$returnJSON['viewControlsMap'] = $pageObject->viewControlsHTMLMap;
$returnJSON['settings'] = $pageObject->jsSettings;
}
$xt->assign("style_block", true);
$xt->assign("stylefiles_block", true);
$editlink = "";
$editkeys = array();
$editkeys["editid1"] = postvalue("editid1");
foreach ($editkeys as $key => $val) {
if ($editlink) {
$editlink .= "&";
}
$editlink .= $key . "=" . $val;
}
$xt->assign("editlink_attrs", "id=\"editLink" . $id . "\" name=\"editLink" . $id . "\" onclick=\"window.location.href='pad_pad_customer_edit.php?" . $editlink . "'\"");
$strPerm = GetUserPermissions($strTableName);
if (CheckSecurity($ownerIdValue, "Edit") && !$inlineview && strpos($strPerm, "E") !== false) {
$xt->assign("edit_button", true);
} else {
$xt->assign("edit_button", false);
}
if (!$pdf && !$all && !$inlineview) {
//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
//Begin show Next Prev button
$nextlink = $prevlink = "";
if (count($next)) {
$xt->assign("next_button", true);
$nextlink .= "editid1=" . htmlspecialchars(rawurlencode($next[1 - 1]));
$xt->assign("nextbutton_attrs", "id=\"nextButton" . $id . "\"");
} else {
$xt->assign("next_button", false);
function SecuritySQL($strAction, $table = "")
{
global $strTableName;
if (!strlen($table)) {
$table = $strTableName;
}
$strPerm = GetUserPermissions($table);
$strPerm = !strlen($strPerm) ? "S" : $strPerm;
return SecuritySQL($strAction, $table, $strPerm);
}
function SecuritySQL($strAction, $table = "")
{
global $strTableName;
if (!strlen($table)) {
$table = $strTableName;
}
$strPerm = GetUserPermissions($table);
if (strpos($strPerm, "S") === false) {
$strPerm .= "S";
}
return SecuritySQL($strAction, $table, $strPerm);
}
/**
* Get permissions for pages
* @intellisense
*/
function getPermissions($tName = "")
{
$resArr = array();
if (!$tName) {
$tName = $this->tName;
}
$strPerm = GetUserPermissions($tName);
if (isLogged()) {
$resArr["add"] = strpos($strPerm, "A") !== false;
$resArr["delete"] = strpos($strPerm, "D") !== false;
$resArr["edit"] = strpos($strPerm, "E") !== false;
}
$resArr["search"] = strpos($strPerm, "S") !== false;
$resArr["export"] = strpos($strPerm, "P") !== false;
$resArr["import"] = strpos($strPerm, "I") !== false;
return $resArr;
}
function CheckPermissionsEvent($strTableName, $permission)
{
if (strpos(GetUserPermissions($strTableName), $permission) === false) {
$_SESSION["MyURL"] = $_SERVER["SCRIPT_NAME"] . "?" . $_SERVER["QUERY_STRING"];
header("Location: menu.php");
exit;
}
return true;
}
/**
* Get the control's settings and build its HTML markup
*/
function buildControl($value, $mode, $fieldNum, $validate, $additionalCtrlParams, $data)
{
parent::buildControl($value, $mode, $fieldNum, $validate, $additionalCtrlParams, $data);
$this->alt = ($mode == MODE_INLINE_EDIT || $mode == MODE_INLINE_ADD) && $this->is508 ? ' alt="' . runner_htmlspecialchars($this->strLabel) . '" ' : "";
$suffix = "_" . GoodFieldName($this->field) . "_" . $this->id;
$this->clookupfield = "display_value" . ($fieldNum ? $fieldNum : '') . $suffix;
$this->openlookup = "open_lookup" . $suffix;
$this->cfield = "value" . $suffix;
$this->ctype = "type" . $suffix;
if ($fieldNum) {
$this->cfield = "value" . $fieldNum . $suffix;
$this->ctype = "type" . $fieldNum . $suffix;
}
$this->categoryFieldId = GoodFieldName($this->pageObject->pSetEdit->getCategoryControl($this->field));
