[Web-erp-svn] SF.net SVN: web-erp:[6808] trunk

[<aga...@us...>]

Revision: 6808
          http://sourceforge.net/p/web-erp/reponame/6808
Author:   agaluski
Date:     2014-08-11 21:27:11 +0000 (Mon, 11 Aug 2014)
Log Message:
-----------
Added location Based Security to all of these files

Modified Paths:
--------------
    trunk/PDFStockLocTransfer.php
    trunk/PDFTopItems.php
    trunk/SpecialOrder.php
    trunk/StockCheck.php
    trunk/StockCounts.php
    trunk/StockDispatch.php
    trunk/StockLocTransfer.php
    trunk/StockLocTransferReceive.php
    trunk/StockMovements.php
    trunk/StockReorderLevel.php
    trunk/SuppLoginSetup.php
    trunk/SupplierTenderCreate.php
    trunk/TopItems.php
    trunk/WorkCentres.php
    trunk/WorkOrderCosting.php

Modified: trunk/PDFStockLocTransfer.php
===================================================================
--- trunk/PDFStockLocTransfer.php	2014-08-11 14:12:30 UTC (rev 6807)
+++ trunk/PDFStockLocTransfer.php	2014-08-11 21:27:11 UTC (rev 6808)
@@ -75,6 +75,8 @@
 		INNER JOIN stockmaster ON loctransfers.stockid=stockmaster.stockid
 		INNER JOIN locations ON loctransfers.shiploc=locations.loccode
 		INNER JOIN locations AS locationsrec ON loctransfers.recloc = locationsrec.loccode
+		INNER JOIN locationusers ON locationusers.loccode=locations.loccode AND locationusers.userid='" .  $_SESSION['UserID'] . "' AND locationusers.canview=1
+		INNER JOIN locationusers as locationusersrec ON locationusersrec.loccode=locationsrec.loccode AND locationusersrec.userid='" .  $_SESSION['UserID'] . "' AND locationusersrec.canview=1
 		WHERE loctransfers.reference='" . $_GET['TransferNo'] . "'";
 
 $result = DB_query($sql,$db, $ErrMsg, $DbgMsg);

Modified: trunk/PDFTopItems.php
===================================================================
--- trunk/PDFTopItems.php	2014-08-11 14:12:30 UTC (rev 6807)
+++ trunk/PDFTopItems.php	2014-08-11 21:27:11 UTC (rev 6808)
@@ -20,7 +20,8 @@
 				stockmaster.description,
 				stockmaster.units,
 				stockmaster.decimalplaces
-			FROM 	salesorderdetails, salesorders, debtorsmaster,stockmaster
+			FROM 	salesorderdetails, salesorders INNER JOIN locationusers ON locationusers.loccode=salesorders.fromstkloc AND locationusers.userid='" .  $_SESSION['UserID'] . "' AND locationusers.canview=1, 
+			debtorsmaster,stockmaster
 			WHERE 	salesorderdetails.orderno = salesorders.orderno
 				AND salesorderdetails.stkcode = stockmaster.stockid
 				AND salesorders.debtorno = debtorsmaster.debtorno
@@ -35,7 +36,8 @@
 					SUM(salesorderdetails.qtyinvoiced * salesorderdetails.unitprice ) AS valuesales,
 					stockmaster.description,
 					stockmaster.units
-				FROM 	salesorderdetails, salesorders, debtorsmaster,stockmaster
+				FROM 	salesorderdetails, salesorders INNER JOIN locationusers ON locationusers.loccode=salesorders.fromstkloc AND locationusers.userid='" .  $_SESSION['UserID'] . "' AND locationusers.canview=1, 
+				debtorsmaster,stockmaster
 				WHERE 	salesorderdetails.orderno = salesorders.orderno
 						AND salesorderdetails.stkcode = stockmaster.stockid
 						AND salesorders.debtorno = debtorsmaster.debtorno
@@ -53,7 +55,8 @@
 						stockmaster.description,
 						stockmaster.units,
 						stockmaster.decimalplaces
-					FROM 	salesorderdetails, salesorders, debtorsmaster,stockmaster
+					FROM 	salesorderdetails, salesorders INNER JOIN locationusers ON locationusers.loccode=salesorders.fromstkloc AND locationusers.userid='" .  $_SESSION['UserID'] . "' AND locationusers.canview=1,
+					debtorsmaster,stockmaster
 					WHERE 	salesorderdetails.orderno = salesorders.orderno
 						AND salesorderdetails.stkcode = stockmaster.stockid
 						AND salesorders.debtorno = debtorsmaster.debtorno
@@ -70,7 +73,8 @@
 						stockmaster.description,
 						stockmaster.units,
 						stockmaster.decimalplaces
-					FROM 	salesorderdetails, salesorders, debtorsmaster,stockmaster
+					FROM 	salesorderdetails, salesorders INNER JOIN locationusers ON locationusers.loccode=salesorders.fromstkloc AND locationusers.userid='" .  $_SESSION['UserID'] . "' AND locationusers.canview=1,
+					debtorsmaster,stockmaster
 					WHERE 	salesorderdetails.orderno = salesorders.orderno
 						AND salesorderdetails.stkcode = stockmaster.stockid
 						AND salesorders.debtorno = debtorsmaster.debtorno
@@ -90,6 +94,7 @@
 		//find the quantity onhand item
 		$sqloh = "SELECT sum(quantity)as qty
 					FROM locstock
+					INNER JOIN locationusers ON locationusers.loccode=locstock.loccode AND locationusers.userid='" .  $_SESSION['UserID'] . "' AND locationusers.canview=1
 					WHERE stockid='" . DB_escape_string($myrow['stkcode']) . "'";
 		$oh = DB_query($sqloh, $db);
 		$ohRow = DB_fetch_row($oh);

