Modifica gestione permessi di accesso al record
This commit is contained in:
Dasc3er
Thomas Zilio
parent
d35654b73c
commit
86e9e92c8c
1
ajax.php
1
ajax.php
|
|
@ -79,6 +79,7 @@ switch (filter('op')) {
|
|||
case 'active_users':
|
||||
$posizione = get('id_module');
|
||||
if (isset($id_record)) {
|
||||
$has_access = \Util\Query::checkAccess($id_record);
|
||||
$posizione .= ', '.get('id_record');
|
||||
}
|
||||
|
||||
|
|
|
|||
36
editor.php
36
editor.php
|
|
@ -32,40 +32,10 @@ if (empty($id_record) && !empty($id_module) && empty($id_plugin)) {
|
|||
|
||||
include_once App::filepath('include|custom|', 'top.php');
|
||||
|
||||
if (!empty($id_record)) {
|
||||
Util\Query::setSegments(false);
|
||||
$query = Util\Query::getQuery($structure, [
|
||||
'id' => $id_record,
|
||||
]);
|
||||
Util\Query::setSegments(true);
|
||||
}
|
||||
// Rimozione della condizione deleted_at IS NULL per visualizzare anche i record eliminati
|
||||
if (preg_match('/[`]*([a-z0-9_]*)[`]*[\.]*([`]*deleted_at[`]* IS NULL)/i', $query, $m)) {
|
||||
$conditions_to_remove = [];
|
||||
// Inclusione gli elementi fondamentali
|
||||
include_once base_dir().'/actions.php';
|
||||
|
||||
$condition = trim($m[0]);
|
||||
|
||||
if (!empty($table_name)) {
|
||||
$condition = $table_name.'.'.$condition;
|
||||
}
|
||||
|
||||
$conditions_to_remove[] = ' AND '.$condition;
|
||||
$conditions_to_remove[] = $condition.' AND ';
|
||||
|
||||
$query = str_replace($conditions_to_remove, '', $query);
|
||||
$query = str_replace($condition, '', $query);
|
||||
}
|
||||
|
||||
$query = null;
|
||||
|
||||
$has_access = !empty($query) ? $dbo->fetchNum($query) !== 0 : true;
|
||||
|
||||
if ($has_access) {
|
||||
// Inclusione gli elementi fondamentali
|
||||
include_once base_dir().'/actions.php';
|
||||
}
|
||||
|
||||
if (empty($record) || !$has_access) {
|
||||
if (empty($record) || (isset($has_access) && !$has_access)) {
|
||||
echo '
|
||||
<div class="text-center">
|
||||
<h3 class="text-muted">'.
|
||||
|
|
|
|||
|
|
@ -27,6 +27,7 @@ foreach ($rs as $riga) {
|
|||
}
|
||||
|
||||
if (isset($id_record)) {
|
||||
$has_access = \Util\Query::checkAccess($id_record);
|
||||
$anagrafica = Anagrafica::withTrashed()->find($id_record);
|
||||
|
||||
$record = $dbo->fetchOne('SELECT *,
|
||||
|
|
|
|||
|
|
@ -22,6 +22,7 @@ include_once __DIR__.'/../../core.php';
|
|||
use Modules\Articoli\Articolo;
|
||||
|
||||
if (isset($id_record)) {
|
||||
$has_access = \Util\Query::checkAccess($id_record);
|
||||
$articolo = Articolo::withTrashed()->find($id_record);
|
||||
$articolo->nome_variante;
|
||||
|
||||
|
|
|
|||
|
|
@ -22,6 +22,7 @@ use Modules\Banche\Banca;
|
|||
include_once __DIR__.'/../../core.php';
|
||||
|
||||
if (isset($id_record)) {
|
||||
$has_access = \Util\Query::checkAccess($id_record);
|
||||
$banca = Banca::find($id_record);
|
||||
|
||||
if (!empty($banca)) {
|
||||
|
|
|
|||
|
|
@ -20,5 +20,6 @@
|
|||
include_once __DIR__.'/../../core.php';
|
||||
|
||||
if (isset($id_record)) {
|
||||
$has_access = \Util\Query::checkAccess($id_record);
|
||||
$record = $dbo->fetchOne('SELECT * FROM `dt_aspettobeni` WHERE id='.prepare($id_record));
|
||||
}
|
||||
|
|
|
|||
|
|
@ -22,6 +22,7 @@ include_once __DIR__.'/../../core.php';
|
|||
$id_original = filter('id_original');
