202 lines
7.5 KiB
PHP
202 lines
7.5 KiB
PHP
<?php
|
|
/*=======================================================================
|
|
*
|
|
* employee_csc_rights.php
|
|
*
|
|
* Autor: Marc Vollmann
|
|
*
|
|
=======================================================================*/
|
|
|
|
include_once ("../include/mcglobal.inc.php");
|
|
include_once ("../include/auth.inc.php");
|
|
|
|
|
|
// Check HTTP-Parameters
|
|
getSecHttpVars("1",array("f_act", "customerId", "cscIdRoot", "cscIdActual", "statusMessage", "deactivateMenu",
|
|
"emp_id_act", "emp_csc_access", "tableSort", "deactivateMenu", "f_hq_id"));
|
|
|
|
// Id of the actual employee and the costcenter (individual root-node) logged in
|
|
if ($cscIdRoot == ""): $cscIdRoot = getFieldValueFromId("employee","emp_id",$emp_id,"csc_id"); endif;
|
|
if ($customerId == ""): $customerId = getFieldValueFromId("costcenter","csc_id",$cscIdRoot,"cs_id"); endif;
|
|
if ($cscIdActual == ""): $cscIdActual = $cscIdRoot; endif;
|
|
|
|
getLanguage(__FILE__);
|
|
|
|
$deactivateMenuStatic = "1";
|
|
$pageTitel = getLngt("MITARBEITERRECHTE");
|
|
include_once ("../admin/menu.php");
|
|
include_once ("../include/html.inc.php");
|
|
getCurrentScript(__FILE__);
|
|
|
|
|
|
// Check for authentication access and granted rights
|
|
$usrAccessArray["hq"] = "1"; $usrAccessArray["cs"] = "1";
|
|
authCheckForAccess($hq_id, $usr_id, $emp_id, "1", $customerId, $cscIdRoot, $cscIdActual);
|
|
|
|
// Get the right of the employee logged in and check the access
|
|
$empHasNoAccessToEmployees = TRUE;
|
|
if (($userTypeName == "hq") && authCheckEmployeeRights($emp_id, "1") && authCheckEmployeeRights($emp_id, "3")) :
|
|
$empHasNoAccessToEmployees = FALSE;
|
|
endif;
|
|
if (($userTypeName == "cs") && authCheckEmployeeRights($emp_id, "10") && authCheckEmployeeRights($emp_id, "12") && $emp_id_act != "" && is_numeric($emp_id_act) && $emp_id_act != $emp_id) :
|
|
$empHasNoAccessToEmployees = FALSE;
|
|
endif;
|
|
|
|
// HEADQUARTERS ACCESS
|
|
// Check accessibility to headquarters, init for headquarters logged in (also for $userTypeName != "hq")
|
|
// First check mandator of the employee logged in has to be the same (!!!) like from the employee edited !!!!
|
|
$usrIdAct = getFieldValueFromId("employee", "emp_id", $emp_id_act, "usr_id");
|
|
$hqIdAct = getFieldValueFromId("user", "usr_id", $usrIdAct, "hq_id");
|
|
$empIdActMdId = getFieldValueFromId("mandatorheadquarters", "hq_id", $hqIdAct, "md_id");
|
|
if ($empHasNoAccessToEmployees) :
|
|
if ($md_id == "" || !is_numeric($md_id) || $md_id != $empIdActMdId) :
|
|
$empHasNoAccessToEmployees = FALSE;
|
|
endif;
|
|
endif;
|
|
|
|
if ($empHasNoAccessToEmployees) : gotoReferer("1"); endif;
|
|
|
|
// Get the emp_id of the root admin because he/she is allowed to change a password of an employee
|
|
$empIdRootAdmin = getEmpIdOfRootAdmin($userTypeName);
|
|
|
|
$usrNameAct = getFieldValueFromId("user", "usr_id", $usrIdAct, "usr_name");
|
|
$usrFirstNameAct = getFieldValueFromId("user", "usr_id", $usrIdAct, "usr_firstname");
|
|
$usrAccountAct = getFieldValueFromId("user", "usr_id", $usrIdAct, "usr_account");
|
|
|
|
// Set rights
|
|
if ($f_act == "setCscAccess") :
|
|
if ($emp_id_act != "") :
|
|
|
|
TA("B");
|
|
|
|
// Remove current rights of the employee
|
|
$res = deleteStmt("employeecostcenter","emp_id = '" . $emp_id_act . "'");
|
|
if ($db->affected_rows > 0) :
|
|
$rightsLogString .= "DELETED_RIGHTS=YES";
|
|
else :
|
|
$rightsLogString .= "DELETED_RIGHTS=NO";
|
|
endif;
|
|
|
|
// Insert new rigths
|
|
if (is_array($emp_csc_access)) :
|
|
$emp_csc_access_len = count($emp_csc_access);
|
|
if ($emp_csc_access_len > 0) :
|
|
for ($i = 0; $i < $emp_csc_access_len; $i++) :
|
|
|
|
$res = insertStmt("employeecostcenter", array("emp_id", $emp_id_act, "csc_id", $emp_csc_access[$i]));
|
|
if ($db->affected_rows > 0) :
|
|
$rightsLogString .= "|" . $emp_id_act . "_" . $emp_csc_access[$i];
|
|
endif;
|
|
endfor;
|
|
endif;
|
|
endif;
|
|
|
|
TA("C");
|
|
TA("E");
|
|
|
|
// Write logdata into log database