Modified: trunk/SpecialOrder.php
===================================================================
--- trunk/SpecialOrder.php	2014-08-11 14:12:30 UTC (rev 6807)
+++ trunk/SpecialOrder.php	2014-08-11 21:27:11 UTC (rev 6808)
@@ -590,7 +590,8 @@
 
 echo '<table><tr><td>' . _('Receive Purchase Into and Sell From') . ': <select name="StkLocation">';
 
-$sql = "SELECT loccode, locationname FROM locations";
+$sql = "SELECT locations.loccode, locationname FROM locations
+		INNER JOIN locationusers ON locationusers.loccode=locations.loccode AND locationusers.userid='" .  $_SESSION['UserID'] . "' AND locationusers.canupd=1";
 $LocnResult = DB_query($sql,$db);
 if (!isset($_SESSION['SPL'.$identifier]->StkLocation) or $_SESSION['SPL'.$identifier]->StkLocation==''){ /*If this is the first time the form loaded set up defaults */
 	$_SESSION['SPL'.$identifier]->StkLocation = $_SESSION['UserStockLocation'];

Modified: trunk/StockCheck.php
===================================================================
--- trunk/StockCheck.php	2014-08-11 14:12:30 UTC (rev 6807)
+++ trunk/StockCheck.php	2014-08-11 21:27:11 UTC (rev 6808)
@@ -294,7 +294,9 @@
 		echo '<tr>
 				<td>' . _('For Inventory in Location') . ':</td>
 				<td><select name="Location">';
-		$sql = "SELECT loccode, locationname FROM locations ORDER BY locationname";
+		$sql = "SELECT locations.loccode, locationname FROM locations 
+				INNER JOIN locationusers ON locationusers.loccode=locations.loccode AND locationusers.userid='" .  $_SESSION['UserID'] . "' AND locationusers.canupd=1
+				ORDER BY locationname";
 		$LocnResult=DB_query($sql,$db);
 
 		while ($myrow=DB_fetch_array($LocnResult)){

Modified: trunk/StockCounts.php
===================================================================
--- trunk/StockCounts.php	2014-08-11 14:12:30 UTC (rev 6807)
+++ trunk/StockCounts.php	2014-08-11 21:27:11 UTC (rev 6808)
@@ -104,7 +104,8 @@
 		echo '<table cellpadding="2" class="selection">';
 		echo '<tr>
 				<th colspan="3">' ._('Stock Check Counts at Location') . ':<select name="Location">';
-		$sql = 'SELECT loccode, locationname FROM locations';
+		$sql = "SELECT locations.loccode, locationname FROM locations
+				INNER JOIN locationusers ON locationusers.loccode=locations.loccode AND locationusers.userid='" .  $_SESSION['UserID'] . "' AND locationusers.canupd=1";
 		$result = DB_query($sql,$db);
 
