AS1024
/
itflow
mirror of https://github.com/itflow-org/itflow
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Added Company Select Option on top of side Nav Added Client ACL Modal in users, hide side bar elements based off user permission level, if IT Contract level list only clients in users Client ACL

This commit is contained in:
johnny@pittpc.com 2021-02-02 17:09:31 -05:00
parent 9471fdee5d
commit bb46c93790
9 changed files with 172 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
blank.php
View File

@ -13,4 +13,12 @@
<hr>
<p>This is a great starting point for new custom pages.</p>
<?php
echo "$session_permission_companies";
print_r($session_permission_companies_array);
?>
<?php include("footer.php"); ?>

27
check_login.php
View File

@ -13,10 +13,7 @@
$session_user_id = $_SESSION['user_id'];
$sql = mysqli_query($mysqli,"SELECT * FROM users, companies, permissions
WHERE permissions.permission_default_company = companies.company_id
AND users.user_id = $session_user_id"
);
$sql = mysqli_query($mysqli,"SELECT * FROM users, permissions WHERE users.user_id = permissions.user_id AND users.user_id = $session_user_id");
$row = mysqli_fetch_array($sql);
$session_name = $row['name'];
@ -25,13 +22,31 @@
if(empty($session_avatar)){
$session_avatar = "dist/img/noone.png";
}
$session_company_id = $row['company_id'];
$session_company_name = $row['company_name'];
$session_company_id = $row['permission_default_company'];
$session_token = $row['token'];
$session_permission_level = $row['permission_level'];
if($session_permission_level == 5){
$session_permission_level_display = "Global Administrator";
}elseif($session_permission_level == 4){
$session_permission_level_display = "Administrator";
}elseif($session_permission_level == 3){
$session_permission_level_display = "Technician";
}elseif($session_permission_level == 2){
$session_permission_level_display = "IT Contractor";
}else{
$session_permission_level_display = "Accounting";
}
$session_permission_companies_array = explode(",",$row['permission_companies']);
$session_permission_companies = $row['permission_companies'];
$session_permission_clients_array = explode(",",$row['permission_clients']);
$session_permission_clients = $row['permission_clients'];
$sql = mysqli_query($mysqli,"SELECT * FROM companies WHERE company_id = $session_company_id");
$row = mysqli_fetch_array($sql);
$session_company_name = $row['company_name'];
include("get_settings.php");
//Detects if using an apple device and uses apple maps instead of google

13
clients.php
View File

@ -1,5 +1,10 @@
<?php include("header.php");
//Permission check
if($session_permission_level == 2){
$permission_sql = "AND client_id IN ($session_permission_clients)";
}
//Rebuild URL
//$url_query_strings_sb = http_build_query(array_merge($_GET,array('sb' => $sb, 'o' => $o)));
@ -56,7 +61,7 @@ if(!empty($_GET['dtf'])){
$url_query_strings_sb = http_build_query(array_merge($_GET,array('sb' => $sb, 'o' => $o)));
$sql = mysqli_query($mysqli,"SELECT SQL_CALC_FOUND_ROWS * FROM clients WHERE (client_name LIKE '%$q%' OR client_type LIKE '%$q%' OR client_email LIKE '%$q%' OR client_contact LIKE '%$q%' OR client_phone LIKE '%$q%' OR client_mobile LIKE '%$q%' OR client_address LIKE '%$q%' OR client_city LIKE '%$q%' OR client_state LIKE '%$q%' OR client_zip LIKE '%$q%') AND DATE(client_created_at) BETWEEN '$dtf' AND '$dtt' AND company_id = $session_company_id ORDER BY $sb $o LIMIT $record_from, $record_to");
$sql = mysqli_query($mysqli,"SELECT SQL_CALC_FOUND_ROWS * FROM clients WHERE (client_name LIKE '%$q%' OR client_type LIKE '%$q%' OR client_email LIKE '%$q%' OR client_contact LIKE '%$q%' OR client_phone LIKE '%$q%' OR client_mobile LIKE '%$q%' OR client_address LIKE '%$q%' OR client_city LIKE '%$q%' OR client_state LIKE '%$q%' OR client_zip LIKE '%$q%') AND DATE(client_created_at) BETWEEN '$dtf' AND '$dtt' AND company_id = $session_company_id $permission_sql ORDER BY $sb $o LIMIT $record_from, $record_to");
$num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
@ -157,8 +162,8 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
$balance_text_color = "text-danger font-weight-bold";
}else{
$balance_text_color = "";
}
}
?>
<tr>
<td>
@ -221,7 +226,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
</tr>
<?php
}
?>

