$returnJSON['viewControlsMap'] = $pageObject->viewControlsHTMLMap; $returnJSON['settings'] = $pageObject->jsSettings; } $xt->assign("style_block", true); $xt->assign("stylefiles_block", true); $editlink = ""; $editkeys = array(); $editkeys["editid1"] = postvalue("editid1"); foreach ($editkeys as $key => $val) { if ($editlink) { $editlink .= "&"; } $editlink .= $key . "=" . $val; } $xt->assign("editlink_attrs", "id=\"editLink" . $id . "\" name=\"editLink" . $id . "\" onclick=\"window.location.href='pad_pad_customer_edit.php?" . $editlink . "'\""); $strPerm = GetUserPermissions($strTableName); if (CheckSecurity($ownerIdValue, "Edit") && !$inlineview && strpos($strPerm, "E") !== false) { $xt->assign("edit_button", true); } else { $xt->assign("edit_button", false); } if (!$pdf && !$all && !$inlineview) { ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// //Begin show Next Prev button $nextlink = $prevlink = ""; if (count($next)) { $xt->assign("next_button", true); $nextlink .= "editid1=" . htmlspecialchars(rawurlencode($next[1 - 1])); $xt->assign("nextbutton_attrs", "id=\"nextButton" . $id . "\""); } else { $xt->assign("next_button", false);
function SecuritySQL($strAction, $table = "") { global $strTableName; if (!strlen($table)) { $table = $strTableName; } $strPerm = GetUserPermissions($table); $strPerm = !strlen($strPerm) ? "S" : $strPerm; return SecuritySQL($strAction, $table, $strPerm); }
function SecuritySQL($strAction, $table = "") { global $strTableName; if (!strlen($table)) { $table = $strTableName; } $strPerm = GetUserPermissions($table); if (strpos($strPerm, "S") === false) { $strPerm .= "S"; } return SecuritySQL($strAction, $table, $strPerm); }
/** * Get permissions for pages * @intellisense */ function getPermissions($tName = "") { $resArr = array(); if (!$tName) { $tName = $this->tName; } $strPerm = GetUserPermissions($tName); if (isLogged()) { $resArr["add"] = strpos($strPerm, "A") !== false; $resArr["delete"] = strpos($strPerm, "D") !== false; $resArr["edit"] = strpos($strPerm, "E") !== false; } $resArr["search"] = strpos($strPerm, "S") !== false; $resArr["export"] = strpos($strPerm, "P") !== false; $resArr["import"] = strpos($strPerm, "I") !== false; return $resArr; }
function CheckPermissionsEvent($strTableName, $permission) { if (strpos(GetUserPermissions($strTableName), $permission) === false) { $_SESSION["MyURL"] = $_SERVER["SCRIPT_NAME"] . "?" . $_SERVER["QUERY_STRING"]; header("Location: menu.php"); exit; } return true; }
/** * Get the control's settings and build its HTML markup */ function buildControl($value, $mode, $fieldNum, $validate, $additionalCtrlParams, $data) { parent::buildControl($value, $mode, $fieldNum, $validate, $additionalCtrlParams, $data); $this->alt = ($mode == MODE_INLINE_EDIT || $mode == MODE_INLINE_ADD) && $this->is508 ? ' alt="' . runner_htmlspecialchars($this->strLabel) . '" ' : ""; $suffix = "_" . GoodFieldName($this->field) . "_" . $this->id; $this->clookupfield = "display_value" . ($fieldNum ? $fieldNum : '') . $suffix; $this->openlookup = "open_lookup" . $suffix; $this->cfield = "value" . $suffix; $this->ctype = "type" . $suffix; if ($fieldNum) { $this->cfield = "value" . $fieldNum . $suffix; $this->ctype = "type" . $fieldNum . $suffix; } $this->categoryFieldId = GoodFieldName($this->pageObject->pSetEdit->getCategoryControl($this->field)); $this->isLinkFieldEncrypted = $this->ciphererLink->isFieldPHPEncrypted($this->field); $this->horizontalLookup = $this->pageObject->pSetEdit->isHorizontalLookup($this->field); $this->strLookupWhere = GetLWWhere($this->field, $this->lookupPageType, $this->tName); // alter "add on the fly" settings $strPerm = GetUserPermissions($this->lookupTable); if (strpos($strPerm, "A") !== false && $this->LCType != LCT_LIST && $mode != MODE_SEARCH) { $this->addnewitem = $this->pageObject->pSetEdit->isAllowToAdd($this->field); $advancedadd = !$this->pageObject->pSetEdit->isSimpleAdd($this->field); if (!