 		while ($myrow=DB_fetch_array($result)){
@@ -202,7 +203,9 @@
 	}
 
 	//START OF action=VIEW
-	$SQL = "select * from stockcounts";
+	$SQL = "select stockcounts.*,
+					canupd from stockcounts
+					INNER JOIN locationusers ON locationusers.loccode=stockcounts.loccode AND locationusers.userid='" .  $_SESSION['UserID'] . "' AND locationusers.canview=1";
 	$result = DB_query($SQL, $db);
 	echo '<input type="hidden" name="Action" value="View" />';
 	echo '<table cellpadding="2" class="selection">';
@@ -219,7 +222,11 @@
 			<td>'.$myrow['qtycounted'].'</td>
 			<td>'.$myrow['reference'].'</td>
 			<td>';
-        echo '<input type="checkbox" name="DEL[' . $myrow['id'] . ']" maxlength="20" size="20" /></td></tr>';
+		if ($myrow['canupd']==1) {	
+			echo '<input type="checkbox" name="DEL[' . $myrow['id'] . ']" maxlength="20" size="20" />';
+			
+		}
+		echo '</td></tr>';
 
 	}
 	echo '</table><br /><div class="centre"><input type="submit" name="SubmitChanges" value="' . _('Save Changes') . '" /></div>';

Modified: trunk/StockDispatch.php
===================================================================
--- trunk/StockDispatch.php	2014-08-11 14:12:30 UTC (rev 6807)
+++ trunk/StockDispatch.php	2014-08-11 21:27:11 UTC (rev 6808)
@@ -330,9 +330,10 @@
 	echo '<div>
 		  <br />';
 	echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
-	$sql = "SELECT loccode,
+	$sql = "SELECT locations.loccode,
 			locationname
-		FROM locations";
+		FROM locations 
+		INNER JOIN locationusers ON locationusers.loccode=locations.loccode AND locationusers.userid='" .  $_SESSION['UserID'] . "' AND locationusers.canupd=1";
 	$resultStkLocs = DB_query($sql,$db);
 	if (!isset($_POST['FromLocation'])) {
 		$_POST['FromLocation']=$DefaultLocation;

Modified: trunk/StockLocTransfer.php
===================================================================
--- trunk/StockLocTransfer.php	2014-08-11 14:12:30 UTC (rev 6807)
+++ trunk/StockLocTransfer.php	2014-08-11 21:27:11 UTC (rev 6808)
@@ -255,7 +255,7 @@
 			<th colspan="4"><input type="hidden" name="Trf_ID" value="' . $Trf_ID . '" /><h3>' .  _('Inventory Location Transfer Shipment Reference').' # '. $Trf_ID. '</h3></th>
 		</tr>';
 
-	$sql = "SELECT loccode, locationname FROM locations ORDER BY locationname";
+	$sql = "SELECT locations.loccode, locationname FROM locations INNER JOIN locationusers ON locationusers.loccode=locations.loccode AND locationusers.userid='" .  $_SESSION['UserID'] . "' AND locationusers.canupd=1 ORDER BY locationname";
 	$resultStkLocs = DB_query($sql,$db);
 
 	echo '<tr>

Modified: trunk/StockLocTransferReceive.php
===================================================================
--- trunk/StockLocTransferReceive.php	2014-08-11 14:12:30 UTC (rev 6807)
+++ trunk/StockLocTransferReceive.php	2014-08-11 21:27:11 UTC (rev 6808)
@@ -387,6 +387,7 @@
 			ON loctransfers.shiploc=locations.loccode
 			INNER JOIN locations as reclocations
 			ON loctransfers.recloc = reclocations.loccode
+			INNER JOIN locationusers ON locationusers.loccode=reclocations.loccode AND locationusers.userid='" .  $_SESSION['UserID'] . "' AND locationusers.canupd=1
 			INNER JOIN stockmaster
 			ON loctransfers.stockid=stockmaster.stockid
 			WHERE reference ='" . $_GET['Trf_ID'] . "' ORDER BY loctransfers.stockid";
@@ -533,7 +534,7 @@
     echo '<div>';
 	echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
 