$this->isLinkFieldEncrypted = $this->ciphererLink->isFieldPHPEncrypted($this->field);
$this->horizontalLookup = $this->pageObject->pSetEdit->isHorizontalLookup($this->field);
$this->strLookupWhere = GetLWWhere($this->field, $this->lookupPageType, $this->tName);
// alter "add on the fly" settings
$strPerm = GetUserPermissions($this->lookupTable);
if (strpos($strPerm, "A") !== false && $this->LCType != LCT_LIST && $mode != MODE_SEARCH) {
$this->addnewitem = $this->pageObject->pSetEdit->isAllowToAdd($this->field);
$advancedadd = !$this->pageObject->pSetEdit->isSimpleAdd($this->field);
if (!$advancedadd || $this->pageObject->pageType == PAGE_REGISTER) {
$this->addnewitem = false;
}
}
// prepare multi-select attributes
$this->multiple = $this->multiselect ? " multiple" : "";
$this->postfix = $this->multiselect ? "[]" : "";
if ($this->multiselect) {
$avalue = splitvalues($value);
} else {
$avalue = array((string) $value);
}
$searchOption = $additionalCtrlParams["option"];
// build the control
if ($this->lookupType == LT_LISTOFVALUES) {
$this->buildListOfValues($avalue, $value, $mode, $searchOption);
} else {
// build a table-based lookup
$this->isDisplayFieldEncrypted = ($this->lookupType == LT_QUERY || $this->linkAndDisplaySame) && $this->ciphererDisplay->isFieldPHPEncrypted($this->lookupType == LT_QUERY ? $this->displayFieldName : $this->field);
if ($this->LCType == LCT_AJAX || $this->LCType == LCT_LIST) {
$this->buildAJAXLookup($avalue, $value, $mode, $searchOption);
} else {
$this->buildClassicLookup($avalue, $value, $mode, $searchOption);
}
}
$this->buildControlEnd($validate);
}
/**
* @intellisense
*/
function CheckTablePermissions($strTableName, $permission)
{
if (strpos(GetUserPermissions($strTableName), $permission) === false) {
return false;
}
return true;
}
function BuildSelectControl($field, $value, $fieldNum = 0, $mode, $id = "", $additionalCtrlParams, &$pageObj)
{
global $conn, $strTableName;
// read control settings
$table = $strTableName;
$strLabel = Label($field);
$is508 = isEnableSection508();
$alt = "";
if (($mode == MODE_INLINE_EDIT || $mode == MODE_INLINE_ADD) && $is508) {
$alt = ' alt="' . htmlspecialchars($strLabel) . '" ';
}
$cfield = "value_" . GoodFieldName($field) . "_" . $id;
$clookupfield = "display_value_" . GoodFieldName($field) . "_" . $id;
$openlookup = "open_lookup_" . GoodFieldName($field) . "_" . $id;
$ctype = "type_" . GoodFieldName($field) . "_" . $id;
if ($fieldNum) {
$cfield = "value" . $fieldNum . "_" . GoodFieldName($field) . "_" . $id;
$ctype = "type" . $fieldNum . "_" . GoodFieldName($field) . "_" . $id;
}
$addnewitem = false;
$advancedadd = false;
$strCategoryControl = CategoryControl($field, $table);
$categoryFieldId = GoodFieldName(CategoryControl($field, $table));
$bUseCategory = UseCategory($field, $table);
$dependentLookups = GetFieldData($table, $field, "DependentLookups", array());
$lookupType = GetLookupType($field, $table);
$LCType = LookupControlType($field, $table);
$horizontalLookup = GetFieldData($table, $field, "HorizontalLookup", false);
$inputStyle = $additionalCtrlParams['style'] ? 'style="' . $additionalCtrlParams['style'] . '"' : '';
$lookupTable = GetLookupTable($field, $table);
$strLookupWhere = LookupWhere($field, $table);
$lookupSize = SelectSize($field, $table);
if ($LCType == LCT_CBLIST) {
$lookupSize = 2;
}
// simply > 1 for CBLIST
$add_page = GetTableURL($lookupTable) . "_add.php";
