'.
diff --git a/modules/anagrafiche/init.php b/modules/anagrafiche/init.php
index 75675c33f..5e6213fcf 100755
--- a/modules/anagrafiche/init.php
+++ b/modules/anagrafiche/init.php
@@ -27,6 +27,7 @@ foreach ($rs as $riga) {
}
if (isset($id_record)) {
+ $has_access = \Util\Query::checkAccess($id_record);
$anagrafica = Anagrafica::withTrashed()->find($id_record);
$record = $dbo->fetchOne('SELECT *,
diff --git a/modules/articoli/init.php b/modules/articoli/init.php
index 9e0c0a3db..bb0e4413b 100755
--- a/modules/articoli/init.php
+++ b/modules/articoli/init.php
@@ -22,6 +22,7 @@ include_once __DIR__.'/../../core.php';
use Modules\Articoli\Articolo;
if (isset($id_record)) {
+ $has_access = \Util\Query::checkAccess($id_record);
$articolo = Articolo::withTrashed()->find($id_record);
$articolo->nome_variante;
diff --git a/modules/banche/init.php b/modules/banche/init.php
index 01cc200ab..44ee4fed2 100755
--- a/modules/banche/init.php
+++ b/modules/banche/init.php
@@ -22,6 +22,7 @@ use Modules\Banche\Banca;
include_once __DIR__.'/../../core.php';
if (isset($id_record)) {
+ $has_access = \Util\Query::checkAccess($id_record);
$banca = Banca::find($id_record);
if (!empty($banca)) {
diff --git a/modules/beni/init.php b/modules/beni/init.php
index f9d9eb060..81d4482c3 100755
--- a/modules/beni/init.php
+++ b/modules/beni/init.php
@@ -20,5 +20,6 @@
include_once __DIR__.'/../../core.php';
if (isset($id_record)) {
+ $has_access = \Util\Query::checkAccess($id_record);
$record = $dbo->fetchOne('SELECT * FROM `dt_aspettobeni` WHERE id='.prepare($id_record));
}
diff --git a/modules/categorie_articoli/add.php b/modules/categorie_articoli/add.php
index 9bad36961..b8a887bd3 100755
--- a/modules/categorie_articoli/add.php
+++ b/modules/categorie_articoli/add.php
@@ -22,6 +22,7 @@ include_once __DIR__.'/../../core.php';
$id_original = filter('id_original');
if (isset($id_record)) {
+ $has_access = \Util\Query::checkAccess($id_record);
include __DIR__.'/init.php';
}
@@ -30,6 +31,7 @@ if (isset($id_original)) {
echo base_path().'/controller.php?id_module='.$id_module;
if (isset($id_record)) {
+ $has_access = \Util\Query::checkAccess($id_record);
echo '&id_record='.$id_record;
}
}
@@ -59,6 +61,7 @@ if (isset($id_original)) {
fetchOne('SELECT * FROM `mg_categorie` WHERE id='.prepare($id_record));
}
diff --git a/modules/categorie_documenti/init.php b/modules/categorie_documenti/init.php
index 2a66f3103..413d4013f 100755
--- a/modules/categorie_documenti/init.php
+++ b/modules/categorie_documenti/init.php
@@ -22,6 +22,7 @@ include_once __DIR__.'/../../core.php';
use Modules\CategorieDocumentali\Categoria;
if (isset($id_record)) {
+ $has_access = \Util\Query::checkAccess($id_record);
$categoria = Categoria::find($id_record);
$record = $dbo->fetchOne("SELECT *,
diff --git a/modules/categorie_impianti/add.php b/modules/categorie_impianti/add.php
index d984fccb8..fff75ec13 100755
--- a/modules/categorie_impianti/add.php
+++ b/modules/categorie_impianti/add.php
@@ -22,6 +22,7 @@ include_once __DIR__.'/../../core.php';
$id_original = filter('id_original');
if (isset($id_record)) {
+ $has_access = \Util\Query::checkAccess($id_record);
include __DIR__.'/init.php';
}
diff --git a/modules/categorie_impianti/init.php b/modules/categorie_impianti/init.php
index 22178dcd0..7f09236bc 100755
--- a/modules/categorie_impianti/init.php
+++ b/modules/categorie_impianti/init.php
@@ -20,5 +20,6 @@
include_once __DIR__.'/../../core.php';
if (isset($id_record)) {
+ $has_access = \Util\Query::checkAccess($id_record);
$record = $dbo->fetchOne('SELECT * FROM `my_impianti_categorie` WHERE id='.prepare($id_record));
}
diff --git a/modules/causali/init.php b/modules/causali/init.php
index b9c3286ea..3f6572446 100755
--- a/modules/causali/init.php
+++ b/modules/causali/init.php
@@ -20,5 +20,6 @@
include_once __DIR__.'/../../core.php';
if (isset($id_record)) {
