From 4b16b68f24219f7e18e16f11aa099641181db43e Mon Sep 17 00:00:00 2001 From: jekkos-t520 Date: Sat, 20 Sep 2014 18:27:24 +0200 Subject: [PATCH 1/7] Added more granular permissions for report module Extend permission system to allow 'submodule' permissions Add permissions for stock locations (multistore support) --- application/config/config.php | 2 +- application/controllers/reports.php | 3 +- application/controllers/secure_area.php | 1 + application/helpers/report_helper.php | 20 ++++++ application/language/en/items_lang.php | 4 -- application/language/en/reports_lang.php | 5 +- application/language/es/reports_lang.php | 4 +- application/language/fr/reports_lang.php | 4 +- application/language/id/reports_lang.php | 4 +- application/language/nl-BE/reports_lang.php | 4 +- application/language/ru/reports_lang.php | 4 +- application/language/th/items_lang.php | 3 - application/language/th/reports_lang.php | 8 +-- application/language/zh/reports_lang.php | 4 +- application/models/stock_locations.php | 31 ++++++--- application/views/employees/form.php | 22 ++++++- application/views/home.php | 3 + application/views/partial/header.php | 7 +- application/views/reports/listing.php | 73 +++++++++++---------- css/popupbox.css | 7 ++ database/2.3_to_2.3.1.sql | 24 +++++++ database/database.sql | 23 +++++-- 22 files changed, 183 insertions(+), 77 deletions(-) create mode 100644 database/2.3_to_2.3.1.sql diff --git a/application/config/config.php b/application/config/config.php index 315d10762..1d098dd89 100644 --- a/application/config/config.php +++ b/application/config/config.php @@ -9,7 +9,7 @@ | | */ -$config['application_version'] = '2.3'; +$config['application_version'] = '2.3.1'; /* |-------------------------------------------------------------------------- diff --git a/application/controllers/reports.php b/application/controllers/reports.php index 294594f0e..6d949d46a 100644 --- a/application/controllers/reports.php +++ b/application/controllers/reports.php @@ -6,6 +6,7 @@ define("FORM_WIDTH", "400"); class Reports extends Secure_area { + function __construct() { parent::__construct('reports'); @@ -927,7 +928,7 @@ class Reports extends Secure_area } $data = array( - "title" => $this->lang->line('reports_low_inventory_report'), + "title" => $this->lang->line('reports_inventory_low_report'), "subtitle" => '', "headers" => $model->getDataColumns(), "data" => $tabular_data, diff --git a/application/controllers/secure_area.php b/application/controllers/secure_area.php index 5dda41ed0..5e0f86637 100644 --- a/application/controllers/secure_area.php +++ b/application/controllers/secure_area.php @@ -22,6 +22,7 @@ class Secure_area extends CI_Controller //load up global data $logged_in_employee_info=$this->Employee->get_logged_in_employee_info(); $data['allowed_modules']=$this->Module->get_allowed_modules($logged_in_employee_info->person_id); + // TODO check access for at least one submodule (if available) $data['user_info']=$logged_in_employee_info; $this->load->vars($data); } diff --git a/application/helpers/report_helper.php b/application/helpers/report_helper.php index 2b380e316..2951d937e 100644 --- a/application/helpers/report_helper.php +++ b/application/helpers/report_helper.php @@ -84,4 +84,24 @@ function random_color() $c .= sprintf("%02X", mt_rand(0, 255)); } return $c; +} + +function show_report_if_allowed($allowed_modules, $report_prefix, $report_name, $permission='') +{ + $CI =& get_instance(); + $lang_line = 'reports_' .$report_name; + $report_label = $CI->lang->line($lang_line); + $permission = empty($permission) ? $report_name : $permission; + if (!empty($report_label)) + { + foreach($allowed_modules->result() as $module) + { + if ($module->module_id == 'reports_'. $permission) + { + ?> +
    • + diff --git a/application/language/en/reports_lang.php b/application/language/en/reports_lang.php index e380f931a..775c30ac4 100644 --- a/application/language/en/reports_lang.php +++ b/application/language/en/reports_lang.php @@ -68,11 +68,11 @@ $lang['reports_summary_reports'] = 'Summary Reports'; $lang['reports_graphical_reports'] = 'Graphical Reports'; $lang['reports_detailed_reports'] = 'Detailed Reports'; $lang['reports_inventory_reports'] = 'Inventory Reports'; -$lang['reports_low_inventory'] = 'Low Inventory'; +$lang['reports_inventory_low'] = 'Low Inventory'; $lang['reports_inventory_summary'] = ' Inventory Summary'; $lang['reports_item_number'] = 'Item Number'; $lang['reports_reorder_level'] = 'Reorder Level'; -$lang['reports_low_inventory_report'] = 'Low Inventory Report'; +$lang['reports_inventory_low_report'] = 'Low Inventory Report'; $lang['reports_item_name'] = 'Item Name'; $lang['reports_inventory_summary_report'] = 'Inventory Summary Report'; $lang['reports_payment_type'] = 'Payment Type'; @@ -92,4 +92,5 @@ $lang['reports_sales'] = 'Sales'; $lang['reports_requisitions'] = 'Requisitions'; $lang['reports_receiving_id'] = 'Receiving ID'; $lang['reports_stock_location'] = 'Stock location'; +$lang['reports_inventory'] = 'Inventory'; ?