$advancedadd || $this->pageObject->pageType == PAGE_REGISTER) { $this->addnewitem = false; } } // prepare multi-select attributes $this->multiple = $this->multiselect ? " multiple" : ""; $this->postfix = $this->multiselect ? "[]" : ""; if ($this->multiselect) { $avalue = splitvalues($value); } else { $avalue = array((string) $value); } $searchOption = $additionalCtrlParams["option"]; // build the control if ($this->lookupType == LT_LISTOFVALUES) { $this->buildListOfValues($avalue, $value, $mode, $searchOption); } else { // build a table-based lookup $this->isDisplayFieldEncrypted = ($this->lookupType == LT_QUERY || $this->linkAndDisplaySame) && $this->ciphererDisplay->isFieldPHPEncrypted($this->lookupType == LT_QUERY ? $this->displayFieldName : $this->field); if ($this->LCType == LCT_AJAX || $this->LCType == LCT_LIST) { $this->buildAJAXLookup($avalue, $value, $mode, $searchOption); } else { $this->buildClassicLookup($avalue, $value, $mode, $searchOption); } } $this->buildControlEnd($validate); }
/** * @intellisense */ function CheckTablePermissions($strTableName, $permission) { if (strpos(GetUserPermissions($strTableName), $permission) === false) { return false; } return true; }
function BuildSelectControl($field, $value, $fieldNum = 0, $mode, $id = "", $additionalCtrlParams, &$pageObj) { global $conn, $strTableName; // read control settings $table = $strTableName; $strLabel = Label($field); $is508 = isEnableSection508(); $alt = ""; if (($mode == MODE_INLINE_EDIT || $mode == MODE_INLINE_ADD) && $is508) { $alt = ' alt="' . htmlspecialchars($strLabel) . '" '; } $cfield = "value_" . GoodFieldName($field) . "_" . $id; $clookupfield = "display_value_" . GoodFieldName($field) . "_" . $id; $openlookup = "open_lookup_" . GoodFieldName($field) . "_" . $id; $ctype = "type_" . GoodFieldName($field) . "_" . $id; if ($fieldNum) { $cfield = "value" . $fieldNum . "_" . GoodFieldName($field) . "_" . $id; $ctype = "type" . $fieldNum . "_" . GoodFieldName($field) . "_" . $id; } $addnewitem = false; $advancedadd = false; $strCategoryControl = CategoryControl($field, $table); $categoryFieldId = GoodFieldName(CategoryControl($field, $table)); $bUseCategory = UseCategory($field, $table); $dependentLookups = GetFieldData($table, $field, "DependentLookups", array()); $lookupType = GetLookupType($field, $table); $LCType = LookupControlType($field, $table); $horizontalLookup = GetFieldData($table, $field, "HorizontalLookup", false); $inputStyle = $additionalCtrlParams['style'] ? 'style="' . $additionalCtrlParams['style'] . '"' : ''; $lookupTable = GetLookupTable($field, $table); $strLookupWhere = LookupWhere($field, $table); $lookupSize = SelectSize($field, $table); if ($LCType == LCT_CBLIST) { $lookupSize = 2; } // simply > 1 for CBLIST $add_page = GetTableURL($lookupTable) . "_add.php"; $list_page = GetTableURL($lookupTable) . "_list.php"; $strPerm = GetUserPermissions($lookupTable); // alter "add on the fly" settings if (strpos($strPerm, "A") !== false) { $addnewitem = GetFieldData($table, $field, "AllowToAdd", false); $advancedadd = !GetFieldData($table, $field, "SimpleAdd", false); if (!$advancedadd) { $addnewitem = false; } } // alter lookuptype settings if ($LCType == LCT_LIST && strpos($strPerm, "S") === false) { $LCType = LCT_DROPDOWN; } if ($LCType == LCT_LIST) { $addnewitem = false; } if ($mode == MODE_SEARCH) { $addnewitem = false; } // prepare multi-select attributes $multiple = ""; $postfix = ""; if ($lookupSize > 1) { $avalue = splitvalues($value); $multiple = " multiple"; $postfix = "[]"; } else { $avalue = array((string) $value); } // prepare JS code $className = "DropDownLookup"; if ($LCType == LCT_AJAX) { $className = "EditBoxLookup"; } elseif ($LCType == LCT_LIST) { $className = "ListPageLookup"; } elseif ($LCType == LCT_CBLIST) { $className = "CheckBoxLookup"; } // build the control /////////////////////////////////////////////////////////////////////////////////////////////////////////////////// // list of values /////////////////////////////////////////////////////////////////////////////////////////////////////////////////// if ($lookupType == LT_LISTOFVALUES) { // read lookup values $arr = GetFieldData($table, $field, "LookupValues", array()); // print Type control to allow selecting nothing if ($lookupSize > 1) { echo "<input id=\"" . $ctype . "\" type=hidden name=\"" . $ctype . "\" value=\"multiselect\">"; } // dropdown control if ($LCType == LCT_DROPDOWN) { $alt = ""; echo '<select id="' . $cfield . '" size = "' . $lookupSize . '" ' . $alt . 