|
||||
|
||||
if (isset($id_record)) {
|
||||
$has_access = \Util\Query::checkAccess($id_record);
|
||||
include __DIR__.'/init.php';
|
||||
}
|
||||
|
||||
|
|
@ -30,6 +31,7 @@ if (isset($id_original)) {
|
|||
echo base_path().'/controller.php?id_module='.$id_module;
|
||||
|
||||
if (isset($id_record)) {
|
||||
$has_access = \Util\Query::checkAccess($id_record);
|
||||
echo '&id_record='.$id_record;
|
||||
}
|
||||
}
|
||||
|
|
@ -59,6 +61,7 @@ if (isset($id_original)) {
|
|||
<div class="col-md-12 text-right">
|
||||
<?php
|
||||
if (isset($id_record)) {
|
||||
$has_access = \Util\Query::checkAccess($id_record);
|
||||
?>
|
||||
<button type="submit" class="btn btn-success"><i class="fa fa-save"></i> <?php echo tr('Salva'); ?></button>
|
||||
<?php
|
||||
|
|
|
|||
|
|
@ -20,5 +20,6 @@
|
|||
include_once __DIR__.'/../../core.php';
|
||||
|
||||
if (isset($id_record)) {
|
||||
$has_access = \Util\Query::checkAccess($id_record);
|
||||
$record = $dbo->fetchOne('SELECT * FROM `mg_categorie` WHERE id='.prepare($id_record));
|
||||
}
|
||||
|
|
|
|||
|
|
@ -22,6 +22,7 @@ include_once __DIR__.'/../../core.php';
|
|||
use Modules\CategorieDocumentali\Categoria;
|
||||
|
||||
if (isset($id_record)) {
|
||||
$has_access = \Util\Query::checkAccess($id_record);
|
||||
$categoria = Categoria::find($id_record);
|
||||
|
||||
$record = $dbo->fetchOne("SELECT *,
|
||||
|
|
|
|||
|
|
@ -22,6 +22,7 @@ include_once __DIR__.'/../../core.php';
|
|||
$id_original = filter('id_original');
|
||||
|
||||
if (isset($id_record)) {
|
||||
$has_access = \Util\Query::checkAccess($id_record);
|
||||
include __DIR__.'/init.php';
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -20,5 +20,6 @@
|
|||
include_once __DIR__.'/../../core.php';
|
||||
|
||||
if (isset($id_record)) {
|
||||
$has_access = \Util\Query::checkAccess($id_record);
|
||||
$record = $dbo->fetchOne('SELECT * FROM `my_impianti_categorie` WHERE id='.prepare($id_record));
|
||||
}
|
||||
|
|
|
|||
|
|
@ -20,5 +20,6 @@
|
|||
include_once __DIR__.'/../../core.php';
|
||||
|
||||
if (isset($id_record)) {
|
||||
$has_access = \Util\Query::checkAccess($id_record);
|
||||
$record = $dbo->fetchOne('SELECT * FROM `dt_causalet` WHERE id='.prepare($id_record));
|
||||
}
|
||||
|
|
|
|||
|
|
@ -22,6 +22,7 @@ include_once __DIR__.'/../../core.php';
|
|||
switch (filter('op')) {
|
||||
case 'update':
|
||||
if (isset($id_record)) {
|
||||
$has_access = \Util\Query::checkAccess($id_record);
|
||||
$database->update('mg_causali_movimenti', [
|
||||
'nome' => post('nome'),
|
||||
'tipo_movimento' => post('tipo_movimento'),
|
||||
|
|
@ -47,6 +48,7 @@ switch (filter('op')) {
|
|||
|
||||
case 'delete':
|
||||
if (isset($id_record)) {
|
||||
$has_access = \Util\Query::checkAccess($id_record);
|
||||
$dbo->query('DELETE FROM `mg_causali_movimenti` WHERE `id`='.prepare($id_record));
|
||||
|
||||
flash()->info(tr('Tipologia di _TYPE_ eliminata con successo!', [
|
||||
|
|
|
|||
|
|
@ -20,5 +20,6 @@
|
|||
include_once __DIR__.'/../../core.php';
|
||||
|
||||
if (isset($id_record)) {
|
||||
$has_access = \Util\Query::checkAccess($id_record);
|
||||
$record = $dbo->fetchOne('SELECT * FROM `mg_causali_movimenti` WHERE id='.prepare($id_record));
|
||||
}
|
||||
|
|
|
|||
|
|