+ $has_access = \Util\Query::checkAccess($id_record);
$record = $dbo->fetchOne('SELECT * FROM `dt_causalet` WHERE id='.prepare($id_record));
}
diff --git a/modules/causali_movimenti/actions.php b/modules/causali_movimenti/actions.php
index a0e39bf40..731e762d4 100755
--- a/modules/causali_movimenti/actions.php
+++ b/modules/causali_movimenti/actions.php
@@ -22,6 +22,7 @@ include_once __DIR__.'/../../core.php';
switch (filter('op')) {
case 'update':
if (isset($id_record)) {
+ $has_access = \Util\Query::checkAccess($id_record);
$database->update('mg_causali_movimenti', [
'nome' => post('nome'),
'tipo_movimento' => post('tipo_movimento'),
@@ -47,6 +48,7 @@ switch (filter('op')) {
case 'delete':
if (isset($id_record)) {
+ $has_access = \Util\Query::checkAccess($id_record);
$dbo->query('DELETE FROM `mg_causali_movimenti` WHERE `id`='.prepare($id_record));
flash()->info(tr('Tipologia di _TYPE_ eliminata con successo!', [
diff --git a/modules/causali_movimenti/init.php b/modules/causali_movimenti/init.php
index 1b2262959..a72f6b57f 100755
--- a/modules/causali_movimenti/init.php
+++ b/modules/causali_movimenti/init.php
@@ -20,5 +20,6 @@
include_once __DIR__.'/../../core.php';
if (isset($id_record)) {
+ $has_access = \Util\Query::checkAccess($id_record);
$record = $dbo->fetchOne('SELECT * FROM `mg_causali_movimenti` WHERE id='.prepare($id_record));
}
diff --git a/modules/checklists/init.php b/modules/checklists/init.php
index 4a7c61262..0a07c3a3f 100755
--- a/modules/checklists/init.php
+++ b/modules/checklists/init.php
@@ -22,5 +22,6 @@ include_once __DIR__.'/../../core.php';
use Modules\Checklists\Checklist;
if (isset($id_record)) {
+ $has_access = \Util\Query::checkAccess($id_record);
$record = Checklist::find($id_record);
}
diff --git a/modules/contratti/init.php b/modules/contratti/init.php
index c524fe8b3..741f38832 100755
--- a/modules/contratti/init.php
+++ b/modules/contratti/init.php
@@ -22,6 +22,7 @@ include_once __DIR__.'/../../core.php';
use Modules\Contratti\Contratto;
if (isset($id_record)) {
+ $has_access = \Util\Query::checkAccess($id_record);
$contratto = Contratto::find($id_record);
$record = $dbo->fetchOne('SELECT *,
diff --git a/modules/custom_fields/init.php b/modules/custom_fields/init.php
index fea41e80f..425e27e44 100755
--- a/modules/custom_fields/init.php
+++ b/modules/custom_fields/init.php
@@ -20,6 +20,7 @@
include_once __DIR__.'/../../core.php';
if (isset($id_record)) {
+ $has_access = \Util\Query::checkAccess($id_record);
$records = $dbo->fetchArray('SELECT * FROM zz_fields WHERE id='.prepare($id_record));
}
diff --git a/modules/ddt/actions.php b/modules/ddt/actions.php
index 6c404437c..4f9e360f4 100755
--- a/modules/ddt/actions.php
+++ b/modules/ddt/actions.php
@@ -62,6 +62,7 @@ switch (filter('op')) {
case 'update':
if (isset($id_record)) {
+ $has_access = \Util\Query::checkAccess($id_record);
$idstatoddt = post('idstatoddt');
$idpagamento = post('idpagamento');
$numero_esterno = post('numero_esterno');
diff --git a/modules/ddt/init.php b/modules/ddt/init.php
index ec4d64fbc..74674ef80 100755
--- a/modules/ddt/init.php
+++ b/modules/ddt/init.php
@@ -31,6 +31,7 @@ if ($module['name'] == 'Ddt di vendita') {
}
if (isset($id_record)) {
+ $has_access = \Util\Query::checkAccess($id_record);
$ddt = DDT::with('tipo', 'stato')->find($id_record);
$record = $dbo->fetchOne('SELECT dt_ddt.*,
diff --git a/modules/emails/init.php b/modules/emails/init.php
index f0fec6fed..e8a3e78e0 100755
--- a/modules/emails/init.php
+++ b/modules/emails/init.php
@@ -22,6 +22,7 @@ use Modules\Newsletter\Newsletter;
include_once __DIR__.'/../../core.php';
if (isset($id_record)) {
+ $has_access = \Util\Query::checkAccess($id_record);
$record = $dbo->fetchOne('SELECT * FROM em_templates WHERE id='.prepare($id_record).' AND deleted_at IS NULL');
//Controllo se ci sono newletter collegate a questo template