$list_page = GetTableURL($lookupTable) . "_list.php";
$strPerm = GetUserPermissions($lookupTable);
// alter "add on the fly" settings
if (strpos($strPerm, "A") !== false) {
$addnewitem = GetFieldData($table, $field, "AllowToAdd", false);
$advancedadd = !GetFieldData($table, $field, "SimpleAdd", false);
if (!$advancedadd) {
$addnewitem = false;
}
}
// alter lookuptype settings
if ($LCType == LCT_LIST && strpos($strPerm, "S") === false) {
$LCType = LCT_DROPDOWN;
}
if ($LCType == LCT_LIST) {
$addnewitem = false;
}
if ($mode == MODE_SEARCH) {
$addnewitem = false;
}
// prepare multi-select attributes
$multiple = "";
$postfix = "";
if ($lookupSize > 1) {
$avalue = splitvalues($value);
$multiple = " multiple";
$postfix = "[]";
} else {
$avalue = array((string) $value);
}
// prepare JS code
$className = "DropDownLookup";
if ($LCType == LCT_AJAX) {
$className = "EditBoxLookup";
} elseif ($LCType == LCT_LIST) {
$className = "ListPageLookup";
} elseif ($LCType == LCT_CBLIST) {
$className = "CheckBoxLookup";
}
// build the control
///////////////////////////////////////////////////////////////////////////////////////////////////////////////////
// list of values
///////////////////////////////////////////////////////////////////////////////////////////////////////////////////
if ($lookupType == LT_LISTOFVALUES) {
// read lookup values
$arr = GetFieldData($table, $field, "LookupValues", array());
// print Type control to allow selecting nothing
if ($lookupSize > 1) {
echo "<input id=\"" . $ctype . "\" type=hidden name=\"" . $ctype . "\" value=\"multiselect\">";
}
// dropdown control
if ($LCType == LCT_DROPDOWN) {
$alt = "";
echo '<select id="' . $cfield . '" size = "' . $lookupSize . '" ' . $alt . 'name="' . $cfield . $postfix . '" ' . $multiple . '>';
if ($lookupSize < 2) {
echo '<option value="">' . mlang_message("PLEASE_SELECT") . '</option>';
} else {
if ($mode == MODE_SEARCH) {
echo '<option value=""> </option>';
}
}
foreach ($arr as $opt) {
$res = array_search((string) $opt, $avalue);
if (!($res === NULL || $res === FALSE)) {
echo '<option value="' . htmlspecialchars($opt) . '" selected>' . htmlspecialchars($opt) . '</option>';
} else {
echo '<option value="' . htmlspecialchars($opt) . '">' . htmlspecialchars($opt) . '</option>';
}
}
echo "</select>";
} elseif ($LCType == LCT_CBLIST) {
echo '<div align=\'left\'>';
$spacer = '<br/>';
if ($horizontalLookup) {
$spacer = ' ';
}
$i = 0;
foreach ($arr as $opt) {
echo '<input id="' . $cfield . '_' . $i . '" type="checkbox" ' . $alt . ' name="' . $cfield . $postfix . '" value="' . htmlspecialchars($opt) . '"';
$res = array_search((string) $opt, $avalue);
if (!($res === NULL || $res === FALSE)) {
echo ' checked="checked" ';
}
echo '/>';
echo ' <b id="data_' . $cfield . '_' . $i . '">' . htmlspecialchars($opt) . '</b>' . $spacer;
$i++;
}
echo '</div>';
}
return;
}
// build table-based lookup
////////////////////////////////////////////////////////////////////////////////////////////
// table-based ajax-lookup control
////////////////////////////////////////////////////////////////////////////////////////////
if ($LCType == LCT_AJAX || $LCType == LCT_LIST) {
////////////////////////////////////////////////////////////////////////////////////////////
// dependent ajax-lookup control
////////////////////////////////////////////////////////////////////////////////////////////
if (UseCategory($field)) {
