Menu
▾
▴
[Web-erp-svn] SF.net SVN: web-erp:[5497] trunk
|
From: <te...@us...> - 2012-07-13 07:58:29
|
Revision: 5497
http://web-erp.svn.sourceforge.net/web-erp/?rev=5497&view=rev
Author: tehonu
Date: 2012-07-13 07:58:18 +0000 (Fri, 13 Jul 2012)
Log Message:
-----------
Ricard: Restrict the internal use stock categories by user role as described in http://www.weberp.org/forum/showthread.php?tid=171
Modified Paths:
--------------
trunk/InternalStockRequest.php
trunk/includes/MainMenuLinksArray.php
trunk/sql/mysql/upgrade4.08-4.09.sql
Added Paths:
-----------
trunk/InternalStockCategoriesByRole.php
Added: trunk/InternalStockCategoriesByRole.php
===================================================================
--- trunk/InternalStockCategoriesByRole.php (rev 0)
+++ trunk/InternalStockCategoriesByRole.php 2012-07-13 07:58:18 UTC (rev 5497)
@@ -0,0 +1,236 @@
+<?php
+
+/* $Id: InternalStockCategoriesByRole.php 5217 2012-04-03 21:57:50Z tehonu $ */
+/* Functionas as described in http://www.weberp.org/forum/showthread.php?tid=171 */
+
+include('includes/session.inc');
+$title = _('Internal Stock Categories Requests By Security Role Maintenance ');
+
+include('includes/header.inc');
+
+echo '<p class="page_title_text"><img src="'.$rootpath.'/css/'.$theme.'/images/money_add.png" title="' . _('Payment Entry')
+ . '" alt="" />' . ' ' . $title . '</p>';
+
+if (isset($_POST['SelectedType'])){
+ $SelectedType = mb_strtoupper($_POST['SelectedType']);
+} elseif (isset($_GET['SelectedType'])){
+ $SelectedType = mb_strtoupper($_GET['SelectedType']);
+} else {
+ $SelectedType='';
+}
+
+if (!isset($_GET['delete']) and (ContainsIllegalCharacters($SelectedType) OR mb_strpos($SelectedType,' ')>0)){
+ $InputError = 1;
+ prnMsg(_('The contain any of the following characters " \' - & or a space'),'error');
+}
+if (isset($_POST['SelectedRole'])){
+ $SelectedRole = mb_strtoupper($_POST['SelectedRole']);
+} elseif (isset($_GET['SelectedRole'])){
+ $SelectedRole = mb_strtoupper($_GET['SelectedRole']);
+}
+
+if (isset($_POST['Cancel'])) {
+ unset($SelectedRole);
+ unset($SelectedType);
+}
+
+if (isset($_POST['Process'])) {
+
+ if ($_POST['SelectedRole'] == '') {
+ echo prnMsg(_('You have not selected a security role to maintain the internal stock categories on'),'error');
+ echo '<br />';
+ unset($SelectedRole);
+ unset($_POST['SelectedRole']);
+ }
+}
+
+if (isset($_POST['submit'])) {
+
+ $InputError=0;
+
+ if ($_POST['SelectedCategory']=='') {
+ $InputError=1;
+ echo prnMsg(_('You have not selected a stock category to be added as internal to this security role'),'error');
+ echo '<br />';
+ unset($SelectedRole);
+ }
+
+ if ( $InputError !=1 ) {
+
+ // First check the type is not being duplicated
+
+ $checkSql = "SELECT count(*)
+ FROM internalstockcatrole
+ WHERE secroleid= '" . $_POST['SelectedRole'] . "'
+ AND categoryid = '" . $_POST['SelectedCategory'] . "'";
+
+ $checkresult = DB_query($checkSql,$db);
+ $checkrow = DB_fetch_row($checkresult);
+
+ if ( $checkrow[0] >0) {
+ $InputError = 1;
+ prnMsg( _('The Stock Category') . ' ' . $_POST['categoryid'] . ' ' ._('already allowed as internal for this security role'),'error');
+ } else {
+ // Add new record on submit
+ $sql = "INSERT INTO internalstockcatrole (secroleid,
+ categoryid)
+ VALUES ('" . $_POST['SelectedRole'] . "',
+ '" . $_POST['SelectedCategory'] . "')";
+
+ $msg = _('Stock Category:') . ' ' . $_POST['SelectedCategory'].' '._('has been allowed to user role') .' '. $_POST['SelectedRole'] . ' ' . _('as internal');
+ $checkSql = "SELECT count(secroleid)
+ FROM securityroles";
+ $result = DB_query($checkSql, $db);
+ $row = DB_fetch_row($result);
+ }
+ }
+
+ if ( $InputError !=1) {
+ //run the SQL from either of the above possibilites
+ $result = DB_query($sql,$db);
+ prnMsg($msg,'success');
+ unset($_POST['SelectedCategory']);
+ }
+
+} elseif ( isset($_GET['delete']) ) {
+ $sql="DELETE FROM internalstockcatrole
+ WHERE secroleid='".$SelectedRole."'
