openstamanager/actions.php

501 lines
16 KiB
PHP
Raw Normal View History

<?php
2020-09-07 15:04:06 +02:00
/*
* OpenSTAManager: il software gestionale open source per l'assistenza tecnica e la fatturazione
2021-01-20 15:08:51 +01:00
* Copyright (C) DevCode s.r.l.
2020-09-07 15:04:06 +02:00
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
include_once __DIR__.'/core.php';
2019-07-26 17:40:52 +02:00
use Models\Note;
2019-08-28 16:58:47 +02:00
use Models\OperationLog;
use Models\Upload;
2019-07-29 13:16:55 +02:00
use Modules\Checklists\Check;
2019-07-29 17:42:24 +02:00
use Modules\Checklists\Checklist;
2019-08-29 10:25:14 +02:00
use Modules\Emails\Template;
use Notifications\EmailNotification;
2019-07-26 11:57:59 +02:00
2018-09-19 10:44:32 +02:00
if (empty($structure) || empty($structure['enabled'])) {
2021-02-18 18:48:44 +01:00
exit(tr('Accesso negato'));
}
$upload_dir = base_dir().'/'.Uploads::getDirectory($id_module, $id_plugin);
$database->beginTransaction();
2019-07-05 12:28:19 +02:00
// Upload allegati e rimozione
if (filter('op') == 'aggiungi-allegato' || filter('op') == 'rimuovi-allegato') {
// Controllo sui permessi di scrittura per il modulo
if (Modules::getPermission($id_module) != 'rw') {
2018-07-19 17:29:21 +02:00
flash()->error(tr('Non hai permessi di scrittura per il modulo _MODULE_', [
'_MODULE_' => '"'.Modules::get($id_module)['name'].'"',
]));
}
// Controllo sui permessi di scrittura per il file system
elseif (!directory($upload_dir)) {
2018-07-19 17:29:21 +02:00
flash()->error(tr('Non hai i permessi di scrittura nella cartella _DIR_!', [
'_DIR_' => '"files"',
]));
}
// Gestione delle operazioni
else {
2022-07-31 19:20:49 +02:00
//UPLOAD PER CKEDITOR
if (filter('op') == 'aggiungi-allegato' && !empty($_FILES) && !empty($_FILES['upload']['name'])) {
$CKEditor = get('CKEditor');
$funcNum = get('CKEditorFuncNum');
2022-07-31 19:20:49 +02:00
$allowed_extension = array(
"png","jpg","jpeg"
);
//Maximum file limit (unit: byte)
$max_size='2097152'; //2MB
2022-07-31 19:20:49 +02:00
// Get image file extension
$file_extension = pathinfo($_FILES["upload"]["name"], PATHINFO_EXTENSION);
if(in_array(strtolower($file_extension),$allowed_extension) && $_FILES["upload"]['size']<$max_size){
2022-07-31 19:20:49 +02:00
$upload = Uploads::upload($_FILES['upload'], [
'name' => filter('nome_allegato'),
'category' => filter('categoria'),
'id_module' => Modules::get('Gestione documentale')['id'],
'id_record' => $id_record,
]);
echo '
<link rel="stylesheet" type="text/css" href="'.$baseurl.'/assets/dist/css/app.min.css" />';
echo '
<script src="'.$baseurl.'/assets/dist/js/app.min.js"></script>';
2022-07-31 19:20:49 +02:00
// Creazione file fisico
if (!empty($upload)) {
//flash()->info(tr('File caricato correttamente!'));
2022-07-31 19:20:49 +02:00
$id_allegato = $dbo->lastInsertedID();
$upload = Upload::find($id_allegato);
echo '
<script type="text/javascript">
$(document).ready(function() {
window.parent.toastr.success("'.tr('Caricamento riuscito').'");
window.parent.CKEDITOR.tools.callFunction('.$funcNum.', "'.$baseurl.'/'.$upload->filepath.'");
});
</script>';
2022-07-31 19:20:49 +02:00
2022-07-31 19:20:49 +02:00
} else {
