Assecutor/votianng
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

1. Import

Browse Source
This commit is contained in:
Sven Carstensen
2026-03-29 10:34:57 +02:00
parent b0e00c1259
commit a1129565af
4899 changed files with 3007593 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

202
html/admin/employee_csc_rights.php Normal file
View File

@@ -0,0 +1,202 @@
<?php
/*=======================================================================
*
* employee_csc_rights.php
*
* Autor: Marc Vollmann
*
=======================================================================*/
include_once ("../include/mcglobal.inc.php");
include_once ("../include/auth.inc.php");
// Check HTTP-Parameters
getSecHttpVars("1",array("f_act", "customerId", "cscIdRoot", "cscIdActual", "statusMessage", "deactivateMenu",
"emp_id_act", "emp_csc_access", "tableSort", "deactivateMenu", "f_hq_id"));
// Id of the actual employee and the costcenter (individual root-node) logged in
if ($cscIdRoot == ""): $cscIdRoot = getFieldValueFromId("employee","emp_id",$emp_id,"csc_id"); endif;
if ($customerId == ""): $customerId = getFieldValueFromId("costcenter","csc_id",$cscIdRoot,"cs_id"); endif;
if ($cscIdActual == ""): $cscIdActual = $cscIdRoot; endif;
getLanguage(__FILE__);
$deactivateMenuStatic = "1";
$pageTitel = getLngt("MITARBEITERRECHTE");
include_once ("../admin/menu.php");
include_once ("../include/html.inc.php");
getCurrentScript(__FILE__);
// Check for authentication access and granted rights
$usrAccessArray["hq"] = "1"; $usrAccessArray["cs"] = "1";
authCheckForAccess($hq_id, $usr_id, $emp_id, "1", $customerId, $cscIdRoot, $cscIdActual);
// Get the right of the employee logged in and check the access
$empHasNoAccessToEmployees = TRUE;
if (($userTypeName == "hq") && authCheckEmployeeRights($emp_id, "1") && authCheckEmployeeRights($emp_id, "3")) :
$empHasNoAccessToEmployees = FALSE;
endif;
if (($userTypeName == "cs") && authCheckEmployeeRights($emp_id, "10") && authCheckEmployeeRights($emp_id, "12") && $emp_id_act != "" && is_numeric($emp_id_act) && $emp_id_act != $emp_id) :
$empHasNoAccessToEmployees = FALSE;
endif;
// HEADQUARTERS ACCESS
// Check accessibility to headquarters, init for headquarters logged in (also for $userTypeName != "hq")
// First check mandator of the employee logged in has to be the same (!!!) like from the employee edited !!!!
$usrIdAct = getFieldValueFromId("employee", "emp_id", $emp_id_act, "usr_id");
$hqIdAct = getFieldValueFromId("user", "usr_id", $usrIdAct, "hq_id");
$empIdActMdId = getFieldValueFromId("mandatorheadquarters", "hq_id", $hqIdAct, "md_id");
if ($empHasNoAccessToEmployees) :
if ($md_id == "" || !is_numeric($md_id) || $md_id != $empIdActMdId) :
$empHasNoAccessToEmployees = FALSE;
endif;
endif;
if ($empHasNoAccessToEmployees) : gotoReferer("1"); endif;
// Get the emp_id of the root admin because he/she is allowed to change a password of an employee
$empIdRootAdmin = getEmpIdOfRootAdmin($userTypeName);
$usrNameAct = getFieldValueFromId("user", "usr_id", $usrIdAct, "usr_name");
$usrFirstNameAct = getFieldValueFromId("user", "usr_id", $usrIdAct, "usr_firstname");
$usrAccountAct = getFieldValueFromId("user", "usr_id", $usrIdAct, "usr_account");
// Set rights
if ($f_act == "setCscAccess") :
if ($emp_id_act != "") :
TA("B");
// Remove current rights of the employee
$res = deleteStmt("employeecostcenter","emp_id = '" . $emp_id_act . "'");
if ($db->affected_rows > 0) :
$rightsLogString .= "DELETED_RIGHTS=YES";
else :
$rightsLogString .= "DELETED_RIGHTS=NO";
endif;
// Insert new rigths
if (is_array($emp_csc_access)) :
$emp_csc_access_len = count($emp_csc_access);
if ($emp_csc_access_len > 0) :
for ($i = 0; $i < $emp_csc_access_len; $i++) :
$res = insertStmt("employeecostcenter", array("emp_id", $emp_id_act, "csc_id", $emp_csc_access[$i]));
