From 902f1015d874c33bd7946b17de2ad80b4f2144b6 Mon Sep 17 00:00:00 2001 From: Janusz Dobrowolski Date: Mon, 31 Aug 2009 13:52:42 +0000 Subject: [PATCH] Switch to new access levels system --- access/logout.php | 2 +- access/timeout.php | 2 +- admin/attachments.php | 2 +- admin/backups.php | 2 +- admin/change_current_user_password.php | 2 +- admin/company_preferences.php | 4 +- admin/create_coy.php | 2 +- admin/db/users_db.inc | 17 +- admin/display_prefs.php | 2 +- admin/fiscalyears.php | 4 +- admin/forms_setup.php | 4 +- admin/gl_setup.php | 2 +- admin/inst_lang.php | 2 +- admin/inst_module.php | 2 +- admin/inst_upgrade.php | 2 +- admin/payment_terms.php | 2 +- admin/print_profiles.php | 4 +- admin/printers.php | 2 +- admin/shipping_companies.php | 2 +- admin/users.php | 10 +- admin/view_print_transaction.php | 4 +- admin/void_transaction.php | 4 +- applications/application.php | 10 +- applications/setup.php | 14 +- config.php | 29 +-- dimensions/dimension_entry.php | 4 +- dimensions/inquiry/search_dimensions.php | 2 +- dimensions/view/view_dimension.php | 4 +- gl/bank_account_reconcile.php | 4 +- gl/bank_transfer.php | 4 +- gl/gl_bank.php | 4 +- gl/gl_budget.php | 4 +- gl/gl_journal.php | 4 +- gl/inquiry/bank_inquiry.php | 2 +- gl/inquiry/gl_account_inquiry.php | 4 +- gl/inquiry/gl_trial_balance.php | 2 +- gl/inquiry/journal_inquiry.php | 2 +- gl/inquiry/tax_inquiry.php | 2 +- gl/manage/bank_accounts.php | 4 +- gl/manage/currencies.php | 4 +- gl/manage/exchange_rates.php | 4 +- gl/manage/gl_account_classes.php | 4 +- gl/manage/gl_account_types.php | 4 +- gl/manage/gl_accounts.php | 4 +- gl/manage/gl_quick_entries.php | 4 +- gl/view/bank_transfer_view.php | 2 +- gl/view/gl_deposit_view.php | 4 +- gl/view/gl_payment_view.php | 4 +- gl/view/gl_trans_view.php | 4 +- includes/access_levels.inc | 194 ++++++++++-------- includes/current_user.inc | 63 +++++- includes/session.inc | 22 +- index.php | 2 +- inventory/adjustments.php | 4 +- inventory/cost_update.php | 4 +- inventory/inquiry/stock_movements.php | 4 +- inventory/inquiry/stock_status.php | 4 +- inventory/manage/item_categories.php | 4 +- inventory/manage/item_codes.php | 4 +- inventory/manage/item_units.php | 4 +- inventory/manage/items.php | 4 +- inventory/manage/locations.php | 4 +- inventory/manage/movement_types.php | 4 +- inventory/manage/sales_kits.php | 4 +- inventory/prices.php | 4 +- inventory/purchasing_data.php | 4 +- inventory/reorder_level.php | 4 +- inventory/transfers.php | 4 +- inventory/view/view_adjustment.php | 4 +- inventory/view/view_transfer.php | 4 +- manufacturing/inquiry/bom_cost_inquiry.php | 4 +- manufacturing/inquiry/where_used_inquiry.php | 4 +- manufacturing/manage/bom_edit.php | 4 +- manufacturing/manage/work_centres.php | 4 +- manufacturing/search_work_orders.php | 4 +- manufacturing/view/wo_issue_view.php | 4 +- manufacturing/view/wo_production_view.php | 4 +- manufacturing/view/work_order_view.php | 4 +- manufacturing/work_order_add_finished.php | 4 +- manufacturing/work_order_costs.php | 4 +- manufacturing/work_order_entry.php | 4 +- manufacturing/work_order_issue.php | 4 +- manufacturing/work_order_release.php | 4 +- purchasing/allocations/supplier_allocate.php | 4 +- .../allocations/supplier_allocation_main.php | 4 +- purchasing/inquiry/po_search.php | 4 +- purchasing/inquiry/po_search_completed.php | 2 +- .../inquiry/supplier_allocation_inquiry.php | 4 +- purchasing/inquiry/supplier_inquiry.php | 4 +- purchasing/manage/suppliers.php | 4 +- purchasing/po_entry_items.php | 4 +- purchasing/po_receive_items.php | 4 +- purchasing/supplier_credit.php | 5 +- purchasing/supplier_invoice.php | 4 +- purchasing/supplier_payment.php | 4 +- purchasing/view/view_grn.php | 4 +- purchasing/view/view_po.php | 4 +- purchasing/view/view_supp_credit.php | 4 +- purchasing/view/view_supp_invoice.php | 4 +- purchasing/view/view_supp_payment.php | 4 +- reporting/includes/pdf_report.inc | 1 - reporting/prn_redirect.php | 2 +- reporting/rep101.php | 2 +- reporting/rep102.php | 2 +- reporting/rep103.php | 2 +- reporting/rep104.php | 2 +- reporting/rep105.php | 2 +- reporting/rep106.php | 4 +- reporting/rep107.php | 7 +- reporting/rep108.php | 2 +- reporting/rep109.php | 3 +- reporting/rep110.php | 3 +- reporting/rep201.php | 2 +- reporting/rep202.php | 2 +- reporting/rep203.php | 2 +- reporting/rep204.php | 2 +- reporting/rep209.php | 4 +- reporting/rep301.php | 4 +- reporting/rep302.php | 2 +- reporting/rep303.php | 2 +- reporting/rep304.php | 4 +- reporting/rep305.php | 2 +- reporting/rep401.php | 2 +- reporting/rep409.php | 5 +- reporting/rep501.php | 2 +- reporting/rep601.php | 2 +- reporting/rep701.php | 2 +- reporting/rep702.php | 2 +- reporting/rep704.php | 2 +- reporting/rep705.php | 2 +- reporting/rep706.php | 2 +- reporting/rep707.php | 2 +- reporting/rep708.php | 2 +- reporting/rep709.php | 2 +- reporting/rep710.php | 2 +- reporting/reports_main.php | 2 +- sales/allocations/customer_allocate.php | 4 +- .../allocations/customer_allocation_main.php | 4 +- sales/create_recurrent_invoices.php | 4 +- sales/credit_note_entry.php | 4 +- sales/customer_credit_invoice.php | 2 +- sales/customer_delivery.php | 4 +- sales/customer_invoice.php | 4 +- sales/customer_payments.php | 4 +- sales/inquiry/customer_allocation_inquiry.php | 4 +- sales/inquiry/customer_inquiry.php | 4 +- sales/inquiry/sales_deliveries_view.php | 4 +- sales/inquiry/sales_orders_view.php | 4 +- sales/manage/credit_status.php | 4 +- sales/manage/customer_branches.php | 4 +- sales/manage/customers.php | 4 +- sales/manage/recurrent_invoices.php | 4 +- sales/manage/sales_areas.php | 4 +- sales/manage/sales_groups.php | 4 +- sales/manage/sales_people.php | 4 +- sales/manage/sales_points.php | 4 +- sales/manage/sales_types.php | 4 +- sales/sales_order_entry.php | 4 +- sales/view/view_credit.php | 4 +- sales/view/view_dispatch.php | 4 +- sales/view/view_invoice.php | 4 +- sales/view/view_receipt.php | 4 +- sales/view/view_sales_order.php | 4 +- sql/alter2.2.php | 90 +++++++- sql/alter2.2.sql | 13 +- sql/en_US-demo.sql | 2 +- sql/en_US-new.sql | 2 +- taxes/item_tax_types.php | 2 +- taxes/tax_groups.php | 4 +- taxes/tax_types.php | 4 +- 170 files changed, 574 insertions(+), 422 deletions(-) diff --git a/access/logout.php b/access/logout.php index 59eae712..a8af0239 100644 --- a/access/logout.php +++ b/access/logout.php @@ -9,7 +9,7 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 1; +$page_security = 'SA_OPEN'; $path_to_root=".."; include($path_to_root . "/includes/session.inc"); include_once($path_to_root . "/includes/ui/ui_view.inc"); diff --git a/access/timeout.php b/access/timeout.php index 61e28a08..c91dbc08 100644 --- a/access/timeout.php +++ b/access/timeout.php @@ -13,7 +13,7 @@ User authentication page popped up after login timeout during ajax call. */ $path_to_root = '..'; -$page_security = 1; +$page_security = 'SA_OPEN'; include_once($path_to_root . "/includes/session.inc"); include($path_to_root .'