+ AND categoryid='".$SelectedType."'";
+
+ $ErrMsg = _('The Stock Category by Role record could not be deleted because');
+ $result = DB_query($sql,$db,$ErrMsg);
+ prnMsg(_('Internal Stock Category').' '. $SelectedType .' '. _('for user role').' '. $SelectedRole .' '. _('has been deleted') ,'success');
+ unset($_GET['delete']);
+}
+
+if (!isset($SelectedRole)){
+
+ echo '<form method="post" action="' . htmlspecialchars($_SERVER['PHP_SELF'],ENT_QUOTES,'UTF-8') . '">';
+ echo '<div>';
+ echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
+ echo '<table class="selection">'; //Main table
+
+ echo '<tr><td>' . _('Select User Role') . ':</td><td><select name="SelectedRole">';
+
+ $SQL = "SELECT secroleid,
+ secrolename
+ FROM securityroles";
+
+ $result = DB_query($SQL,$db);
+ echo '<option value="">' . _('Not Yet Selected') . '</option>';
+ while ($myrow = DB_fetch_array($result)) {
+ if (isset($SelectedRole) and $myrow['secroleid']==$SelectedRole) {
+ echo '<option selected="selected" value="';
+ } else {
+ echo '<option value="';
+ }
+ echo $myrow['secroleid'] . '">' . $myrow['secroleid'] . ' - ' . $myrow['secrolename'] . '</option>';
+
+ } //end while loop
+
+ echo '</select></td></tr>';
+
+ echo '</table>'; // close main table
+ DB_free_result($result);
+
+ echo '<br /><div class="centre"><input type="submit" name="Process" value="' . _('Accept') . '" />
+ <input type="submit" name="Cancel" value="' . _('Cancel') . '" /></div>';
+
+ echo '</div>
+ </form>';
+
+}
+
+//end of ifs and buts!
+if (isset($_POST['process'])OR isset($SelectedRole)) {
+
+ echo '<br /><div class="centre"><a href="' . htmlspecialchars($_SERVER['PHP_SELF'],ENT_QUOTES,'UTF-8') . '">' . _('Stock Categories available as internal for role') . ' ' .$SelectedRole. '</a></div>';
+ echo '<form method="post" action="' . htmlspecialchars($_SERVER['PHP_SELF'],ENT_QUOTES,'UTF-8') . '">';
+ echo '<div>';
+ echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
+
+ echo '<input type="hidden" name="SelectedRole" value="' . $SelectedRole . '" />';
+
+ $sql = "SELECT internalstockcatrole.categoryid,
+ stockcategory.categorydescription
+ FROM internalstockcatrole INNER JOIN stockcategory
+ ON internalstockcatrole.categoryid=stockcategory.categoryid
+ WHERE internalstockcatrole.secroleid='".$SelectedRole."'
+ ORDER BY internalstockcatrole.categoryid ASC";
+
+ $result = DB_query($sql,$db);
+
+ echo '<br />
+ <table class="selection">';
+ echo '<tr><th colspan="3"><h3>' . _('Internal Stock Categories Allowed to user role') . ' ' .$SelectedRole. '</h3></th></tr>';
+ echo '<tr>
+ <th>' . _('Category Code') . '</th>
+ <th>' . _('Description') . '</th>
+ </tr>';
+
+$k=0; //row colour counter
+
+while ($myrow = DB_fetch_array($result)) {
+ if ($k==1){
+ echo '<tr class="EvenTableRows">';
+ $k=0;
+ } else {
+ echo '<tr class="OddTableRows">';
+ $k=1;
+ }
+
+ printf('<td>%s</td>
+ <td>%s</td>
+ <td><a href="%s?SelectedType=%s&delete=yes&SelectedRole=' . $SelectedRole . '" onclick="return confirm(\'' . _('Are you sure you wish to delete this internal stock category code?') . '\');">' . _('Delete') . '</a></td>
+ </tr>',
+ $myrow['categoryid'],
+ $myrow['categorydescription'],
+ htmlspecialchars($_SERVER['PHP_SELF'],ENT_QUOTES,'UTF-8'),
+ $myrow['categoryid'],
+ htmlspecialchars($_SERVER['PHP_SELF'],ENT_QUOTES,'UTF-8'),
+ $myrow['categoryid']);
+ }
+ //END WHILE LIST LOOP
+ echo '</table>';
+
+ if (! isset($_GET['delete'])) {
+
+
+ echo '<br /><table class="selection">'; //Main table
+
+ echo '<tr><td>' . _('Select Stock Category Code') . ':</td><td><select name="SelectedCategory">';
+
+ $SQL = "SELECT categoryid,
+ categorydescription
+ FROM stockcategory";
+
+ $result = DB_query($SQL,$db);
+ if (!isset($_POST['SelectedCategory'])){
