Ejemplo n.º 1
0
     $returnJSON['viewControlsMap'] = $pageObject->viewControlsHTMLMap;
     $returnJSON['settings'] = $pageObject->jsSettings;
 }
 $xt->assign("style_block", true);
 $xt->assign("stylefiles_block", true);
 $editlink = "";
 $editkeys = array();
 $editkeys["editid1"] = postvalue("editid1");
 foreach ($editkeys as $key => $val) {
     if ($editlink) {
         $editlink .= "&";
     }
     $editlink .= $key . "=" . $val;
 }
 $xt->assign("editlink_attrs", "id=\"editLink" . $id . "\" name=\"editLink" . $id . "\" onclick=\"window.location.href='pad_pad_customer_edit.php?" . $editlink . "'\"");
 $strPerm = GetUserPermissions($strTableName);
 if (CheckSecurity($ownerIdValue, "Edit") && !$inlineview && strpos($strPerm, "E") !== false) {
     $xt->assign("edit_button", true);
 } else {
     $xt->assign("edit_button", false);
 }
 if (!$pdf && !$all && !$inlineview) {
     //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
     //Begin show Next Prev button
     $nextlink = $prevlink = "";
     if (count($next)) {
         $xt->assign("next_button", true);
         $nextlink .= "editid1=" . htmlspecialchars(rawurlencode($next[1 - 1]));
         $xt->assign("nextbutton_attrs", "id=\"nextButton" . $id . "\"");
     } else {
         $xt->assign("next_button", false);
Ejemplo n.º 2
0
 function SecuritySQL($strAction, $table = "")
 {
     global $strTableName;
     if (!strlen($table)) {
         $table = $strTableName;
     }
     $strPerm = GetUserPermissions($table);
     $strPerm = !strlen($strPerm) ? "S" : $strPerm;
     return SecuritySQL($strAction, $table, $strPerm);
 }
Ejemplo n.º 3
0
 function SecuritySQL($strAction, $table = "")
 {
     global $strTableName;
     if (!strlen($table)) {
         $table = $strTableName;
     }
     $strPerm = GetUserPermissions($table);
     if (strpos($strPerm, "S") === false) {
         $strPerm .= "S";
     }
     return SecuritySQL($strAction, $table, $strPerm);
 }
Ejemplo n.º 4
0
 /**
  * Get permissions for pages
  * @intellisense
  */
 function getPermissions($tName = "")
 {
     $resArr = array();
     if (!$tName) {
         $tName = $this->tName;
     }
     $strPerm = GetUserPermissions($tName);
     if (isLogged()) {
         $resArr["add"] = strpos($strPerm, "A") !== false;
         $resArr["delete"] = strpos($strPerm, "D") !== false;
         $resArr["edit"] = strpos($strPerm, "E") !== false;
     }
     $resArr["search"] = strpos($strPerm, "S") !== false;
     $resArr["export"] = strpos($strPerm, "P") !== false;
     $resArr["import"] = strpos($strPerm, "I") !== false;
     return $resArr;
 }
Ejemplo n.º 5
0
function CheckPermissionsEvent($strTableName, $permission)
{
    if (strpos(GetUserPermissions($strTableName), $permission) === false) {
        $_SESSION["MyURL"] = $_SERVER["SCRIPT_NAME"] . "?" . $_SERVER["QUERY_STRING"];
        header("Location: menu.php");
        exit;
    }
    return true;
}
Ejemplo n.º 6
0
 /**
  * Get the control's settings and build its HTML markup
  */
 function buildControl($value, $mode, $fieldNum, $validate, $additionalCtrlParams, $data)
 {
     parent::buildControl($value, $mode, $fieldNum, $validate, $additionalCtrlParams, $data);
     $this->alt = ($mode == MODE_INLINE_EDIT || $mode == MODE_INLINE_ADD) && $this->is508 ? ' alt="' . runner_htmlspecialchars($this->strLabel) . '" ' : "";
     $suffix = "_" . GoodFieldName($this->field) . "_" . $this->id;
     $this->clookupfield = "display_value" . ($fieldNum ? $fieldNum : '') . $suffix;
     $this->openlookup = "open_lookup" . $suffix;
     $this->cfield = "value" . $suffix;
     $this->ctype = "type" . $suffix;
     if ($fieldNum) {
         $this->cfield = "value" . $fieldNum . $suffix;
         $this->ctype = "type" . $fieldNum . $suffix;
     }
     $this->categoryFieldId = GoodFieldName($this->pageObject->pSetEdit->getCategoryControl($this->field));
     $this->isLinkFieldEncrypted = $this->ciphererLink->isFieldPHPEncrypted($this->field);
