2017-08-04 16:28:16 +02:00
< ? php
2020-09-07 15:04:06 +02:00
/*
* OpenSTAManager : il software gestionale open source per l ' assistenza tecnica e la fatturazione
* Copyright ( C ) DevCode s . n . c .
*
* This program is free software : you can redistribute it and / or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation , either version 3 of the License , or
* ( at your option ) any later version .
*
* This program is distributed in the hope that it will be useful ,
* but WITHOUT ANY WARRANTY ; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
* GNU General Public License for more details .
*
* You should have received a copy of the GNU General Public License
* along with this program . If not , see < https :// www . gnu . org / licenses />.
*/
2017-08-04 16:28:16 +02:00
include_once __DIR__ . '/core.php' ;
2019-07-26 17:40:52 +02:00
use Models\Note ;
2019-08-28 16:58:47 +02:00
use Models\OperationLog ;
2019-07-29 13:16:55 +02:00
use Modules\Checklists\Check ;
2019-07-29 17:42:24 +02:00
use Modules\Checklists\Checklist ;
2019-08-29 10:25:14 +02:00
use Modules\Emails\Template ;
2020-02-05 10:05:15 +01:00
use Notifications\EmailNotification ;
2019-07-26 11:57:59 +02:00
2018-09-19 10:44:32 +02:00
if ( empty ( $structure ) || empty ( $structure [ 'enabled' ])) {
2018-07-18 16:12:25 +02:00
die ( tr ( 'Accesso negato' ));
}
2020-09-23 13:36:37 +02:00
$upload_dir = base_dir () . '/' . Uploads :: getDirectory ( $id_module , $id_plugin );
2017-08-28 09:49:38 +02:00
2018-08-09 15:33:01 +02:00
$database -> beginTransaction ();
2017-08-04 16:28:16 +02:00
2019-07-05 12:28:19 +02:00
// Upload allegati e rimozione
2017-08-04 16:28:16 +02:00
if ( filter ( 'op' ) == 'link_file' || filter ( 'op' ) == 'unlink_file' ) {
// Controllo sui permessi di scrittura per il modulo
if ( Modules :: getPermission ( $id_module ) != 'rw' ) {
2018-07-19 17:29:21 +02:00
flash () -> error ( tr ( 'Non hai permessi di scrittura per il modulo _MODULE_' , [
2017-09-22 15:19:59 +02:00
'_MODULE_' => '"' . Modules :: get ( $id_module )[ 'name' ] . '"' ,
2018-07-07 13:56:22 +02:00
]));
2017-08-04 16:28:16 +02:00
}
// Controllo sui permessi di scrittura per il file system
2017-09-11 17:49:03 +02:00
elseif ( ! directory ( $upload_dir )) {
2018-07-19 17:29:21 +02:00
flash () -> error ( tr ( 'Non hai i permessi di scrittura nella cartella _DIR_!' , [
2017-09-10 14:35:41 +02:00
'_DIR_' => '"files"' ,
2018-07-07 13:56:22 +02:00
]));
2017-08-04 16:28:16 +02:00
}
// Gestione delle operazioni
else {
// UPLOAD
2020-06-17 17:44:16 +02:00
if ( filter ( 'op' ) == 'link_file' && ! empty ( $_FILES ) && ! empty ( $_FILES [ 'file' ][ 'name' ])) {
$upload = Uploads :: upload ( $_FILES [ 'file' ], [
2018-07-03 11:12:32 +02:00
'name' => filter ( 'nome_allegato' ),
'category' => filter ( 'categoria' ),
'id_module' => $id_module ,
'id_plugin' => $id_plugin ,
2018-07-03 21:22:29 +02:00
