Strona główna Odkrywaj Pomoc
Zaloguj się
fusionpbx
/
fusionpbx-app-contacts
kopia lustrzana https://github.com/fusionpbx/fusionpbx-app-contacts.git
2
0
Forkuj 0
Pliki Problemy 0 Wiki
Przeglądaj źródła

Update permissions on contact_edit and add ability to delete a user that is assigned to the contact.

markjcrane 9 lat temu
rodzic
0396d03217
commit
2d9ebed22c
1 zmienionych plików z 89 dodań i 55 usunięć
Widok podzielony Pokaż statystyki zmian
  1. 89 55
      contact_edit.php

+ 89 - 55
contact_edit.php
Wyświetl plik 

@@ -26,7 +26,7 @@
 
 require_once "root.php";
 
 require_once "resources/require.php";
 
 require_once "resources/check_auth.php";
 
-if (permission_exists('contact_edit')) {
 
+if (permission_exists('contact_view')) {
 
 	//access granted
 
 }
 
 else {
 
@@ -64,6 +64,7 @@ else {
 
 
 //get http post variables and set them to php variables
 
 	if (count($_POST) > 0) {
 
+		$user_uuid = check_str($_POST["user_uuid"]);
 
 		$contact_type = check_str($_POST["contact_type"]);
 
 		$contact_organization = check_str($_POST["contact_organization"]);
 
 		$contact_name_prefix = check_str($_POST["contact_name_prefix"]);
 
@@ -79,6 +80,25 @@ else {
 
 		$contact_note = check_str($_POST["contact_note"]);
 
 	}
 
 
+//delete the user
 
+	if ($_GET["a"] == "delete" && permission_exists('contact_user_delete')) {
 
+		if (strlen($_REQUEST["contact_user_uuid"]) > 0) {
 
+			//set the variables
 
+				$contact_uuid = check_str($_REQUEST["contact_uuid"]);
 
+				$contact_user_uuid = check_str($_REQUEST["contact_user_uuid"]);
 
+			//delete the assigned user from the contact
 
+				$sql = "delete from v_contact_users ";
 
+				$sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' ";
 
+				$sql .= "and contact_user_uuid = '$contact_user_uuid' ";
 
+				$db->exec(check_sql($sql));
 
+				unset($sql);
 
+		}
 
+
 
+		$_SESSION["message"] = $text['message-delete'];
 
+		header("Location: contact_edit.php?id=".$contact_uuid);
 
+		return;
 
+	}
 
+
 
 //process the form data
 
 	if (count($_POST) > 0 && strlen($_POST["persistformvar"]) == 0) {
 
 
@@ -118,7 +138,7 @@ else {
 
 			if ($_POST["persistformvar"] != "true") {
 
 
 				//add the contact
 
-					if ($action == "add") {
 
+					if ($action == "add" && permission_exists('contact_add')) {
 
 						$contact_uuid = uuid();
 
 						$sql = "insert into v_contacts ";
 
 						$sql .= "( ";
 
@@ -167,28 +187,66 @@ else {
 
 						$location = "contact_edit.php?id=".$contact_uuid;
 
 					} //if ($action == "add")
 
 
+				//update the contact
 
+					if ($action == "update" && permission_exists('contact_edit')) {
 
+						$sql = "update v_contacts set ";
 
+						$sql .= "contact_type = '".$contact_type."', ";
 
+						$sql .= "contact_organization = '".$contact_organization."', ";
 
+						$sql .= "contact_name_prefix = '".$contact_name_prefix."', ";
 
+						$sql .= "contact_name_given = '".$contact_name_given."', ";
 
+						$sql .= "contact_name_middle = '".$contact_name_middle."', ";
 
+						$sql .= "contact_name_family = '".$contact_name_family."', ";
 
+						$sql .= "contact_name_suffix = '".$contact_name_suffix."', ";
 
+						$sql .= "contact_nickname = '".$contact_nickname."', ";
 