     $this->horizontalLookup = $this->pageObject->pSetEdit->isHorizontalLookup($this->field);
     $this->strLookupWhere = GetLWWhere($this->field, $this->lookupPageType, $this->tName);
     //	alter "add on the fly" settings
     $strPerm = GetUserPermissions($this->lookupTable);
     if (strpos($strPerm, "A") !== false && $this->LCType != LCT_LIST && $mode != MODE_SEARCH) {
         $this->addnewitem = $this->pageObject->pSetEdit->isAllowToAdd($this->field);
         $advancedadd = !$this->pageObject->pSetEdit->isSimpleAdd($this->field);
         if (!$advancedadd || $this->pageObject->pageType == PAGE_REGISTER) {
             $this->addnewitem = false;
         }
     }
     // prepare multi-select attributes
     $this->multiple = $this->multiselect ? " multiple" : "";
     $this->postfix = $this->multiselect ? "[]" : "";
     if ($this->multiselect) {
         $avalue = splitvalues($value);
     } else {
         $avalue = array((string) $value);
     }
     $searchOption = $additionalCtrlParams["option"];
     //	build the control
     if ($this->lookupType == LT_LISTOFVALUES) {
         $this->buildListOfValues($avalue, $value, $mode, $searchOption);
     } else {
         // build a table-based lookup
         $this->isDisplayFieldEncrypted = ($this->lookupType == LT_QUERY || $this->linkAndDisplaySame) && $this->ciphererDisplay->isFieldPHPEncrypted($this->lookupType == LT_QUERY ? $this->displayFieldName : $this->field);
         if ($this->LCType == LCT_AJAX || $this->LCType == LCT_LIST) {
             $this->buildAJAXLookup($avalue, $value, $mode, $searchOption);
         } else {
             $this->buildClassicLookup($avalue, $value, $mode, $searchOption);
         }
     }
     $this->buildControlEnd($validate);
 }
Ejemplo n.º 7
0
/**
 * @intellisense
 */
function CheckTablePermissions($strTableName, $permission)
{
    if (strpos(GetUserPermissions($strTableName), $permission) === false) {
        return false;
    }
    return true;
}
function BuildSelectControl($field, $value, $fieldNum = 0, $mode, $id = "", $additionalCtrlParams, &$pageObj)
{
    global $conn, $strTableName;
    //	read control settings
    $table = $strTableName;
    $strLabel = Label($field);
    $is508 = isEnableSection508();
    $alt = "";
    if (($mode == MODE_INLINE_EDIT || $mode == MODE_INLINE_ADD) && $is508) {
        $alt = ' alt="' . htmlspecialchars($strLabel) . '" ';
    }
    $cfield = "value_" . GoodFieldName($field) . "_" . $id;
    $clookupfield = "display_value_" . GoodFieldName($field) . "_" . $id;
    $openlookup = "open_lookup_" . GoodFieldName($field) . "_" . $id;
    $ctype = "type_" . GoodFieldName($field) . "_" . $id;
    if ($fieldNum) {
        $cfield = "value" . $fieldNum . "_" . GoodFieldName($field) . "_" . $id;
        $ctype = "type" . $fieldNum . "_" . GoodFieldName($field) . "_" . $id;
    }
    $addnewitem = false;
    $advancedadd = false;
    $strCategoryControl = CategoryControl($field, $table);
    $categoryFieldId = GoodFieldName(CategoryControl($field, $table));
    $bUseCategory = UseCategory($field, $table);
    $dependentLookups = GetFieldData($table, $field, "DependentLookups", array());
    $lookupType = GetLookupType($field, $table);
    $LCType = LookupControlType($field, $table);
    $horizontalLookup = GetFieldData($table, $field, "HorizontalLookup", false);
    $inputStyle = $additionalCtrlParams['style'] ? 'style="' . $additionalCtrlParams['style'] . '"' : '';
    $lookupTable = GetLookupTable($field, $table);
    $strLookupWhere = LookupWhere($field, $table);
    $lookupSize = SelectSize($field, $table);
    if ($LCType == LCT_CBLIST) {
        $lookupSize = 2;
    }
    // simply > 1 for CBLIST
    $add_page = GetTableURL($lookupTable) . "_add.php";
    $list_page = GetTableURL($lookupTable) . "_list.php";
    $strPerm = GetUserPermissions($lookupTable);
    //	alter "add on the fly" settings
    if (strpos($strPerm, "A") !== false) {
