AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-02-28 19:04:52 +00:00
Code Issues Packages Projects Releases Wiki Activity

Small permissions fix for client-specific access

Browse Source
This commit is contained in:
Marcus Hill
2025-02-22 17:59:24 +00:00
parent 2a974c28b0
commit 8eea19d03d
5 changed files with 43 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
invoices.php
View File

@@ -17,6 +17,10 @@ if (isset($_GET['client_id'])) {
// Perms
enforceUserPermission('module_sales');
$invoice_permission_snippet = '';
if (!empty($client_access_string)) {
$invoice_permission_snippet = "AND invoice_client_id IN ($client_access_string)";
}
$row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT COUNT('invoice_id') AS num FROM invoices WHERE invoice_status = 'Sent' $client_query"));
$sent_count = $row['num'];
@@ -94,6 +98,7 @@ $sql = mysqli_query(
$overdue_query
AND DATE(invoice_date) BETWEEN '$dtf' AND '$dtt'
AND (CONCAT(invoice_prefix,invoice_number) LIKE '%$q%' OR invoice_scope LIKE '%$q%' OR client_name LIKE '%$q%' OR invoice_status LIKE '%$q%' OR invoice_amount LIKE '%$q%' OR category_name LIKE '%$q%')
$invoice_permission_snippet
$client_query
ORDER BY $sort $order LIMIT $record_from, $record_to"
);