diff --git a/ajax.php b/ajax.php index 8b82006f8..dddbd7290 100755 --- a/ajax.php +++ b/ajax.php @@ -79,6 +79,7 @@ switch (filter('op')) { case 'active_users': $posizione = get('id_module'); if (isset($id_record)) { + $has_access = \Util\Query::checkAccess($id_record); $posizione .= ', '.get('id_record'); } diff --git a/editor.php b/editor.php index 16175e53d..f898ee446 100755 --- a/editor.php +++ b/editor.php @@ -32,40 +32,10 @@ if (empty($id_record) && !empty($id_module) && empty($id_plugin)) { include_once App::filepath('include|custom|', 'top.php'); -if (!empty($id_record)) { - Util\Query::setSegments(false); - $query = Util\Query::getQuery($structure, [ - 'id' => $id_record, - ]); - Util\Query::setSegments(true); -} -// Rimozione della condizione deleted_at IS NULL per visualizzare anche i record eliminati -if (preg_match('/[`]*([a-z0-9_]*)[`]*[\.]*([`]*deleted_at[`]* IS NULL)/i', $query, $m)) { - $conditions_to_remove = []; +// Inclusione gli elementi fondamentali +include_once base_dir().'/actions.php'; - $condition = trim($m[0]); - - if (!empty($table_name)) { - $condition = $table_name.'.'.$condition; - } - - $conditions_to_remove[] = ' AND '.$condition; - $conditions_to_remove[] = $condition.' AND '; - - $query = str_replace($conditions_to_remove, '', $query); - $query = str_replace($condition, '', $query); -} - -$query = null; - -$has_access = !empty($query) ? $dbo->fetchNum($query) !== 0 : true; - -if ($has_access) { - // Inclusione gli elementi fondamentali - include_once base_dir().'/actions.php'; -} - -if (empty($record) || !$has_access) { +if (empty($record) || (isset($has_access) && !$has_access)) { echo '

'. diff --git a/modules/anagrafiche/init.php b/modules/anagrafiche/init.php index 75675c33f..5e6213fcf 100755 --- a/modules/anagrafiche/init.php +++ b/modules/anagrafiche/init.php @@ -27,6 +27,7 @@ foreach ($rs as $riga) { } if (isset($id_record)) { + $has_access = \Util\Query::checkAccess($id_record); $anagrafica = Anagrafica::withTrashed()->find($id_record); $record = $dbo->fetchOne('SELECT *, diff --git a/modules/articoli/init.php b/modules/articoli/init.php index 9e0c0a3db..bb0e4413b 100755 --- a/modules/articoli/init.php +++ b/modules/articoli/init.php @@ -22,6 +22,7 @@ include_once __DIR__.'/../../core.php'; use Modules\Articoli\Articolo; if (isset($id_record)) { + $has_access = \Util\Query::checkAccess($id_record); $articolo = Articolo::withTrashed()->find($id_record); $articolo->nome_variante; diff --git a/modules/banche/init.php b/modules/banche/init.php index 01cc200ab..44ee4fed2 100755 --- a/modules/banche/init.php +++ b/modules/banche/init.php @@ -22,6 +22,7 @@ use Modules\Banche\Banca; include_once __DIR__.'/../../core.php'; if (isset($id_record)) { + $has_access = \Util\Query::checkAccess($id_record); $banca = Banca::find($id_record); if (!empty($banca)) { diff --git a/modules/beni/init.php b/modules/beni/init.php index f9d9eb060..81d4482c3 100755 --- a/modules/beni/init.php +++ b/modules/beni/init.php @@ -20,5 +20,6 @@ include_once __DIR__.'/../../core.php'; if (isset($id_record)) { + $has_access = \Util\Query::checkAccess($id_record); $record = $dbo->fetchOne('SELECT * FROM `dt_aspettobeni` WHERE id='.prepare($id_record)); } diff --git a/modules/categorie_articoli/add.php b/modules/categorie_articoli/add.php index 9bad36961..b8a887bd3 100755 --- a/modules/categorie_articoli/add.php +++ b/modules/categorie_articoli/add.php @@ -22,6 +22,7 @@ include_once __DIR__.'/../../core.php'; $id_original = filter('id_original'); if (isset($id_record)) { + $has_access = \Util\Query::checkAccess($id_record); include __DIR__.'/init.php'; } @@ -30,6 +31,7 @@ if (isset($id_original)) { echo base_path().'/controller.php?id_module='.$id_module; if (isset($id_record)) { + $has_access = \Util\Query::checkAccess($id_record); echo '&id_record='.$id_record; } } @@ -59,6 +61,7 @@ if (isset($id_original)) {