+ echo '<option selected="selected" value="">' . _('Not Yet Selected') . '</option>';
+ }
+ while ($myrow = DB_fetch_array($result)) {
+ if (isset($_POST['SelectedCategory']) AND $myrow['categoryid']==$_POST['SelectedCategory']) {
+ echo '<option selected="selected" value="';
+ } else {
+ echo '<option value="';
+ }
+ echo $myrow['categoryid'] . '">' . $myrow['categoryid'] . ' - ' . $myrow['categorydescription'] . '</option>';
+
+ } //end while loop
+
+ echo '</select></td></tr>';
+
+ echo '</table>'; // close main table
+ DB_free_result($result);
+
+ echo '<br /><div class="centre"><input type="submit" name="submit" value="' . _('Accept') . '" />
+ <input type="submit" name="Cancel" value="' . _('Cancel') . '" /></div>';
+
+ echo '</div>
+ </form>';
+
+ } // end if user wish to delete
+}
+
+include('includes/footer.inc');
+?>
\ No newline at end of file
Modified: trunk/InternalStockRequest.php
===================================================================
--- trunk/InternalStockRequest.php 2012-07-12 10:09:49 UTC (rev 5496)
+++ trunk/InternalStockRequest.php 2012-07-13 07:58:18 UTC (rev 5497)
@@ -279,10 +279,12 @@
echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
echo '<p class="page_title_text"><img src="' . $rootpath . '/css/' . $theme . '/images/magnifier.png" title="' . _('Search') . '" alt="" />' . ' ' . _('Search for Inventory Items'). '</p>';
-$SQL = "SELECT categoryid,
- categorydescription
- FROM stockcategory
- ORDER BY categorydescription";
+$SQL = "SELECT stockcategory.categoryid,
+ stockcategory.categorydescription
+ FROM stockcategory, internalstockcatrole
+ WHERE stockcategory.categoryid = internalstockcatrole.categoryid
+ AND internalstockcatrole.secroleid= " . $_SESSION['AccessLevel'] . "
+ ORDER BY stockcategory.categorydescription";
$result1 = DB_query($SQL, $db);
if (DB_num_rows($result1) == 0) {
echo '<p class="bad">' . _('Problem Report') . ':<br />' . _('There are no stock categories currently defined please use the link below to set them up').'</p>';
@@ -298,9 +300,9 @@
$_POST['StockCat'] = '';
}
if ($_POST['StockCat'] == 'All') {
- echo '<option selected="True" value="All">' . _('All').'</option>';
+ echo '<option selected="True" value="All">' . _('All Authorized').'</option>';
} else {
- echo '<option value="All">' . _('All').'</option>';
+ echo '<option value="All">' . _('All Authorized').'</option>';
}
while ($myrow1 = DB_fetch_array($result1)) {
if ($myrow1['categoryid'] == $_POST['StockCat']) {
@@ -357,8 +359,11 @@
stockmaster.units as stockunits,
stockmaster.decimalplaces
FROM stockmaster,
- stockcategory
+ stockcategory,
+ internalstockcatrole
WHERE stockmaster.categoryid=stockcategory.categoryid
+ AND stockcategory.categoryid = internalstockcatrole.categoryid
+ AND internalstockcatrole.secroleid= " . $_SESSION['AccessLevel'] . "
AND (stockcategory.stocktype='F' OR stockcategory.stocktype='D')
AND stockmaster.mbflag <>'G'
AND stockmaster.description " . LIKE . " '" . $SearchString . "'
@@ -370,8 +375,11 @@
stockmaster.units as stockunits,
stockmaster.decimalplaces
FROM stockmaster,
- stockcategory
- WHERE stockmaster.categoryid=stockcategory.categoryid
+ stockcategory,
+ internalstockcatrole
+ WHERE stockmaster.categoryid=stockcategory.categoryid
+ AND stockcategory.categoryid = internalstockcatrole.categoryid
+ AND internalstockcatrole.secroleid= " . $_SESSION['AccessLevel'] . "
AND (stockcategory.stocktype='F' OR stockcategory.stocktype='D')
AND stockmaster.mbflag <>'G'
AND stockmaster.discontinued=0
@@ -391,8 +399,11 @@
stockmaster.units as stockunits,
stockmaster.decimalplaces
FROM stockmaster,
- stockcategory
+ stockcategory,
+ internalstockcatrole
WHERE stockmaster.categoryid=stockcategory.categoryid
+ AND stockcategory.categoryid = internalstockcatrole.categoryid