23
post.php
View File

@ -122,6 +122,25 @@ if(isset($_POST['edit_user_companies'])){
}
if(isset($_POST['edit_user_clients'])){
$user_id = intval($_POST['user_id']);
$clients = $_POST['clients'];
//Turn the Array into a string with , seperation
$clients_imploded = implode(",",$clients);
mysqli_query($mysqli,"UPDATE permissions SET permission_clients = '$clients_imploded' WHERE user_id = $user_id");
//logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'User', log_action = 'Modified', log_description = '$name', log_created_at = NOW()");
$_SESSION['alert_message'] = "Client <strong>$client_imploded</strong> added to user $user_id!";
header("Location: users.php");
}
if(isset($_GET['delete_user'])){
$user_id = intval($_GET['delete_user']);
@ -167,7 +186,7 @@ if(isset($_POST['add_company'])){
mysqli_query($mysqli,"INSERT INTO settings SET company_id = $company_id, config_company_name = '$name', config_company_country = '$country', config_company_address = '$address', config_company_city = '$city', config_company_state = '$state', config_company_zip = '$zip', config_company_phone = '$phone', config_company_site = '$site', config_invoice_prefix = 'INV-', config_invoice_next_number = 1, config_invoice_overdue_reminders = '1,3,7', config_quote_prefix = 'QUO-', config_quote_next_number = 1, config_api_key = '$config_api_key', config_recurring_auto_send_invoice = 1, config_default_net_terms = 7, config_records_per_page = 10, config_send_invoice_reminders = 0, config_enable_cron = 0, config_ticket_next_number = 1");
//logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Company', log_action = 'Created', log_description = '$name', log_created_at = NOW()");
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Company', log_action = 'Create', log_description = '$name', log_created_at = NOW()");
$_SESSION['alert_message'] = "Company <strong>$name</strong> created!";
@ -765,7 +784,7 @@ if(isset($_POST['add_ticket'])){
mysqli_query($mysqli,"INSERT INTO tickets SET ticket_number = $ticket_number, ticket_subject = '$subject', ticket_details = '$details', ticket_priority = '$priority', ticket_status = 'Open', ticket_created_at = NOW(), ticket_created_by = $session_user_id, client_id = $client_id, company_id = $session_company_id");
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Ticket', log_action = 'Created', log_description = '$subject', log_created_at = NOW(), client_id = $client_id, company_id = $session_company_id, user_id = $session_user_id");
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Ticket', log_action = 'Create', log_description = '$subject', log_created_at = NOW(), client_id = $client_id, company_id = $session_company_id, user_id = $session_user_id");
$_SESSION['alert_message'] = "Ticket created";

44
side_nav.php
View File

@ -5,7 +5,35 @@
<div class="sidebar">
<!-- Sidebar Menu -->
<nav class="mt-2">
<nav class="mt-3">
<div class="dropdown mb-4 ml-3">
<a class="" href="#" data-toggle="dropdown">
<h3><?php echo $session_company_name; ?> <small><i class="fa fa-caret-down"></i></small></h3>
</a>
<ul class="dropdown-menu">
<?php
$sql = mysqli_query($mysqli,"SELECT * FROM companies WHERE company_id IN ($session_permission_companies)");
while($row = mysqli_fetch_array($sql)){
$company_id = $row['company_id'];
$company_name = $row['company_name'];
?>
<li><a class="dropdown-item text-dark" href="post.php?switch_company=<?php echo $company_id; ?>"><?php echo $company_name; ?><?php if($company_id == $session_company_id){ echo "<i class='fa fa-check text-secondary ml-2'></i>"; } ?></a></li>
<?php
}
?>
</ul>
</div>
<ul class="nav nav-pills nav-sidebar flex-column" data-widget="treeview" data-accordion="false">
@ -22,6 +50,9 @@
<p>Clients</p>
</a>
</li>
<?php if($session_permission_level > 2){ ?>
<li class="nav-header">SUPPORT</li>
<li class="nav-item">
<a href="tickets.php" class="nav-link <?php if(basename($_SERVER["PHP_SELF"]) == "tickets.php") { echo "active"; } ?>">
@ -41,6 +72,11 @@
<p>Calendar</p>
</a>
</li>
<?php } ?>
<?php if($session_permission_level == 1 OR $session_permission_level > 3){ ?>
<li class="nav-header">SALES</li>
<li class="nav-item">
<a href="quotes.php" class="nav-link <?php if(basename($_SERVER["PHP_SELF"]) == "quotes.php") { echo "active"; } ?>">
@ -140,6 +176,10 @@
</ul>
</li>
<?php } ?>
<?php if($session_permission_level > 3){ ?>
<li class="nav-header">SETTINGS</li>
<li class="nav-item has-treeview">
@ -190,6 +230,8 @@
</ul>
</li>
<?php } ?>
</ul>
</nav>
<!-- /.sidebar-menu -->