> diff --git a/application/language/es/reports_lang.php b/application/language/es/reports_lang.php index 93b7df5a4..ac5d8267b 100644 --- a/application/language/es/reports_lang.php +++ b/application/language/es/reports_lang.php @@ -66,11 +66,11 @@ $lang['reports_summary_reports'] = 'Reportes Resumidos'; $lang['reports_graphical_reports'] = 'Reportes Gráficos'; $lang['reports_detailed_reports'] = 'Reportes Detallados'; $lang['reports_inventory_reports'] = 'Reportes de Inventario'; -$lang['reports_low_inventory'] = 'Inventario Bajo'; +$lang['reports_inventory_low'] = 'Inventario Bajo'; $lang['reports_inventory_summary'] = 'Resumen de Inventario'; $lang['reports_item_number'] = 'Número de Artículo'; $lang['reports_reorder_level'] = 'Cantidad Mínima'; -$lang['reports_low_inventory_report'] = 'Reporte de Inventario Bajo'; +$lang['reports_inventory_low_report'] = 'Reporte de Inventario Bajo'; $lang['reports_item_name'] = 'Nombre del Artículo'; $lang['reports_inventory_summary_report'] = 'Reporte de Resumen de Inventario'; $lang['reports_payment_type'] = 'Tipo de Pago'; diff --git a/application/language/fr/reports_lang.php b/application/language/fr/reports_lang.php index 1a1cdac35..a00c4a96f 100644 --- a/application/language/fr/reports_lang.php +++ b/application/language/fr/reports_lang.php @@ -68,11 +68,11 @@ $lang['reports_summary_reports'] = 'Rapports de Résumés'; $lang['reports_graphical_reports'] = 'Rapports Graphiques'; $lang['reports_detailed_reports'] = 'Rapports Détaillés'; $lang['reports_inventory_reports'] = 'Rapports d\'Inventaire'; -$lang['reports_low_inventory'] = 'Niveau d\'Inventaire Bas'; +$lang['reports_inventory_low'] = 'Niveau d\'Inventaire Bas'; $lang['reports_inventory_summary'] = ' Résumé d\'Inventaire'; $lang['reports_item_number'] = 'Numéro d\'Item'; $lang['reports_reorder_level'] = 'Seuil de Réapprovisionnement'; -$lang['reports_low_inventory_report'] = 'Rapport de Niveau d\'Inventaire Bas'; +$lang['reports_inventory_low_report'] = 'Rapport de Niveau d\'Inventaire Bas'; $lang['reports_item_name'] = 'Nom d\'Item'; $lang['reports_inventory_summary_report'] = 'Rapport: Résumé d\'Inventaire'; $lang['reports_payment_type'] = 'Type Paiement'; diff --git a/application/language/id/reports_lang.php b/application/language/id/reports_lang.php index ac6fb5741..61a78a6a9 100644 --- a/application/language/id/reports_lang.php +++ b/application/language/id/reports_lang.php @@ -66,11 +66,11 @@ $lang['reports_summary_reports'] = 'Ringkasan Laporan'; $lang['reports_graphical_reports'] = 'Laporan Dalam Bentuk Grafis'; $lang['reports_detailed_reports'] = 'Perincian Laporan'; $lang['reports_inventory_reports'] = 'Laporan Inventori'; -$lang['reports_low_inventory'] = 'Laporan Inventori Rendah'; +$lang['reports_inventory_low'] = 'Laporan Inventori Rendah'; $lang['reports_inventory_summary'] = 'Laporan Ringkasan Inventori'; $lang['reports_item_number'] = 'Nomor Barang'; $lang['reports_reorder_level'] = 'Level Pesan Ulang'; -$lang['reports_low_inventory_report'] = 'Laporan Inventori Rendah'; +$lang['reports_inventory_low_report'] = 'Laporan Inventori Rendah'; $lang['reports_item_name'] = 'Nama Barang'; $lang['reports_inventory_summary_report'] = 'Laporan Ringkasan Inventori'; $lang['reports_payment_type'] = 'Jenis Pembayaran'; diff --git a/application/language/nl-BE/reports_lang.php b/application/language/nl-BE/reports_lang.php index 9975b6af3..4f4377758 100755 --- a/application/language/nl-BE/reports_lang.php +++ b/application/language/nl-BE/reports_lang.php @@ -66,11 +66,11 @@ $lang['reports_summary_reports'] = 'Overzicht Rapporten'; $lang['reports_graphical_reports'] = 'Grafische Rapporten'; $lang['reports_detailed_reports'] = 'Gedetailleerde Rapporten'; $lang['reports_inventory_reports'] = 'Rapporten Bevoorrading'; -$lang['reports_low_inventory'] = 'Herbevoorrading'; +$lang['reports_inventory_low'] = 'Herbevoorrading'; $lang['reports_inventory_summary'] = 'Overzicht Vooraad'; $lang['reports_item_number'] = 'Productnummer'; $lang['reports_reorder_level'] = 'Reorder Level'; -$lang['reports_low_inventory_report'] = 'Rapport Herbevoorrading'; +$lang['reports_inventory_low_report'] = 