@ -22,5 +22,6 @@ include_once __DIR__.'/../../core.php';
|
|||
use Modules\Checklists\Checklist;
|
||||
|
||||
if (isset($id_record)) {
|
||||
$has_access = \Util\Query::checkAccess($id_record);
|
||||
$record = Checklist::find($id_record);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -22,6 +22,7 @@ include_once __DIR__.'/../../core.php';
|
|||
use Modules\Contratti\Contratto;
|
||||
|
||||
if (isset($id_record)) {
|
||||
$has_access = \Util\Query::checkAccess($id_record);
|
||||
$contratto = Contratto::find($id_record);
|
||||
|
||||
$record = $dbo->fetchOne('SELECT *,
|
||||
|
|
|
|||
|
|
@ -20,6 +20,7 @@
|
|||
include_once __DIR__.'/../../core.php';
|
||||
|
||||
if (isset($id_record)) {
|
||||
$has_access = \Util\Query::checkAccess($id_record);
|
||||
$records = $dbo->fetchArray('SELECT * FROM zz_fields WHERE id='.prepare($id_record));
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -62,6 +62,7 @@ switch (filter('op')) {
|
|||
|
||||
case 'update':
|
||||
if (isset($id_record)) {
|
||||
$has_access = \Util\Query::checkAccess($id_record);
|
||||
$idstatoddt = post('idstatoddt');
|
||||
$idpagamento = post('idpagamento');
|
||||
$numero_esterno = post('numero_esterno');
|
||||
|
|
|
|||
|
|
@ -31,6 +31,7 @@ if ($module['name'] == 'Ddt di vendita') {
|
|||
}
|
||||
|
||||
if (isset($id_record)) {
|
||||
$has_access = \Util\Query::checkAccess($id_record);
|
||||
$ddt = DDT::with('tipo', 'stato')->find($id_record);
|
||||
|
||||
$record = $dbo->fetchOne('SELECT dt_ddt.*,
|
||||
|
|
|
|||
|
|
@ -22,6 +22,7 @@ use Modules\Newsletter\Newsletter;
|
|||
include_once __DIR__.'/../../core.php';
|
||||
|
||||
if (isset($id_record)) {
|
||||
$has_access = \Util\Query::checkAccess($id_record);
|
||||
$record = $dbo->fetchOne('SELECT * FROM em_templates WHERE id='.prepare($id_record).' AND deleted_at IS NULL');
|
||||
|
||||
//Controllo se ci sono newletter collegate a questo template
|
||||
|
|
|
|||
|
|
@ -28,6 +28,7 @@ if ($module['name'] == 'Fatture di vendita') {
|
|||
}
|
||||
|
||||
if (isset($id_record)) {
|
||||
$has_access = \Util\Query::checkAccess($id_record);
|
||||
$fattura = Fattura::with('tipo', 'stato')->find($id_record);
|
||||
$dir = $fattura->direzione;
|
||||
|
||||
|
|
|
|||
|
|
@ -20,5 +20,6 @@
|
|||
include_once __DIR__.'/../../core.php';
|
||||
|
||||
if (isset($id_record)) {
|
||||
$has_access = \Util\Query::checkAccess($id_record);
|
||||
$record = $dbo->fetchOne('SELECT *, do_documenti.`id`as id, do_documenti.nome AS nome, do_documenti.`data` AS `data` FROM do_documenti WHERE do_documenti.id = '.prepare($id_record));
|
||||
}
|
||||
|
|
|
|||
|
|
@ -20,6 +20,7 @@
|
|||
include_once __DIR__.'/../../core.php';
|
||||
|
||||
if (isset($id_record)) {
|
||||
$has_access = \Util\Query::checkAccess($id_record);
|
||||
$id_module = Modules::get('Articoli')['id'];
|
||||
redirect(base_path().'/editor.php?id_module='.$id_module.'&id_record='.$id_record);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -20,5 +20,6 @@
|
|||
include_once __DIR__.'/../../core.php';
|
||||
|
||||
if (isset($id_record)) {
|
||||
$has_access = \Util\Query::checkAccess($id_record);
|
||||
$record = $dbo->fetchOne('SELECT *, (SELECT ragione_sociale FROM an_anagrafiche WHERE idanagrafica=my_impianti.idanagrafica) AS cliente FROM my_impianti WHERE id='.prepare($id_record));
