AS1024
/
itflow
mirror of https://github.com/itflow-org/itflow
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #411 from wrongecho/perms 

Role-based access permissions
This commit is contained in:
Johnny 2022-03-27 14:44:29 -04:00 committed by GitHub
parent f4d25a79b6 c3fadfab3b
commit 974cac0e86
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
19 changed files with 799 additions and 91 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
client.php
View File

@ -235,7 +235,7 @@ $location_phone = formatPhoneNumber($location_phone);
}
?>
</div>
<?php if($session_user_role == 1 OR $session_user_role > 2){ ?>
<?php if($session_user_role == 1 OR $session_user_role == 3){ ?>
<div class="col-md-3 border-left">
<h4 class="text-secondary">Billing</h4>
<h6 class="ml-1 text-secondary">Paid <div class="text-dark float-right"> <?php echo numfmt_format_currency($currency_format, $amount_paid, $client_currency_code); ?></div></h6>
@ -248,20 +248,22 @@ $location_phone = formatPhoneNumber($location_phone);
<h6 class="ml-1 text-secondary">Open Tickets <div class="text-dark float-right"><?php echo $num_active_tickets; ?></div></h6>
</div>
<div class="col-md-1 border-left">
<div class="dropdown dropleft text-center">
<button class="btn btn-dark btn-sm float-right" type="button" data-toggle="dropdown">
<i class="fas fa-fw fa-ellipsis-v"></i>
</button>
<div class="dropdown-menu">
<a class="dropdown-item" href="client_print.php?client_id=<?php echo $client_id; ?>">Print</a>
<a class="dropdown-item" href="post.php?export_client_pdf=<?php echo $client_id; ?>" target="_blank">Export PDF<br><small class="text-secondary">(without passwords)</small></a>
<a class="dropdown-item" href="post.php?export_client_pdf=<?php echo $client_id; ?>&passwords" target="_blank">Export PDF<br><small class="text-secondary">(with passwords)</small></a>
<div class="dropdown-divider"></div>
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#editClientModal<?php echo $client_id; ?>">Edit</a>
<div class="dropdown-divider"></div>
<a class="dropdown-item text-danger" href="#" data-toggle="modal" data-target="#deleteClientModal<?php echo $client_id; ?>">Delete</a>
<?php if($session_user_role == 3) { ?>
<div class="dropdown dropleft text-center">
<button class="btn btn-dark btn-sm float-right" type="button" data-toggle="dropdown">
<i class="fas fa-fw fa-ellipsis-v"></i>
</button>
<div class="dropdown-menu">
<a class="dropdown-item" href="client_print.php?client_id=<?php echo $client_id; ?>">Print</a>
<a class="dropdown-item" href="post.php?export_client_pdf=<?php echo $client_id; ?>" target="_blank">Export PDF<br><small class="text-secondary">(without passwords)</small></a>
<a class="dropdown-item" href="post.php?export_client_pdf=<?php echo $client_id; ?>&passwords" target="_blank">Export PDF<br><small class="text-secondary">(with passwords)</small></a>
<div class="dropdown-divider"></div>
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#editClientModal<?php echo $client_id; ?>">Edit</a>
<div class="dropdown-divider"></div>
<a class="dropdown-item text-danger" href="#" data-toggle="modal" data-target="#deleteClientModal<?php echo $client_id; ?>">Delete</a>
</div>
</div>
</div>
<?php } ?>
</div>
</div>
</div>

8
client_assets.php
View File

@ -346,10 +346,12 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#editAssetModal<?php echo $asset_id; ?>">Edit</a>
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#copyAssetModal<?php echo $asset_id; ?>">Copy</a>
<?php if($ticket_count > 0){ ?>
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#assetTicketsModal<?php echo $asset_id; ?>">Tickets (<?php echo $ticket_count; ?>)</a>
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#assetTicketsModal<?php echo $asset_id; ?>">Tickets (<?php echo $ticket_count; ?>)</a>
<?php } ?>
<?php if($session_user_role == 3) { ?>
<div class="dropdown-divider"></div>
<a class="dropdown-item text-danger" href="post.php?delete_asset=<?php echo $asset_id; ?>">Delete</a>
<?php } ?>
<div class="dropdown-divider"></div>
<a class="dropdown-item text-danger" href="post.php?delete_asset=<?php echo $asset_id; ?>">Delete</a>
</div>
</div>
</td>

