Compare commits
8 Commits
07f9f304a4
...
main
| Author | SHA1 | Date | |
|---|---|---|---|
| 60eea92f11 | |||
| 5da7916651 | |||
| 8aadf65cc3 | |||
| ab4f38a360 | |||
| 61dde2925b | |||
| 3aa523870f | |||
| 4d6cc807c9 | |||
| a0698d621e |
6
.gitignore
vendored
6
.gitignore
vendored
@@ -23,4 +23,8 @@ docker/
|
|||||||
*.csv
|
*.csv
|
||||||
*.png
|
*.png
|
||||||
|
|
||||||
.DS_Store
|
.DS_Store
|
||||||
|
|
||||||
|
# Filesgallery-Cache (generierte Thumbnails)
|
||||||
|
module/knowledgecenter_update/Plugins/_files/cache/images/*
|
||||||
|
!module/knowledgecenter_update/Plugins/_files/cache/images/.gitkeep
|
||||||
@@ -2893,18 +2893,50 @@ function multi_select_permission($collection_id, $type){
|
|||||||
<script type="text/javascript" src="/plugins/jquery/jquery-3.5.1.min.js"></script>
|
<script type="text/javascript" src="/plugins/jquery/jquery-3.5.1.min.js"></script>
|
||||||
<script type="text/javascript" src="/plugins/Semantic-UI-master/semantic.min.js"></script>
|
<script type="text/javascript" src="/plugins/Semantic-UI-master/semantic.min.js"></script>
|
||||||
<link rel="stylesheet" type="text/css" href="/plugins/Semantic-UI-master/bc-semantic.css?time=<?= filemtime($_SERVER['DOCUMENT_ROOT'] . '/plugins/Semantic-UI-master/bc-semantic.css')?>">
|
<link rel="stylesheet" type="text/css" href="/plugins/Semantic-UI-master/bc-semantic.css?time=<?= filemtime($_SERVER['DOCUMENT_ROOT'] . '/plugins/Semantic-UI-master/bc-semantic.css')?>">
|
||||||
|
<?php
|
||||||
|
$einrichtLinks = [];
|
||||||
|
if ($type == "einricht") {
|
||||||
|
$linkRes = mysqli_query($GLOBALS['mysql_con'],
|
||||||
|
"SELECT einricht_id, linked_einricht_id FROM organigramm_einricht_link");
|
||||||
|
while ($lr = mysqli_fetch_assoc($linkRes)) {
|
||||||
|
$einrichtLinks[strval($lr['einricht_id'])][] = strval($lr['linked_einricht_id']);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
?>
|
||||||
<script>
|
<script>
|
||||||
|
|
||||||
var $y = jQuery.noConflict();
|
var $y = jQuery.noConflict();
|
||||||
$y( document ).ready(function() {
|
$y( document ).ready(function() {
|
||||||
$y('.websites.ui.fluid.multiple.dropdown.type_<?= $type ?>').dropdown('set selected', <?= json_encode($preselect) ?>);
|
var $drop = $y('.websites.ui.fluid.multiple.dropdown.type_<?= $type ?>');
|
||||||
|
<?php if ($type == "einricht"): ?>
|
||||||
|
var einrichtLinks = <?= json_encode($einrichtLinks) ?>;
|
||||||
|
var busy = false;
|
||||||
|
$drop.dropdown({
|
||||||
|
onChange: function(value) {
|
||||||
|
if (busy) return;
|
||||||
|
var current = value ? value.split(',').filter(Boolean) : [];
|
||||||
|
var toAdd = [];
|
||||||
|
current.forEach(function(id) {
|
||||||
|
(einrichtLinks[id] || []).forEach(function(lid) {
|
||||||
|
if (current.indexOf(lid) < 0 && toAdd.indexOf(lid) < 0) toAdd.push(lid);
|
||||||
|
});
|
||||||
|
});
|
||||||
|
if (toAdd.length) {
|
||||||
|
busy = true;
|
||||||
|
$drop.dropdown('set selected', current.concat(toAdd));
|
||||||
|
busy = false;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
});
|
||||||
|
<?php endif; ?>
|
||||||
|
$drop.dropdown('set selected', <?= json_encode($preselect) ?>);
|
||||||
});
|
});
|
||||||
$("<?php echo "#all_get".$type;?>").click(function() {
|
$("<?php echo "#all_get".$type;?>").click(function() {
|
||||||
$y('.websites.ui.fluid.multiple.dropdown.type_<?= $type ?>').dropdown('set selected', <?= json_encode($allselect) ?>);
|
$y('.websites.ui.fluid.multiple.dropdown.type_<?= $type ?>').dropdown('set selected', <?= json_encode($allselect) ?>);
|
||||||
});
|
});
|
||||||
$("<?php echo "#all_del".$type;?>").click(function() {
|
$("<?php echo "#all_del".$type;?>").click(function() {
|
||||||
console.log("delete");
|
console.log("delete");
|
||||||
$y('.websites.ui.fluid.multiple.dropdown.type_<?= $type ?>').dropdown('clear');
|
$y('.websites.ui.fluid.multiple.dropdown.type_<?= $type ?>').dropdown('clear');
|
||||||
});
|
});
|
||||||
</script>
|
</script>
|
||||||
<?
|
<?
|
||||||
|
|||||||
@@ -572,18 +572,50 @@ function multi_select_permission($collection_id, $type){
|
|||||||
<script type="text/javascript" src="/plugins/jquery/jquery-3.5.1.min.js"></script>
|
<script type="text/javascript" src="/plugins/jquery/jquery-3.5.1.min.js"></script>
|
||||||
<script type="text/javascript" src="/plugins/Semantic-UI-master/semantic.min.js"></script>
|
<script type="text/javascript" src="/plugins/Semantic-UI-master/semantic.min.js"></script>
|
||||||
<link rel="stylesheet" type="text/css" href="/plugins/Semantic-UI-master/bc-semantic.css?time=<?= filemtime($_SERVER['DOCUMENT_ROOT'] . '/plugins/Semantic-UI-master/bc-semantic.css')?>">
|
<link rel="stylesheet" type="text/css" href="/plugins/Semantic-UI-master/bc-semantic.css?time=<?= filemtime($_SERVER['DOCUMENT_ROOT'] . '/plugins/Semantic-UI-master/bc-semantic.css')?>">
|
||||||
|
<?php
|
||||||
|
$einrichtLinks = [];
|
||||||
|
if ($type == "einricht") {
|
||||||
|
$linkRes = mysqli_query($GLOBALS['mysql_con'],
|
||||||
|
"SELECT einricht_id, linked_einricht_id FROM organigramm_einricht_link");
|
||||||
|
while ($lr = mysqli_fetch_assoc($linkRes)) {
|
||||||
|
$einrichtLinks[strval($lr['einricht_id'])][] = strval($lr['linked_einricht_id']);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
?>
|
||||||
<script>
|
<script>
|
||||||
|
|
||||||
var $y = jQuery.noConflict();
|
var $y = jQuery.noConflict();
|
||||||
$y( document ).ready(function() {
|
$y( document ).ready(function() {
|
||||||
$y('.websites.ui.fluid.multiple.dropdown.type_<?= $type ?>').dropdown('set selected', <?= json_encode($preselect) ?>);
|
var $drop = $y('.websites.ui.fluid.multiple.dropdown.type_<?= $type ?>');
|
||||||
|
<?php if ($type == "einricht"): ?>
|
||||||
|
var einrichtLinks = <?= json_encode($einrichtLinks) ?>;
|
||||||
|
var busy = false;
|
||||||
|
$drop.dropdown({
|
||||||
|
onChange: function(value) {
|
||||||
|
if (busy) return;
|
||||||
|
var current = value ? value.split(',').filter(Boolean) : [];
|
||||||
|
var toAdd = [];
|
||||||
|
current.forEach(function(id) {
|
||||||
|
(einrichtLinks[id] || []).forEach(function(lid) {
|
||||||
|
if (current.indexOf(lid) < 0 && toAdd.indexOf(lid) < 0) toAdd.push(lid);
|
||||||
|
});
|
||||||
|
});
|
||||||
|
if (toAdd.length) {
|
||||||
|
busy = true;
|
||||||
|
$drop.dropdown('set selected', current.concat(toAdd));
|
||||||
|
busy = false;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
});
|
||||||
|
<?php endif; ?>
|
||||||
|
$drop.dropdown('set selected', <?= json_encode($preselect) ?>);
|
||||||
});
|
});
|
||||||
$("<?php echo "#all_get".$type;?>").click(function() {
|
$("<?php echo "#all_get".$type;?>").click(function() {
|
||||||
$y('.websites.ui.fluid.multiple.dropdown.type_<?= $type ?>').dropdown('set selected', <?= json_encode($allselect) ?>);
|
$y('.websites.ui.fluid.multiple.dropdown.type_<?= $type ?>').dropdown('set selected', <?= json_encode($allselect) ?>);
|
||||||
});
|
});
|
||||||
$("<?php echo "#all_del".$type;?>").click(function() {
|
$("<?php echo "#all_del".$type;?>").click(function() {
|
||||||
console.log("delete");
|
console.log("delete");
|
||||||
$y('.websites.ui.fluid.multiple.dropdown.type_<?= $type ?>').dropdown('clear');
|
$y('.websites.ui.fluid.multiple.dropdown.type_<?= $type ?>').dropdown('clear');
|
||||||
});
|
});
|
||||||
</script>
|
</script>
|
||||||
<?
|
<?
|
||||||
|
|||||||
@@ -24,6 +24,100 @@ require_once($connEnv);
|
|||||||
|
|
||||||
db_connect();
|
db_connect();
|
||||||
|
|
||||||
|
// Prüft ob der aktuelle User Wiki-Schreibrechte hat (r-wiki oder r-wiki-br)
|
||||||
|
function ajax_has_wiki_edit(): bool
|
||||||
|
{
|
||||||
|
$mid = $GLOBALS['main_contact']['master_mandant_id'] ?? 0;
|
||||||
|
$uid = $GLOBALS['main_contact']['id'] ?? 0;
|
||||||
|
return get_permission_state('r-wiki', $mid, $uid) == 1
|
||||||
|
|| get_permission_state('r-wiki-br', $mid, $uid) == 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
// Prüft ob eine Kategorie (oder ein Vorfahre) betriebsrat_editable=1 hat.
|
||||||
|
function ajax_is_category_editable_for_br(int $categoryId): bool
|
||||||
|
{
|
||||||
|
$visited = [];
|
||||||
|
$queue = [$categoryId];
|
||||||
|
while (!empty($queue)) {
|
||||||
|
$current = array_shift($queue);
|
||||||
|
if (isset($visited[$current])) {
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
$visited[$current] = true;
|
||||||
|
$res = mysqli_query($GLOBALS['mysql_con'],
|
||||||
|
"SELECT betriebsrat_editable FROM knowledgecenter_categories_update WHERE id = $current LIMIT 1");
|
||||||
|
$row = mysqli_fetch_assoc($res);
|
||||||
|
if ($row && (int)$row['betriebsrat_editable'] === 1) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
$pRes = mysqli_query($GLOBALS['mysql_con'],
|
||||||
|
"SELECT parent_category_id FROM knowledgecenter_category_links WHERE child_category_id = $current");
|
||||||
|
while ($pRow = mysqli_fetch_assoc($pRes)) {
|
||||||
|
$pid = (int)$pRow['parent_category_id'];
|
||||||
|
if (!isset($visited[$pid])) {
|
||||||
|
$queue[] = $pid;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
// Alle Kategorie-IDs, die für Betriebsrat zugänglich sind (direkt betriebsrat_editable=1
|
||||||
|
// plus alle Nachfahren im Baum – BFS nach unten).