'Rapport Herbevoorrading'; $lang['reports_item_name'] = 'Product Naam'; $lang['reports_inventory_summary_report'] = 'Rapport Overzicht Vooraad'; $lang['reports_payment_type'] = 'Payment Type'; diff --git a/application/language/ru/reports_lang.php b/application/language/ru/reports_lang.php index 2fd82dab8..6a34447a4 100644 --- a/application/language/ru/reports_lang.php +++ b/application/language/ru/reports_lang.php @@ -66,11 +66,11 @@ $lang['reports_summary_reports'] = 'Сводные отчеты'; $lang['reports_graphical_reports'] = 'графических отчетов'; $lang['reports_detailed_reports'] = 'Подробные отчеты'; $lang['reports_inventory_reports'] = 'Инвентаризация Отчеты'; -$lang['reports_low_inventory'] = 'Низкий инвентаризации'; +$lang['reports_inventory_low'] = 'Низкий инвентаризации'; $lang['reports_inventory_summary'] = ' Сводка инвентаризации'; $lang['reports_item_number'] = 'Номер Товара'; $lang['reports_reorder_level'] = 'минимальный уровень'; -$lang['reports_low_inventory_report'] = 'отчет Низкии инвентаризации'; +$lang['reports_inventory_low_report'] = 'отчет Низкии инвентаризации'; $lang['reports_item_name'] = 'Название товара'; $lang['reports_inventory_summary_report'] = 'Отчет Сводка инвентаризации'; $lang['reports_payment_type'] = 'Вид оплаты'; diff --git a/application/language/th/items_lang.php b/application/language/th/items_lang.php index ce415f097..6201438ce 100644 --- a/application/language/th/items_lang.php +++ b/application/language/th/items_lang.php @@ -77,9 +77,6 @@ $lang['items_use_inventory_menu'] = 'ใช้สินค้าคงเหล $lang['items_manually_editing_of_quantity'] = 'แก้ไขจำนวน'; $lang['items_inventory'] = 'สินค้าคงเหลือ'; $lang['items_location'] = 'ที่ตั้ง'; -$lang['items_unit_quantity'] = 'จำนวนหน่วย'; -$lang['items_related_number'] = 'สินค้าที่เกี่ยวข้อง'; -$lang['items_stock_type_warehouse'] = 'สินค้าหลังร้าน'; $lang['items_stock_type'] = 'ชนิดของสินค้า'; ?> diff --git a/application/language/th/reports_lang.php b/application/language/th/reports_lang.php index 05a198ca0..07d26d52a 100644 --- a/application/language/th/reports_lang.php +++ b/application/language/th/reports_lang.php @@ -66,11 +66,11 @@ $lang['reports_summary_reports'] = 'สรุปรายงาน'; $lang['reports_graphical_reports'] = 'รายงายแบบกราฟ'; $lang['reports_detailed_reports'] = 'รายละเอียดรายงาน'; $lang['reports_inventory_reports'] = 'รายงานสินค้าคงเหลือ'; -$lang['reports_low_inventory'] = 'สินค้าเหลือน้อย'; +$lang['reports_inventory_low'] = 'สินค้าเหลือน้อย'; $lang['reports_inventory_summary'] = ' รายงานสินค้าคงเหลือ'; $lang['reports_item_number'] = 'เลขสินค้า'; $lang['reports_reorder_level'] = 'ระดับการสั่งใหม่'; -$lang['reports_low_inventory_report'] = 'รายงานสินค้าที่เหลือน้อย'; +$lang['reports_inventory_low_report'] = 'รายงานสินค้าที่เหลือน้อย'; $lang['reports_item_name'] = 'ชื่อสินค้า'; $lang['reports_inventory_summary_report'] = 'รายงานสรุปสินค้าคงเหลือ'; $lang['reports_payment_type'] = 'ชนิดการจ่าย'; @@ -166,11 +166,11 @@ $lang['reports_summary_reports'] = 'สรุปรายงาน'; $lang['reports_graphical_reports'] = 'รายงายแบบกราฟ'; $lang['reports_detailed_reports'] = 'รายละเอียดรายงาน'; $lang['reports_inventory_reports'] = 'รายงานสินค้าคงเหลือ'; -$lang['reports_low_inventory'] = 'สินค้าเหลือน้อย'; +$lang['reports_inventory_low'] = 'สินค้าเหลือน้อย'; $lang['reports_inventory_summary'] = ' รายงานสินค้าคงเหลือ'; $lang['reports_item_number'] = 'เลขสินค้า'; $lang['reports_reorder_level'] = 'ระดับการสั่งใหม่'; -$lang['reports_low_inventory_report'] = 'รายงานสินค้าที่เหลือน้อย'; +$lang['reports_inventory_low_report'] = 'รายงานสินค้าที่เหลือน้อย'; $lang['reports_item_name'] = 'ชื่อสินค้า'; $lang['reports_inventory_summary_report'] = 'รายงานสรุปสินค้าคงเหลือ'; $lang['reports_payment_type'] = 'ชนิดการจ่าย'; diff --git a/application/language/zh/reports_lang.php b/application/language/zh/reports_lang.php index 7b1b1501c..7e439d1ea 100755 --- a/application/language/zh/reports_lang.php +++ b/application/language/zh/reports_lang.php @@ -66,11 +66,11 @@ $lang['reports_summary_reports'] = '摘要報表'; $lang['reports_graphical_reports'] = '圖表'; $lang['reports_detailed_reports'] = '詳細報表'; $lang['reports_inventory_reports'] = '庫存報告'; -$lang['reports_low_inventory'] = '低庫存'; +$lang['reports_inventory_low'] = '低庫存'; $lang['reports_inventory_summary'] = ' 庫存摘要'; $lang['reports_item_number'] = '產品數量'; $lang['reports_reorder_level'] = '補貨點'; -$lang['reports_low_inventory_report'] = '低庫存報告'; +$lang['reports_inventory_low_report'] = '低庫存報告'; $lang['reports_item_name'] = '產品名稱'; $lang['reports_inventory_summary_report'] = '庫存報告摘要'; $lang['reports_payment_type'] = '付款模式'; diff --git a/application/models/stock_locations.php b/application/models/stock_locations.php index 4ad2107de..9e73d5e13 100644 --- a/application/models/stock_locations.php +++ b/application/models/stock_locations.php @@ -13,6 +13,9 @@ class Stock_locations extends CI_Model function get_all($limit=10000, $offset=0) { $this->db->from('stock_locations'); + $this->db->join('modules', 'modules.module_id=concat(\'items_stock\', location_id)'); + $this->db->join('permissions', 'permissions.module_id=modules.module_id'); + $this->db->where('person_id', $this->session->userdata('person_id')); $this->db->limit($limit); $this->db->offset($offset); return $this->db->get(); @@ -22,6 +25,9 @@ class Stock_locations extends CI_Model { $this->db->select('location_name'); $this->db->from('stock_locations'); + $this->db->join('modules', 'modules.module_id=concat(\'items_stock\', location_id)'); + $this->db->join('permissions', 'permissions.module_id=modules.module_id'); + $this->db->where('person_id', $this->session->userdata('person_id')); $this->db->where('deleted', 0); return $this->db->get(); } @@ -37,20 +43,15 @@ class Stock_locations extends CI_Model function get_undeleted_all($limit=10000, $offset=0) { $this->db->from('stock_locations'); + $this->db->join('modules', 'modules.module_id=concat(\'items_stock\', location_id)'); + $this->db->join('permissions', 'permissions.module_id=modules.module_id'); + $this->db->where('person_id', $this->session->userdata('person_id')); $this->db->where('deleted',0); $this->db->limit($limit); $this->db->offset($offset); return $this->db->get(); } - function get_location_id($location_name) - { - $this->db->from('stock_locations'); - $this->db->where('deleted',0); - $this->db->where('location_name',$location_name); - return $this->db->get()->row()->location_id; - } - function get_location_name($location_id) { $this->db->from('stock_locations'); @@ -91,6 +92,8 @@ class Stock_locations extends CI_Model $this->db->where('location_id', $db['location_id']); $this->db->update('stock_locations',array('location_name'=>$db['location_name'],'deleted'=>0)); + // remmove module (and permissions) for stock location + $this->db->delete('modules', array('module_id' => 'items_stock'.$db['location_id'])); } $to_create = false; break; @@ -101,6 +104,18 @@ class Stock_locations extends CI_Model { $location_data = array('location_name'=>$location,'deleted'=>0); $this->db->insert('stock_locations',$location_data); + // insert new module for stock location + $module_id = 'items_stock'.$this->db->insert_id(); + $module_name = 'module_'.$module_id; + $module_data = array('name_lang_key' => $module_name, 'desc_lang_key' => $module_name.'_desc', 'module_id' => $module_id); + $this->db->insert('modules', $module_data); + // insert permissions for stock location + $employees = $this->Employee->get_all(); + foreach ($employees->result_array() as $employee) + { + $permission_data = array('module_id' => $module_id, 'person_id' => $employee['person_id']); + $this->db->insert('permissions', $permission_data); + } } } $this->db->trans_complete(); diff --git a/application/views/employees/form.php b/application/views/employees/form.php index 389c04612..90b834eef 100644 --- a/application/views/employees/form.php +++ b/application/views/employees/form.php @@ -54,15 +54,35 @@ $password_label_attributes = $person_info->person_id == "" ? array('class'=>'req result() as $module) { + if (sizeof(explode('_', $module->module_id)) == 1) + { ?>
  • module_id,$this->Employee->has_permission($module->module_id,$person_info->person_id)); ?> lang->line('module_'.$module->module_id);?>: lang->line('module_'.$module->module_id.'_desc');?> -
    • result() as $submodule) + { + $exploded_submodule_id = explode('_', $submodule->module_id); + if (sizeof($exploded_submodule_id) > 1 && $exploded_submodule_id[0] == $module->module_id) + { + $lang_line = $this->lang->line('reports_'.$exploded_submodule_id[1]); + $lang_line = empty($lang_line) ? $exploded_submodule_id[1] : $lang_line; + ?> + + + result() as $module) { + if (sizeof(explode('_', $module->module_id)) == 1) + { ?>
    module_id");?>"> @@ -13,6 +15,7 @@ - lang->line('module_'.$module->module_id.'_desc');?>
    diff --git a/application/views/partial/header.php b/application/views/partial/header.php index 3f65a343f..9b2514a18 100644 --- a/application/views/partial/header.php +++ b/application/views/partial/header.php @@ -44,13 +44,16 @@ html { result() as $module) { - ?> + if (sizeof(explode('_', $module->module_id)) == 1) + { + ?>
