Skip to content

Commit

Permalink
Permissions - clients and tickets
Browse files Browse the repository at this point in the history
Enforce new permissions model in clients and tickets
  • Loading branch information
wrongecho committed Sep 20, 2024
1 parent 847870a commit 23f776e
Show file tree
Hide file tree
Showing 9 changed files with 121 additions and 106 deletions.
1 change: 1 addition & 0 deletions client_add_modal.php
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@
</button>
</div>
<form action="post.php" method="post" autocomplete="off">
<input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
<input type="hidden" name="lead" value="0">
<input type="hidden" name="net_terms" value="0">
<input type="hidden" name="currency_code" value="<?php echo $session_company_currency; ?>">
Expand Down
6 changes: 3 additions & 3 deletions client_tickets.php
Original file line number Diff line number Diff line change
Expand Up @@ -119,7 +119,7 @@
<th><a class="text-dark" href="?<?php echo $url_query_strings_sort; ?>&sort=ticket_number&order=<?php echo $disp; ?>">Number</a></th>
<th><a class="text-dark" href="?<?php echo $url_query_strings_sort; ?>&sort=ticket_subject&order=<?php echo $disp; ?>">Subject</a></th>
<th><a class="text-dark" href="?<?php echo $url_query_strings_sort; ?>&sort=contact_name&order=<?php echo $disp; ?>">Contact</a></th>
<?php if ($config_module_enable_accounting) { ?>
<?php if ($config_module_enable_accounting && lookupUserPermission("module_sales") >= 2) { ?>
<th class="text-center"><a class="text-dark" href="?<?php echo $url_query_strings_sort; ?>&sort=ticket_billable&order=<?php echo $disp; ?>">Billable</a></th>
<?php } ?>
<th><a class="text-dark" href="?<?php echo $url_query_strings_sort; ?>&sort=ticket_priority&order=<?php echo $disp; ?>">Priority</a></th>
Expand Down Expand Up @@ -237,8 +237,8 @@
<a href="#" data-toggle="modal" data-target="#editTicketContactModal<?php echo $ticket_id; ?>"><?php echo $contact_display; ?></a>
</td>

<!-- Ticket Billable (if accounting enabled -->
<?php if ($config_module_enable_accounting) { ?>
<!-- Ticket Billable (if accounting perms & enabled) -->
<?php if ($config_module_enable_accounting && lookupUserPermission("module_sales") >= 2) { ?>
<td class="text-center">
<a href="#" data-toggle="modal" data-target="#editTicketBillableModal<?php echo $ticket_id; ?>">
<?php
Expand Down
26 changes: 13 additions & 13 deletions clients.php
Original file line number Diff line number Diff line change
Expand Up @@ -96,11 +96,11 @@
<div class="card-header py-2">
<h3 class="card-title mt-2"><i class="fa fa-fw fa-user-friends mr-2"></i><?php if($leads == 0){ echo "Client"; } else { echo "Lead"; } ?> Management</h3>
<div class="card-tools">
<?php if ($session_user_role == 3) { ?>
<?php if (lookupUserPermission("module_client") >= 2) { ?>
<div class="btn-group">
<button type="button" class="btn btn-primary" data-toggle="modal" data-target="#addClientModal">
<i class="fas fa-plus mr-2"></i>New
<?php if($leads == 0){ echo "Client"; } else { echo "Lead"; } ?>
<?php if ($leads == 0) { echo "Client"; } else { echo "Lead"; } ?>
</button>
<button type="button" class="btn btn-primary dropdown-toggle dropdown-toggle-split" data-toggle="dropdown"></button>
<div class="dropdown-menu">
Expand Down Expand Up @@ -134,13 +134,13 @@
<div class="col-md-8">
<div class="btn-toolbar float-right">
<div class="btn-group mr-2">
<a href="?leads=0" class="btn btn-<?php if($leads == 0){ echo "primary"; } else { echo "default"; } ?>"><i class="fa fa-fw fa-user-friends mr-2"></i>Clients</a>
<a href="?leads=1" class="btn btn-<?php if($leads == 1){ echo "primary"; } else { echo "default"; } ?>"><i class="fa fa-fw fa-bullhorn mr-2"></i>Leads</a>
<a href="?leads=0" class="btn btn-<?php if ($leads == 0){ echo "primary"; } else { echo "default"; } ?>"><i class="fa fa-fw fa-user-friends mr-2"></i>Clients</a>
<a href="?leads=1" class="btn btn-<?php if ($leads == 1){ echo "primary"; } else { echo "default"; } ?>"><i class="fa fa-fw fa-bullhorn mr-2"></i>Leads</a>
</div>