|
||||||
|
function ajax_get_all_betriebsrat_accessible_category_ids(): array
|
||||||
|
{
|
||||||
|
$seeds = [];
|
||||||
|
$res = mysqli_query($GLOBALS['mysql_con'],
|
||||||
|
"SELECT id FROM knowledgecenter_categories_update WHERE betriebsrat_editable = 1");
|
||||||
|
while ($row = mysqli_fetch_assoc($res)) {
|
||||||
|
$seeds[] = (int)$row['id'];
|
||||||
|
}
|
||||||
|
if (empty($seeds)) {
|
||||||
|
return [];
|
||||||
|
}
|
||||||
|
$visited = [];
|
||||||
|
$queue = $seeds;
|
||||||
|
while (!empty($queue)) {
|
||||||
|
$current = array_shift($queue);
|
||||||
|
if (isset($visited[$current])) {
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
$visited[$current] = true;
|
||||||
|
$cRes = mysqli_query($GLOBALS['mysql_con'],
|
||||||
|
"SELECT child_category_id FROM knowledgecenter_category_links WHERE parent_category_id = $current");
|
||||||
|
while ($cRow = mysqli_fetch_assoc($cRes)) {
|
||||||
|
$cid = (int)$cRow['child_category_id'];
|
||||||
|
if (!isset($visited[$cid])) {
|
||||||
|
$queue[] = $cid;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return array_keys($visited);
|
||||||
|
}
|
||||||
|
|
||||||
|
// Betriebsrat darf einen Post nur bearbeiten, wenn er in einer freigegebenen
|
||||||
|
// Kategorie (oder Unterkategorie einer freigegebenen Kategorie) liegt.
|
||||||
|
function ajax_can_edit_post(int $postId): bool
|
||||||
|
{
|
||||||
|
$mid = $GLOBALS['main_contact']['master_mandant_id'] ?? 0;
|
||||||
|
$uid = $GLOBALS['main_contact']['id'] ?? 0;
|
||||||
|
if (get_permission_state('r-wiki', $mid, $uid) == 1) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
if (get_permission_state('r-wiki-br', $mid, $uid) != 1) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
// Betriebsrat: prüfe alle dem Post zugeordneten Kategorien inkl. Vorfahren
|
||||||
|
$res = mysqli_query($GLOBALS['mysql_con'],
|
||||||
|
"SELECT category_id FROM knowledgecenter_category_post WHERE post_id = $postId");
|
||||||
|
while ($row = mysqli_fetch_assoc($res)) {
|
||||||
|
if (ajax_is_category_editable_for_br((int)$row['category_id'])) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
// AJAX-Handler: Falls per POST eine Aktion übergeben wurde, diese verarbeiten und das Skript beenden.
|
// AJAX-Handler: Falls per POST eine Aktion übergeben wurde, diese verarbeiten und das Skript beenden.
|
||||||
if (isset($_POST["action"])) {
|
if (isset($_POST["action"])) {
|
||||||
header('Content-Type: application/json');
|
header('Content-Type: application/json');
|
||||||
@@ -243,6 +337,7 @@ function update_category_detail()
|
|||||||
{
|
{
|
||||||
$is_navigation_item = isset($_POST['is_navigation_item']) ? (int) $_POST['is_navigation_item'] : 0;
|
$is_navigation_item = isset($_POST['is_navigation_item']) ? (int) $_POST['is_navigation_item'] : 0;
|
||||||
$enable_post_color_pickers = isset($_POST['enable_post_color_pickers']) ? (int) $_POST['enable_post_color_pickers'] : 0;
|
$enable_post_color_pickers = isset($_POST['enable_post_color_pickers']) ? (int) $_POST['enable_post_color_pickers'] : 0;
|
||||||
|
$betriebsrat_editable = isset($_POST['betriebsrat_editable']) ? (int) $_POST['betriebsrat_editable'] : 0;
|
||||||
$color_hex = mysqli_real_escape_string($GLOBALS['mysql_con'], $_POST['color_hex'] ?? '');
|
$color_hex = mysqli_real_escape_string($GLOBALS['mysql_con'], $_POST['color_hex'] ?? '');
|
||||||
$categoryId = (int) ($_POST['id'] ?? 0);
|
$categoryId = (int) ($_POST['id'] ?? 0);
|
||||||
$languageId = (int) ($_POST['language_id'] ?? 0);
|
$languageId = (int) ($_POST['language_id'] ?? 0);
|
||||||
@@ -287,11 +382,12 @@ function update_category_detail()
|
|||||||
exit;
|
exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
$mainUpdate = "UPDATE knowledgecenter_categories_update
|
$mainUpdate = "UPDATE knowledgecenter_categories_update
|
||||||
SET modified_by = '$modified_by',
|
SET modified_by = '$modified_by',
|
||||||
modified_at = NOW(),
|
modified_at = NOW(),
|
||||||
state = $state,
|
state = $state,
|
||||||
enable_post_color_pickers = $enable_post_color_pickers,
|
enable_post_color_pickers = $enable_post_color_pickers,
|
||||||
|
betriebsrat_editable = $betriebsrat_editable,
|
||||||
color_hex = '$color_hex'
|
color_hex = '$color_hex'
|
||||||
WHERE id = $categoryId";
|
WHERE id = $categoryId";
|
||||||
if (!mysqli_query($GLOBALS['mysql_con'], $mainUpdate)) {
|
if (!mysqli_query($GLOBALS['mysql_con'], $mainUpdate)) {
|
||||||
@@ -686,6 +782,22 @@ function update_post_version()
|
|||||||
echo json_encode(['error' => 'Ungültige Beitrags-ID']);
|
echo json_encode(['error' => 'Ungültige Beitrags-ID']);
|
||||||
exit;
|
exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (!ajax_has_wiki_edit()) {
|
||||||
|
echo json_encode(['error' => 'Keine Berechtigung']);
|
||||||
|
exit;
|
||||||
|
}
|
||||||
|
// Betriebsrat darf bestehende Posts nur bearbeiten wenn der Post in einer freigegebenen Kategorie liegt.
|
||||||
|
// Neue Drafts haben noch keine Kategorien → Prüfung überspringen (Zugang wurde schon bei create_post_draft gesichert).
|
||||||
|
if ($postId > 0) {
|
||||||
|
$catCountRes = mysqli_query($GLOBALS['mysql_con'],
|
||||||
|
"SELECT COUNT(*) AS cnt FROM knowledgecenter_category_post WHERE post_id = $postId");
|
||||||
|
$catCountRow = mysqli_fetch_assoc($catCountRes);
|
||||||
|
if ((int)$catCountRow['cnt'] > 0 && !ajax_can_edit_post($postId)) {
|
||||||
|
echo json_encode(['error' => 'Keine Berechtigung für diesen Beitrag']);
|
||||||
|
exit;
|
||||||
|
}
|
||||||
|
}
|
||||||
$keepModifiedAt = isset($_POST['keep_modified_at']) && (int) $_POST['keep_modified_at'] === 1;
|
$keepModifiedAt = isset($_POST['keep_modified_at']) && (int) $_POST['keep_modified_at'] === 1;
|
||||||
|
|
||||||
$backgroundColor = normalize_hex_color($_POST['background_color'] ?? '#FFFFFF', '#FFFFFF');
|
$backgroundColor = normalize_hex_color($_POST['background_color'] ?? '#FFFFFF', '#FFFFFF');
|
||||||
@@ -1029,6 +1141,10 @@ function delete_post_gallery_dir($postId)
|
|||||||
|
|
||||||
function create_post_draft()
|
function create_post_draft()
|
||||||
{
|
{
|
||||||
|
if (!ajax_has_wiki_edit()) {
|
||||||
|
echo json_encode(['error' => 'Keine Berechtigung']);
|
||||||
|
exit;
|
||||||
|
}
|
||||||
$insertPostQuery = "INSERT INTO knowledgecenter_posts (created_at) VALUES (NOW())";
|
$insertPostQuery = "INSERT INTO knowledgecenter_posts (created_at) VALUES (NOW())";
|
||||||
if (!mysqli_query($GLOBALS['mysql_con'], $insertPostQuery)) {
|
if (!mysqli_query($GLOBALS['mysql_con'], $insertPostQuery)) {
|
||||||
echo json_encode(['error' => 'Fehler beim Erstellen des Entwurfs: ' . mysqli_error($GLOBALS['mysql_con'])]);
|
echo json_encode(['error' => 'Fehler beim Erstellen des Entwurfs: ' . mysqli_error($GLOBALS['mysql_con'])]);
|
||||||
@@ -1243,6 +1359,27 @@ function update_post_categories()
|
|||||||
exit;
|
exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$mid = $GLOBALS['main_contact']['master_mandant_id'] ?? 0;
|
||||||
|
$uid = $GLOBALS['main_contact']['id'] ?? 0;
|
||||||
|
$isRedakteur = get_permission_state('r-wiki', $mid, $uid) == 1;
|
||||||
|
$isBetriebsrat = get_permission_state('r-wiki-br', $mid, $uid) == 1;
|
||||||
|
|
||||||
|
if (!$isRedakteur && !$isBetriebsrat) {
|
||||||
|
echo json_encode(['error' => 'Keine Berechtigung']);
|
||||||
|
exit;
|
||||||
|
}
|
||||||
|
|
||||||
|
// Betriebsrat darf nur Kategorien zuweisen, die für ihn freigegeben sind (inkl. Vererbung)
|
||||||
|
if (!$isRedakteur && $isBetriebsrat) {
|
||||||
|
foreach ($categories as $catId) {
|
||||||
|
$catId = (int)$catId;
|
||||||
|
if ($catId > 0 && !ajax_is_category_editable_for_br($catId)) {
|
||||||
|
echo json_encode(['error' => "Kategorie $catId ist nicht für den Betriebsrat freigegeben"]);
|
||||||
|
exit;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// Bestehende Einträge für diesen Beitrag löschen
|
// Bestehende Einträge für diesen Beitrag löschen
|
||||||
$deleteQuery = "DELETE FROM knowledgecenter_category_post WHERE post_id = $postId";
|
$deleteQuery = "DELETE FROM knowledgecenter_category_post WHERE post_id = $postId";
|
||||||
if (!mysqli_query($GLOBALS['mysql_con'], $deleteQuery)) {
|
if (!mysqli_query($GLOBALS['mysql_con'], $deleteQuery)) {
|
||||||
@@ -1315,7 +1452,7 @@ function get_post_list()
|
|||||||
// nur Posts, die in dieser Kategorie sind
|
// nur Posts, die in dieser Kategorie sind
|
||||||
$categoryCondition = "
|
$categoryCondition = "
|
||||||
AND EXISTS (
|
AND EXISTS (
|
||||||
SELECT 1
|
SELECT 1
|
||||||
FROM knowledgecenter_category_post AS cp
|
FROM knowledgecenter_category_post AS cp
|
||||||
WHERE cp.post_id = kp.id
|
WHERE cp.post_id = kp.id
|
||||||
AND cp.category_id = $categoryId
|
AND cp.category_id = $categoryId
|
||||||
@@ -1324,20 +1461,39 @@ function get_post_list()
|
|||||||
$categoryCondition = "";
|
$categoryCondition = "";
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Betriebsrat darf nur Posts sehen, die in einer freigegebenen Kategorie liegen.