/access/login.php'); diff --git a/admin/attachments.php b/admin/attachments.php index 8a7dba1c..6febfb70 100644 --- a/admin/attachments.php +++ b/admin/attachments.php @@ -10,7 +10,7 @@ See the License here . ***********************************************************************/ $path_to_root=".."; -$page_security = 8; +$page_security = 'SA_ATTACHDOCUMENT'; include_once($path_to_root . "/includes/session.inc"); diff --git a/admin/backups.php b/admin/backups.php index 18ca9972..450f1df5 100644 --- a/admin/backups.php +++ b/admin/backups.php @@ -9,7 +9,7 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 15; +$page_security = 'SA_BACKUP'; $path_to_root=".."; include_once($path_to_root . "/includes/session.inc"); diff --git a/admin/change_current_user_password.php b/admin/change_current_user_password.php index f2b270c8..9b205e19 100644 --- a/admin/change_current_user_password.php +++ b/admin/change_current_user_password.php @@ -9,7 +9,7 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security=1; +$page_security = 'SA_CHGPASSWD'; $path_to_root=".."; include_once($path_to_root . "/includes/session.inc"); diff --git a/admin/company_preferences.php b/admin/company_preferences.php index 74b878e2..66a11281 100644 --- a/admin/company_preferences.php +++ b/admin/company_preferences.php @@ -9,8 +9,8 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security =10; -$path_to_root=".."; +$page_security = 'SA_SETUPCOMPANY'; +$path_to_root = ".."; include($path_to_root . "/includes/session.inc"); page(_("Company Setup")); diff --git a/admin/create_coy.php b/admin/create_coy.php index eec63648..5200f2df 100644 --- a/admin/create_coy.php +++ b/admin/create_coy.php @@ -9,7 +9,7 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 20; +$page_security = 'SA_CREATECOMPANY'; $path_to_root=".."; include_once($path_to_root . "/includes/session.inc"); diff --git a/admin/db/users_db.inc b/admin/db/users_db.inc index ebb9c8f6..1f0703dd 100644 --- a/admin/db/users_db.inc +++ b/admin/db/users_db.inc @@ -10,14 +10,14 @@ See the License here . ***********************************************************************/ -function add_user($user_id, $real_name, $password, $phone, $email, $full_access, +function add_user($user_id, $real_name, $password, $phone, $email, $role_id, $language, $profile, $rep_popup, $pos) { $sql = "INSERT INTO ".TB_PREF."users (user_id, real_name, password" - .", phone, email, full_access, language, pos, print_profile, rep_popup) + .", phone, email, role_id, language, pos, print_profile, rep_popup) VALUES (".db_escape($user_id).", ".db_escape($real_name).", ".db_escape($password) .",".db_escape($phone).", - ".db_escape($email).", $full_access, ".db_escape($language).", + ".db_escape($email).", $role_id, ".db_escape($language).", $pos,".db_escape($profile).",$rep_popup)"; db_query($sql, "could not add user for $user_id"); @@ -35,13 +35,13 @@ function update_user_password($id, $user_id, $password) //----------------------------------------------------------------------------------------------- -function update_user($id, $user_id, $real_name, $phone, $email, $full_access, +function update_user($id, $user_id, $real_name, $phone, $email, $role_id, $language, $profile, $rep_popup, $pos) { $sql = "UPDATE ".TB_PREF."users SET real_name=".db_escape($real_name). ", phone=".db_escape($phone).", email=".db_escape($email).", - full_access=$full_access, + role_id=$role_id, language=".db_escape($language).", print_profile=".db_escape($profile).", rep_popup=$rep_popup, @@ -89,9 +89,10 @@ function update_user_display_prefs($id, $price_dec, $qty_dec, $exrate_dec, function get_users($all=false) { - $sql = "SELECT * FROM ".TB_PREF."users"; - if (!$all) $sql .= " WHERE !inactive"; - + $sql = "SELECT u.*, r.role FROM ".TB_PREF."users u, ".TB_PREF."security_roles r + WHERE u.role_id=r.id"; + if (!$all) $sql .= " AND !u.inactive"; + return db_query($sql, "could not get users"); } diff --git a/admin/display_prefs.php b/admin/display_prefs.php index 1d77d286..40795285 100644 --- a/admin/display_prefs.php +++ b/admin/display_prefs.php @@ -9,7 +9,7 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 1; +$page_security = 'SA_SETUPDISPLAY'; $path_to_root=".."; include($path_to_root . "/includes/session.inc"); diff --git a/admin/fiscalyears.php b/admin/fiscalyears.php index 3df3205f..a0cb0ced 100644 --- a/admin/fiscalyears.php +++ b/admin/fiscalyears.php @@ -9,8 +9,8 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 9; -$path_to_root=".."; +$page_security = 'SA_FISCALYEARS'; +$path_to_root = ".."; include_once($path_to_root . "/includes/session.inc"); include_once($path_to_root . "/includes/date_functions.inc"); diff --git a/admin/forms_setup.php b/admin/forms_setup.php index a15cfe4a..33982b1e 100644 --- a/admin/forms_setup.php +++ b/admin/forms_setup.php @@ -9,8 +9,8 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security =10; -$path_to_root=".."; +$page_security = 'SA_FORMSETUP'; +$path_to_root = ".."; include($path_to_root . "/includes/session.inc"); page(_("Forms Setup")); diff --git a/admin/gl_setup.php b/admin/gl_setup.php index 81de1be7..6aea5d3b 100644 --- a/admin/gl_setup.php +++ b/admin/gl_setup.php @@ -9,7 +9,7 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security =10; +$page_security = 'SA_GLSETUP'; $path_to_root=".."; include($path_to_root . "/includes/session.inc"); diff --git a/admin/inst_lang.php b/admin/inst_lang.php index b5d5c16a..1020d770 100644 --- a/admin/inst_lang.php +++ b/admin/inst_lang.php @@ -9,7 +9,7 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 20; +$page_security = 'SA_CREATELANGUAGE'; $path_to_root=".."; include_once($path_to_root . "/includes/session.inc"); diff --git a/admin/inst_module.php b/admin/inst_module.php index 342c3e7f..00ab1adc 100644 --- a/admin/inst_module.php +++ b/admin/inst_module.php @@ -9,7 +9,7 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 20; +$page_security = 'SA_CREATEMODULES'; $path_to_root=".."; include_once($path_to_root . "/includes/session.inc"); diff --git a/admin/inst_upgrade.php b/admin/inst_upgrade.php index 9166a592..d0cb4b1a 100644 --- a/admin/inst_upgrade.php +++ b/admin/inst_upgrade.php @@ -9,7 +9,7 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 20; +$page_security = 'SA_SOFTWAREUPGRADE'; $path_to_root=".."; include_once($path_to_root . "/includes/session.inc"); diff --git a/admin/payment_terms.php b/admin/payment_terms.php index ddc4c509..7bc52c7c 100644 --- a/admin/payment_terms.php +++ b/admin/payment_terms.php @@ -9,7 +9,7 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 10; +$page_security = 'SA_PAYTERMS'; $path_to_root=".."; include($path_to_root . "/includes/session.inc"); diff --git a/admin/print_profiles.php b/admin/print_profiles.php index f22c1941..99ef82e1 100644 --- a/admin/print_profiles.php +++ b/admin/print_profiles.php @@ -9,8 +9,8 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 15; -$path_to_root=".."; +$page_security = 'SA_PRINTPROFILE'; +$path_to_root = ".."; include($path_to_root . "/includes/session.inc"); include($path_to_root . "/admin/db/printers_db.inc"); include($path_to_root . "/includes/ui.inc"); diff --git a/admin/printers.php b/admin/printers.php index a9137161..8104f172 100644 --- a/admin/printers.php +++ b/admin/printers.php @@ -9,7 +9,7 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 15; +$page_security = 'SA_PRINTERS'; $path_to_root=".."; include($path_to_root . "/includes/session.inc"); diff --git a/admin/shipping_companies.php b/admin/shipping_companies.php index 720c5264..d5a91b1f 100644 --- a/admin/shipping_companies.php +++ b/admin/shipping_companies.php @@ -9,7 +9,7 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 14; +$page_security = 'SA_SHIPPING'; $path_to_root=".."; include($path_to_root . "/includes/session.inc"); page(_("Shipping Company")); diff --git a/admin/users.php b/admin/users.php index afca5d6c..3f224704 100644 --- a/admin/users.php +++ b/admin/users.php @@ -9,8 +9,8 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security=15; -$path_to_root=".."; +$page_security = 'SA_USERS'; +$path_to_root = ".."; include_once($path_to_root . "/includes/session.inc"); page(_("Users")); @@ -141,7 +141,7 @@ while ($myrow = db_fetch($result)) label_cell($myrow["phone"]); email_cell($myrow["email"]); label_cell($last_visit_date, "nowrap"); - label_cell($security_headings[$myrow["full_access"]]); + label_cell($myrow["role"]); if ($not_me) inactive_control_cell($myrow["id"], $myrow["inactive"], 'users', 'id'); @@ -174,7 +174,7 @@ if ($selected_id != -1) $_POST['real_name'] = $myrow["real_name"]; $_POST['phone'] = $myrow["phone"]; $_POST['email'] = $myrow["email"]; - $_POST['Access'] = $myrow["full_access"]; + $_POST['Access'] = $myrow["role_id"]; $_POST['language'] = $myrow["language"]; $_POST['profile'] = $myrow["print_profile"]; $_POST['rep_popup'] = $myrow["rep_popup"]; @@ -211,7 +211,7 @@ text_row_ex(_("Telephone No.:"), 'phone', 30); email_row_ex(_("Email Address:"), 'email', 50); -security_headings_list_row(_("Access Level:"), 'Access', null); +security_roles_list_row(_("Access Level:"), 'Access', null); languages_list_row(_("Language:"), 'language', null); diff --git a/admin/view_print_transaction.php b/admin/view_print_transaction.php index 94c22416..f46f2053 100644 --- a/admin/view_print_transaction.php +++ b/admin/view_print_transaction.php @@ -9,8 +9,8 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$path_to_root=".."; -$page_security = 5; +$page_security = 'SA_VIEWPRINTTRANSACTION'; +$path_to_root = ".."; include($path_to_root . "/includes/db_pager.inc"); include_once($path_to_root . "/includes/session.inc"); diff --git a/admin/void_transaction.php b/admin/void_transaction.php index 402a997e..e0d22ef7 100644 --- a/admin/void_transaction.php +++ b/admin/void_transaction.php @@ -9,8 +9,8 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$path_to_root=".."; -$page_security = 14; +$page_security = 'SA_VOIDTRANSACTION'; +$path_to_root = ".."; include_once($path_to_root . "/includes/session.inc"); include_once($path_to_root . "/includes/date_functions.inc"); diff --git a/applications/application.php b/applications/application.php index 2b76e2ce..9220d143 100644 --- a/applications/application.php +++ b/applications/application.php @@ -47,7 +47,7 @@ var $link; var $access; - function app_function($label,$link,$access=1) + function app_function($label,$link,$access='SA_OPEN') { $this->label = $label; $this->link = $link; @@ -70,7 +70,7 @@ $this->rappfunctions = array(); } - function add_lapp_function($label,$link="",$access=1) + function add_lapp_function($label,$link="",$access='SA_OPEN') { $appfunction = new app_function($label,$link,$access); //array_push($this->lappfunctions,$appfunction); @@ -78,7 +78,7 @@ return $appfunction; } - function add_rapp_function($label,$link="",$access=1) + function add_rapp_function($label,$link="",$access='SA_OPEN') { $appfunction = new app_function($label,$link,$access); //array_push($this->rappfunctions,$appfunction); @@ -112,12 +112,12 @@ return $module; } - function add_lapp_function($level, $label,$link="",$access=1) + function add_lapp_function($level, $label,$link="",$access='SA_OPEN') { $this->modules[$level]->lappfunctions[] = new app_function($label, $link, $access); } - function add_rapp_function($level, $label,$link="",$access=1) + function add_rapp_function($level, $label,$link="",$access='SA_OPEN') { $this->modules[$level]->rappfunctions[] = new app_function($label, $link, $access); } diff --git a/applications/setup.php b/applications/setup.php index 8d78e99f..771851a5 100644 --- a/applications/setup.php +++ b/applications/setup.php @@ -18,8 +18,8 @@ $this->add_module(_("Company Setup")); $this->add_lapp_function(0, _("&Company Setup"),"admin/company_preferences.php?"); - $this->add_lapp_function(0, _("&User Accounts Setup"),"admin/users.php?", 15); - $this->add_lapp_function(0, _("&Access Setup"),"admin/security_roles.php?", 20); + $this->add_lapp_function(0, _("&User Accounts Setup"),"admin/users.php?", 'SA_USERS'); + $this->add_lapp_function(0, _("&Access Setup"),"admin/security_roles.php?", 'SA_SECROLES'); $this->add_lapp_function(0, _("&Display Setup"),"admin/display_prefs.php?"); $this->add_lapp_function(0, _("&Forms Setup"),"admin/forms_setup.php?"); $this->add_rapp_function(0, _("&Taxes"),"taxes/tax_types.php?"); @@ -39,11 +39,11 @@ $this->add_lapp_function(2, _("&Void a Transaction"),"admin/void_transaction.php?"); $this->add_lapp_function(2, _("View or &Print Transactions"),"admin/view_print_transaction.php?"); $this->add_lapp_function(2, _("&Attach Documents"),"admin/attachments.php?filterType=20"); - $this->add_rapp_function(2, _("&Backup and Restore"),"admin/backups.php?", 15); - $this->add_rapp_function(2, _("Create/Update &Companies"),"admin/create_coy.php?", 14); - $this->add_rapp_function(2, _("Install/Update &Languages"),"admin/inst_lang.php?", 14); - $this->add_rapp_function(2, _("Install/Update &Modules"),"admin/inst_module.php?", 15); - $this->add_rapp_function(2, _("Software &Upgrade"),"admin/inst_upgrade.php?", 15); + $this->add_rapp_function(2, _("&Backup and Restore"),"admin/backups.php?", 'SA_BACKUP'); + $this->add_rapp_function(2, _("Create/Update &Companies"),"admin/create_coy.php?", 'SA_CREATECOMPANY'); + $this->add_rapp_function(2, _("Install/Update &Languages"),"admin/inst_lang.php?", 'SA_CREATELANGUAGE'); + $this->add_rapp_function(2, _("Install/Update &Modules"),"admin/inst_module.php?", 'SA_CREATEMODULES'); + $this->add_rapp_function(2, _("Software &Upgrade"),"admin/inst_upgrade.php?", 'SA_SOFTWAREUPGRADE'); if (count($installed_modules) > 0) { foreach ($installed_modules as $mod) diff --git a/config.php b/config.php index 61d2c0c0..c88489c4 100644 --- a/config.php +++ b/config.php @@ -140,25 +140,15 @@ if (!isset($path_to_root) || isset($_GET['path_to_root']) || isset($_POST['path_ /* skin for Business Graphics, 1, 2 or 3 */ $graph_skin = 1; - /*Security Group definitions - Depending on the AccessLevel of the user defined in the user set up - the areas of functionality accessible can be modified. - Each AccessLevel is associated with an array containing the security categories that the user is entitled to access - Each script has a particular security category associated with it. - If the security setting of the page is contained in the security group as determined by the access level then the user will be allowed access. - Each page has a $page_security = x; variable - This value is compared to contents of the array applicable which is based on the access level of the user. - Access authorisation is checked in session.inc. If