forked from timschofield/webERP
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathLocationUsersCopyAuthority.php
115 lines (92 loc) · 3.82 KB
/
LocationUsersCopyAuthority.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
<?php
include('includes/session.php');
$Title = _('Copy Authority of Locations from one user to another');
include('includes/header.php');
echo '<p class="page_title_text"><img alt="" src="', $RootPath, '/css/', $Theme,
'/images/maintenance.png" title="',// Icon image.
$Title, '" /> ',// Icon title.
$Title, '</p>';// Page title.
include('includes/SQL_CommonFunctions.inc');
if(isset($_POST['ProcessCopyAuthority'])) {
$InputError = 0;
if($_POST['FromUserID'] == $_POST['ToUserID']) {
prnMsg(_('User FROM must be different from user TO'), 'error');
$InputError = 1;
}
if($InputError == 0) {// no input errors
DB_Txn_Begin();
$SQL = "DELETE FROM locationusers WHERE UPPER(userid) = UPPER('" . $_POST['ToUserID'] . "')";
$DbgMsg = _('The SQL statement that failed was');
$ErrMsg = _('The SQL to delete the auhority in locationusers record failed');
$Result = DB_query($SQL, $ErrMsg, $DbgMsg, true);
prnMsg(_('Deleting the previous authority to view / update the Locations of user') . ' ' . $_POST['ToUserID'], 'success');
$SQL = "INSERT INTO locationusers (userid, loccode, canview, canupd)
SELECT '" . $_POST['ToUserID'] . "', loccode, canview, canupd
FROM locationusers
WHERE UPPER(userid) = UPPER('" . $_POST['FromUserID'] . "')";
$DbgMsg = _('The SQL statement that failed was');
$ErrMsg = _('The SQL to insert the auhority in locationusers record failed');
$Result = DB_query($SQL, $ErrMsg, $DbgMsg, true);
prnMsg(_('Copied the authority to view / update the Locations from user') . ' ' . $_POST['FromUserID'] . ' ' . _('to user') . ' ' . $_POST['ToUserID'], 'success');
DB_Txn_Commit();
}//only do the stuff above if $InputError==0
}
echo '<form action="' . htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . '" method="post">';
echo '<div class="centre">';
echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
echo '<fieldset>
<legend>' . _('Copy Location Authority') . '</legend>';
echo '<field>';
echo '<label>' . _('Select User to copy the Authority FROM') . ':</label>';
echo '<select name="FromUserID">';
if ($_SESSION['AccessLevel'] == 8) {
// if system admin can access to anyone.
$Result = DB_query("SELECT userid,
realname
FROM www_users
ORDER BY userid");
} else {
// if not system admin, can not access to system admin role. To prevent rogue employees playing with sys admin rights ;-)
$Result = DB_query("SELECT userid,
realname
FROM www_users
WHERE fullaccess != '8'
ORDER BY userid");
}
echo '<option selected value="">' . _('Not Yet Selected') . '</option>';
while ($MyRow = DB_fetch_array($Result)) {
echo '<option value="';
echo $MyRow['userid'] . '">' . $MyRow['userid'] . ' - ' . $MyRow['realname'] . '</option>';
} //end while loop
echo '</select>';
echo '</field>';
echo '<field>';
echo '<label>' . _('Select User to copy the Authority TO') . ':</label>';
echo '<select name="ToUserID">';
if ($_SESSION['AccessLevel'] == 8) {
// if system admin can access to anyone.
$Result = DB_query("SELECT userid,
realname
FROM www_users
ORDER BY userid");
} else {
// if not system admin, can not access to system admin role. To prevent rogue employees playing with sys admin rights ;-)
$Result = DB_query("SELECT userid,
realname
FROM www_users
WHERE fullaccess != '8'
ORDER BY userid");
}
echo '<option selected value="">' . _('Not Yet Selected') . '</option>';
while ($MyRow = DB_fetch_array($Result)) {
echo '<option value="';
echo $MyRow['userid'] . '">' . $MyRow['userid'] . ' - ' . $MyRow['realname'] . '</option>';
} //end while loop
echo '</select>';
echo '</field>';
echo '</fieldset>';
echo '<div class="centre"><input type="submit" name="ProcessCopyAuthority" value="' . _('Process Copy of Authority') . '" />
</div>
</form>';
include('includes/footer.php');
?>