Refactor contact management functions and remove phpinfo.php
- Updated formatting and structure of functions in edit_contact.inc.php for better readability and consistency. - Added comments to clarify the purpose of certain code sections, especially regarding mandant handling. - Removed the deprecated phpinfo.php file to clean up the codebase.
This commit is contained in:
@@ -8,7 +8,7 @@ $currDir = __DIR__;
|
||||
$rootDir = dirname(dirname(dirname($currDir)));
|
||||
$mysydeDir = $rootDir . '/mysyde';
|
||||
|
||||
require_once($rootDir . '/vendor/autoload.php');
|
||||
require_once($rootDir . '/vendor/autoload.php');
|
||||
require_once($rootDir . "/mysyde/frontend/frontend_functions.inc.php");
|
||||
|
||||
$envDir = $rootDir . '/config';
|
||||
@@ -17,28 +17,309 @@ if (is_dir($envDir) && file_exists($envFilePath) && is_file($envFilePath) && is_
|
||||
$dotenv = new \Dotenv\Dotenv($envDir);
|
||||
$dotenv->load();
|
||||
}
|
||||
$common = $mysydeDir ."/common/common_functions.inc.php";
|
||||
$common = $mysydeDir . "/common/common_functions.inc.php";
|
||||
require_once($common);
|
||||
|
||||
$connEnv = (local_environment()) ? $mysydeDir."/dc.config.php" : $mysydeDir."/dc-server.config.php";
|
||||
$connEnv = (local_environment()) ? $mysydeDir . "/dc.config.php" : $mysydeDir . "/dc-server.config.php";
|
||||
|
||||
require_once($connEnv);
|
||||
|
||||
db_connect();
|
||||
|
||||
function parse_ids_list(?string $csv): array
|
||||
{
|
||||
if ($csv === null)
|
||||
return [];
|
||||
$csv = trim($csv);
|
||||
if ($csv === '')
|
||||
return [];
|
||||
|
||||
switch ($_POST['action']) {
|
||||
$parts = explode(',', $csv);
|
||||
$out = [];
|
||||
foreach ($parts as $p) {
|
||||
$p = trim($p);
|
||||
if ($p === '')
|
||||
continue;
|
||||
if (ctype_digit($p))
|
||||
$out[] = (int) $p;
|
||||
}
|
||||
$out = array_values(array_unique($out));
|
||||
return $out;
|
||||
}
|
||||
|
||||
function build_user_pairs(array $contact_rows): array
|
||||
{
|
||||
$pairs = [];
|
||||
foreach ($contact_rows as $row) {
|
||||
$m = $row['main_mandant_id'] ?? null;
|
||||
$d = $row['main_department_id'] ?? null;
|
||||
if ($m === null || $d === null)
|
||||
continue;
|
||||
if (!is_numeric($m) || !is_numeric($d))
|
||||
continue;
|
||||
$pairs[((int) $m) . ':' . ((int) $d)] = true;
|
||||
}
|
||||
return $pairs; // associative set
|
||||
}
|
||||
|
||||
function user_can_see_ticket(int $contact_id, array $user_pairs, array $ticket): bool
|
||||
{
|
||||
|
||||
$contact_ids = parse_ids_list($ticket['contact_ids'] ?? null);
|
||||
$mandant_ids = parse_ids_list($ticket['mandant_ids'] ?? null);
|
||||
$department_ids = parse_ids_list($ticket['department_ids'] ?? null);
|
||||
|
||||
if (!empty($contact_ids) && in_array($contact_id, $contact_ids, true)) {
|
||||
return true;
|
||||
}
|
||||
|
||||
$mandant_unrestricted = empty($mandant_ids);
|
||||
$department_unrestricted = empty($department_ids);
|
||||
|
||||
if ($mandant_unrestricted && $department_unrestricted) {
|
||||
return true;
|
||||
}
|
||||
|
||||
if (!$mandant_unrestricted && $department_unrestricted) {
|
||||
foreach ($user_pairs as $pairKey => $_) {
|
||||
[$um, $ud] = array_map('intval', explode(':', $pairKey, 2));
|
||||
if (in_array($um, $mandant_ids, true))
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
if ($mandant_unrestricted && !$department_unrestricted) {
|
||||
foreach ($user_pairs as $pairKey => $_) {
|
||||
[$um, $ud] = array_map('intval', explode(':', $pairKey, 2));
|
||||
if (in_array($ud, $department_ids, true))
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
|
||||
foreach ($mandant_ids as $m) {
|
||||