|
||||
}
|
||||
|
|
|
|||
|
|
@ -22,6 +22,7 @@ include_once __DIR__.'/../../core.php';
|
|||
use Modules\Interventi\Intervento;
|
||||
|
||||
if (isset($id_record)) {
|
||||
$has_access = \Util\Query::checkAccess($id_record);
|
||||
$intervento = Intervento::find($id_record);
|
||||
|
||||
$record = $dbo->fetchOne('SELECT *,
|
||||
|
|
|
|||
|
|
@ -91,6 +91,7 @@ switch (filter('op')) {
|
|||
|
||||
case 'delete':
|
||||
if (isset($id_record)) {
|
||||
$has_access = \Util\Query::checkAccess($id_record);
|
||||
$dbo->query('UPDATE `co_iva` SET deleted_at = NOW() WHERE `id`='.prepare($id_record));
|
||||
|
||||
flash()->info(tr('Tipologia di _TYPE_ eliminata con successo', [
|
||||
|
|
|
|||
|
|
@ -20,5 +20,6 @@
|
|||
include_once __DIR__.'/../../core.php';
|
||||
|
||||
if (isset($id_record)) {
|
||||
$has_access = \Util\Query::checkAccess($id_record);
|
||||
$record = $dbo->fetchOne('SELECT * FROM `co_iva` WHERE id='.prepare($id_record));
|
||||
}
|
||||
|
|
|
|||
|
|
@ -22,6 +22,7 @@ use Modules\ListeNewsletter\Lista;
|
|||
include_once __DIR__.'/../../core.php';
|
||||
|
||||
if (isset($id_record)) {
|
||||
$has_access = \Util\Query::checkAccess($id_record);
|
||||
$lista = Lista::find($id_record);
|
||||
|
||||
$record = $lista->toArray();
|
||||
|
|
|
|||
|
|
@ -20,5 +20,6 @@
|
|||
include_once __DIR__.'/../../core.php';
|
||||
|
||||
if (isset($id_record)) {
|
||||
$has_access = \Util\Query::checkAccess($id_record);
|
||||
$record = $dbo->fetchOne('SELECT * FROM `mg_unitamisura` WHERE id='.prepare($id_record));
|
||||
}
|
||||
|
|
|
|||
|
|
@ -18,5 +18,6 @@
|
|||
*/
|
||||
|
||||
if (isset($id_record)) {
|
||||
$has_access = \Util\Query::checkAccess($id_record);
|
||||
$record = $dbo->fetchOne('SELECT * FROM co_movimenti_modelli WHERE idmastrino='.prepare($id_record));
|
||||
}
|
||||
|
|
|
|||
|
|
@ -23,6 +23,7 @@ use Modules\Newsletter\Newsletter;
|
|||
include_once __DIR__.'/../../core.php';
|
||||
|
||||
if (isset($id_record)) {
|
||||
$has_access = \Util\Query::checkAccess($id_record);
|
||||
$newsletter = Newsletter::find($id_record);
|
||||
|
||||
$record = $newsletter->toArray();
|
||||
|
|
|
|||
|
|
@ -57,6 +57,7 @@ switch (post('op')) {
|
|||
|
||||
case 'update':
|
||||
if (isset($id_record)) {
|
||||
$has_access = \Util\Query::checkAccess($id_record);
|
||||
$idstatoordine = post('idstatoordine');
|
||||
$idpagamento = post('idpagamento');
|
||||
$idsede = post('idsede');
|
||||
|
|
|
|||
|
|
@ -22,6 +22,7 @@ use Modules\Ordini\Ordine;
|
|||
include_once __DIR__.'/../../core.php';
|
||||
|
||||
if (isset($id_record)) {
|
||||
$has_access = \Util\Query::checkAccess($id_record);
|
||||
$ordine = Ordine::with('tipo', 'stato')->find($id_record);
|
||||
|
||||
$record = $dbo->fetchOne('SELECT *,
|
||||
|
|
|
|||
|
|
@ -20,5 +20,6 @@
|
|||
include_once __DIR__.'/../../core.php';
|
||||
|
||||
if (isset($id_record)) {
|
||||
$has_access = \Util\Query::checkAccess($id_record);
|
||||
$record = $dbo->fetchOne('SELECT * FROM `co_pagamenti` WHERE id='.prepare($id_record));
|
||||
}
|
||||
|
|
|
|||
|
|
@ -22,6 +22,7 @@ include_once __DIR__.'/../../core.php';
|
|||
use Modules\PianiSconto\PianoSconto;
|
||||
|
||||
if (isset($id_record)) {
|
||||