fetchOne('SELECT * FROM `mg_categorie` WHERE id='.prepare($id_record)); } diff --git a/modules/categorie_documenti/init.php b/modules/categorie_documenti/init.php index 2a66f3103..413d4013f 100755 --- a/modules/categorie_documenti/init.php +++ b/modules/categorie_documenti/init.php @@ -22,6 +22,7 @@ include_once __DIR__.'/../../core.php'; use Modules\CategorieDocumentali\Categoria; if (isset($id_record)) { + $has_access = \Util\Query::checkAccess($id_record); $categoria = Categoria::find($id_record); $record = $dbo->fetchOne("SELECT *, diff --git a/modules/categorie_impianti/add.php b/modules/categorie_impianti/add.php index d984fccb8..fff75ec13 100755 --- a/modules/categorie_impianti/add.php +++ b/modules/categorie_impianti/add.php @@ -22,6 +22,7 @@ include_once __DIR__.'/../../core.php'; $id_original = filter('id_original'); if (isset($id_record)) { + $has_access = \Util\Query::checkAccess($id_record); include __DIR__.'/init.php'; } diff --git a/modules/categorie_impianti/init.php b/modules/categorie_impianti/init.php index 22178dcd0..7f09236bc 100755 --- a/modules/categorie_impianti/init.php +++ b/modules/categorie_impianti/init.php @@ -20,5 +20,6 @@ include_once __DIR__.'/../../core.php'; if (isset($id_record)) { + $has_access = \Util\Query::checkAccess($id_record); $record = $dbo->fetchOne('SELECT * FROM `my_impianti_categorie` WHERE id='.prepare($id_record)); } diff --git a/modules/causali/init.php b/modules/causali/init.php index b9c3286ea..3f6572446 100755 --- a/modules/causali/init.php +++ b/modules/causali/init.php @@ -20,5 +20,6 @@ include_once __DIR__.'/../../core.php'; if (isset($id_record)) { + $has_access = \Util\Query::checkAccess($id_record); $record = $dbo->fetchOne('SELECT * FROM `dt_causalet` WHERE id='.prepare($id_record)); } diff --git a/modules/causali_movimenti/actions.php b/modules/causali_movimenti/actions.php index a0e39bf40..731e762d4 100755 --- a/modules/causali_movimenti/actions.php +++ b/modules/causali_movimenti/actions.php @@ -22,6 +22,7 @@ include_once __DIR__.'/../../core.php'; switch (filter('op')) { case 'update': if (isset($id_record)) { + $has_access = \Util\Query::checkAccess($id_record); $database->update('mg_causali_movimenti', [ 'nome' => post('nome'), 'tipo_movimento' => post('tipo_movimento'), @@ -47,6 +48,7 @@ switch (filter('op')) { case 'delete': if (isset($id_record)) { + $has_access = \Util\Query::checkAccess($id_record); $dbo->query('DELETE FROM `mg_causali_movimenti` WHERE `id`='.prepare($id_record)); flash()->info(tr('Tipologia di _TYPE_ eliminata con successo!', [ diff --git a/modules/causali_movimenti/init.php b/modules/causali_movimenti/init.php index 1b2262959..a72f6b57f 100755 --- a/modules/causali_movimenti/init.php +++ b/modules/causali_movimenti/init.php @@ -20,5 +20,6 @@ include_once __DIR__.'/../../core.php'; if (isset($id_record)) { + $has_access = \Util\Query::checkAccess($id_record); $record = $dbo->fetchOne('SELECT * FROM `mg_causali_movimenti` WHERE id='.prepare($id_record)); } diff --git a/modules/checklists/init.php b/modules/checklists/init.php index 4a7c61262..0a07c3a3f 100755 --- a/modules/checklists/init.php +++ b/modules/checklists/init.php @@ -22,5 +22,6 @@ include_once __DIR__.'/../../core.php'; use Modules\Checklists\Checklist; if (isset($id_record)) { + $has_access = \Util\Query::checkAccess($id_record); $record = Checklist::find($id_record); } diff --git a/modules/contratti/init.php b/modules/contratti/init.php index c524fe8b3..741f38832 100755 --- a/modules/contratti/init.php +++ b/modules/contratti/init.php @@ -22,6 +22,7 @@ include_once __DIR__.'/../../core.php'; use Modules\Contratti\Contratto; if (isset($id_record)) { + $has_access = \Util\Query::checkAccess($id_record); $contratto = Contratto::find($id_record); $record = $dbo->fetchOne('SELECT *, diff --git a/modules/custom_fields/init.php b/modules/custom_fields/init.php index fea41e80f..425e27e44 100755 --- a/modules/custom_fields/init.php +++ b/modules/custom_fields/init.php @@ -20,6 +20,7 @@ include_once __DIR__.'