Пример #1
0
	function display_user_access_options()
	{
		$tab="Sorry, you do not have authorization to grant access.";
		$id=$_POST['user_id'];
		
		$standard_ops[]="Add Customers";
		$standard_ops[]="Edit Customers";
		$standard_ops[]="Delete Customers";
		$standard_ops[]="Add Stores";
		$standard_ops[]="Edit Stores";
		$standard_ops[]="Delete Stores";
		
		$standard_ops[]="Add Users";
		$standard_ops[]="Edit Users";
		$standard_ops[]="Delete Users";
		$standard_ops[]="Add Important Dates";
		$standard_ops[]="Edit Important Dates";
		$standard_ops[]="Delete Important Dates";
		
		$standard_ops[]="Add Documents";
		$standard_ops[]="Edit Documents";
		$standard_ops[]="Delete Documents";
		$standard_ops[]="Add Templates";
		$standard_ops[]="Edit Templates";
		$standard_ops[]="Delete Templates";
		
		
		if($_SESSION['access_level'] >=90 && $id > 0)
		{
			$my_base_id=0;
			$sql = "
     			select id 
     			from user_levels 
     			where access_level='".sql_friendly($_SESSION['access_level'])."'
     		";
     		$data=simple_query($sql);	
     		if($row = mysqli_fetch_array($data))
     		{
     			$my_base_id=$row['id'];
     		}	
					
			
			$show_name="";
			$base_access=0;
			$base_id=0;
			$merch_id=0;			//specific merchant for user.
			$merch_temp_id=0;		//template this merchant uses for all users...
			
			$sql = "
     			select first_name,
     				last_name,
     				access_level,
     				(select user_levels.id from user_levels where user_levels.access_level=users.access_level and user_levels.deleted=0 limit 1) as access_id,
     				merchant_id,
     				(select merchants.template_id from merchants where merchants.id=users.merchant_id) as merch_temp_id
     			from users
     			where deleted=0 and id='".sql_friendly($id)."'
     		";
     		$data=simple_query($sql);	
     		if($row = mysqli_fetch_array($data))
     		{
     			$show_name=$row['first_name']." ".$row['last_name'];
     			$base_access=$row['access_level'];
     			$base_id=$row['access_id'];
     			$merch_id=$row['merchant_id'];
     			$merch_temp_id=$row['merch_temp_id'];
     		}	
			
			$tab="Great, ".$show_name." (".$base_access.")[".$base_id."]--(".$merch_id.")[".$merch_temp_id."].";	
			
			$tab="<input type='button' class='buttonize btn btn-default add_new_btn' onclick='toggle_user_perms();' value='+ / -'><br>&nbsp;<br>";
			
			
			if($base_access > 0 && trim($show_name)!="")
			{
				
				$perm_list="<table cellpadding='0' cellspacing='0' border='0' style='width:95%' id='user_perms_table'>";
				
				//standard operations...     			
     			for($i=0; $i < count($standard_ops); $i++)
     			{     				     				
     				$action=trim(strtolower($standard_ops[ $i ]));
     				$action=str_replace(" ","_",$action);
     				
     				$get_valid1=get_access_value($base_id,0,0,$action);	//level,user,template-item,action
     				$get_valid2=get_access_value($base_id,$id,0,$action);	//level,user,template-item,action
     				
     				$use_val=$get_valid1;			//no setting for this user...has default by access level.	
     				if($get_valid2 >= 0)
     				{     					
     					$use_val=$get_valid2;		//use the specific value for this user instead of the access level default.
     				}
     				
     				
     				$inact=" class='access_editor_user_inactive'";
     				$bx="".($use_val > 0 ? "Yes" : "No")."";
     				     				
     				$uvalid1=get_access_value($my_base_id,0,0,$action);					//level,user,template-item,action
     				$uvalid2=get_access_value($my_base_id,$_SESSION['user_id'],0,$action);	//level,user,template-item,action
     				$grant_access=$uvalid1;
     				if($uvalid2 >=0)
     				{
     					$grant_access=$uvalid2;	
     				}
     				if($grant_access > 0)
     				{
     					$inact="";	//(".$action.") 
     					$bx="&nbsp; <input type='checkbox' name='".$action."' id='".$action."' value='1'".($use_val > 0 ? " checked" : "")." onClick='save_user_access_items(".$base_id.",".$id.",0,\"#".$action."\",\"".$action."\",1);'>";	
     				}   	
     							
     				     				     				
          			$perm_list.="
          			<tr class='access_editor_user'>
          				<td valign='top'".$inact."><label for='".$action."'>".$standard_ops[ $i ]."</label></td>
          				<td valign='top'".$inact." width='60' align='right'>".$bx."</td>
          			</tr>
          			";	
     			}
     			
				
				//template items...
				$perm_list.="
          			<tr>
          				<td valign='top' colspan='2' align='center'><b>Document Access</b></td>
          			</tr>
          			";	
				
