From 4d51eb23f3ed8fc5c528891e97ea352bc8ba7d13 Mon Sep 17 00:00:00 2001 From: Frank Schubert Date: Fri, 6 Aug 2021 16:35:38 +0200 Subject: [PATCH] Added permissions to Order --- application/Address/AddressModel.php | 41 +++++++++- application/Order/OrderController.php | 80 +++++++++++++++++-- application/Order/OrderModel.php | 74 +++++++++++++---- application/Product/ProductController.php | 22 ++++- application/ProductNetwork/ProductNetwork.php | 23 ++++++ .../ProductNetwork/ProductNetworkModel.php | 4 + application/Termination/TerminationModel.php | 8 ++ 7 files changed, 231 insertions(+), 21 deletions(-) diff --git a/application/Address/AddressModel.php b/application/Address/AddressModel.php index ac81a0b4d..0745d6ccb 100644 --- a/application/Address/AddressModel.php +++ b/application/Address/AddressModel.php @@ -76,6 +76,32 @@ class AddressModel { } + public static function byNetwork($network_id, $addresstype) { + if(!is_numeric($network_id) || !$network_id) { + return false; + } + $db = FronkDB::singleton(); + + $addresses = []; + + // get all addresses of network + + $sql = "SELECT Address.id as id FROM `Address` + LEFT JOIN NetworkAddress ON (NetworkAddress.address_id = Address.id) + WHERE NetworkAddress.type = '$addresstype' + AND network_id = $network_id + GROUP BY id"; + + $res = $db->query($sql); + if($db->num_rows($res)) { + while($data = $db->fetch_object($res)) { + $addresses[] = new Address($data->id); + } + } + + return $addresses; + } + public static function search($filter) { $items = []; $db = FronkDB::singleton(); @@ -96,7 +122,11 @@ class AddressModel { } if(!array_key_exists("addresstype", $filter)) { - $res = $db->select("Address", "*", "$where AND id NOT IN (".implode(",", $have).")"); + if($have) { + $res = $db->select("Address", "*", "$where AND id NOT IN (".implode(",", $have).")"); + } else { + $res = $db->select("Address", "*", "$where AND id"); + } if($db->num_rows()) { while($data = $db->fetch_object($res)) { $items[] = new Address($data); @@ -139,6 +169,15 @@ class AddressModel { } } + if(array_key_exists("create_by", $filter)) { + $create_by = $filter['create_by']; + if(is_numeric($create_by)) { + $where .= " AND Address.create_by=$create_by"; + } elseif(is_array($create_by) && count($create_by)) { + $where .= " AND Address.create_by IN (". implode(",",$create_by).")"; + } + } + if(array_key_exists("parents_only", $filter)) { $po = $filter['parents_only']; if($po == 1) { diff --git a/application/Order/OrderController.php b/application/Order/OrderController.php index 53acc9f81..9d7497a57 100644 --- a/application/Order/OrderController.php +++ b/application/Order/OrderController.php @@ -16,18 +16,87 @@ class OrderController extends mfBaseController { protected function indexAction() { $this->layout()->setTemplate("Order/Index"); - $this->layout()->set("orders", OrderModel::getAll()); + //$this->layout()->set("orders", OrderModel::getAll()); + + if($this->me->is("Admin")) { + $this->layout()->set("orders", OrderModel::getAll()); + } else { + $orders = []; + //var_dump($this->me->my_networks);exit; + foreach($this->me->my_networks as $network) { + foreach(OrderModel::byNetwork($network->id) as $order) { + if(!array_key_exists($order->id, $orders)) { + $orders[$order->id] = $order; + } + } + } + + foreach(OrderModel::search(['create_by' => $this->me->id]) as $order) { + if(!array_key_exists($order->id, $orders)) { + $order[$order->id] = $order; + } + } + + $this->layout()->set("orders", $orders); + } } protected function addAction() { // TODO: filter by network permissions $this->layout()->setTemplate("Order/Form"); - $this->layout()->set("addresses", AddressModel::search(['parents_only' => 1])); - $this->layout()->set("products", ProductModel::getAll()); - $this->layout()->set("terminations", TerminationModel::getAll()); + if($this->me->is("Admin")) { + $this->layout()->set("addresses", AddressModel::search(['parents_only' => 