// ajax dependent dropdown
// get parent value
$celementvalue = "var parVal = ''; var parCtrl = Runner.controls.ControlManager.getAt('" . jsreplace($strTableName) . "', " . $id . ", '" . jsreplace($field) . "', 0).parentCtrl; if (parCtrl){ parVal = parCtrl.getStringValue();};";
if ($LCType == LCT_AJAX) {
echo '<input type="text" categoryId="' . $categoryFieldId . '" autocomplete="off" id="' . $clookupfield . '" name="' . $clookupfield . '" ' . $inputStyle . '>';
} elseif ($LCType == LCT_LIST) {
echo '<input type="text" categoryId="' . $categoryFieldId . '" autocomplete="off" id="' . $clookupfield . '" name="' . $clookupfield . '" readonly ' . $inputStyle . '>';
echo " <a href=# id=" . $openlookup . ">" . mlang_message("SELECT_LIST") . "</a>";
}
echo '<input type="hidden" id="' . $cfield . '" name="' . $cfield . '">';
// add new item link
if ($addnewitem) {
echo " <a href=# id='addnew_" . $cfield . "'>" . mlang_message("ADD_NEW") . "</a>";
}
return;
}
////////////////////////////////////////////////////////////////////////////////////////////
// regular ajax-lookup control
////////////////////////////////////////////////////////////////////////////////////////////
// get the initial value
$lookup_value = "";
$lookupSQL = buildLookupSQL($field, $table, "", $value, false, true, false, true);
$rs_lookup = db_query($lookupSQL, $conn);
if ($data = db_fetch_numarray($rs_lookup)) {
$lookup_value = $data[1];
} elseif (strlen($strLookupWhere)) {
// try w/o WHERE expression
$lookupSQL = buildLookupSQL($field, $table, "", $value, false, true, false, true);
$rs_lookup = db_query($lookupSQL, $conn);
if ($data = db_fetch_numarray($rs_lookup)) {
$lookup_value = $data[1];
}
}
// build the control
if ($LCType == LCT_AJAX) {
if (!strlen($lookup_value) && GetFieldData($strTableName, $field, "freeInput", false)) {
$lookup_value = $value;
}
echo '<input type="text" ' . $inputStyle . ' autocomplete="off" ' . (($mode == MODE_INLINE_EDIT || $mode == MODE_INLINE_ADD) && $is508 == true ? 'alt="' . $strLabel . '" ' : '') . 'id="' . $clookupfield . '" name="' . $clookupfield . '" value="' . htmlspecialchars($lookup_value) . '">';
} elseif ($LCType == LCT_LIST) {
echo '<input type="text" autocomplete="off" ' . $inputStyle . ' id="' . $clookupfield . '" ' . (($mode == MODE_INLINE_EDIT || $mode == MODE_INLINE_ADD) && $is508 == true ? 'alt="' . $strLabel . '" ' : '') . 'name="' . $clookupfield . '" value="' . htmlspecialchars($lookup_value) . '" readonly >';
echo " <a href=# id=" . $openlookup . ">" . mlang_message("SELECT_LIST") . "</a>";
}
echo '<input type="hidden" id="' . $cfield . '" name="' . $cfield . '" value="' . htmlspecialchars($value) . '">';
// add new item
if ($addnewitem) {
echo " <a href=# id='addnew_" . $cfield . "'>" . mlang_message("ADD_NEW") . "</a>";
}
return;
}
////////////////////////////////////////////////////////////////////////////////////////////
// classic lookup - start
////////////////////////////////////////////////////////////////////////////////////////////
$lookupSQL = buildLookupSQL($field, $table, "", "", false, false, false);
$rs = db_query($lookupSQL, $conn);
////////////////////////////////////////////////////////////////////////////////////////////
// dependent classic lookup
////////////////////////////////////////////////////////////////////////////////////////////
if ($bUseCategory) {
// print Type control to allow selecting nothing