diff --git a/modules/fatture/init.php b/modules/fatture/init.php
index 67b497cb4..65c8b9547 100755
--- a/modules/fatture/init.php
+++ b/modules/fatture/init.php
@@ -28,6 +28,7 @@ if ($module['name'] == 'Fatture di vendita') {
}
if (isset($id_record)) {
+ $has_access = \Util\Query::checkAccess($id_record);
$fattura = Fattura::with('tipo', 'stato')->find($id_record);
$dir = $fattura->direzione;
diff --git a/modules/gestione_documentale/init.php b/modules/gestione_documentale/init.php
index 5ab2797b1..e3772e7e5 100755
--- a/modules/gestione_documentale/init.php
+++ b/modules/gestione_documentale/init.php
@@ -20,5 +20,6 @@
include_once __DIR__.'/../../core.php';
if (isset($id_record)) {
+ $has_access = \Util\Query::checkAccess($id_record);
$record = $dbo->fetchOne('SELECT *, do_documenti.`id`as id, do_documenti.nome AS nome, do_documenti.`data` AS `data` FROM do_documenti WHERE do_documenti.id = '.prepare($id_record));
}
diff --git a/modules/giacenze_sedi/init.php b/modules/giacenze_sedi/init.php
index 8594016ad..3d40c3497 100644
--- a/modules/giacenze_sedi/init.php
+++ b/modules/giacenze_sedi/init.php
@@ -20,6 +20,7 @@
include_once __DIR__.'/../../core.php';
if (isset($id_record)) {
+ $has_access = \Util\Query::checkAccess($id_record);
$id_module = Modules::get('Articoli')['id'];
redirect(base_path().'/editor.php?id_module='.$id_module.'&id_record='.$id_record);
}
diff --git a/modules/impianti/init.php b/modules/impianti/init.php
index 42d94cdf1..fa2cc99ea 100755
--- a/modules/impianti/init.php
+++ b/modules/impianti/init.php
@@ -20,5 +20,6 @@
include_once __DIR__.'/../../core.php';
if (isset($id_record)) {
+ $has_access = \Util\Query::checkAccess($id_record);
$record = $dbo->fetchOne('SELECT *, (SELECT ragione_sociale FROM an_anagrafiche WHERE idanagrafica=my_impianti.idanagrafica) AS cliente FROM my_impianti WHERE id='.prepare($id_record));
}
diff --git a/modules/interventi/init.php b/modules/interventi/init.php
index 5aebcfe74..e6446313d 100755
--- a/modules/interventi/init.php
+++ b/modules/interventi/init.php
@@ -22,6 +22,7 @@ include_once __DIR__.'/../../core.php';
use Modules\Interventi\Intervento;
if (isset($id_record)) {
+ $has_access = \Util\Query::checkAccess($id_record);
$intervento = Intervento::find($id_record);
$record = $dbo->fetchOne('SELECT *,
diff --git a/modules/iva/actions.php b/modules/iva/actions.php
index aec2ae7ab..e4d7fd7f5 100755
--- a/modules/iva/actions.php
+++ b/modules/iva/actions.php
@@ -91,6 +91,7 @@ switch (filter('op')) {
case 'delete':
if (isset($id_record)) {
+ $has_access = \Util\Query::checkAccess($id_record);
$dbo->query('UPDATE `co_iva` SET deleted_at = NOW() WHERE `id`='.prepare($id_record));
flash()->info(tr('Tipologia di _TYPE_ eliminata con successo', [
diff --git a/modules/iva/init.php b/modules/iva/init.php
index e1b52a7e3..b304cfdab 100755
--- a/modules/iva/init.php
+++ b/modules/iva/init.php
@@ -20,5 +20,6 @@
include_once __DIR__.'/../../core.php';
if (isset($id_record)) {
+ $has_access = \Util\Query::checkAccess($id_record);
$record = $dbo->fetchOne('SELECT * FROM `co_iva` WHERE id='.prepare($id_record));
}
diff --git a/modules/liste_newsletter/init.php b/modules/liste_newsletter/init.php
index 1ccd3799d..43ea4801a 100755
--- a/modules/liste_newsletter/init.php
+++ b/modules/liste_newsletter/init.php
@@ -22,6 +22,7 @@ use Modules\ListeNewsletter\Lista;
include_once __DIR__.'/../../core.php';
if (isset($id_record)) {
+ $has_access = \Util\Query::checkAccess($id_record);
$lista = Lista::find($id_record);
$record = $lista->toArray();
diff --git a/modules/misure/init.php b/modules/misure/init.php
index b349dc392..169d56b96 100755
--- a/modules/misure/init.php
+++ b/modules/misure/init.php
@@ -20,5 +20,6 @@
include_once __DIR__.'/../../core.php';
if (isset($id_record)) {
+ $has_access = \Util\Query::checkAccess($id_record);