+						$sql .= "contact_title = '".$contact_title."', ";
 
+						$sql .= "contact_category = '".$contact_category."', ";
 
+						$sql .= "contact_role = '".$contact_role."', ";
 
+						$sql .= "contact_time_zone = '".$contact_time_zone."', ";
 
+						$sql .= "contact_note = '".$contact_note."', ";
 
+						$sql .= "last_mod_date = now(), ";
 
+						$sql .= "last_mod_user = '".$_SESSION['username']."' ";
 
+						$sql .= "where domain_uuid = '".$domain_uuid."' ";
 
+						$sql .= "and contact_uuid = '".$contact_uuid."' ";
 
+						$db->exec(check_sql($sql));
 
+						unset($sql);
 
+
 
+						$_SESSION["message"] = $text['message-update'];
 
+						$location = "contact_edit.php?id=".$contact_uuid;
 
+					} //if ($action == "update")
 
+
 
 				//assign the contact to the user that added the contact
 
-					if ($action == "add") {
 
+					if ($action == "add" && !permission_exists('contact_user_add')) {
 
+						$user_uuid = $_SESSION["user_uuid"];
 
+					}
 
+
 
+				//add user to contact users table
 
+					if ($user_uuid != '') {
 
+						$contact_user_uuid = uuid();
 
 						$sql = "insert into v_contact_users ";
 
-						$sql .= "( ";
 
-						$sql .= "contact_user_uuid, ";
 
+						$sql .= "(";
 
 						$sql .= "domain_uuid, ";
 
+						$sql .= "contact_user_uuid, ";
 
 						$sql .= "contact_uuid, ";
 
 						$sql .= "user_uuid ";
 
 						$sql .= ") ";
 
 						$sql .= "values ";
 
-						$sql .= "( ";
 
-						$sql .= "'".uuid()."', ";
 
-						$sql .= "'".$domain_uuid."', ";
 
-						$sql .= "'".$contact_uuid."', ";
 
-						$sql .= "'".$_SESSION["user_uuid"]."' ";
 
-						$sql .= ") ";
 
-						$db->exec(check_sql($sql));
 
+						$sql .= "(";
 
+						$sql .= "'$domain_uuid', ";
 
+						$sql .= "'$contact_user_uuid', ";
 
+						$sql .= "'$contact_uuid', ";
 
+						$sql .= "'$user_uuid' ";
 
+						$sql .= ")";
 
+						if (permission_exists('contact_user_add')) {
 
+							$db->exec(check_sql($sql));
 
+						}
 
+						elseif ($action == "add") {
 
+							//add the contact to the user that created it
 
+							$db->exec(check_sql($sql));
 
+						}
 
 						unset($sql);
 
-					}
 
 
 				//assign the contact to the group
 
-					if ($group_uuid != '') {
 
+					if ($group_uuid != '' && permission_exists('contact_group_add')) {
 
 						$sql = "insert into v_contact_groups ";
 
 						$sql .= "( ";
 
 						$sql .= "contact_group_uuid, ";
 
@@ -207,37 +265,9 @@ else {
 
 						unset($sql);
 
 					}
 
 
-				//update the contact
 
-					if ($action == "update") {
 
-						$sql = "update v_contacts set ";
 
-						$sql .= "contact_type = '".$contact_type."', ";
 
-						$sql .= "contact_organization = '".$contact_organization."', ";
 
-						$sql .= "contact_name_prefix = '".$contact_name_prefix."', ";
 
-						$sql .= "contact_name_given = '".$contact_name_given."', ";
 
-						$sql .= "contact_name_middle = '".$contact_name_middle."', ";
 
-						$sql .= "contact_name_family = '".$contact_name_family."', ";
 
-						$sql .= "contact_name_suffix = '".$contact_name_suffix."', ";
 
-						$sql .= "contact_nickname = '".$contact_nickname."', ";
 
-						$sql .= "contact_title = '".$contact_title."', ";
 
-						$sql .= "contact_category = '".$contact_category."', ";
 