        $addnewitem = GetFieldData($table, $field, "AllowToAdd", false);
        $advancedadd = !GetFieldData($table, $field, "SimpleAdd", false);
        if (!$advancedadd) {
            $addnewitem = false;
        }
    }
    //	alter lookuptype settings
    if ($LCType == LCT_LIST && strpos($strPerm, "S") === false) {
        $LCType = LCT_DROPDOWN;
    }
    if ($LCType == LCT_LIST) {
        $addnewitem = false;
    }
    if ($mode == MODE_SEARCH) {
        $addnewitem = false;
    }
    //	prepare multi-select attributes
    $multiple = "";
    $postfix = "";
    if ($lookupSize > 1) {
        $avalue = splitvalues($value);
        $multiple = " multiple";
        $postfix = "[]";
    } else {
        $avalue = array((string) $value);
    }
    //	prepare JS code
    $className = "DropDownLookup";
    if ($LCType == LCT_AJAX) {
        $className = "EditBoxLookup";
    } elseif ($LCType == LCT_LIST) {
        $className = "ListPageLookup";
    } elseif ($LCType == LCT_CBLIST) {
        $className = "CheckBoxLookup";
    }
    //	build the control
    ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////
    //	list of values
    ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////
    if ($lookupType == LT_LISTOFVALUES) {
        //	read lookup values
        $arr = GetFieldData($table, $field, "LookupValues", array());
        //	print Type control to allow selecting nothing
        if ($lookupSize > 1) {
            echo "<input id=\"" . $ctype . "\" type=hidden name=\"" . $ctype . "\" value=\"multiselect\">";
        }
        //	dropdown control
        if ($LCType == LCT_DROPDOWN) {
            $alt = "";
            echo '<select id="' . $cfield . '" size = "' . $lookupSize . '" ' . $alt . 'name="' . $cfield . $postfix . '" ' . $multiple . '>';
            if ($lookupSize < 2) {
                echo '<option value="">' . mlang_message("PLEASE_SELECT") . '</option>';
            } else {
                if ($mode == MODE_SEARCH) {
                    echo '<option value=""> </option>';
                }
            }
            foreach ($arr as $opt) {
                $res = array_search((string) $opt, $avalue);
                if (!($res === NULL || $res === FALSE)) {
                    echo '<option value="' . htmlspecialchars($opt) . '" selected>' . htmlspecialchars($opt) . '</option>';
                } else {
                    echo '<option value="' . htmlspecialchars($opt) . '">' . htmlspecialchars($opt) . '</option>';
                }
            }
            echo "</select>";
        } elseif ($LCType == LCT_CBLIST) {
            echo '<div align=\'left\'>';
            $spacer = '<br/>';
            if ($horizontalLookup) {
                $spacer = '&nbsp;';
            }
            $i = 0;
            foreach ($arr as $opt) {
                echo '<input id="' . $cfield . '_' . $i . '" type="checkbox" ' . $alt . ' name="' . $cfield . $postfix . '" value="' . htmlspecialchars($opt) . '"';
                $res = array_search((string) $opt, $avalue);
                if (!($res === NULL || $res === FALSE)) {
                    echo ' checked="checked" ';
                }
                echo '/>';
                echo '&nbsp;<b id="data_' . $cfield . '_' . $i . '">' . htmlspecialchars($opt) . '</b>' . $spacer;
                $i++;
            }
            echo '</div>';
        }
        return;
    }
    // build table-based lookup
    ////////////////////////////////////////////////////////////////////////////////////////////
    //	table-based ajax-lookup control
    ////////////////////////////////////////////////////////////////////////////////////////////
    if ($LCType == LCT_AJAX || $LCType == LCT_LIST) {
        ////////////////////////////////////////////////////////////////////////////////////////////
        //	dependent ajax-lookup control
        ////////////////////////////////////////////////////////////////////////////////////////////