1])); + $this->layout()->set("products", ProductModel::getAll()); + $this->layout()->set("terminations", TerminationModel::getAll()); + } else { + // get all addresses of my networks + $network_ids = []; + $addresses = []; + foreach($this->me->my_networks as $network) { + $network_ids[] = $network->id; + foreach(AddressModel::byNetwork($network->id, "salespartner") as $address) { + if(!array_key_exists($address->id, $addresses)) { + $addresses[] = $address; + } + } + } + + $users = []; + $user_ids = []; + foreach($addresses as $address) { + $address_id = $address->id; + if($address->parent_id) { + $address_id = $address->parent_id; + } + foreach(UserModel::search(['address_id' => $address_id]) as $user) { + if(!array_key_exists($user, $users)) { + $users[$user->id] = $user; + $user_ids[] = $user->id; + } + } + } + + $addresses = AddressModel::search(['create_by' => $user_ids]); + $this->layout()->set("addresses", $addresses); + + // get terminations in my networks + $terms = TerminationModel::search(["network_id" => $network_ids]); + $this->layout()->set("terminations", $nets); + + + // get products assigned to my networks + $products = []; + foreach(ProductNetworkModel::search(["network_id" => $network_ids]) as $pn) { + if(!array_key_exists($pn->product_id, $products)) + $products[$pn->product_id] = $pn->product; + } + $this->layout()->set("products", $products); + + } + + - //var_dump(AddressModel::search(['parents_only' => 1]));exit; } protected function editAction() { @@ -343,4 +412,5 @@ class OrderController extends mfBaseController { } + } \ No newline at end of file diff --git a/application/Order/OrderModel.php b/application/Order/OrderModel.php index c5708828a..085b67780 100644 --- a/application/Order/OrderModel.php +++ b/application/Order/OrderModel.php @@ -91,17 +91,61 @@ class OrderModel { return null; } + public static function byNetwork($network_id) { + if(!is_numeric($network_id) || !$network_id) { + return false; + } + $db = FronkDB::singleton(); + + $orders = []; + + $sql = "SELECT `Order`.* FROM `Order` + LEFT JOIN OrderProduct ON (OrderProduct.order_id = `Order`.id) + LEFT JOIN Termination ON (Termination.id = OrderProduct.termination_id) + LEFT JOIN Building ON (Building.id = Termination.building_id) + + WHERE OrderProduct.termination_id IS NOT NULL + AND Building.network_id = $network_id + "; + + $res = $db->query($sql); + if($db->num_rows($res)) { + while($data = $db->fetch_object($res)) { + $orders[] = new Order($data); + } + } + + return $orders; + } + + public static function search($filter) { $items = []; $db = FronkDB::singleton(); $where = self::getSqlFilter($filter); - $res = $db->select("Order", "*", "$where ORDER BY id"); + $have = []; + $sql = "SELECT `Order`.* FROM `Order`, OrderProduct + WHERE OrderProduct.order_id = `Order`.id + AND $where + GROUP BY OrderProduct.order_id + ORDER BY id + "; + $res = $db->query($sql); if($db->num_rows($res)) { while($data = $db->fetch_object($res)) { $items[] = new Order($data); + $have[] = $data->id; } } + + $res = $db->select("Order", "*", "$where AND id NOT IN (".implode(",", $have).") ORDER BY id"); + if($db->num_rows($res)) { + while($data = $db->fetch_object()) { + $items[] = new Order($data); + } + } + return $items; } @@ -109,26 +153,28 @@ class OrderModel { $where = "1=1 "; //var_dump($filter);exit; + if(array_key_exists("owner_id", $filter)) { + $ownerid= $filter['owner_id']; + if(is_numeric($ownerid)) { + $where .= " AND Order.owner_id=$ownerid"; + } + } + + if(array_key_exists("create_by", $filter)) { + $create_by = $filter['create_by']; + if(is_numeric($create_by)) { + $where .= " AND Order.create_by=$create_by"; + } + } + if(array_key_exists("name", $filter)) { $name = FronkDB::singleton()->escape($filter['name']); if($name) { - $where .= " AND name='$name'"; + $where .= " AND Order.name='$name'"; } } - if(array_key_exists("filename", $filter)) { - $filename = FronkDB::singleton()->escape($filter['filename']); - if($filename) { - $where .