//flash()->error(tr('Errore durante il caricamento del file!'));
echo '<script type="text/javascript"> window.parent.toastr.error("'.tr('Errore durante il caricamento del file!').'"); </script>';
2022-07-31 19:20:49 +02:00
}
}else{
//flash()->error(tr('Estensione non permessa!'));
echo '<script type="text/javascript"> window.parent.toastr.error("'.tr('Estensione non permessa').'"); </script>';
2022-07-31 19:20:49 +02:00
}
exit();
}
// UPLOAD
if (filter('op') == 'aggiungi-allegato' && !empty($_FILES) && !empty($_FILES['file']['name'])) {
$upload = Uploads::upload($_FILES['file'], [
'name' => filter('nome_allegato'),
'category' => filter('categoria'),
'id_module' => $id_module,
'id_plugin' => $id_plugin,
'id_record' => $id_record,
]);
2018-05-22 17:42:19 +02:00
// Creazione file fisico
if (!empty($upload)) {
2018-07-19 17:29:21 +02:00
flash()->info(tr('File caricato correttamente!'));
} else {
2018-07-19 17:29:21 +02:00
flash()->error(tr('Errore durante il caricamento del file!'));
}
}
// DELETE
elseif (filter('op') == 'rimuovi-allegato' && filter('filename') !== null) {
$name = Uploads::delete(filter('filename'), [
'id_module' => $id_module,
'id_plugin' => $id_plugin,
'id_record' => $id_record,
]);
if (!empty($name)) {
2018-07-19 17:29:21 +02:00
flash()->info(tr('File _FILE_ eliminato!', [
'_FILE_' => '"'.$name.'"',
]));
} else {
2018-07-19 17:29:21 +02:00
flash()->error(tr("Errore durante l'eliminazione del file!"));
}
}
redirect(base_path().'/editor.php?id_module='.$id_module.'&id_record='.$id_record.((!empty($options['id_plugin'])) ? '#tab_'.$options['id_plugin'] : ''));
}
2019-07-05 12:28:19 +02:00
}
// Download allegati
elseif (filter('op') == 'download-allegato') {
$rs = $dbo->fetchArray('SELECT * FROM zz_files WHERE id_module='.prepare($id_module).' AND id='.prepare(filter('id')).' AND filename='.prepare(filter('filename')));
download($upload_dir.'/'.$rs[0]['filename'], $rs[0]['original']);
} elseif (filter('op') == 'visualizza-modifica-allegato') {
include_once base_dir().'/include/modifica_allegato.php';
}
// Modifica dati di un allegato
elseif (filter('op') == 'modifica-allegato') {
$id_allegato = filter('id_allegato');
2022-07-22 14:40:32 +02:00
$upload = Upload::find($id_allegato);
2022-07-22 14:40:32 +02:00
$upload->name = post('nome_allegato');
$upload->category = post('categoria_allegato');
2022-07-22 14:40:32 +02:00
$upload->save();
}
// Modifica nome della categoria degli allegati
elseif (filter('op') == 'modifica-categoria-allegato') {
$category = post('category');
$name = post('name');
$uploads = $structure->uploads($id_record)->where('category', $category);
foreach ($uploads as $upload) {
$upload->category = $name;
$upload->save();
}
}
2019-07-05 12:28:19 +02:00
// Validazione dati
elseif (filter('op') == 'validate') {
// Lettura informazioni di base
$init = $structure->filepath('init.php');
if (!empty($init)) {
include_once $init;
}
// Validazione del campo
$validation = $structure->filepath('validation.php');
if (!empty($validation)) {
include_once $validation;
}
echo json_encode($response);
return;
}
2019-07-26 11:57:59 +02:00
// Aggiunta nota interna
elseif (filter('op') == 'aggiungi-nota') {
2019-07-26 11:57:59 +02:00