if ($lookupSize > 1) {
echo "<input id=\"" . $ctype . "\" type=hidden name=\"" . $ctype . "\" value=\"multiselect\">";
}
echo '<select size = "' . $lookupSize . '" id="' . $cfield . '" name="' . $cfield . $postfix . '"' . $multiple . '>';
echo '<option value="">' . mlang_message("PLEASE_SELECT") . '</option>';
echo "</select>";
if ($addnewitem) {
echo " <a href=# id='addnew_" . $cfield . "'>" . mlang_message("ADD_NEW") . "</a>";
}
return;
}
////////////////////////////////////////////////////////////////////////////////////////////
// simple classic lookup
////////////////////////////////////////////////////////////////////////////////////////////
// print control header
if ($lookupSize > 1) {
echo "<input id=\"" . $ctype . "\" type=hidden name=\"" . $ctype . "\" value=\"multiselect\">";
}
if ($LCType != LCT_CBLIST) {
echo '<select size = "' . $lookupSize . '" id="' . $cfield . '" ' . (($mode == MODE_INLINE_EDIT || $mode == MODE_INLINE_ADD) && $is508 == true ? 'alt="' . $strLabel . '" ' : '') . 'name="' . $cfield . $postfix . '"' . $multiple . '>';
if ($lookupSize < 2) {
echo '<option value="">' . mlang_message("PLEASE_SELECT") . '</option>';
} else {
if ($mode == MODE_SEARCH) {
echo '<option value=""> </option>';
}
}
} else {
echo '<div align=\'left\'>';
$spacer = '<br/>';
if ($horizontalLookup) {
$spacer = ' ';
}
}
// print lookup data
$found = false;
$i = 0;
while ($data = db_fetch_numarray($rs)) {
$res = array_search((string) $data[0], $avalue);
$checked = "";
if (!($res === NULL || $res === FALSE)) {
$found = true;
if ($LCType == LCT_CBLIST) {
$checked = " checked=\"checked\"";
} else {
$checked = " selected";
}
}
if ($LCType == LCT_CBLIST) {
echo '<input id="' . $cfield . '_' . $i . '" type="checkbox" ' . $alt . ' name="' . $cfield . $postfix . '" value="' . htmlspecialchars($data[0]) . '"' . $checked . '/>';
echo ' <b id="data_' . $cfield . '_' . $i . '">' . htmlspecialchars($data[1]) . '</b>' . $spacer;
} else {
echo '<option value="' . htmlspecialchars($data[0]) . '"' . $checked . '>' . htmlspecialchars($data[1]) . '</option>';
}
$i++;
}
// try the same query w/o WHERE clause if current value not found
if (!$found && strlen($value) && $mode == MODE_EDIT && strlen($strLookupWhere)) {
$lookupSQL = buildLookupSQL($field, $table, "", $value, false, true, false, false, true);
$rs = db_query($lookupSQL, $conn);
if ($data = db_fetch_numarray($rs)) {
if ($LCType == LCT_CBLIST) {
echo '<input id="' . $cfield . '_' . $i . '" type="checkbox" ' . $alt . ' name="' . $cfield . $postfix . '" value="' . htmlspecialchars($data[0]) . '" checked="checked"/>';
echo ' <b id="data_' . $cfield . '_' . $i . '">' . htmlspecialchars($data[1]) . '</b>' . $spacer;
} else {
echo '<option value="' . htmlspecialchars($data[0]) . '" selected>' . htmlspecialchars($data[1]) . '</option>';
}
}
}
// print footer
if ($LCType != LCT_CBLIST) {
echo "</select>";
} else {
echo '</div>';
}
// add new item
if ($addnewitem) {
echo " <a href=# id='addnew_" . $cfield . "'>" . mlang_message("ADD_NEW") . "</a>";
}
}
/**
* Get permissions for pages
*/
function getPermissions($tName = "")
{
$resArr = array();
if (!$this->isGroupSecurity) {
$resArr["add"] = true;
$resArr["delete"] = true;
$resArr["edit"] = true;
$resArr["search"] = true;
$resArr["export"] = true;
$resArr["import"] = true;
} else {
if (!$tName) {
$tName = $this->tName;
}
