@ if (isset($_POST['bulk_restore_assets'])) {
$asset_name = sanitizeInput($row['asset_name']);
$client_id = intval($row['asset_client_id']);
enforceClientAccess();
mysqli_query($mysqli,"UPDATE assets SET asset_archived_at = NULL WHERE asset_id = $asset_id");
// Individual Asset logging
@@ -684,6 +720,8 @@ if (isset($_POST['bulk_delete_assets'])) {
$asset_name = sanitizeInput($row['asset_name']);
$client_id = intval($row['asset_client_id']);
enforceClientAccess();
mysqli_query($mysqli,"DELETE FROM assets WHERE asset_id = $asset_id");
logAction("Asset", "Delete", "$session_name deleted asset $asset_name", $client_id, $asset_id);
@@ -715,6 +753,8 @@ if (isset($_POST['link_software_to_asset'])) {
$software_name = sanitizeInput($row['software_name']);
$client_id = intval($row['software_client_id']);
enforceClientAccess();
// Get Asset Name for logging
$asset_name = sanitizeInput(getFieldById('assets', $asset_id, 'asset_name'));
@@ -743,6 +783,8 @@ if (isset($_GET['unlink_software_from_asset'])) {
$software_name = sanitizeInput($row['software_name']);
$client_id = intval($row['software_client_id']);
enforceClientAccess();
// Get Asset Name for logging
$asset_name = sanitizeInput(getFieldById('assets', $asset_id, 'asset_name'));
@@ -772,6 +814,8 @@ if (isset($_POST['link_asset_to_credential'])) {
$credential_name = sanitizeInput($row['credential_name']);
$client_id = intval($row['credential_client_id']);
enforceClientAccess();
// Get Asset Name for logging
$asset_name = sanitizeInput(getFieldById('assets', $asset_id, 'asset_name'));
@@ -800,6 +844,8 @@ if (isset($_GET['unlink_credential_from_asset'])) {
$credential_name = sanitizeInput($row['credential_name']);
$client_id = intval($row['credential_client_id']);
enforceClientAccess();
// Get Asset Name for logging
$asset_name = sanitizeInput(getFieldById('assets', $asset_id, 'asset_name'));
@@ -828,6 +874,8 @@ if (isset($_POST['link_service_to_asset'])) {
$service_name = sanitizeInput($row['service_name']);
$client_id = intval($row['service_client_id']);
enforceClientAccess();
// Get Asset Name for logging
$asset_name = sanitizeInput(getFieldById('assets', $asset_id, 'asset_name'));
@@ -856,6 +904,8 @@ if (isset($_GET['unlink_service_from_asset'])) {
$service_name = sanitizeInput($row['service_name']);
$client_id = intval($row['service_client_id']);
enforceClientAccess();
// Get Asset Name for logging
$asset_name = sanitizeInput(getFieldById('assets', $asset_id, 'asset_name'));
@@ -884,6 +934,8 @@ if (isset($_POST['link_asset_to_file'])) {
$file_name = sanitizeInput($row['file_name']);
$client_id = intval($row['file_client_id']);
enforceClientAccess();
// Get Asset Name for logging
$asset_name = sanitizeInput(getFieldById('assets', $asset_id, 'asset_name'));
@@ -913,6 +965,8 @@ if (isset($_GET['unlink_asset_from_file'])) {
$file_name = sanitizeInput($row['file_name']);
$client_id = intval($row['file_client_id']);
enforceClientAccess();
// Get Asset Name for logging
$asset_name = sanitizeInput(getFieldById('assets', $asset_id, 'asset_name'));
@@ -936,6 +990,9 @@ if (isset($_POST["import_assets_csv"])) {
enforceUserPermission('module_support', 2);
$client_id = intval($_POST['client_id']);
enforceClientAccess();
$file_name = $_FILES["file"]["tmp_name"];
$error = false;
@@ -1149,7 +1206,7 @@ if (isset($_POST['export_assets_csv'])) {
}
// Get records from database
$sql = mysqli_query($mysqli,"SELECT * FROM assets LEFT JOIN contacts ON asset_contact_id = contact_id LEFT JOIN locations ON asset_location_id = location_id LEFT JOIN asset_interfaces ON interface_asset_id = asset_id AND interface_primary = 1 LEFT JOIN clients ON asset_client_id = client_id WHERE asset_archived_at IS NULL $client_query ORDER BY asset_name ASC");
