Menu
▾
▴
[moregroupware-cvs] mgw/modules/contact/inc contact.class.php,1.44,1.45
|
From: <ema...@us...> - 2003-11-07 20:00:59
|
Update of /cvsroot/moregroupware/mgw/modules/contact/inc
In directory sc8-pr-cvs1:/tmp/cvs-serv5866
Modified Files:
contact.class.php
Log Message:
bugfix for broken rights, no right to edit when no company is assigned to contact
Index: contact.class.php
===================================================================
RCS file: /cvsroot/moregroupware/mgw/modules/contact/inc/contact.class.php,v
retrieving revision 1.44
retrieving revision 1.45
diff -C2 -d -r1.44 -r1.45
*** contact.class.php 6 Nov 2003 13:47:17 -0000 1.44
--- contact.class.php 7 Nov 2003 20:00:55 -0000 1.45
***************
*** 135,139 ****
$sql="SELECT owner FROM mgw_contacts WHERE id=$id";
! if(!$conn->GetRow($sql)) exit(showSQLerror($sql, $conn->ErrorMsg(), __LINE__, __FILE__));
if($row['owner'] == $_SESSION["MGW"]->userid)
queryRights2('root_modules_contact_contact_modify');
--- 135,141 ----
$sql="SELECT owner FROM mgw_contacts WHERE id=$id";
! if(!$res = $conn->Execute($sql)) exit(showSQLerror($sql, $conn->ErrorMsg(), __LINE__, __FILE__));
! $row = $res->FetchRow();
!
if($row['owner'] == $_SESSION["MGW"]->userid)
queryRights2('root_modules_contact_contact_modify');
***************
*** 193,197 ****
$sql="SELECT owner FROM mgw_contacts WHERE id=$id";
! if(!$conn->GetRow($sql)) exit(showSQLerror($sql, $conn->ErrorMsg(), __LINE__, __FILE__));
if($row['owner'] == $_SESSION["MGW"]->userid)
queryRights2('root_modules_contact_contact_delete');
--- 195,200 ----
$sql="SELECT owner FROM mgw_contacts WHERE id=$id";
! if(!$res = $conn->Execute($sql)) exit(showSQLerror($sql, $conn->ErrorMsg(), __LINE__, __FILE__));
! $row = $res->FetchRow();
if($row['owner'] == $_SESSION["MGW"]->userid)
queryRights2('root_modules_contact_contact_delete');
***************
*** 325,329 ****
$sql="SELECT owner FROM mgw_contacts WHERE id=$id";
! if(!$conn->GetRow($sql)) exit(showSQLerror($sql, $conn->ErrorMsg(), __LINE__, __FILE__));
if($row['owner'] == $_SESSION["MGW"]->userid)
queryRights2('root_modules_contact_contact_modify');
--- 328,334 ----
$sql="SELECT owner FROM mgw_contacts WHERE id=$id";
! if(!$res = $conn->Execute($sql)) exit(showSQLerror($sql, $conn->ErrorMsg(), __LINE__, __FILE__));
! $row = $res->FetchRow();
!
if($row['owner'] == $_SESSION["MGW"]->userid)
queryRights2('root_modules_contact_contact_modify');
***************
*** 749,752 ****
--- 754,758 ----
}
$searchterm = (isset($_POST["searchterm"])) ? $_POST["searchterm"] : (isset($_GET["searchterm"])?$_GET["searchterm"]:"");
+ $qsearchterm = $conn->QMagic('%'.$searchterm.'%');
$list = (isset($_GET["list"])) ? $_GET["list"] : "";
$compid = isset($_GET["compid"])?(int)$_GET["compid"]:0;
***************
*** 761,765 ****
$smarty->assign("nextsym", $icons["next"]);
! $sql = "SELECT a.*, b.name1, b.telephone, b.owner, b.email AS email_company FROM mgw_contacts a LEFT JOIN mgw_companies b ON a.companyid=b.id WHERE (a.ispublic=1 $groupsql) OR (a.ispublic=0 $groupsql AND a.owner=".$_SESSION["MGW"]->userid.") ORDER BY a.lastname";
// default contentheader
--- 767,771 ----
$smarty->assign("nextsym", $icons["next"]);