$strPerm = GetUserPermissions($tName);
$resArr["add"] = strpos($strPerm, "A") !== false;
$resArr["delete"] = strpos($strPerm, "D") !== false;
$resArr["edit"] = strpos($strPerm, "E") !== false;
$resArr["search"] = strpos($strPerm, "S") !== false;
$resArr["export"] = strpos($strPerm, "P") !== false;
$resArr["import"] = strpos($strPerm, "I") !== false;
}
return $resArr;
}
function getSearchPerm($tName = "")
{
global $isGroupSecurity;
$tName = $tName ? $tName : $this->tName;
if (!$isGroupSecurity) {
return true;
}
$strPerm = GetUserPermissions($tName);
return strpos($strPerm, "S") !== false;
}
function buildControl($value, $mode, $fieldNum = 0, $validate, $additionalCtrlParams, $data)
{
parent::buildControl($value, $mode, $fieldNum, $validate, $additionalCtrlParams, $data);
global $conn;
$this->conn = $conn;
// read control settings
$this->alt = "";
if (($mode == MODE_INLINE_EDIT || $mode == MODE_INLINE_ADD) && $this->is508) {
$this->alt = ' alt="' . htmlspecialchars($this->strLabel) . '" ';
}
$this->cfield = "value_" . GoodFieldName($this->field) . "_" . $this->id;
$this->clookupfield = "display_value" . ($fieldNum ? $fieldNum : '') . "_" . GoodFieldName($this->field) . "_" . $this->id;
$this->openlookup = "open_lookup_" . GoodFieldName($this->field) . "_" . $this->id;
$this->ctype = "type_" . GoodFieldName($this->field) . "_" . $this->id;
if ($fieldNum) {
$this->cfield = "value" . $fieldNum . "_" . GoodFieldName($this->field) . "_" . $this->id;
$this->ctype = "type" . $fieldNum . "_" . GoodFieldName($this->field) . "_" . $this->id;
}
$this->addnewitem = false;
$advancedadd = false;
//$this->strCategoryControl = $this->pageObject->pSetEdit->getCategoryControl($this->field);
$this->categoryFieldId = GoodFieldName($this->pageObject->pSetEdit->getCategoryControl($this->field));
$this->bUseCategory = $this->pageObject->pSetEdit->useCategory($this->field);
$dependentLookups = $this->pageObject->pSetEdit->getDependentLookups($this->field);
$this->isLinkFieldEncrypted = $this->ciphererLink->isFieldPHPEncrypted($this->field);
$this->horizontalLookup = $this->pageObject->pSetEdit->isHorizontalLookup($this->field);
//$this->inputStyle = ($additionalCtrlParams['style'] ? 'style="'.$additionalCtrlParams['style'].'"' : '');
$this->strLookupWhere = GetLWWhere($this->field, $this->lookupPageType, $this->pageObject->tName);
$this->lookupSize = $this->pageObject->pSetEdit->selectSize($this->field);
if ($this->LCType == LCT_CBLIST) {
$this->lookupSize = 2;
}
// simply > 1 for CBLIST
$add_page = GetTableURL($this->lookupTable) . "_add.php";
$list_page = GetTableURL($this->lookupTable) . "_list.php";
$strPerm = GetUserPermissions($this->lookupTable);
// alter "add on the fly" settings
if (strpos($strPerm, "A") !== false) {
$this->addnewitem = $this->pageObject->pSetEdit->isAllowToAdd($this->field);
$advancedadd = !$this->pageObject->pSetEdit->isSimpleAdd($this->field);
if (!$advancedadd) {
$this->addnewitem = false;
}
}
// alter lookuptype settings
if ($this->LCType == LCT_LIST && strpos($strPerm, "S") === false) {
$this->LCType = LCT_DROPDOWN;
}
if ($this->LCType == LCT_LIST) {
$this->addnewitem = false;
}
if ($mode == MODE_SEARCH) {
$this->addnewitem = false;
}
// prepare multi-select attributes
$this->multiple = "";
$this->postfix = "";
if ($this->lookupSize > 1) {
$avalue = splitvalues($value);
$this->multiple = " multiple";
$this->postfix = "[]";