'id_record' => $id_record ,
2018-07-03 11:12:32 +02:00
]);
2018-05-22 17:42:19 +02:00
2017-09-10 14:35:41 +02:00
// Creazione file fisico
2018-07-03 21:22:29 +02:00
if ( ! empty ( $upload )) {
2018-07-19 17:29:21 +02:00
flash () -> info ( tr ( 'File caricato correttamente!' ));
2017-09-10 14:35:41 +02:00
} else {
2018-07-19 17:29:21 +02:00
flash () -> error ( tr ( 'Errore durante il caricamento del file!' ));
2017-09-10 14:35:41 +02:00
}
2017-08-04 16:28:16 +02:00
}
// DELETE
elseif ( filter ( 'op' ) == 'unlink_file' && filter ( 'filename' ) !== null ) {
2018-07-03 21:22:29 +02:00
$name = Uploads :: delete ( filter ( 'filename' ), [
'id_module' => $id_module ,
'id_plugin' => $id_plugin ,
'id_record' => $id_record ,
]);
2017-08-04 16:28:16 +02:00
2018-07-03 21:22:29 +02:00
if ( ! empty ( $name )) {
2018-07-19 17:29:21 +02:00
flash () -> info ( tr ( 'File _FILE_ eliminato!' , [
2018-07-03 21:22:29 +02:00
'_FILE_' => '"' . $name . '"' ,
2018-07-07 13:56:22 +02:00
]));
2018-07-03 21:22:29 +02:00
} else {
2018-07-19 17:29:21 +02:00
flash () -> error ( tr ( " Errore durante l'eliminazione del file! " ));
2017-08-04 16:28:16 +02:00
}
}
2020-09-23 17:53:19 +02:00
redirect ( base_path () . '/editor.php?id_module=' . $id_module . '&id_record=' . $id_record . (( ! empty ( $options [ 'id_plugin' ])) ? '#tab_' . $options [ 'id_plugin' ] : '' ));
2017-08-04 16:28:16 +02:00
}
2019-07-05 12:28:19 +02:00
}
// Download allegati
elseif ( filter ( 'op' ) == 'download_file' ) {
2017-08-28 09:49:38 +02:00
$rs = $dbo -> fetchArray ( 'SELECT * FROM zz_files WHERE id_module=' . prepare ( $id_module ) . ' AND id=' . prepare ( filter ( 'id' )) . ' AND filename=' . prepare ( filter ( 'filename' )));
2017-09-11 17:49:03 +02:00
download ( $upload_dir . '/' . $rs [ 0 ][ 'filename' ], $rs [ 0 ][ 'original' ]);
2019-07-05 12:28:19 +02:00
}
2019-07-31 11:52:13 +02:00
// Modifica nome della categoria degli allegati
elseif ( filter ( 'op' ) == 'upload_category' ) {
$category = post ( 'category' );
$name = post ( 'name' );
$uploads = $structure -> uploads ( $id_record ) -> where ( 'category' , $category );
foreach ( $uploads as $upload ) {
$upload -> category = $name ;
$upload -> save ();
}
}
2019-07-05 12:28:19 +02:00
// Validazione dati
elseif ( filter ( 'op' ) == 'validate' ) {
// Lettura informazioni di base
$init = $structure -> filepath ( 'init.php' );
if ( ! empty ( $init )) {
include_once $init ;
}
// Validazione del campo
$validation = $structure -> filepath ( 'validation.php' );
if ( ! empty ( $validation )) {
include_once $validation ;
}
echo json_encode ( $response );
return ;
}
2019-07-26 11:57:59 +02:00
// Aggiunta nota interna
elseif ( filter ( 'op' ) == 'add_nota' ) {
$contenuto = post ( 'contenuto' );
$data_notifica = post ( 'data_notifica' ) ? : null ;
$nota = Note :: build ( $user , $structure , $id_record , $contenuto , $data_notifica );