$has_access = \Util\Query::checkAccess($id_record);
|
||||
$record = $dbo->fetchOne('SELECT * FROM mg_listini WHERE id='.prepare($id_record));
|
||||
|
||||
$listino = PianoSconto::find($id_record);
|
||||
|
|
|
|||
|
|
@ -20,5 +20,6 @@
|
|||
include_once __DIR__.'/../../core.php';
|
||||
|
||||
if (isset($id_record)) {
|
||||
$has_access = \Util\Query::checkAccess($id_record);
|
||||
$record = $dbo->fetchOne('SELECT * FROM `dt_porto` WHERE id='.prepare($id_record));
|
||||
}
|
||||
|
|
|
|||
|
|
@ -52,6 +52,7 @@ switch (post('op')) {
|
|||
|
||||
case 'update':
|
||||
if (isset($id_record)) {
|
||||
$has_access = \Util\Query::checkAccess($id_record);
|
||||
$preventivo->idstato = post('idstato');
|
||||
$preventivo->nome = post('nome');
|
||||
$preventivo->idanagrafica = post('idanagrafica');
|
||||
|
|
|
|||
|
|
@ -20,6 +20,7 @@
|
|||
include_once __DIR__.'/../../core.php';
|
||||
|
||||
if (isset($id_record)) {
|
||||
$has_access = \Util\Query::checkAccess($id_record);
|
||||
$preventivo = Modules\Preventivi\Preventivo::with('stato')->find($id_record);
|
||||
|
||||
$record = $dbo->fetchOne('SELECT co_preventivi.*,
|
||||
|
|
|
|||
|
|
@ -22,6 +22,7 @@ include_once __DIR__.'/../../core.php';
|
|||
use Modules\PrimaNota\Mastrino;
|
||||
|
||||
if (isset($id_record)) {
|
||||
$has_access = \Util\Query::checkAccess($id_record);
|
||||
$mastrino = Mastrino::find($id_record);
|
||||
|
||||
$record = $dbo->fetchOne('SELECT * FROM co_movimenti WHERE idmastrino = '.prepare($id_record));
|
||||
|
|
|
|||
|
|
@ -20,5 +20,6 @@
|
|||
include_once __DIR__.'/../../core.php';
|
||||
|
||||
if (isset($id_record)) {
|
||||
$has_access = \Util\Query::checkAccess($id_record);
|
||||
$record = $dbo->fetchOne('SELECT * FROM `an_relazioni` WHERE id='.prepare($id_record));
|
||||
}
|
||||
|
|
|
|||
|
|
@ -66,6 +66,7 @@ switch (filter('op')) {
|
|||
|
||||
case 'delete':
|
||||
if (isset($id_record)) {
|
||||
$has_access = \Util\Query::checkAccess($id_record);
|
||||
$dbo->query('DELETE FROM `co_ritenutaacconto` WHERE `id`='.prepare($id_record));
|
||||
|
||||
flash()->info(tr('Tipologia di _TYPE_ eliminata con successo!', [
|
||||
|
|
|
|||
|
|
@ -20,5 +20,6 @@
|
|||
include_once __DIR__.'/../../core.php';
|
||||
|
||||
if (isset($id_record)) {
|
||||
$has_access = \Util\Query::checkAccess($id_record);
|
||||
$record = $dbo->fetchOne('SELECT *, (SELECT COUNT(idritenutaacconto) FROM co_righe_documenti WHERE co_righe_documenti.idritenutaacconto = '.prepare($id_record).') AS doc_associati FROM `co_ritenutaacconto` WHERE id='.prepare($id_record));
|
||||
}
|
||||
|
|
|
|||
|
|
@ -66,6 +66,7 @@ switch (filter('op')) {
|
|||
|
||||
case 'delete':
|
||||
if (isset($id_record)) {
|
||||
$has_access = \Util\Query::checkAccess($id_record);
|
||||
$dbo->query('DELETE FROM `co_ritenuta_contributi` WHERE `id`='.prepare($id_record));
|
||||
|
||||
flash()->info(tr('Tipologia di _TYPE_ eliminata con successo!', [
|
||||
|
|
|
|||
|
|
@ -20,5 +20,6 @@
|
|||
include_once __DIR__.'/../../core.php';
|
||||
|
||||
if (isset($id_record)) {
|
||||
$has_access = \Util\Query::checkAccess($id_record);
|
||||
$record = $dbo->fetchOne('SELECT *, (SELECT COUNT(id_ritenuta_contributi) FROM co_documenti WHERE co_documenti.id_ritenuta_contributi = '.prepare($id_record).') AS doc_associati FROM `co_ritenuta_contributi` WHERE id='.prepare($id_record));