$record = $dbo->fetchOne('SELECT * FROM `mg_unitamisura` WHERE id='.prepare($id_record));
}
diff --git a/modules/modelli_primanota/init.php b/modules/modelli_primanota/init.php
index d79598f0b..dd20bc0f1 100755
--- a/modules/modelli_primanota/init.php
+++ b/modules/modelli_primanota/init.php
@@ -18,5 +18,6 @@
*/
if (isset($id_record)) {
+ $has_access = \Util\Query::checkAccess($id_record);
$record = $dbo->fetchOne('SELECT * FROM co_movimenti_modelli WHERE idmastrino='.prepare($id_record));
}
diff --git a/modules/newsletter/init.php b/modules/newsletter/init.php
index be0b97d69..14c525d34 100755
--- a/modules/newsletter/init.php
+++ b/modules/newsletter/init.php
@@ -23,6 +23,7 @@ use Modules\Newsletter\Newsletter;
include_once __DIR__.'/../../core.php';
if (isset($id_record)) {
+ $has_access = \Util\Query::checkAccess($id_record);
$newsletter = Newsletter::find($id_record);
$record = $newsletter->toArray();
diff --git a/modules/ordini/actions.php b/modules/ordini/actions.php
index efe959560..1d74a8985 100755
--- a/modules/ordini/actions.php
+++ b/modules/ordini/actions.php
@@ -57,6 +57,7 @@ switch (post('op')) {
case 'update':
if (isset($id_record)) {
+ $has_access = \Util\Query::checkAccess($id_record);
$idstatoordine = post('idstatoordine');
$idpagamento = post('idpagamento');
$idsede = post('idsede');
diff --git a/modules/ordini/init.php b/modules/ordini/init.php
index 1419df330..35d7724ad 100755
--- a/modules/ordini/init.php
+++ b/modules/ordini/init.php
@@ -22,6 +22,7 @@ use Modules\Ordini\Ordine;
include_once __DIR__.'/../../core.php';
if (isset($id_record)) {
+ $has_access = \Util\Query::checkAccess($id_record);
$ordine = Ordine::with('tipo', 'stato')->find($id_record);
$record = $dbo->fetchOne('SELECT *,
diff --git a/modules/pagamenti/init.php b/modules/pagamenti/init.php
index b38b7baef..ff60a3a6e 100755
--- a/modules/pagamenti/init.php
+++ b/modules/pagamenti/init.php
@@ -20,5 +20,6 @@
include_once __DIR__.'/../../core.php';
if (isset($id_record)) {
+ $has_access = \Util\Query::checkAccess($id_record);
$record = $dbo->fetchOne('SELECT * FROM `co_pagamenti` WHERE id='.prepare($id_record));
}
diff --git a/modules/piano_sconto/init.php b/modules/piano_sconto/init.php
index 96f1bbef5..dc00a3de7 100644
--- a/modules/piano_sconto/init.php
+++ b/modules/piano_sconto/init.php
@@ -22,6 +22,7 @@ include_once __DIR__.'/../../core.php';
use Modules\PianiSconto\PianoSconto;
if (isset($id_record)) {
+ $has_access = \Util\Query::checkAccess($id_record);
$record = $dbo->fetchOne('SELECT * FROM mg_listini WHERE id='.prepare($id_record));
$listino = PianoSconto::find($id_record);
diff --git a/modules/porti/init.php b/modules/porti/init.php
index 492811916..0ec175031 100755
--- a/modules/porti/init.php
+++ b/modules/porti/init.php
@@ -20,5 +20,6 @@
include_once __DIR__.'/../../core.php';
if (isset($id_record)) {
+ $has_access = \Util\Query::checkAccess($id_record);
$record = $dbo->fetchOne('SELECT * FROM `dt_porto` WHERE id='.prepare($id_record));
}
diff --git a/modules/preventivi/actions.php b/modules/preventivi/actions.php
index 0ae8bc7fc..53026c03e 100755
--- a/modules/preventivi/actions.php
+++ b/modules/preventivi/actions.php
@@ -52,6 +52,7 @@ switch (post('op')) {
case 'update':
if (isset($id_record)) {
+ $has_access = \Util\Query::checkAccess($id_record);
$preventivo->idstato = post('idstato');
$preventivo->nome = post('nome');
$preventivo->idanagrafica = post('idanagrafica');
diff --git a/modules/preventivi/init.php b/modules/preventivi/init.php
index b0ab05c5e..384a1c5c3 100755
--- a/modules/preventivi/init.php
+++ b/modules/preventivi/init.php
@@ -20,6 +20,7 @@
include_once __DIR__.'/../../core.php';
if (isset($id_record)) {
+ $has_access = \Util\Query::checkAccess($id_record);
$preventivo = Modules\Preventivi\Preventivo::with('stato')->find($id_record);
$record = $dbo->fetchOne('SELECT co_preventivi.*,