you wish to add more security groups - with then you must add a new SecurityHeading to the security_headings array - and a new array of Security categories to the Security Groups _at_the_end_ of the array - This mechanism allows more fine grained control of access - security_groups is an array of arrays - The index is the order in which the array of allowed pages is defined new ones can be defined at will - or by changing the numbers in each array the security access can be tailored. These numbers need to read - in conjunction with the Page Security index - Special case is security level 20 which is reserved for admins of first - registered company (site admins). All potentially dangerous for whole FA - site operations like installing addon modules require access level 20. - */ +/* + Before upgrade from pre-2.2 FA you have to move here your customized + security roles definitions. If you have used standard roles, you + can simply uncomment following two arrays. After upgrade both arrays need + to be deleted or commented out. You may wish to change user roles to + new better defined in Users Setup. Old not used roles can be set inactive + or deleted. +*/ +/* Standard FA2.1 Security Group definitions $security_headings = array( _("Inquiries"), @@ -171,6 +161,7 @@ if (!isset($path_to_root) || isset($_GET['path_to_root']) || isset($_POST['path_ array(1,2,3,4,5,6,7,8,9,10,11,12,13,14,16), array(1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,20), ); +*/ //MySQL Backup and Restore Settings diff --git a/dimensions/dimension_entry.php b/dimensions/dimension_entry.php index c0e99521..31f45748 100644 --- a/dimensions/dimension_entry.php +++ b/dimensions/dimension_entry.php @@ -9,8 +9,8 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 10; -$path_to_root=".."; +$page_security = 'SA_DIMENSION'; +$path_to_root = ".."; include_once($path_to_root . "/includes/session.inc"); include_once($path_to_root . "/includes/date_functions.inc"); diff --git a/dimensions/inquiry/search_dimensions.php b/dimensions/inquiry/search_dimensions.php index 29ee8709..9a5c16ae 100644 --- a/dimensions/inquiry/search_dimensions.php +++ b/dimensions/inquiry/search_dimensions.php @@ -9,7 +9,7 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 2; +$page_security = 'SA_DIMTRANSVIEW'; $path_to_root="../.."; include($path_to_root . "/includes/db_pager.inc"); diff --git a/dimensions/view/view_dimension.php b/dimensions/view/view_dimension.php index 9d74b06b..9dfc01e8 100644 --- a/dimensions/view/view_dimension.php +++ b/dimensions/view/view_dimension.php @@ -9,8 +9,8 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 10; -$path_to_root="../.."; +$page_security = 'SA_DIMTRANSVIEW'; +$path_to_root = "../.."; include_once($path_to_root . "/includes/session.inc"); diff --git a/gl/bank_account_reconcile.php b/gl/bank_account_reconcile.php index f4cfeceb..1810b641 100644 --- a/gl/bank_account_reconcile.php +++ b/gl/bank_account_reconcile.php @@ -10,8 +10,8 @@ See the License here . ***********************************************************************/ /* Author Rob Mallon */ -$page_security = 8; -$path_to_root=".."; +$page_security = 'SA_RECONCILE'; +$path_to_root = ".."; include($path_to_root . "/includes/db_pager.inc"); include_once($path_to_root . "/includes/session.inc"); diff --git a/gl/bank_transfer.php b/gl/bank_transfer.php index 94748d2f..b7c7fcc5 100644 --- a/gl/bank_transfer.php +++ b/gl/bank_transfer.php @@ -9,8 +9,8 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$path_to_root=".."; -$page_security = 5; +$page_security = 'SA_BANKTRANSFER'; +$path_to_root = ".."; include_once($path_to_root . "/includes/session.inc"); diff --git a/gl/gl_bank.php b/gl/gl_bank.php index 34218c6f..aff95cb3 100644 --- a/gl/gl_bank.php +++ b/gl/gl_bank.php @@ -9,8 +9,8 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 3; -$path_to_root=".."; +$page_security = isset($_GET['NewPayment']) ? 'SA_PAYMENT' : 'SA_DEPOSIT'; +$path_to_root = ".."; include_once($path_to_root . "/includes/ui/items_cart.inc"); include_once($path_to_root . "/includes/session.inc"); diff --git a/gl/gl_budget.php b/gl/gl_budget.php index 0afded12..6357693b 100644 --- a/gl/gl_budget.php +++ b/gl/gl_budget.php @@ -9,8 +9,8 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 10; -$path_to_root=".."; +$page_security = 'SA_BUDGETENTRY'; +$path_to_root = ".."; include($path_to_root . "/includes/session.inc"); add_js_file('budget.js'); diff --git a/gl/gl_journal.php b/gl/gl_journal.php index 3ce28e3a..4e23d2f7 100644 --- a/gl/gl_journal.php +++ b/gl/gl_journal.php @@ -9,8 +9,8 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 3; -$path_to_root=".."; +$page_security = 'SA_JOURNALENTRY'; +$path_to_root = ".."; include_once($path_to_root . "/includes/ui/items_cart.inc"); include_once($path_to_root . "/includes/session.inc"); diff --git a/gl/inquiry/bank_inquiry.php b/gl/inquiry/bank_inquiry.php index 9c627670..e287d77b 100644 --- a/gl/inquiry/bank_inquiry.php +++ b/gl/inquiry/bank_inquiry.php @@ -9,7 +9,7 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 8; +$page_security = 'SA_BANKTRANSVIEW'; $path_to_root="../.."; include_once($path_to_root . "/includes/session.inc"); diff --git a/gl/inquiry/gl_account_inquiry.php b/gl/inquiry/gl_account_inquiry.php index 132d23cc..17a88907 100644 --- a/gl/inquiry/gl_account_inquiry.php +++ b/gl/inquiry/gl_account_inquiry.php @@ -9,8 +9,8 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 8; -$path_to_root="../.."; +$page_security = 'SA_GLTRANSVIEW'; +$path_to_root = "../.."; include_once($path_to_root . "/includes/session.inc"); diff --git a/gl/inquiry/gl_trial_balance.php b/gl/inquiry/gl_trial_balance.php index deaa0b41..895a2703 100644 --- a/gl/inquiry/gl_trial_balance.php +++ b/gl/inquiry/gl_trial_balance.php @@ -9,7 +9,7 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 8; +$page_security = 'SA_GLANALYTIC'; $path_to_root="../.."; include_once($path_to_root . "/includes/session.inc"); diff --git a/gl/inquiry/journal_inquiry.php b/gl/inquiry/journal_inquiry.php index 15361bd2..6cfd3ccc 100644 --- a/gl/inquiry/journal_inquiry.php +++ b/gl/inquiry/journal_inquiry.php @@ -10,7 +10,7 @@ See the License here . ***********************************************************************/ -$page_security = 8; +$page_security = 'SA_GLANALYTIC'; $path_to_root="../.."; include($path_to_root . "/includes/db_pager.inc"); diff --git a/gl/inquiry/tax_inquiry.php b/gl/inquiry/tax_inquiry.php index 39d90bb1..13f61d5a 100644 --- a/gl/inquiry/tax_inquiry.php +++ b/gl/inquiry/tax_inquiry.php @@ -9,7 +9,7 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 8; +$page_security = 'SA_TAXREP'; $path_to_root="../.."; include_once($path_to_root . "/includes/session.inc"); diff --git a/gl/manage/bank_accounts.php b/gl/manage/bank_accounts.php index 20f492b7..a04d3c1e 100644 --- a/gl/manage/bank_accounts.php +++ b/gl/manage/bank_accounts.php @@ -9,8 +9,8 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 10; -$path_to_root="../.."; +$page_security = 'SA_BANKACCOUNT'; +$path_to_root = "../.."; include($path_to_root . "/includes/session.inc"); page(_("Bank Accounts")); diff --git a/gl/manage/currencies.php