|
||||||
|
// Die erlaubten Kategorie-IDs werden von post_listform.php berechnet und übergeben,
|
||||||
|
// da get_permission_state() im Ajax-Kontext nicht verfügbar ist.
|
||||||
|
$brCategoryCondition = "";
|
||||||
|
$rawBrIds = isset($_POST['br_category_ids']) && $_POST['br_category_ids'] !== 'null'
|
||||||
|
? json_decode($_POST['br_category_ids'], true)
|
||||||
|
: null;
|
||||||
|
if (is_array($rawBrIds)) {
|
||||||
|
if (count($rawBrIds) === 0) {
|
||||||
|
$brCategoryCondition = "AND 1=0";
|
||||||
|
} else {
|
||||||
|
$brCatIdList = implode(',', array_map('intval', $rawBrIds));
|
||||||
|
$brCategoryCondition = "AND EXISTS (
|
||||||
|
SELECT 1 FROM knowledgecenter_category_post AS cp_br
|
||||||
|
WHERE cp_br.post_id = kp.id AND cp_br.category_id IN ($brCatIdList)
|
||||||
|
)";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// Beiträge abfragen (nur Post‑ID und Titel der aktuellen Version)
|
// Beiträge abfragen (nur Post‑ID und Titel der aktuellen Version)
|
||||||
$sqlPosts = "
|
$sqlPosts = "
|
||||||
SELECT
|
SELECT
|
||||||
kp.id AS post_id,
|
kp.id AS post_id,
|
||||||
pv.title AS current_title
|
pv.title AS current_title
|
||||||
FROM knowledgecenter_posts AS kp
|
FROM knowledgecenter_posts AS kp
|
||||||
LEFT JOIN knowledgecenter_post_versions AS pv
|
LEFT JOIN knowledgecenter_post_versions AS pv
|
||||||
ON kp.id = pv.post_id
|
ON kp.id = pv.post_id
|
||||||
AND pv.language_id = $languageId
|
AND pv.language_id = $languageId
|
||||||
/* … Bedingungen für gültige Version und höchste version_number … */
|
/* … Bedingungen für gültige Version und höchste version_number … */
|
||||||
WHERE 1=1
|
WHERE 1=1
|
||||||
$searchCondition
|
$searchCondition
|
||||||
$categoryCondition
|
$categoryCondition
|
||||||
|
$brCategoryCondition
|
||||||
GROUP BY kp.id
|
GROUP BY kp.id
|
||||||
ORDER BY kp.modified_at DESC
|
ORDER BY kp.modified_at DESC
|
||||||
";
|
";
|
||||||
@@ -1583,6 +1739,10 @@ function save_post_files()
|
|||||||
echo json_encode(['error' => 'Ungültige Post-ID']);
|
echo json_encode(['error' => 'Ungültige Post-ID']);
|
||||||
exit;
|
exit;
|
||||||
}
|
}
|
||||||
|
if (!ajax_can_edit_post($postId)) {
|
||||||
|
echo json_encode(['error' => 'Keine Berechtigung']);
|
||||||
|
exit;
|
||||||
|
}
|
||||||
|
|
||||||
if (!empty($filesStr)) {
|
if (!empty($filesStr)) {
|
||||||
// Zerlege den String in einzelne Pfade (getrennt durch Komma und optional Leerzeichen)
|
// Zerlege den String in einzelne Pfade (getrennt durch Komma und optional Leerzeichen)
|
||||||
@@ -1650,7 +1810,7 @@ function delete_post_file()
|
|||||||
exit;
|
exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
$selectQuery = "SELECT path FROM knowledgecenter_post_files WHERE id = $fileId LIMIT 1";
|
$selectQuery = "SELECT path, post_id FROM knowledgecenter_post_files WHERE id = $fileId LIMIT 1";
|
||||||
$selectResult = mysqli_query($GLOBALS['mysql_con'], $selectQuery);
|
$selectResult = mysqli_query($GLOBALS['mysql_con'], $selectQuery);
|
||||||
if (!$selectResult || mysqli_num_rows($selectResult) === 0) {
|
if (!$selectResult || mysqli_num_rows($selectResult) === 0) {
|
||||||
echo json_encode(['error' => 'Datei-Eintrag nicht gefunden']);
|
echo json_encode(['error' => 'Datei-Eintrag nicht gefunden']);
|
||||||
@@ -1660,6 +1820,11 @@ function delete_post_file()
|
|||||||
$row = mysqli_fetch_assoc($selectResult);
|
$row = mysqli_fetch_assoc($selectResult);
|
||||||
$storedPath = trim((string) ($row['path'] ?? ''));
|
$storedPath = trim((string) ($row['path'] ?? ''));
|
||||||
|
|
||||||
|
if (!ajax_can_edit_post((int)($row['post_id'] ?? 0))) {
|
||||||
|
echo json_encode(['error' => 'Keine Berechtigung']);
|
||||||
|
exit;
|
||||||
|
}
|
||||||
|
|
||||||
$userdataRoot = realpath($_SERVER['DOCUMENT_ROOT'] . '/userdata');
|
$userdataRoot = realpath($_SERVER['DOCUMENT_ROOT'] . '/userdata');
|
||||||
if ($userdataRoot === false) {
|
if ($userdataRoot === false) {
|
||||||
echo json_encode(['error' => 'userdata-Verzeichnis nicht gefunden']);
|
echo json_encode(['error' => 'userdata-Verzeichnis nicht gefunden']);
|
||||||
|
|||||||
@@ -58,8 +58,10 @@ if (!$q || !($contactRow = mysqli_fetch_assoc($q))) {
|
|||||||
$contactId = (int) $contactRow['id'];
|
$contactId = (int) $contactRow['id'];
|
||||||
$masterMandantId = (int) $contactRow['master_mandant_id'];
|
$masterMandantId = (int) $contactRow['master_mandant_id'];
|
||||||
|
|
||||||
if (get_permission_state('r-wiki', $masterMandantId, $contactId) != 1) {
|
$hasRwiki = get_permission_state('r-wiki', $masterMandantId, $contactId) == 1;
|
||||||
respond_error('Keine Berechtigung (r-wiki).', 403);
|
$hasRwikiBr = get_permission_state('r-wiki-br', $masterMandantId, $contactId) == 1;
|
||||||
|
if (!$hasRwiki && !$hasRwikiBr) {
|
||||||
|
respond_error('Keine Berechtigung.', 403);
|
||||||
}
|
}
|
||||||
|
|
||||||
$postId = isset($_POST['post_id']) ? (int) $_POST['post_id'] : 0;
|
$postId = isset($_POST['post_id']) ? (int) $_POST['post_id'] : 0;
|
||||||
@@ -72,6 +74,40 @@ if (!$verifyQ || mysqli_num_rows($verifyQ) === 0) {
|
|||||||
respond_error('Beitrag existiert nicht.', 404);
|
respond_error('Beitrag existiert nicht.', 404);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Betriebsrat darf Bilder nur für Posts in freigegebenen Kategorien hochladen (inkl. Vererbung)
|
||||||
|
if (!$hasRwiki && $hasRwikiBr) {
|
||||||
|
$brAllowed = false;
|
||||||
|
$brRes = mysqli_query($GLOBALS['mysql_con'],
|
||||||
|
"SELECT category_id FROM knowledgecenter_category_post WHERE post_id = $postId");
|
||||||
|
while ($brRow = mysqli_fetch_assoc($brRes)) {
|
||||||
|
$catId = (int)$brRow['category_id'];
|
||||||
|
// Baum nach oben absuchen
|
||||||
|
$visited = [];
|
||||||
|
$queue = [$catId];
|
||||||
|
while (!empty($queue)) {
|
||||||
|
$current = array_shift($queue);
|
||||||
|
if (isset($visited[$current])) continue;
|
||||||
|
$visited[$current] = true;
|
||||||
|
$chkRes = mysqli_query($GLOBALS['mysql_con'],
|
||||||
|
"SELECT betriebsrat_editable FROM knowledgecenter_categories_update WHERE id = $current LIMIT 1");
|
||||||
|
$chkRow = mysqli_fetch_assoc($chkRes);
|
||||||
|
if ($chkRow && (int)$chkRow['betriebsrat_editable'] === 1) {
|
||||||
|
$brAllowed = true;
|
||||||
|
break 2;
|
||||||
|
}
|
||||||
|
$pRes = mysqli_query($GLOBALS['mysql_con'],
|
||||||
|
"SELECT parent_category_id FROM knowledgecenter_category_links WHERE child_category_id = $current");
|
||||||
|
while ($pRow = mysqli_fetch_assoc($pRes)) {
|
||||||
|
$pid = (int)$pRow['parent_category_id'];
|
||||||
|
if (!isset($visited[$pid])) $queue[] = $pid;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if (!$brAllowed) {
|
||||||
|
respond_error('Keine Berechtigung für diesen Beitrag.', 403);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if (!isset($_FILES['file']) || !is_array($_FILES['file'])) {
|
if (!isset($_FILES['file']) || !is_array($_FILES['file'])) {
|
||||||
respond_error('Keine Datei empfangen.');
|
respond_error('Keine Datei empfangen.');
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -829,7 +829,6 @@ if (isset($_GET[$c_form]) && !empty($_POST)) {
|
|||||||
// Helper-Funktion zur Berechtigungsprüfung
|
// Helper-Funktion zur Berechtigungsprüfung
|
||||||
function require_permission($permissionCode)
|
function require_permission($permissionCode)
|
||||||
{
|
{
|
||||||
// Hier nehmen wir an, dass $GLOBALS["main_contact"] korrekt gesetzt ist
|
|
||||||
if (
|
if (
|
||||||
get_permission_state(
|
get_permission_state(
|
||||||
$permissionCode,
|
$permissionCode,
|
||||||
@@ -842,6 +841,95 @@ function require_permission($permissionCode)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Prüft, ob der User voller Wiki-Redakteur ist (r-wiki)
|
||||||
|
function is_wiki_redakteur(): bool
|
||||||
|
{
|
||||||
|
return get_permission_state('r-wiki', $GLOBALS['main_contact']['master_mandant_id'], $GLOBALS['main_contact']['id']) == 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
// Prüft, ob der User Betriebsrat-Wiki-Recht hat (r-wiki-br)
|
||||||
|
function is_wiki_betriebsrat(): bool
|
||||||
|
{
|
||||||
|
return get_permission_state('r-wiki-br', $GLOBALS['main_contact']['master_mandant_id'], $GLOBALS['main_contact']['id']) == 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
// Prüft, ob der User irgendeins der Wiki-Bearbeitungsrechte hat
|
||||||
|
function has_wiki_edit_permission(): bool
|
||||||
|
{
|
||||||
|
return is_wiki_redakteur() || is_wiki_betriebsrat();
|
||||||
|
}
|
||||||
|
|
||||||
|
function require_wiki_edit_permission(): void
|
||||||
|
{
|
||||||
|
if (!has_wiki_edit_permission()) {
|
||||||
|
echo "Sie haben nicht die notwendigen Berechtigungen, um diese Seite zu sehen.";
|
||||||
|
exit;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// Gibt alle Kategorie-IDs zurück, auf die Betriebsrat Zugriff hat:
|
||||||
|
// direkt betriebsrat_editable=1 sowie alle ihre Nachfahren im Baum (BFS nach unten).