/../../core.php'; if (isset($id_record)) { + $has_access = \Util\Query::checkAccess($id_record); $records = $dbo->fetchArray('SELECT * FROM zz_fields WHERE id='.prepare($id_record)); } diff --git a/modules/ddt/actions.php b/modules/ddt/actions.php index 6c404437c..4f9e360f4 100755 --- a/modules/ddt/actions.php +++ b/modules/ddt/actions.php @@ -62,6 +62,7 @@ switch (filter('op')) { case 'update': if (isset($id_record)) { + $has_access = \Util\Query::checkAccess($id_record); $idstatoddt = post('idstatoddt'); $idpagamento = post('idpagamento'); $numero_esterno = post('numero_esterno'); diff --git a/modules/ddt/init.php b/modules/ddt/init.php index ec4d64fbc..74674ef80 100755 --- a/modules/ddt/init.php +++ b/modules/ddt/init.php @@ -31,6 +31,7 @@ if ($module['name'] == 'Ddt di vendita') { } if (isset($id_record)) { + $has_access = \Util\Query::checkAccess($id_record); $ddt = DDT::with('tipo', 'stato')->find($id_record); $record = $dbo->fetchOne('SELECT dt_ddt.*, diff --git a/modules/emails/init.php b/modules/emails/init.php index f0fec6fed..e8a3e78e0 100755 --- a/modules/emails/init.php +++ b/modules/emails/init.php @@ -22,6 +22,7 @@ use Modules\Newsletter\Newsletter; include_once __DIR__.'/../../core.php'; if (isset($id_record)) { + $has_access = \Util\Query::checkAccess($id_record); $record = $dbo->fetchOne('SELECT * FROM em_templates WHERE id='.prepare($id_record).' AND deleted_at IS NULL'); //Controllo se ci sono newletter collegate a questo template diff --git a/modules/fatture/init.php b/modules/fatture/init.php index 67b497cb4..65c8b9547 100755 --- a/modules/fatture/init.php +++ b/modules/fatture/init.php @@ -28,6 +28,7 @@ if ($module['name'] == 'Fatture di vendita') { } if (isset($id_record)) { + $has_access = \Util\Query::checkAccess($id_record); $fattura = Fattura::with('tipo', 'stato')->find($id_record); $dir = $fattura->direzione; diff --git a/modules/gestione_documentale/init.php b/modules/gestione_documentale/init.php index 5ab2797b1..e3772e7e5 100755 --- a/modules/gestione_documentale/init.php +++ b/modules/gestione_documentale/init.php @@ -20,5 +20,6 @@ include_once __DIR__.'/../../core.php'; if (isset($id_record)) { + $has_access = \Util\Query::checkAccess($id_record); $record = $dbo->fetchOne('SELECT *, do_documenti.`id`as id, do_documenti.nome AS nome, do_documenti.`data` AS `data` FROM do_documenti WHERE do_documenti.id = '.prepare($id_record)); } diff --git a/modules/giacenze_sedi/init.php b/modules/giacenze_sedi/init.php index 8594016ad..3d40c3497 100644 --- a/modules/giacenze_sedi/init.php +++ b/modules/giacenze_sedi/init.php @@ -20,6 +20,7 @@ include_once __DIR__.'/../../core.php'; if (isset($id_record)) { + $has_access = \Util\Query::checkAccess($id_record); $id_module = Modules::get('Articoli')['id']; redirect(base_path().'/editor.php?id_module='.$id_module.'&id_record='.$id_record); } diff --git a/modules/impianti/init.php b/modules/impianti/init.php index 42d94cdf1..fa2cc99ea 100755 --- a/modules/impianti/init.php +++ b/modules/impianti/init.php @@ -20,5 +20,6 @@ include_once __DIR__.'/../../core.php'; if (isset($id_record)) { + $has_access = \Util\Query::checkAccess($id_record); $record = $dbo->fetchOne('SELECT *, (SELECT ragione_sociale FROM an_anagrafiche WHERE idanagrafica=my_impianti.idanagrafica) AS cliente FROM my_impianti WHERE id='.prepare($id_record)); } diff --git a/modules/interventi/init.php b/modules/interventi/init.php index 5aebcfe74..e6446313d 100755 --- a/modules/interventi/init.php +++ b/modules/interventi/init.php @@ -22,6 +22,7 @@ include_once __DIR__.'/../../core.php'; use Modules\Interventi\Intervento; if (isset($id_record)) { + $has_access = \Util\Query::checkAccess($id_record); $intervento = Intervento::find($id_record); $record = $dbo->fetchOne('SELECT *, diff --git a/modules/iva/actions.php b/modules/iva/actions.php index aec2ae7ab..e4d7fd7f5 100755 --- a/modules/iva/actions.php +++ b/modules/iva/actions.php @@ -91,6 +91,7 @@ switch (filter('op')) { case 'delete': if (isset($id_record)) { + $has_access = \Util\Query::checkAccess($id_record); $dbo->query('UPDATE `co_iva` SET deleted_at = NOW() WHERE `id`='.prepare($id_record)); flash()->info(tr('Tipologia di _TYPE_ eliminata con successo', [ diff --git a/modules/iva/init.php b/modules/iva/init.php index e1b52a7e3..b304cfdab 100755 --- a/modules/iva/init.php +++ b/modules/iva/init.php @@ -20,5 +20,6 @@ include_once __DIR__.'