6
client_certificates.php
View File

@ -112,8 +112,10 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
</button>
<div class="dropdown-menu">
<a class="dropdown-item" href="#" data-toggle="modal" onclick="populateCertificateEditModal(<?php echo $client_id, ",", $certificate_id ?>)" data-target="#editCertificateModal">Edit</a>
<div class="dropdown-divider"></div>
<a class="dropdown-item text-danger" href="post.php?delete_certificate=<?php echo $certificate_id; ?>">Delete</a>
<?php if($session_user_role == 3) { ?>
<div class="dropdown-divider"></div>
<a class="dropdown-item text-danger" href="post.php?delete_certificate=<?php echo $certificate_id; ?>">Delete</a>
<?php } ?>
</div>
</div>
</td>

10
client_contacts.php
View File

@ -219,10 +219,12 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
<div class="dropdown-menu">
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#contactDetailsModal<?php echo $contact_id; ?>">View Details</a>
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#editContactModal<?php echo $contact_id; ?>">Edit</a>
<div class="dropdown-divider"></div>
<a class="dropdown-item text-danger" href="post.php?archive_contact=<?php echo $contact_id; ?>">Archive</a>
<div class="dropdown-divider"></div>
<a class="dropdown-item text-danger text-bold" href="post.php?delete_contact=<?php echo $contact_id; ?>">Delete</a>
<?php if($session_user_role == 3) { ?>
<div class="dropdown-divider"></div>
<a class="dropdown-item text-danger" href="post.php?archive_contact=<?php echo $contact_id; ?>">Archive</a>
<div class="dropdown-divider"></div>
<a class="dropdown-item text-danger text-bold" href="post.php?delete_contact=<?php echo $contact_id; ?>">Delete</a>
<?php } ?>
</div>
</div>
</td>

6
client_documents.php
View File

@ -179,8 +179,10 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
<div class="dropdown-menu">
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#editDocumentModal<?php echo $document_id; ?>">Edit</a>
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#shareModal" onclick="populateShareModal(<?php echo "$client_id, 'Document', $document_id"; ?>)">Share</a>
<div class="dropdown-divider"></div>
<a class="dropdown-item text-danger" href="post.php?delete_document=<?php echo $document_id; ?>">Delete</a>
<?php if($session_user_role == 3) { ?>
<div class="dropdown-divider"></div>
<a class="dropdown-item text-danger" href="post.php?delete_document=<?php echo $document_id; ?>">Delete</a>
<?php } ?>
</div>
</div>
<?php include("client_document_view_modal.php"); ?>

6
client_domains.php
View File

@ -124,8 +124,10 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
</button>
<div class="dropdown-menu">
<a class="dropdown-item" href="#" data-toggle="modal" onclick="populateDomainEditModal(<?php echo $client_id, ",", $domain_id ?>)" data-target="#editDomainModal">Edit</a>
<div class="dropdown-divider"></div>
<a class="dropdown-item text-danger" href="post.php?delete_domain=<?php echo $domain_id; ?>">Delete</a>
<?php if($session_user_role == 3) { ?>
<div class="dropdown-divider"></div>
<a class="dropdown-item text-danger" href="post.php?delete_domain=<?php echo $domain_id; ?>">Delete</a>
<?php } ?>
</div>
</div>
</td>

4
client_logins.php
View File

@ -148,8 +148,10 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
<div class="dropdown-menu">
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#editLoginModal<?php echo $login_id; ?>">Edit</a>
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#shareModal" onclick="populateShareModal(<?php echo "$client_id, 'Login', $login_id"; ?>)">Share</a>
<?php if($session_user_role == 3) { ?>
<div class="dropdown-divider"></div>
<a class="dropdown-item text-danger" href="post.php?delete_login=<?php echo $login_id; ?>">Delete</a>
<a class="dropdown-item text-danger" href="post.php?delete_login=<?php echo $login_id; ?>">Delete</a>
<?php } ?>
</div>
</div>
</td>

