From: <ema...@us...> - 2003-11-07 20:00:59
|
Update of /cvsroot/moregroupware/mgw/modules/contact/inc In directory sc8-pr-cvs1:/tmp/cvs-serv5866 Modified Files: contact.class.php Log Message: bugfix for broken rights, no right to edit when no company is assigned to contact Index: contact.class.php =================================================================== RCS file: /cvsroot/moregroupware/mgw/modules/contact/inc/contact.class.php,v retrieving revision 1.44 retrieving revision 1.45 diff -C2 -d -r1.44 -r1.45 *** contact.class.php 6 Nov 2003 13:47:17 -0000 1.44 --- contact.class.php 7 Nov 2003 20:00:55 -0000 1.45 *************** *** 135,139 **** $sql="SELECT owner FROM mgw_contacts WHERE id=$id"; ! if(!$conn->GetRow($sql)) exit(showSQLerror($sql, $conn->ErrorMsg(), __LINE__, __FILE__)); if($row['owner'] == $_SESSION["MGW"]->userid) queryRights2('root_modules_contact_contact_modify'); --- 135,141 ---- $sql="SELECT owner FROM mgw_contacts WHERE id=$id"; ! if(!$res = $conn->Execute($sql)) exit(showSQLerror($sql, $conn->ErrorMsg(), __LINE__, __FILE__)); ! $row = $res->FetchRow(); ! if($row['owner'] == $_SESSION["MGW"]->userid) queryRights2('root_modules_contact_contact_modify'); *************** *** 193,197 **** $sql="SELECT owner FROM mgw_contacts WHERE id=$id"; ! if(!$conn->GetRow($sql)) exit(showSQLerror($sql, $conn->ErrorMsg(), __LINE__, __FILE__)); if($row['owner'] == $_SESSION["MGW"]->userid) queryRights2('root_modules_contact_contact_delete'); --- 195,200 ---- $sql="SELECT owner FROM mgw_contacts WHERE id=$id"; ! if(!$res = $conn->Execute($sql)) exit(showSQLerror($sql, $conn->ErrorMsg(), __LINE__, __FILE__)); ! $row = $res->FetchRow(); if($row['owner'] == $_SESSION["MGW"]->userid) queryRights2('root_modules_contact_contact_delete'); *************** *** 325,329 **** $sql="SELECT owner FROM mgw_contacts WHERE id=$id"; ! if(!$conn->GetRow($sql)) exit(showSQLerror($sql, $conn->ErrorMsg(), __LINE__, __FILE__)); if($row['owner'] == $_SESSION["MGW"]->userid) queryRights2('root_modules_contact_contact_modify'); --- 328,334 ---- $sql="SELECT owner FROM mgw_contacts WHERE id=$id"; ! if(!$res = $conn->Execute($sql)) exit(showSQLerror($sql, $conn->ErrorMsg(), __LINE__, __FILE__)); ! $row = $res->FetchRow(); ! if($row['owner'] == $_SESSION["MGW"]->userid) queryRights2('root_modules_contact_contact_modify'); *************** *** 749,752 **** --- 754,758 ---- } $searchterm = (isset($_POST["searchterm"])) ? $_POST["searchterm"] : (isset($_GET["searchterm"])?$_GET["searchterm"]:""); + $qsearchterm = $conn->QMagic('%'.$searchterm.'%'); $list = (isset($_GET["list"])) ? $_GET["list"] : ""; $compid = isset($_GET["compid"])?(int)$_GET["compid"]:0; *************** *** 761,765 **** $smarty->assign("nextsym", $icons["next"]); ! $sql = "SELECT a.*, b.name1, b.telephone, b.owner, b.email AS email_company FROM mgw_contacts a LEFT JOIN mgw_companies b ON a.companyid=b.id WHERE (a.ispublic=1 $groupsql) OR (a.ispublic=0 $groupsql AND a.owner=".$_SESSION["MGW"]->userid.") ORDER BY a.lastname"; // default contentheader --- 767,771 ---- $smarty->assign("nextsym", $icons["next"]); ! $sql = "SELECT a.*, b.name1, b.telephone, a.owner as c_owner,b.owner, b.email AS email_company FROM mgw_contacts a LEFT JOIN mgw_companies b ON a.companyid=b.id WHERE (a.ispublic=1 $groupsql) OR (a.ispublic=0 $groupsql AND a.owner=".