b/gl/manage/currencies.php index 4d5bf918..689389de 100644 --- a/gl/manage/currencies.php +++ b/gl/manage/currencies.php @@ -9,8 +9,8 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 9; -$path_to_root="../.."; +$page_security = 'SA_CURRENCY'; +$path_to_root = "../.."; include_once($path_to_root . "/includes/session.inc"); page(_("Currencies")); diff --git a/gl/manage/exchange_rates.php b/gl/manage/exchange_rates.php index 528b4203..dd2ee6e6 100644 --- a/gl/manage/exchange_rates.php +++ b/gl/manage/exchange_rates.php @@ -9,8 +9,8 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 9; -$path_to_root="../.."; +$page_security = 'SA_EXCHANGERATE'; +$path_to_root = "../.."; include($path_to_root . "/includes/db_pager.inc"); include_once($path_to_root . "/includes/session.inc"); diff --git a/gl/manage/gl_account_classes.php b/gl/manage/gl_account_classes.php index de419e72..bdc6b979 100644 --- a/gl/manage/gl_account_classes.php +++ b/gl/manage/gl_account_classes.php @@ -9,8 +9,8 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 3; -$path_to_root="../.."; +$page_security = 'SA_GLACCOUNTCLASS'; +$path_to_root = "../.."; include($path_to_root . "/includes/session.inc"); page(_("GL Account Classes")); diff --git a/gl/manage/gl_account_types.php b/gl/manage/gl_account_types.php index 080144c6..fd7d92ab 100644 --- a/gl/manage/gl_account_types.php +++ b/gl/manage/gl_account_types.php @@ -9,8 +9,8 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 3; -$path_to_root="../.."; +$page_security = 'SA_GLACCOUNTGROUP'; +$path_to_root = "../.."; include($path_to_root . "/includes/session.inc"); page(_("GL Account Groups")); diff --git a/gl/manage/gl_accounts.php b/gl/manage/gl_accounts.php index f3e5bc95..4699c549 100644 --- a/gl/manage/gl_accounts.php +++ b/gl/manage/gl_accounts.php @@ -9,8 +9,8 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 10; -$path_to_root="../.."; +$page_security = 'SA_GLACCOUNT'; +$path_to_root = "../.."; include($path_to_root . "/includes/session.inc"); page(_("Chart of Accounts")); diff --git a/gl/manage/gl_quick_entries.php b/gl/manage/gl_quick_entries.php index c35f0339..5a8804cb 100644 --- a/gl/manage/gl_quick_entries.php +++ b/gl/manage/gl_quick_entries.php @@ -9,8 +9,8 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 3; -$path_to_root="../.."; +$page_security = 'SA_QUICKENTRY'; +$path_to_root = "../.."; include($path_to_root . "/includes/session.inc"); page(_("Quick Entries")); diff --git a/gl/view/bank_transfer_view.php b/gl/view/bank_transfer_view.php index 318c93d0..36932c3e 100644 --- a/gl/view/bank_transfer_view.php +++ b/gl/view/bank_transfer_view.php @@ -9,7 +9,7 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 1; +$page_security = 'SA_BANKTRANSVIEW'; $path_to_root="../.."; include($path_to_root . "/includes/session.inc"); diff --git a/gl/view/gl_deposit_view.php b/gl/view/gl_deposit_view.php index 95449bd7..52c01e01 100644 --- a/gl/view/gl_deposit_view.php +++ b/gl/view/gl_deposit_view.php @@ -9,8 +9,8 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 1; -$path_to_root="../.."; +$page_security = 'SA_BANKTRANSVIEW'; +$path_to_root = "../.."; include($path_to_root . "/includes/session.inc"); diff --git a/gl/view/gl_payment_view.php b/gl/view/gl_payment_view.php index 32f89335..b386c5c6 100644 --- a/gl/view/gl_payment_view.php +++ b/gl/view/gl_payment_view.php @@ -9,8 +9,8 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 1; -$path_to_root="../.."; +$page_security = 'SA_BANKTRANSVIEW'; +$path_to_root = "../.."; include($path_to_root . "/includes/session.inc"); diff --git a/gl/view/gl_trans_view.php b/gl/view/gl_trans_view.php index e48b09bf..3ebedfa6 100644 --- a/gl/view/gl_trans_view.php +++ b/gl/view/gl_trans_view.php @@ -9,8 +9,8 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 8; -$path_to_root="../.."; +$page_security = 'SA_GLTRANSVIEW'; +$path_to_root = "../.."; include_once($path_to_root . "/includes/session.inc"); page(_("General Ledger Transaction Details"), true); diff --git a/includes/access_levels.inc b/includes/access_levels.inc index c7442ab4..f1ccc7f6 100644 --- a/includes/access_levels.inc +++ b/includes/access_levels.inc @@ -10,15 +10,15 @@ See the License here . ***********************************************************************/ /* - Security sections groups various areas on both functionality and privilige levels. - Often analyti inquires are available only for management, and configuration + Security sections groups various areas on both functionality and privilege levels. + Often analytic inquires are available only for management, and configuration for administration or management staff. This is why we have those three - sections related to near every FA module. - - Every security section can contain up to 256 different areas. + section type inside near every FA module. + Section codes 0-99 are reserved for core FA functionalities. - External modules can extend security roles system by adding rows to security sections and - security areas using section code >=100. + Every security section can contain up to 256 different areas. + External modules can extend security roles system by adding rows to + $security_sections and $security_areas using section codes >=100. */ define('SS_SADMIN', 1<<8); // site admin define('SS_SETUP', 2<<8); // company level setup @@ -54,7 +54,7 @@ $security_sections = array( SS_SPEC => _("Special maintenance"), SS_SALES_C => _("Sales configuration"), SS_SALES => _("Sales transactions"), - SS_SALES_A => _("Sales analytics"), + SS_SALES_A => _("Sales related reports"), SS_PURCH_C => _("Purchase configuration"), SS_PURCH => _("Purchase transactions"), SS_PURCH_A => _("Purchase analytics"), @@ -73,12 +73,13 @@ $security_sections = array( /* This table stores security areas available in FA. Key is area identifier used to check user rights, values are - code stored for each role in security_roles table and description used + codes stored for each role in security_roles table and description used in roles editor. Set of allowed access areas codes is retrieved during user login from - security_roles table, and stored in user profile for direct during the session. + security_roles table, and cached in user profile. + Special value 'SA_OPEN' is used for publicly available pages like login/logout. */ $security_areas =array( // @@ -91,63 +92,75 @@ $security_areas =array( // // Company setup // - 'SA_CRSTATUS' => array(SS_SETUP|1, _("Credit status definitions changes")), - 'SA_INVENTORYLOCATION' => array(SS_SETUP|2, _("Inventory locations changes")), - 'SA_INVENTORYMOVETYPE' => array(SS_SETUP|3, _("Inventory movement types")), - 'SA_WORKCENTRE' => array(SS_SETUP|4, _("Manufacture work centres ")), - 'SA_SETUPCOMPANY' => array(SS_SETUP|5, _("Company parameters")), - 'SA_SETUPUSER' => array(SS_SETUP|6, _("Users setup")), - 'SA_SETUPFORM' => array(SS_SETUP|7, _("Forms setup")), - 'SA_PRINTPROFILE' => array(SS_SETUP|8, _("Print profiles")), - 'SA_PAYMENTTERM' => array(SS_SETUP|9, _("Payment terms")), - 'SA_SHIPPING' => array(SS_SETUP|10, _("Shipping ways")), - 'SA_SETUPPOS' => array(SS_SETUP|11, _("Point of sales definitions")), - 'SA_SETUPPRINTER' => array(SS_SETUP|12, _("Printers