|
||||
}
|
||||
|
|
|
|||
|
|
@ -66,6 +66,7 @@ switch (filter('op')) {
|
|||
|
||||
case 'delete':
|
||||
if (isset($id_record)) {
|
||||
$has_access = \Util\Query::checkAccess($id_record);
|
||||
$dbo->query('DELETE FROM `co_rivalse` WHERE `id`='.prepare($id_record));
|
||||
|
||||
flash()->info(tr('Tipologia di _TYPE_ eliminata con successo!', [
|
||||
|
|
|
|||
|
|
@ -20,5 +20,6 @@
|
|||
include_once __DIR__.'/../../core.php';
|
||||
|
||||
if (isset($id_record)) {
|
||||
$has_access = \Util\Query::checkAccess($id_record);
|
||||
$record = $dbo->fetchOne('SELECT * FROM `co_rivalse` WHERE id='.prepare($id_record));
|
||||
}
|
||||
|
|
|
|||
|
|
@ -20,6 +20,7 @@
|
|||
include_once __DIR__.'/../../core.php';
|
||||
|
||||
if (isset($id_record)) {
|
||||
$has_access = \Util\Query::checkAccess($id_record);
|
||||
$record = $dbo->fetchOne('SELECT *, (SELECT options FROM zz_modules WHERE id = zz_segments.id_module) options, (SELECT name FROM zz_modules WHERE id = zz_segments.id_module) AS modulo, (SELECT COUNT(t.id) FROM zz_segments t WHERE t.id_module = zz_segments.id_module) AS n_sezionali FROM zz_segments WHERE id='.prepare($id_record));
|
||||
|
||||
$array = preg_match('/(?<=FROM)\s([^\s]+)\s/', $record['options'], $table);
|
||||
|
|
|
|||
|
|
@ -22,6 +22,7 @@ use Modules\Emails\Account;
|
|||
include_once __DIR__.'/../../core.php';
|
||||
|
||||
if (isset($id_record)) {
|
||||
$has_access = \Util\Query::checkAccess($id_record);
|
||||
$account = Account::find($id_record);
|
||||
|
||||
$record = $dbo->fetchOne('SELECT * FROM em_accounts WHERE id='.prepare($id_record).' AND deleted_at IS NULL');
|
||||
|
|
|
|||
|
|
@ -20,5 +20,6 @@
|
|||
include_once __DIR__.'/../../core.php';
|
||||
|
||||
if (isset($id_record)) {
|
||||
$has_access = \Util\Query::checkAccess($id_record);
|
||||
$record = $dbo->fetchOne('SELECT * FROM `dt_spedizione` WHERE id='.prepare($id_record));
|
||||
}
|
||||
|
|
|
|||
|
|
@ -22,6 +22,7 @@ include_once __DIR__.'/../../core.php';
|
|||
use Models\PrintTemplate;
|
||||
|
||||
if (isset($id_record)) {
|
||||
$has_access = \Util\Query::checkAccess($id_record);
|
||||
$print = PrintTemplate::find($id_record);
|
||||
$record = $print->toArray();
|
||||
}
|
||||
|
|
|
|||
|
|
@ -20,5 +20,6 @@
|
|||
include_once __DIR__.'/../../core.php';
|
||||
|
||||
if (isset($id_record)) {
|
||||
$has_access = \Util\Query::checkAccess($id_record);
|
||||
$record = $dbo->fetchOne('SELECT * FROM co_staticontratti WHERE id='.prepare($id_record));
|
||||
}
|
||||
|
|
|
|||
|
|
@ -20,5 +20,6 @@
|
|||
include_once __DIR__.'/../../core.php';
|
||||
|
||||
if (isset($id_record)) {
|
||||
$has_access = \Util\Query::checkAccess($id_record);
|
||||
$record = $dbo->fetchOne('SELECT * FROM in_statiintervento WHERE idstatointervento='.prepare($id_record));
|
||||
}
|
||||
|
|
|
|||
|
|
@ -20,5 +20,6 @@
|
|||
include_once __DIR__.'/../../core.php';
|
||||
|
||||
if (isset($id_record)) {
|
||||
$has_access = \Util\Query::checkAccess($id_record);
|
||||
$record = $dbo->fetchOne('SELECT * FROM co_statipreventivi WHERE id='.prepare($id_record));
|
||||
}
|
||||
|
|
|
|||
|
|
@ -26,6 +26,7 @@ switch (post('op')) {
|
|||
$i = 0;
|
||||
foreach ($id_records as $id_record) {