-	$LocResult = DB_query("SELECT locationname, loccode FROM locations ORDER BY locationname",$db);
+	$LocResult = DB_query("SELECT locationname, locations.loccode FROM locations INNER JOIN locationusers ON locationusers.loccode=locations.loccode AND locationusers.userid='" .  $_SESSION['UserID'] . "' AND locationusers.canview=1 ORDER BY locationname",$db);
 
 	echo '<table class="selection">';
 	echo '<tr>

Modified: trunk/StockMovements.php
===================================================================
--- trunk/StockMovements.php	2014-08-11 14:12:30 UTC (rev 6807)
+++ trunk/StockMovements.php	2014-08-11 21:27:11 UTC (rev 6808)
@@ -37,7 +37,8 @@
 
 echo '  ' . _('From Stock Location') . ':<select name="StockLocation"> ';
 
-$sql = "SELECT loccode, locationname FROM locations";
+$sql = "SELECT locations.loccode, locationname FROM locations
+		INNER JOIN locationusers ON locationusers.loccode=locations.loccode AND locationusers.userid='" .  $_SESSION['UserID'] . "' AND locationusers.canview=1";
 $resultStkLocs = DB_query($sql,$db);
 
 while ($myrow=DB_fetch_array($resultStkLocs)){

Modified: trunk/StockReorderLevel.php
===================================================================
--- trunk/StockReorderLevel.php	2014-08-11 14:12:30 UTC (rev 6807)
+++ trunk/StockReorderLevel.php	2014-08-11 21:27:11 UTC (rev 6808)
@@ -31,9 +31,11 @@
 				locations.locationname,
 				locstock.quantity,
 				locstock.reorderlevel,
-				stockmaster.decimalplaces
+				stockmaster.decimalplaces,
+				canupd
 		FROM locstock INNER JOIN locations
 			ON locstock.loccode=locations.loccode
+		INNER JOIN locationusers ON locationusers.loccode=locstock.loccode AND locationusers.userid='" .  $_SESSION['UserID'] . "' AND locationusers.canview=1
 			INNER JOIN stockmaster
 			ON locstock.stockid=stockmaster.stockid
 		WHERE locstock.stockid = '" . $StockID . "'
@@ -83,11 +85,15 @@
 	   $UpdateReorderLevel = DB_query($sql, $db);
 
 	}
-
+	if ($myrow['canupd']==1) {
+		$UpdateCode='<input title="'._('Input safety stock quantity').'" type="text" class="number" name="%s" maxlength="10" size="10" value="%s" />
+			<input type="hidden" name="Old_%s" value="%s" />';
+	} else {
+		$UpdateCode='<input type="hidden" name="%s">%s<input type="hidden" name="Old_%s" value="%s" />';
+	}
 	printf('<td>%s</td>
 			<td class="number">%s</td>
-			<td><input title="'._('Input safety stock quantity').'" type="text" class="number" name="%s" maxlength="10" size="10" value="%s" />
-			<input type="hidden" name="Old_%s" value="%s" /></td></tr>',
+			<td class="number">' . $UpdateCode . '</td></tr>',
 			$myrow['locationname'],
 			locale_number_format($myrow['quantity'],$myrow['decimalplaces']),
 			$myrow['loccode'],

Modified: trunk/SuppLoginSetup.php
===================================================================
--- trunk/SuppLoginSetup.php	2014-08-11 14:12:30 UTC (rev 6807)
+++ trunk/SuppLoginSetup.php	2014-08-11 21:27:11 UTC (rev 6808)
@@ -187,7 +187,7 @@
 echo '<tr><td>' . _('Default Location') . ':</td>
 	<td><select name="DefaultLocation">';
 