|
||||||
|
function get_all_betriebsrat_accessible_category_ids(): array
|
||||||
|
{
|
||||||
|
$seeds = [];
|
||||||
|
$res = mysqli_query($GLOBALS['mysql_con'],
|
||||||
|
"SELECT id FROM knowledgecenter_categories_update WHERE betriebsrat_editable = 1");
|
||||||
|
while ($row = mysqli_fetch_assoc($res)) {
|
||||||
|
$seeds[] = (int)$row['id'];
|
||||||
|
}
|
||||||
|
if (empty($seeds)) {
|
||||||
|
return [];
|
||||||
|
}
|
||||||
|
$visited = [];
|
||||||
|
$queue = $seeds;
|
||||||
|
while (!empty($queue)) {
|
||||||
|
$current = array_shift($queue);
|
||||||
|
if (isset($visited[$current])) {
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
$visited[$current] = true;
|
||||||
|
$cRes = mysqli_query($GLOBALS['mysql_con'],
|
||||||
|
"SELECT child_category_id FROM knowledgecenter_category_links WHERE parent_category_id = $current");
|
||||||
|
while ($cRow = mysqli_fetch_assoc($cRes)) {
|
||||||
|
$cid = (int)$cRow['child_category_id'];
|
||||||
|
if (!isset($visited[$cid])) {
|
||||||
|
$queue[] = $cid;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return array_keys($visited);
|
||||||
|
}
|
||||||
|
|
||||||
|
// Prüft ob eine Kategorie (oder irgendein Vorfahre über knowledgecenter_category_links)
|
||||||
|
// betriebsrat_editable=1 hat. Läuft den Baum nach oben durch.
|
||||||
|
function is_category_betriebsrat_editable(int $categoryId): bool
|
||||||
|
{
|
||||||
|
$visited = [];
|
||||||
|
$queue = [$categoryId];
|
||||||
|
while (!empty($queue)) {
|
||||||
|
$current = array_shift($queue);
|
||||||
|
if (isset($visited[$current])) {
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
$visited[$current] = true;
|
||||||
|
$res = mysqli_query($GLOBALS['mysql_con'],
|
||||||
|
"SELECT betriebsrat_editable FROM knowledgecenter_categories_update WHERE id = $current LIMIT 1");
|
||||||
|
$row = mysqli_fetch_assoc($res);
|
||||||
|
if ($row && (int)$row['betriebsrat_editable'] === 1) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
$pRes = mysqli_query($GLOBALS['mysql_con'],
|
||||||
|
"SELECT parent_category_id FROM knowledgecenter_category_links WHERE child_category_id = $current");
|
||||||
|
while ($pRow = mysqli_fetch_assoc($pRes)) {
|
||||||
|
$pid = (int)$pRow['parent_category_id'];
|
||||||
|
if (!isset($visited[$pid])) {
|
||||||
|
$queue[] = $pid;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
// Switch-Case für die verschiedenen Aktionen
|
// Switch-Case für die verschiedenen Aktionen
|
||||||
$action = $_GET["action"] ?? "List";
|
$action = $_GET["action"] ?? "List";
|
||||||
switch ($action) {
|
switch ($action) {
|
||||||
@@ -850,6 +938,7 @@ switch ($action) {
|
|||||||
require_once(__DIR__ . '/../Installation/Installation.php');
|
require_once(__DIR__ . '/../Installation/Installation.php');
|
||||||
break;
|
break;
|
||||||
case "Categories":
|
case "Categories":
|
||||||
|
// Kategorieverwaltung nur für vollständige Redakteure
|
||||||
if (isset($_GET['detail'])) {
|
if (isset($_GET['detail'])) {
|
||||||
require_permission('r-wiki');
|
require_permission('r-wiki');
|
||||||
require_once(__DIR__ . '/../Views/categories_cardform.php');
|
require_once(__DIR__ . '/../Views/categories_cardform.php');
|
||||||
@@ -859,7 +948,8 @@ switch ($action) {
|
|||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case "PostList":
|
case "PostList":
|
||||||
require_permission('r-wiki');
|
// Betriebsrat darf die Post-Liste sehen (gefiltert auf seine Kategorien)
|
||||||
|
require_wiki_edit_permission();
|
||||||
require_once(__DIR__ . '/../Views/post_listform.php');
|
require_once(__DIR__ . '/../Views/post_listform.php');
|
||||||
break;
|
break;
|
||||||
case "Post":
|
case "Post":
|
||||||
@@ -870,7 +960,8 @@ switch ($action) {
|
|||||||
require_once(__DIR__ . '/../Import/Import.php');
|
require_once(__DIR__ . '/../Import/Import.php');
|
||||||
break;
|
break;
|
||||||
case "NewPost":
|
case "NewPost":
|
||||||
require_permission('r-wiki');
|
// Betriebsrat darf neue Posts erstellen (nur in freigegebenen Kategorien)
|
||||||
|
require_wiki_edit_permission();
|
||||||
$_GET['new'] = 1;
|
$_GET['new'] = 1;
|
||||||
require_once(__DIR__ . '/../Views/post_cardform.php');
|
require_once(__DIR__ . '/../Views/post_cardform.php');
|
||||||
break;
|
break;
|
||||||
|
|||||||
@@ -1,15 +1,25 @@
|
|||||||
<script>
|
<script>
|
||||||
|
// Redakteur (r-wiki) darf frei navigieren; Betriebsrat ist auf den Post-Ordner beschränkt
|
||||||
|
var kcUserLockedToPostFolder = <?= (!is_wiki_redakteur() && is_wiki_betriebsrat()) ? 'true' : 'false' ?>;
|
||||||
|
|
||||||
function buildFileGalleryUrl(target, mode, ajaxFunction, nocache) {
|
function buildFileGalleryUrl(target, mode, ajaxFunction, nocache) {
|
||||||
var base = "/module/knowledgecenter_update/Plugins/filesgallery.php?";
|
var base = "/module/knowledgecenter_update/Plugins/filesgallery.php?";
|
||||||
var startPath = (typeof window.kcPostGalleryPath === "string")
|
var postPath = (typeof window.kcPostGalleryPath === "string")
|
||||||
? window.kcPostGalleryPath.replace(/^\/+|\/+$/g, "")
|
? window.kcPostGalleryPath.replace(/^\/+|\/+$/g, "")
|
||||||
: "";
|
: "";
|
||||||
|
|
||||||
|
// Redakteur: kein Lock (leerer kc_lock_path löscht den Session-Lock)
|
||||||
|
// Betriebsrat: immer auf Post-Ordner beschränken
|
||||||
|
var lockPath = kcUserLockedToPostFolder ? postPath : "";
|
||||||
|
|
||||||
var params = "input_id=" + encodeURIComponent(target) +
|
var params = "input_id=" + encodeURIComponent(target) +
|
||||||
"&mode=" + encodeURIComponent(mode) +
|
"&mode=" + encodeURIComponent(mode) +
|
||||||
"&saveajax=" + encodeURIComponent(ajaxFunction || "") +
|
"&saveajax=" + encodeURIComponent(ajaxFunction || "") +
|
||||||
"&kc_lock_path=" + encodeURIComponent(startPath) +
|
"&kc_lock_path=" + encodeURIComponent(lockPath) +
|
||||||
"&nocache=" + nocache;
|
"&nocache=" + nocache;
|
||||||
|
|
||||||
|
// Startverzeichnis: bei Betriebsrat immer Post-Ordner, bei Redakteur auch
|
||||||
|
var startPath = postPath;
|
||||||
if (startPath.length > 0) {
|
if (startPath.length > 0) {
|
||||||
return base + encodeURIComponent(startPath) + "&" + params;
|
return base + encodeURIComponent(startPath) + "&" + params;
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -134,6 +134,13 @@ while ($row = mysqli_fetch_assoc($resultSavedEinrichts)) {
|
|||||||
$savedEinrichts[] = $row['einricht_id'];
|
$savedEinrichts[] = $row['einricht_id'];
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Verknüpfungskarte für Einrichtungen (Gruppen → Mitglieder)
|
||||||
|
$einrichtLinks = [];
|
||||||
|
$linkRes = mysqli_query($GLOBALS['mysql_con'], "SELECT einricht_id, linked_einricht_id FROM organigramm_einricht_link");
|
||||||
|
while ($lr = mysqli_fetch_assoc($linkRes)) {
|
||||||
|
$einrichtLinks[strval($lr['einricht_id'])][] = strval($lr['linked_einricht_id']);
|
||||||
|
}
|
||||||
|
|
||||||
// Array mit Daten für Tagify (Einrichtungen)
|
// Array mit Daten für Tagify (Einrichtungen)
|
||||||
$savedEinrichtsData = [];
|
$savedEinrichtsData = [];
|
||||||
foreach ($einrichts as $einricht) {
|
foreach ($einrichts as $einricht) {
|
||||||
@@ -409,6 +416,15 @@ $parentCount = count($parentCategories);
|
|||||||
</label>
|
</label>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
<?php $betriebsrat_editable = isset($category['betriebsrat_editable']) ? (int) $category['betriebsrat_editable'] : 0; ?>
|
||||||
|
<div class="aside_section">
|
||||||
|
<label for="betriebsratEditableCheckbox">
|
||||||
|
Für Betriebsrat bearbeitbar
|
||||||
|
<input type="checkbox" id="betriebsratEditableCheckbox" name="betriebsrat_editable" value="1"
|
||||||
|
<?= $betriebsrat_editable === 1 ? 'checked' : '' ?>>
|
||||||
|
</label>
|
||||||
|
</div>
|
||||||
|
|
||||||
<?php if (!empty($categoryId)): ?>
|
<?php if (!empty($categoryId)): ?>
|
||||||
<?php
|
<?php
|
||||||
$formatter = new IntlDateFormatter(
|
$formatter = new IntlDateFormatter(
|
||||||
@@ -505,7 +521,7 @@ $parentCount = count($parentCategories);
|
|||||||
var state = $('#stateCheckbox').is(':checked') ? 1 : 0;
|
var state = $('#stateCheckbox').is(':checked') ? 1 : 0;
|
||||||
var isNavigationItem = $('#isNavigationItem').is(':checked') ? 1 : 0;
|
var isNavigationItem = $('#isNavigationItem').is(':checked') ? 1 : 0;
|
||||||
var enablePostColorPickers = $('#enablePostColorPickersCheckbox').is(':checked') ? 1 : 0;
|
var enablePostColorPickers = $('#enablePostColorPickersCheckbox').is(':checked') ? 1 : 0;
|
||||||
|
var betriebsratEditable = $('#betriebsratEditableCheckbox').is(':checked') ? 1 : 0;
|
||||||
|
|
||||||
$.post("/module/knowledgecenter_update/Ajax/Ajax.php", {
|
$.post("/module/knowledgecenter_update/Ajax/Ajax.php", {
|
||||||
action: "update_category_detail",
|
action: "update_category_detail",
|
||||||
@@ -517,7 +533,8 @@ $parentCount = count($parentCategories);
|
|||||||
state: state,
|
state: state,
|
||||||
is_navigation_item: isNavigationItem,
|
is_navigation_item: isNavigationItem,
|
||||||
enable_post_color_pickers: enablePostColorPickers,