/../../core.php'; if (isset($id_record)) { + $has_access = \Util\Query::checkAccess($id_record); $record = $dbo->fetchOne('SELECT * FROM `co_iva` WHERE id='.prepare($id_record)); } diff --git a/modules/liste_newsletter/init.php b/modules/liste_newsletter/init.php index 1ccd3799d..43ea4801a 100755 --- a/modules/liste_newsletter/init.php +++ b/modules/liste_newsletter/init.php @@ -22,6 +22,7 @@ use Modules\ListeNewsletter\Lista; include_once __DIR__.'/../../core.php'; if (isset($id_record)) { + $has_access = \Util\Query::checkAccess($id_record); $lista = Lista::find($id_record); $record = $lista->toArray(); diff --git a/modules/misure/init.php b/modules/misure/init.php index b349dc392..169d56b96 100755 --- a/modules/misure/init.php +++ b/modules/misure/init.php @@ -20,5 +20,6 @@ include_once __DIR__.'/../../core.php'; if (isset($id_record)) { + $has_access = \Util\Query::checkAccess($id_record); $record = $dbo->fetchOne('SELECT * FROM `mg_unitamisura` WHERE id='.prepare($id_record)); } diff --git a/modules/modelli_primanota/init.php b/modules/modelli_primanota/init.php index d79598f0b..dd20bc0f1 100755 --- a/modules/modelli_primanota/init.php +++ b/modules/modelli_primanota/init.php @@ -18,5 +18,6 @@ */ if (isset($id_record)) { + $has_access = \Util\Query::checkAccess($id_record); $record = $dbo->fetchOne('SELECT * FROM co_movimenti_modelli WHERE idmastrino='.prepare($id_record)); } diff --git a/modules/newsletter/init.php b/modules/newsletter/init.php index be0b97d69..14c525d34 100755 --- a/modules/newsletter/init.php +++ b/modules/newsletter/init.php @@ -23,6 +23,7 @@ use Modules\Newsletter\Newsletter; include_once __DIR__.'/../../core.php'; if (isset($id_record)) { + $has_access = \Util\Query::checkAccess($id_record); $newsletter = Newsletter::find($id_record); $record = $newsletter->toArray(); diff --git a/modules/ordini/actions.php b/modules/ordini/actions.php index efe959560..1d74a8985 100755 --- a/modules/ordini/actions.php +++ b/modules/ordini/actions.php @@ -57,6 +57,7 @@ switch (post('op')) { case 'update': if (isset($id_record)) { + $has_access = \Util\Query::checkAccess($id_record); $idstatoordine = post('idstatoordine'); $idpagamento = post('idpagamento'); $idsede = post('idsede'); diff --git a/modules/ordini/init.php b/modules/ordini/init.php index 1419df330..35d7724ad 100755 --- a/modules/ordini/init.php +++ b/modules/ordini/init.php @@ -22,6 +22,7 @@ use Modules\Ordini\Ordine; include_once __DIR__.'/../../core.php'; if (isset($id_record)) { + $has_access = \Util\Query::checkAccess($id_record); $ordine = Ordine::with('tipo', 'stato')->find($id_record); $record = $dbo->fetchOne('SELECT *, diff --git a/modules/pagamenti/init.php b/modules/pagamenti/init.php index b38b7baef..ff60a3a6e 100755 --- a/modules/pagamenti/init.php +++ b/modules/pagamenti/init.php @@ -20,5 +20,6 @@ include_once __DIR__.'/../../core.php'; if (isset($id_record)) { + $has_access = \Util\Query::checkAccess($id_record); $record = $dbo->fetchOne('SELECT * FROM `co_pagamenti` WHERE id='.prepare($id_record)); } diff --git a/modules/piano_sconto/init.php b/modules/piano_sconto/init.php index 96f1bbef5..dc00a3de7 100644 --- a/modules/piano_sconto/init.php +++ b/modules/piano_sconto/init.php @@ -22,6 +22,7 @@ include_once __DIR__.'/../../core.php'; use Modules\PianiSconto\PianoSconto; if (isset($id_record)) { + $has_access = \Util\Query::checkAccess($id_record); $record = $dbo->fetchOne('SELECT * FROM mg_listini WHERE id='.prepare($id_record)); $listino = PianoSconto::find($id_record); diff --git a/modules/porti/init.php b/modules/porti/init.php index 492811916..0ec175031 100755 --- a/modules/porti/init.php +++ b/modules/porti/init.php @@ -20,5 +20,6 @@ include_once __DIR__.'