configuration")), - -// special and common functions - 'SA_VIEWPRINTTRANSACTION' => array(SS_SPEC|1, _("Common view/print transactions interface")), - 'SA_ATTACHDOCUMENT' => array(SS_SPEC|2, _("Attaching documents")), - 'SA_VOIDTRANSACTION' => array(SS_SPEC|3, _("Voiding transactions")), - 'SA_BACKUP' => array(SS_SPEC|4, _("Database backup/restore")), + 'SA_SETUPCOMPANY' => array(SS_SETUP|1, _("Company parameters")), + 'SA_SECROLES' => array(SS_SETUP|2, _("Access levels edition")), + 'SA_USERS' => array(SS_SETUP|3, _("Users setup")), + 'SA_POSSETUP' => array(SS_SETUP|4, _("Point of sales definitions")), + 'SA_PRINTERS' => array(SS_SETUP|5, _("Printers configuration")), + 'SA_PRINTPROFILE' => array(SS_SETUP|6, _("Print profiles")), + 'SA_PAYTERMS' => array(SS_SETUP|7, _("Payment terms")), + 'SA_SHIPPING' => array(SS_SETUP|8, _("Shipping ways")), + 'SA_CRSTATUS' => array(SS_SETUP|9, _("Credit status definitions changes")), + 'SA_INVENTORYLOCATION' => array(SS_SETUP|10, _("Inventory locations changes")), + 'SA_INVENTORYMOVETYPE' => array(SS_SETUP|11, _("Inventory movement types")), + 'SA_WORKCENTRES' => array(SS_SETUP|12, _("Manufacture work centres")), + 'SA_FORMSETUP' => array(SS_SETUP|13, _("Forms setup")), +// +// Special and common functions +// + 'SA_VOIDTRANSACTION' => array(SS_SPEC|1, _("Voiding transactions")), + 'SA_BACKUP' => array(SS_SPEC|2, _("Database backup/restore")), + 'SA_VIEWPRINTTRANSACTION' => array(SS_SPEC|3, _("Common view/print transactions interface")), + 'SA_ATTACHDOCUMENT' => array(SS_SPEC|4, _("Attaching documents")), + 'SA_SETUPDISPLAY' => array(SS_SPEC|5, _("Display preferences")), //??? + 'SA_CHGPASSWD' => array(SS_SPEC|6, _("Password changes")), //??? +// // Sales related functionality // - 'SA_STEMPLATE' => array(SS_SALES_C|1, _("Sales templates")), - 'SA_SRECURRENT' => array(SS_SALES_C|2, _("Recurrent invoices definitions")), - 'SA_SALESPRICE' => array(SS_SALES_C|3, _("Sales prices edition")), - 'SA_SALESGROUP' => array(SS_SALES_C|4, _("Sales groups changes")), - 'SA_SALESMAN' => array(SS_SALES_C|5, _("Sales staff maintenance")), - 'SA_SALESAREA' => array(SS_SALES_C|6, _("Sales areas maintenance")), - - 'SA_CUSTOMER' => array(SS_SALES|1, _("Sales customer and branches changes")), - 'SA_SALESORDER' => array(SS_SALES|2, _("Sales orders edition")), - 'SA_SALESDELIVERY' => array(SS_SALES|3, _("Sales deliveries edition")), - 'SA_SALESINVOICE' => array(SS_SALES|4, _("Sales invoices edition")), - 'SA_SALESCREDITINV' => array(SS_SALES|5, _("Sales credit notes against invoice")), - 'SA_SALESCREDIT' => array(SS_SALES|6, _("Sales freehand credit notes")), - 'SA_SALESPAYMNT' => array(SS_SALES|7, _("Customer payments entry")), - 'SA_SALESALLOC' => array(SS_SALES|1, _("Customer payments allocation")), - - 'SA_SALESANALYTIC' => array(SS_SALES_A|2, _("Customer analytical reports and inquiries")), - 'SA_SALESMANREP' => array(SS_SALES_A|3, _("Sales reports")), - 'SA_SALESVARREP' => array(SS_SALES_A|4, _("Sales other reports and inquires")), + 'SA_SALESTYPES' => array(SS_SALES_C|1, _("Sales types")), + 'SA_SALESPRICE' => array(SS_SALES_C|2, _("Sales prices edition")), + 'SA_SALESMAN' => array(SS_SALES_C|3, _("Sales staff maintenance")), + 'SA_SALESAREA' => array(SS_SALES_C|4, _("Sales areas maintenance")), + 'SA_SALESGROUP' => array(SS_SALES_C|5, _("Sales groups changes")), + 'SA_STEMPLATE' => array(SS_SALES_C|6, _("Sales templates")), + 'SA_SRECURRENT' => array(SS_SALES_C|7, _("Recurrent invoices definitions")), + + 'SA_SALESTRANSVIEW' => array(SS_SALES|1, _("Sales transactions view")), + 'SA_CUSTOMER' => array(SS_SALES|2, _("Sales customer and branches changes")), + 'SA_SALESORDER' => array(SS_SALES|3, _("Sales orders edition")), + 'SA_SALESDELIVERY' => array(SS_SALES|4, _("Sales deliveries edition")), + 'SA_SALESINVOICE' => array(SS_SALES|5, _("Sales invoices edition")), + 'SA_SALESCREDITINV' => array(SS_SALES|6, _("Sales credit notes against invoice")), + 'SA_SALESCREDIT' => array(SS_SALES|7, _("Sales freehand credit notes")), + 'SA_SALESPAYMNT' => array(SS_SALES|8, _("Customer payments entry")), + 'SA_SALESALLOC' => array(SS_SALES|9, _("Customer payments allocation")), + + 'SA_SALESANALYTIC' => array(SS_SALES_A|1, _("Sales analytical reports")), + 'SA_SALESBULKREP' => array(SS_SALES_A|2, _("Sales document bulk reports")), + 'SA_PRICEREP' => array(SS_SALES_A|3, _("Sales prices listing")), + 'SA_SALESMANREP' => array(SS_SALES_A|4, _("Sales staff listing")), + 'SA_CUSTBULKREP' => array(SS_SALES_A|5, _("Customer bulk listing")), + 'SA_CUSTSTATREP' => array(SS_SALES_A|6, _("Customer status report")), + 'SA_CUSTPAYMREP' => array(SS_SALES_A|7, _("Customer payments report")), // // Purchase related functions // 'SA_PURCHASEPRICING' => array(SS_PURCH_C|1, _("Purchase price changes")), - 'SA_SUPPLIER' => array(SS_PURCH|1, _("Suppliers data changes")), - 'SA_PURCHASEORDER' => array(SS_PURCH|2, _("Purchase order entry")), - 'SA_GRN' => array(SS_PURCH|3, _("Purchase receive")), - 'SA_SUPPLIERINVOICE' => array(SS_PURCH|4, _("Supplier invoices")), - 'SA_SUPPLIERCREDIT' => array(SS_PURCH|5, _("Supplier credit notes")), - 'SA_SUPPLIERPAYMNT' => array(SS_PURCH|6, _("Supplier payments")), - 'SA_SUPPLIERALLOC' => array(SS_PURCH|7, _("Supplier payments allocations")), - - 'SA_SUPPLIERANALYTIC' => array(SS_PURCH_A|1, _("Supplier analytical reports and inquiries")), - 'SA_SUPPLIERMANREP' => array(SS_PURCH_A|2, _("Supplier reports")), - 'SA_SUPPLIERVARREP' => array(SS_PURCH_A|3, _("Supplier other reports and inquiries")), + 'SA_SUPPTRANSVIEW' => array(SS_PURCH|1, _("Supplier transactions view")), + 'SA_SUPPLIER' => array(SS_PURCH|2, _("Suppliers changes")), + 'SA_PURCHASEORDER' => array(SS_PURCH|3, _("Purchase order entry")), + 'SA_GRN' => array(SS_PURCH|4, _("Purchase receive")), + 'SA_SUPPLIERINVOICE' => array(SS_PURCH|5, _("Supplier invoices")), + 'SA_SUPPLIERCREDIT' => array(SS_PURCH|6, _("Supplier credit notes")), + 'SA_SUPPLIERPAYMNT' => array(SS_PURCH|7, _("Supplier payments")), + 'SA_SUPPLIERALLOC' => array(SS_PURCH|8, _("Supplier payments allocations")), + + 'SA_SUPPLIERANALYTIC' => array(SS_PURCH_A|1, _("Supplier analytical reports")), + 'SA_SUPPBULKREP' => array(SS_SALES_A|2, _("Supplier document bulk reports")), + 'SA_SUPPPAYMREP' => array(SS_PURCH_A|3, _("Supplier payments report")), // // Inventory // @@ -156,37 +169,39 @@ $security_areas =array( 'SA_ITEMCATEGORY' => array(SS_ITEMS_C|3, _("Item categories")), 'SA_UOM' => array(SS_ITEMS_C|4, _("Units of measure")), - 'SA_FORITEMCODE' => array(SS_ITEMS|1, _("Foreign item codes entry")), - 'SA_LOCATIONTRANSFER' => array(SS_ITEMS|2, _("Inventory location transfers")), - 'SA_INVENTORYADJUSTMENT' => array(SS_ITEMS|3, _("Inventory adjustments")), + 'SA_ITEMSSTATVIEW' => array(SS_ITEMS|1, _("Stock status view")), + 'SA_ITEMSTRANSVIEW' => array(SS_ITEMS|2, _("Stock transactions view")), + 'SA_FORITEMCODE' => array(SS_ITEMS|3, _("Foreign item codes entry")), + 'SA_LOCATIONTRANSFER' => array(SS_ITEMS|4, _("Inventory location transfers")), + 'SA_INVENTORYADJUSTMENT' => array(SS_ITEMS|5, _("Inventory adjustments")), 'SA_REORDER' => array(SS_ITEMS_A|1, _("Reorder levels")), 'SA_ITEMSANALYTIC' => array(SS_ITEMS_A|2, _("Items analytical