flash () -> info ( tr ( 'Nota interna aggiunta correttamente!' ));
}
2019-07-30 16:50:10 +02:00
// Rimozione data di notifica dalla nota interna
elseif ( filter ( 'op' ) == 'notification_nota' ) {
$id_nota = post ( 'id_nota' );
$nota = Note :: find ( $id_nota );
$nota -> notification_date = null ;
$nota -> save ();
flash () -> info ( tr ( 'Data di notifica rimossa dalla nota interna!' ));
}
2019-07-26 16:24:20 +02:00
// Rimozione nota interna
elseif ( filter ( 'op' ) == 'delete_nota' ) {
2019-07-26 11:57:59 +02:00
$id_nota = post ( 'id_nota' );
$nota = Note :: find ( $id_nota );
$nota -> delete ();
flash () -> info ( tr ( 'Nota interna aggiunta correttamente!' ));
}
2019-07-29 17:42:24 +02:00
// Clonazione di una checklist
elseif ( filter ( 'op' ) == 'clone_checklist' ) {
$content = post ( 'content' );
$checklist_id = post ( 'checklist' );
2019-07-30 16:50:10 +02:00
$users = post ( 'assigned_users' );
$users = array_clean ( $users );
$group_id = post ( 'group_id' );
2019-07-29 17:42:24 +02:00
$checklist = Checklist :: find ( $checklist_id );
2019-07-30 16:50:10 +02:00
$checklist -> copia ( $user , $id_record , $users , $group_id );
2019-07-29 17:42:24 +02:00
}
// Aggiunta check alla checklist
2019-07-26 16:24:20 +02:00
elseif ( filter ( 'op' ) == 'add_check' ) {
$content = post ( 'content' );
$parent_id = post ( 'parent' ) ? : null ;
2019-07-30 16:50:10 +02:00
$users = post ( 'assigned_users' );
$users = array_clean ( $users );
$group_id = post ( 'group_id' );
2019-07-26 16:24:20 +02:00
2019-07-30 16:50:10 +02:00
$check = Check :: build ( $user , $structure , $id_record , $content , $parent_id );
$check -> setAccess ( $users , $group_id );
2019-07-26 16:24:20 +02:00
}
2019-07-29 17:42:24 +02:00
// Rimozione di un check della checklist
2019-07-26 16:24:20 +02:00
elseif ( filter ( 'op' ) == 'delete_check' ) {
$check_id = post ( 'check_id' );
2019-07-26 18:05:19 +02:00
$check = Check :: find ( $check_id );
2019-07-26 16:24:20 +02:00
2019-07-30 16:50:10 +02:00
if ( ! empty ( $check ) && $check -> user -> id == $user -> id ) {
2019-07-29 13:16:55 +02:00
$check -> delete ();
2019-07-30 16:50:10 +02:00
} else {
flash () -> error ( tr ( 'Impossibile eliminare il check!' ));
2019-07-29 13:16:55 +02:00
}
2019-07-26 16:24:20 +02:00
}
// Gestione check per le checklist
elseif ( filter ( 'op' ) == 'toggle_check' ) {
$check_id = post ( 'check_id' );
2019-07-26 18:05:19 +02:00
$check = Check :: find ( $check_id );
2019-07-26 16:24:20 +02:00
2019-07-30 16:50:10 +02:00
if ( ! empty ( $check ) && $check -> assignedUsers -> pluck ( 'id' ) -> search ( $user -> id ) !== false ) {
2019-07-30 17:44:15 +02:00
$check -> toggleCheck ( $user );
2019-07-30 16:50:10 +02:00
} else {
flash () -> error ( tr ( 'Impossibile cambiare lo stato del check!' ));
}
}
// Gestione ordine per le checklist
elseif ( filter ( 'op' ) == 'sort_checks' ) {
$ids = explode ( ',' , $_POST [ 'order' ]);
$order = 0 ;