        if (UseCategory($field)) {
            // ajax	dependent dropdown
            // get parent value
            $celementvalue = "var parVal = ''; var parCtrl = Runner.controls.ControlManager.getAt('" . jsreplace($strTableName) . "', " . $id . ", '" . jsreplace($field) . "', 0).parentCtrl; if (parCtrl){ parVal = parCtrl.getStringValue();};";
            if ($LCType == LCT_AJAX) {
                echo '<input type="text" categoryId="' . $categoryFieldId . '" autocomplete="off" id="' . $clookupfield . '" name="' . $clookupfield . '" ' . $inputStyle . '>';
            } elseif ($LCType == LCT_LIST) {
                echo '<input type="text" categoryId="' . $categoryFieldId . '" autocomplete="off" id="' . $clookupfield . '" name="' . $clookupfield . '"  readonly ' . $inputStyle . '>';
                echo "&nbsp;<a href=# id=" . $openlookup . ">" . mlang_message("SELECT_LIST") . "</a>";
            }
            echo '<input type="hidden" id="' . $cfield . '" name="' . $cfield . '">';
            //	add new item link
            if ($addnewitem) {
                echo "&nbsp;<a href=# id='addnew_" . $cfield . "'>" . mlang_message("ADD_NEW") . "</a>";
            }
            return;
        }
        ////////////////////////////////////////////////////////////////////////////////////////////
        //	regular ajax-lookup control
        ////////////////////////////////////////////////////////////////////////////////////////////
        //	get the initial value
        $lookup_value = "";
        $lookupSQL = buildLookupSQL($field, $table, "", $value, false, true, false, true);
        $rs_lookup = db_query($lookupSQL, $conn);
        if ($data = db_fetch_numarray($rs_lookup)) {
            $lookup_value = $data[1];
        } elseif (strlen($strLookupWhere)) {
            // try w/o WHERE expression
            $lookupSQL = buildLookupSQL($field, $table, "", $value, false, true, false, true);
            $rs_lookup = db_query($lookupSQL, $conn);
            if ($data = db_fetch_numarray($rs_lookup)) {
                $lookup_value = $data[1];
            }
        }
        //	build the control
        if ($LCType == LCT_AJAX) {
            if (!strlen($lookup_value) && GetFieldData($strTableName, $field, "freeInput", false)) {
                $lookup_value = $value;
            }
            echo '<input type="text" ' . $inputStyle . ' autocomplete="off" ' . (($mode == MODE_INLINE_EDIT || $mode == MODE_INLINE_ADD) && $is508 == true ? 'alt="' . $strLabel . '" ' : '') . 'id="' . $clookupfield . '" name="' . $clookupfield . '" value="' . htmlspecialchars($lookup_value) . '">';
        } elseif ($LCType == LCT_LIST) {
            echo '<input type="text" autocomplete="off" ' . $inputStyle . ' id="' . $clookupfield . '" ' . (($mode == MODE_INLINE_EDIT || $mode == MODE_INLINE_ADD) && $is508 == true ? 'alt="' . $strLabel . '" ' : '') . 'name="' . $clookupfield . '" value="' . htmlspecialchars($lookup_value) . '" 	readonly >';
            echo "&nbsp;<a href=# id=" . $openlookup . ">" . mlang_message("SELECT_LIST") . "</a>";
        }
        echo '<input type="hidden" id="' . $cfield . '" name="' . $cfield . '" value="' . htmlspecialchars($value) . '">';
        //	add new item
        if ($addnewitem) {
            echo "&nbsp;<a href=# id='addnew_" . $cfield . "'>" . mlang_message("ADD_NEW") . "</a>";
        }
        return;
    }
    ////////////////////////////////////////////////////////////////////////////////////////////
    //	classic lookup - start
    ////////////////////////////////////////////////////////////////////////////////////////////
    $lookupSQL = buildLookupSQL($field, $table, "", "", false, false, false);
    $rs = db_query($lookupSQL, $conn);
    ////////////////////////////////////////////////////////////////////////////////////////////
    //	dependent classic lookup
    ////////////////////////////////////////////////////////////////////////////////////////////