foreach ($department_ids as $d) {
|
||||
if (isset($user_pairs[$m . ':' . $d])) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
function filter_tickets_for_user(int $contact_id, array $contact_rows, array $tickets): array
|
||||
{
|
||||
$user_pairs = build_user_pairs($contact_rows);
|
||||
|
||||
$out = [];
|
||||
foreach ($tickets as $ticket) {
|
||||
if (user_can_see_ticket($contact_id, $user_pairs, $ticket)) {
|
||||
$out[] = $ticket;
|
||||
}
|
||||
}
|
||||
return $out;
|
||||
}
|
||||
|
||||
$json = file_get_contents('php://input');
|
||||
$data = json_decode($json, true);
|
||||
|
||||
switch ($data['action']) {
|
||||
case 'get_tickets':
|
||||
get_tickets();
|
||||
get_tickets($data);
|
||||
break;
|
||||
case 'getSubCategories':
|
||||
get_sub_categories($data);
|
||||
break;
|
||||
case 'getParendCategories':
|
||||
get_parent_categories($data);
|
||||
break;
|
||||
case 'getCategorieInfo':
|
||||
get_categorie_info($data);
|
||||
break;
|
||||
default:
|
||||
echo json_encode(['error' => 'Invalid action']);
|
||||
break;
|
||||
}
|
||||
|
||||
function get_tickets() {
|
||||
$contact = $_SESSION['main_contact'];
|
||||
$contact_json = json_encode($contact);
|
||||
function get_categorie_info($data)
|
||||
{
|
||||
$category_id = $data['category_id'] ?? '';
|
||||
|
||||
return json_encode(['contact' => $contact_json]);
|
||||
}
|
||||
$query = "SELECT id, description, text FROM main_tickets_category WHERE id = :category_id";
|
||||
$stmt = $GLOBALS['pdo_conn']->prepare($query);
|
||||
$stmt->bindParam(':category_id', $category_id);
|
||||
$stmt->execute();
|
||||
$category_info = $stmt->fetch(PDO::FETCH_ASSOC);
|
||||
|
||||
echo json_encode($category_info);
|
||||
}
|
||||
function get_parent_categories($data)
|
||||
{
|
||||
$query = "SELECT id, description, text FROM main_tickets_category WHERE parent_id IS NULL ORDER BY sorting";
|
||||
$stmt = $GLOBALS['pdo_conn']->prepare($query);
|
||||
$stmt->execute();
|
||||
$parent_categories = $stmt->fetchAll(PDO::FETCH_ASSOC);
|
||||
|
||||
echo json_encode($parent_categories);
|
||||
}
|
||||
|
||||
function get_sub_categories($data)
|
||||
{
|
||||
$category_id = $data['category_id'] ?? '';
|
||||
|
||||
$query = "SELECT id, description, text FROM main_tickets_category WHERE parent_id = :category_id ORDER BY sorting";
|
||||
$stmt = $GLOBALS['pdo_conn']->prepare($query);
|
||||
$stmt->bindParam(':category_id', $category_id);
|
||||
$stmt->execute();
|
||||
$sub_categories = $stmt->fetchAll(PDO::FETCH_ASSOC);
|
||||
|
||||
echo json_encode($sub_categories);
|
||||
}
|
||||
|
||||
function get_tickets($data)
|
||||
{
|
||||
|
||||
$cue = $data['cue'] ?? '';
|
||||
$contact_id = $data['contactID'] ?? '';
|
||||
|
||||
$query = "SELECT
|
||||
|
||||
main_contact.id AS contact_id,
|
||||
main_contact_department.main_mandant_id,
|
||||
main_contact_department.main_department_id,
|
||||
main_contact_department.main_role_id,
|
||||
main_contact_department.main_bereich_id,
|
||||
main_contact_department.main_einricht_id
|
||||
|
||||
FROM main_contact
|
||||
|
||||
LEFT JOIN main_contact_department AS main_contact_department ON main_contact_department.main_contact_id = main_contact.id
|
||||
|
||||
WHERE main_contact.id = :contact_id
|
||||
";
|
||||
|
||||
$stmt = $GLOBALS['pdo_conn']->prepare($query);
|
||||
$stmt->bindParam(':contact_id', $contact_id);
|
||||
$stmt->execute();
|
||||
$contact_rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
|
||||
|
||||
switch ($cue) {
|
||||
case '1000':
|
||||
$where = "WHERE main_tickets.sender_id = :contact_id
|
||||
AND current_state != 4";
|
||||
break;
|
||||
case '2000':