    module_id");?>"> Menubar Image
    module_id");?>">lang->line("module_".$module->module_id) ?>
    - diff --git a/application/views/reports/listing.php b/application/views/reports/listing.php index 37589ae9b..a3383c751 100644 --- a/application/views/reports/listing.php +++ b/application/views/reports/listing.php @@ -5,49 +5,60 @@ ".$error.""; } ?> -load->view("partial/footer"); ?> - - +load->view("partial/footer"); ?> \ No newline at end of file diff --git a/css/popupbox.css b/css/popupbox.css index 64f967764..bd4b54169 100644 --- a/css/popupbox.css +++ b/css/popupbox.css @@ -49,6 +49,13 @@ padding:5px; } +#permission_list ul li +{ + padding-left:20px; + padding-bottom: 0px; + list-style:none; +} + #permission_list input { top:3px; diff --git a/database/2.3_to_2.3.1.sql b/database/2.3_to_2.3.1.sql new file mode 100644 index 000000000..38a6eb50f --- /dev/null +++ b/database/2.3_to_2.3.1.sql @@ -0,0 +1,24 @@ +-- add granular report permissions +INSERT INTO ospos_modules (name_lang_key, desc_lang_key, sort, module_id) VALUES +('module_reports_sales', 'module_reports_sales_desc', 51, 'reports_sales'), +('module_reports_receivings', 'module_reports_receivings_desc', 52, 'reports_receivings'), +('module_reports_items', 'module_reports_items_desc', 54, 'reports_items'), +('module_reports_inventory', 'module_reports_inventory_desc', 55, 'reports_inventory'), +('module_reports_customers', 'module_reports_customers_desc', 56, 'reports_customers'), +('module_reports_employees', 'module_reports_employees_desc', 57, 'reports_employees'), +('module_reports_suppliers', 'module_reports_suppliers_desc', 57, 'reports_suppliers'); + +-- add modules for existing stock locations +INSERT INTO ospos_modules (name_lang_key, desc_lang_key, sort, module_id) (SELECT CONCAT('module_items_stock', location_id), CONCAT('module_items_stock', location_id, '_desc'), (SELECT MAX(sort)+1 FROM ospos_modules WHERE module_id LIKE 'items_stock%' OR module_id = 'items'), CONCAT('items_stock', location_id) from ospos_stock_locations); + +-- add permissions for all employees +INSERT INTO `ospos_permissions` (`module_id`, `person_id`) SELECT 'reports_customers', person_id from ospos_employees; +INSERT INTO `ospos_permissions` (`module_id`, `person_id`) SELECT 'reports_receivings', person_id from ospos_employees; +INSERT INTO `ospos_permissions` (`module_id`, `person_id`) SELECT 'reports_items', person_id from ospos_employees; +INSERT INTO `ospos_permissions` (`module_id`, `person_id`) SELECT 'reports_inventory', person_id from ospos_employees; +INSERT INTO `ospos_permissions` (`module_id`, `person_id`) SELECT 'reports_employees', person_id from ospos_employees; +INSERT INTO `ospos_permissions` (`module_id`, `person_id`) SELECT 'reports_suppliers', person_id from ospos_employees; +INSERT INTO `ospos_permissions` (`module_id`, `person_id`) SELECT 'reports_sales', person_id from ospos_employees; + +-- add config options for tax inclusive sales +INSERT INTO `ospos_app_config` (`key`, `value`) VALUES ('tax_included', 'false'); diff --git a/database/database.sql b/database/database.sql index 06c6b70ef..e9035f254 100644 --- a/database/database.sql +++ b/database/database.sql @@ -36,7 +36,8 @@ INSERT INTO `ospos_app_config` (`key`, `value`) VALUES ('phone', '555-555-5555'), ('return_policy', 'Test'), ('timezone', 'America/New_York'), -('website', ''); +('website', ''), +('tax_included', 'false'); -- -------------------------------------------------------- @@ -142,7 +143,6 @@ CREATE TABLE `ospos_items` ( `unit_price` decimal(15,2) NOT NULL, `quantity` decimal(15,2) NOT NULL DEFAULT '0.00', `reorder_level` decimal(15,2) NOT NULL DEFAULT '0.00', - `location` varchar(255) NOT NULL, `item_id` int(10) NOT NULL AUTO_INCREMENT, `allow_alt_description` tinyint(1) NOT NULL, `is_serialized` tinyint(1) NOT NULL, @@ -262,9 +262,17 @@ INSERT INTO `ospos_modules` (`name_lang_key`, `desc_lang_key`, `sort`, `module_i ('module_employees', 'module_employees_desc', 80, 'employees'), ('module_giftcards', 'module_giftcards_desc', 90, 'giftcards'), ('module_items', 'module_items_desc', 20, 'items'), +('module_items_stock0', 'module_items_stock0_desc', 20, 'items_stock0'), ('module_item_kits', 'module_item_kits_desc', 30, 'item_kits'), ('module_receivings', 'module_receivings_desc', 60, 'receivings'), ('module_reports', 'module_reports_desc', 50, 'reports'), +('module_reports_sales', 'module_reports_sales_desc', 51, 'reports_sales'), +('module_reports_receivings', 'module_reports_receivings_desc', 52, 'reports_receivings'), +('module_reports_items', 