    if ($bUseCategory) {
        //	print Type control to allow selecting nothing
        if ($lookupSize > 1) {
            echo "<input id=\"" . $ctype . "\" type=hidden name=\"" . $ctype . "\" value=\"multiselect\">";
        }
        echo '<select size = "' . $lookupSize . '" id="' . $cfield . '" name="' . $cfield . $postfix . '"' . $multiple . '>';
        echo '<option value="">' . mlang_message("PLEASE_SELECT") . '</option>';
        echo "</select>";
        if ($addnewitem) {
            echo "&nbsp;<a href=# id='addnew_" . $cfield . "'>" . mlang_message("ADD_NEW") . "</a>";
        }
        return;
    }
    ////////////////////////////////////////////////////////////////////////////////////////////
    //	simple classic lookup
    ////////////////////////////////////////////////////////////////////////////////////////////
    //	print control header
    if ($lookupSize > 1) {
        echo "<input id=\"" . $ctype . "\" type=hidden name=\"" . $ctype . "\" value=\"multiselect\">";
    }
    if ($LCType != LCT_CBLIST) {
        echo '<select size = "' . $lookupSize . '" id="' . $cfield . '" ' . (($mode == MODE_INLINE_EDIT || $mode == MODE_INLINE_ADD) && $is508 == true ? 'alt="' . $strLabel . '" ' : '') . 'name="' . $cfield . $postfix . '"' . $multiple . '>';
        if ($lookupSize < 2) {
            echo '<option value="">' . mlang_message("PLEASE_SELECT") . '</option>';
        } else {
            if ($mode == MODE_SEARCH) {
                echo '<option value=""> </option>';
            }
        }
    } else {
        echo '<div align=\'left\'>';
        $spacer = '<br/>';
        if ($horizontalLookup) {
            $spacer = '&nbsp;';
        }
    }
    //	print lookup data
    $found = false;
    $i = 0;
    while ($data = db_fetch_numarray($rs)) {
        $res = array_search((string) $data[0], $avalue);
        $checked = "";
        if (!($res === NULL || $res === FALSE)) {
            $found = true;
            if ($LCType == LCT_CBLIST) {
                $checked = " checked=\"checked\"";
            } else {
                $checked = " selected";
            }
        }
        if ($LCType == LCT_CBLIST) {
            echo '<input id="' . $cfield . '_' . $i . '" type="checkbox" ' . $alt . ' name="' . $cfield . $postfix . '" value="' . htmlspecialchars($data[0]) . '"' . $checked . '/>';
            echo '&nbsp;<b id="data_' . $cfield . '_' . $i . '">' . htmlspecialchars($data[1]) . '</b>' . $spacer;
        } else {
            echo '<option value="' . htmlspecialchars($data[0]) . '"' . $checked . '>' . htmlspecialchars($data[1]) . '</option>';
        }
        $i++;
    }
    //	try the same query w/o WHERE clause if current value not found
    if (!$found && strlen($value) && $mode == MODE_EDIT && strlen($strLookupWhere)) {
        $lookupSQL = buildLookupSQL($field, $table, "", $value, false, true, false, false, true);
        $rs = db_query($lookupSQL, $conn);
        if ($data = db_fetch_numarray($rs)) {
            if ($LCType == LCT_CBLIST) {
                echo '<input id="' . $cfield . '_' . $i . '" type="checkbox" ' . $alt . ' name="' . $cfield . $postfix . '" value="' . htmlspecialchars($data[0]) . '" checked="checked"/>';
                echo '&nbsp;<b id="data_' . $cfield . '_' . $i . '">' . htmlspecialchars($data[1]) . '</b>' . $spacer;
            } else {
                echo '<option value="' . htmlspecialchars($data[0]) . '" selected>' . htmlspecialchars($data[1]) . '</option>';
            }
        }
    }
    //	print footer
    if ($LCType != LCT_CBLIST) {
        echo "</select>";
    } else {
        echo '</div>';
    }
    //	add new item
    if ($addnewitem) {
        echo "&nbsp;<a href=# id='addnew_" . $cfield . "'>" . mlang_message("ADD_NEW") . "</a>";
    }
}
 /**
  * Get permissions for pages
  */
 function getPermissions($tName = "")
 {
     $resArr = array();
     if (!$this->isGroupSecurity) {
         $resArr["add"] = true;