				$icntr=0;
     			$last_template="";
     			$sqlt = "
          			select template_items.*,
          				(select level_name from user_levels where user_levels.access_level=template_items.min_access_level limit 1) as min_access,
          				templates.template_name
          			from template_items
          				left join templates on templates.id=template_items.template_id
          			where template_items.deleted=0
          				and template_items.sub_group_id = 0
          				 and templates.deleted=0
          				 ".($merch_temp_id > 0 ? " and template_items.template_id='".sql_friendly($merch_temp_id)."'" : " and template_items.template_id=1")."
          			order by template_items.template_id asc,
          				template_items.zorder asc,
          				template_items.item_label asc
          				
          		";
          		$datat=simple_query($sqlt);
          		while($rowt=mysqli_fetch_array($datat))	
     			{
     				$get_valid1=get_access_value($base_id,0,$rowt['id'],'view_template_item');		//level,user,template-item,action
     				$get_valid2=get_access_value($base_id,$id,$rowt['id'],'view_template_item');	//level,user,template-item,action
     				
     				$use_val=$get_valid1;				//use the access level as default...for the template item.
     				if($get_valid2 >= 0)
     				{
     					$use_val=$get_valid2;			//if present, use the user access for this template item fo the user...
     				}
     				
     				
     				$inact=" class='access_editor_user_inactive'";
     				$bx="".($use_val > 0 ? "Yes" : "No")."";
     				     				
     				$uvalid1=get_access_value($my_base_id,0,$rowt['id'],'view_template_item');					//level,user,template-item,action
     				$uvalid2=get_access_value($my_base_id,$_SESSION['user_id'],$rowt['id'],'view_template_item');	//level,user,template-item,action
     				$grant_access=$uvalid1;
     				if($uvalid2 >=0)
     				{
     					$grant_access=$uvalid2;	
     				}
     				if($grant_access > 0)
     				{
     					$inact="";
     					$bx="&nbsp; <input type='checkbox' name='view_template_item_".$icntr."' id='view_template_item_".$icntr."' value='1'".($use_val > 0 ? " checked" : "")." onClick='save_user_access_items(".$base_id.",".$id.",".$rowt['id'].",\"#view_template_item_".$icntr."\",\"view_template_item\",1);'>";
     				}   	
     				
     				$perm_list.="
          			<tr class='access_editor_user'>
          				<td valign='top'".$inact."><label for='view_template_item_".$icntr."'>".trim($rowt['item_label'])."</label></td>
          				<td valign='top'".$inact." width='60' align='right'>".$bx."</td>
          			</tr>
          			";	
     				
     				$icntr++;
     			}
     			
				$perm_list.="</table>";	
				
				$tab.=$perm_list;
			}
			
		}	
		
		display_xml_response("<rslt>1</rslt><mrrTab><![CDATA[".$tab."]]></mrrTab>");	
	}
Пример #2
0
					$perm_list.=	"<td valign='top'><b>".trim($rowt['template_name'])."</b></td>";
					$perm_list.=	"<td valign='top' colspan='4'>&nbsp;</td>";
					$perm_list.=	"<td valign='top'><input type='button' class='buttonize btn btn-default add_new_btn' onclick='toggle_template(".$rowt['template_id'].");' value='Toggle'></td>";
					$perm_list.="</tr>";
					$perm_list.="<tr class='access_editor_hdr'>";				
					$perm_list.=	"<td valign='top' class='access_editor_cell'><b>&nbsp;</b></td>";				
					$perm_list.=	"<td valign='top' class='access_editor_cell'><b>Sort Order</b></td>";
					$perm_list.=	"<td valign='top' class='access_editor_cell'><b>Document Type</b></td>";
					$perm_list.=	"<td valign='top' class='access_editor_cell'><b>Tool Tip</b></td>";
					$perm_list.=	"<td valign='top' class='access_editor_cell'><b>Min Access</b></td>";				
					$perm_list.=	"<td valign='top' class='access_editor_cell'><b>Allow View</b></td>";
					$perm_list.="</tr>";
				}
				$last_template=trim($rowt['template_name']);
								     			
     			$get_valid=get_access_value($row['id'],0,$rowt['id'],'view_template_item');	//level,user,template-item,action
				if($get_valid < 0)	
				{
					add_access_value($row['id'],0,$rowt['id'],'view_template_item');			//level,user,template-item,action
					$get_valid=0;
				}
								
				$perm_list.="<tr>";				
				$perm_list.=	"<td valign='top'>&nbsp;</td>";				
				$perm_list.=	"<td valign='top'>".trim($rowt['zorder'])."</td>";
				$perm_list.=	"<td valign='top'>".trim($rowt['item_label'])."</td>";
				$perm_list.=	"<td valign='top'>".trim($rowt['title_text'])."</td>";
				$perm_list.=	"<td valign='top'>".trim($rowt['min_access'])."</td>";				
				$perm_list.=	"<td valign='top'>
								<label for='view_template_item_".$icntr."'>View Documents</label> 
								<input type='checkbox' name='view_template_item_".$icntr."' id='view_template_item_".$icntr."' value='".$rowt['id']."'".($get_valid > 0 ? " checked" : "")." class='template_item_views template_".$rowt['template_id']."_viewer'>