AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-03-11 16:24:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

Racks: remove client_id post from edit rack and add rack device modal as it should get the client_id in post, enforceClientAccess

Browse Source
This commit is contained in:
johnnyq
2026-03-06 16:43:56 -05:00
parent 7d41782013
commit a252ff717e
5 changed files with 38 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
agent/post/rack.php
View File

@@ -23,6 +23,8 @@ if (isset($_POST['add_rack'])) {
$location = intval($_POST['location']);
$notes = sanitizeInput($_POST['notes']);
enforceClientAccess();
mysqli_query($mysqli,"INSERT INTO racks SET rack_name = '$name', rack_description = '$description', rack_type = '$type', rack_model = '$model', rack_depth = '$depth', rack_units = $units, rack_location_id = $location, rack_physical_location = '$physical_location', rack_notes = '$notes', rack_client_id = $client_id");
$rack_id = mysqli_insert_id($mysqli);
@@ -58,7 +60,6 @@ if (isset($_POST['edit_rack'])) {
enforceUserPermission('module_support', 2);
$rack_id = intval($_POST['rack_id']);
$client_id = intval($_POST['client_id']);
$name = sanitizeInput($_POST['name']);
$description = sanitizeInput($_POST['description']);
$type = sanitizeInput($_POST['type']);
@@ -69,6 +70,10 @@ if (isset($_POST['edit_rack'])) {
$location = intval($_POST['location']);
$notes = sanitizeInput($_POST['notes']);
$client_id = intval(getFieldById('racks', $rack_id, 'rack_client_id'));
enforceClientAccess();
mysqli_query($mysqli,"UPDATE racks SET rack_name = '$name', rack_description = '$description', rack_type = '$type', rack_model = '$model', rack_depth = '$depth', rack_units = $units, rack_location_id = $location, rack_physical_location = '$physical_location', rack_notes = '$notes' WHERE rack_id = $rack_id");
// Add Photo
@@ -103,6 +108,8 @@ if (isset($_GET['archive_rack'])) {
$rack_id = intval($_GET['archive_rack']);
enforceClientAccess();
// Get Name and Client ID for logging and alert message
$sql = mysqli_query($mysqli,"SELECT rack_name, rack_client_id FROM racks WHERE rack_id = $rack_id");
$row = mysqli_fetch_assoc($sql);
@@ -133,6 +140,8 @@ if (isset($_GET['restore_rack'])) {
$rack_name = sanitizeInput($row['rack_name']);
$client_id = intval($row['rack_client_id']);
enforceClientAccess();
mysqli_query($mysqli,"UPDATE racks SET rack_archived_at = NULL WHERE rack_id = $rack_id");
logAction("Rack", "Restore", "$session_name restored rack $rack_name", $client_id, $rack_id);
@@ -158,6 +167,8 @@ if (isset($_GET['delete_rack'])) {
$rack_photo = sanitizeInput($row['rack_photo']);
$client_id = intval($row['rack_client_id']);
enforceClientAccess();
mysqli_query($mysqli,"DELETE FROM racks WHERE rack_id = $rack_id");
// Delete Photo if exists
@@ -179,7 +190,6 @@ if (isset($_POST['add_rack_unit'])) {
enforceUserPermission('module_support', 2);
$client_id = intval($_POST['client_id']);
$rack_id = intval($_POST['rack_id']);
$name = sanitizeInput($_POST['name']);
$unit_start = intval($_POST['unit_start']);
@@ -192,6 +202,8 @@ if (isset($_POST['add_rack_unit'])) {
$rack_name = sanitizeInput($row['rack_name']);
$client_id = intval($row['rack_client_id']);
enforceClientAccess();
// **New Validation Check**
if ($unit_start > $unit_end) {
flash_alert("Unit Start number cannot be higher than Unit End number.", 'error');
@@ -227,7 +239,6 @@ if (isset($_POST['edit_rack_unit'])) {
enforceUserPermission('module_support', 2);
$unit_id = intval($_POST['unit_id']);
$client_id = intval($_POST['client_id']);
$rack_id = intval($_POST['rack_id']);
$name = sanitizeInput($_POST['name']);
$unit_start = intval($_POST['unit_start']);
@@ -240,6 +251,8 @@ if (isset($_POST['edit_rack_unit'])) {
$rack_name = sanitizeInput($row['rack_name']);
$client_id = intval($row['rack_client_id']);
enforceClientAccess();
mysqli_query($mysqli,"UPDATE rack_units SET unit_device = '$name', unit_asset_id = $asset, unit_start_number = $unit_start, unit_end_number = $unit_end WHERE unit_id = $unit_id");
logAction("Rack", "Edit", "$session_name edited device $name in rack $rack_name", $client_id, $rack_id);
@@ -266,6 +279,8 @@ if (isset($_GET['remove_rack_unit'])) {
$client_id = intval($row['rack_client_id']);
$rack_id = intval($row['rack_id']);
enforceClientAccess();
mysqli_query($mysqli,"DELETE FROM rack_units WHERE unit_id = $unit_id");
logAction("Rack", "Edit", "$session_name removed device $device_name from rack $rack_name", $client_id, $rack_id);