-$sql = "SELECT loccode, locationname FROM locations";
+$sql = "SELECT locations.loccode, locationname FROM locations INNER JOIN locationusers ON locationusers.loccode=locations.loccode AND locationusers.userid='" .  $_SESSION['UserID'] . "' AND locationusers.canupd=1";
 $result = DB_query($sql,$db);
 
 while ($myrow=DB_fetch_array($result)){

Modified: trunk/SupplierTenderCreate.php
===================================================================
--- trunk/SupplierTenderCreate.php	2014-08-11 14:12:30 UTC (rev 6807)
+++ trunk/SupplierTenderCreate.php	2014-08-11 21:27:11 UTC (rev 6808)
@@ -57,6 +57,7 @@
 					telephone,
 					requiredbydate
 				FROM tenders
+				INNER JOIN locationusers ON locationusers.loccode=tenders.location AND locationusers.userid='" .  $_SESSION['UserID'] . "' AND locationusers.canview=1
 				WHERE tenderid='" . $_GET['ID'] . "'";
 	$result=DB_query($sql, $db);
 	$myrow=DB_fetch_array($result);
@@ -126,6 +127,7 @@
 					address6,
 					telephone
 				FROM tenders
+				INNER JOIN locationusers ON locationusers.loccode=tenders.location AND locationusers.userid='" .  $_SESSION['UserID'] . "' AND locationusers.canupd=1
 				WHERE closed=0
 					AND requiredbydate > '" . Date('Y-m-d') . "'";
 	$result=DB_query($sql, $db);
@@ -268,7 +270,8 @@
 						tel,
 						contact
 					FROM locations
-					WHERE loccode='" . $_POST['StkLocation'] . "'";
+					INNER JOIN locationusers ON locationusers.loccode=.locations.loccode AND locationusers.userid='" .  $_SESSION['UserID'] . "' AND locationusers.canupd=1
+					WHERE locations.loccode='" . $_POST['StkLocation'] . "'";
 
 		$LocnAddrResult = DB_query($sql,$db);
 		if (DB_num_rows($LocnAddrResult)==1){
@@ -310,6 +313,7 @@
 						tel,
 						contact
 					FROM locations
+					INNER JOIN locationusers ON locationusers.loccode=.locations.loccode AND locationusers.userid='" .  $_SESSION['UserID'] . "' AND locationusers.canupd=1
 					WHERE loccode='" . $_POST['StkLocation'] . "'";
 
 		$LocnAddrResult = DB_query($sql,$db);
@@ -339,9 +343,10 @@
 			<td>' . _('Warehouse') . ':</td>
 			<td><select name="StkLocation" onchange="ReloadForm(form1.LookupDeliveryAddress)">';
 
-	$sql = "SELECT loccode,
+	$sql = "SELECT locations.loccode,
 					locationname
-				FROM locations";
+				FROM locations
+				INNER JOIN locationusers ON locationusers.loccode=.locations.loccode AND locationusers.userid='" .  $_SESSION['UserID'] . "' AND locationusers.canupd=1";
 	$LocnResult = DB_query($sql,$db);
 