/../../core.php'; if (isset($id_record)) { + $has_access = \Util\Query::checkAccess($id_record); $record = $dbo->fetchOne('SELECT * FROM `dt_porto` WHERE id='.prepare($id_record)); } diff --git a/modules/preventivi/actions.php b/modules/preventivi/actions.php index 0ae8bc7fc..53026c03e 100755 --- a/modules/preventivi/actions.php +++ b/modules/preventivi/actions.php @@ -52,6 +52,7 @@ switch (post('op')) { case 'update': if (isset($id_record)) { + $has_access = \Util\Query::checkAccess($id_record); $preventivo->idstato = post('idstato'); $preventivo->nome = post('nome'); $preventivo->idanagrafica = post('idanagrafica'); diff --git a/modules/preventivi/init.php b/modules/preventivi/init.php index b0ab05c5e..384a1c5c3 100755 --- a/modules/preventivi/init.php +++ b/modules/preventivi/init.php @@ -20,6 +20,7 @@ include_once __DIR__.'/../../core.php'; if (isset($id_record)) { + $has_access = \Util\Query::checkAccess($id_record); $preventivo = Modules\Preventivi\Preventivo::with('stato')->find($id_record); $record = $dbo->fetchOne('SELECT co_preventivi.*, diff --git a/modules/primanota/init.php b/modules/primanota/init.php index 6b495ca6c..b7128304a 100755 --- a/modules/primanota/init.php +++ b/modules/primanota/init.php @@ -22,6 +22,7 @@ include_once __DIR__.'/../../core.php'; use Modules\PrimaNota\Mastrino; if (isset($id_record)) { + $has_access = \Util\Query::checkAccess($id_record); $mastrino = Mastrino::find($id_record); $record = $dbo->fetchOne('SELECT * FROM co_movimenti WHERE idmastrino = '.prepare($id_record)); diff --git a/modules/relazioni_anagrafiche/init.php b/modules/relazioni_anagrafiche/init.php index 32b524fdf..4476f8726 100755 --- a/modules/relazioni_anagrafiche/init.php +++ b/modules/relazioni_anagrafiche/init.php @@ -20,5 +20,6 @@ include_once __DIR__.'/../../core.php'; if (isset($id_record)) { + $has_access = \Util\Query::checkAccess($id_record); $record = $dbo->fetchOne('SELECT * FROM `an_relazioni` WHERE id='.prepare($id_record)); } diff --git a/modules/ritenute/actions.php b/modules/ritenute/actions.php index 656b66005..1fca036b0 100755 --- a/modules/ritenute/actions.php +++ b/modules/ritenute/actions.php @@ -66,6 +66,7 @@ switch (filter('op')) { case 'delete': if (isset($id_record)) { + $has_access = \Util\Query::checkAccess($id_record); $dbo->query('DELETE FROM `co_ritenutaacconto` WHERE `id`='.prepare($id_record)); flash()->info(tr('Tipologia di _TYPE_ eliminata con successo!', [ diff --git a/modules/ritenute/init.php b/modules/ritenute/init.php index d4981cc18..08ff3879e 100755 --- a/modules/ritenute/init.php +++ b/modules/ritenute/init.php @@ -20,5 +20,6 @@ include_once __DIR__.'/../../core.php'; if (isset($id_record)) { + $has_access = \Util\Query::checkAccess($id_record); $record = $dbo->fetchOne('SELECT *, (SELECT COUNT(idritenutaacconto) FROM co_righe_documenti WHERE co_righe_documenti.idritenutaacconto = '.prepare($id_record).') AS doc_associati FROM `co_ritenutaacconto` WHERE id='.prepare($id_record)); } diff --git a/modules/ritenute_contributi/actions.php b/modules/ritenute_contributi/actions.php index f924cc6c2..6ed79dfcc 100755 --- a/modules/ritenute_contributi/actions.php +++ b/modules/ritenute_contributi/actions.php @@ -66,6 +66,7 @@ switch (filter('op')) { case 'delete': if (isset($id_record)) { + $has_access = \Util\Query::checkAccess($id_record); $dbo->query('DELETE FROM `co_ritenuta_contributi` WHERE `id`='.prepare($id_record)); flash()->info(tr('Tipologia di _TYPE_ eliminata con successo!', [ diff --git a/modules/ritenute_contributi/init.php b/modules/ritenute_contributi/init.php index f91af9a1d..18da9850b 100755 --- a/modules/ritenute_contributi/init.php +++ b/modules/ritenute_contributi/init.php @@ -20,5 +20,6 @@ include_once __DIR__.'/../../core.php'; if (isset($id_record)) { + $has_access = \Util\Query::checkAccess($id_record); $record = $dbo->fetchOne('SELECT *, (SELECT COUNT(id_ritenuta_contributi) FROM co_documenti WHERE co_documenti.id_ritenuta_contributi = '.prepare($id_record).') AS doc_associati FROM `co_ritenuta_contributi` WHERE id='.prepare($id_record)); } diff --git a/modules/rivalse/actions.php b/modules/rivalse/actions.php index fab9f32cb..935721874 100755 --- a/modules/rivalse/actions.php +++ b/modules/rivalse/actions.php @@ -66,6 +66,7 @@ switch (filter('op')) { case 'delete': if (isset($id_record)) { + $has_access = \Util\Query::checkAccess($id_record); $dbo->query('DELETE FROM `co_rivalse` WHERE `id`='.prepare($id_record)); flash()->info(tr('Tipologia di _TYPE_ eliminata con successo!', [ diff --git a/modules/rivalse/init.php b/modules/rivalse/init.php index 3f56d98bb..afe059f93 100755 --- a/modules/rivalse/init.php +++ b/modules/rivalse/init.php @@ -20,5 +20,6 @@ include_once __DIR__.'