|
enable_post_color_pickers: enablePostColorPickers,
|
||||||
color_hex: $('#color_hex').val()
|
color_hex: $('#color_hex').val(),
|
||||||
|
betriebsrat_editable: betriebsratEditable
|
||||||
}, function (response) {
|
}, function (response) {
|
||||||
if (!response.success) {
|
if (!response.success) {
|
||||||
showMessage("Fehler beim Speichern der Übersetzung (" + langCode + "): " + response.error, false);
|
showMessage("Fehler beim Speichern der Übersetzung (" + langCode + "): " + response.error, false);
|
||||||
@@ -832,6 +849,17 @@ $parentCount = count($parentCategories);
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
|
var einrichtLinks = <?= json_encode($einrichtLinks) ?>;
|
||||||
|
tagifyEinrichts.on('add', function(e) {
|
||||||
|
var addedId = String(e.detail.data.value);
|
||||||
|
(einrichtLinks[addedId] || []).forEach(function(lid) {
|
||||||
|
var exists = tagifyEinrichts.value.some(function(t) { return String(t.value) === lid; });
|
||||||
|
if (!exists) {
|
||||||
|
var item = einrichtsData.find(function(d) { return String(d.value) === lid; });
|
||||||
|
if (item) tagifyEinrichts.addTags([item]);
|
||||||
|
}
|
||||||
|
});
|
||||||
|
});
|
||||||
|
|
||||||
var tagifyFachbereiche = new Tagify(document.getElementById('selected_fachbereiche'), {
|
var tagifyFachbereiche = new Tagify(document.getElementById('selected_fachbereiche'), {
|
||||||
whitelist: fachbereicheData,
|
whitelist: fachbereicheData,
|
||||||
|
|||||||
@@ -26,6 +26,8 @@ if (empty($GLOBALS['allowedRoles'])) {
|
|||||||
|
|
||||||
// Standard-Redirect-URL (zum Beispiel für Navigation)
|
// Standard-Redirect-URL (zum Beispiel für Navigation)
|
||||||
$redirectURL = isset($_GET['redirectURL']) ? $_GET['redirectURL'] : '?action=List';
|
$redirectURL = isset($_GET['redirectURL']) ? $_GET['redirectURL'] : '?action=List';
|
||||||
|
|
||||||
|
$_kcBrOnly = !is_wiki_redakteur() && is_wiki_betriebsrat();
|
||||||
?>
|
?>
|
||||||
<script>
|
<script>
|
||||||
(function () {
|
(function () {
|
||||||
@@ -38,18 +40,27 @@ $redirectURL = isset($_GET['redirectURL']) ? $_GET['redirectURL'] : '?action=Lis
|
|||||||
<form action="" id="<?= $formname = "categories_posts_listform" ?>" name="<?= $formname ?>" method="post">
|
<form action="" id="<?= $formname = "categories_posts_listform" ?>" name="<?= $formname ?>" method="post">
|
||||||
<div class="titlebar">
|
<div class="titlebar">
|
||||||
<div class="searchbar">
|
<div class="searchbar">
|
||||||
<?php if (get_permission_state('r-wiki', $GLOBALS['main_contact']['master_mandant_id'], $GLOBALS['main_contact']['id']) == 1) { ?>
|
<?php if (has_wiki_edit_permission()) { ?>
|
||||||
<?= button("post_list", $translation->get("post_list"), $formname, "sendRequest('PostList', true)"); ?>
|
<?= button("post_list", $translation->get("post_list"), $formname, "sendRequest('PostList', true)"); ?>
|
||||||
<?php } ?>
|
<?php } ?>
|
||||||
<?php if (get_permission_state('r-wiki', $GLOBALS['main_contact']['master_mandant_id'], $GLOBALS['main_contact']['id']) == 1) { ?>
|
<?php if (is_wiki_redakteur()) { ?>
|
||||||
<?= button("category_list", $translation->get("category_list"), $formname, "sendRequest('Categories', true)"); ?>
|
<?= button("category_list", $translation->get("category_list"), $formname, "sendRequest('Categories', true)"); ?>
|
||||||
<?php } ?>
|
<?php } ?>
|
||||||
<div id="changeCategoryGridView">
|
<div id="changeCategoryGridView">
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
<div class="titlebar-actions">
|
<div class="titlebar-actions">
|
||||||
<?php if (get_permission_state('r-wiki', $GLOBALS['main_contact']['master_mandant_id'], $GLOBALS['main_contact']['id']) == 1) { ?>
|
<?php
|
||||||
<a href="?action=NewPost&InitialCategory=<?= $_GET["detail"] ?>"
|
// "Beitrag erstellen" für Redakteur immer, für Betriebsrat nur in freigegebenen Kategorien
|
||||||
|
// (inkl. Vererbung: Unterkategorien einer freigegebenen Kategorie gelten ebenfalls)
|
||||||
|
$showCreateBtn = false;
|
||||||
|
if (is_wiki_redakteur()) {
|
||||||
|
$showCreateBtn = true;
|
||||||
|
} elseif ($_kcBrOnly && isset($_GET['detail'])) {
|
||||||
|
$showCreateBtn = is_category_betriebsrat_editable((int)$_GET['detail']);
|
||||||
|
}
|
||||||
|
if ($showCreateBtn) { ?>
|
||||||
|
<a href="?action=NewPost&InitialCategory=<?= (int)($_GET["detail"] ?? 0) ?>"
|
||||||
title="<?= $translation->get("new_wiki_post") ?>" role="button" class="green">Beitrag erstellen +</a>
|
title="<?= $translation->get("new_wiki_post") ?>" role="button" class="green">Beitrag erstellen +</a>
|
||||||
<?php } ?>
|
<?php } ?>
|
||||||
|
|
||||||
@@ -175,29 +186,44 @@ $redirectURL = isset($_GET['redirectURL']) ? $_GET['redirectURL'] : '?action=Lis
|
|||||||
* gefiltert, sodass in den Bereichen (Abteilung, Mandant, Rolle) entweder kein Eintrag vorliegt
|
* gefiltert, sodass in den Bereichen (Abteilung, Mandant, Rolle) entweder kein Eintrag vorliegt
|
||||||
* oder der Eintrag mit den erlaubten Werten übereinstimmt.
|
* oder der Eintrag mit den erlaubten Werten übereinstimmt.
|
||||||
*/
|
*/
|
||||||
|
// Für Betriebsrat: nur Beiträge zeigen, die mindestens einer freigegebenen Kategorie zugeordnet sind
|
||||||
|
$brCategoryFilter = '';
|
||||||
|
if ($_kcBrOnly) {
|
||||||
|
$brCatIds = get_all_betriebsrat_accessible_category_ids();
|
||||||
|
if (empty($brCatIds)) {
|
||||||
|
$brCategoryFilter = 'AND 1=0'; // kein Zugriff
|
||||||
|
} else {
|
||||||
|
$brCatIdList = implode(',', $brCatIds);
|
||||||
|
$brCategoryFilter = "AND EXISTS (
|
||||||
|
SELECT 1 FROM knowledgecenter_category_post kcp_br
|
||||||
|
WHERE kcp_br.post_id = kp.id AND kcp_br.category_id IN ($brCatIdList)
|
||||||
|
)";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
$sqlPosts = "
|
$sqlPosts = "
|
||||||
SELECT
|
SELECT
|
||||||
kp.id,
|
kp.id,
|
||||||
kp.modified_at,
|
kp.modified_at,
|
||||||
pv.title,
|
pv.title,
|
||||||
pv.image,
|
pv.image,
|
||||||
pv.link,
|
pv.link,
|
||||||
pv.link_label,
|
pv.link_label,
|
||||||
pv.version_number
|
pv.version_number
|
||||||
FROM
|
FROM
|
||||||
knowledgecenter_category_post AS kcp
|
knowledgecenter_category_post AS kcp
|
||||||
JOIN
|
JOIN
|
||||||
knowledgecenter_posts AS kp ON kcp.post_id = kp.id
|
knowledgecenter_posts AS kp ON kcp.post_id = kp.id
|
||||||
LEFT JOIN
|
LEFT JOIN
|
||||||
knowledgecenter_post_versions AS pv ON kp.id = pv.post_id
|
knowledgecenter_post_versions AS pv ON kp.id = pv.post_id
|
||||||
AND pv.language_id = $languageId
|
AND pv.language_id = $languageId
|
||||||
AND pv.state = 1
|
AND pv.state = 1
|
||||||
AND (pv.valid_from IS NULL OR pv.valid_from <= NOW())
|
AND (pv.valid_from IS NULL OR pv.valid_from <= NOW())
|
||||||
AND (pv.valid_until IS NULL OR pv.valid_until >= NOW())
|
AND (pv.valid_until IS NULL OR pv.valid_until >= NOW())
|
||||||
AND pv.version_number = (
|
AND pv.version_number = (
|
||||||
SELECT MAX(v2.version_number)
|
SELECT MAX(v2.version_number)
|
||||||
FROM knowledgecenter_post_versions AS v2
|
FROM knowledgecenter_post_versions AS v2
|
||||||
WHERE v2.post_id = kp.id
|
WHERE v2.post_id = kp.id
|
||||||
AND v2.language_id = $languageId
|
AND v2.language_id = $languageId
|
||||||
AND v2.state = 1
|
AND v2.state = 1
|
||||||
AND (v2.valid_from IS NULL OR v2.valid_from <= NOW())
|
AND (v2.valid_from IS NULL OR v2.valid_from <= NOW())
|
||||||
@@ -221,9 +247,10 @@ $redirectURL = isset($_GET['redirectURL']) ? $_GET['redirectURL'] : '?action=Lis
|
|||||||
AND ( pr.role_id IS NULL OR pr.role_id IN ($allowedRoles) )
|
AND ( pr.role_id IS NULL OR pr.role_id IN ($allowedRoles) )
|
||||||
AND ( pe.einricht_id IS NULL OR pe.einricht_id IN ($allowedEinrichts) )
|
AND ( pe.einricht_id IS NULL OR pe.einricht_id IN ($allowedEinrichts) )
|
||||||
AND ( pfb.fachbereich_id IS NULL OR pfb.fachbereich_id IN ($allowedFachbereiche) )
|
AND ( pfb.fachbereich_id IS NULL OR pfb.fachbereich_id IN ($allowedFachbereiche) )
|
||||||
GROUP BY
|
$brCategoryFilter
|
||||||
|
GROUP BY
|
||||||
kp.id
|
kp.id
|
||||||
ORDER BY
|
ORDER BY
|
||||||
$orderBy $orderDir
|
$orderBy $orderDir
|
||||||
";
|
";
|
||||||
|
|
||||||
@@ -298,9 +325,9 @@ $redirectURL = isset($_GET['redirectURL']) ? $_GET['redirectURL'] : '?action=Lis
|
|||||||
AND ( cr.role_id IS NULL OR cr.role_id IN ($allowedRoles) )
|
AND ( cr.role_id IS NULL OR cr.role_id IN ($allowedRoles) )
|
||||||
AND ( ce.einricht_id IS NULL OR ce.einricht_id IN ($allowedEinrichts) )
|
AND ( ce.einricht_id IS NULL OR ce.einricht_id IN ($allowedEinrichts) )
|
||||||
AND ( cf.fachbereich_id IS NULL OR cf.fachbereich_id IN ($allowedFachbereiche) )
|
AND ( cf.fachbereich_id IS NULL OR cf.fachbereich_id IN ($allowedFachbereiche) )
|
||||||
GROUP BY
|
GROUP BY
|
||||||
c.id
|
c.id
|
||||||
ORDER BY
|
ORDER BY
|
||||||
c.sorting ASC
|
c.sorting ASC
|
||||||
";
|
";
|
||||||
// var_dump($sql);
|
// var_dump($sql);
|
||||||
|
|||||||
@@ -148,14 +148,19 @@ $initialCategoryId = isset($_GET['InitialCategory']) ? (int) $_GET['InitialCateg
|
|||||||
$InitialProduct = isset($_GET['InitialProduct']) ? (int) $_GET['InitialProduct'] : 0;