foreach ( $ids as $id ) {
$dbo -> query ( 'UPDATE `zz_checks` SET `order` = ' . prepare ( $order ) . ' WHERE id = ' . prepare ( $id ));
++ $order ;
2019-07-26 16:24:20 +02:00
}
}
2019-08-26 18:02:05 +02:00
// Inizializzazione email
2019-07-05 12:28:19 +02:00
elseif ( post ( 'op' ) == 'send-email' ) {
2019-08-29 10:25:14 +02:00
$template = Template :: find ( post ( 'template' ));
2018-06-26 14:26:40 +02:00
2019-08-29 10:25:14 +02:00
$mail = \Modules\Emails\Mail :: build ( $user , $template , $id_record );
2018-02-20 17:57:16 +01:00
2019-06-04 20:45:40 +02:00
// Rimozione allegati predefiniti
2019-08-26 18:02:05 +02:00
$mail -> resetPrints ();
2019-06-04 20:45:40 +02:00
2018-09-20 14:41:01 +02:00
// Destinatari
2018-09-28 16:43:40 +02:00
$receivers = array_clean ( post ( 'destinatari' ));
2018-09-20 14:41:01 +02:00
$types = post ( 'tipo_destinatari' );
foreach ( $receivers as $key => $receiver ) {
$mail -> addReceiver ( $receiver , $types [ $key ]);
2018-02-21 17:47:43 +01:00
}
2018-02-20 17:57:16 +01:00
2018-09-20 14:41:01 +02:00
// Contenuti
2019-08-26 18:02:05 +02:00
$mail -> subject = post ( 'subject' );
$mail -> content = post ( 'body' );
// Conferma di lettura
$mail -> read_notify = post ( 'read_notify' );
2018-02-20 17:57:16 +01:00
2020-03-31 19:52:58 +02:00
// Stampe da allegare
$prints = post ( 'prints' );
foreach ( $prints as $print ) {
$mail -> addPrint ( $print );
}
2018-09-20 14:41:01 +02:00
// Allegati originali
2019-08-29 10:25:14 +02:00
$files = post ( 'uploads' );
2018-11-23 15:17:52 +01:00
foreach ( $files as $file ) {
2019-08-29 10:25:14 +02:00
$mail -> addUpload ( $file );
2018-09-20 14:41:01 +02:00
}
2018-02-20 17:57:16 +01:00
2020-03-31 20:34:31 +02:00
// Salvataggio email nella coda di invio
2019-08-26 18:02:05 +02:00
$mail -> save ();
2019-09-11 18:21:40 +02:00
2020-02-05 10:05:15 +01:00
// Invio mail istantaneo
2020-03-31 19:52:58 +02:00
$email = EmailNotification :: build ( $mail );
2020-02-05 10:05:15 +01:00
$email_success = $email -> send ();
2020-02-05 14:51:39 +01:00
if ( $email_success ) {
2020-02-05 10:05:15 +01:00
OperationLog :: setInfo ( 'id_email' , $mail -> id );
flash () -> info ( tr ( 'Email inviata correttamente!' ));
} else {
$mail -> delete ();
flash () -> error ( tr ( 'Errore durante l\'invio email! Verifica i parametri dell\'account SMTP utilizzato.' ));
}
2020-08-20 15:59:13 +02:00
} elseif ( filter ( 'op' ) == 'aggiorna_colonne' ) {
2020-09-23 13:36:37 +02:00
include_once base_dir () . '/include/colonne.php' ;
2020-12-22 16:11:48 +01:00
} elseif ( filter ( 'op' ) == 'toggle_colonna' ) {
$visible = filter ( 'visible' );
$id_riga = filter ( 'id_vista' );
$dbo -> query ( 'UPDATE `zz_views` SET `visible` = ' . prepare ( $visible ) . ' WHERE id = ' . prepare ( $id_riga ));
} elseif ( filter ( 'op' ) == 'ordina_colonne' ) {
$order = explode ( ',' , post ( 'order' , true ));
foreach ( $order as $i => $id_riga ) {