'name="' . $cfield . $postfix . '" ' . $multiple . '>'; if ($lookupSize < 2) { echo '<option value="">' . mlang_message("PLEASE_SELECT") . '</option>'; } else { if ($mode == MODE_SEARCH) { echo '<option value=""> </option>'; } } foreach ($arr as $opt) { $res = array_search((string) $opt, $avalue); if (!($res === NULL || $res === FALSE)) { echo '<option value="' . htmlspecialchars($opt) . '" selected>' . htmlspecialchars($opt) . '</option>'; } else { echo '<option value="' . htmlspecialchars($opt) . '">' . htmlspecialchars($opt) . '</option>'; } } echo "</select>"; } elseif ($LCType == LCT_CBLIST) { echo '<div align=\'left\'>'; $spacer = '<br/>'; if ($horizontalLookup) { $spacer = ' '; } $i = 0; foreach ($arr as $opt) { echo '<input id="' . $cfield . '_' . $i . '" type="checkbox" ' . $alt . ' name="' . $cfield . $postfix . '" value="' . htmlspecialchars($opt) . '"'; $res = array_search((string) $opt, $avalue); if (!($res === NULL || $res === FALSE)) { echo ' checked="checked" '; } echo '/>'; echo ' <b id="data_' . $cfield . '_' . $i . '">' . htmlspecialchars($opt) . '</b>' . $spacer; $i++; } echo '</div>'; } return; } // build table-based lookup //////////////////////////////////////////////////////////////////////////////////////////// // table-based ajax-lookup control //////////////////////////////////////////////////////////////////////////////////////////// if ($LCType == LCT_AJAX || $LCType == LCT_LIST) { //////////////////////////////////////////////////////////////////////////////////////////// // dependent ajax-lookup control //////////////////////////////////////////////////////////////////////////////////////////// if (UseCategory($field)) { // ajax dependent dropdown // get parent value $celementvalue = "var parVal = ''; var parCtrl = Runner.controls.ControlManager.getAt('" . jsreplace($strTableName) . "', " . $id . ", '" . jsreplace($field) . "', 0).parentCtrl; if (parCtrl){ parVal = parCtrl.getStringValue();};"; if ($LCType == LCT_AJAX) { echo '<input type="text" categoryId="' . $categoryFieldId . '" autocomplete="off" id="' . $clookupfield . '" name="' . $clookupfield . '" ' . $inputStyle . '>'; } elseif ($LCType == LCT_LIST) { echo '<input type="text" categoryId="' . $categoryFieldId . '" autocomplete="off" id="' . $clookupfield . '" name="' . $clookupfield . '" readonly ' . $inputStyle . '>'; echo " <a href=# id=" . $openlookup . ">" . mlang_message("SELECT_LIST") . "</a>"; } echo '<input type="hidden" id="' . $cfield . '" name="' . $cfield . '">'; // add new item link if ($addnewitem) { echo " <a href=# id='addnew_" . $cfield . "'>" . mlang_message("ADD_NEW") . "</a>"; } return; } //////////////////////////////////////////////////////////////////////////////////////////// // regular ajax-lookup control //////////////////////////////////////////////////////////////////////////////////////////// // get the initial value $lookup_value = ""; $lookupSQL = buildLookupSQL($field, $table, "", $value, false, true, false, true); $rs_lookup = db_query($lookupSQL, $conn); if ($data = db_fetch_numarray($rs_lookup)) { $lookup_value = $data[1]; } elseif (strlen($strLookupWhere)) { // try w/o WHERE expression $lookupSQL = buildLookupSQL($field, $table, "", $value, false, true, false, true); $rs_lookup = db_query($lookupSQL, $conn); if ($data = db_fetch_numarray($rs_lookup)) { $lookup_value = $data[1]; } } // build the control if ($LCType == LCT_AJAX) { if (!strlen($lookup_value) && GetFieldData($strTableName, $field, "freeInput", false)) { $lookup_value = $value; } echo '<input type="text" ' . $inputStyle . ' autocomplete="off" ' . (($mode == MODE_INLINE_EDIT || $mode == MODE_INLINE_ADD) && $is508 == true ? 