Added permissions to Order

application/Address/AddressModel.php

@@ -76,6 +76,32 @@ class AddressModel {
     
   }
   
+  public static function byNetwork($network_id, $addresstype) {
+    if(!is_numeric($network_id) || !$network_id) {
+      return false;
+    }
+    $db = FronkDB::singleton();
+    
+    $addresses = [];
+    
+    // get all addresses of network
+    
+    $sql = "SELECT Address.id as id FROM `Address`
+            LEFT JOIN NetworkAddress ON (NetworkAddress.address_id = Address.id)
+            WHERE NetworkAddress.type = '$addresstype'
+            AND network_id = $network_id
+            GROUP BY id";
+    
+    $res = $db->query($sql);
+    if($db->num_rows($res)) {
+      while($data = $db->fetch_object($res)) {
+        $addresses[] = new Address($data->id);
+      }
+    }
+    
+    return $addresses;
+  }
+  
   public static function search($filter) {
     $items = [];
     $db = FronkDB::singleton();
@@ -96,7 +122,11 @@ class AddressModel {
     }
     
     if(!array_key_exists("addresstype", $filter)) {
-      $res = $db->select("Address", "*", "$where AND id NOT IN (".implode(",", $have).")");
+      if($have) {
+        $res = $db->select("Address", "*", "$where AND id NOT IN (".implode(",", $have).")");
+      } else {
+        $res = $db->select("Address", "*", "$where AND id");
+      }
       if($db->num_rows()) {
         while($data = $db->fetch_object($res)) {
           $items[] = new Address($data);
@@ -139,6 +169,15 @@ class AddressModel {
       }
     }
     
+    if(array_key_exists("create_by", $filter)) {
+      $create_by = $filter['create_by'];
+      if(is_numeric($create_by)) {
+        $where .= " AND Address.create_by=$create_by";
+      } elseif(is_array($create_by) && count($create_by)) {
+        $where .= " AND Address.create_by IN (". implode(",",$create_by).")";
+      }
+    }
+    
     if(array_key_exists("parents_only", $filter)) {
       $po = $filter['parents_only'];
       if($po == 1) {

application/Order/OrderController.php

@@ -16,18 +16,87 @@ class OrderController extends mfBaseController {
   
   protected function indexAction() {
     $this->layout()->setTemplate("Order/Index");
-    $this->layout()->set("orders", OrderModel::getAll());
+    //$this->layout()->set("orders", OrderModel::getAll());
+    
+    if($this->me->is("Admin")) {
+      $this->layout()->set("orders", OrderModel::getAll());
+    } else {
+      $orders = [];
+      //var_dump($this->me->my_networks);exit;
+      foreach($this->me->my_networks as $network) {
+        foreach(OrderModel::byNetwork($network->id) as $order) {
+          if(!array_key_exists($order->id, $orders)) {
+            $orders[$order->id] = $order;
+          }
+        }
+      }
+      
+      foreach(OrderModel::search(['create_by' => $this->me->id]) as $order) {
+        if(!array_key_exists($order->id, $orders)) {
+          $order[$order->id] = $order;
+        }
+      }
+      
+      $this->layout()->set("orders", $orders);
+    }
     