<div class="btn-group mr-2">
<a href="?<?php echo $url_query_strings_sort ?>&archived=<?php if($archived == 1){ echo 0; } else { echo 1; } ?>"
class="btn btn-<?php if($archived == 1){ echo "primary"; } else { echo "default"; } ?>">
class="btn btn-<?php if ($archived == 1) { echo "primary"; } else { echo "default"; } ?>">
<i class="fa fa-fw fa-archive mr-2"></i>Archived
</a>
</div>
Expand Down Expand Up @@ -270,8 +270,8 @@ class="collapse mt-3
<?php if ($sort == 'contact_name') { echo $order_icon; } ?>
</a>
</th>
<?php if (($session_user_role == 3 || $session_user_role == 1) && $config_module_enable_accounting == 1) { ?> <th class="text-right">Billing</th> <?php } ?>
<?php if ($session_user_role == 3) { ?> <th class="text-center">Action</th> <?php } ?>
<?php if ((lookupUserPermission("module_financial") >= 1) && $config_module_enable_accounting == 1) { ?> <th class="text-right">Billing</th> <?php } ?>
<?php if (lookupUserPermission("module_client") >= 2) { ?> <th class="text-center">Action</th> <?php } ?>
</tr>
</thead>
<tbody>
Expand Down Expand Up @@ -387,7 +387,7 @@ class="collapse mt-3
</div>
<?php } ?>
<div class="mt-1 text-secondary">
<small><strong>Created:</strong> <?php echo $client_created_at; ?></small>
<small><strong>Created: </strong> <?php echo $client_created_at; ?></small>
</div>

</td>
Expand Down Expand Up @@ -425,8 +425,8 @@ class="collapse mt-3
<?php } ?>
</td>

<!-- Show Billing for Admin/Accountant roles only and if accounting module is enabled -->
<?php if (($session_user_role == 3 || $session_user_role == 1) && $config_module_enable_accounting == 1) { ?>
<!-- Show Billing if perms & if accounting module is enabled -->
<?php if ((lookupUserPermission("module_financial") >= 1) && $config_module_enable_accounting == 1) { ?>
<td class="text-right">
<div class="mt-1">
<span class="text-secondary">Balance</span> <span class="<?php echo $balance_text_color; ?>"><?php echo numfmt_format_currency($currency_format, $balance, $session_company_currency); ?></span>
Expand All @@ -443,8 +443,8 @@ class="collapse mt-3
</td>
<?php } ?>

<!-- Show actions for Admin role only -->
<?php if ($session_user_role == 3) { ?>
<!-- Actions -->
<?php if (lookupUserPermission("module_client") >= 2) { ?>
<td>
<div class="dropdown dropleft text-center">
<button class="btn btn-secondary btn-sm" type="button" data-toggle="dropdown">
Expand All @@ -457,7 +457,7 @@ class="collapse mt-3

<?php if (empty($client_archived_at)) { ?>
<div class="dropdown-divider"></div>
<a class="dropdown-item text-danger confirm-link" href="post.php?archive_client=<?php echo $client_id; ?>">
<a class="dropdown-item text-danger confirm-link" href="post.php?archive_client=<?php echo $client_id; ?>&csrf_token=<?php echo $_SESSION['csrf_token'] ?>">
<i class="fas fa-fw fa-archive mr-2"></i>Archive
</a>
<?php } ?>
Expand Down
25 changes: 14 additions & 11 deletions inc_client_top_head.php
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
<a href="#" data-toggle="collapse" data-target="#clientHeader"><h4 class="text-secondary" data-toggle="tooltip" data-placement="right" title="Client ID: <?php echo $client_id; ?>"><strong><?php echo $client_name; ?></strong> <?php if ($client_archived_at) { echo "(archived)"; } ?></h4></a>
</div>
<div class="col">
<?php if ($session_user_role == 3) { ?>
<?php if (lookupUserPermission("module_client") >= 2) { ?>
<div class="dropdown dropleft text-center">
<button class="btn btn-dark btn-sm float-right" type="button" data-toggle="dropdown">
<i class="fas fa-fw fa-ellipsis-v"></i>
Expand All @@ -14,14 +14,16 @@
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#editClientModal<?php echo $client_id; ?>">
<i class="fas fa-fw fa-edit mr-2"></i>Edit Client
</a>
<div class="dropdown-divider"></div>
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#exportClientPDFModal">
<i class="fas fa-fw fa-file-pdf mr-2"></i>Export Data
</a>
<?php if (lookupUserPermission("module_client") >= 3) { ?>
<div class="dropdown-divider"></div>
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#exportClientPDFModal">
<i class="fas fa-fw fa-file-pdf mr-2"></i>Export Data
</a>
<?php } ?>

<?php if (empty($client_archived_at)) { ?>
<div class="dropdown-divider"></div>
<a class="dropdown-item text-danger confirm-link" href="post.php?archive_client=<?php echo $client_id; ?>">
<a class="dropdown-item text-danger confirm-link" href="post.php?archive_client=<?php echo $client_id; ?>&csrf_token=<?php echo $_SESSION['csrf_token'] ?>">
<i class="fas fa-fw fa-archive mr-2"></i>Archive Client
</a>
<?php } else { ?>
Expand All @@ -31,7 +33,7 @@
</a>
<?php } ?>