|
$InitialProduct = isset($_GET['InitialProduct']) ? (int) $_GET['InitialProduct'] : 0;
|
||||||
|
|
||||||
if ($isNew) {
|
if ($isNew) {
|
||||||
require_permission('r-wiki');
|
require_wiki_edit_permission();
|
||||||
|
|
||||||
// Neuer Beitrag: Lege leere bzw. Standardwerte an
|
// Betriebsrat darf nur in Kategorien erstellen, die für ihn freigegeben sind (inkl. Vererbung)
|
||||||
|
if (!is_wiki_redakteur() && $initialCategoryId > 0) {
|
||||||
|
if (!is_category_betriebsrat_editable($initialCategoryId)) {
|
||||||
|
echo "<p>Sie haben nicht die Berechtigung, in dieser Kategorie zu erstellen.</p>";
|
||||||
|
exit;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
$canEditPost = true; // Berechtigung schon oben geprüft
|
||||||
$postId = 0;
|
$postId = 0;
|
||||||
$post = [
|
$post = ['id' => 0];
|
||||||
'id' => 0,
|
|
||||||
// Weitere Felder kannst du hier ggf. ergänzen
|
|
||||||
];
|
|
||||||
$versionCount = 0;
|
$versionCount = 0;
|
||||||
$currentVersion = [
|
$currentVersion = [
|
||||||
'id' => 0,
|
'id' => 0,
|
||||||
@@ -178,6 +183,20 @@ if ($isNew) {
|
|||||||
echo "<p>Sie haben nicht die notwendigen Berechtigungen.</p>";
|
echo "<p>Sie haben nicht die notwendigen Berechtigungen.</p>";
|
||||||
exit;
|
exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Schreibrechte: Redakteur darf alles; Betriebsrat nur in freigegebenen Kategorien (inkl. Vererbung)
|
||||||
|
$canEditPost = is_wiki_redakteur();
|
||||||
|
if (!$canEditPost && is_wiki_betriebsrat()) {
|
||||||
|
$brCatRes = mysqli_query($GLOBALS['mysql_con'],
|
||||||
|
"SELECT category_id FROM knowledgecenter_category_post WHERE post_id = $postId");
|
||||||
|
$canEditPost = false;
|
||||||
|
while ($brCatRow = mysqli_fetch_assoc($brCatRes)) {
|
||||||
|
if (is_category_betriebsrat_editable((int)$brCatRow['category_id'])) {
|
||||||
|
$canEditPost = true;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
// Beitrag aus der Haupttabelle abrufen
|
// Beitrag aus der Haupttabelle abrufen
|
||||||
$sqlPost = "SELECT * FROM knowledgecenter_posts WHERE id = $postId LIMIT 1";
|
$sqlPost = "SELECT * FROM knowledgecenter_posts WHERE id = $postId LIMIT 1";
|
||||||
$resPost = mysqli_query($GLOBALS['mysql_con'], $sqlPost);
|
$resPost = mysqli_query($GLOBALS['mysql_con'], $sqlPost);
|
||||||
@@ -363,7 +382,7 @@ if ($resLinkedForm && mysqli_num_rows($resLinkedForm) > 0) {
|
|||||||
<a href="#tab-files"><?= $translation->get("files") ?> (<?php echo $fileCount; ?>)</a>
|
<a href="#tab-files"><?= $translation->get("files") ?> (<?php echo $fileCount; ?>)</a>
|
||||||
<a href="#tab-contacts"><?= $translation->get("Ansprechpartner") ?> (<?php echo $contactCount; ?>)</a>
|
<a href="#tab-contacts"><?= $translation->get("Ansprechpartner") ?> (<?php echo $contactCount; ?>)</a>
|
||||||
<a href="#tab-versions"><?= $translation->get("version_history") ?> (<?php echo $versionCount; ?>)</a>
|
<a href="#tab-versions"><?= $translation->get("version_history") ?> (<?php echo $versionCount; ?>)</a>
|
||||||
<?php if (get_permission_state('r-wiki', $GLOBALS['main_contact']['master_mandant_id'], $GLOBALS['main_contact']['id']) == 1) { ?>
|
<?php if ($canEditPost ?? false) { ?>
|
||||||
<a href="#tab-settings"><?= $translation->get("settings") ?></a>
|
<a href="#tab-settings"><?= $translation->get("settings") ?></a>
|
||||||
<?php } ?>
|
<?php } ?>
|
||||||
</div>
|
</div>
|
||||||
@@ -431,7 +450,7 @@ if ($resLinkedForm && mysqli_num_rows($resLinkedForm) > 0) {
|
|||||||
require_once 'post_cardform_version_history.php';
|
require_once 'post_cardform_version_history.php';
|
||||||
?>
|
?>
|
||||||
</div>
|
</div>
|
||||||
<?php if (get_permission_state('r-wiki', $GLOBALS['main_contact']['master_mandant_id'], $GLOBALS['main_contact']['id']) == 1) { ?>
|
<?php if ($canEditPost ?? false) { ?>
|
||||||
<div id="tab-settings" class="tab-content">
|
<div id="tab-settings" class="tab-content">
|
||||||
<?php
|
<?php
|
||||||
require_once 'post_cardform_settings.php';
|
require_once 'post_cardform_settings.php';
|
||||||
|
|||||||
@@ -121,14 +121,9 @@
|
|||||||
<h1 id="displayTitle"><?php echo htmlspecialchars($currentVersion['title']); ?></h1>
|
<h1 id="displayTitle"><?php echo htmlspecialchars($currentVersion['title']); ?></h1>
|
||||||
<?php endif; ?>
|
<?php endif; ?>
|
||||||
<div>
|
<div>
|
||||||
<?php if (!empty($postId) && $postId > 0): ?>
|
<?php if (!empty($postId) && $postId > 0 && ($canEditPost ?? false)): ?>
|
||||||
<?php if (get_permission_state('r-wiki', $GLOBALS['main_contact']['master_mandant_id'], $GLOBALS['main_contact']['id']) == 1): ?>
|
<span id="editBtn" class="post-action-btn grey" title="Aktuelle Version bearbeiten">✎</span>
|
||||||
<span id="editBtn" class="post-action-btn grey" title="Aktuelle Version bearbeiten">✎</span>
|
<span id="createBtn" class="green" title="Neue Version erstellen">Neue Version erstellen +</span>
|
||||||
<?php endif; ?>
|
|
||||||
|
|
||||||
<?php if (get_permission_state('r-wiki', $GLOBALS['main_contact']['master_mandant_id'], $GLOBALS['main_contact']['id']) == 1): ?>
|
|
||||||
<span id="createBtn" class="green" title="Neue Version erstellen">Neue Version erstellen +</span>
|
|
||||||
<?php endif; ?>
|
|
||||||
<?php endif; ?>
|
<?php endif; ?>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
|||||||
@@ -75,7 +75,7 @@
|
|||||||
|
|
||||||
<!-- Right column: Sidebar with save button and meta fields -->
|
<!-- Right column: Sidebar with save button and meta fields -->
|
||||||
<div class="edit-sidebar">
|
<div class="edit-sidebar">
|
||||||
<?php if (get_permission_state('r-wiki', $GLOBALS['main_contact']['master_mandant_id'], $GLOBALS['main_contact']['id']) == 1 || get_permission_state('r-wiki', $GLOBALS['main_contact']['master_mandant_id'], $GLOBALS['main_contact']['id']) == 1) { ?>
|
<?php if ($canEditPost ?? false) { ?>
|
||||||
<span title="<?= $translation->get("save") ?>" id="saveVersionBtn" class="post-action-btn-text green">
|
<span title="<?= $translation->get("save") ?>" id="saveVersionBtn" class="post-action-btn-text green">
|
||||||
<?= $translation->get("save") ?>
|
<?= $translation->get("save") ?>
|
||||||
</span>
|
</span>
|
||||||
|
|||||||
@@ -1,6 +1,6 @@
|
|||||||
<div class="titlebar_small">
|
<div class="titlebar_small">
|
||||||
<h2><?= $translation->get("files") ?></h2>
|
<h2><?= $translation->get("files") ?></h2>
|
||||||
<?php if (get_permission_state('r-wiki', $GLOBALS['main_contact']['master_mandant_id'], $GLOBALS['main_contact']['id']) == 1) { ?>
|
<?php if (($canEditPost ?? false)) { ?>
|
||||||
<div class="post-action-btn-small green openFileGalleryMulti" title="Datei hinzufügen"
|
<div class="post-action-btn-small green openFileGalleryMulti" title="Datei hinzufügen"
|
||||||
data-ajax-function="saveFilesAjax" data-target="post_files">+
|
data-ajax-function="saveFilesAjax" data-target="post_files">+
|
||||||
</div>
|
</div>
|
||||||
@@ -111,7 +111,7 @@
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Definiere den Lösch-Button
|
// Definiere den Lösch-Button
|
||||||
<?php if (get_permission_state('r-wiki', $GLOBALS['main_contact']['master_mandant_id'], $GLOBALS['main_contact']['id']) == 1) { ?>
|
<?php if (($canEditPost ?? false)) { ?>
|
||||||
var deleteButton = "<span class='file-delete post-action-btn-small' data-file-id='" + file.id + "' onclick='deleteFile(" + file.id + ")'>✕</span>";
|
var deleteButton = "<span class='file-delete post-action-btn-small' data-file-id='" + file.id + "' onclick='deleteFile(" + file.id + ")'>✕</span>";
|
||||||
<?php } else {
|
<?php } else {
|
||||||
?>
|
?>
|
||||||
|
|||||||
@@ -36,15 +36,19 @@ while ($row = mysqli_fetch_assoc($result)) {
|
|||||||
|
|
||||||
// -------------------- Kategorien --------------------
|
// -------------------- Kategorien --------------------
|
||||||
// Erzeuge die Whitelist für alle verfügbaren Kategorien (mit Übersetzung)
|
// Erzeuge die Whitelist für alle verfügbaren Kategorien (mit Übersetzung)
|
||||||
|
// Betriebsrat sieht nur Kategorien, die für ihn freigegeben sind (direkt oder über Elternkategorie)
|
||||||
$categoriesData = [];
|
$categoriesData = [];
|
||||||
$query = "SELECT c.id, t.title, c.enable_post_color_pickers
|
$query = "SELECT c.id, t.title, c.enable_post_color_pickers
|
||||||
FROM knowledgecenter_categories_update AS c
|
FROM knowledgecenter_categories_update AS c
|
||||||
LEFT JOIN knowledgecenter_category_translations AS t
|
LEFT JOIN knowledgecenter_category_translations AS t
|
||||||
ON c.id = t.category_id
|
ON c.id = t.category_id
|
||||||
WHERE t.language_id = $languageId";
|
WHERE t.language_id = $languageId";
|
||||||
$result = mysqli_query($GLOBALS['mysql_con'], $query);
|
$result = mysqli_query($GLOBALS['mysql_con'], $query);
|
||||||
|
$isBrOnly = !is_wiki_redakteur() && is_wiki_betriebsrat();
|
||||||
while ($row = mysqli_fetch_assoc($result)) {
|
while ($row = mysqli_fetch_assoc($result)) {
|
||||||
// Hier wird der in der Übersetzungstabelle gespeicherte Titel als 'name' verwendet.