diff --git a/modules/primanota/init.php b/modules/primanota/init.php
index 6b495ca6c..b7128304a 100755
--- a/modules/primanota/init.php
+++ b/modules/primanota/init.php
@@ -22,6 +22,7 @@ include_once __DIR__.'/../../core.php';
use Modules\PrimaNota\Mastrino;
if (isset($id_record)) {
+ $has_access = \Util\Query::checkAccess($id_record);
$mastrino = Mastrino::find($id_record);
$record = $dbo->fetchOne('SELECT * FROM co_movimenti WHERE idmastrino = '.prepare($id_record));
diff --git a/modules/relazioni_anagrafiche/init.php b/modules/relazioni_anagrafiche/init.php
index 32b524fdf..4476f8726 100755
--- a/modules/relazioni_anagrafiche/init.php
+++ b/modules/relazioni_anagrafiche/init.php
@@ -20,5 +20,6 @@
include_once __DIR__.'/../../core.php';
if (isset($id_record)) {
+ $has_access = \Util\Query::checkAccess($id_record);
$record = $dbo->fetchOne('SELECT * FROM `an_relazioni` WHERE id='.prepare($id_record));
}
diff --git a/modules/ritenute/actions.php b/modules/ritenute/actions.php
index 656b66005..1fca036b0 100755
--- a/modules/ritenute/actions.php
+++ b/modules/ritenute/actions.php
@@ -66,6 +66,7 @@ switch (filter('op')) {
case 'delete':
if (isset($id_record)) {
+ $has_access = \Util\Query::checkAccess($id_record);
$dbo->query('DELETE FROM `co_ritenutaacconto` WHERE `id`='.prepare($id_record));
flash()->info(tr('Tipologia di _TYPE_ eliminata con successo!', [
diff --git a/modules/ritenute/init.php b/modules/ritenute/init.php
index d4981cc18..08ff3879e 100755
--- a/modules/ritenute/init.php
+++ b/modules/ritenute/init.php
@@ -20,5 +20,6 @@
include_once __DIR__.'/../../core.php';
if (isset($id_record)) {
+ $has_access = \Util\Query::checkAccess($id_record);
$record = $dbo->fetchOne('SELECT *, (SELECT COUNT(idritenutaacconto) FROM co_righe_documenti WHERE co_righe_documenti.idritenutaacconto = '.prepare($id_record).') AS doc_associati FROM `co_ritenutaacconto` WHERE id='.prepare($id_record));
}
diff --git a/modules/ritenute_contributi/actions.php b/modules/ritenute_contributi/actions.php
index f924cc6c2..6ed79dfcc 100755
--- a/modules/ritenute_contributi/actions.php
+++ b/modules/ritenute_contributi/actions.php
@@ -66,6 +66,7 @@ switch (filter('op')) {
case 'delete':
if (isset($id_record)) {
+ $has_access = \Util\Query::checkAccess($id_record);
$dbo->query('DELETE FROM `co_ritenuta_contributi` WHERE `id`='.prepare($id_record));
flash()->info(tr('Tipologia di _TYPE_ eliminata con successo!', [
diff --git a/modules/ritenute_contributi/init.php b/modules/ritenute_contributi/init.php
index f91af9a1d..18da9850b 100755
--- a/modules/ritenute_contributi/init.php
+++ b/modules/ritenute_contributi/init.php
@@ -20,5 +20,6 @@
include_once __DIR__.'/../../core.php';
if (isset($id_record)) {
+ $has_access = \Util\Query::checkAccess($id_record);
$record = $dbo->fetchOne('SELECT *, (SELECT COUNT(id_ritenuta_contributi) FROM co_documenti WHERE co_documenti.id_ritenuta_contributi = '.prepare($id_record).') AS doc_associati FROM `co_ritenuta_contributi` WHERE id='.prepare($id_record));
}
diff --git a/modules/rivalse/actions.php b/modules/rivalse/actions.php
index fab9f32cb..935721874 100755
--- a/modules/rivalse/actions.php
+++ b/modules/rivalse/actions.php
@@ -66,6 +66,7 @@ switch (filter('op')) {
case 'delete':
if (isset($id_record)) {
+ $has_access = \Util\Query::checkAccess($id_record);
$dbo->query('DELETE FROM `co_rivalse` WHERE `id`='.prepare($id_record));
flash()->info(tr('Tipologia di _TYPE_ eliminata con successo!', [
diff --git a/modules/rivalse/init.php b/modules/rivalse/init.php
index 3f56d98bb..afe059f93 100755
--- a/modules/rivalse/init.php
+++ b/modules/rivalse/init.php
@@ -20,5 +20,6 @@
include_once __DIR__.'/../../core.php';
if (isset($id_record)) {
+ $has_access = \Util\Query::checkAccess($id_record);
$record = $dbo->fetchOne('SELECT * FROM `co_rivalse` WHERE id='.prepare($id_record));
}
diff --git a/modules/segmenti/init.php b/modules/segmenti/init.php