<?php if ($session_user_role == 3 && $client_archived_at) { ?>
<?php if (lookupUserPermission("module_client") >= 3 && $client_archived_at) { ?>
<div class="dropdown-divider"></div>
<a class="dropdown-item text-danger text-bold" href="#" data-toggle="modal" data-target="#deleteClientModal<?php echo $client_id; ?>">
<i class="fas fa-fw fa-trash mr-2"></i>Delete Client
Expand Down Expand Up @@ -115,8 +117,8 @@

</div>

<?php if ($session_user_role == 1 || $session_user_role == 3 && $config_module_enable_accounting == 1) { ?>
<div class="col-md border-left border-top">
<?php if (lookupUserPermission("module_financial") >= 1 && $config_module_enable_accounting == 1) { ?>
<div class="col-md border-left border-top">
<h5 class="text-secondary mt-1">Billing</h5>
<div class="ml-1 text-secondary">Hourly Rate
<span class="text-dark float-right"> <?php echo numfmt_format_currency($currency_format, $client_rate, $client_currency_code); ?></span>
Expand All @@ -141,8 +143,8 @@
</div>
<?php } ?>


<div class="col-md border-left border-top">
<?php if (lookupUserPermission("module_support") >= 1 && $config_module_enable_ticketing == 1) { ?>
<div class="col-md border-left border-top">
<h5 class="text-secondary mt-1">Support</h5>
<div class="ml-1 text-secondary">Open Tickets
<span class="text-dark float-right"><?php echo $num_active_tickets; ?></span>
Expand All @@ -156,6 +158,7 @@
<?php echo $client_tags_display; ?>
<?php } ?>
</div>
<?php } ?>

</div>
</div>
Expand Down
34 changes: 22 additions & 12 deletions post/client.php
Original file line number Diff line number Diff line change
Expand Up @@ -6,10 +6,10 @@

if (isset($_POST['add_client'])) {

require_once 'post/client_model.php';

validateCSRFToken($_POST['csrf_token']);
enforceUserPermission('module_client', 2);

validateAdminRole();
require_once 'post/client_model.php';

$location_phone = preg_replace("/[^0-9]/", '', $_POST['location_phone']);
$address = sanitizeInput($_POST['address']);
Expand Down Expand Up @@ -117,9 +117,9 @@

if (isset($_POST['edit_client'])) {

require_once 'post/client_model.php';
enforceUserPermission('module_client', 2);

validateAdminRole();
require_once 'post/client_model.php';

$client_id = intval($_POST['client_id']);

Expand Down Expand Up @@ -153,7 +153,8 @@

if (isset($_GET['archive_client'])) {

validateAdminRole();
validateCSRFToken($_GET['csrf_token']);
enforceUserPermission('module_client', 2);

$client_id = intval($_GET['archive_client']);

Expand All @@ -175,6 +176,8 @@

if (isset($_GET['undo_archive_client'])) {

enforceUserPermission('module_client', 2);

$client_id = intval($_GET['undo_archive_client']);

// Get Client Name
Expand All @@ -194,10 +197,8 @@

if (isset($_GET['delete_client'])) {

validateAdminRole();

// CSRF Check
validateCSRFToken($_GET['csrf_token']);
enforceUserPermission('module_client', 3);

$client_id = intval($_GET['delete_client']);

Expand Down Expand Up @@ -337,6 +338,8 @@

if (isset($_POST['export_clients_csv'])) {

enforceUserPermission('module_client', 1);

//get records from database
$sql = mysqli_query($mysqli, "SELECT * FROM clients
LEFT JOIN contacts ON clients.client_id = contacts.contact_client_id AND contact_primary = 1
Expand Down Expand Up @@ -377,7 +380,7 @@

if (isset($_POST["import_clients_csv"])) {

validateTechRole();
enforceUserPermission('module_client', 2);

$file_name = $_FILES["file"]["tmp_name"];
$error = false;
Expand Down Expand Up @@ -604,14 +607,21 @@

if (isset($_POST['export_client_pdf'])) {

validateAdminRole();
// TODO: Enforce perms based on which individual boxes are ticked
enforceUserPermission('module_client', 3);
enforceUserPermission('module_support', 1);
enforceUserPermission('module_sales', 1);
enforceUserPermission('module_financial', 1);

$client_id = intval($_POST['client_id']);
$export_contacts = intval($_POST['export_contacts']);
$export_locations = intval($_POST['export_locations']);
$export_assets = intval($_POST['export_assets']);
$export_software = intval($_POST['export_software']);
$export_logins = intval($_POST['export_logins']);
$export_logins = 0;
if (lookupUserPermission("module_credential") >= 1) {
$export_logins = intval($_POST['export_logins']);
}
$export_networks = intval($_POST['export_networks']);
$export_certificates = intval($_POST['export_certificates']);
$export_domains = intval($_POST['export_domains']);
Expand Down
Loading

0 comments on commit 23f776e

Please sign in to comment.