   }
   
   protected function addAction() {
     // TODO: filter by network permissions
     $this->layout()->setTemplate("Order/Form");
-    $this->layout()->set("addresses", AddressModel::search(['parents_only' => 1]));
-    $this->layout()->set("products", ProductModel::getAll());
-    $this->layout()->set("terminations", TerminationModel::getAll());
+    if($this->me->is("Admin")) {
+      $this->layout()->set("addresses", AddressModel::search(['parents_only' => 1]));
+      $this->layout()->set("products", ProductModel::getAll());
+      $this->layout()->set("terminations", TerminationModel::getAll());
+    } else {
+      // get all addresses of my networks
+      $network_ids = [];
+      $addresses = [];
+      foreach($this->me->my_networks as $network) {
+        $network_ids[] = $network->id;
+        foreach(AddressModel::byNetwork($network->id, "salespartner") as $address) {
+          if(!array_key_exists($address->id, $addresses)) {
+            $addresses[] = $address;
+          }
+        }
+      }
+      
+      $users = [];
+      $user_ids = [];
+      foreach($addresses as $address) {
+        $address_id = $address->id;
+        if($address->parent_id) {
+          $address_id = $address->parent_id;
+        }
+        foreach(UserModel::search(['address_id' => $address_id]) as $user) {
+          if(!array_key_exists($user, $users)) {
+            $users[$user->id] = $user;
+            $user_ids[] = $user->id;
+          }
+        }
+      }
+
+      $addresses = AddressModel::search(['create_by' => $user_ids]);
+      $this->layout()->set("addresses", $addresses);
+      
+      // get terminations in my networks
+      $terms = TerminationModel::search(["network_id" => $network_ids]);
+      $this->layout()->set("terminations", $nets);
+      
+      
+      // get products assigned to my networks
+      $products = [];
+      foreach(ProductNetworkModel::search(["network_id" => $network_ids]) as $pn) {
+        if(!array_key_exists($pn->product_id, $products))
+        $products[$pn->product_id] = $pn->product;
+      }
+      $this->layout()->set("products", $products);
+      
+    }
+    
+    
     
-    //var_dump(AddressModel::search(['parents_only' => 1]));exit;
   }
   
   protected function editAction() {
@@ -343,4 +412,5 @@ class OrderController extends mfBaseController {
     
   }
   
+  
 }

application/Order/OrderModel.php

@@ -91,17 +91,61 @@ class OrderModel {
     return null;
   }
   
+  public static function byNetwork($network_id) {
+    if(!is_numeric($network_id) || !$network_id) {
+      return false;
+    }
+    $db = FronkDB::singleton();
+    
+    $orders = [];
+    
+    $sql = "SELECT `Order`.* FROM `Order`
+            LEFT JOIN OrderProduct ON (OrderProduct.order_id = `Order`.id)
+            LEFT JOIN Termination ON (Termination.id = OrderProduct.termination_id)
+            LEFT JOIN Building ON (Building.id = Termination.building_id)
+
+            WHERE OrderProduct.termination_id IS NOT NULL
+            AND Building.network_id = $network_id
+            ";
+    
+    $res = $db->query($sql);
+    if($db->num_rows($res)) {
+      while($data = $db->fetch_object($res)) {
+        $orders[] = new Order($data);
+      }
+    }
+    
+    return $orders;
+  }
+  
+  
   public static function search($filter) {
     $items = [];
     $db = FronkDB::singleton();
     
     $where = self::getSqlFilter($filter);
-    $res = $db->select("Order", "*", "$where ORDER BY id");
+    $have = [];
+    $sql = "SELECT `Order`.* FROM `Order`, OrderProduct
+            WHERE OrderProduct.order_id = `Order`.id
+            AND $where
+            GROUP BY OrderProduct.order_id
+            ORDER BY id
+           ";
+    $res = $db->query($sql);
     if($db->num_rows($res)) {
       while($data = $db->fetch_object($res)) {
         $items[] = new Order($data);
+        $have[] = $data->id;
       }
     }
+    
+    $res = $db->select("Order", "*", "$where AND id NOT IN (".implode(",", $have).") ORDER BY id");
+    if($db->num_rows($res)) {
+      while($data = $db->fetch_object()) {
+        $items[] = new Order($data);
+      }
+    }
+    
     return $items;
   }
   
@@ -109,26 +153,28 @@ class OrderModel {
     $where = "1=1 ";
 
     //var_dump($filter);exit;
+    if(array_key_exists("owner_id", $filter)) {
+      $ownerid= $filter['owner_id'];
+      if(is_numeric($ownerid)) {
+        $where .= " AND Order.owner_id=$ownerid";
+      }
+    }
+    
+    if(array_key_exists("create_by", $filter)) {
+      $create_by = $filter['create_by'];
+      if(is_numeric($create_by)) {
+        $where .= " AND Order.create_by=$create_by";
+      }
+    }
+    
     if(array_key_exists("name", $filter)) {
       $name = FronkDB::singleton()->escape($filter['name']);
       if($name) {
-        $where .= " AND name='$name'";
+        $where .= " AND Order.name='$name'";
       }
     }
     
