Menu
▾
▴
[Web-erp-svn] SF.net SVN: web-erp:[6809] trunk
|
From: <aga...@us...> - 2014-08-12 19:16:03
|
Revision: 6809
http://sourceforge.net/p/web-erp/reponame/6809
Author: agaluski
Date: 2014-08-12 19:16:00 +0000 (Tue, 12 Aug 2014)
Log Message:
-----------
Added Location based security to these files
Modified Paths:
--------------
trunk/BOMs.php
trunk/PrintCustTrans.php
trunk/PrintCustTransPortrait.php
trunk/RecurringSalesOrdersProcess.php
trunk/ReorderLevel.php
trunk/ReorderLevelLocation.php
trunk/SelectRecurringSalesOrder.php
Modified: trunk/BOMs.php
===================================================================
--- trunk/BOMs.php 2014-08-11 21:27:11 UTC (rev 6808)
+++ trunk/BOMs.php 2014-08-12 19:16:00 UTC (rev 6809)
@@ -93,6 +93,7 @@
INNER JOIN locstock
ON bom.loccode=locstock.loccode
AND bom.component = locstock.stockid
+ INNER JOIN locationusers ON locationusers.loccode=locations.loccode AND locationusers.userid='" . $_SESSION['UserID'] . "' AND locationusers.canupd=1
WHERE bom.component='".$Component."'
AND bom.parent = '".$Parent."'";
@@ -448,7 +449,7 @@
$sql = "SELECT bom.parent,
stockmaster.description,
stockmaster.mbflag
- FROM bom, stockmaster
+ FROM bom INNER JOIN locationusers ON locationusers.loccode=bom.loccode AND locationusers.userid='" . $_SESSION['UserID'] . "' AND locationusers.canupd=1, stockmaster
WHERE bom.component='".$SelectedParent."'
AND stockmaster.stockid=bom.parent
AND stockmaster.mbflag='M'";
@@ -498,6 +499,7 @@
stockmaster.mbflag
FROM bom INNER JOIN stockmaster
ON bom.parent=stockmaster.stockid
+ INNER JOIN locationusers ON locationusers.loccode=bom.loccode AND locationusers.userid='" . $_SESSION['UserID'] . "' AND locationusers.canupd=1
WHERE bom.component='".$SelectedParent."'
AND stockmaster.mbflag='K'";
@@ -602,13 +604,14 @@
//editing a selected component from the link to the line item
$sql = "SELECT sequence,
- loccode,
+ bom.loccode,
effectiveafter,
effectiveto,
workcentreadded,
quantity,
autoissue
FROM bom
+ INNER JOIN locationusers ON locationusers.loccode=bom.loccode AND locationusers.userid='" . $_SESSION['UserID'] . "' AND locationusers.canupd=1
WHERE parent='".$SelectedParent."'
AND component='".$SelectedComponent."'";
@@ -699,7 +702,7 @@
<td><select tabindex="2" name="LocCode">';
DB_free_result($result);
- $sql = "SELECT locationname, loccode FROM locations";
+ $sql = "SELECT locationname, locations.loccode FROM locations INNER JOIN locationusers ON locationusers.loccode=locations.loccode AND locationusers.userid='" . $_SESSION['UserID'] . "' AND locationusers.canupd=1";
$result = DB_query($sql,$db);
while ($myrow = DB_fetch_array($result)) {
@@ -719,7 +722,7 @@
<tr>
<td>' . _('Work Centre Added') . ': </td><td>';
- $sql = "SELECT code, description FROM workcentres";
+ $sql = "SELECT code, description FROM workcentres INNER JOIN locationusers ON locationusers.loccode=workcentres.location AND locationusers.userid='" . $_SESSION['UserID'] . "' AND locationusers.canupd=1";
$result = DB_query($sql,$db);
if (DB_num_rows($result)==0){
Modified: trunk/PrintCustTrans.php
===================================================================
--- trunk/PrintCustTrans.php 2014-08-11 21:27:11 UTC (rev 6808)
+++ trunk/PrintCustTrans.php 2014-08-12 19:16:00 UTC (rev 6809)
@@ -149,6 +149,8 @@
ON custbranch.salesman=salesman.salesmancode
INNER JOIN locations
ON salesorders.fromstkloc=locations.loccode
+ INNER JOIN locationusers
+ ON locationusers.loccode=locations.loccode AND locationusers.userid='" . $_SESSION['UserID'] . "' AND locationusers.canview=1
INNER JOIN paymentterms