index 8fa58305f..69e6e0dab 100755
--- a/modules/segmenti/init.php
+++ b/modules/segmenti/init.php
@@ -20,6 +20,7 @@
include_once __DIR__.'/../../core.php';
if (isset($id_record)) {
+ $has_access = \Util\Query::checkAccess($id_record);
$record = $dbo->fetchOne('SELECT *, (SELECT options FROM zz_modules WHERE id = zz_segments.id_module) options, (SELECT name FROM zz_modules WHERE id = zz_segments.id_module) AS modulo, (SELECT COUNT(t.id) FROM zz_segments t WHERE t.id_module = zz_segments.id_module) AS n_sezionali FROM zz_segments WHERE id='.prepare($id_record));
$array = preg_match('/(?<=FROM)\s([^\s]+)\s/', $record['options'], $table);
diff --git a/modules/smtp/init.php b/modules/smtp/init.php
index 1903e0c0b..b2ea8683a 100755
--- a/modules/smtp/init.php
+++ b/modules/smtp/init.php
@@ -22,6 +22,7 @@ use Modules\Emails\Account;
include_once __DIR__.'/../../core.php';
if (isset($id_record)) {
+ $has_access = \Util\Query::checkAccess($id_record);
$account = Account::find($id_record);
$record = $dbo->fetchOne('SELECT * FROM em_accounts WHERE id='.prepare($id_record).' AND deleted_at IS NULL');
diff --git a/modules/spedizioni/init.php b/modules/spedizioni/init.php
index 86d4bcb01..00bc46420 100755
--- a/modules/spedizioni/init.php
+++ b/modules/spedizioni/init.php
@@ -20,5 +20,6 @@
include_once __DIR__.'/../../core.php';
if (isset($id_record)) {
+ $has_access = \Util\Query::checkAccess($id_record);
$record = $dbo->fetchOne('SELECT * FROM `dt_spedizione` WHERE id='.prepare($id_record));
}
diff --git a/modules/stampe/init.php b/modules/stampe/init.php
index ce17fcaf8..5d9e2ec9e 100755
--- a/modules/stampe/init.php
+++ b/modules/stampe/init.php
@@ -22,6 +22,7 @@ include_once __DIR__.'/../../core.php';
use Models\PrintTemplate;
if (isset($id_record)) {
+ $has_access = \Util\Query::checkAccess($id_record);
$print = PrintTemplate::find($id_record);
$record = $print->toArray();
}
diff --git a/modules/stati_contratto/init.php b/modules/stati_contratto/init.php
index a35ab34af..b586abc54 100755
--- a/modules/stati_contratto/init.php
+++ b/modules/stati_contratto/init.php
@@ -20,5 +20,6 @@
include_once __DIR__.'/../../core.php';
if (isset($id_record)) {
+ $has_access = \Util\Query::checkAccess($id_record);
$record = $dbo->fetchOne('SELECT * FROM co_staticontratti WHERE id='.prepare($id_record));
}
diff --git a/modules/stati_intervento/init.php b/modules/stati_intervento/init.php
index c1635575b..431e76222 100755
--- a/modules/stati_intervento/init.php
+++ b/modules/stati_intervento/init.php
@@ -20,5 +20,6 @@
include_once __DIR__.'/../../core.php';
if (isset($id_record)) {
+ $has_access = \Util\Query::checkAccess($id_record);
$record = $dbo->fetchOne('SELECT * FROM in_statiintervento WHERE idstatointervento='.prepare($id_record));
}
diff --git a/modules/stati_preventivo/init.php b/modules/stati_preventivo/init.php
index 2eef0d824..5745e2883 100755
--- a/modules/stati_preventivo/init.php
+++ b/modules/stati_preventivo/init.php
@@ -20,5 +20,6 @@
include_once __DIR__.'/../../core.php';
if (isset($id_record)) {
+ $has_access = \Util\Query::checkAccess($id_record);
$record = $dbo->fetchOne('SELECT * FROM co_statipreventivi WHERE id='.prepare($id_record));
}
diff --git a/modules/stato_email/bulk.php b/modules/stato_email/bulk.php
index 2e0a30114..16fed4f36 100644
--- a/modules/stato_email/bulk.php
+++ b/modules/stato_email/bulk.php
@@ -26,6 +26,7 @@ switch (post('op')) {
$i = 0;
foreach ($id_records as $id_record) {
if (isset($id_record)) {
+ $has_access = \Util\Query::checkAccess($id_record);
$mail = Mail::find($id_record);
if (empty($mail->sent_at)) {
$mail->delete();
diff --git a/modules/stato_email/init.php b/modules/stato_email/init.php
index 17412c5e8..da4cef290 100755
--- a/modules/stato_email/init.php
+++ b/modules/stato_email/init.php
@@ -22,6 +22,7 @@ include_once __DIR__.'/../../core.php';