|
||||
$where = "WHERE main_tickets.receiver_id = :contact_id
|
||||
AND current_state != 4";
|
||||
break;
|
||||
case '3000':
|
||||
$where = "WHERE current_state != 4";
|
||||
break;
|
||||
case '4000':
|
||||
$where = "WHERE main_tickets.current_state = 4";
|
||||
break;
|
||||
case '6000':
|
||||
$where = "";
|
||||
break;
|
||||
case '7000':
|
||||
$where = "WHERE main_tickets.receiver_id = 0";
|
||||
break;
|
||||
case '8000':
|
||||
$where = "WHERE main_tickets.insurance_claim = 1";
|
||||
break;
|
||||
default:
|
||||
$where = "";
|
||||
break;
|
||||
}
|
||||
|
||||
|
||||
$query = "SELECT
|
||||
|
||||
main_tickets.id,
|
||||
main_tickets.id AS 'ticket_no',
|
||||
main_tickets.description,
|
||||
main_tickets.creation_date,
|
||||
receiver.name AS 'receiver',
|
||||
sender.name AS 'sender',
|
||||
main_tickets_category.description AS 'category_description',
|
||||
individual_state.description AS 'individual_state_description',
|
||||
|
||||
GROUP_CONCAT(DISTINCT main_tickets_category_mandant.main_mandant_id) AS mandant_ids,
|
||||
GROUP_CONCAT(DISTINCT main_tickets_category_department.main_department_id) AS department_ids,
|
||||
GROUP_CONCAT(DISTINCT main_tickets_category_contact.main_contact_id) AS contact_ids
|
||||
|
||||
FROM main_tickets
|
||||
LEFT JOIN main_contact AS receiver ON receiver.id = main_tickets.receiver_id
|
||||
LEFT JOIN main_contact AS sender ON sender.id = main_tickets.sender_id
|
||||
LEFT JOIN main_tickets_category ON main_tickets.main_ticket_category_id = main_tickets_category.id
|
||||
LEFT JOIN main_tickets_status AS individual_state ON individual_state.id = main_tickets.individual_state
|
||||
|
||||
LEFT JOIN main_tickets_category_mandant AS main_tickets_category_mandant ON main_tickets_category_mandant.main_tickets_category_id = main_tickets.main_ticket_category_id
|
||||
LEFT JOIN main_tickets_category_department AS main_tickets_category_department ON main_tickets_category_department.main_tickets_category_id = main_tickets.main_ticket_category_id
|
||||
LEFT JOIN main_tickets_category_contact AS main_tickets_category_contact ON main_tickets_category_contact.main_tickets_category_id = main_tickets.main_ticket_category_id
|
||||
|
||||
$where
|
||||
|
||||
GROUP BY main_tickets.id
|
||||
";
|
||||
|
||||
$stmt = $GLOBALS['pdo_conn']->prepare($query);
|
||||
switch ($cue) {
|
||||
case '1000':
|
||||
$stmt->bindParam(':contact_id', $contact_id, PDO::PARAM_INT);
|
||||
break;
|
||||
case '2000':
|
||||
$stmt->bindParam(':contact_id', $contact_id, PDO::PARAM_INT);
|
||||
break;
|
||||
case '3000':
|
||||
break;
|
||||
case '4000':
|
||||
break;
|
||||
case '5000':
|
||||
break;
|
||||
case '6000':
|
||||
break;
|
||||
case '7000':
|
||||
break;
|
||||
default:
|
||||
|
||||
break;
|
||||
}
|
||||
|
||||
$stmt->execute();
|
||||
$tickets = $stmt->fetchAll(PDO::FETCH_ASSOC);
|
||||
|
||||
$contact_id_int = (int) $contact_id;
|
||||
|
||||
switch ($cue) {
|
||||
case '1000':
|
||||
break;
|
||||
case '2000':
|
||||
break;
|
||||
case '3000':
|
||||
$tickets = filter_tickets_for_user($contact_id_int, $contact_rows, $tickets);
|
||||
break;
|
||||
case '4000':
|
||||
$tickets = filter_tickets_for_user($contact_id_int, $contact_rows, $tickets);
|
||||
break;
|
||||
case '5000':
|
||||
break;
|
||||
case '6000':
|
||||
break;
|
||||
case '7000':
|
||||
break;
|
||||
default:
|
||||
|
||||
break;
|
||||
}
|
||||
|
||||
$tickets = array_map(function ($ticket) {
|
||||
$ticket['id'] = encryptId($ticket['id']);
|
||||
return $ticket;
|
||||
}, $tickets);
|
||||
|
||||
echo json_encode($tickets);
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user