/../../core.php'; if (isset($id_record)) { + $has_access = \Util\Query::checkAccess($id_record); $record = $dbo->fetchOne('SELECT * FROM `co_rivalse` WHERE id='.prepare($id_record)); } diff --git a/modules/segmenti/init.php b/modules/segmenti/init.php index 8fa58305f..69e6e0dab 100755 --- a/modules/segmenti/init.php +++ b/modules/segmenti/init.php @@ -20,6 +20,7 @@ include_once __DIR__.'/../../core.php'; if (isset($id_record)) { + $has_access = \Util\Query::checkAccess($id_record); $record = $dbo->fetchOne('SELECT *, (SELECT options FROM zz_modules WHERE id = zz_segments.id_module) options, (SELECT name FROM zz_modules WHERE id = zz_segments.id_module) AS modulo, (SELECT COUNT(t.id) FROM zz_segments t WHERE t.id_module = zz_segments.id_module) AS n_sezionali FROM zz_segments WHERE id='.prepare($id_record)); $array = preg_match('/(?<=FROM)\s([^\s]+)\s/', $record['options'], $table); diff --git a/modules/smtp/init.php b/modules/smtp/init.php index 1903e0c0b..b2ea8683a 100755 --- a/modules/smtp/init.php +++ b/modules/smtp/init.php @@ -22,6 +22,7 @@ use Modules\Emails\Account; include_once __DIR__.'/../../core.php'; if (isset($id_record)) { + $has_access = \Util\Query::checkAccess($id_record); $account = Account::find($id_record); $record = $dbo->fetchOne('SELECT * FROM em_accounts WHERE id='.prepare($id_record).' AND deleted_at IS NULL'); diff --git a/modules/spedizioni/init.php b/modules/spedizioni/init.php index 86d4bcb01..00bc46420 100755 --- a/modules/spedizioni/init.php +++ b/modules/spedizioni/init.php @@ -20,5 +20,6 @@ include_once __DIR__.'/../../core.php'; if (isset($id_record)) { + $has_access = \Util\Query::checkAccess($id_record); $record = $dbo->fetchOne('SELECT * FROM `dt_spedizione` WHERE id='.prepare($id_record)); } diff --git a/modules/stampe/init.php b/modules/stampe/init.php index ce17fcaf8..5d9e2ec9e 100755 --- a/modules/stampe/init.php +++ b/modules/stampe/init.php @@ -22,6 +22,7 @@ include_once __DIR__.'/../../core.php'; use Models\PrintTemplate; if (isset($id_record)) { + $has_access = \Util\Query::checkAccess($id_record); $print = PrintTemplate::find($id_record); $record = $print->toArray(); } diff --git a/modules/stati_contratto/init.php b/modules/stati_contratto/init.php index a35ab34af..b586abc54 100755 --- a/modules/stati_contratto/init.php +++ b/modules/stati_contratto/init.php @@ -20,5 +20,6 @@ include_once __DIR__.'/../../core.php'; if (isset($id_record)) { + $has_access = \Util\Query::checkAccess($id_record); $record = $dbo->fetchOne('SELECT * FROM co_staticontratti WHERE id='.prepare($id_record)); } diff --git a/modules/stati_intervento/init.php b/modules/stati_intervento/init.php index c1635575b..431e76222 100755 --- a/modules/stati_intervento/init.php +++ b/modules/stati_intervento/init.php @@ -20,5 +20,6 @@ include_once __DIR__.'/../../core.php'; if (isset($id_record)) { + $has_access = \Util\Query::checkAccess($id_record); $record = $dbo->fetchOne('SELECT * FROM in_statiintervento WHERE idstatointervento='.prepare($id_record)); } diff --git a/modules/stati_preventivo/init.php b/modules/stati_preventivo/init.php index 2eef0d824..5745e2883 100755 --- a/modules/stati_preventivo/init.php +++ b/modules/stati_preventivo/init.php @@ -20,5 +20,6 @@ include_once __DIR__.'/../../core.php'; if (isset($id_record)) { + $has_access = \Util\Query::checkAccess($id_record); $record = $dbo->fetchOne('SELECT * FROM co_statipreventivi WHERE id='.prepare($id_record)); } diff --git a/modules/stato_email/bulk.php b/modules/stato_email/bulk.php index 2e0a30114..16fed4f36 100644 --- a/modules/stato_email/bulk.php +++ b/modules/stato_email/bulk.php @@ -26,6 +26,7 @@ switch (post('op')) { $i = 0; foreach ($id_records as $id_record) { if (isset($id_record)) { + $has_access = \Util\Query::checkAccess($id_record); $mail = Mail::find($id_record); if (empty($mail->sent_at)) { $mail->delete(); diff --git a/modules/stato_email/init.php b/modules/stato_email/init.php index 17412c5e8..da4cef290 100755 --- a/modules/stato_email/init.php +++ b/modules/stato_email/init.php @@ -22,6 +22,7 @@ include_once __DIR__.'