if ($db->affected_rows > 0) :
$rightsLogString .= "|" . $emp_id_act . "_" . $emp_csc_access[$i];
endif;
endfor;
endif;
endif;
TA("C");
TA("E");
// Write logdata into log database
// writeToLogDB("115",$hq_id,"",$usr_id,"","","",$rightsLogString,"","",$emp_id_act);
$statusMessage = getLngt("Die Rechte wurden gesetzt!");
endif;
endif;
// Get associative array of all costcenters of the customer except root costcenter ($retArray[$row[csc_id]]= csc_name)
$cscVector = getColVectorFromDB2ArrayByClause("costcenter AS csc", "csc.csc_name", "csc.cs_id = '" . $customerId . "' AND (NOT ISNULL(csc.csc_pre_id)) AND csc.csc_pre_id != ''", "csc.csc_id", "csc.csc_name", "");
$cscVectorKeys = array_keys($cscVector);
$cscVectorKeysLen = count($cscVectorKeys);
// Get associative array of costcenters of the current employee LOGGED IN having access to
$empCscVector = getColVectorFromDB2ArrayByClause("employeecostcenter AS empcsc", "empcsc.csc_id", "empcsc.emp_id = '" . $emp_id . "'", "", "", "");
// Get associative array of costcenters of the current employee TO BE MODIFIED having access to
$empActCscVector = getColVectorFromDB2ArrayByClause("employeecostcenter AS empcsc", "empcsc.csc_id", "empcsc.emp_id = '" . $emp_id_act . "'", "", "", "");
// Create csc-vector
$output = "<table>";
$output .= "<tr>";
$output .= "<td align=\"left\">" . defineButtonType10(getLngt("Zuweisen"), "action_set_csc_access", "finishPage('setCscAccess');", "100", "left") . "</td>"; // Left top corner
$output .= "</tr>";
for ($j = 0; $j < $cscVectorKeysLen; $j++) :
$cscId = $cscVectorKeys[$j];
$cscName = $cscVector[$cscId];
$output .= "<tr>";
$output .= "<td width=\"150\"><b>" . getLngt($cscName) . "</b></td>";
$output .= "<td align=\"center\">";
$tmpChecked = "";
if (in_array($cscId, $empActCscVector)) : $tmpChecked = "checked"; endif;
$tmpDisabled = "disabled";
if ($emp_id == $empIdRootAdmin || in_array($cscId, $empCscVector)) : $tmpDisabled = ""; endif;
$output .= "<input type=\"checkbox\" name=\"emp_csc_access[]\" value=\"" . $cscId . "\" " . $tmpChecked . " " . $tmpDisabled . ">";
$output .= "</td>";
$output .= "</tr>";
endfor;
$output .= "</table>";
?>
<html>
<head>
<title><?php echo $pageTitel ?></title>
<link rel="stylesheet" type="text/css" href="../css/phoenix.css">
<style type="text/css">
<?php include_once ("../css/navigation.css.php"); ?>
</style>
<?php include_once ("../include/js_framework.inc.php"); ?>
<script type="text/javascript">
<!--
// NAVIGATION
<?php echo $jsMenuOut; ?>
function finishPage(f_act) {
document.forms[0].f_act.value = f_act;
document.forms[0].submit();
};
-->
</script>
</head>
<body onLoad="<?php echo $phpCurrentNavigationOnLoad ?>displayStatusMessage();">
<?php echo $phpMenuOut ?>
<?php echo $phpReducedMenuOut ?>
<?php echo $phpPageTitelOut ?>
<div class="maincontent" name="maincontent" id="maincontent">
<form action="../admin/employee_csc_rights.php" method="post">
<input type="hidden" name="f_act" value="">
<input type="hidden" name="customerId" value="<?php echo ec($customerId) ?>">
<input type="hidden" name="cscIdRoot" value="<?php echo ec($cscIdRoot) ?>">
<input type="hidden" name="cscIdActual" value="<?php echo ec($cscIdActual) ?>">
<?php echo $phpCurrentNavigationInputHidden ?>
<input type="hidden" name="deactivateMenu" value="<?php echo ec($deactivateMenu) ?>">
<input type="hidden" name="emp_id_act" value="<?php echo ec($emp_id_act) ?>">
<?php echo htmlDivLineSpacer("10px"); ?>
<div class="f12bp1_blue">
<?php echo $usrFirstNameAct . " " . $usrNameAct . " [" . $usrAccountAct . "]"; ?>
</div>
<?php echo htmlDivLineSpacer("20px"); ?>
<div class="f10np1">
<?php
if ($userTypeName == "hq" || $userTypeName == "cs") :
if (!$empHasNoAccessToEmployees) :
echo $output;
endif;
endif;
?>
</div>
</form>
</div>
</body>
</html>