         $resArr["delete"] = true;
         $resArr["edit"] = true;
         $resArr["search"] = true;
         $resArr["export"] = true;
         $resArr["import"] = true;
     } else {
         if (!$tName) {
             $tName = $this->tName;
         }
         $strPerm = GetUserPermissions($tName);
         $resArr["add"] = strpos($strPerm, "A") !== false;
         $resArr["delete"] = strpos($strPerm, "D") !== false;
         $resArr["edit"] = strpos($strPerm, "E") !== false;
         $resArr["search"] = strpos($strPerm, "S") !== false;
         $resArr["export"] = strpos($strPerm, "P") !== false;
         $resArr["import"] = strpos($strPerm, "I") !== false;
     }
     return $resArr;
 }
Ejemplo n.º 10
0
 function getSearchPerm($tName = "")
 {
     global $isGroupSecurity;
     $tName = $tName ? $tName : $this->tName;
     if (!$isGroupSecurity) {
         return true;
     }
     $strPerm = GetUserPermissions($tName);
     return strpos($strPerm, "S") !== false;
 }
Ejemplo n.º 11
0
 function buildControl($value, $mode, $fieldNum = 0, $validate, $additionalCtrlParams, $data)
 {
     parent::buildControl($value, $mode, $fieldNum, $validate, $additionalCtrlParams, $data);
     global $conn;
     $this->conn = $conn;
     //	read control settings
     $this->alt = "";
     if (($mode == MODE_INLINE_EDIT || $mode == MODE_INLINE_ADD) && $this->is508) {
         $this->alt = ' alt="' . htmlspecialchars($this->strLabel) . '" ';
     }
     $this->cfield = "value_" . GoodFieldName($this->field) . "_" . $this->id;
     $this->clookupfield = "display_value" . ($fieldNum ? $fieldNum : '') . "_" . GoodFieldName($this->field) . "_" . $this->id;
     $this->openlookup = "open_lookup_" . GoodFieldName($this->field) . "_" . $this->id;
     $this->ctype = "type_" . GoodFieldName($this->field) . "_" . $this->id;
     if ($fieldNum) {
         $this->cfield = "value" . $fieldNum . "_" . GoodFieldName($this->field) . "_" . $this->id;
         $this->ctype = "type" . $fieldNum . "_" . GoodFieldName($this->field) . "_" . $this->id;
     }
     $this->addnewitem = false;
     $advancedadd = false;
     //$this->strCategoryControl = $this->pageObject->pSetEdit->getCategoryControl($this->field);
     $this->categoryFieldId = GoodFieldName($this->pageObject->pSetEdit->getCategoryControl($this->field));
     $this->bUseCategory = $this->pageObject->pSetEdit->useCategory($this->field);
     $dependentLookups = $this->pageObject->pSetEdit->getDependentLookups($this->field);
     $this->isLinkFieldEncrypted = $this->ciphererLink->isFieldPHPEncrypted($this->field);
     $this->horizontalLookup = $this->pageObject->pSetEdit->isHorizontalLookup($this->field);
     //$this->inputStyle = ($additionalCtrlParams['style'] ? 'style="'.$additionalCtrlParams['style'].'"' : '');
     $this->strLookupWhere = GetLWWhere($this->field, $this->lookupPageType, $this->pageObject->tName);
     $this->lookupSize = $this->pageObject->pSetEdit->selectSize($this->field);
     if ($this->LCType == LCT_CBLIST) {
         $this->lookupSize = 2;
     }
     // simply > 1 for CBLIST
     $add_page = GetTableURL($this->lookupTable) . "_add.php";
     $list_page = GetTableURL($this->lookupTable) . "_list.php";
     $strPerm = GetUserPermissions($this->lookupTable);
     //	alter "add on the fly" settings
     if (strpos($strPerm, "A") !== false) {
         $this->addnewitem = $this->pageObject->pSetEdit->isAllowToAdd($this->field);
         $advancedadd = !$this->pageObject->pSetEdit->isSimpleAdd($this->field);
         if (!$advancedadd) {
             $this->addnewitem = false;
         }
     }
     //	alter lookuptype settings
     if ($this->LCType == LCT_LIST && strpos($strPerm, "S") === false) {
         $this->LCType = LCT_DROPDOWN;
     }
     if ($this->LCType == LCT_LIST) {
         $this->addnewitem = false;
     }
     if ($mode == MODE_SEARCH) {
         $this->addnewitem = false;
     }
     //	prepare multi-select attributes
