Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Permissions - clients and tickets #1064

Merged
merged 1 commit into from
Sep 20, 2024
+121 −106
Merged

Permissions - clients and tickets #1064

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions client_add_modal.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@
</button>
</div>
<form action="post.php" method="post" autocomplete="off">
<input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
<input type="hidden" name="lead" value="0">
<input type="hidden" name="net_terms" value="0">
<input type="hidden" name="currency_code" value="<?php echo $session_company_currency; ?>">
Expand Down
6 changes: 3 additions & 3 deletions client_tickets.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -119,7 +119,7 @@
<th><a class="text-dark" href="?<?php echo $url_query_strings_sort; ?>&sort=ticket_number&order=<?php echo $disp; ?>">Number</a></th>
<th><a class="text-dark" href="?<?php echo $url_query_strings_sort; ?>&sort=ticket_subject&order=<?php echo $disp; ?>">Subject</a></th>
<th><a class="text-dark" href="?<?php echo $url_query_strings_sort; ?>&sort=contact_name&order=<?php echo $disp; ?>">Contact</a></th>
<?php if ($config_module_enable_accounting) { ?>
<?php if ($config_module_enable_accounting && lookupUserPermission("module_sales") >= 2) { ?>
<th class="text-center"><a class="text-dark" href="?<?php echo $url_query_strings_sort; ?>&sort=ticket_billable&order=<?php echo $disp; ?>">Billable</a></th>
<?php } ?>
<th><a class="text-dark" href="?<?php echo $url_query_strings_sort; ?>&sort=ticket_priority&order=<?php echo $disp; ?>">Priority</a></th>
Expand Down Expand Up @@ -237,8 +237,8 @@
<a href="#" data-toggle="modal" data-target="#editTicketContactModal<?php echo $ticket_id; ?>"><?php echo $contact_display; ?></a>
</td>

<!-- Ticket Billable (if accounting enabled -->
<?php if ($config_module_enable_accounting) { ?>
<!-- Ticket Billable (if accounting perms & enabled) -->
<?php if ($config_module_enable_accounting && lookupUserPermission("module_sales") >= 2) { ?>
<td class="text-center">
<a href="#" data-toggle="modal" data-target="#editTicketBillableModal<?php echo $ticket_id; ?>">
<?php
Expand Down
26 changes: 13 additions & 13 deletions clients.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -96,11 +96,11 @@
<div class="card-header py-2">
<h3 class="card-title mt-2"><i class="fa fa-fw fa-user-friends mr-2"></i><?php if($leads == 0){ echo "Client"; } else { echo "Lead"; } ?> Management</h3>
<div class="card-tools">
<?php if ($session_user_role == 3) { ?>
<?php if (lookupUserPermission("module_client") >= 2) { ?>
<div class="btn-group">
<button type="button" class="btn btn-primary" data-toggle="modal" data-target="#addClientModal">
<i class="fas fa-plus mr-2"></i>New
<?php if($leads == 0){ echo "Client"; } else { echo "Lead"; } ?>
<?php if ($leads == 0) { echo "Client"; } else { echo "Lead"; } ?>
</button>
<button type="button" class="btn btn-primary dropdown-toggle dropdown-toggle-split" data-toggle="dropdown"></button>
<div class="dropdown-menu">
Expand Down Expand Up @@ -134,13 +134,13 @@
<div class="col-md-8">
<div class="btn-toolbar float-right">
<div class="btn-group mr-2">
<a href="?leads=0" class="btn btn-<?php if($leads == 0){ echo "primary"; } else { echo "default"; } ?>"><i class="fa fa-fw fa-user-friends mr-2"></i>Clients</a>
<a href="?leads=1" class="btn btn-<?php if($leads == 1){ echo "primary"; } else { echo "default"; } ?>"><i class="fa fa-fw fa-bullhorn mr-2"></i>Leads</a>
<a href="?leads=0" class="btn btn-<?php if ($leads == 0){ echo "primary"; } else { echo "default"; } ?>"><i class="fa fa-fw fa-user-friends mr-2"></i>Clients</a>
<a href="?leads=1" class="btn btn-<?php if ($leads == 1){ echo "primary"; } else { echo "default"; } ?>"><i class="fa fa-fw fa-bullhorn mr-2"></i>Leads</a>
</div>