 	while ($LocnRow=DB_fetch_array($LocnResult)){

Modified: trunk/TopItems.php
===================================================================
--- trunk/TopItems.php	2014-08-11 14:12:30 UTC (rev 6807)
+++ trunk/TopItems.php	2014-08-11 21:27:11 UTC (rev 6808)
@@ -22,9 +22,10 @@
 			<td style="width:150px">' . _('Select Location') . '  </td>
 			<td>:</td>
 			<td><select name="Location">';
-	$sql = "SELECT loccode,
+	$sql = "SELECT locations.loccode,
 					locationname
-			FROM locations";
+			FROM locations
+			INNER JOIN locationusers ON locationusers.loccode=locations.loccode AND locationusers.userid='" .  $_SESSION['UserID'] . "' AND locationusers.canview=1";
 	$result = DB_query($sql, $db);
 	echo '<option value="All">' . _('All') . '</option>';
 	while ($myrow = DB_fetch_array($result)) {
@@ -127,8 +128,10 @@
 					stockmaster.mbflag,
 					currencies.rate,
 					debtorsmaster.currcode,
+					fromstkloc,
 					stockmaster.decimalplaces
-			FROM 	salesorderdetails, salesorders, debtorsmaster,stockmaster, currencies
+			FROM 	salesorderdetails, salesorders INNER JOIN locationusers ON locationusers.loccode=salesorders.fromstkloc AND locationusers.userid='" .  $_SESSION['UserID'] . "' AND locationusers.canview=1, 
+			debtorsmaster,stockmaster, currencies
 			WHERE 	salesorderdetails.orderno = salesorders.orderno
 					AND salesorderdetails.stkcode = stockmaster.stockid
 					AND salesorders.debtorno = debtorsmaster.debtorno
@@ -191,12 +194,14 @@
 			case 'B':
 				$QOHResult = DB_query("SELECT sum(quantity)
 								FROM locstock
+								INNER JOIN locationusers ON locationusers.loccode=locstock.loccode AND locationusers.userid='" .  $_SESSION['UserID'] . "' AND locationusers.canview=1
 								WHERE stockid = '" . DB_escape_string($myrow['stkcode']) . "'", $db);
 				$QOHRow = DB_fetch_row($QOHResult);
 				$QOH = $QOHRow[0];
 				$QOOSQL="SELECT SUM(purchorderdetails.quantityord -purchorderdetails.quantityrecd) AS QtyOnOrder
 							FROM purchorders INNER JOIN purchorderdetails
 							ON purchorders.orderno=purchorderdetails.orderno
+							INNER JOIN locationusers ON locationusers.loccode=purchorders.intostocklocation AND locationusers.userid='" .  $_SESSION['UserID'] . "' AND locationusers.canview=1
 							WHERE purchorderdetails.itemcode='" . DB_escape_string($myrow['stkcode']) . "'
 							AND purchorderdetails.completed =0
 							AND purchorders.status<>'Cancelled'
@@ -213,6 +218,7 @@
 				$sql = "SELECT SUM(woitems.qtyreqd-woitems.qtyrecd) AS qtywo
 						FROM woitems INNER JOIN workorders
 						ON woitems.wo=workorders.wo
+						INNER JOIN locationusers ON locationusers.loccode=workorders.loccode AND locationusers.userid='" .  $_SESSION['UserID'] . "' AND locationusers.canview=1
 						WHERE workorders.closed=0
 						AND woitems.stockid='" . DB_escape_string($myrow['stkcode']) . "'";
 				$ErrMsg = _('The quantity on work orders for this product cannot be retrieved because');

Modified: trunk/WorkCentres.php
===================================================================
--- trunk/WorkCentres.php	2014-08-11 14:12:30 UTC (rev 6807)
+++ trunk/WorkCentres.php	2014-08-11 21:27:11 UTC (rev 6808)
@@ -118,6 +118,7 @@
 				workcentres.overheadperhour
 			FROM workcentres,
 				locations
+			INNER JOIN locationusers ON locationusers.loccode=locations.loccode AND locationusers.userid='" .  $_SESSION['UserID'] . "' AND locationusers.canview=1
 			WHERE workcentres.location = locations.loccode";
 
 	$result = DB_query($sql,$db);
@@ -177,6 +178,7 @@
 					overheadrecoveryact,
 					overheadperhour
 			FROM workcentres
+			INNER JOIN locationusers ON locationusers.loccode=workcentres.location AND locationusers.userid='" .  $_SESSION['UserID'] . "' AND locationusers.canupd=1
 			WHERE code='" . $SelectedWC . "'";
 
 	$result = DB_query($sql, $db);
@@ -208,8 +210,9 @@
 }
 
 $SQL = "SELECT locationname,
-				loccode
-		FROM locations";
+				locations.loccode
+		FROM locations
+		INNER JOIN locationusers ON locationusers.loccode=locations.loccode AND locationusers.userid='" .  $_SESSION['UserID'] . "' AND locationusers.canupd=1";
 $result = DB_query($SQL,$db);
 
 if (!isset($_POST['Description'])) {

Modified: trunk/WorkOrderCosting.php
===================================================================
--- trunk/WorkOrderCosting.php	2014-08-11 14:12:30 UTC (rev 6807)
+++ trunk/WorkOrderCosting.php	2014-08-11 21:27:11 UTC (rev 6808)
@@ -48,6 +48,7 @@
 							closecomments
 						FROM workorders INNER JOIN locations
 						ON workorders.loccode=locations.loccode
+						INNER JOIN locationusers ON locationusers.loccode=locations.loccode AND locationusers.userid='" .  $_SESSION['UserID'] . "' AND locationusers.canupd=1
 						WHERE workorders.wo='" . $_POST['WO'] . "'",
 						$db,
 						$ErrMsg);