reports and inquiries")), - 'SA_ITEMSMANREP' => array(SS_ITEMS_A|3, _("Inventory reports")), - 'SA_ITEMSVARREP' => array(SS_ITEMS_A|4, _("Inventory other reports and inquiries")), + 'SA_ITEMSVALREP' => array(SS_ITEMS_A|3, _("Inventory valuation report")), // // Manufacturing module // 'SA_BOM' => array(SS_MANUF_C|1, _("Bill of Materials")), - 'SA_WORKORDERENTRY' => array(SS_MANUF|1, _("Work order entry")), - 'SA_WORKORDEROPERATION' => array(SS_MANUF|2, _("Work order operations")), + 'SA_MANUFTRANSVIEW' => array(SS_MANUF|1, _("Manufacturing operations view")), + 'SA_WORKORDERENTRY' => array(SS_MANUF|2, _("Work order entry")), + 'SA_MANUFISSUE' => array(SS_MANUF|3, _("Material issues entry")), + 'SA_MANUFRECEIVE' => array(SS_MANUF|4, _("Final product receive")), + 'SA_MANUFRELEASE' => array(SS_MANUF|5, _("Work order releases")), 'SA_WORKORDERANALYTIC' => array(SS_MANUF_A|1, _("Work order analytical reports and inquiries")), - 'SA_WORKORDERMANREP' => array(SS_MANUF_A|2, _("Work order reports")), - 'SA_WORKORDERVARREP' => array(SS_MANUF_A|3, _("Work order other reports and inquiries")), - + 'SA_WORKORDERCOST' => array(SS_MANUF_A|2, _("Manufacturing cost inquiry")), + 'SA_MANUFBULKREP' => array(SS_SALES_A|3, _("Work order bulk reports")), + 'SA_BOMREP' => array(SS_MANUF_A|4, _("Bill of materials reports")), // // Dimensions // - 'SA_DIMENSION' => array(SS_DIM|1, _("Dimensions")), + 'SA_DIMTRANSVIEW' => array(SS_DIM|1, _("Dimension view")), - 'SA_DIMENSIONOPERATION' => array(SS_DIM|2, _("Dimension operations")), + 'SA_DIMENSION' => array(SS_DIM|2, _("Dimension entry")), - 'SA_DIMENSIONANALYTIC' => array(SS_DIM|3, _("Dimension analytical reports and inquiries")), - 'SA_DIMENSIONMANREP' => array(SS_DIM|4, _("Dimension reports")), - 'SA_DIMENSIONVARREP' => array(SS_DIM|5, _("Dimension other reports and inquiries")), + 'SA_DIMENSIONREP' => array(SS_DIM|3, _("Dimension reports")), // // Banking and General Ledger // @@ -197,20 +212,25 @@ $security_areas =array( 'SA_QUICKENTRY' => array(SS_GL_C|5, _("Quick GL entry definitions")), 'SA_CURRENCY' => array(SS_GL_C|6, _("Currencies")), 'SA_BANKACCOUNT' => array(SS_GL_C|7, _("Bank accounts")), - 'SA_SETUPTAX' => array(SS_GL_C|8, _("Tax rates")), - 'SA_SETUPFISCALYEAR' => array(SS_GL_C|9, _("Fiscal years maintenance")), - - 'SA_EXCHANGERATE' => array(SS_GL|1, _("Exchange rate table changes")), - 'SA_PAYMENT' => array(SS_GL|2, _("Bank payments")), - 'SA_DEPOSIT' => array(SS_GL|3, _("Bank deposits")), - 'SA_BANKACCOUNTTRANSFER' => array(SS_GL|4, _("Bank account transfers")), - 'SA_JOURNALENTRY' => array(SS_GL|5, _("Manual journal entries")), - 'SA_BUDGETENTRY' => array(SS_GL|6, _("Budget edition")), + 'SA_TAXRATES' => array(SS_GL_C|8, _("Tax rates")), + 'SA_TAXGROUPS' => array(SS_GL_C|8, _("Tax groups")), + 'SA_FISCALYEARS' => array(SS_GL_C|9, _("Fiscal years maintenance")), + 'SA_GLSETUP' => array(SS_GL_C|10, _("Company GL setup")), + + 'SA_BANKTRANSVIEW' => array(SS_GL|1, _("Bank transactions view")), + 'SA_GLTRANSVIEW' => array(SS_GL|2, _("GL postings view")), + 'SA_EXCHANGERATE' => array(SS_GL|3, _("Exchange rate table changes")), + 'SA_PAYMENT' => array(SS_GL|4, _("Bank payments")), + 'SA_DEPOSIT' => array(SS_GL|5, _("Bank deposits")), + 'SA_BANKTRANSFER' => array(SS_GL|6, _("Bank account transfers")), 'SA_RECONCILE' => array(SS_GL|7, _("Bank reconciliation")), - 'SA_STANDARDCOST' => array(SS_GL|8, _("Item standard costs")), - - 'SA_GLANALYTIC' => array(SS_GL_A|1, _("Bank and GL analytical reports and inquiries")), - 'SA_GLMANREP' => array(SS_GL_A|2, _("Bank and GL reports")), - 'SA_GLVARREP' => array(SS_GL_A|3, _("Bank and GL other reports and inquiries")) + 'SA_JOURNALENTRY' => array(SS_GL|8, _("Manual journal entries")), + 'SA_BUDGETENTRY' => array(SS_GL|9, _("Budget edition")), + 'SA_STANDARDCOST' => array(SS_GL|10, _("Item standard costs")), + + 'SA_GLANALYTIC' => array(SS_GL_A|1, _("GL analytical reports and inquiries")), + 'SA_TAXREP' => array(SS_GL_A|2, _("Tax reports and inquiries")), + 'SA_BANKREP' => array(SS_GL_A|3, _("Bank reports and inquiries")), + 'SA_GLREP' => array(SS_GL_A|4, _("GL reports and inquiries")), ); ?> \ No newline at end of file diff --git a/includes/current_user.inc b/includes/current_user.inc index 4f216955..77e8dc3e 100644 --- a/includes/current_user.inc +++ b/includes/current_user.inc @@ -24,7 +24,8 @@ class current_user var $access; var $timeout; var $last_act; - + var $role_set = false; + var $logged; var $ui_mode = 0; @@ -53,6 +54,8 @@ class current_user function login($company, $loginname, $password) { + global $security_areas, $security_groups, $security_headings; + $this->set_company($company); $this->logged = false; @@ -62,7 +65,38 @@ class current_user { $myrow = db_fetch($Auth_Result); if (! @$myrow["inactive"]) { - $this->access = $myrow["full_access"]; + if (isset($myrow["full_access"])) { + // Transition code: + // db was not yet upgraded after source update to v.2.2 + // give enough access for admin user to continue upgrade + if (!isset($security_groups) || !isset($security_headings)) { + echo "


"; + echo _('Before software upgrade you have to include old $security_groups and $security_headings arrays from old config.php file to the new one.'); + echo "

"; + exit; + } + $this->access = $myrow["full_access"]; + if (in_array(20, $security_groups[$this->access])) + // temporary access for admin users + $this->role_set[] = $security_areas['SA_SOFTWAREUPGRADE'][0]; + else { + echo "


"; + echo _('System is available for site admin only until full database upgrade'); + echo "

"; + exit; + } + } else { + $this->role_set = array(); + $this->access = $myrow["role_id"]; + // store area codes available for current user role + $role = get_security_role($this->access); + if (!$role) + return false; + foreach( $role['areas'] as $code ) + // filter only area codes for enabled security sections + if (in_array($code&~0xff, $role['sections'])) + $this->role_set[] = $code; + } $this->name = $myrow["real_name"]; $this->pos = $myrow["pos"]; $this->loginname = $loginname; @@ -75,22 +109,35 @@ class current_user $this->timeout = session_timeout(); } } - return $this->logged; } function check_user_access() { global $security_groups; - return is_array($security_groups[$this->access]); + if (isset($security_groups)) { + // notification after upgrade from pre-2.2 version +// display_notification(_("After database upgrade don't forget to remove \$security_groups and \$security_headings from config.php file!")); + return is_array(@$security_groups[$this->access]); + } else + return is_array($this->role_set); } function can_access_page($page_level) { - global $security_groups; - // first registered company has site admin privileges - return isset($page_level) && in_array($page_level, $security_groups[$this->access]) - && ($this->company == 0 || $page_level != 20); + global $security_groups, $security_areas; + + if (isset($security_groups)) { + return $this->company == 0 && + in_array(20, $security_groups[$this->access]); + } + + if ($page_level === 'SA_OPEN') + return true; + $code = $security_areas[$page_level][0]; + // only first registered company has site admin privileges + return $code && in_array($code, $this->role_set) + && ($this->company == 0 || ($code&~0xff != SS_SADMIN)); } function get_db_connection() diff --git a/includes/session.inc b/includes/session.inc index dad1c1c9..c37b7c15 100644 --- a/includes/session.inc +++ b/includes/session.inc @@ -51,10 +51,15 @@ function check_page_security($page_security) { if (!$_SESSION["wa_current_user"]->check_user_access()) { - echo "