/../../core.php'; use Modules\Emails\Mail; if (isset($id_record)) { + $has_access = \Util\Query::checkAccess($id_record); $mail = Mail::find($id_record); $record = $mail->toArray(); diff --git a/modules/tecnici_tariffe/init.php b/modules/tecnici_tariffe/init.php index b49b2d5fc..db54a3318 100755 --- a/modules/tecnici_tariffe/init.php +++ b/modules/tecnici_tariffe/init.php @@ -20,6 +20,7 @@ include_once __DIR__.'/../../core.php'; if (isset($id_record)) { + $has_access = \Util\Query::checkAccess($id_record); $record = $dbo->fetchOne('SELECT idanagrafica, ragione_sociale, colore FROM an_anagrafiche WHERE idanagrafica = '.prepare($id_record)); $tipi_interventi = $dbo->fetchArray('SELECT *, in_tipiintervento.idtipointervento AS id, in_tariffe.idtipointervento AS esiste FROM in_tipiintervento LEFT JOIN in_tariffe ON in_tipiintervento.idtipointervento = in_tariffe.idtipointervento AND in_tariffe.idtecnico = '.prepare($id_record).' ORDER BY descrizione'); diff --git a/modules/tipi_anagrafiche/init.php b/modules/tipi_anagrafiche/init.php index 01f917333..b9a49e17c 100755 --- a/modules/tipi_anagrafiche/init.php +++ b/modules/tipi_anagrafiche/init.php @@ -20,5 +20,6 @@ include_once __DIR__.'/../../core.php'; if (isset($id_record)) { + $has_access = \Util\Query::checkAccess($id_record); $record = $dbo->fetchOne('SELECT * FROM an_tipianagrafiche WHERE idtipoanagrafica='.prepare($id_record)); } diff --git a/modules/tipi_documento/init.php b/modules/tipi_documento/init.php index 09c8d3361..a521f1841 100644 --- a/modules/tipi_documento/init.php +++ b/modules/tipi_documento/init.php @@ -20,5 +20,6 @@ include_once __DIR__.'/../../core.php'; if (isset($id_record)) { + $has_access = \Util\Query::checkAccess($id_record); $record = $dbo->fetchOne('SELECT * FROM `co_tipidocumento` WHERE id='.prepare($id_record)); } diff --git a/modules/tipi_intervento/init.php b/modules/tipi_intervento/init.php index 4785658f6..0f784056c 100755 --- a/modules/tipi_intervento/init.php +++ b/modules/tipi_intervento/init.php @@ -21,6 +21,7 @@ include_once __DIR__.'/../../core.php'; use Modules\TipiIntervento\Tipo; if (isset($id_record)) { + $has_access = \Util\Query::checkAccess($id_record); $record = $dbo->fetchOne('SELECT * FROM in_tipiintervento WHERE idtipointervento='.prepare($id_record)); $tipo = Tipo::find($id_record); diff --git a/modules/tipi_scadenze/init.php b/modules/tipi_scadenze/init.php index 67d151352..93e7730b3 100755 --- a/modules/tipi_scadenze/init.php +++ b/modules/tipi_scadenze/init.php @@ -20,5 +20,6 @@ include_once __DIR__.'/../../core.php'; if (isset($id_record)) { + $has_access = \Util\Query::checkAccess($id_record); $record = $dbo->fetchOne('SELECT * FROM `co_tipi_scadenze` WHERE id='.prepare($id_record)); } diff --git a/modules/utenti/init.php b/modules/utenti/init.php index c988b3493..5df2861f7 100755 --- a/modules/utenti/init.php +++ b/modules/utenti/init.php @@ -20,5 +20,6 @@ include_once __DIR__.'/../../core.php'; if (isset($id_record)) { + $has_access = \Util\Query::checkAccess($id_record); $record = $dbo->fetchOne('SELECT * FROM `zz_groups` WHERE `id`='.prepare($id_record)); } diff --git a/modules/viste/init.php b/modules/viste/init.php index 3deac71b6..ea41aba88 100755 --- a/modules/viste/init.php +++ b/modules/viste/init.php @@ -20,5 +20,6 @@ include_once __DIR__.'/../../core.php'; if (isset($id_record)) { + $has_access = \Util\Query::checkAccess($id_record); $record = $dbo->fetchOne('SELECT * FROM `zz_modules` WHERE id='.prepare($id_record)); } diff --git a/modules/voci_servizio/init.php b/modules/voci_servizio/init.php index 504775833..45d46c625 100755 --- a/modules/voci_servizio/init.php +++ b/modules/voci_servizio/init.php @@ -20,5 +20,6 @@ include_once __DIR__.'