|
if ($isBrOnly && !is_category_betriebsrat_editable((int)$row['id'])) {
|
||||||
|
continue;
|
||||||
|
}
|
||||||
$categoriesData[] = [
|
$categoriesData[] = [
|
||||||
'value' => $row['id'],
|
'value' => $row['id'],
|
||||||
'name' => $row['title'],
|
'name' => $row['title'],
|
||||||
@@ -132,6 +136,13 @@ $result = mysqli_query($GLOBALS['mysql_con'], $query);
|
|||||||
while ($row = mysqli_fetch_assoc($result)) {
|
while ($row = mysqli_fetch_assoc($result)) {
|
||||||
$postEinrichtsData[] = ['value' => $row['id'], 'name' => $row['description']];
|
$postEinrichtsData[] = ['value' => $row['id'], 'name' => $row['description']];
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Verknüpfungskarte für Einrichtungen (Gruppen → Mitglieder)
|
||||||
|
$postEinrichtLinks = [];
|
||||||
|
$linkRes = mysqli_query($GLOBALS['mysql_con'], "SELECT einricht_id, linked_einricht_id FROM organigramm_einricht_link");
|
||||||
|
while ($lr = mysqli_fetch_assoc($linkRes)) {
|
||||||
|
$postEinrichtLinks[strval($lr['einricht_id'])][] = strval($lr['linked_einricht_id']);
|
||||||
|
}
|
||||||
$selectedPostEinrichts = [];
|
$selectedPostEinrichts = [];
|
||||||
if ($postId != 0) {
|
if ($postId != 0) {
|
||||||
$querySelected = "SELECT e.id, e.description
|
$querySelected = "SELECT e.id, e.description
|
||||||
@@ -185,7 +196,7 @@ if (!empty($post['text_color'])) {
|
|||||||
<button id="message" style="opacity:0; position: absolute;"></button>
|
<button id="message" style="opacity:0; position: absolute;"></button>
|
||||||
<div class="titlebar_small">
|
<div class="titlebar_small">
|
||||||
<h2><?=$translation->get("settings")?></h2>
|
<h2><?=$translation->get("settings")?></h2>
|
||||||
<?php if (get_permission_state('r-wiki', $GLOBALS['main_contact']['master_mandant_id'], $GLOBALS['main_contact']['id']) == 1) { ?>
|
<?php if ($canEditPost ?? false) { ?>
|
||||||
<span id="saveAllBtn" class="post-action-btn-small green"><?= $saveIcon ?></span>
|
<span id="saveAllBtn" class="post-action-btn-small green"><?= $saveIcon ?></span>
|
||||||
<?php } ?>
|
<?php } ?>
|
||||||
</div>
|
</div>
|
||||||
@@ -405,6 +416,17 @@ if (!empty($post['text_color'])) {
|
|||||||
if (selectedPostEinrichts.length) {
|
if (selectedPostEinrichts.length) {
|
||||||
tagifyPostEinrichts.addTags(selectedPostEinrichts);
|
tagifyPostEinrichts.addTags(selectedPostEinrichts);
|
||||||
}
|
}
|
||||||
|
var postEinrichtLinks = <?= json_encode($postEinrichtLinks) ?>;
|
||||||
|
tagifyPostEinrichts.on('add', function(e) {
|
||||||
|
var addedId = String(e.detail.data.value);
|
||||||
|
(postEinrichtLinks[addedId] || []).forEach(function(lid) {
|
||||||
|
var exists = tagifyPostEinrichts.value.some(function(t) { return String(t.value) === lid; });
|
||||||
|
if (!exists) {
|
||||||
|
var item = postEinrichtsData.find(function(d) { return String(d.value) === lid; });
|
||||||
|
if (item) tagifyPostEinrichts.addTags([item]);
|
||||||
|
}
|
||||||
|
});
|
||||||
|
});
|
||||||
|
|
||||||
// Fachbereiche für Post
|
// Fachbereiche für Post
|
||||||
var tagifyPostFachbereiche = new Tagify(document.getElementById('postFachbereichTags'), {
|
var tagifyPostFachbereiche = new Tagify(document.getElementById('postFachbereichTags'), {
|
||||||
@@ -424,7 +446,7 @@ if (!empty($post['text_color'])) {
|
|||||||
tagifyPostFachbereiche.addTags(selectedPostFachbereiche);
|
tagifyPostFachbereiche.addTags(selectedPostFachbereiche);
|
||||||
}
|
}
|
||||||
|
|
||||||
<?php if (get_permission_state('r-wiki', $GLOBALS['main_contact']['master_mandant_id'], $GLOBALS['main_contact']['id']) == 1) { ?>
|
<?php if ($canEditPost ?? false) { ?>
|
||||||
$("#saveAllBtn").on("click", function () {
|
$("#saveAllBtn").on("click", function () {
|
||||||
// Während des Speicherns blurren
|
// Während des Speicherns blurren
|
||||||
$("#tab-settings").addClass("blurred");
|
$("#tab-settings").addClass("blurred");
|
||||||
|
|||||||
@@ -3,14 +3,32 @@
|
|||||||
|
|
||||||
// Redirect-URL für den Zurück-Button bzw. Navigation
|
// Redirect-URL für den Zurück-Button bzw. Navigation
|
||||||
$redirectURL = isset($_GET['redirectURL']) ? $_GET['redirectURL'] : '?action=Category';
|
$redirectURL = isset($_GET['redirectURL']) ? $_GET['redirectURL'] : '?action=Category';
|
||||||
// Kategorien für das Dropdown holen (state = 1)
|
// Kategorien für das Dropdown holen
|
||||||
$catsQuery = "
|
$_isBrOnly = !is_wiki_redakteur() && is_wiki_betriebsrat();
|
||||||
SELECT c.id, t.title
|
if ($_isBrOnly) {
|
||||||
FROM knowledgecenter_categories_update AS c
|
$_brCatIds = get_all_betriebsrat_accessible_category_ids();
|
||||||
LEFT JOIN knowledgecenter_category_translations AS t
|
if (empty($_brCatIds)) {
|
||||||
ON t.category_id = c.id AND t.language_id = $languageId
|
$catsQuery = "SELECT NULL LIMIT 0";
|
||||||
ORDER BY t.title ASC
|
} else {
|
||||||
";
|
$_brCatIdList = implode(',', $_brCatIds);
|
||||||
|
$catsQuery = "
|
||||||
|
SELECT c.id, t.title
|
||||||
|
FROM knowledgecenter_categories_update AS c
|
||||||
|
LEFT JOIN knowledgecenter_category_translations AS t
|
||||||
|
ON t.category_id = c.id AND t.language_id = $languageId
|
||||||
|
WHERE c.id IN ($_brCatIdList)
|
||||||
|
ORDER BY t.title ASC
|
||||||
|
";
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
$catsQuery = "
|
||||||
|
SELECT c.id, t.title
|
||||||
|
FROM knowledgecenter_categories_update AS c
|
||||||
|
LEFT JOIN knowledgecenter_category_translations AS t
|
||||||
|
ON t.category_id = c.id AND t.language_id = $languageId
|
||||||
|
ORDER BY t.title ASC
|
||||||
|
";
|
||||||
|
}
|
||||||
$catsResult = mysqli_query($GLOBALS['mysql_con'], $catsQuery);
|
$catsResult = mysqli_query($GLOBALS['mysql_con'], $catsQuery);
|
||||||
$allCategories = [];
|
$allCategories = [];
|
||||||
while ($r = mysqli_fetch_assoc($catsResult)) {
|
while ($r = mysqli_fetch_assoc($catsResult)) {
|
||||||
@@ -44,9 +62,14 @@ while ($r = mysqli_fetch_assoc($catsResult)) {
|
|||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
|
||||||
|
<?php
|
||||||
|
$_brCategoryIds = $_isBrOnly ? ($_brCatIds ?? []) : null;
|
||||||
|
$_brCategoryIdsJson = json_encode($_brCategoryIds);
|
||||||
|
?>
|
||||||
<script>
|
<script>
|
||||||
var myRedirectURL = window.location.href;
|
var myRedirectURL = window.location.href;
|
||||||
var debounceTimer;
|
var debounceTimer;
|
||||||
|
var brCategoryIds = <?= $_brCategoryIdsJson ?>;
|
||||||
|
|
||||||
function loadPostList() {
|
function loadPostList() {
|
||||||
var searchQuery = $('#searchQuery').val();
|
var searchQuery = $('#searchQuery').val();
|
||||||
@@ -61,7 +84,8 @@ while ($r = mysqli_fetch_assoc($catsResult)) {
|
|||||||
language_id: '<?= $languageId ?>',
|
language_id: '<?= $languageId ?>',
|
||||||
redirectURL: myRedirectURL,
|
redirectURL: myRedirectURL,
|
||||||
query: searchQuery,
|
query: searchQuery,
|
||||||
category_id: categoryId // hier mitgeben
|
category_id: categoryId,
|
||||||
|
br_category_ids: brCategoryIds !== null ? JSON.stringify(brCategoryIds) : null
|
||||||
},
|
},
|
||||||
dataType: 'json',
|
dataType: 'json',
|
||||||
beforeSend: function () { $('#overlayLoader').show(); },
|
beforeSend: function () { $('#overlayLoader').show(); },
|
||||||
|
|||||||
@@ -747,13 +747,45 @@ function multi_select_permission($navigation_id, $type){
|
|||||||
<script type="text/javascript" src="/plugins/jquery/jquery-3.5.1.min.js"></script>
|
<script type="text/javascript" src="/plugins/jquery/jquery-3.5.1.min.js"></script>
|
||||||
<script type="text/javascript" src="/plugins/Semantic-UI-master/semantic.min.js"></script>
|
<script type="text/javascript" src="/plugins/Semantic-UI-master/semantic.min.js"></script>
|
||||||
<link rel="stylesheet" type="text/css" href="/plugins/Semantic-UI-master/bc-semantic.css?time=<?= filemtime($_SERVER['DOCUMENT_ROOT'] . '/plugins/Semantic-UI-master/bc-semantic.css')?>">
|
<link rel="stylesheet" type="text/css" href="/plugins/Semantic-UI-master/bc-semantic.css?time=<?= filemtime($_SERVER['DOCUMENT_ROOT'] . '/plugins/Semantic-UI-master/bc-semantic.css')?>">
|
||||||
|
<?php
|
||||||
|
$einrichtLinks = [];
|
||||||
|
if ($type == "einricht") {
|
||||||
|
$linkRes = mysqli_query($GLOBALS['mysql_con'],
|
||||||
|
"SELECT einricht_id, linked_einricht_id FROM organigramm_einricht_link");
|
||||||
|
while ($lr = mysqli_fetch_assoc($linkRes)) {
|
||||||
|
$einrichtLinks[strval($lr['einricht_id'])][] = strval($lr['linked_einricht_id']);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
?>
|
||||||
<script>
|
<script>
|
||||||
var $y = jQuery.noConflict();
|
var $y = jQuery.noConflict();
|
||||||
$y( document ).ready(function() {
|
$y( document ).ready(function() {
|
||||||
$y('.websites.ui.fluid.multiple.dropdown.type_<?= $type ?>').dropdown('set selected', <?= json_encode($preselect) ?>);
|
var $drop = $y('.websites.ui.fluid.multiple.dropdown.type_<?= $type ?>');
|
||||||
|
<?php if ($type == "einricht"): ?>
|
||||||
|
var einrichtLinks = <?= json_encode($einrichtLinks) ?>;
|
||||||
|
var busy = false;
|
||||||
|
$drop.dropdown({
|
||||||
|
onChange: function(value) {
|
||||||
|
if (busy) return;
|
||||||
|
var current = value ? value.split(',').filter(Boolean) : [];
|
||||||
|
var toAdd = [];
|
||||||
|
current.forEach(function(id) {
|
||||||
|
(einrichtLinks[id] || []).forEach(function(lid) {
|
||||||
|
if (current.indexOf(lid) < 0 && toAdd.indexOf(lid) < 0) toAdd.push(lid);
|
||||||
|
});
|
||||||
|
});
|
||||||
|
if (toAdd.length) {
|
||||||
|
busy = true;
|
||||||
|
$drop.dropdown('set selected', current.concat(toAdd));
|
||||||
|
busy = false;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
});
|
||||||
|
<?php endif; ?>
|
||||||
|
$drop.dropdown('set selected', <?= json_encode($preselect) ?>);
|
||||||
});
|
});
|
||||||
$("<?php echo "#all_".$type;?>").click(function() {
|
$("<?php echo "#all_".$type;?>").click(function() {
|
||||||
$y('.websites.ui.fluid.multiple.dropdown.type_<?= $type ?>').dropdown('set selected', <?= json_encode($allselect) ?>);
|
$y('.websites.ui.fluid.multiple.dropdown.type_<?= $type ?>').dropdown('set selected', <?= json_encode($allselect) ?>);
|
||||||
});
|
});
|
||||||
</script>
|
</script>
|
||||||
<?
