From bb46c93790e80c1e9064e387a985d20fea4217e7 Mon Sep 17 00:00:00 2001 From: "johnny@pittpc.com" Date: Tue, 2 Feb 2021 17:09:31 -0500 Subject: [PATCH] Added Company Select Option on top of side Nav Added Client ACL Modal in users, hide side bar elements based off user permission level, if IT Contract level list only clients in users Client ACL --- blank.php | 8 +++++++ check_login.php | 27 +++++++++++++++++----- clients.php | 13 +++++++---- post.php | 23 +++++++++++++++++-- side_nav.php | 44 ++++++++++++++++++++++++++++++++++- test.php | 12 ++++++++++ top_nav.php | 2 +- user_clients_modal.php | 52 ++++++++++++++++++++++++++++++++++++++++++ users.php | 7 ++++-- 9 files changed, 172 insertions(+), 16 deletions(-) create mode 100644 test.php create mode 100644 user_clients_modal.php diff --git a/blank.php b/blank.php index 22f906c0..62146494 100644 --- a/blank.php +++ b/blank.php @@ -13,4 +13,12 @@

This is a great starting point for new custom pages.

+ + \ No newline at end of file diff --git a/check_login.php b/check_login.php index edfdb582..d5a4fbda 100644 --- a/check_login.php +++ b/check_login.php @@ -13,10 +13,7 @@ $session_user_id = $_SESSION['user_id']; - $sql = mysqli_query($mysqli,"SELECT * FROM users, companies, permissions - WHERE permissions.permission_default_company = companies.company_id - AND users.user_id = $session_user_id" - ); + $sql = mysqli_query($mysqli,"SELECT * FROM users, permissions WHERE users.user_id = permissions.user_id AND users.user_id = $session_user_id"); $row = mysqli_fetch_array($sql); $session_name = $row['name']; @@ -25,13 +22,31 @@ if(empty($session_avatar)){ $session_avatar = "dist/img/noone.png"; } - $session_company_id = $row['company_id']; - $session_company_name = $row['company_name']; + $session_company_id = $row['permission_default_company']; $session_token = $row['token']; + $session_permission_level = $row['permission_level']; + if($session_permission_level == 5){ + $session_permission_level_display = "Global Administrator"; + }elseif($session_permission_level == 4){ + $session_permission_level_display = "Administrator"; + }elseif($session_permission_level == 3){ + $session_permission_level_display = "Technician"; + }elseif($session_permission_level == 2){ + $session_permission_level_display = "IT Contractor"; + }else{ + $session_permission_level_display = "Accounting"; + } + $session_permission_companies_array = explode(",",$row['permission_companies']); $session_permission_companies = $row['permission_companies']; + $session_permission_clients_array = explode(",",$row['permission_clients']); $session_permission_clients = $row['permission_clients']; + $sql = mysqli_query($mysqli,"SELECT * FROM companies WHERE company_id = $session_company_id"); + $row = mysqli_fetch_array($sql); + + $session_company_name = $row['company_name']; + include("get_settings.php"); //Detects if using an apple device and uses apple maps instead of google diff --git a/clients.php b/clients.php index e120dd65..d02e61d1 100644 --- a/clients.php +++ b/clients.php @@ -1,5 +1,10 @@ $sb, 'o' => $o))); @@ -56,7 +61,7 @@ if(!empty($_GET['dtf'])){ $url_query_strings_sb = http_build_query(array_merge($_GET,array('sb' => $sb, 'o' => $o))); -$sql = mysqli_query($mysqli,"SELECT SQL_CALC_FOUND_ROWS * FROM clients WHERE (client_name LIKE '%$q%' OR client_type LIKE '%$q%' OR client_email LIKE '%$q%' OR client_contact LIKE '%$q%' OR client_phone LIKE '%$q%' OR client_mobile LIKE '%$q%' OR client_address LIKE '%$q%' OR client_city LIKE '%$q%' OR client_state LIKE '%$q%' OR client_zip LIKE '%$q%') AND DATE(client_created_at) BETWEEN '$dtf' AND '$dtt' AND company_id = $session_company_id ORDER BY $sb $o LIMIT $record_from, $record_to"); +$sql = mysqli_query($mysqli,"SELECT SQL_CALC_FOUND_ROWS * FROM