<div class="btn-group mr-2">
<a href="?<?php echo $url_query_strings_sort ?>&archived=<?php if($archived == 1){ echo 0; } else { echo 1; } ?>"
class="btn btn-<?php if($archived == 1){ echo "primary"; } else { echo "default"; } ?>">
class="btn btn-<?php if ($archived == 1) { echo "primary"; } else { echo "default"; } ?>">
<i class="fa fa-fw fa-archive mr-2"></i>Archived
</a>
</div>
Expand Down Expand Up @@ -270,8 +270,8 @@ class="collapse mt-3
<?php if ($sort == 'contact_name') { echo $order_icon; } ?>
</a>
</th>
<?php if (($session_user_role == 3 || $session_user_role == 1) && $config_module_enable_accounting == 1) { ?> <th class="text-right">Billing</th> <?php } ?>
<?php if ($session_user_role == 3) { ?> <th class="text-center">Action</th> <?php } ?>
<?php if ((lookupUserPermission("module_financial") >= 1) && $config_module_enable_accounting == 1) { ?> <th class="text-right">Billing</th> <?php } ?>
<?php if (lookupUserPermission("module_client") >= 2) { ?> <th class="text-center">Action</th> <?php } ?>
</tr>
</thead>
<tbody>
Expand Down Expand Up @@ -387,7 +387,7 @@ class="collapse mt-3
</div>
<?php } ?>
<div class="mt-1 text-secondary">
<small><strong>Created:</strong> <?php echo $client_created_at; ?></small>
<small><strong>Created: </strong> <?php echo $client_created_at; ?></small>
</div>

</td>
Expand Down Expand Up @@ -425,8 +425,8 @@ class="collapse mt-3
<?php } ?>
</td>

<!-- Show Billing for Admin/Accountant roles only and if accounting module is enabled -->
<?php if (($session_user_role == 3 || $session_user_role == 1) && $config_module_enable_accounting == 1) { ?>
<!-- Show Billing if perms & if accounting module is enabled -->
<?php if ((lookupUserPermission("module_financial") >= 1) && $config_module_enable_accounting == 1) { ?>
<td class="text-right">
<div class="mt-1">
<span class="text-secondary">Balance</span> <span class="<?php echo $balance_text_color; ?>"><?php echo numfmt_format_currency($currency_format, $balance, $session_company_currency); ?></span>
Expand All @@ -443,8 +443,8 @@ class="collapse mt-3
</td>
<?php } ?>

<!-- Show actions for Admin role only -->
<?php if ($session_user_role == 3) { ?>
<!-- Actions -->
<?php if (lookupUserPermission("module_client") >= 2) { ?>
<td>
<div class="dropdown dropleft text-center">
<button class="btn btn-secondary btn-sm" type="button" data-toggle="dropdown">
Expand All @@ -457,7 +457,7 @@ class="collapse mt-3

<?php if (empty($client_archived_at)) { ?>
<div class="dropdown-divider"></div>
<a class="dropdown-item text-danger confirm-link" href="post.php?archive_client=<?php echo $client_id; ?>">
<a class="dropdown-item text-danger confirm-link" href="post.php?archive_client=<?php echo $client_id; ?>&csrf_token=<?php echo $_SESSION['csrf_token'] ?>">
<i class="fas fa-fw fa-archive mr-2"></i>Archive
</a>
<?php } ?>
Expand Down
25 changes: 14 additions & 11 deletions inc_client_top_head.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
<a href="#" data-toggle="collapse" data-target="#clientHeader"><h4 class="text-secondary" data-toggle="tooltip" data-placement="right" title="Client ID: <?php echo $client_id; ?>"><strong><?php echo $client_name; ?></strong> <?php if ($client_archived_at) { echo "(archived)"; } ?></h4></a>
</div>
<div class="col">
<?php if ($session_user_role == 3) { ?>
<?php if (lookupUserPermission("module_client") >= 2) { ?>
<div class="dropdown dropleft text-center">
<button class="btn btn-dark btn-sm float-right" type="button" data-toggle="dropdown">
<i class="fas fa-fw fa-ellipsis-v"></i>
Expand All @@ -14,14 +14,16 @@
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#editClientModal<?php echo $client_id; ?>">
<i class="fas fa-fw fa-edit mr-2"></i>Edit Client
</a>
<div class="dropdown-divider"></div>
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#exportClientPDFModal">
<i class="fas fa-fw fa-file-pdf mr-2"></i>Export Data
</a>
<?php if (lookupUserPermission("module_client") >= 3) { ?>
<div class="dropdown-divider"></div>
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#exportClientPDFModal">
<i class="fas fa-fw fa-file-pdf mr-2"></i>Export Data
</a>
<?php } ?>

<?php if (empty($client_archived_at)) { ?>
<div class="dropdown-divider"></div>
<a class="dropdown-item text-danger confirm-link" href="post.php?archive_client=<?php echo $client_id; ?>">
<a class="dropdown-item text-danger confirm-link" href="post.php?archive_client=<?php echo $client_id; ?>&csrf_token=<?php echo $_SESSION['csrf_token'] ?>">
<i class="fas fa-fw fa-archive mr-2"></i>Archive Client
</a>
<?php } else { ?>
Expand All @@ -31,7 +33,7 @@
</a>
<?php } ?>