} else {
$avalue = array((string) $value);
}
// prepare JS code
$className = "DropDownLookup";
if ($this->LCType == LCT_AJAX) {
$className = "EditBoxLookup";
} elseif ($this->LCType == LCT_LIST) {
$className = "ListPageLookup";
} elseif ($this->LCType == LCT_CBLIST) {
$className = "CheckBoxLookup";
}
// build the control
///////////////////////////////////////////////////////////////////////////////////////////////////////////////////
// list of values
///////////////////////////////////////////////////////////////////////////////////////////////////////////////////
if ($this->lookupType == LT_LISTOFVALUES) {
$this->buildListOfValues($avalue, $value, $mode);
} else {
// build table-based lookup
$this->isDisplayFieldEncrypted = ($this->lookupType == LT_QUERY || $this->linkAndDisplaySame) && $this->ciphererDisplay->isFieldPHPEncrypted($this->lookupType == LT_QUERY ? $this->displayFieldName : $this->field);
////////////////////////////////////////////////////////////////////////////////////////////
// table-based ajax-lookup control
////////////////////////////////////////////////////////////////////////////////////////////
if ($this->LCType == LCT_AJAX || $this->LCType == LCT_LIST) {
$this->buildAJAXLookup($value, $mode);
} else {
$this->buildClassicLookup($avalue, $value, $mode);
}
}
$this->buildControlEnd($validate);
}
/**
* Add security WHERE clause to SELECT SQL command
* @intellisense
*/
function SecuritySQL($strAction, $table="", $strPerm="")
{
global $cAdvSecurityMethod,$strTableName;
if (!strlen($table))
$table = $strTableName;
$pSet = new ProjectSettings($table);
$ownerid=@$_SESSION["_".$table."_OwnerID"];
$ret="";
if(@$_SESSION["AccessLevel"]==ACCESS_LEVEL_ADMIN)
return "";
$ret="";
if(!strlen($strPerm))
$strPerm = GetUserPermissions($table);
if( strpos($strPerm, "M") === false )
{
}
if($strAction=="Edit" && !(strpos($strPerm, "E")===false) ||
$strAction=="Delete" && !(strpos($strPerm, "D")===false) ||
$strAction=="Search" && !(strpos($strPerm, "S")===false) ||
$strAction=="Export" && !(strpos($strPerm, "P")===false) )
return $ret;
else
return "1=0";
return "";
}
function GetTablesListReport()
{
$arr=array();
$securityFlag = true;
$strPerm = GetUserPermissions("webreport_users");
$securityFlag = strpos($strPerm, "P") !== false || strpos($strPerm, "S") !== false;
if($securityFlag)
{
$value="webreport_users";
if(substr($value,-6)!="_audit" && substr($value,-8)!="_locking" && substr($value,-9)!="_ugrights" && substr($value,-9)!="_uggroups"
&& substr($value,-10)!="_ugmembers" && $value!="webreports" && $value!="webreport_style" && $value!="webreport_settings" && $value!="webreport_admin" && $value!="webreport_sql")
$arr[]="webreport_users";
}
return $arr;
}
/**
* Check if user have permission for link
*
* @return bool
*/
function isUserHaveTablePerm()
{
global $strTableName;
if ($this->pageType == "WebReports") {
return true;
}
if (!strlen($this->table)) {
return false;
}
$strPerm = GetUserPermissions($this->table);
$pageType = '';
if ($this->pageType == "List" || $this->pageType == "Search" || $this->pageType == "Report" || $this->pageType == "Chart") {
$pageType = "S";
} elseif ($this->pageType == "Add") {
$pageType = "A";
} elseif ($this->pageType == "Edit") {
$pageType = "E";
} elseif ($this->pageType == "Print") {
$pageType = "P";
}
if (strpos($strPerm, $pageType) !== false) {
return true;
} else {
return false;
}
}