|
<?
|
||||||
|
|||||||
@@ -99,7 +99,8 @@ function save_facility() {
|
|||||||
$messages[] = '<div class="successbox">' . $translation->get("role_msg_success2") . '</div>';
|
$messages[] = '<div class="successbox">' . $translation->get("role_msg_success2") . '</div>';
|
||||||
}
|
}
|
||||||
saveMandantLink($input_id);
|
saveMandantLink($input_id);
|
||||||
edit_role($input_id, $messages);
|
saveLinkedEinrichts($input_id);
|
||||||
|
edit_facility($input_id, $messages);
|
||||||
} else {
|
} else {
|
||||||
header('EDIT_ERROR: 1');
|
header('EDIT_ERROR: 1');
|
||||||
// $input_role["id"] = $_POST["input_id"];
|
// $input_role["id"] = $_POST["input_id"];
|
||||||
@@ -110,6 +111,28 @@ function save_facility() {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function saveLinkedEinrichts($einricht_id) {
|
||||||
|
$einricht_id = (int)$einricht_id;
|
||||||
|
if ($einricht_id <= 0) return;
|
||||||
|
|
||||||
|
// Alle alten Verknüpfungen löschen
|
||||||
|
mysqli_query($GLOBALS['mysql_con'],
|
||||||
|
"DELETE FROM organigramm_einricht_link WHERE einricht_id = $einricht_id");
|
||||||
|
|
||||||
|
// Neue Verknüpfungen speichern
|
||||||
|
$raw = trim($_POST['linked_einrichts'] ?? '');
|
||||||
|
if ($raw === '') return;
|
||||||
|
|
||||||
|
foreach (explode(',', $raw) as $linkedId) {
|
||||||
|
$linkedId = (int)trim($linkedId);
|
||||||
|
if ($linkedId > 0 && $linkedId !== $einricht_id) {
|
||||||
|
mysqli_query($GLOBALS['mysql_con'],
|
||||||
|
"INSERT IGNORE INTO organigramm_einricht_link (einricht_id, linked_einricht_id)
|
||||||
|
VALUES ($einricht_id, $linkedId)");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
function saveMandantLink($role_id){
|
function saveMandantLink($role_id){
|
||||||
$mandant_id = $_POST['select_mandant'];
|
$mandant_id = $_POST['select_mandant'];
|
||||||
$mandante = explode(',', $mandant_id);
|
$mandante = explode(',', $mandant_id);
|
||||||
|
|||||||
@@ -1,48 +1,101 @@
|
|||||||
<?php
|
<?php
|
||||||
$formname = "form_facility_card";
|
$formname = "form_facility_card";
|
||||||
$translation = \DynCom\mysyde\common\classes\Registry::get("translation");
|
$translation = \DynCom\mysyde\common\classes\Registry::get("translation");
|
||||||
$inputname = "input_id";
|
$inputname = "input_id";
|
||||||
?>
|
|
||||||
|
$currentId = (int)($input_role["id"] ?? 0);
|
||||||
<div id="overlaycrumb">
|
|
||||||
<?php if ($input_role["id"] == "") {
|
// Alle Einrichtungen außer der aktuellen laden
|
||||||
echo $translation->get("new_facility");
|
$allEinrichts = [];
|
||||||
} else {
|
$qAll = mysqli_query($GLOBALS['mysql_con'],
|
||||||
echo $translation->get("edit_facility");
|
"SELECT id, description FROM organigramm_einricht ORDER BY description ASC");
|
||||||
}
|
while ($row = mysqli_fetch_assoc($qAll)) {
|
||||||
?>
|
if ((int)$row['id'] !== $currentId) {
|
||||||
<div id="closeoverlay" onclick="disableOverlay();"></div>
|
$allEinrichts[] = $row;
|
||||||
</div>
|
}
|
||||||
<ul class="toolbar_menu">
|
}
|
||||||
<?= button("save", $translation->get("save_and_close"), $formname, "loadCard('save', true, '', true)"); ?>
|
|
||||||
<li>
|
// Bereits verknüpfte Einrichtungen laden
|
||||||
<ul>
|
$preselect = [];
|
||||||
<?php
|
if ($currentId > 0) {
|
||||||
if ($input_role["id"] != "") {
|
$qLinked = mysqli_query($GLOBALS['mysql_con'],
|
||||||
echo button("delete", $translation->get("delete"), $formname, "loadCard('delete', true, '{$translation->get('delete_role_confirm')}', true)", "", FALSE);
|
"SELECT linked_einricht_id FROM organigramm_einricht_link WHERE einricht_id = $currentId");
|
||||||
}
|
while ($row = mysqli_fetch_assoc($qLinked)) {
|
||||||
?>
|
$preselect[] = $row['linked_einricht_id'];
|
||||||
<?= button("reset", $translation->get("restore"), $formname, "?action=edit", "", FALSE); ?>
|
}
|
||||||
</ul>
|
}
|
||||||
</li>
|
?>
|
||||||
</ul>
|
|
||||||
|
<div id="overlaycrumb">
|
||||||
<?php
|
<?php if ($input_role["id"] == "") {
|
||||||
if ($messages !== null) {
|
echo $translation->get("new_facility");
|
||||||
if (count($messages)) {
|
} else {
|
||||||
echo '<div id="overlayMessages">' . join("\r\n", $messages) . '</div>';
|
echo $translation->get("edit_facility");
|
||||||
}
|
} ?>
|
||||||
}
|
<div id="closeoverlay" onclick="disableOverlay();"></div>
|
||||||
|
</div>
|
||||||
|
|
||||||
?>
|
<ul class="toolbar_menu">
|
||||||
|
<?= button("save", $translation->get("save"), $formname, "loadCard('save', true)"); ?>
|
||||||
<form id="<?= $formname ?>" name="<?= $formname ?>" method="post">
|
<?= button("save", $translation->get("save_and_close"), $formname, "loadCard('save', true, '', true)"); ?>
|
||||||
<input name="input_id" type="hidden" value="<?= $input_role["id"] ?>">
|
<li>
|
||||||
|
<ul>
|
||||||
<table class="cardform" border="0" cellspacing="0" cellpadding="0">
|
<?php if ($input_role["id"] != ""): ?>
|
||||||
<div>
|
<?= button("delete", $translation->get("delete"), $formname, "loadCard('delete', true, '{$translation->get('delete_role_confirm')}', true)", "", FALSE); ?>
|
||||||
<? input($translation->get("description"), "input_description", "text", $input_role["description"], 100) ?>
|
<?php endif; ?>
|
||||||
</div>
|
<?= button("reset", $translation->get("restore"), $formname, "?action=edit", "", FALSE); ?>
|
||||||
</table>
|
</ul>
|
||||||
</form>
|
</li>
|
||||||
|
</ul>
|
||||||
|
|
||||||
|
<?php if ($messages !== null && count($messages)): ?>
|
||||||
|
<div id="overlayMessages"><?= join("\r\n", $messages) ?></div>
|
||||||
|
<?php endif; ?>
|
||||||
|
|
||||||
|
<form id="<?= $formname ?>" name="<?= $formname ?>" method="post">
|
||||||
|
<input name="input_id" type="hidden" value="<?= $input_role["id"] ?>">
|
||||||
|
|
||||||
|
<table class="cardform" border="0" cellspacing="0" cellpadding="0">
|
||||||
|
<div>
|
||||||
|
<? input($translation->get("description"), "input_description", "text", $input_role["description"], 100) ?>
|
||||||
|
</div>
|
||||||
|
<tr>
|
||||||
|
<div class="label">Verknüpfte Einrichtungen</div>
|
||||||
|
<div class="einricht-link bc-select-ui ui fluid multiple search selection dropdown" style="clear:both; display:inline-block;">
|
||||||
|
<input type="hidden" name="linked_einrichts">
|
||||||
|
<i class="dropdown icon"></i>
|
||||||
|
<div class="default text">Einrichtungen auswählen…</div>
|
||||||
|
<div class="menu">
|
||||||
|
<?php foreach ($allEinrichts as $e): ?>
|
||||||
|
<div class="item" data-value="<?= (int)$e['id'] ?>">
|
||||||
|
<?= htmlspecialchars($e['description']) ?>
|
||||||
|
</div>
|
||||||
|
<?php endforeach; ?>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</tr>
|
||||||
|
</table>
|
||||||
|
</form>
|
||||||
|
|
||||||
|
<script type="text/javascript" src="/plugins/jquery/jquery-3.5.1.min.js"></script>
|
||||||
|
<script type="text/javascript" src="/plugins/Semantic-UI-master/semantic.min.js"></script>
|
||||||
|
<link rel="stylesheet" type="text/css" href="/plugins/Semantic-UI-master/bc-semantic.css?time=<?= filemtime($_SERVER['DOCUMENT_ROOT'] . '/plugins/Semantic-UI-master/bc-semantic.css') ?>">
|
||||||
|
<script>
|
||||||
|
var $y = jQuery.noConflict();
|
||||||
|
$y(document).ready(function () {
|
||||||
|
var $drop = $y('.einricht-link.ui.fluid.multiple.dropdown');
|
||||||
|
var $hidden = $y('input[name="linked_einrichts"]');
|
||||||
|
|
||||||
|
$drop.dropdown({
|
||||||
|
onChange: function (value) {
|
||||||
|
$hidden.val(value);
|
||||||
|
}
|
||||||
|
});
|
||||||
|
|
||||||
|
var preselect = <?= json_encode($preselect) ?>.map(String);
|
||||||
|
if (preselect.length) {
|
||||||
|
$drop.dropdown('set selected', preselect);
|
||||||
|
$hidden.val(preselect.join(','));
|
||||||
|
}
|
||||||
|
});
|
||||||
|
</script>
|
||||||
|
|||||||
Reference in New Issue
Block a user