ON debtorsmaster.paymentterms=paymentterms.termsindicator
INNER JOIN currencies
@@ -647,6 +649,8 @@
ON custbranch.salesman=salesman.salesmancode
INNER JOIN locations
ON salesorders.fromstkloc=locations.loccode
+ INNER JOIN locationusers
+ ON locationusers.loccode=locations.loccode AND locationusers.userid='" . $_SESSION['UserID'] . "' AND locationusers.canview=1
INNER JOIN paymentterms
ON debtorsmaster.paymentterms=paymentterms.termsindicator
INNER JOIN currencies
Modified: trunk/PrintCustTransPortrait.php
===================================================================
--- trunk/PrintCustTransPortrait.php 2014-08-11 21:27:11 UTC (rev 6808)
+++ trunk/PrintCustTransPortrait.php 2014-08-12 19:16:00 UTC (rev 6809)
@@ -169,6 +169,8 @@
ON custbranch.salesman=salesman.salesmancode
INNER JOIN locations
ON salesorders.fromstkloc=locations.loccode
+ INNER JOIN locationusers
+ ON locationusers.loccode=locations.loccode AND locationusers.userid='" . $_SESSION['UserID'] . "' AND locationusers.canview=1
INNER JOIN paymentterms
ON debtorsmaster.paymentterms=paymentterms.termsindicator
INNER JOIN currencies
@@ -688,6 +690,8 @@
ON custbranch.salesman=salesman.salesmancode
INNER JOIN locations
ON salesorders.fromstkloc=locations.loccode
+ INNER JOIN locationusers
+ ON locationusers.loccode=locations.loccode AND locationusers.userid='" . $_SESSION['UserID'] . "' AND locationusers.canview=1
INNER JOIN paymentterms
ON debtorsmaster.paymentterms=paymentterms.termsindicator
INNER JOIN currencies
Modified: trunk/RecurringSalesOrdersProcess.php
===================================================================
--- trunk/RecurringSalesOrdersProcess.php 2014-08-11 21:27:11 UTC (rev 6808)
+++ trunk/RecurringSalesOrdersProcess.php 2014-08-12 19:16:00 UTC (rev 6809)
@@ -60,7 +60,7 @@
custbranch.taxgroupid,
locations.contact,
locations.email
- FROM recurringsalesorders,
+ FROM recurringsalesorders INNER JOIN locationusers ON locationusers.loccode=recurringsalesorders.fromstkloc AND locationusers.userid='" . $_SESSION['UserID'] . "' AND locationusers.canupd=1,
debtorsmaster,
custbranch,
salestypes,
Modified: trunk/ReorderLevel.php
===================================================================
--- trunk/ReorderLevel.php 2014-08-11 21:27:11 UTC (rev 6808)
+++ trunk/ReorderLevel.php 2014-08-12 19:16:00 UTC (rev 6809)
@@ -42,7 +42,7 @@
stockmaster.decimalplaces,
stockmaster.serialised,
stockmaster.controlled
- FROM locstock,
+ FROM locstock INNER JOIN locationusers ON locationusers.loccode=locstock.loccode AND locationusers.userid='" . $_SESSION['UserID'] . "' AND locationusers.canview=1,
stockmaster
LEFT JOIN stockcategory
ON stockmaster.categoryid=stockcategory.categoryid,
@@ -126,7 +126,7 @@
locstock.loccode,
locstock.reorderlevel,
stockmaster.decimalplaces
- FROM locstock, stockmaster
+ FROM locstock INNER JOIN locationusers ON locationusers.loccode=locstock.loccode AND locationusers.userid='" . $_SESSION['UserID'] . "' AND locationusers.canview=1, stockmaster
WHERE locstock.quantity > 0
AND locstock.quantity > reorderlevel
AND locstock.stockid = stockmaster.stockid
@@ -197,9 +197,9 @@
echo '<br /><form action="' . htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . '" method="post">';
echo '<div>';
echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
- $sql = "SELECT loccode,
+ $sql = "SELECT locations.loccode,
locationname
- FROM locations";
+ FROM locations INNER JOIN locationusers ON locationusers.loccode=locations.loccode AND locationusers.userid='" . $_SESSION['UserID'] . "' AND locationusers.canview=1";