-    if(array_key_exists("filename", $filter)) {
-      $filename = FronkDB::singleton()->escape($filter['filename']);
-      if($filename) {
-        $where .= " AND filename='$filename'";
-      }
-    }
     
-    if(array_key_exists("subfolder", $filter)) {
-      $subfolder = FronkDB::singleton()->escape($filter['subfolder']);
-      if($subfolder) {
-        $where .= " AND subfolder='$subfolder'";
-      }
-    }
     
     //var_dump($filter, $where);exit;
     return $where;

application/Product/ProductController.php

@@ -9,16 +9,22 @@ class ProductController extends mfBaseController {
     $this->me = $me;
     $this->layout()->set("me",$me);
     
-    if(!$me->isAdmin()) {
+    if(!$me->is(["Admin","netowner","pipeplanner"])) {
       $this->redirect("Dashboard");
     }
   }
   
   protected function indexAction() {
+    if(!$me->is(["Admin"])) {
+      $this->redirect("Dashboard");
+    }
     $this->layout()->set("products", ProductModel::getAll());
   }
   
   protected function addAction() {
+    if(!$me->is(["Admin"])) {
+      $this->redirect("Dashboard");
+    }
     $this->layout()->setTemplate("Product/Form");
     $this->layout()->set("productgroups", ProductgroupModel::getAll());
     $this->layout()->set("producttechs", ProducttechModel::getAll());
@@ -28,6 +34,9 @@ class ProductController extends mfBaseController {
   }
   
   protected function editAction() {
+    if(!$me->is(["Admin"])) {
+      $this->redirect("Dashboard");
+    }
     $product_id = $this->request->id;
     $product = new Product($product_id);
     if(!$product->id) {
@@ -43,6 +52,10 @@ class ProductController extends mfBaseController {
   }
   
   protected function saveAction() {
+    if(!$me->is(["Admin"])) {
+      $this->redirect("Dashboard");
+    }
+    
     $r = $this->request;
     //var_dump($r);exit;
     $id = $r->id;
@@ -166,6 +179,10 @@ class ProductController extends mfBaseController {
   }
   
   protected function deleteAction() {
+    if(!$me->is(["Admin"])) {
+      $this->redirect("Dashboard");
+    }
+    
     $id = $this->request->id;
     
     $product = new Product($id);
@@ -180,6 +197,9 @@ class ProductController extends mfBaseController {
   }
   
   protected function apiAction() {
+    if(!$me->is(["Admin","netowner","pipeplanner"])) {
+      $this->redirect("Dashboard");
+    }
     $do = $this->request->do;
     $data = [];
     

application/ProductNetwork/ProductNetwork.php

@@ -1,5 +1,28 @@
 <?php
 
 class ProductNetwork extends mfBaseModel {
+  private $product;
+  private $network;
   
+  public function getProperty($name) {
+    if($this->$name == null) {
+      
+      if(!$this->id) {
+        return null;
+      }
+      
+      $classname = ucfirst($name);
+      $idfield = $name."_id";
+      $this->$name = new $classname($this->$idfield);
+      
+      if($this->$name->id) {
+        return $this->$name;
+      } else {
+        return null;
+      }
+    }
+    
+    return $this->$name;
+  }
+
 }

application/ProductNetwork/ProductNetworkModel.php

@@ -110,6 +110,10 @@ class ProductNetworkModel {
       $network_id = $filter['network_id'];
       if(is_numeric($network_id)) {
         $where .= " AND network_id=$network_id";
+      } else {
+        if(is_array($network_id)) {
+          $where .= " AND network_id IN (". implode(",", $network_id).")";
+        }
       }
     }
     

application/Termination/TerminationModel.php

@@ -105,6 +105,14 @@ class TerminationModel {
       }
     }
     
+    if(array_key_exists("network_id", $filter)) {
+      $network_id = $filter['network_id'];
+      if(is_numeric($network_id)) {
+        $where .= " AND Building.network_id=$network_id";
+      } elseif(is_array($network_id) && count($network_id)) {
+        $where .= " AND Building.network_id IN (". implode(",", $network_id).")";
+      }
+    }
     
     if(array_key_exists("status", $filter)) {
       if(in_array(substr($filter['status'], 1, 2), ["<=", ">="])) {