$dbo -> query ( 'UPDATE `zz_views` SET `order` = ' . prepare ( $i ) . ' WHERE id=' . prepare ( $id_riga ));
}
2020-07-06 13:19:20 +02:00
} elseif ( filter ( 'op' ) == 'visualizza_righe_riferimenti' ) {
2020-09-23 13:36:37 +02:00
include_once base_dir () . '/include/riferimenti/righe_riferimenti.php' ;
2020-07-06 13:19:20 +02:00
} elseif ( filter ( 'op' ) == 'visualizza_righe_documento' ) {
2020-09-23 13:36:37 +02:00
include_once base_dir () . '/include/riferimenti/righe_documento.php' ;
2020-07-06 13:19:20 +02:00
} elseif ( filter ( 'op' ) == 'salva_riferimento_riga' ) {
$database -> insert ( 'co_riferimenti_righe' , [
'source_type' => filter ( 'source_type' ),
'source_id' => filter ( 'source_id' ),
'target_type' => filter ( 'target_type' ),
'target_id' => filter ( 'target_id' ),
]);
} elseif ( filter ( 'op' ) == 'rimuovi_riferimento_riga' ) {
$database -> delete ( 'co_riferimenti_righe' , [
'source_type' => filter ( 'source_type' ),
'source_id' => filter ( 'source_id' ),
'target_type' => filter ( 'target_type' ),
'target_id' => filter ( 'target_id' ),
]);
2017-08-04 16:28:16 +02:00
}
2018-07-18 16:12:25 +02:00
// Inclusione di eventuale plugin personalizzato
2018-09-19 10:44:32 +02:00
if ( ! empty ( $structure [ 'script' ])) {
include $structure -> getEditFile ();
2017-08-04 16:28:16 +02:00
2018-08-11 15:37:38 +02:00
$database -> commitTransaction ();
2018-07-02 15:41:38 +02:00
2018-07-18 16:12:25 +02:00
return ;
}
2017-08-04 16:28:16 +02:00
2018-07-18 16:12:25 +02:00
// Lettura risultato query del modulo
2018-09-19 10:44:32 +02:00
$init = $structure -> filepath ( 'init.php' );
2018-07-19 12:47:28 +02:00
if ( ! empty ( $init )) {
include_once $init ;
}
2017-08-04 16:28:16 +02:00
2018-07-18 16:12:25 +02:00
// Retrocompatibilità
if ( ! isset ( $record ) && isset ( $records [ 0 ])) {
$record = $records [ 0 ];
2018-07-19 09:58:28 +02:00
} elseif ( ! isset ( $records [ 0 ]) && isset ( $record )) {
$records = [ $record ];
2018-07-19 12:47:28 +02:00
} elseif ( ! isset ( $record )) {
$record = [];
$records = [ $record ];
2018-07-18 16:12:25 +02:00
}
2018-07-18 14:50:46 +02:00
2018-07-18 16:12:25 +02:00
// Registrazione del record
HTMLBuilder\HTMLBuilder :: setRecord ( $record );
2018-09-19 10:44:32 +02:00
if ( $structure -> permission == 'rw' ) {
2018-07-18 16:12:25 +02:00
// Esecuzione delle operazioni di gruppo
$id_records = post ( 'id_records' );
$id_records = is_array ( $id_records ) ? $id_records : explode ( ';' , $id_records );
2018-09-28 16:43:40 +02:00
$id_records = array_clean ( $id_records );
2018-07-18 16:12:25 +02:00
$id_records = array_unique ( $id_records );
2018-09-19 10:44:32 +02:00
$bulk = $structure -> filepath ( 'bulk.php' );
2018-07-19 12:47:28 +02:00
$bulk = empty ( $bulk ) ? [] : include $bulk ;
2018-07-18 16:12:25 +02:00
$bulk = empty ( $bulk ) ? [] : $bulk ;
if ( in_array ( post ( 'op' ), array_keys ( $bulk ))) {
