dbxe
/
fusionpbx
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Contact Times: Timer now works for contacts under foreign domains. Limit edit and delete to user's own Time entries.

This commit is contained in:
Nate Jones 2015-05-17 09:58:57 +00:00
parent d9de58b0cd
commit a28f7a9f53
2 changed files with 19 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
app/contacts/contact_time_edit.php
View File

@ -97,7 +97,7 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) {
$sql .= ") ";
$sql .= "values ";
$sql .= "( ";
$sql .= "'".$_SESSION['domain_uuid']."', ";
$sql .= "'".$domain_uuid."', ";
$sql .= "'".$contact_time_uuid."', ";
$sql .= "'".$contact_uuid."', ";
$sql .= "'".$_SESSION["user"]["user_uuid"]."', ";
@ -121,7 +121,7 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) {
$sql .= "time_description = '".$time_description."' ";
$sql .= "where ";
$sql .= "contact_time_uuid = '".$contact_time_uuid."' ";
$sql .= "and domain_uuid = '".$_SESSION['domain_uuid']."' ";
$sql .= "and domain_uuid = '".$domain_uuid."' ";
$sql .= "and contact_uuid = '".$contact_uuid."' ";
$sql .= "and user_uuid = '".$_SESSION["user"]["user_uuid"]."' ";
$db->exec(check_sql($sql));
@ -140,11 +140,10 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) {
$sql = "select ct.*, u.username ";
$sql .= "from v_contact_times as ct, v_users as u ";
$sql .= "where ct.user_uuid = u.user_uuid ";
$sql .= "and ct.domain_uuid = '".$_SESSION['domain_uuid']."' ";
$sql .= "and u.domain_uuid = '".$_SESSION['domain_uuid']."' ";
$sql .= "and ct.domain_uuid = '".$domain_uuid."' ";
$sql .= "and ct.contact_uuid = '".$contact_uuid."' ";
$sql .= "and ct.user_uuid = '".$_SESSION["user"]["user_uuid"]."' ";
$sql .= "and contact_time_uuid = '".$contact_time_uuid."' ";
$sql .= "order by ct.time_start desc ";
$prep_statement = $db->prepare(check_sql($sql));
$prep_statement->execute();
$result = $prep_statement->fetch(PDO::FETCH_NAMED);

23
app/contacts/contact_times.php
View File

@ -43,11 +43,10 @@ else {
echo "</table>\n";
//get the contact list
$sql = "select ct.*, u.username ";
$sql = "select ct.*, u.username, u.domain_uuid as user_domain_uuid ";
$sql .= "from v_contact_times as ct, v_users as u ";
$sql .= "where ct.user_uuid = u.user_uuid ";
$sql .= "and ct.domain_uuid = '".$domain_uuid."' ";
$sql .= "and u.domain_uuid = '".$domain_uuid."' ";
$sql .= "and ct.contact_uuid = '".$contact_uuid."' ";
$sql .= "order by ct.time_start desc ";
$prep_statement = $db->prepare(check_sql($sql));
@ -83,9 +82,7 @@ else {
echo "<table id='table_contact_times' class='tr_hover' style='width: 100%; direction: ltr;' border='0' cellpadding='0' cellspacing='0'>\n";
if ($result_count > 0) {
foreach($result as $row) {
if (permission_exists('contact_time_edit')) {
$tr_link = "href='contact_time_edit.php?contact_uuid=".$row['contact_uuid']."&id=".$row['contact_time_uuid']."'";
}
$tr_link = (permission_exists('contact_time_edit') && $row['user_uuid'] == $_SESSION["user"]["user_uuid"]) ? "href='contact_time_edit.php?contact_uuid=".$row['contact_uuid']."&id=".$row['contact_time_uuid']."'" : null;
echo "<tr ".$tr_link.">\n";
if ($row["time_start"] != '' && $row['time_stop'] != '') {
$time_start = strtotime($row["time_start"]);
@ -95,16 +92,26 @@ else {
else { unset($time); }
$tmp = explode(' ', $row['time_start']);
$time_start = $tmp[0];
echo " <td valign='top' class='".$row_style[$c]."' width='20%'>".$row["username"]."&nbsp;</td>\n";
echo " <td valign='top' class='".$row_style[$c]."' width='20%'><span ".(($row['user_domain_uuid'] != $domain_uuid) ? "title='".$_SESSION['domains'][$row['user_domain_uuid']]['domain_name']."' style='cursor: help;'" : null).">".$row["username"]."</span>&nbsp;</td>\n";
echo " <td valign='top' class='".$row_style[$c]."' width='20%'>".$time_start."&nbsp;</td>\n";
echo " <td valign='top' class='".$row_style[$c]."' width='20%'>".$time."&nbsp;</td>\n";
echo " <td valign='top' class='row_stylebg' style='width: 40%; max-width: 100px; overflow: hidden; text-overflow: ellipsis; white-space: nowrap;'>".$row['time_description']."&nbsp;</td>\n";
echo " <td class='list_control_icons' nowrap>";
if (permission_exists('contact_time_edit')) {
echo "<a href='contact_time_edit.php?contact_uuid=".$row['contact_uuid']."&id=".$row['contact_time_uuid']."' alt='".$text['button-edit']."'>$v_link_label_edit</a>";
if ($row['user_uuid'] == $_SESSION["user"]["user_uuid"]) {
echo "<a href='contact_time_edit.php?contact_uuid=".$row['contact_uuid']."&id=".$row['contact_time_uuid']."' alt='".$text['button-edit']."'>".$v_link_label_edit."</a>";
}
else {
echo "<span onclick=\"alert('".$text['message-access_denied']."');\" alt='".$text['button-edit']."'>".str_replace("list_control_icon", "list_control_icon_disabled", $v_link_label_edit)."</span>";
}
}
if (permission_exists('contact_time_delete')) {
echo "<a href='contact_time_delete.php?contact_uuid=".$row['contact_uuid']."&id=".$row['contact_time_uuid']."' alt='".$text['button-delete']."' onclick=\"return confirm('".$text['confirm-delete']."')\">$v_link_label_delete</a>";
if ($row['user_uuid'] == $_SESSION["user"]["user_uuid"]) {
echo "<a href='contact_time_delete.php?contact_uuid=".$row['contact_uuid']."&id=".$row['contact_time_uuid']."' alt='".$text['button-delete']."' onclick=\"return confirm('".$text['confirm-delete']."')\">".$v_link_label_delete."</a>";
}
else {
echo "<span onclick=\"alert('".$text['message-access_denied']."');\" alt='".$text['button-delete']."'>".str_replace("list_control_icon", "list_control_icon_disabled", $v_link_label_delete)."</span>";
}
}
echo " </td>\n";
echo "</tr>\n";