'module_reports_items_desc', 54, 'reports_items'), +('module_reports_inventory', 'module_reports_inventory_desc', 55, 'reports_inventory'), +('module_reports_customers', 'module_reports_customers_desc', 56, 'reports_customers'), +('module_reports_employees', 'module_reports_employees_desc', 57, 'reports_employees'), +('module_reports_suppliers', 'module_reports_suppliers_desc', 57, 'reports_suppliers'), ('module_sales', 'module_sales_desc', 70, 'sales'), ('module_suppliers', 'module_suppliers_desc', 40, 'suppliers'); @@ -315,7 +323,13 @@ CREATE TABLE `ospos_permissions` ( -- INSERT INTO `ospos_permissions` (`module_id`, `person_id`) VALUES -('config', 1), +('reports_customers', 1), +('reports_receivings', 1), +('reports_items', 1), +('reports_inventory', 1), +('reports_employees', 1), +('reports_suppliers', 1), +('reports_sales', 1), ('customers', 1), ('employees', 1), ('giftcards', 1), @@ -586,8 +600,7 @@ CREATE TABLE `ospos_stock_locations` ( `location_name` varchar(255) CHARACTER SET utf8 DEFAULT NULL, `deleted` int(1) NOT NULL DEFAULT '0', PRIMARY KEY (`location_id`) -) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT=8; - +) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT=0; -- -- Dumping data for table `ospos_stock_locations` From 5cf73130c5e4e997c38869b64d26fe28e492fd60 Mon Sep 17 00:00:00 2001 From: jekkos-t520 Date: Tue, 23 Sep 2014 19:14:25 +0200 Subject: [PATCH 2/7] Modules are not accessible if employee has no permissions on at least one of it's submodules Some more db script modifications --- application/controllers/receivings.php | 2 +- application/controllers/sales.php | 2 +- application/controllers/secure_area.php | 8 ++++---- application/models/employee.php | 24 ++++++++++++++++++++---- application/models/module.php | 1 + database/2.3_to_2.3.1.sql | 2 +- database/database.sql | 7 ++++--- 7 files changed, 32 insertions(+), 14 deletions(-) diff --git a/application/controllers/receivings.php b/application/controllers/receivings.php index 1dff8ad55..d4ae1eb05 100644 --- a/application/controllers/receivings.php +++ b/application/controllers/receivings.php @@ -4,7 +4,7 @@ class Receivings extends Secure_area { function __construct() { - parent::__construct('receivings'); + parent::__construct('receivings','items'); $this->load->library('receiving_lib'); } diff --git a/application/controllers/sales.php b/application/controllers/sales.php index c6eeddb17..55b6edd3c 100644 --- a/application/controllers/sales.php +++ b/application/controllers/sales.php @@ -4,7 +4,7 @@ class Sales extends Secure_area { function __construct() { - parent::__construct('sales'); + parent::__construct('sales','items'); $this->load->library('sale_lib'); } diff --git a/application/controllers/secure_area.php b/application/controllers/secure_area.php index 5e0f86637..dbdd750bc 100644 --- a/application/controllers/secure_area.php +++ b/application/controllers/secure_area.php @@ -5,7 +5,7 @@ class Secure_area extends CI_Controller Controllers that are considered secure extend Secure_area, optionally a $module_id can be set to also check if a user can access a particular module in the system. */ - function __construct($module_id=null) + function __construct($module_id=null,$submodule_id=null) { parent::__construct(); $this->load->model('Employee'); @@ -13,8 +13,9 @@ class Secure_area extends CI_Controller { redirect('login'); } - - if(!$this->Employee->has_permission($module_id,$this->Employee->get_logged_in_employee_info()->person_id)) + $submodule_id = empty($submodule_id) ? $module_id : $submodule_id; + $employee_id=$this->Employee->get_logged_in_employee_info()->person_id; + if(!$this->Employee->has_permission($module_id,$employee_id) || !$this->Employee->has_subpermission($submodule_id,$employee_id)) { redirect('no_access/'.$module_id); } @@ -22,7 +23,6 @@ class Secure_area extends CI_Controller //load up global data $logged_in_employee_info=$this->Employee->get_logged_in_employee_info(); $data['allowed_modules']=$this->Module->get_allowed_modules($logged_in_employee_info->person_id); - // TODO check access for at least one submodule (if available) $data['user_info']=$logged_in_employee_info; $this->load->vars($data); } diff --git a/application/models/employee.php b/application/models/employee.php index e0d0b3606..0608c8540 100644 --- a/application/models/employee.php +++ b/application/models/employee.php @@ -303,6 +303,25 @@ class Employee extends Person return false; } + /* + * Determines whether the employee has access to at least one submodule + */ + function