$contenuto = post('contenuto');
$data_notifica = post('data_notifica') ?: null;
$nota = Note::build($user, $structure, $id_record, $contenuto, $data_notifica);
flash()->info(tr('Nota interna aggiunta correttamente!'));
}
2019-07-30 16:50:10 +02:00
// Rimozione data di notifica dalla nota interna
elseif (filter('op') == 'rimuovi-notifica-nota') {
2019-07-30 16:50:10 +02:00
$id_nota = post('id_nota');
$nota = Note::find($id_nota);
$nota->notification_date = null;
$nota->save();
flash()->info(tr('Data di notifica rimossa dalla nota interna!'));
}
2019-07-26 16:24:20 +02:00
// Rimozione nota interna
elseif (filter('op') == 'rimuovi-nota') {
2019-07-26 11:57:59 +02:00
$id_nota = post('id_nota');
$nota = Note::find($id_nota);
$nota->delete();
flash()->info(tr('Nota interna aggiunta correttamente!'));
}
2019-07-29 17:42:24 +02:00
// Clonazione di una checklist
elseif (filter('op') == 'copia-checklist') {
2019-07-29 17:42:24 +02:00
$content = post('content');
$checklist_id = post('checklist');
2019-07-30 16:50:10 +02:00
$users = post('assigned_users');
$users = array_clean($users);
$group_id = post('group_id');
2019-07-29 17:42:24 +02:00
$checklist = Checklist::find($checklist_id);
2019-07-30 16:50:10 +02:00
$checklist->copia($user, $id_record, $users, $group_id);
2019-07-29 17:42:24 +02:00
}
// Aggiunta check alla checklist
elseif (filter('op') == 'aggiungi-check') {
2019-07-26 16:24:20 +02:00
$content = post('content');
$parent_id = post('parent') ?: null;
2019-07-30 16:50:10 +02:00
$users = post('assigned_users');
$users = array_clean($users);
$group_id = post('group_id');
2019-07-26 16:24:20 +02:00
2019-07-30 16:50:10 +02:00
$check = Check::build($user, $structure, $id_record, $content, $parent_id);
$check->setAccess($users, $group_id);
2019-07-26 16:24:20 +02:00
}
2019-07-29 17:42:24 +02:00
// Rimozione di un check della checklist
elseif (filter('op') == 'rimuovi-check') {
2019-07-26 16:24:20 +02:00
$check_id = post('check_id');
2019-07-26 18:05:19 +02:00
$check = Check::find($check_id);
2019-07-26 16:24:20 +02:00
2019-07-30 16:50:10 +02:00
if (!empty($check) && $check->user->id == $user->id) {
2019-07-29 13:16:55 +02:00
$check->delete();
2019-07-30 16:50:10 +02:00
} else {
flash()->error(tr('Impossibile eliminare il check!'));
2019-07-29 13:16:55 +02:00
}
2019-07-26 16:24:20 +02:00
}
// Gestione check per le checklist
elseif (filter('op') == 'toggle-check') {
2019-07-26 16:24:20 +02:00
$check_id = post('check_id');
2019-07-26 18:05:19 +02:00
$check = Check::find($check_id);
2019-07-26 16:24:20 +02:00
2019-07-30 16:50:10 +02:00
if (!empty($check) && $check->assignedUsers->pluck('id')->search($user->id) !== false) {
2019-07-30 17:44:15 +02:00
$check->toggleCheck($user);
2019-07-30 16:50:10 +02:00
} else {
flash()->error(tr('Impossibile cambiare lo stato del check!'));
}
}
// Gestione ordine per le checklist
elseif (filter('op') == 'ordina-checks') {
2019-07-30 16:50:10 +02:00
$ids = explode(',', $_POST['order']);
$order = 0;
foreach ($ids as $id) {
$dbo->query('UPDATE `zz_checks` SET `order` = '.prepare($order).' WHERE id = '.prepare($id));
++$order;
2019-07-26 16:24:20 +02:00
}
}
2019-08-26 18:02:05 +02:00
// Inizializzazione email