use Modules\Emails\Mail;
if (isset($id_record)) {
+ $has_access = \Util\Query::checkAccess($id_record);
$mail = Mail::find($id_record);
$record = $mail->toArray();
diff --git a/modules/tecnici_tariffe/init.php b/modules/tecnici_tariffe/init.php
index b49b2d5fc..db54a3318 100755
--- a/modules/tecnici_tariffe/init.php
+++ b/modules/tecnici_tariffe/init.php
@@ -20,6 +20,7 @@
include_once __DIR__.'/../../core.php';
if (isset($id_record)) {
+ $has_access = \Util\Query::checkAccess($id_record);
$record = $dbo->fetchOne('SELECT idanagrafica, ragione_sociale, colore FROM an_anagrafiche WHERE idanagrafica = '.prepare($id_record));
$tipi_interventi = $dbo->fetchArray('SELECT *, in_tipiintervento.idtipointervento AS id, in_tariffe.idtipointervento AS esiste FROM in_tipiintervento LEFT JOIN in_tariffe ON in_tipiintervento.idtipointervento = in_tariffe.idtipointervento AND in_tariffe.idtecnico = '.prepare($id_record).' ORDER BY descrizione');
diff --git a/modules/tipi_anagrafiche/init.php b/modules/tipi_anagrafiche/init.php
index 01f917333..b9a49e17c 100755
--- a/modules/tipi_anagrafiche/init.php
+++ b/modules/tipi_anagrafiche/init.php
@@ -20,5 +20,6 @@
include_once __DIR__.'/../../core.php';
if (isset($id_record)) {
+ $has_access = \Util\Query::checkAccess($id_record);
$record = $dbo->fetchOne('SELECT * FROM an_tipianagrafiche WHERE idtipoanagrafica='.prepare($id_record));
}
diff --git a/modules/tipi_documento/init.php b/modules/tipi_documento/init.php
index 09c8d3361..a521f1841 100644
--- a/modules/tipi_documento/init.php
+++ b/modules/tipi_documento/init.php
@@ -20,5 +20,6 @@
include_once __DIR__.'/../../core.php';
if (isset($id_record)) {
+ $has_access = \Util\Query::checkAccess($id_record);
$record = $dbo->fetchOne('SELECT * FROM `co_tipidocumento` WHERE id='.prepare($id_record));
}
diff --git a/modules/tipi_intervento/init.php b/modules/tipi_intervento/init.php
index 4785658f6..0f784056c 100755
--- a/modules/tipi_intervento/init.php
+++ b/modules/tipi_intervento/init.php
@@ -21,6 +21,7 @@ include_once __DIR__.'/../../core.php';
use Modules\TipiIntervento\Tipo;
if (isset($id_record)) {
+ $has_access = \Util\Query::checkAccess($id_record);
$record = $dbo->fetchOne('SELECT * FROM in_tipiintervento WHERE idtipointervento='.prepare($id_record));
$tipo = Tipo::find($id_record);
diff --git a/modules/tipi_scadenze/init.php b/modules/tipi_scadenze/init.php
index 67d151352..93e7730b3 100755
--- a/modules/tipi_scadenze/init.php
+++ b/modules/tipi_scadenze/init.php
@@ -20,5 +20,6 @@
include_once __DIR__.'/../../core.php';
if (isset($id_record)) {
+ $has_access = \Util\Query::checkAccess($id_record);
$record = $dbo->fetchOne('SELECT * FROM `co_tipi_scadenze` WHERE id='.prepare($id_record));
}
diff --git a/modules/utenti/init.php b/modules/utenti/init.php
index c988b3493..5df2861f7 100755
--- a/modules/utenti/init.php
+++ b/modules/utenti/init.php
@@ -20,5 +20,6 @@
include_once __DIR__.'/../../core.php';
if (isset($id_record)) {
+ $has_access = \Util\Query::checkAccess($id_record);
$record = $dbo->fetchOne('SELECT * FROM `zz_groups` WHERE `id`='.prepare($id_record));
}
diff --git a/modules/viste/init.php b/modules/viste/init.php
index 3deac71b6..ea41aba88 100755
--- a/modules/viste/init.php
+++ b/modules/viste/init.php
@@ -20,5 +20,6 @@
include_once __DIR__.'/../../core.php';
if (isset($id_record)) {
+ $has_access = \Util\Query::checkAccess($id_record);
$record = $dbo->fetchOne('SELECT * FROM `zz_modules` WHERE id='.prepare($id_record));
}
diff --git a/modules/voci_servizio/init.php b/modules/voci_servizio/init.php
index 504775833..45d46c625 100755
--- a/modules/voci_servizio/init.php
+++ b/modules/voci_servizio/init.php
@@ -20,5 +20,6 @@
include_once __DIR__.'/../../core.php';
if (isset($id_record)) {
+ $has_access = \Util\Query::checkAccess($id_record);
$record = $dbo->fetchOne('SELECT * FROM in_vociservizio WHERE id='.prepare($id_record));