clients WHERE (client_name LIKE '%$q%' OR client_type LIKE '%$q%' OR client_email LIKE '%$q%' OR client_contact LIKE '%$q%' OR client_phone LIKE '%$q%' OR client_mobile LIKE '%$q%' OR client_address LIKE '%$q%' OR client_city LIKE '%$q%' OR client_state LIKE '%$q%' OR client_zip LIKE '%$q%') AND DATE(client_created_at) BETWEEN '$dtf' AND '$dtt' AND company_id = $session_company_id $permission_sql ORDER BY $sb $o LIMIT $record_from, $record_to"); $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()")); @@ -157,8 +162,8 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()")); $balance_text_color = "text-danger font-weight-bold"; }else{ $balance_text_color = ""; - } - + } + ?> @@ -221,7 +226,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()")); diff --git a/post.php b/post.php index cb461d37..c41c32de 100644 --- a/post.php +++ b/post.php @@ -122,6 +122,25 @@ if(isset($_POST['edit_user_companies'])){ } +if(isset($_POST['edit_user_clients'])){ + + $user_id = intval($_POST['user_id']); + $clients = $_POST['clients']; + + //Turn the Array into a string with , seperation + $clients_imploded = implode(",",$clients); + + mysqli_query($mysqli,"UPDATE permissions SET permission_clients = '$clients_imploded' WHERE user_id = $user_id"); + + //logging + mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'User', log_action = 'Modified', log_description = '$name', log_created_at = NOW()"); + + $_SESSION['alert_message'] = "Client $client_imploded added to user $user_id!"; + + header("Location: users.php"); + +} + if(isset($_GET['delete_user'])){ $user_id = intval($_GET['delete_user']); @@ -167,7 +186,7 @@ if(isset($_POST['add_company'])){ mysqli_query($mysqli,"INSERT INTO settings SET company_id = $company_id, config_company_name = '$name', config_company_country = '$country', config_company_address = '$address', config_company_city = '$city', config_company_state = '$state', config_company_zip = '$zip', config_company_phone = '$phone', config_company_site = '$site', config_invoice_prefix = 'INV-', config_invoice_next_number = 1, config_invoice_overdue_reminders = '1,3,7', config_quote_prefix = 'QUO-', config_quote_next_number = 1, config_api_key = '$config_api_key', config_recurring_auto_send_invoice = 1, config_default_net_terms = 7, config_records_per_page = 10, config_send_invoice_reminders = 0, config_enable_cron = 0, config_ticket_next_number = 1"); //logging - mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Company', log_action = 'Created', log_description = '$name', log_created_at = NOW()"); + mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Company', log_action = 'Create', log_description = '$name', log_created_at = NOW()"); $_SESSION['alert_message'] = "Company $name created!"; @@ -765,7 +784,7 @@ if(isset($_POST['add_ticket'])){ mysqli_query($mysqli,"INSERT INTO tickets SET ticket_number = $ticket_number, ticket_subject = '$subject', ticket_details = '$details', ticket_priority = '$priority', ticket_status = 'Open', ticket_created_at = NOW(), ticket_created_by = $session_user_id, client_id = $client_id, company_id = $session_company_id"); //Logging - mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Ticket', log_action = 'Created', log_description = '$subject', log_created_at = NOW(), client_id = $client_id, company_id = $session_company_id, user_id = $session_user_id"); + mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Ticket', log_action = 'Create', log_description = '$subject', log_created_at = NOW(), client_id = $client_id, company_id = $session_company_id, user_id = $session_user_id"); $_SESSION['alert_message'] = "Ticket created"; diff --git a/side_nav.php b/side_nav.php index 4628ff5f..39d37dc9 100644 --- a/side_nav.php +++ b/side_nav.php @@ -5,7 +5,35 @@
-
- + +