2020-09-23 17:53:19 +02:00
redirect ( base_path () . '/controller.php?id_module=' . $id_module , 'js' );
2018-07-18 16:12:25 +02:00
} else {
// Esecuzione delle operazioni del modulo
2020-10-20 10:46:34 +02:00
( $include_file = $structure -> filepath ( 'actions.php' )) ? include $include_file : null ;
2018-07-18 16:12:25 +02:00
// Operazioni generiche per i campi personalizzati
if ( post ( 'op' ) != null ) {
2019-02-19 18:34:44 +01:00
$custom_where = ! empty ( $id_plugin ) ? '`id_plugin` = ' . prepare ( $id_plugin ) : '`id_module` = ' . prepare ( $id_module );
$query = 'SELECT `id`, `html_name` AS `name` FROM `zz_fields` WHERE ' . $custom_where ;
2018-07-18 16:12:25 +02:00
$customs = $dbo -> fetchArray ( $query );
2020-10-29 16:48:37 +01:00
if ( ! string_starts_with ( post ( 'op' ), 'delete' )) {
2018-07-18 16:12:25 +02:00
$values = [];
foreach ( $customs as $custom ) {
2018-07-19 15:33:32 +02:00
if ( post ( $custom [ 'name' ]) !== null ) {
$values [ $custom [ 'id' ]] = post ( $custom [ 'name' ]);
2018-02-15 17:30:42 +01:00
}
2018-07-18 16:12:25 +02:00
}
// Inserimento iniziale
2020-10-29 16:48:37 +01:00
if ( string_starts_with ( post ( 'op' ), 'add' )) {
2018-07-18 16:12:25 +02:00
// Informazioni di log
Filter :: set ( 'get' , 'id_record' , $id_record );
2018-02-10 17:24:16 +01:00
2018-07-18 16:12:25 +02:00
foreach ( $values as $key => $value ) {
$dbo -> insert ( 'zz_field_record' , [
'id_record' => $id_record ,
'id_field' => $key ,
'value' => $value ,
]);
2018-02-10 17:24:16 +01:00
}
2018-07-18 16:12:25 +02:00
}
2018-02-10 17:24:16 +01:00
2018-07-18 16:12:25 +02:00
// Aggiornamento
2020-10-29 16:48:37 +01:00
elseif ( string_starts_with ( post ( 'op' ), 'update' )) {
2019-02-19 18:34:44 +01:00
$query = 'SELECT `zz_field_record`.`id_field` FROM `zz_field_record` JOIN `zz_fields` ON `zz_fields`.`id` = `zz_field_record`.`id_field` WHERE id_record = ' . prepare ( $id_record ) . ' AND ' . $custom_where ;
$customs_present = $dbo -> fetchArray ( $query );
$customs_present = array_column ( $customs_present , 'id_field' );
2018-07-18 16:12:25 +02:00
foreach ( $values as $key => $value ) {
2019-02-19 18:34:44 +01:00
if ( in_array ( $key , $customs_present )) {
$dbo -> update ( 'zz_field_record' , [
'value' => $value ,
], [
'id_record' => $id_record ,
'id_field' => $key ,
]);
} else {
$dbo -> insert ( 'zz_field_record' , [
'id_record' => $id_record ,
'id_field' => $key ,
'value' => $value ,
]);
}
2018-02-10 17:24:16 +01:00
}
}
2018-07-18 16:12:25 +02:00
}
2018-02-10 17:24:16 +01:00
2018-07-18 16:12:25 +02:00
// Eliminazione
elseif ( ! empty ( $customs )) {
$dbo -> query ( 'DELETE FROM `zz_field_record` WHERE `id_record` = ' . prepare ( $id_record ) . ' AND `id_field` IN (' . implode ( ',' , array_column ( $customs , 'id' )) . ')' );
2018-02-10 17:24:16 +01:00
}
2017-08-04 16:28:16 +02:00
}
}
}
2018-08-09 15:33:01 +02:00
$database -> commitTransaction ();