|
|
// writeToLogDB("115",$hq_id,"",$usr_id,"","","",$rightsLogString,"","",$emp_id_act);
|
|
|
|
$statusMessage = getLngt("Die Rechte wurden gesetzt!");
|
|
endif;
|
|
endif;
|
|
|
|
// Get associative array of all costcenters of the customer except root costcenter ($retArray[$row[csc_id]]= csc_name)
|
|
$cscVector = getColVectorFromDB2ArrayByClause("costcenter AS csc", "csc.csc_name", "csc.cs_id = '" . $customerId . "' AND (NOT ISNULL(csc.csc_pre_id)) AND csc.csc_pre_id != ''", "csc.csc_id", "csc.csc_name", "");
|
|
$cscVectorKeys = array_keys($cscVector);
|
|
$cscVectorKeysLen = count($cscVectorKeys);
|
|
// Get associative array of costcenters of the current employee LOGGED IN having access to
|
|
$empCscVector = getColVectorFromDB2ArrayByClause("employeecostcenter AS empcsc", "empcsc.csc_id", "empcsc.emp_id = '" . $emp_id . "'", "", "", "");
|
|
// Get associative array of costcenters of the current employee TO BE MODIFIED having access to
|
|
$empActCscVector = getColVectorFromDB2ArrayByClause("employeecostcenter AS empcsc", "empcsc.csc_id", "empcsc.emp_id = '" . $emp_id_act . "'", "", "", "");
|
|
|
|
// Create csc-vector
|
|
$output = "<table>";
|
|
$output .= "<tr>";
|
|
$output .= "<td align=\"left\">" . defineButtonType10(getLngt("Zuweisen"), "action_set_csc_access", "finishPage('setCscAccess');", "100", "left") . "</td>"; // Left top corner
|
|
$output .= "</tr>";
|
|
for ($j = 0; $j < $cscVectorKeysLen; $j++) :
|
|
$cscId = $cscVectorKeys[$j];
|
|
$cscName = $cscVector[$cscId];
|
|
$output .= "<tr>";
|
|
$output .= "<td width=\"150\"><b>" . getLngt($cscName) . "</b></td>";
|
|
$output .= "<td align=\"center\">";
|
|
|
|
$tmpChecked = "";
|
|
if (in_array($cscId, $empActCscVector)) : $tmpChecked = "checked"; endif;
|
|
|
|
$tmpDisabled = "disabled";
|
|
if ($emp_id == $empIdRootAdmin || in_array($cscId, $empCscVector)) : $tmpDisabled = ""; endif;
|
|
|
|
$output .= "<input type=\"checkbox\" name=\"emp_csc_access[]\" value=\"" . $cscId . "\" " . $tmpChecked . " " . $tmpDisabled . ">";
|
|
$output .= "</td>";
|
|
$output .= "</tr>";
|
|
endfor;
|
|
$output .= "</table>";
|
|
|
|
?>
|
|
|
|
<html>
|
|
|
|
<head>
|
|
<title><?php echo $pageTitel ?></title>
|
|
|
|
<link rel="stylesheet" type="text/css" href="../css/phoenix.css">
|
|
<style type="text/css">
|
|
<?php include_once ("../css/navigation.css.php"); ?>
|
|
</style>
|
|
|
|
<?php include_once ("../include/js_framework.inc.php"); ?>
|
|
|
|
<script type="text/javascript">
|
|
<!--
|
|
// NAVIGATION
|
|
<?php echo $jsMenuOut; ?>
|
|
|
|
function finishPage(f_act) {
|
|
document.forms[0].f_act.value = f_act;
|
|
document.forms[0].submit();
|
|
};
|
|
-->
|
|
</script>
|
|
</head>
|
|
|
|
<body onLoad="<?php echo $phpCurrentNavigationOnLoad ?>displayStatusMessage();">
|
|
|
|
<?php echo $phpMenuOut ?>
|
|
<?php echo $phpReducedMenuOut ?>
|
|
<?php echo $phpPageTitelOut ?>
|
|
|
|
<div class="maincontent" name="maincontent" id="maincontent">
|
|
|
|
<form action="../admin/employee_csc_rights.php" method="post">
|
|
<input type="hidden" name="f_act" value="">
|
|
<input type="hidden" name="customerId" value="<?php echo ec($customerId) ?>">
|
|
<input type="hidden" name="cscIdRoot" value="<?php echo ec($cscIdRoot) ?>">
|
|
<input type="hidden" name="cscIdActual" value="<?php echo ec($cscIdActual) ?>">
|
|
<?php echo $phpCurrentNavigationInputHidden ?>
|
|
<input type="hidden" name="deactivateMenu" value="<?php echo ec($deactivateMenu) ?>">
|
|
<input type="hidden" name="emp_id_act" value="<?php echo ec($emp_id_act) ?>">
|
|
|
|
<?php echo htmlDivLineSpacer("10px"); ?>
|
|
|
|
<div class="f12bp1_blue">
|
|
<?php echo $usrFirstNameAct . " " . $usrNameAct . " [" . $usrAccountAct . "]"; ?>
|
|
</div>
|
|
<?php echo htmlDivLineSpacer("20px"); ?>
|
|
|
|
<div class="f10np1">
|
|
<?php
|
|
if ($userTypeName == "hq" || $userTypeName == "cs") :
|
|
if (!$empHasNoAccessToEmployees) :
|
|
echo $output;
|
|
endif;
|
|
endif;
|
|
?>
|
|
</div>
|
|
|
|
</form>
|
|
</div>
|
|
</body>
|
|
|
|
</html>
|