12
test.php Normal file
View File

@ -0,0 +1,12 @@
<?php
$phone = ",above// \\5";
$stripped_phone = preg_replace("/[^0-9]/", '',$phone);
echo $phone;
echo "<br>";
echo $stripped_phone;
?>

2
top_nav.php
View File

@ -44,7 +44,7 @@
<p>
<?php echo $session_name; ?>
<small><?php echo $session_company_name; ?></small>
<small><?php echo $session_permission_level_display; ?></small>
</p>
</li>
<!-- Menu Footer-->

52
user_clients_modal.php Normal file
View File

@ -0,0 +1,52 @@
<div class="modal" id="editUserClientsModal<?php echo $user_id ?>" tabindex="-1">
<div class="modal-dialog">
<div class="modal-content bg-dark">
<div class="modal-header text-white">
<h5 class="modal-title"><i class="fa fa-fw fa-users mr-2"></i><?php echo $name; ?> Clients</h5>
<button type="button" class="close text-white" data-dismiss="modal">
<span aria-hidden="true">&times;</span>
</button>
</div>
<form action="post.php" method="post" autocomplete="off">
<input type="hidden" name="user_id" value="<?php echo $user_id; ?>">
<div class="modal-body bg-white">
<div class="alert alert-info">
Select Clients that the user will need access to
</div>
<ul class="list-group">
<?php
$sql_clients_select = mysqli_query($mysqli,"SELECT * FROM clients, companies WHERE clients.company_id = companies.company_id ORDER BY client_name ASC");
while($row = mysqli_fetch_array($sql_clients_select)){
$client_id_select = $row['client_id'];
$client_name_select = $row['client_name'];
$company_id_select = $row['company_id'];
$company_name_select = $row['company_name'];
?>
<li class="list-group-item">
<div class="form-check">
<input type="checkbox" class="form-check-input" name="clients[]" value="<?php echo $client_id_select; ?>" <?php if(in_array("$client_id_select",$permission_clients_array)){ echo "checked"; } ?> >
<label class="form-check-label ml-2"><?php echo $client_name_select; ?></label>
</div>
</li>
<?php
}
?>
</ul>
</div>
<div class="modal-footer bg-white">
<button type="button" class="btn btn-secondary" data-dismiss="modal">Cancel</button>
<button type="submit" name="edit_user_clients" class="btn btn-primary">Save</button>
</div>
</form>
</div>
</div>
</div>

7
users.php
View File

@ -143,13 +143,16 @@
</button>
<div class="dropdown-menu" aria-labelledby="dropdownMenuButton">
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#editUserModal<?php echo $user_id; ?>">Edit</a>
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#editUserCompaniesModal<?php echo $user_id; ?>">Companies</a>
<div class="dropdown-divider"></div>
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#editUserCompaniesModal<?php echo $user_id; ?>">Company Access</a>
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#editUserClientsModal<?php echo $user_id; ?>">Client Access</a>
<div class="dropdown-divider"></div>
<a class="dropdown-item" href="post.php?delete_user=<?php echo $user_id; ?>">Delete</a>
</div>
</div>
<?php include("edit_user_modal.php"); ?>
<?php include("user_companies_modal.php"); ?>
<?php include("user_companies_modal.php"); ?>
<?php include("user_clients_modal.php"); ?>
</td>
</tr>