2019-07-05 12:28:19 +02:00
elseif (post('op') == 'send-email') {
2019-08-29 10:25:14 +02:00
$template = Template::find(post('template'));
2019-08-29 10:25:14 +02:00
$mail = \Modules\Emails\Mail::build($user, $template, $id_record);
2018-02-20 17:57:16 +01:00
// Rimozione allegati predefiniti
2019-08-26 18:02:05 +02:00
$mail->resetPrints();
2018-09-20 14:41:01 +02:00
// Destinatari
2018-09-28 16:43:40 +02:00
$receivers = array_clean(post('destinatari'));
2018-09-20 14:41:01 +02:00
$types = post('tipo_destinatari');
foreach ($receivers as $key => $receiver) {
$mail->addReceiver($receiver, $types[$key]);
}
2018-02-20 17:57:16 +01:00
2018-09-20 14:41:01 +02:00
// Contenuti
2019-08-26 18:02:05 +02:00
$mail->subject = post('subject');
$mail->content = $_POST['body']; // post('body', true);
2019-08-26 18:02:05 +02:00
// Conferma di lettura
$mail->read_notify = post('read_notify');
2018-02-20 17:57:16 +01:00
// Stampe da allegare
$prints = post('prints');
foreach ($prints as $print) {
$mail->addPrint($print);
}
2018-09-20 14:41:01 +02:00
// Allegati originali
2019-08-29 10:25:14 +02:00
$files = post('uploads');
2018-11-23 15:17:52 +01:00
foreach ($files as $file) {
2019-08-29 10:25:14 +02:00
$mail->addUpload($file);
2018-09-20 14:41:01 +02:00
}
2018-02-20 17:57:16 +01:00
2020-03-31 20:34:31 +02:00
// Salvataggio email nella coda di invio
2019-08-26 18:02:05 +02:00
$mail->save();
2019-09-11 18:21:40 +02:00
// Invio mail istantaneo
$email = EmailNotification::build($mail);
$email_success = $email->send();
2020-02-05 14:51:39 +01:00
if ($email_success) {
OperationLog::setInfo('id_email', $mail->id);
flash()->info(tr('Email inviata correttamente!'));
} else {
$mail->delete();
flash()->error(tr('Errore durante l\'invio email! Verifica i parametri dell\'account SMTP utilizzato.'));
}
} elseif (filter('op') == 'aggiorna_colonne') {
include_once base_dir().'/include/colonne.php';
2020-12-22 16:11:48 +01:00
} elseif (filter('op') == 'toggle_colonna') {
$visible = filter('visible');
$id_riga = filter('id_vista');
$dbo->query('UPDATE `zz_views` SET `visible` = '.prepare($visible).' WHERE id = '.prepare($id_riga));
} elseif (filter('op') == 'ordina_colonne') {
$order = explode(',', post('order', true));
foreach ($order as $i => $id_riga) {
$dbo->query('UPDATE `zz_views` SET `order` = '.prepare($i).' WHERE id='.prepare($id_riga));
}
} elseif (filter('op') == 'visualizza_righe_riferimenti') {
include_once base_dir().'/include/riferimenti/riferimenti.php';
} elseif (filter('op') == 'visualizza_righe_documento') {
include_once base_dir().'/include/riferimenti/righe_documento.php';
} elseif (filter('op') == 'salva_riferimento_riga') {
$database->insert('co_riferimenti_righe', [
'source_type' => filter('source_type'),
'source_id' => filter('source_id'),
'target_type' => filter('target_type'),
'target_id' => filter('target_id'),
]);
} elseif (filter('op') == 'rimuovi_riferimento_riga') {
$database->delete('co_riferimenti_righe', [
'id' => filter('idriferimento'),
]);
}
// Inclusione di eventuale plugin personalizzato
2018-09-19 10:44:32 +02:00
if (!empty($structure['script'])) {
2021-04-26 09:53:41 +02:00
$path = $structure->getEditFile();