'alt="' . $strLabel . '" ' : '') . 'id="' . $clookupfield . '" name="' . $clookupfield . '" value="' . htmlspecialchars($lookup_value) . '">'; } elseif ($LCType == LCT_LIST) { echo '<input type="text" autocomplete="off" ' . $inputStyle . ' id="' . $clookupfield . '" ' . (($mode == MODE_INLINE_EDIT || $mode == MODE_INLINE_ADD) && $is508 == true ? 'alt="' . $strLabel . '" ' : '') . 'name="' . $clookupfield . '" value="' . htmlspecialchars($lookup_value) . '" readonly >'; echo " <a href=# id=" . $openlookup . ">" . mlang_message("SELECT_LIST") . "</a>"; } echo '<input type="hidden" id="' . $cfield . '" name="' . $cfield . '" value="' . htmlspecialchars($value) . '">'; // add new item if ($addnewitem) { echo " <a href=# id='addnew_" . $cfield . "'>" . mlang_message("ADD_NEW") . "</a>"; } return; } //////////////////////////////////////////////////////////////////////////////////////////// // classic lookup - start //////////////////////////////////////////////////////////////////////////////////////////// $lookupSQL = buildLookupSQL($field, $table, "", "", false, false, false); $rs = db_query($lookupSQL, $conn); //////////////////////////////////////////////////////////////////////////////////////////// // dependent classic lookup //////////////////////////////////////////////////////////////////////////////////////////// if ($bUseCategory) { // print Type control to allow selecting nothing if ($lookupSize > 1) { echo "<input id=\"" . $ctype . "\" type=hidden name=\"" . $ctype . "\" value=\"multiselect\">"; } echo '<select size = "' . $lookupSize . '" id="' . $cfield . '" name="' . $cfield . $postfix . '"' . $multiple . '>'; echo '<option value="">' . mlang_message("PLEASE_SELECT") . '</option>'; echo "</select>"; if ($addnewitem) { echo " <a href=# id='addnew_" . $cfield . "'>" . mlang_message("ADD_NEW") . "</a>"; } return; } //////////////////////////////////////////////////////////////////////////////////////////// // simple classic lookup //////////////////////////////////////////////////////////////////////////////////////////// // print control header if ($lookupSize > 1) { echo "<input id=\"" . $ctype . "\" type=hidden name=\"" . $ctype . "\" value=\"multiselect\">"; } if ($LCType != LCT_CBLIST) { echo '<select size = "' . $lookupSize . '" id="' . $cfield . '" ' . (($mode == MODE_INLINE_EDIT || $mode == MODE_INLINE_ADD) && $is508 == true ? 'alt="' . $strLabel . '" ' : '') . 'name="' . $cfield . $postfix . '"' . $multiple . '>'; if ($lookupSize < 2) { echo '<option value="">' . mlang_message("PLEASE_SELECT") . '</option>'; } else { if ($mode == MODE_SEARCH) { echo '<option value=""> </option>'; } } } else { echo '<div align=\'left\'>'; $spacer = '<br/>'; if ($horizontalLookup) { $spacer = ' '; } } // print lookup data $found = false; $i = 0; while ($data = db_fetch_numarray($rs)) { $res = array_search((string) $data[0], $avalue); $checked = ""; if (!($res === NULL || $res === FALSE)) { $found = true; if ($LCType == LCT_CBLIST) { $checked = " checked=\"checked\""; } else { $checked = " selected"; } } if ($LCType == LCT_CBLIST) { echo '<input id="' . $cfield . '_' . $i . '" type="checkbox" ' . $alt . ' name="' . $cfield . $postfix . '" value="' . htmlspecialchars($data[0]) . '"' . $checked . '/>'; echo ' <b id="data_' . $cfield . '_' . $i . '">' . htmlspecialchars($data[1]) . '</b>' . $spacer; } else { echo '<option value="' . htmlspecialchars($data[0]) . '"' . $checked . '>' . htmlspecialchars($data[1]) . '</option>'; } $i++; } // try the same query w/o WHERE clause if current value not found if (!