= " AND filename='$filename'"; - } - } - if(array_key_exists("subfolder", $filter)) { - $subfolder = FronkDB::singleton()->escape($filter['subfolder']); - if($subfolder) { - $where .= " AND subfolder='$subfolder'"; - } - } //var_dump($filter, $where);exit; return $where; diff --git a/application/Product/ProductController.php b/application/Product/ProductController.php index 4f0a8019f..5f7148b72 100644 --- a/application/Product/ProductController.php +++ b/application/Product/ProductController.php @@ -9,16 +9,22 @@ class ProductController extends mfBaseController { $this->me = $me; $this->layout()->set("me",$me); - if(!$me->isAdmin()) { + if(!$me->is(["Admin","netowner","pipeplanner"])) { $this->redirect("Dashboard"); } } protected function indexAction() { + if(!$me->is(["Admin"])) { + $this->redirect("Dashboard"); + } $this->layout()->set("products", ProductModel::getAll()); } protected function addAction() { + if(!$me->is(["Admin"])) { + $this->redirect("Dashboard"); + } $this->layout()->setTemplate("Product/Form"); $this->layout()->set("productgroups", ProductgroupModel::getAll()); $this->layout()->set("producttechs", ProducttechModel::getAll()); @@ -28,6 +34,9 @@ class ProductController extends mfBaseController { } protected function editAction() { + if(!$me->is(["Admin"])) { + $this->redirect("Dashboard"); + } $product_id = $this->request->id; $product = new Product($product_id); if(!$product->id) { @@ -43,6 +52,10 @@ class ProductController extends mfBaseController { } protected function saveAction() { + if(!$me->is(["Admin"])) { + $this->redirect("Dashboard"); + } + $r = $this->request; //var_dump($r);exit; $id = $r->id; @@ -166,6 +179,10 @@ class ProductController extends mfBaseController { } protected function deleteAction() { + if(!$me->is(["Admin"])) { + $this->redirect("Dashboard"); + } + $id = $this->request->id; $product = new Product($id); @@ -180,6 +197,9 @@ class ProductController extends mfBaseController { } protected function apiAction() { + if(!$me->is(["Admin","netowner","pipeplanner"])) { + $this->redirect("Dashboard"); + } $do = $this->request->do; $data = []; diff --git a/application/ProductNetwork/ProductNetwork.php b/application/ProductNetwork/ProductNetwork.php index 6a44d8407..ddb7194ba 100644 --- a/application/ProductNetwork/ProductNetwork.php +++ b/application/ProductNetwork/ProductNetwork.php @@ -1,5 +1,28 @@ $name == null) { + + if(!$this->id) { + return null; + } + + $classname = ucfirst($name); + $idfield = $name."_id"; + $this->$name = new $classname($this->$idfield); + + if($this->$name->id) { + return $this->$name; + } else { + return null; + } + } + + return $this->$name; + } + } \ No newline at end of file diff --git a/application/ProductNetwork/ProductNetworkModel.php b/application/ProductNetwork/ProductNetworkModel.php index 32cf17c25..edecc3fb9 100644 --- a/application/ProductNetwork/ProductNetworkModel.php +++ b/application/ProductNetwork/ProductNetworkModel.php @@ -110,6 +110,10 @@ class ProductNetworkModel { $network_id = $filter['network_id']; if(is_numeric($network_id)) { $where .= " AND network_id=$network_id"; + } else { + if(is_array($network_id)) { + $where .= " AND network_id IN (". implode(",", $network_id).")"; + } } } diff --git a/application/Termination/TerminationModel.php b/application/Termination/TerminationModel.php index b05e0a256..cf4fa9fb3 100644 --- a/application/Termination/TerminationModel.php +++ b/application/Termination/TerminationModel.php @@ -105,6 +105,14 @@ class TerminationModel { } } + if(array_key_exists("network_id", $filter)) { + $network_id = $filter['network_id']; + if(is_numeric($network_id)) { + $where .= " AND Building.network_id=$network_id"; + } elseif(is_array($network_id) && count($network_id)) { + $where .= " AND Building.network_id IN (". implode(",", $network_id).")"; + } + } if(array_key_exists("status", $filter)) { if(in_array(substr($filter['status'], 1, 2), ["<=", ">="])) {