$_SESSION["MGW"]->userid.") ORDER BY a.lastname"; // default contentheader *************** *** 767,781 **** if(isset($_GET["sort"]) and $_GET["sort"] == "alpha") { ! $qsearchterm = $conn->QMagic($_GET["list"]."%"); ! $sql = "SELECT a.*, b.name1, b.telephone, b.owner, b.email AS email_company FROM mgw_contacts a LEFT JOIN mgw_companies b ON a.companyid=b.id WHERE (a.lastname LIKE ".$qsearchterm." AND a.ispublic=1) OR (a.lastname LIKE ".$qsearchterm." AND a.ispublic=0 AND a.owner=".$_SESSION["MGW"]->userid.") $groupsql ORDER BY a.lastname"; $cheader = Lang::getParmLang(Lang::getLanguageString("overview_contacts_by_a"), array($list)); } elseif(isset($_GET["sort"]) and $_GET["sort"] == "bycompany") { ! $sql = "SELECT a.*, b.name1, b.telephone, b.owner, b.email AS email_company FROM mgw_contacts a LEFT JOIN mgw_companies b ON a.companyid=b.id WHERE (a.ispublic=1 AND b.id = $compid $groupsql) OR (a.ispublic=0 AND a.owner=".$_SESSION["MGW"]->userid." AND b.id = $compid $groupsql) ORDER BY a.lastname"; } if((isset($_POST["op"]) && $_POST["op"] == "qsearch" && isset($_POST["search"])) OR (isset($_GET["searchterm"]) and $_GET["searchterm"] != "")) { $qsearchterm = $conn->QMagic('%'.$searchterm.'%'); ! $sql = "SELECT mgw_contacts.*, mgw_companies.owner, mgw_companies.name1, mgw_companies.telephone, mgw_companies.email AS email_company FROM mgw_contacts LEFT JOIN mgw_companies ON mgw_contacts.companyid=mgw_companies.id WHERE "; for($i=0;$i<count($_SESSION["MGW"]->settings["quicksearchmethod"]);$i++) { --- 773,787 ---- if(isset($_GET["sort"]) and $_GET["sort"] == "alpha") { ! $searchterm = $conn->QMagic($_GET["list"]."%"); ! $sql = "SELECT a.*, b.name1, b.telephone, a.owner as c_owner, b.owner, b.email AS email_company FROM mgw_contacts a LEFT JOIN mgw_companies b ON a.companyid=b.id WHERE (a.lastname LIKE ".$searchterm." AND a.ispublic=1) OR (a.lastname LIKE ".$searchterm." AND a.ispublic=0 AND a.owner=".$_SESSION["MGW"]->userid.") $groupsql ORDER BY a.lastname"; $cheader = Lang::getParmLang(Lang::getLanguageString("overview_contacts_by_a"), array($list)); } elseif(isset($_GET["sort"]) and $_GET["sort"] == "bycompany") { ! $sql = "SELECT a.*, b.name1, b.telephone, a.owner as c_owner, b.owner, b.email AS email_company FROM mgw_contacts a LEFT JOIN mgw_companies b ON a.companyid=b.id WHERE (a.ispublic=1 AND b.id = $compid $groupsql) OR (a.ispublic=0 AND a.owner=".$_SESSION["MGW"]->userid." AND b.id = $compid $groupsql) ORDER BY a.lastname"; } if((isset($_POST["op"]) && $_POST["op"] == "qsearch" && isset($_POST["search"])) OR (isset($_GET["searchterm"]) and $_GET["searchterm"] != "")) { $qsearchterm = $conn->QMagic('%'.$searchterm.'%'); ! $sql = "SELECT mgw_contacts.*, mgw_contacts.owner as c_owner, mgw_companies.owner, mgw_companies.name1, mgw_companies.telephone, mgw_companies.email AS email_company FROM mgw_contacts LEFT JOIN mgw_companies ON mgw_contacts.companyid=mgw_companies.id WHERE "; for($i=0;$i<count($_SESSION["MGW"]->settings["quicksearchmethod"]);$i++) { *************** *** 825,828 **** --- 831,835 ---- $row['company'] = $row["name1"]; + if ($row["owner"]=="") $row["owner"] = $row["c_owner"]; // create Action URLs |