/../../core.php'; if (isset($id_record)) { + $has_access = \Util\Query::checkAccess($id_record); $record = $dbo->fetchOne('SELECT * FROM in_vociservizio WHERE id='.prepare($id_record)); } diff --git a/modules/zone/init.php b/modules/zone/init.php index 4c27daed9..66ff18073 100755 --- a/modules/zone/init.php +++ b/modules/zone/init.php @@ -20,5 +20,6 @@ include_once __DIR__.'/../../core.php'; if (isset($id_record)) { + $has_access = \Util\Query::checkAccess($id_record); $record = $dbo->fetchOne('SELECT * FROM an_zone WHERE id='.prepare($id_record)); } diff --git a/plugins/dichiarazioni_intento/init.php b/plugins/dichiarazioni_intento/init.php index eb7bf0adc..b3ee3de0b 100755 --- a/plugins/dichiarazioni_intento/init.php +++ b/plugins/dichiarazioni_intento/init.php @@ -22,6 +22,7 @@ use Plugins\DichiarazioniIntento\Dichiarazione; include_once __DIR__.'/../../core.php'; if (isset($id_record)) { + $has_access = \Util\Query::checkAccess($id_record); $dichiarazione = Dichiarazione::find($id_record); $record = $dichiarazione ? $dichiarazione->toArray() : []; diff --git a/plugins/importFE/init.php b/plugins/importFE/init.php index 8d8a08bac..b1209fd0e 100755 --- a/plugins/importFE/init.php +++ b/plugins/importFE/init.php @@ -23,6 +23,7 @@ use Plugins\ImportFE\FatturaElettronica; use Plugins\ImportFE\Interaction; if (isset($id_record)) { + $has_access = \Util\Query::checkAccess($id_record); $files = Interaction::getFileList(); $record = $files[$id_record - 1]; diff --git a/plugins/pianificazione_interventi/init.php b/plugins/pianificazione_interventi/init.php index ecc0749eb..23f16e3eb 100755 --- a/plugins/pianificazione_interventi/init.php +++ b/plugins/pianificazione_interventi/init.php @@ -22,5 +22,6 @@ include_once __DIR__.'/../../core.php'; use Plugins\PianificazioneInterventi\Promemoria; if (isset($id_record)) { + $has_access = \Util\Query::checkAccess($id_record); $promemoria = Promemoria::find($id_record); } diff --git a/plugins/referenti/init.php b/plugins/referenti/init.php index 5be6b70c6..f9ffbfd37 100755 --- a/plugins/referenti/init.php +++ b/plugins/referenti/init.php @@ -20,5 +20,6 @@ include_once __DIR__.'/../../core.php'; if (isset($id_record)) { + $has_access = \Util\Query::checkAccess($id_record); $record = $dbo->fetchOne('SELECT * FROM an_referenti WHERE id='.prepare($id_record)); } diff --git a/plugins/sedi/init.php b/plugins/sedi/init.php index 170575f03..43785f2b7 100755 --- a/plugins/sedi/init.php +++ b/plugins/sedi/init.php @@ -21,6 +21,7 @@ include_once __DIR__.'/../../core.php'; // id_record = sede if (isset($id_record)) { + $has_access = \Util\Query::checkAccess($id_record); $record = $dbo->fetchOne('SELECT * FROM an_sedi WHERE id='.prepare($id_record)); $record['lat'] = floatval($record['lat']); $record['lng'] = floatval($record['lng']); diff --git a/src/Util/Query.php b/src/Util/Query.php index 28360b522..00e97161a 100755 --- a/src/Util/Query.php +++ b/src/Util/Query.php @@ -323,6 +323,40 @@ class Query return $results; } + /** + * Controlla se l'utente ha accesso a un record specifico seguendo la query principale del modulo. + * + * @return bool + * @throws \Exception + */ + public static function checkAccess($id_record){ + + self::setSegments(false); + $query = self::getQuery(Modules::getCurrent(), [ + 'id' => $id_record, + ]); + self::setSegments(true); + + // Rimozione della condizione deleted_at IS NULL per visualizzare anche i record eliminati + if (preg_match('/[`]*([a-z0-9_]*)[`]*[\.]*([`]*deleted_at[`]* IS NULL)/i', $query, $m)) { + $conditions_to_remove = []; + + $condition = trim($m[0]); + + if (!empty($table_name)) { + $condition = $table_name.'.'.$condition; + } + + $conditions_to_remove[] = ' AND '.$condition; + $conditions_to_remove[] = $condition.' AND '; + + $query = str_replace($conditions_to_remove, '', $query); + $query = str_replace($condition, '', $query); + } + + return !empty($query) ? database()->fetchNum($query) !== 0 : true; + } + /** * Sostituisce la prima occorenza di una determinata stringa. *