New Function enforceClientAccess() and added to contact post and client inc all This enforces user client access if set at post and in other places easily

2026-03-11 08:14:52 +00:00 · 2026-03-06 13:05:11 -05:00
parent 30357b9cf7
commit 8fc3dfed1f
5 changed files with 121 additions and 635 deletions
--- a/functions.php
+++ b/functions.php
@@ -1391,6 +1391,64 @@ function enforceUserPermission($module, $check_access_level = 1) {
    }
 }

+function enforceClientAccess($client_id = null) {
+    global $mysqli, $session_user_id, $session_is_admin, $session_name;
+
+    // Use global $client_id if none passed
+    if ($client_id === null) {
+        global $client_id;
+    }
+
+    if ($session_is_admin) {
+        return true;
+    }
+
+    $client_id = (int) $client_id;
+    $session_user_id = (int) $session_user_id;
+
+    if (empty($client_id) || empty($session_user_id)) {
+        flash_alert('Access Denied.', 'error');
+        redirect('clients.php');
+    }
+
+    // Check if this user has any client permissions set
+    $permissions_sql = "SELECT client_id
+                        FROM user_client_permissions
+                        WHERE user_id = $session_user_id
+                        LIMIT 1";
+
+    $permissions_result = mysqli_query($mysqli, $permissions_sql);
+
+    // If no permission rows exist for this user, allow access by default
+    if ($permissions_result && mysqli_num_rows($permissions_result) == 0) {
+        return true;
+    }
+
+    // If permission rows exist, require this client
+    $access_sql = "SELECT client_id
+                   FROM user_client_permissions
+                   WHERE user_id = $session_user_id
+                   AND client_id = $client_id
+                   LIMIT 1";
+
+    $access_result = mysqli_query($mysqli, $access_sql);
+
+    if ($access_result && mysqli_num_rows($access_result) > 0) {
+        return true;
+    }
+
+    logAction(
+        'Client',
+        'Access',
+        "$session_name was denied permission from accessing client",
+        $client_id,
+        $client_id
+    );
+
+    flash_alert('Access Denied - You do not have permission to access that client!', 'error');
+    redirect('clients.php');
+}
+
 // TODO: Probably remove this
 function enforceAdminPermission() {
    global $session_is_admin;