Add Einrichtung and Fachbereich as permission/filter types (knowledgecenter + tasks)
- Create knowledgecenter_category_einricht, _fachbereich, knowledgecenter_post_einricht, knowledgecenter_post_fachbereich tables; extend task_target_rule with main_einricht_id and main_bereich_id columns - Middleware: load main_einricht_id/main_bereich_id from main_contact_department, expose $allowedEinrichts/$allowedFachbereiche globals (same pattern as existing 3 types) - Ajax: add update_category/post_einrichts/fachbereiche functions, extend update_category_links() and search filter query - Views: add einricht/fachbereich LEFT JOINs and WHERE filters in all 5 query sites (categories_posts_listform, category_posts_widget, post_announcement_listform, post_cardform userHasAccessForPost, Ajax search) - post_cardform_settings: add Einrichtungen/Fachbereiche tagify pickers with save/load - Tasks: add listEinrichts/listFachbereiche to repo+service, add UI selects in task_form, extend target-rule normalization and upsert builder, extend AssignmentResolverService scope loading and matchesAnyRule to include einricht/fachbereich matching Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -10,9 +10,11 @@ $currentUserId = $GLOBALS["main_contact"]["id"] ?? 0;
|
||||
$userMandants = [];
|
||||
$userDepartments = [];
|
||||
$userRoles = [];
|
||||
$userEinrichts = [];
|
||||
$userFachbereiche = [];
|
||||
|
||||
if ($currentUserId) {
|
||||
$query = "SELECT main_mandant_id, main_department_id, main_role_id
|
||||
$query = "SELECT main_mandant_id, main_department_id, main_role_id, main_einricht_id, main_bereich_id
|
||||
FROM main_contact_department
|
||||
WHERE main_contact_id = $currentUserId AND active = 1";
|
||||
$result = mysqli_query($GLOBALS['mysql_con'], $query);
|
||||
@@ -26,6 +28,12 @@ if ($currentUserId) {
|
||||
if (!in_array($row['main_role_id'], $userRoles)) {
|
||||
$userRoles[] = $row['main_role_id'];
|
||||
}
|
||||
if ($row['main_einricht_id'] != 0 && !in_array($row['main_einricht_id'], $userEinrichts)) {
|
||||
$userEinrichts[] = $row['main_einricht_id'];
|
||||
}
|
||||
if ($row['main_bereich_id'] != 0 && !in_array($row['main_bereich_id'], $userFachbereiche)) {
|
||||
$userFachbereiche[] = $row['main_bereich_id'];
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -53,34 +61,31 @@ function userHasAccessForPost($postId)
|
||||
return true;
|
||||
}
|
||||
}
|
||||
global $allowedMandants, $allowedDepartments, $allowedRoles;
|
||||
global $allowedMandants, $allowedDepartments, $allowedRoles, $allowedEinrichts, $allowedFachbereiche;
|
||||
|
||||
|
||||
// Baue den Query, der per LEFT JOIN die Verknüpfungen berücksichtigt.
|
||||
// Für jeden Bereich wird ermittelt:
|
||||
// - cntX: Gesamtzahl der Verknüpfungen in diesem Bereich für diesen Post.
|
||||
// - matchX: Anzahl der Verknüpfungen, die in der erlaubten Liste liegen.
|
||||
// Wenn cnt > 0 und match = 0, dann hat der User in diesem Bereich keinen Zugriff.
|
||||
// Existieren keine Verknüpfungen (cnt = 0), gilt der Bereich als unbeschränkt.
|
||||
$sql = "
|
||||
SELECT
|
||||
SELECT
|
||||
COUNT(DISTINCT pd.department_id) AS cntDept,
|
||||
SUM(IF(pd.department_id IN (" . ($allowedDepartments ? $allowedDepartments : 'NULL') . "), 1, 0)) AS matchDept,
|
||||
COUNT(DISTINCT pm.mandant_id) AS cntMand,
|
||||
SUM(IF(pm.mandant_id IN (" . ($allowedMandants ? $allowedMandants : 'NULL') . "), 1, 0)) AS matchMand,
|
||||
COUNT(DISTINCT pr.role_id) AS cntRole,
|
||||
SUM(IF(pr.role_id IN (" . ($allowedRoles ? $allowedRoles : 'NULL') . "), 1, 0)) AS matchRole
|
||||
SUM(IF(pr.role_id IN (" . ($allowedRoles ? $allowedRoles : 'NULL') . "), 1, 0)) AS matchRole,
|
||||
COUNT(DISTINCT pe.einricht_id) AS cntEinricht,
|
||||
SUM(IF(pe.einricht_id IN (" . ($allowedEinrichts ? $allowedEinrichts : 'NULL') . "), 1, 0)) AS matchEinricht,
|
||||
COUNT(DISTINCT pfb.fachbereich_id) AS cntFachbereich,
|
||||
SUM(IF(pfb.fachbereich_id IN (" . ($allowedFachbereiche ? $allowedFachbereiche : 'NULL') . "), 1, 0)) AS matchFachbereich
|
||||
FROM knowledgecenter_posts AS p
|
||||
LEFT JOIN knowledgecenter_post_department AS pd ON p.id = pd.post_id
|
||||
LEFT JOIN knowledgecenter_post_mandant AS pm ON p.id = pm.post_id
|
||||
LEFT JOIN knowledgecenter_post_role AS pr ON p.id = pr.post_id
|
||||
LEFT JOIN knowledgecenter_post_einricht AS pe ON p.id = pe.post_id
|
||||
LEFT JOIN knowledgecenter_post_fachbereich AS pfb ON p.id = pfb.post_id
|
||||
WHERE p.id = $postId
|
||||
GROUP BY p.id
|
||||
";
|
||||
$res = mysqli_query($GLOBALS['mysql_con'], $sql);
|
||||
if (!$res || mysqli_num_rows($res) === 0) {
|
||||
// Falls keine Verknüpfungen in allen Bereichen vorhanden sind, wird oft kein Datensatz zurückgegeben
|
||||
// – das bedeutet, dass es keine Einschränkungen gibt, also Zugriff.
|
||||
return true;
|
||||
}
|
||||
$row = mysqli_fetch_assoc($res);
|
||||
@@ -95,6 +100,12 @@ function userHasAccessForPost($postId)
|
||||
if ($row['cntRole'] > 0 && $row['matchRole'] == 0) {
|
||||
$access = false;
|
||||
}
|
||||
if ($row['cntEinricht'] > 0 && $row['matchEinricht'] == 0) {
|
||||
$access = false;
|
||||
}
|
||||
if ($row['cntFachbereich'] > 0 && $row['matchFachbereich'] == 0) {
|
||||
$access = false;
|
||||
}
|
||||
return $access;
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user