6
client_networks.php
View File

@ -138,8 +138,10 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
</button>
<div class="dropdown-menu">
<a class="dropdown-item" href="#" data-toggle="modal" onclick="populateNetworkEditModal(<?php echo $client_id, ",", $network_id ?>)" data-target="#editNetworkModal">Edit</a>
<div class="dropdown-divider"></div>
<a class="dropdown-item text-danger" href="post.php?delete_network=<?php echo $network_id; ?>">Delete</a>
<?php if($session_user_role == 3) { ?>
<div class="dropdown-divider"></div>
<a class="dropdown-item text-danger" href="post.php?delete_network=<?php echo $network_id; ?>">Delete</a>
<?php } ?>
</div>
</div>
</td>

62
client_routes.php
View File

@ -14,58 +14,90 @@ if(isset($_GET['tab'])){
include("client_departments.php");
}
elseif($_GET['tab'] == "assets"){
include("client_assets.php");
if($session_user_role > 1) {
include("client_assets.php");
}
}
elseif($_GET['tab'] == "workstations"){
include("client_assets_workstations.php");
if($session_user_role > 1) {
include("client_assets_workstations.php");
}
}
elseif($_GET['tab'] == "tickets"){
include("client_tickets.php");
if($session_user_role > 1) {
include("client_tickets.php");
}
}
elseif($_GET['tab'] == "vendors"){
include("client_vendors.php");
}
elseif($_GET['tab'] == "logins"){
include("client_logins.php");
if($session_user_role > 1) {
include("client_logins.php");
}
}
elseif($_GET['tab'] == "networks"){
include("client_networks.php");
if($session_user_role > 1) {
include("client_networks.php");
}
}
elseif($_GET['tab'] == "domains"){
include("client_domains.php");
if($session_user_role > 1) {
include("client_domains.php");
}
}
elseif($_GET['tab'] == "certificates"){
include("client_certificates.php");
if($session_user_role > 1) {
include("client_certificates.php");
}
}
elseif($_GET['tab'] == "software"){
include("client_software.php");
if($session_user_role > 1) {
include("client_software.php");
}
}
elseif($_GET['tab'] == "invoices"){
include("client_invoices.php");
if($session_user_role == 1 OR $session_user_role == 3) {
include("client_invoices.php");
}
}
elseif($_GET['tab'] == "recurring_invoices"){
include("client_recurring_invoices.php");
if($session_user_role == 1 OR $session_user_role == 3) {
include("client_recurring_invoices.php");
}
}
elseif($_GET['tab'] == "payments"){
include("client_payments.php");
if($session_user_role == 1 OR $session_user_role == 3) {
include("client_payments.php");
}
}
elseif($_GET['tab'] == "quotes"){
include("client_quotes.php");
if($session_user_role == 1 OR $session_user_role == 3) {
include("client_quotes.php");
}
}
elseif($_GET['tab'] == "trips"){
include("client_trips.php");
if($session_user_role == 1 OR $session_user_role == 3) {
include("client_trips.php");
}
}
elseif($_GET['tab'] == "events"){
include("client_events.php");
}
elseif($_GET['tab'] == "files"){
include("client_files.php");
if($session_user_role > 1) {
include("client_files.php");
}
}
elseif($_GET['tab'] == "documents"){
include("client_documents.php");
if($session_user_role > 1) {
include("client_documents.php");
}
}
elseif($_GET['tab'] == "services"){
if($session_user_role > 1) {
include("client_services.php");
}
}
elseif($_GET['tab'] == "logs"){
include("client_logs.php");

6
client_services.php
View File

@ -91,8 +91,10 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
</button>
<div class="dropdown-menu">
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#editServiceModal<?php echo $service_id; ?>">Edit</a>
<div class="dropdown-divider"></div>
<a class="dropdown-item text-danger" href="post.php?delete_service=<?php echo $service_id; ?>">Delete</a>
<?php if($session_user_role == 3) { ?>
<div class="dropdown-divider"></div>
<a class="dropdown-item text-danger" href="post.php?delete_service=<?php echo $service_id; ?>">Delete</a>
<?php } ?>
</div>
</div>
</td>

6
client_software.php
View File

@ -186,8 +186,10 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
</button>
<div class="dropdown-menu">
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#editSoftwareModal<?php echo $software_id; ?>">Edit</a>
<div class="dropdown-divider"></div>
<a class="dropdown-item text-danger" href="post.php?delete_software=<?php echo $software_id; ?>">Delete</a>
<?php if($session_user_role == 3) { ?>
<div class="dropdown-divider"></div>
<a class="dropdown-item text-danger" href="post.php?delete_software=<?php echo $software_id; ?>">Delete</a>
<?php } ?>
</div>
</div>
</td>