$resultStkLocs = DB_query($sql,$db);
echo '<table class="selection">
<tr>
Modified: trunk/ReorderLevelLocation.php
===================================================================
--- trunk/ReorderLevelLocation.php 2014-08-11 21:27:11 UTC (rev 6808)
+++ trunk/ReorderLevelLocation.php 2014-08-12 19:16:00 UTC (rev 6809)
@@ -42,9 +42,11 @@
reorderlevel,
bin,
quantity,
- decimalplaces
+ decimalplaces,
+ canupd
FROM locstock INNER JOIN stockmaster
ON locstock.stockid = stockmaster.stockid
+ INNER JOIN locationusers ON locationusers.loccode=locstock.loccode AND locationusers.userid='" . $_SESSION['UserID'] . "' AND locationusers.canview=1
WHERE stockmaster.categoryid = '" . $_POST['StockCat'] . "'
AND locstock.loccode = '" . $_POST['StockLocation'] . "'
AND stockmaster.discontinued = 0
@@ -110,6 +112,7 @@
//find the quantity onhand item
$SqlOH="SELECT SUM(quantity) AS qty
FROM locstock
+ INNER JOIN locationusers ON locationusers.loccode=locstock.loccode AND locationusers.userid='" . $_SESSION['UserID'] . "' AND locationusers.canview=1
WHERE stockid='" . $myrow['stockid'] . "'";
$TotQtyResult = DB_query($SqlOH,$db);
$TotQtyRow = DB_fetch_array($TotQtyResult);
@@ -119,9 +122,16 @@
<td class="number">' . locale_number_format($SalesRow['qtyinvoiced'],$myrow['decimalplaces']) . '</td>
<td class="number">' . locale_number_format($TotQtyRow['qty'],$myrow['decimalplaces']) . '</td>
<td class="number">' . locale_number_format($myrow['quantity'],$myrow['decimalplaces']) . '</td>
- <td><input type="text" class="number" name="ReorderLevel' . $i .'" maxlength="10" size="10" value="'. locale_number_format($myrow['reorderlevel'],0) .'" />
+ <td class="number">';
+ if ($myrow['canupd']==1) {
+ echo '<input type="text" class="number" name="ReorderLevel' . $i .'" maxlength="10" size="10" value="'. locale_number_format($myrow['reorderlevel'],0) .'" />
<input type="hidden" name="StockID' . $i . '" value="' . $myrow['stockid'] . '" /></td>
- <td><input type="text" name="BinLocation' . $i .'" maxlength="10" size="10" value="'. $myrow['bin'] .'" /></td>
+ <td><input type="text" name="BinLocation' . $i .'" maxlength="10" size="10" value="'. $myrow['bin'] .'" />';
+ } else {
+ echo locale_number_format($myrow['reorderlevel'],0) . '</td><td>' . $myrow['bin'] . '</td>';
+ }
+
+ echo '</td>
</tr> ';
$i++;
} //end of looping
@@ -145,9 +155,9 @@
<form action="' . htmlspecialchars($_SERVER['PHP_SELF'],ENT_QUOTES,'UTF-8') . '" method="post">
<div>';
echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
- $sql = "SELECT loccode,
+ $sql = "SELECT locations.loccode,
locationname
- FROM locations";
+ FROM locations INNER JOIN locationusers ON locationusers.loccode=locations.loccode AND locationusers.userid='" . $_SESSION['UserID'] . "' AND locationusers.canview=1";
$resultStkLocs = DB_query($sql,$db);
echo '<table class="selection">
<tr>
Modified: trunk/SelectRecurringSalesOrder.php
===================================================================
--- trunk/SelectRecurringSalesOrder.php 2014-08-11 21:27:11 UTC (rev 6808)
+++ trunk/SelectRecurringSalesOrder.php 2014-08-12 19:16:00 UTC (rev 6809)
@@ -20,7 +20,7 @@
<td>' . _('Select recurring order templates for delivery from:') . ' </td>
<td>' . '<select name="StockLocation">';
-$sql = "SELECT loccode, locationname FROM locations";
+$sql = "SELECT locations.loccode, locationname FROM locations INNER JOIN locationusers ON locationusers.loccode=locations.loccode AND locationusers.userid='" . $_SESSION['UserID'] . "' AND locationusers.canview=1";
$resultStkLocs = DB_query($sql,$db);
|
