function GetDropdown($FORM_ID, $PERMISSION = array("MOVE"), $OWNER_ID = 0) { $err_mess = CFormStatus::err_mess() . "<br>Function: GetDropdown<br>Line: "; global $DB, $USER, $strError; $FORM_ID = intval($FORM_ID); if (CForm::IsAdmin()) { $strSql = "\n\t\t\t\tSELECT\n\t\t\t\t\tS.ID\t\t\t\t\t\t\t\tREFERENCE_ID,\n\t\t\t\t\tconcat('[',S.ID,'] ',S.TITLE)\t\tREFERENCE\n\t\t\t\tFROM\n\t\t\t\t\tb_form_status S\n\t\t\t\tWHERE\n\t\t\t\t\tS.FORM_ID = {$FORM_ID}\n\t\t\t\tand S.ACTIVE = 'Y'\n\t\t\t\tORDER BY S.C_SORT\n\t\t\t\t"; } else { if (is_array($PERMISSION)) { $arrPERMISSION = $PERMISSION; } else { if (intval($PERMISSION) == 2) { $PERMISSION = "MOVE"; } if (intval($PERMISSION) == 1) { $PERMISSION = "VIEW, MOVE"; } $arrPERMISSION = explode(",", $PERMISSION); } $str = "''"; $arrPERM = array(); if (is_array($arrPERMISSION) && count($arrPERMISSION) > 0) { foreach ($arrPERMISSION as $perm) { $arrPERM[] = trim($perm); $str .= ",'" . $DB->ForSql(trim($perm)) . "'"; } } $arGroups = $USER->GetUserGroupArray(); if (!is_array($arGroups)) { $arGroups[] = 2; } if ($OWNER_ID == $USER->GetID() || in_array("VIEW", $arrPERM) && in_array("MOVE", $arrPERM)) { $arGroups[] = 0; } if (is_array($arGroups) && count($arGroups) > 0) { $groups = implode(",", $arGroups); } $strSql = "\n\t\t\t\tSELECT\n\t\t\t\t\tS.ID\t\t\t\t\t\t\t\tREFERENCE_ID,\n\t\t\t\t\tconcat('[',S.ID,'] ',S.TITLE)\t\tREFERENCE\n\t\t\t\tFROM\n\t\t\t\t\tb_form_status S,\n\t\t\t\t\tb_form_status_2_group G\n\t\t\t\tWHERE\n\t\t\t\t\tS.FORM_ID = {$FORM_ID}\n\t\t\t\tand S.ACTIVE = 'Y'\n\t\t\t\tand G.STATUS_ID = S.ID\n\t\t\t\tand G.GROUP_ID in ({$groups})\n\t\t\t\tand G.PERMISSION in ({$str})\n\t\t\t\tGROUP BY\n\t\t\t\t\tS.ID, S.TITLE\n\t\t\t\tORDER BY S.C_SORT\n\t\t\t\t"; } //echo "<pre>".$strSql."</pre>"; $z = $DB->Query($strSql, false, $err_mess . __LINE__); return $z; }
public static function GetDropdown($FORM_ID, $PERMISSION = array("MOVE"), $OWNER_ID=0) { $err_mess = (CFormStatus::err_mess())."<br>Function: GetDropdown<br>Line: "; global $DB, $USER, $strError; $FORM_ID = intval($FORM_ID); if (CForm::IsAdmin()) { $strSql = " SELECT S.ID REFERENCE_ID, concat('[',S.ID,'] ',S.TITLE) REFERENCE FROM b_form_status S WHERE S.FORM_ID = $FORM_ID and S.ACTIVE = 'Y' ORDER BY S.C_SORT "; } else { if (is_array($PERMISSION)) $arrPERMISSION = $PERMISSION; else { if (intval($PERMISSION)==2) $PERMISSION = "MOVE"; if (intval($PERMISSION)==1) $PERMISSION = "VIEW, MOVE"; $arrPERMISSION = explode(",",$PERMISSION); } $str = "''"; $arrPERM = array(); if (is_array($arrPERMISSION) && count($arrPERMISSION)>0) { foreach ($arrPERMISSION as $perm) { $arrPERM[] = trim($perm); $str .= ",'".$DB->ForSql(trim($perm))."'"; } } $arGroups = $USER->GetUserGroupArray(); if (!is_array($arGroups)) $arGroups[] = 2; if ($OWNER_ID==$USER->GetID() || (in_array("VIEW",$arrPERM) && in_array("MOVE",$arrPERM))) $arGroups[] = 0; if (is_array($arGroups) && count($arGroups)>0) $groups = implode(",",$arGroups); $strSql = " SELECT S.ID REFERENCE_ID, concat('[',S.ID,'] ',S.TITLE) REFERENCE FROM b_form_status S, b_form_status_2_group G WHERE S.FORM_ID = $FORM_ID and S.ACTIVE = 'Y' and G.STATUS_ID = S.ID and G.GROUP_ID in ($groups) and G.PERMISSION in ($str) GROUP BY S.ID, S.TITLE ORDER BY S.C_SORT "; } //echo "<pre>".$strSql."</pre>"; $z = $DB->Query($strSql, false, $err_mess.__LINE__); return $z; }