$found && strlen($value) && $mode == MODE_EDIT && strlen($strLookupWhere)) { $lookupSQL = buildLookupSQL($field, $table, "", $value, false, true, false, false, true); $rs = db_query($lookupSQL, $conn); if ($data = db_fetch_numarray($rs)) { if ($LCType == LCT_CBLIST) { echo '<input id="' . $cfield . '_' . $i . '" type="checkbox" ' . $alt . ' name="' . $cfield . $postfix . '" value="' . htmlspecialchars($data[0]) . '" checked="checked"/>'; echo ' <b id="data_' . $cfield . '_' . $i . '">' . htmlspecialchars($data[1]) . '</b>' . $spacer; } else { echo '<option value="' . htmlspecialchars($data[0]) . '" selected>' . htmlspecialchars($data[1]) . '</option>'; } } } // print footer if ($LCType != LCT_CBLIST) { echo "</select>"; } else { echo '</div>'; } // add new item if ($addnewitem) { echo " <a href=# id='addnew_" . $cfield . "'>" . mlang_message("ADD_NEW") . "</a>"; } }
/** * Get permissions for pages */ function getPermissions($tName = "") { $resArr = array(); if (!$this->isGroupSecurity) { $resArr["add"] = true; $resArr["delete"] = true; $resArr["edit"] = true; $resArr["search"] = true; $resArr["export"] = true; $resArr["import"] = true; } else { if (!$tName) { $tName = $this->tName; } $strPerm = GetUserPermissions($tName); $resArr["add"] = strpos($strPerm, "A") !== false; $resArr["delete"] = strpos($strPerm, "D") !== false; $resArr["edit"] = strpos($strPerm, "E") !== false; $resArr["search"] = strpos($strPerm, "S") !== false; $resArr["export"] = strpos($strPerm, "P") !== false; $resArr["import"] = strpos($strPerm, "I") !== false; } return $resArr; }
function getSearchPerm($tName = "") { global $isGroupSecurity; $tName = $tName ? $tName : $this->tName; if (!$isGroupSecurity) { return true; } $strPerm = GetUserPermissions($tName); return strpos($strPerm, "S") !== false; }
function buildControl($value, $mode, $fieldNum = 0, $validate, $additionalCtrlParams, $data) { parent::buildControl($value, $mode, $fieldNum, $validate, $additionalCtrlParams, $data); global $conn; $this->conn = $conn; // read control settings $this->alt = ""; if (($mode == MODE_INLINE_EDIT || $mode == MODE_INLINE_ADD) && $this->is508) { $this->alt = ' alt="' . htmlspecialchars($this->strLabel) . '" '; } $this->cfield = "value_" . GoodFieldName($this->field) . "_" . $this->id; $this->clookupfield = "display_value" . ($fieldNum ? $fieldNum : '') . "_" . GoodFieldName($this->field) . "_" . $this->id; $this->openlookup = "open_lookup_" . GoodFieldName($this->field) . "_" . $this->id; $this->ctype = "type_" . GoodFieldName($this->field) . "_" . $this->id; if ($fieldNum) { $this->cfield = "value" . $fieldNum . "_" . GoodFieldName($this->field) . "_" . $this->id; $this->ctype = "type" . $fieldNum . "_" . GoodFieldName($this->field) . "_" . $this->id; } $this->addnewitem = false; $advancedadd = false; //$this->strCategoryControl = $this->pageObject->pSetEdit->getCategoryControl($this->field); $this->categoryFieldId = GoodFieldName($this->pageObject->pSetEdit->getCategoryControl($this->field)); $this->bUseCategory = $this->pageObject->pSetEdit->useCategory($this->field); $dependentLookups = $this->pageObject->pSetEdit->getDependentLookups($this->field); $this->isLinkFieldEncrypted = $this->ciphererLink->isFieldPHPEncrypted($this->field); $this->horizontalLookup = $this->pageObject->pSetEdit->isHorizontalLookup($this->field); //$this->inputStyle = ($additionalCtrlParams['style'] ? 'style="'.$additionalCtrlParams['style'].'"' : ''); $this->strLookupWhere = GetLWWhere($this->field, $this->lookupPageType, $this->pageObject->tName); $this->lookupSize = $this->pageObject->pSetEdit->selectSize($this->field); if ($this->LCType == LCT_CBLIST) { $this->lookupSize = 2; } // simply > 1 for CBLIST $add_page = GetTableURL($this->lookupTable) . "_add.php"; $list_page = GetTableURL($this->lookupTable) . "_list.php"; $strPerm = GetUserPermissions($this->lookupTable); // alter "add on the fly" settings if (strpos($strPerm, "A") !== false) { $this->addnewitem = $this->pageObject->pSetEdit->isAllowToAdd($this->field); $advancedadd = !