6
client_tickets.php
View File

@ -191,8 +191,10 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
</button>
<div class="dropdown-menu">
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#editTicketModal<?php echo $ticket_id; ?>">Edit</a>
<div class="dropdown-divider"></div>
<a class="dropdown-item text-danger" href="post.php?delete_ticket=<?php echo $ticket_id; ?>">Delete</a>
<?php if($session_user_role == 3) { ?>
<div class="dropdown-divider"></div>
<a class="dropdown-item text-danger" href="post.php?delete_ticket=<?php echo $ticket_id; ?>">Delete</a>
<?php } ?>
</div>
</div>
<?php } ?>

6
client_vendors.php
View File

@ -175,8 +175,10 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
</button>
<div class="dropdown-menu">
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#editVendorModal<?php echo $vendor_id; ?>">Edit</a>
<div class="dropdown-divider"></div>
<a class="dropdown-item text-danger" href="post.php?delete_vendor=<?php echo $vendor_id; ?>">Delete</a>
<?php if($session_user_role == 3) { ?>
<div class="dropdown-divider"></div>
<a class="dropdown-item text-danger" href="post.php?delete_vendor=<?php echo $vendor_id; ?>">Delete</a>
<?php } ?>
</div>
</div>
</td>

48
clients.php
View File

@ -107,7 +107,9 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
<div class="card-header py-2">
<h3 class="card-title mt-2"><i class="fa fa-fw fa-users"></i> Clients</h3>
<div class="card-tools">
<button type="button" class="btn btn-primary" data-toggle="modal" data-target="#addClientModal"><i class="fas fa-fw fa-plus"></i> New Client</button>
<?php if($session_user_role == 3) { ?>
<button type="button" class="btn btn-primary" data-toggle="modal" data-target="#addClientModal"><i class="fas fa-fw fa-plus"></i> New Client</button>
<?php } ?>
</div>
</div>
@ -165,8 +167,8 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
<th><a class="text-dark" href="?<?php echo $url_query_strings_sortby; ?>&sortby=client_name&order=<?php echo $order_display; ?>">Name</a></th>
<th><a class="text-dark" href="?<?php echo $url_query_strings_sortby; ?>&sortby=location_city&order=<?php echo $order_display; ?>">Address </a></th>
<th><a class="text-dark" href="?<?php echo $url_query_strings_sortby; ?>&sortby=contact_name&order=<?php echo $order_display; ?>">Contact</a></th>
<th class="text-right">Billing</th>
<th class="text-center">Action</th>
<?php if($session_user_role == 3 OR $session_user_role == 1) { ?> <th class="text-right">Billing</th> <?php } ?>
<?php if($session_user_role == 3) { ?> <th class="text-center">Action</th> <?php } ?>
</tr>
</thead>
<tbody>
@ -306,23 +308,31 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
}
?>
</td>
<td class="text-right">
<span class="text-secondary">Balance</span> <span class="<?php echo $balance_text_color; ?>"><?php echo numfmt_format_currency($currency_format, $balance, $session_company_currency); ?></span>
<br>
<span class="text-secondary">Paid</span> <?php echo numfmt_format_currency($currency_format, $amount_paid, $session_company_currency); ?>
</td>
<td>
<div class="dropdown dropleft text-center">
<button class="btn btn-secondary btn-sm" type="button" data-toggle="dropdown">
<i class="fas fa-ellipsis-h"></i>
</button>
<div class="dropdown-menu">
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#editClientModal<?php echo $client_id; ?>">Edit</a>
<div class="dropdown-divider"></div>
<a class="dropdown-item text-danger" href="#" data-toggle="modal" data-target="#deleteClientModal<?php echo $client_id; ?>">Delete</a>
<!-- Show Billing for Admin/Accountant roles only -->
<?php if($session_user_role == 3 OR $session_user_role == 1) { ?>
<td class="text-right">
<span class="text-secondary">Balance</span> <span class="<?php echo $balance_text_color; ?>"><?php echo numfmt_format_currency($currency_format, $balance, $session_company_currency); ?></span>
<br>
<span class="text-secondary">Paid</span> <?php echo numfmt_format_currency($currency_format, $amount_paid, $session_company_currency); ?>
</td>
<?php } ?>
<!-- Show actions for Admin role only -->
<?php //if($session_user_role == 3) { ?>
<td>
<div class="dropdown dropleft text-center">
<button class="btn btn-secondary btn-sm" type="button" data-toggle="dropdown">
<i class="fas fa-ellipsis-h"></i>
</button>
<div class="dropdown-menu">
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#editClientModal<?php echo $client_id; ?>">Edit</a>
<div class="dropdown-divider"></div>
<a class="dropdown-item text-danger" href="#" data-toggle="modal" data-target="#deleteClientModal<?php echo $client_id; ?>">Delete</a>
</div>
</div>
</div>
</td>
</td>
<?php //} ?>
</tr>
<?php