-						$sql .= "contact_role = '".$contact_role."', ";
 
-						$sql .= "contact_time_zone = '".$contact_time_zone."', ";
 
-						$sql .= "contact_note = '".$contact_note."', ";
 
-						$sql .= "last_mod_date = now(), ";
 
-						$sql .= "last_mod_user = '".$_SESSION['username']."' ";
 
-						$sql .= "where domain_uuid = '".$domain_uuid."' ";
 
-						$sql .= "and contact_uuid = '".$contact_uuid."' ";
 
-						$db->exec(check_sql($sql));
 
-						unset($sql);
 
-
 
-						$_SESSION["message"] = $text['message-update'];
 
-						$location = "contact_edit.php?id=".$contact_uuid;
 
-					} //if ($action == "update")
 
-
 
 				//handle redirect
 
 					if ($_POST['submit'] == $text['button-add']) {
 
 						$group_uuid = $_POST['group_uuid'];
 
-						//insert
 
 						$location = "contact_edit.php?id=".$contact_uuid;
 
 					}
 
 
@@ -640,7 +670,7 @@ else {
 
 		echo "</td>\n";
 
 		echo "</tr>\n";
 
 
-		if (permission_exists('contact_user_view')) {
 
+		if (permission_exists('contact_user_edit')) {
 
 			echo "	<tr>";
 
 			echo "		<td class='vncell' valign='top'>".$text['label-users']."</td>";
 
 			echo "		<td class='vtable' align='left'>";
 
@@ -650,25 +680,29 @@ else {
 
 					echo "			<tr>\n";
 
 					echo "				<td class='vtable'>".$field['username']."</td>\n";
 
 					echo "				<td style='width: 25px;' align='right'>\n";
 
-					echo "					<a href='contact_edit.php?contact_user_uuid=".$field['contact_user_uuid']."&contact_uuid=".$contact_uuid."&a=delete' alt='delete' onclick=\"return confirm(".$text['confirm-delete'].")\">$v_link_label_delete</a>\n";
 
+					if (permission_exists('contact_user_delete')) {
 
+						echo "					<a href='contact_edit.php?contact_user_uuid=".$field['contact_user_uuid']."&contact_uuid=".$contact_uuid."&a=delete' alt='delete' onclick=\"return confirm(".$text['confirm-delete'].")\">$v_link_label_delete</a>\n";
 
+					}
 
 					echo "				</td>\n";
 
 					echo "			</tr>\n";
 
 				}
 
 				echo "			</table>\n";
 
 			}
 
 			echo "			<br />\n";
 
-			echo "			<select name=\"user_uuid\" class='formfld' style='width: auto;'>\n";
 
-			echo "			<option value=\"\"></option>\n";
 
-			foreach($users as $field) {
 
-				echo "			<option value='".$field['user_uuid']."'>".$field['username']."</option>\n";
 
-			}
 
-			echo "			</select>";
 
-			if ($action == "update") {
 
-				echo "			<input type=\"submit\" class='btn' value=\"".$text['button-add']."\">\n";
 
+			if (permission_exists('contact_user_add')) {
 
+				echo "			<select name=\"user_uuid\" class='formfld' style='width: auto;'>\n";
 
+				echo "			<option value=\"\"></option>\n";
 
+				foreach($users as $field) {
 
+					echo "			<option value='".$field['user_uuid']."'>".$field['username']."</option>\n";
 
+				}
 
+				echo "			</select>";
 
+				if ($action == "update") {
 
+					echo "			<input type=\"submit\" class='btn' value=\"".$text['button-add']."\">\n";
 
+				}
 
+				unset($users);
 
+				echo "			<br>\n";
 
+				echo "			".$text['description-users']."\n";
 
 			}
 
-			unset($users);
 
-			echo "			<br>\n";
 
-			echo "			".$text['description-users']."\n";
 
 			echo "		</td>";
 
 			echo "	</tr>";
 
 		}