|
||||
if (isset($id_record)) {
|
||||
$has_access = \Util\Query::checkAccess($id_record);
|
||||
$mail = Mail::find($id_record);
|
||||
if (empty($mail->sent_at)) {
|
||||
$mail->delete();
|
||||
|
|
|
|||
|
|
@ -22,6 +22,7 @@ include_once __DIR__.'/../../core.php';
|
|||
use Modules\Emails\Mail;
|
||||
|
||||
if (isset($id_record)) {
|
||||
$has_access = \Util\Query::checkAccess($id_record);
|
||||
$mail = Mail::find($id_record);
|
||||
|
||||
$record = $mail->toArray();
|
||||
|
|
|
|||
|
|
@ -20,6 +20,7 @@
|
|||
include_once __DIR__.'/../../core.php';
|
||||
|
||||
if (isset($id_record)) {
|
||||
$has_access = \Util\Query::checkAccess($id_record);
|
||||
$record = $dbo->fetchOne('SELECT idanagrafica, ragione_sociale, colore FROM an_anagrafiche WHERE idanagrafica = '.prepare($id_record));
|
||||
|
||||
$tipi_interventi = $dbo->fetchArray('SELECT *, in_tipiintervento.idtipointervento AS id, in_tariffe.idtipointervento AS esiste FROM in_tipiintervento LEFT JOIN in_tariffe ON in_tipiintervento.idtipointervento = in_tariffe.idtipointervento AND in_tariffe.idtecnico = '.prepare($id_record).' ORDER BY descrizione');
|
||||
|
|
|
|||
|
|
@ -20,5 +20,6 @@
|
|||
include_once __DIR__.'/../../core.php';
|
||||
|
||||
if (isset($id_record)) {
|
||||
$has_access = \Util\Query::checkAccess($id_record);
|
||||
$record = $dbo->fetchOne('SELECT * FROM an_tipianagrafiche WHERE idtipoanagrafica='.prepare($id_record));
|
||||
}
|
||||
|
|
|
|||
|
|
@ -20,5 +20,6 @@
|
|||
include_once __DIR__.'/../../core.php';
|
||||
|
||||
if (isset($id_record)) {
|
||||
$has_access = \Util\Query::checkAccess($id_record);
|
||||
$record = $dbo->fetchOne('SELECT * FROM `co_tipidocumento` WHERE id='.prepare($id_record));
|
||||
}
|
||||
|
|
|
|||
|
|
@ -21,6 +21,7 @@ include_once __DIR__.'/../../core.php';
|
|||
use Modules\TipiIntervento\Tipo;
|
||||
|
||||
if (isset($id_record)) {
|
||||
$has_access = \Util\Query::checkAccess($id_record);
|
||||
$record = $dbo->fetchOne('SELECT * FROM in_tipiintervento WHERE idtipointervento='.prepare($id_record));
|
||||
|
||||
$tipo = Tipo::find($id_record);
|
||||
|
|
|
|||
|
|
@ -20,5 +20,6 @@
|
|||
include_once __DIR__.'/../../core.php';
|
||||
|
||||
if (isset($id_record)) {
|
||||
$has_access = \Util\Query::checkAccess($id_record);
|
||||
$record = $dbo->fetchOne('SELECT * FROM `co_tipi_scadenze` WHERE id='.prepare($id_record));
|
||||
}
|
||||
|
|
|
|||
|
|
@ -20,5 +20,6 @@
|
|||
include_once __DIR__.'/../../core.php';
|
||||
|
||||
if (isset($id_record)) {
|
||||
$has_access = \Util\Query::checkAccess($id_record);
|
||||
$record = $dbo->fetchOne('SELECT * FROM `zz_groups` WHERE `id`='.prepare($id_record));
|
||||
}
|
||||
|
|
|
|||
|
|
@ -20,5 +20,6 @@
|
|||
include_once __DIR__.'/../../core.php';
|
||||
|
||||
if (isset($id_record)) {
|
||||
$has_access = \Util\Query::checkAccess($id_record);
|
||||
$record = $dbo->fetchOne('SELECT * FROM `zz_modules` WHERE id='.prepare($id_record));
|
||||
}
|
||||
|
|
|
|||
|
|
@ -20,5 +20,6 @@
|
|||
include_once __DIR__.'/../../core.php';
|
||||
|
||||
if (isset($id_record)) {
|
||||
$has_access = \Util\Query::checkAccess($id_record);
|
||||
$record = $dbo->fetchOne('SELECT * FROM in_vociservizio WHERE id='.prepare($id_record));
|
||||
}
|
||||
|
|