! $sql = "SELECT a.*, b.name1, b.telephone, a.owner as c_owner,b.owner, b.email AS email_company FROM mgw_contacts a LEFT JOIN mgw_companies b ON a.companyid=b.id WHERE (a.ispublic=1 $groupsql) OR (a.ispublic=0 $groupsql AND a.owner=".$_SESSION["MGW"]->userid.") ORDER BY a.lastname";
// default contentheader
***************
*** 767,781 ****
if(isset($_GET["sort"]) and $_GET["sort"] == "alpha") {
! $qsearchterm = $conn->QMagic($_GET["list"]."%");
! $sql = "SELECT a.*, b.name1, b.telephone, b.owner, b.email AS email_company FROM mgw_contacts a LEFT JOIN mgw_companies b ON a.companyid=b.id WHERE (a.lastname LIKE ".$qsearchterm." AND a.ispublic=1) OR (a.lastname LIKE ".$qsearchterm." AND a.ispublic=0 AND a.owner=".$_SESSION["MGW"]->userid.") $groupsql ORDER BY a.lastname";
$cheader = Lang::getParmLang(Lang::getLanguageString("overview_contacts_by_a"), array($list));
}
elseif(isset($_GET["sort"]) and $_GET["sort"] == "bycompany") {
! $sql = "SELECT a.*, b.name1, b.telephone, b.owner, b.email AS email_company FROM mgw_contacts a LEFT JOIN mgw_companies b ON a.companyid=b.id WHERE (a.ispublic=1 AND b.id = $compid $groupsql) OR (a.ispublic=0 AND a.owner=".$_SESSION["MGW"]->userid." AND b.id = $compid $groupsql) ORDER BY a.lastname";
}
if((isset($_POST["op"]) && $_POST["op"] == "qsearch" && isset($_POST["search"])) OR (isset($_GET["searchterm"]) and $_GET["searchterm"] != "")) {
$qsearchterm = $conn->QMagic('%'.$searchterm.'%');
! $sql = "SELECT mgw_contacts.*, mgw_companies.owner, mgw_companies.name1, mgw_companies.telephone, mgw_companies.email AS email_company FROM mgw_contacts LEFT JOIN mgw_companies ON mgw_contacts.companyid=mgw_companies.id WHERE ";
for($i=0;$i<count($_SESSION["MGW"]->settings["quicksearchmethod"]);$i++) {
--- 773,787 ----
if(isset($_GET["sort"]) and $_GET["sort"] == "alpha") {
! $searchterm = $conn->QMagic($_GET["list"]."%");
! $sql = "SELECT a.*, b.name1, b.telephone, a.owner as c_owner, b.owner, b.email AS email_company FROM mgw_contacts a LEFT JOIN mgw_companies b ON a.companyid=b.id WHERE (a.lastname LIKE ".$searchterm." AND a.ispublic=1) OR (a.lastname LIKE ".$searchterm." AND a.ispublic=0 AND a.owner=".$_SESSION["MGW"]->userid.") $groupsql ORDER BY a.lastname";
$cheader = Lang::getParmLang(Lang::getLanguageString("overview_contacts_by_a"), array($list));
}
elseif(isset($_GET["sort"]) and $_GET["sort"] == "bycompany") {
! $sql = "SELECT a.*, b.name1, b.telephone, a.owner as c_owner, b.owner, b.email AS email_company FROM mgw_contacts a LEFT JOIN mgw_companies b ON a.companyid=b.id WHERE (a.ispublic=1 AND b.id = $compid $groupsql) OR (a.ispublic=0 AND a.owner=".$_SESSION["MGW"]->userid." AND b.id = $compid $groupsql) ORDER BY a.lastname";
}
if((isset($_POST["op"]) && $_POST["op"] == "qsearch" && isset($_POST["search"])) OR (isset($_GET["searchterm"]) and $_GET["searchterm"] != "")) {
$qsearchterm = $conn->QMagic('%'.$searchterm.'%');
! $sql = "SELECT mgw_contacts.*, mgw_contacts.owner as c_owner, mgw_companies.owner, mgw_companies.name1, mgw_companies.telephone, mgw_companies.email AS email_company FROM mgw_contacts LEFT JOIN mgw_companies ON mgw_contacts.companyid=mgw_companies.id WHERE ";
for($i=0;$i<count($_SESSION["MGW"]->settings["quicksearchmethod"]);$i++) {
***************
*** 825,828 ****
--- 831,835 ----
$row['company'] = $row["name1"];
+ if ($row["owner"]=="") $row["owner"] = $row["c_owner"];
// create Action URLs
|