     $this->multiple = "";
     $this->postfix = "";
     if ($this->lookupSize > 1) {
         $avalue = splitvalues($value);
         $this->multiple = " multiple";
         $this->postfix = "[]";
     } else {
         $avalue = array((string) $value);
     }
     //	prepare JS code
     $className = "DropDownLookup";
     if ($this->LCType == LCT_AJAX) {
         $className = "EditBoxLookup";
     } elseif ($this->LCType == LCT_LIST) {
         $className = "ListPageLookup";
     } elseif ($this->LCType == LCT_CBLIST) {
         $className = "CheckBoxLookup";
     }
     //	build the control
     ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////
     //	list of values
     ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////
     if ($this->lookupType == LT_LISTOFVALUES) {
         $this->buildListOfValues($avalue, $value, $mode);
     } else {
         // build table-based lookup
         $this->isDisplayFieldEncrypted = ($this->lookupType == LT_QUERY || $this->linkAndDisplaySame) && $this->ciphererDisplay->isFieldPHPEncrypted($this->lookupType == LT_QUERY ? $this->displayFieldName : $this->field);
         ////////////////////////////////////////////////////////////////////////////////////////////
         //	table-based ajax-lookup control
         ////////////////////////////////////////////////////////////////////////////////////////////
         if ($this->LCType == LCT_AJAX || $this->LCType == LCT_LIST) {
             $this->buildAJAXLookup($value, $mode);
         } else {
             $this->buildClassicLookup($avalue, $value, $mode);
         }
     }
     $this->buildControlEnd($validate);
 }
/**
 * Add security WHERE clause to SELECT SQL command
 * @intellisense
 */
function SecuritySQL($strAction, $table="", $strPerm="")
{
	global $cAdvSecurityMethod,$strTableName;
	
	if (!strlen($table))	
		$table = $strTableName;
	
	$pSet = new ProjectSettings($table);
	
   	$ownerid=@$_SESSION["_".$table."_OwnerID"];
	$ret="";
	if(@$_SESSION["AccessLevel"]==ACCESS_LEVEL_ADMIN)
		return "";
		
	$ret="";
	if(!strlen($strPerm))
		$strPerm = GetUserPermissions($table);

	if( strpos($strPerm, "M") === false )
	{
	}
	
	if($strAction=="Edit" && !(strpos($strPerm, "E")===false) ||
	   $strAction=="Delete" && !(strpos($strPerm, "D")===false) ||
	   $strAction=="Search" && !(strpos($strPerm, "S")===false) ||
	   $strAction=="Export" && !(strpos($strPerm, "P")===false) )
		return $ret;
	else
		return "1=0";
	return "";
}
function GetTablesListReport()
{
	$arr=array();
	$securityFlag = true;
	$strPerm = GetUserPermissions("webreport_users");
	$securityFlag = strpos($strPerm, "P") !== false || strpos($strPerm, "S") !== false;
	if($securityFlag)
	{
		$value="webreport_users";
		if(substr($value,-6)!="_audit" && substr($value,-8)!="_locking" && substr($value,-9)!="_ugrights" && substr($value,-9)!="_uggroups" 
		&& substr($value,-10)!="_ugmembers" && $value!="webreports" && $value!="webreport_style" && $value!="webreport_settings" && $value!="webreport_admin" && $value!="webreport_sql")
			$arr[]="webreport_users";
	}
	return $arr;
}
Ejemplo n.º 14
0
 /**
  * Check if user have permission for link
  *
  * @return bool
  */
 function isUserHaveTablePerm()
 {
     global $strTableName;
     if ($this->pageType == "WebReports") {
         return true;
     }
     if (!strlen($this->table)) {
         return false;
     }
     $strPerm = GetUserPermissions($this->table);
     $pageType = '';
     if ($this->pageType == "List" || $this->pageType == "Search" || $this->pageType == "Report" || $this->pageType == "Chart") {
         $pageType = "S";
     } elseif ($this->pageType == "Add") {
         $pageType = "A";
     } elseif ($this->pageType == "Edit") {
         $pageType = "E";
     } elseif ($this->pageType == "Print") {
         $pageType = "P";
     }
     if (strpos($strPerm, $pageType) !== false) {
         return true;
     } else {
         return false;
     }
 }