8
inc_all_admin.php
View File

@ -3,6 +3,14 @@
include("config.php");
include_once("functions.php");
include("check_login.php");
if($session_user_role != 3){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
header("Location: index.php");
exit();
}
include("header.php");
include("top_nav.php");
include("admin_side_nav.php");

648
post.php
View File

File diff suppressed because it is too large Load Diff

4
side_nav.php
View File

@ -74,7 +74,7 @@
</a>
</li>
<?php if($session_user_role > 2){ ?>
<?php if($session_user_role >= 2){ ?>
<li class="nav-header mt-3">SUPPORT</li>
<li class="nav-item">
@ -105,7 +105,7 @@
<?php } ?>
<?php if($session_user_role == 1 OR $session_user_role > 2){ ?>
<?php if($session_user_role == 1 OR $session_user_role == 3){ ?>
<li class="nav-header mt-3">SALES</li>
<li class="nav-item">

12
ticket.php
View File

@ -192,8 +192,10 @@ if(isset($_GET['ticket_id'])){
<div class="dropdown-menu" aria-labelledby="dropdownMenuButton">
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#editTicketModal<?php echo $ticket_id; ?>">Edit</a>
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#mergeTicketModal<?php echo $ticket_id; ?>">Merge</a>
<div class="dropdown-divider"></div>
<a class="dropdown-item text-danger" href="post.php?delete_ticket=<?php echo $ticket_id; ?>">Delete</a>
<?php if($session_user_role == 3) { ?>
<div class="dropdown-divider"></div>
<a class="dropdown-item text-danger" href="post.php?delete_ticket=<?php echo $ticket_id; ?>">Delete</a>
<?php } ?>
</div>
</div>
</div>
@ -327,8 +329,10 @@ if(isset($_GET['ticket_id'])){
</button>
<div class="dropdown-menu">
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#replyEditTicketModal<?php echo $ticket_reply_id; ?>"><i class="fas fa-fw fa-edit text-secondary"></i> Edit</a>
<div class="dropdown-divider"></div>
<a class="dropdown-item text-danger" href="post.php?archive_ticket_reply=<?php echo $ticket_reply_id; ?>"><i class="fas fa-fw fa-trash text-danger"></i> Archive</a>
<?php if($session_user_role == 3) { ?>
<div class="dropdown-divider"></div>
<a class="dropdown-item text-danger" href="post.php?archive_ticket_reply=<?php echo $ticket_reply_id; ?>"><i class="fas fa-fw fa-trash text-danger"></i> Archive</a>
<?php } ?>
</div>
</div>
</div>

8
tickets.php
View File

@ -434,9 +434,11 @@ $user_active_assigned_tickets = $row['total_tickets_assigned'];
<div class="dropdown-menu">
<a class="dropdown-item" href="#" data-toggle="modal"
data-target="#editTicketModal<?php echo $ticket_id; ?>">Edit</a>
<div class="dropdown-divider"></div>
<a class="dropdown-item text-danger"
href="post.php?delete_ticket=<?php echo $ticket_id; ?>">Delete</a>
<?php if($session_user_role == 3) { ?>
<div class="dropdown-divider"></div>
<a class="dropdown-item text-danger"
href="post.php?delete_ticket=<?php echo $ticket_id; ?>">Delete</a>
<?php } ?>
</div>
</div>
<?php } ?>