|
|||
|
|
@ -20,5 +20,6 @@
|
|||
include_once __DIR__.'/../../core.php';
|
||||
|
||||
if (isset($id_record)) {
|
||||
$has_access = \Util\Query::checkAccess($id_record);
|
||||
$record = $dbo->fetchOne('SELECT * FROM an_zone WHERE id='.prepare($id_record));
|
||||
}
|
||||
|
|
|
|||
|
|
@ -22,6 +22,7 @@ use Plugins\DichiarazioniIntento\Dichiarazione;
|
|||
include_once __DIR__.'/../../core.php';
|
||||
|
||||
if (isset($id_record)) {
|
||||
$has_access = \Util\Query::checkAccess($id_record);
|
||||
$dichiarazione = Dichiarazione::find($id_record);
|
||||
|
||||
$record = $dichiarazione ? $dichiarazione->toArray() : [];
|
||||
|
|
|
|||
|
|
@ -23,6 +23,7 @@ use Plugins\ImportFE\FatturaElettronica;
|
|||
use Plugins\ImportFE\Interaction;
|
||||
|
||||
if (isset($id_record)) {
|
||||
$has_access = \Util\Query::checkAccess($id_record);
|
||||
$files = Interaction::getFileList();
|
||||
$record = $files[$id_record - 1];
|
||||
|
||||
|
|
|
|||
|
|
@ -22,5 +22,6 @@ include_once __DIR__.'/../../core.php';
|
|||
use Plugins\PianificazioneInterventi\Promemoria;
|
||||
|
||||
if (isset($id_record)) {
|
||||
$has_access = \Util\Query::checkAccess($id_record);
|
||||
$promemoria = Promemoria::find($id_record);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -20,5 +20,6 @@
|
|||
include_once __DIR__.'/../../core.php';
|
||||
|
||||
if (isset($id_record)) {
|
||||
$has_access = \Util\Query::checkAccess($id_record);
|
||||
$record = $dbo->fetchOne('SELECT * FROM an_referenti WHERE id='.prepare($id_record));
|
||||
}
|
||||
|
|
|
|||
|
|
@ -21,6 +21,7 @@ include_once __DIR__.'/../../core.php';
|
|||
|
||||
// id_record = sede
|
||||
if (isset($id_record)) {
|
||||
$has_access = \Util\Query::checkAccess($id_record);
|
||||
$record = $dbo->fetchOne('SELECT * FROM an_sedi WHERE id='.prepare($id_record));
|
||||
$record['lat'] = floatval($record['lat']);
|
||||
$record['lng'] = floatval($record['lng']);
|
||||
|
|
|
|||
|
|
@ -323,6 +323,40 @@ class Query
|
|||
return $results;
|
||||
}
|
||||
|
||||
/**
|
||||
* Controlla se l'utente ha accesso a un record specifico seguendo la query principale del modulo.
|
||||
*
|
||||
* @return bool
|
||||
* @throws \Exception
|
||||
*/
|
||||
public static function checkAccess($id_record){
|
||||
|
||||
self::setSegments(false);
|
||||
$query = self::getQuery(Modules::getCurrent(), [
|
||||
'id' => $id_record,
|
||||
]);
|
||||
self::setSegments(true);
|
||||
|
||||
// Rimozione della condizione deleted_at IS NULL per visualizzare anche i record eliminati
|
||||
if (preg_match('/[`]*([a-z0-9_]*)[`]*[\.]*([`]*deleted_at[`]* IS NULL)/i', $query, $m)) {
|
||||
$conditions_to_remove = [];
|
||||
|
||||
$condition = trim($m[0]);
|
||||
|
||||
if (!empty($table_name)) {
|
||||
$condition = $table_name.'.'.$condition;
|
||||
}
|
||||
|
||||
$conditions_to_remove[] = ' AND '.$condition;
|
||||
$conditions_to_remove[] = $condition.' AND ';
|
||||
|
||||
$query = str_replace($conditions_to_remove, '', $query);
|
||||
$query = str_replace($condition, '', $query);
|
||||
}
|
||||
|
||||
return !empty($query) ? database()->fetchNum($query) !== 0 : true;
|
||||
}
|
||||
|
||||
/**
|
||||
* Sostituisce la prima occorenza di una determinata stringa.
|
||||
*
|
||||
|
|
|
|||
Loading…
Reference in New Issue