}
diff --git a/modules/zone/init.php b/modules/zone/init.php
index 4c27daed9..66ff18073 100755
--- a/modules/zone/init.php
+++ b/modules/zone/init.php
@@ -20,5 +20,6 @@
include_once __DIR__.'/../../core.php';
if (isset($id_record)) {
+ $has_access = \Util\Query::checkAccess($id_record);
$record = $dbo->fetchOne('SELECT * FROM an_zone WHERE id='.prepare($id_record));
}
diff --git a/plugins/dichiarazioni_intento/init.php b/plugins/dichiarazioni_intento/init.php
index eb7bf0adc..b3ee3de0b 100755
--- a/plugins/dichiarazioni_intento/init.php
+++ b/plugins/dichiarazioni_intento/init.php
@@ -22,6 +22,7 @@ use Plugins\DichiarazioniIntento\Dichiarazione;
include_once __DIR__.'/../../core.php';
if (isset($id_record)) {
+ $has_access = \Util\Query::checkAccess($id_record);
$dichiarazione = Dichiarazione::find($id_record);
$record = $dichiarazione ? $dichiarazione->toArray() : [];
diff --git a/plugins/importFE/init.php b/plugins/importFE/init.php
index 8d8a08bac..b1209fd0e 100755
--- a/plugins/importFE/init.php
+++ b/plugins/importFE/init.php
@@ -23,6 +23,7 @@ use Plugins\ImportFE\FatturaElettronica;
use Plugins\ImportFE\Interaction;
if (isset($id_record)) {
+ $has_access = \Util\Query::checkAccess($id_record);
$files = Interaction::getFileList();
$record = $files[$id_record - 1];
diff --git a/plugins/pianificazione_interventi/init.php b/plugins/pianificazione_interventi/init.php
index ecc0749eb..23f16e3eb 100755
--- a/plugins/pianificazione_interventi/init.php
+++ b/plugins/pianificazione_interventi/init.php
@@ -22,5 +22,6 @@ include_once __DIR__.'/../../core.php';
use Plugins\PianificazioneInterventi\Promemoria;
if (isset($id_record)) {
+ $has_access = \Util\Query::checkAccess($id_record);
$promemoria = Promemoria::find($id_record);
}
diff --git a/plugins/referenti/init.php b/plugins/referenti/init.php
index 5be6b70c6..f9ffbfd37 100755
--- a/plugins/referenti/init.php
+++ b/plugins/referenti/init.php
@@ -20,5 +20,6 @@
include_once __DIR__.'/../../core.php';
if (isset($id_record)) {
+ $has_access = \Util\Query::checkAccess($id_record);
$record = $dbo->fetchOne('SELECT * FROM an_referenti WHERE id='.prepare($id_record));
}
diff --git a/plugins/sedi/init.php b/plugins/sedi/init.php
index 170575f03..43785f2b7 100755
--- a/plugins/sedi/init.php
+++ b/plugins/sedi/init.php
@@ -21,6 +21,7 @@ include_once __DIR__.'/../../core.php';
// id_record = sede
if (isset($id_record)) {
+ $has_access = \Util\Query::checkAccess($id_record);
$record = $dbo->fetchOne('SELECT * FROM an_sedi WHERE id='.prepare($id_record));
$record['lat'] = floatval($record['lat']);
$record['lng'] = floatval($record['lng']);
diff --git a/src/Util/Query.php b/src/Util/Query.php
index 28360b522..00e97161a 100755
--- a/src/Util/Query.php
+++ b/src/Util/Query.php
@@ -323,6 +323,40 @@ class Query
return $results;
}
+ /**
+ * Controlla se l'utente ha accesso a un record specifico seguendo la query principale del modulo.
+ *
+ * @return bool
+ * @throws \Exception
+ */
+ public static function checkAccess($id_record){
+
+ self::setSegments(false);
+ $query = self::getQuery(Modules::getCurrent(), [
+ 'id' => $id_record,
+ ]);
+ self::setSegments(true);
+
+ // Rimozione della condizione deleted_at IS NULL per visualizzare anche i record eliminati
+ if (preg_match('/[`]*([a-z0-9_]*)[`]*[\.]*([`]*deleted_at[`]* IS NULL)/i', $query, $m)) {
+ $conditions_to_remove = [];
+
+ $condition = trim($m[0]);
+
+ if (!empty($table_name)) {
+ $condition = $table_name.'.'.$condition;
+ }
+
+ $conditions_to_remove[] = ' AND '.$condition;
+ $conditions_to_remove[] = $condition.' AND ';
+
+ $query = str_replace($conditions_to_remove, '', $query);
+ $query = str_replace($condition, '', $query);
+ }
+
+ return !empty($query) ? database()->fetchNum($query) !== 0 : true;
+ }
+
/**
* Sostituisce la prima occorenza di una determinata stringa.
*