$sql = mysqli_query($mysqli,"SELECT * FROM assets LEFT JOIN contacts ON asset_contact_id = contact_id LEFT JOIN locations ON asset_location_id = location_id LEFT JOIN asset_interfaces ON interface_asset_id = asset_id AND interface_primary = 1 LEFT JOIN clients ON asset_client_id = client_id WHERE asset_archived_at IS NULL $client_query $access_permission_query ORDER BY asset_name ASC");
$num_rows = mysqli_num_rows($sql);
if ($num_rows > 0) {
@@ -1213,6 +1270,8 @@ if (isset($_POST['add_asset_interface'])) {
$asset_name = sanitizeInput($row['asset_name']);
$client_id = intval($row['asset_client_id']);
enforceClientAccess();
// 4) Insert new interface into asset_interfaces (using SET syntax)
$sql_insert = "
INSERT INTO asset_interfaces SET
@@ -1282,6 +1341,8 @@ if (isset($_POST['add_asset_multiple_interfaces'])) {
$asset_name = sanitizeInput($row['asset_name']);
$client_id = intval($row['asset_client_id']);
enforceClientAccess();
for ($interface_number = $interface_start; $interface_number < $interface_start + $interfaces; $interface_number++) {
// Format $interface_number as a 2-digit number
@@ -1331,6 +1392,8 @@ if (isset($_POST['edit_asset_interface'])) {
$asset_name= sanitizeInput($row['asset_name']);
$client_id = intval($row['asset_client_id']);
enforceClientAccess();
// 2) Update the interface details in asset_interfaces
$sql_update = "
UPDATE asset_interfaces SET
@@ -1408,6 +1471,8 @@ if (isset($_GET['delete_asset_interface'])) {
$asset_name = sanitizeInput($row['asset_name']);
$client_id = intval($row['asset_client_id']);
enforceClientAccess();
// 2) Delete the interface this cascadingly delete asset_interface_links
mysqli_query($mysqli, "
DELETE FROM asset_interfaces
@@ -1458,6 +1523,8 @@ if (isset($_POST['bulk_edit_asset_interface_type'])) {
$asset_name= sanitizeInput($row['asset_name']);
$client_id = intval($row['asset_client_id']);
enforceClientAccess();
// Update inteface type
mysqli_query($mysqli,"UPDATE asset_interfaces SET interface_type = '$type' WHERE interface_id = $interface_id");
@@ -1505,6 +1572,8 @@ if (isset($_POST['bulk_edit_asset_interface_network'])) {
$asset_name= sanitizeInput($row['asset_name']);
$client_id = intval($row['asset_client_id']);
enforceClientAccess();
// Update inteface type
mysqli_query($mysqli,"UPDATE asset_interfaces SET interface_network_id = $network_id WHERE interface_id = $interface_id");
@@ -1546,6 +1615,8 @@ if (isset($_POST['bulk_edit_asset_interface_ip_dhcp'])) {
$asset_name= sanitizeInput($row['asset_name']);
$client_id = intval($row['asset_client_id']);
enforceClientAccess();
// Update inteface type
mysqli_query($mysqli,"UPDATE asset_interfaces SET interface_ip = 'DHCP' WHERE interface_id = $interface_id");
@@ -1589,6 +1660,8 @@ if (isset($_POST['bulk_delete_asset_interfaces'])) {
$asset_name = sanitizeInput($row['asset_name']);
$client_id = intval($row['asset_client_id']);
enforceClientAccess();
mysqli_query($mysqli, "DELETE FROM asset_interfaces WHERE interface_id = $interface_id");
logAction("Asset Interface", "Delete", "$session_name deleted interface $interface_name from asset $asset_name", $client_id, $asset_id);
@@ -1618,6 +1691,8 @@ if (isset($_POST["import_client_asset_interfaces_csv"])) {
$client_id = intval($row['asset_client_id']);
$asset_name = sanitizeInput($row['asset_name']);
enforceClientAccess();
$error = false;
if (!empty($_FILES["file"]["tmp_name"])) {
@@ -1764,6 +1839,10 @@ if (isset($_POST['export_client_asset_interfaces_csv'])) {
$asset_id = intval($_POST['asset_id']);
$client_id = intval(getFieldById('assets', $asset_id, 'asset_client_id'));
enforceClientAccess();
//get records from database
$sql = mysqli_query($mysqli,"SELECT * FROM asset_interfaces LEFT JOIN assets ON asset_id = interface_asset_id LEFT JOIN networks ON interface_network_id = network_id LEFT JOIN clients ON asset_client_id = client_id WHERE asset_id = $asset_id AND interface_archived_at IS NULL ORDER BY interface_name ASC");
$row = mysqli_fetch_assoc($sql);