<?php if ($session_user_role == 3 && $client_archived_at) { ?>
<?php if (lookupUserPermission("module_client") >= 3 && $client_archived_at) { ?>
<div class="dropdown-divider"></div>
<a class="dropdown-item text-danger text-bold" href="#" data-toggle="modal" data-target="#deleteClientModal<?php echo $client_id; ?>">
<i class="fas fa-fw fa-trash mr-2"></i>Delete Client
Expand Down Expand Up @@ -115,8 +117,8 @@

</div>

<?php if ($session_user_role == 1 || $session_user_role == 3 && $config_module_enable_accounting == 1) { ?>
<div class="col-md border-left border-top">
<?php if (lookupUserPermission("module_financial") >= 1 && $config_module_enable_accounting == 1) { ?>
<div class="col-md border-left border-top">
<h5 class="text-secondary mt-1">Billing</h5>
<div class="ml-1 text-secondary">Hourly Rate
<span class="text-dark float-right"> <?php echo numfmt_format_currency($currency_format, $client_rate, $client_currency_code); ?></span>
Expand All @@ -141,8 +143,8 @@
</div>
<?php } ?>


<div class="col-md border-left border-top">
<?php if (lookupUserPermission("module_support") >= 1 && $config_module_enable_ticketing == 1) { ?>
<div class="col-md border-left border-top">
<h5 class="text-secondary mt-1">Support</h5>
<div class="ml-1 text-secondary">Open Tickets
<span class="text-dark float-right"><?php echo $num_active_tickets; ?></span>
Expand All @@ -156,6 +158,7 @@
<?php echo $client_tags_display; ?>
<?php } ?>
</div>
<?php } ?>

</div>
</div>
Expand Down
34 changes: 22 additions & 12 deletions post/client.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,10 +6,10 @@

if (isset($_POST['add_client'])) {

require_once 'post/client_model.php';

validateCSRFToken($_POST['csrf_token']);
enforceUserPermission('module_client', 2);

validateAdminRole();
require_once 'post/client_model.php';

$location_phone = preg_replace("/[^0-9]/", '', $_POST['location_phone']);
$address = sanitizeInput($_POST['address']);
Expand Down Expand Up @@ -117,9 +117,9 @@

if (isset($_POST['edit_client'])) {

require_once 'post/client_model.php';
enforceUserPermission('module_client', 2);

validateAdminRole();
require_once 'post/client_model.php';

$client_id = intval($_POST['client_id']);

Expand Down Expand Up @@ -153,7 +153,8 @@

if (isset($_GET['archive_client'])) {

validateAdminRole();
validateCSRFToken($_GET['csrf_token']);
enforceUserPermission('module_client', 2);

$client_id = intval($_GET['archive_client']);

Expand All @@ -175,6 +176,8 @@

if (isset($_GET['undo_archive_client'])) {

enforceUserPermission('module_client', 2);

$client_id = intval($_GET['undo_archive_client']);

// Get Client Name
Expand All @@ -194,10 +197,8 @@

if (isset($_GET['delete_client'])) {

validateAdminRole();

// CSRF Check
validateCSRFToken($_GET['csrf_token']);
enforceUserPermission('module_client', 3);

$client_id = intval($_GET['delete_client']);

Expand Down Expand Up @@ -337,6 +338,8 @@

if (isset($_POST['export_clients_csv'])) {

enforceUserPermission('module_client', 1);

//get records from database
$sql = mysqli_query($mysqli, "SELECT * FROM clients
LEFT JOIN contacts ON clients.client_id = contacts.contact_client_id AND contact_primary = 1
Expand Down Expand Up @@ -377,7 +380,7 @@

if (isset($_POST["import_clients_csv"])) {

validateTechRole();
enforceUserPermission('module_client', 2);

$file_name = $_FILES["file"]["tmp_name"];
$error = false;
Expand Down Expand Up @@ -604,14 +607,21 @@

if (isset($_POST['export_client_pdf'])) {

validateAdminRole();
// TODO: Enforce perms based on which individual boxes are ticked
enforceUserPermission('module_client', 3);
enforceUserPermission('module_support', 1);
enforceUserPermission('module_sales', 1);
enforceUserPermission('module_financial', 1);

$client_id = intval($_POST['client_id']);
$export_contacts = intval($_POST['export_contacts']);
$export_locations = intval($_POST['export_locations']);
$export_assets = intval($_POST['export_assets']);
$export_software = intval($_POST['export_software']);
$export_logins = intval($_POST['export_logins']);
$export_logins = 0;
if (lookupUserPermission("module_credential") >= 1) {
$export_logins = intval($_POST['export_logins']);
}
$export_networks = intval($_POST['export_networks']);
$export_certificates = intval($_POST['export_certificates']);
$export_domains = intval($_POST['export_domains']);
Expand Down
Loading
Loading