if (!empty($path)) {
include $path;
}
2018-08-11 15:37:38 +02:00
$database->commitTransaction();
return;
}
// Lettura risultato query del modulo
2018-09-19 10:44:32 +02:00
$init = $structure->filepath('init.php');
2018-07-19 12:47:28 +02:00
if (!empty($init)) {
include_once $init;
}
// Retrocompatibilità
if (!isset($record) && isset($records[0])) {
$record = $records[0];
} elseif (!isset($records[0]) && isset($record)) {
$records = [$record];
2018-07-19 12:47:28 +02:00
} elseif (!isset($record)) {
$record = [];
$records = [$record];
}
2018-07-18 14:50:46 +02:00
// Registrazione del record
HTMLBuilder\HTMLBuilder::setRecord($record);
2018-09-19 10:44:32 +02:00
if ($structure->permission == 'rw') {
// Esecuzione delle operazioni di gruppo
2022-03-18 17:43:50 +01:00
if (!empty(post('id_records'))){
$id_records = post('id_records');
$id_records = is_array($id_records) ? $id_records : explode(';', $id_records);
$id_records = array_clean($id_records);
$id_records = array_unique($id_records);
}
2018-09-19 10:44:32 +02:00
$bulk = $structure->filepath('bulk.php');
2018-07-19 12:47:28 +02:00
$bulk = empty($bulk) ? [] : include $bulk;
$bulk = empty($bulk) ? [] : $bulk;
if (in_array(post('op'), array_keys($bulk))) {
redirect(base_path().'/controller.php?id_module='.$id_module, 'js');
} else {
// Esecuzione delle operazioni del modulo
2020-10-20 10:46:34 +02:00
($include_file = $structure->filepath('actions.php')) ? include $include_file : null;
// Operazioni generiche per i campi personalizzati
if (post('op') != null) {
$custom_where = !empty($id_plugin) ? '`id_plugin` = '.prepare($id_plugin) : '`id_module` = '.prepare($id_module);
$query = 'SELECT `id`, `html_name` AS `name` FROM `zz_fields` WHERE '.$custom_where;
$customs = $dbo->fetchArray($query);
if (!string_starts_with(post('op'), 'delete')) {
$values = [];
foreach ($customs as $custom) {
2018-07-19 15:33:32 +02:00
if (post($custom['name']) !== null) {
$values[$custom['id']] = post($custom['name']);
}
}
// Inserimento iniziale
if (string_starts_with(post('op'), 'add')) {
// Informazioni di log
Filter::set('get', 'id_record', $id_record);
foreach ($values as $key => $value) {
$dbo->insert('zz_field_record', [
'id_record' => $id_record,
'id_field' => $key,
'value' => $value,
]);
}
}
// Aggiornamento
elseif (string_starts_with(post('op'), 'update')) {
$query = 'SELECT `zz_field_record`.`id_field` FROM `zz_field_record` JOIN `zz_fields` ON `zz_fields`.`id` = `zz_field_record`.`id_field` WHERE id_record = '.prepare($id_record).' AND '.$custom_where;
$customs_present = $dbo->fetchArray($query);
$customs_present = array_column($customs_present, 'id_field');
foreach ($values as $key => $value) {
if (in_array($key, $customs_present)) {
$dbo->update('zz_field_record', [
'value' => $value,
], [
'id_record' => $id_record,
'id_field' => $key,
]);
} else {
$dbo->insert('zz_field_record', [
'id_record' => $id_record,
'id_field' => $key,
'value' => $value,
]);
}
}
}
}
// Eliminazione
elseif (!empty($customs)) {
$dbo->query('DELETE FROM `zz_field_record` WHERE `id_record` = '.prepare($id_record).' AND `id_field` IN ('.implode(',', array_column($customs, 'id')).')');
}
}
}
}
$database->commitTransaction();