+ AND internalstockcatrole.secroleid= " . $_SESSION['AccessLevel'] . "
AND (stockcategory.stocktype='F' OR stockcategory.stocktype='D')
AND stockmaster.stockid " . LIKE . " '" . $SearchString . "'
AND stockmaster.mbflag <>'G'
@@ -404,8 +415,11 @@
stockmaster.units as stockunits,
stockmaster.decimalplaces
FROM stockmaster,
- stockcategory
+ stockcategory,
+ internalstockcatrole
WHERE stockmaster.categoryid=stockcategory.categoryid
+ AND stockcategory.categoryid = internalstockcatrole.categoryid
+ AND internalstockcatrole.secroleid= " . $_SESSION['AccessLevel'] . "
AND (stockcategory.stocktype='F' OR stockcategory.stocktype='D')
AND stockmaster.stockid " . LIKE . " '" . $SearchString . "'
AND stockmaster.mbflag <>'G'
@@ -421,8 +435,11 @@
stockmaster.units as stockunits,
stockmaster.decimalplaces
FROM stockmaster,
- stockcategory
- WHERE stockmaster.categoryid=stockcategory.categoryid
+ stockcategory,
+ internalstockcatrole
+ WHERE stockmaster.categoryid=stockcategory.categoryid
+ AND stockcategory.categoryid = internalstockcatrole.categoryid
+ AND internalstockcatrole.secroleid= " . $_SESSION['AccessLevel'] . "
AND (stockcategory.stocktype='F' OR stockcategory.stocktype='D')
AND stockmaster.mbflag <>'G'
AND stockmaster.discontinued=0
@@ -433,8 +450,11 @@
stockmaster.units as stockunits,
stockmaster.decimalplaces
FROM stockmaster,
- stockcategory
+ stockcategory,
+ internalstockcatrole
WHERE stockmaster.categoryid=stockcategory.categoryid
+ AND stockcategory.categoryid = internalstockcatrole.categoryid
+ AND internalstockcatrole.secroleid= " . $_SESSION['AccessLevel'] . "
AND (stockcategory.stocktype='F' OR stockcategory.stocktype='D')
AND stockmaster.mbflag <>'G'
AND stockmaster.discontinued=0
Modified: trunk/includes/MainMenuLinksArray.php
===================================================================
--- trunk/includes/MainMenuLinksArray.php 2012-07-12 10:09:49 UTC (rev 5496)
+++ trunk/includes/MainMenuLinksArray.php 2012-07-13 07:58:18 UTC (rev 5497)
@@ -518,7 +518,8 @@
_('Units of Measure'),
_('MRP Available Production Days'),
_('MRP Demand Types'),
- _('Maintain Internal Departments')
+ _('Maintain Internal Departments'),
+ _('Maintain Internal Stock Categories to User Roles')
);
$MenuItems['system']['Maintenance']['URL'] = array ('/StockCategories.php',
@@ -527,7 +528,8 @@
'/UnitsOfMeasure.php',
'/MRPCalendar.php',
'/MRPDemandTypes.php',
- '/Departments.php'
+ '/Departments.php',
+ '/InternalStockCategoriesByRole.php'
);
$MenuItems['Utilities']['Transactions']['Caption'] = array (_('Change A Customer Code'),
Modified: trunk/sql/mysql/upgrade4.08-4.09.sql
===================================================================
--- trunk/sql/mysql/upgrade4.08-4.09.sql 2012-07-12 10:09:49 UTC (rev 5496)
+++ trunk/sql/mysql/upgrade4.08-4.09.sql 2012-07-13 07:58:18 UTC (rev 5497)
@@ -1,4 +1,13 @@
INSERT INTO scripts VALUES ('Z_DeleteOldPrices.php','15','Deletes all old prices');
INSERT INTO scripts VALUES ('Z_ChangeLocationCode.php','15','Change a locations code and in all tables where the old code was used to the new code');
-UPDATE config SET confvalue='4.08.2' WHERE confname='VersionNumber';
+CREATE TABLE IF NOT EXISTS `internalstockcatrole` (
+ `categoryid` varchar(6) NOT NULL,
+ `secroleid` int(11) NOT NULL,
+ KEY `internalstockcatrole_ibfk_1` (`categoryid`),
+ KEY `internalstockcatrole_ibfk_2` (`secroleid`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8;
+
+INSERT INTO scripts VALUES ('InternalStockCategoriesByRole.php','15','Daintains the stock categories to be used as internal for any user security role');
+
+UPDATE config SET confvalue='4.08.2' WHERE confname='VersionNumber';
\ No newline at end of file
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
