openstamanager/modules/viste/actions.php

199 lines
6.6 KiB
PHP
Raw Normal View History

<?php
2020-09-07 15:04:06 +02:00
/*
* OpenSTAManager: il software gestionale open source per l'assistenza tecnica e la fatturazione
2021-01-20 15:08:51 +01:00
* Copyright (C) DevCode s.r.l.
2020-09-07 15:04:06 +02:00
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
include_once __DIR__.'/../../core.php';
2019-02-01 17:44:31 +01:00
use Models\Module;
2024-03-12 17:16:07 +01:00
use Models\Clause;
2019-02-01 17:44:31 +01:00
switch (filter('op')) {
case 'update':
2018-07-19 15:33:32 +02:00
$options2 = htmlspecialchars_decode(post('options2'), ENT_QUOTES);
2018-07-19 15:33:32 +02:00
if (check_query($options2)) {
2024-03-05 16:01:45 +01:00
$dbo->query('UPDATE `zz_modules` SET `options2`='.prepare($options2).' WHERE `id`='.prepare($id_record));
2024-03-13 11:38:29 +01:00
$dbo->query('UPDATE `zz_modules_lang` SET `title`='.prepare(post('title')).' WHERE (`id_record`='.prepare($id_record).' AND `id_lang`='.prepare(\App::getLang()).')');
$rs = true;
} else {
$rs = false;
}
if ($rs) {
2018-07-19 17:29:21 +02:00
flash()->info(tr('Salvataggio completato!'));
} else {
2018-07-19 17:29:21 +02:00
flash()->error(tr('Ci sono stati alcuni errori durante il salvataggio!'));
}
break;
case 'fields':
$rs = true;
2018-11-09 07:17:37 +01:00
// Fix per la protezone contro XSS, che interpreta la sequenza "<testo" come un tag HTML
$queries = (array) $_POST['query'];
foreach ($queries as $c => $query) {
if (check_query($query)) {
$array = [
2018-11-09 07:17:37 +01:00
'query' => $query,
2018-07-19 15:33:32 +02:00
'visible' => post('visible')[$c],
'search' => post('search')[$c],
'slow' => post('slow')[$c],
'format' => post('format')[$c],
'html_format' => post('html_format')[$c],
2018-07-19 15:33:32 +02:00
'summable' => post('sum')[$c],
'search_inside' => post('search_inside')[$c],
'order_by' => post('order_by')[$c],
'id_module' => $id_record,
];
2024-03-11 11:21:05 +01:00
$name = post('name')[$c];
2018-11-09 07:17:37 +01:00
if (!empty(post('id')[$c]) && !empty($query)) {
2018-07-19 15:33:32 +02:00
$id = post('id')[$c];
$dbo->update('zz_views', $array, ['id' => $id]);
2024-03-11 11:21:05 +01:00
$dbo->update('zz_views_lang', [
'name' => $name
2024-03-13 11:38:29 +01:00
], ['id_record' => $id, 'id_lang' => \App::getLang()]);
2024-03-11 11:21:05 +01:00
2018-11-09 07:17:37 +01:00
} elseif (!empty($query)) {
2018-10-30 20:03:30 +01:00
$array['order'] = orderValue('zz_views', 'id_module', $id_record);
$dbo->insert('zz_views', $array);
$id = $dbo->lastInsertedID();
}
// Aggiornamento dei permessi relativi
2018-07-19 15:33:32 +02:00
$dbo->sync('zz_group_view', ['id_vista' => $id], ['id_gruppo' => (array) post('gruppi')[$c]]);
} else {
$rs = false;
}
}
if ($rs) {
2018-07-19 17:29:21 +02:00
flash()->info(tr('Salvataggio completato!'));
} else {
2018-07-19 17:29:21 +02:00
flash()->error(tr('Ci sono stati alcuni errori durante il salvataggio!'));
}
break;
case 'filters':
$rs = true;
2018-11-09 07:17:37 +01:00
// Fix per la protezone contro XSS, che interpreta la sequenza "<testo" come un tag HTML
$queries = (array) $_POST['query'];
foreach ($queries as $c => $query) {
$query = $_POST['query'][$c];
2018-11-09 07:17:37 +01:00
if (check_query($query)) {
$array = [
2018-07-19 15:33:32 +02:00
'idgruppo' => post('gruppo')[$c],
'idmodule' => $id_record,
2018-11-09 07:17:37 +01:00
'clause' => $query,
2018-07-19 15:33:32 +02:00
'position' => !empty(post('position')[$c]) ? 'HVN' : 'WHR',
];
2018-11-09 07:17:37 +01:00
if (!empty(post('id')[$c]) && !empty($query)) {
2018-07-19 15:33:32 +02:00
$id = post('id')[$c];
2024-03-12 17:16:07 +01:00
$clause = Clause::find($id);
$clause->idgruppo = post('gruppo')[$c];
$clause->idmodulo = $id_record;
$clause->clause = $query;
$clause->position = !empty(post('position')[$c]) ? 'HVN' : 'WHR';
$clause->name = post('name')[$c];
$clause->save();
2018-11-09 07:17:37 +01:00
} elseif (!empty($query)) {
2024-03-12 17:16:07 +01:00
$clause = Clause::build();
$id_record = $dbo->lastInsertedID();
$clause->idgruppo = post('gruppo')[$c];
$clause->idmodulo = $id_record;
$clause->clause = $query;
$clause->position = !empty(post('position')[$c]) ? 'HVN' : 'WHR';
$clause->name = post('name')[$c];
$clause->save();
}
} else {
$rs = false;
}
}
if ($rs) {
2018-07-19 17:29:21 +02:00
flash()->info(tr('Salvataggio completato!'));
} else {
2018-07-19 17:29:21 +02:00
flash()->error(tr('Ci sono stati alcuni errori durante il salvataggio!'));
}
break;
case 'change':
$id = filter('id');
2024-03-12 17:16:07 +01:00
$clause = Clause::find($id);
$clause->enabled = !empty($clause->enabled) ? 0 : 1;
$clause->save();
2018-07-19 17:29:21 +02:00
flash()->info(tr('Salvataggio completato!'));
break;
case 'test':
2019-02-01 17:44:31 +01:00
$module_query = Util\Query::getQuery(Module::find($id_record));
$dbo->fetchArray($module_query.' LIMIT 1');
break;
case 'delete':
$id = filter('id');
$dbo->query('DELETE FROM `zz_views` WHERE `id`='.prepare($id));
$dbo->query('DELETE FROM `zz_group_view` WHERE `id_vista`='.prepare($id));
2018-07-19 17:29:21 +02:00
flash()->info(tr('Eliminazione completata!'));
break;
case 'delete_filter':
$id = filter('id');
$dbo->query('DELETE FROM `zz_group_module` WHERE `id`='.prepare($id));
2018-07-19 17:29:21 +02:00
flash()->info(tr('Eliminazione completata!'));
break;
case 'update_position':
2020-08-06 11:34:32 +02:00
$order = explode(',', post('order', true));
2018-11-30 16:10:15 +01:00
2020-08-06 11:34:32 +02:00
foreach ($order as $i => $id_riga) {
2024-03-11 11:21:05 +01:00
$dbo->query('UPDATE `zz_views` SET `order` = '.prepare($i).' WHERE `id`='.prepare($id_riga));
}
2018-11-30 16:10:15 +01:00
break;
case 'update_visible':
$visible = filter('visible');
$id_riga = filter('id_vista');
2024-03-11 11:21:05 +01:00
$dbo->query('UPDATE `zz_views` SET `visible` = '.prepare($visible).' WHERE `id` = '.prepare($id_riga));
break;
}