has_subpermission($submodule_id,$person_id) + { + $this->db->from('modules'); + $this->db->where('module_id like concat("' . $submodule_id . '", "_%")'); + $result = $this->db->get(); + if ($result->num_rows() > 0) + { + $this->db->from('permissions'); + $this->db->where('permissions.module_id like concat("' . $submodule_id . '", "_%")'); + $this->db->where("permissions.person_id",$person_id); + $result = $this->db->get(); + return $result->num_rows() > 0; + } + return true; + } + /* Determins whether the employee specified employee has access the specific module. */ @@ -315,10 +334,7 @@ class Employee extends Person } $query = $this->db->get_where('permissions', array('person_id' => $person_id,'module_id'=>$module_id), 1); - return $query->num_rows() == 1; - - - return false; + return ($query->num_rows() == 1); } } diff --git a/application/models/module.php b/application/models/module.php index 1e14c6d85..4f5ff99c8 100644 --- a/application/models/module.php +++ b/application/models/module.php @@ -46,5 +46,6 @@ class Module extends CI_Model $this->db->order_by("sort", "asc"); return $this->db->get(); } + } ?> diff --git a/database/2.3_to_2.3.1.sql b/database/2.3_to_2.3.1.sql index 38a6eb50f..46375dbc2 100644 --- a/database/2.3_to_2.3.1.sql +++ b/database/2.3_to_2.3.1.sql @@ -21,4 +21,4 @@ INSERT INTO `ospos_permissions` (`module_id`, `person_id`) SELECT 'reports_suppl INSERT INTO `ospos_permissions` (`module_id`, `person_id`) SELECT 'reports_sales', person_id from ospos_employees; -- add config options for tax inclusive sales -INSERT INTO `ospos_app_config` (`key`, `value`) VALUES ('tax_included', 'false'); +INSERT INTO `ospos_app_config` (`key`, `value`) VALUES ('tax_included', '0'); diff --git a/database/database.sql b/database/database.sql index e9035f254..c75b13601 100644 --- a/database/database.sql +++ b/database/database.sql @@ -37,7 +37,7 @@ INSERT INTO `ospos_app_config` (`key`, `value`) VALUES ('return_policy', 'Test'), ('timezone', 'America/New_York'), ('website', ''), -('tax_included', 'false'); +('tax_included', '0'); -- -------------------------------------------------------- @@ -95,7 +95,7 @@ CREATE TABLE `ospos_giftcards` ( `person_id` INT NOT NULL, PRIMARY KEY (`giftcard_id`), UNIQUE KEY `giftcard_number` (`giftcard_number`) -) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci AUTO_INCREMENT=48 ; +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci ; -- -- Dumping data for table `ospos_giftcards` @@ -329,7 +329,8 @@ INSERT INTO `ospos_permissions` (`module_id`, `person_id`) VALUES ('reports_inventory', 1), ('reports_employees', 1), ('reports_suppliers', 1), -('reports_sales', 1), +('reports_sales', 1), +('items_stock0', 1), ('customers', 1), ('employees', 1), ('giftcards', 1), From 13127c4dc7137ee867f3cd9af24da42583454022 Mon Sep 17 00:00:00 2001 From: jekkos-t520 Date: Wed, 24 Sep 2014 08:47:00 +0200 Subject: [PATCH 3/7] Deny access to report submodules on which employee doesn't have permissions --- application/controllers/reports.php | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/application/controllers/reports.php b/application/controllers/reports.php index 6d949d46a..a85c8a1c9 100644 --- a/application/controllers/reports.php +++ b/application/controllers/reports.php @@ -10,6 +10,15 @@ class Reports extends Secure_area function __construct() { parent::__construct('reports'); + $method_name = $this->uri->segment(2); + $exploder = explode('_', $method_name); + $submodule_id = $exploder[sizeof($exploder)-1]; + $employee_id=$this->Employee->get_logged_in_employee_info()->person_id; + // check access to report submodule + if (sizeof($exploder) > 1 && !$this->Employee->has_permission('reports_'.$submodule_id,$employee_id)) + { + redirect('no_access/'.$submodule_id); + } $this->load->helper('report'); } From 290533612e54857de252d70c81c36f6b700cfa5f Mon Sep 17 00:00:00 2001 From: jekkos-t520 Date: Mon, 29 Sep 2014 21:06:06 +0200 Subject: [PATCH 4/7] Fix submodules in header --- application/controllers/no_access.php | 2 +- application/controllers/reports.php | 6 +-- application/helpers/report_helper.php | 6 ++- application/models/employee.php | 5 ++- application/views/employees/form.php | 49 ++++++++++++++++++++++++- application/views/reports/graphical.php | 2 +- 6 files changed, 59 insertions(+), 11 deletions(-) diff --git a/application/controllers/no_access.php b/application/controllers/no_access.php index cba136e5c..eec4334ed 100644 --- a/application/controllers/no_access.php +++ b/application/controllers/no_access.php @@ -6,7 +6,7 @@ class No_Access extends CI_Controller parent::__construct(); } - function index($module_id='') + function index($module_id='',$submodule_id='') { $data['module_name']=$this->Module->get_module_name($module_id); $this->load->view('no_access',$data); diff --git a/application/controllers/reports.php b/application/controllers/reports.php index a85c8a1c9..8729b2ed1 100644 --- a/application/controllers/reports.php +++ b/application/controllers/reports.php @@ -12,13 +12,13 @@ class Reports extends Secure_area parent::__construct('reports'); $method_name = $this->uri->segment(2); $exploder = explode('_', $method_name); - $submodule_id = $exploder[sizeof($exploder)-1]; + $submodule_id = preg_match("/([^_.]