$this->pageObject->pSetEdit->isSimpleAdd($this->field); if (!$advancedadd) { $this->addnewitem = false; } } // alter lookuptype settings if ($this->LCType == LCT_LIST && strpos($strPerm, "S") === false) { $this->LCType = LCT_DROPDOWN; } if ($this->LCType == LCT_LIST) { $this->addnewitem = false; } if ($mode == MODE_SEARCH) { $this->addnewitem = false; } // prepare multi-select attributes $this->multiple = ""; $this->postfix = ""; if ($this->lookupSize > 1) { $avalue = splitvalues($value); $this->multiple = " multiple"; $this->postfix = "[]"; } else { $avalue = array((string) $value); } // prepare JS code $className = "DropDownLookup"; if ($this->LCType == LCT_AJAX) { $className = "EditBoxLookup"; } elseif ($this->LCType == LCT_LIST) { $className = "ListPageLookup"; } elseif ($this->LCType == LCT_CBLIST) { $className = "CheckBoxLookup"; } // build the control /////////////////////////////////////////////////////////////////////////////////////////////////////////////////// // list of values /////////////////////////////////////////////////////////////////////////////////////////////////////////////////// if ($this->lookupType == LT_LISTOFVALUES) { $this->buildListOfValues($avalue, $value, $mode); } else { // build table-based lookup $this->isDisplayFieldEncrypted = ($this->lookupType == LT_QUERY || $this->linkAndDisplaySame) && $this->ciphererDisplay->isFieldPHPEncrypted($this->lookupType == LT_QUERY ? $this->displayFieldName : $this->field); //////////////////////////////////////////////////////////////////////////////////////////// // table-based ajax-lookup control //////////////////////////////////////////////////////////////////////////////////////////// if ($this->LCType == LCT_AJAX || $this->LCType == LCT_LIST) { $this->buildAJAXLookup($value, $mode); } else { $this->buildClassicLookup($avalue, $value, $mode); } } $this->buildControlEnd($validate); }
/** * Add security WHERE clause to SELECT SQL command * @intellisense */ function SecuritySQL($strAction, $table="", $strPerm="") { global $cAdvSecurityMethod,$strTableName; if (!strlen($table)) $table = $strTableName; $pSet = new ProjectSettings($table); $ownerid=@$_SESSION["_".$table."_OwnerID"]; $ret=""; if(@$_SESSION["AccessLevel"]==ACCESS_LEVEL_ADMIN) return ""; $ret=""; if(!strlen($strPerm)) $strPerm = GetUserPermissions($table); if( strpos($strPerm, "M") === false ) { } if($strAction=="Edit" && !(strpos($strPerm, "E")===false) || $strAction=="Delete" && !(strpos($strPerm, "D")===false) || $strAction=="Search" && !(strpos($strPerm, "S")===false) || $strAction=="Export" && !(strpos($strPerm, "P")===false) ) return $ret; else return "1=0"; return ""; }
function GetTablesListReport() { $arr=array(); $securityFlag = true; $strPerm = GetUserPermissions("webreport_users"); $securityFlag = strpos($strPerm, "P") !== false || strpos($strPerm, "S") !== false; if($securityFlag) { $value="webreport_users"; if(substr($value,-6)!="_audit" && substr($value,-8)!="_locking" && substr($value,-9)!="_ugrights" && substr($value,-9)!="_uggroups" && substr($value,-10)!="_ugmembers" && $value!="webreports" && $value!="webreport_style" && $value!="webreport_settings" && $value!="webreport_admin" && $value!="webreport_sql") $arr[]="webreport_users"; } return $arr; }
/** * Check if user have permission for link * * @return bool */ function isUserHaveTablePerm() { global $strTableName; if ($this->pageType == "WebReports") { return true; } if (!strlen($this->table)) { return false; } $strPerm = GetUserPermissions($this->table); $pageType = ''; if ($this->pageType == "List" || $this->pageType == "Search" || $this->pageType == "Report" || $this->pageType == "Chart") { $pageType = "S"; } elseif ($this->pageType == "Add") { $pageType = "A"; } elseif ($this->pageType == "Edit") { $pageType = "E"; } elseif ($this->pageType == "Print") { $pageType = "P"; } if (strpos($strPerm, $pageType) !== false) { return true; } else { return false; } }