*)(?:_graph)?$/", $method_name, $matches); $employee_id=$this->Employee->get_logged_in_employee_info()->person_id; // check access to report submodule - if (sizeof($exploder) > 1 && !$this->Employee->has_permission('reports_'.$submodule_id,$employee_id)) + /* if (sizeof($exploder) > 1 && !$this->Employee->has_permission('reports_'.$matches[1],$employee_id)) { redirect('no_access/'.$submodule_id); - } + } */ $this->load->helper('report'); } diff --git a/application/helpers/report_helper.php b/application/helpers/report_helper.php index 2951d937e..8367f2785 100644 --- a/application/helpers/report_helper.php +++ b/application/helpers/report_helper.php @@ -92,14 +92,16 @@ function show_report_if_allowed($allowed_modules, $report_prefix, $report_name, $lang_line = 'reports_' .$report_name; $report_label = $CI->lang->line($lang_line); $permission = empty($permission) ? $report_name : $permission; - if (!empty($report_label)) + $report_prefix = empty($report_prefix) ? '' : $report_prefix . '_'; + // no summary nor detailed reports for receivings + if (!empty($report_label) && !(preg_match('/.*summary_?$/', $report_prefix) && $report_name === "receivings")) { foreach($allowed_modules->result() as $module) { if ($module->module_id == 'reports_'. $permission) { ?> -
    • +
    • db->from('modules'); - $this->db->where('module_id like concat("' . $submodule_id . '", "_%")'); + $this->db->where('module_id like "' . $submodule_id . '_%"'); + // has no submodules $result = $this->db->get(); if ($result->num_rows() > 0) { $this->db->from('permissions'); - $this->db->where('permissions.module_id like concat("' . $submodule_id . '", "_%")'); + $this->db->where('permissions.module_id like "' . $submodule_id . '_%"'); $this->db->where("permissions.person_id",$person_id); $result = $this->db->get(); return $result->num_rows() > 0; diff --git a/application/views/employees/form.php b/application/views/employees/form.php index 90b834eef..1fe92dd05 100644 --- a/application/views/employees/form.php +++ b/application/views/employees/form.php @@ -102,6 +102,27 @@ echo form_close(); //validation and submit handling $(document).ready(function() { + $("ul#permission_list > li > input[name='permissions[]']").each(function() + { + var $this = $(this); + $("ul > li > input", $this.parent()).each(function() + { + var $that = $(this); + var updateCheckboxes = function (checked) + { + if (checked) { + $that.removeAttr("disabled"); + } else { + $that.attr("disabled", "disabled"); + $that.removeAttr("checked", ""); + } + } + $this.change(function() { + updateCheckboxes($this.is(":checked")); + }); + }); + }); + $('#employee_form').validate({ submitHandler:function(form) { @@ -143,7 +164,30 @@ $(document).ready(function() { equalTo: "#password" }, - email: "email" + email: "email", "permissions[]" : { + required : function(element) { + var checked = false; + $("ul#permission_list > li > input:checkbox").each(function() + { + if ($(this).is(":checked")) { + var has_children = false; + $("ul > li > input:checkbox", $(this).parent()).each(function() + { + has_children = true; + checked |= $(this).is(":checked"); + console.log("checking.. " + $(this).val() + " required " + checked); + }); + if (has_children && !checked) + { + return false; + } + } + }); + console.log("returning " + !checked); + return !checked; + }, + minlength: 1 + } }, messages: { @@ -171,7 +215,8 @@ $(document).ready(function() { equalTo: "lang->line('employees_password_must_match'); ?>" }, - email: "lang->line('common_email_invalid_format'); ?>" + email: "lang->line('common_email_invalid_format'); ?>", + "permissions[]": "fill in correctly!!" } }); }); diff --git a/application/views/reports/graphical.php b/application/views/reports/graphical.php index 3a89407ee..a54fca8d9 100644 --- a/application/views/reports/graphical.php +++ b/application/views/reports/graphical.php @@ -1,10 +1,10 @@ load->view("partial/header"); +var_dump($data_file); ?>
    -