"; - echo "" . _("Security settings have not been defined for your user account."); - echo "
" . _("Please contact your system administrator.") . ""; - + // notification after upgrade from pre-2.2 version + $msg = is_array($_SESSION["wa_current_user"]->role_set) ? + _("Please remove \$security_groups and \$security_headings arrays from config.php file!") + : _("Security settings have not been defined for your user account.") + . "
" . _("Please contact your system administrator."); + + page(_("Access denied"), false); + display_error($msg); + end_page(); kill_login(); exit; } @@ -117,6 +122,7 @@ if (isset($_GET['path_to_root']) || isset($_POST['path_to_root'])) die("Restricted access"); include_once($path_to_root . "/frontaccounting.php"); +include_once($path_to_root . "/admin/db/security_db.inc"); include_once($path_to_root . "/includes/current_user.inc"); include_once($path_to_root . "/includes/lang/language.php"); include_once($path_to_root . "/config_db.php"); @@ -153,6 +159,7 @@ if(@include_once($path_to_root . "/lang/".$_SESSION['language']->code."/locale.i $Hooks = new Hooks(); } +include_once($path_to_root . "/includes/access_levels.inc"); include_once($path_to_root . "/config.php"); include_once($path_to_root . "/includes/main.inc"); @@ -218,13 +225,6 @@ if (!isset($_SESSION["App"])) { $_SESSION["App"]->init(); } -// Run with debugging messages for the system administrator(s) but not anyone else -/*if (in_array(15, $security_groups[$_SESSION["AccessLevel"]])) { - $debug = 1; -} else { - $debug = 0; -}*/ - //---------------------------------------------------------------------------------------- check_page_security($page_security); diff --git a/index.php b/index.php index 85dce69f..aa0e763e 100644 --- a/index.php +++ b/index.php @@ -10,7 +10,7 @@ See the License here . ***********************************************************************/ $path_to_root="."; - $page_security = 1; + $page_security = 'SA_OPEN'; ini_set('xdebug.auto_trace',1); include_once("includes/session.inc"); diff --git a/inventory/adjustments.php b/inventory/adjustments.php index 5a9f95d6..662b528b 100644 --- a/inventory/adjustments.php +++ b/inventory/adjustments.php @@ -9,8 +9,8 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 3; -$path_to_root=".."; +$page_security = 'SA_INVENTORYADJUSTMENT'; +$path_to_root = ".."; include_once($path_to_root . "/includes/ui/items_cart.inc"); include_once($path_to_root . "/includes/session.inc"); diff --git a/inventory/cost_update.php b/inventory/cost_update.php index 0b22ac18..ba8a39c7 100644 --- a/inventory/cost_update.php +++ b/inventory/cost_update.php @@ -9,8 +9,8 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 2; -$path_to_root=".."; +$page_security = 'SA_STANDARDCOST'; +$path_to_root = ".."; include_once($path_to_root . "/includes/session.inc"); include_once($path_to_root . "/includes/date_functions.inc"); diff --git a/inventory/inquiry/stock_movements.php b/inventory/inquiry/stock_movements.php index 1192cd06..e3526e9b 100644 --- a/inventory/inquiry/stock_movements.php +++ b/inventory/inquiry/stock_movements.php @@ -9,8 +9,8 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 2; -$path_to_root="../.."; +$page_security = 'SA_ITEMSTRANSVIEW'; +$path_to_root = "../.."; include_once($path_to_root . "/includes/session.inc"); include_once($path_to_root . "/includes/date_functions.inc"); diff --git a/inventory/inquiry/stock_status.php b/inventory/inquiry/stock_status.php index 9703c6a4..cd468744 100644 --- a/inventory/inquiry/stock_status.php +++ b/inventory/inquiry/stock_status.php @@ -9,8 +9,8 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 2; -$path_to_root="../.."; +$page_security = 'SA_ITEMSSTATVIEW'; +$path_to_root = "../.."; include_once($path_to_root . "/includes/session.inc"); if (isset($_GET['stock_id'])){ diff --git a/inventory/manage/item_categories.php b/inventory/manage/item_categories.php index 076de0c5..26a2889f 100644 --- a/inventory/manage/item_categories.php +++ b/inventory/manage/item_categories.php @@ -9,8 +9,8 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 11; -$path_to_root="../.."; +$page_security = 'SA_ITEMCATEGORY'; +$path_to_root = "../.."; include($path_to_root . "/includes/session.inc"); page(_("Item Categories")); diff --git a/inventory/manage/item_codes.php b/inventory/manage/item_codes.php index 3ac092bb..cde34f0f 100644 --- a/inventory/manage/item_codes.php +++ b/inventory/manage/item_codes.php @@ -9,8 +9,8 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 11; -$path_to_root="../.."; +$page_security = 'SA_FORITEMCODE'; +$path_to_root = "../.."; include_once($path_to_root . "/includes/session.inc"); page(_("Foreign Item Codes")); diff --git a/inventory/manage/item_units.php b/inventory/manage/item_units.php index 64ad4dee..39be1be5 100644 --- a/inventory/manage/item_units.php +++ b/inventory/manage/item_units.php @@ -9,8 +9,8 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 11; -$path_to_root="../.."; +$page_security = 'SA_UOM'; +$path_to_root = "../.."; include($path_to_root . "/includes/session.inc"); page(_("Units of Measure")); diff --git a/inventory/manage/items.php b/inventory/manage/items.php index b5f6534b..9d301277 100644 --- a/inventory/manage/items.php +++ b/inventory/manage/items.php @@ -9,8 +9,8 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 11; -$path_to_root="../.."; +$page_security = 'SA_ITEM'; +$path_to_root = "../.."; include($path_to_root . "/includes/session.inc"); page(_("Items"), @$_REQUEST['popup']); diff --git a/inventory/manage/locations.php b/inventory/manage/locations.php index 3b05629d..b43c8781 100644 --- a/inventory/manage/locations.php +++ b/inventory/manage/locations.php @@ -9,8 +9,8 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 11; -$path_to_root="../.."; +$page_security = 'SA_INVENTORYLOCATION'; +$path_to_root = "../.."; include($path_to_root . "/includes/session.inc"); page(_("Inventory Locations")); diff --git a/inventory/manage/movement_types.php b/inventory/manage/movement_types.php index aacdda94..e54ff3cb 100644 --- a/inventory/manage/movement_types.php +++ b/inventory/manage/movement_types.php @@ -9,8 +9,8 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 3; -$path_to_root="../.."; +$page_security = 'SA_INVENTORYMOVETYPE'; +$path_to_root = "../.."; include($path_to_root . "/includes/session.inc"); page(_("Inventory Movement Types")); diff --git a/inventory/manage/sales_kits.php b/inventory/manage/sales_kits.php index 750d059e..09cb731a 100644 --- a/inventory/manage/sales_kits.php +++ b/inventory/manage/sales_kits.php @@ -9,8 +9,8 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 11; -$path_to_root="../.."; +$page_security = 'SA_SALESKIT'; +$path_to_root = "../.."; include_once($path_to_root . "/includes/session.inc"); page(_("Sales Kits & Alias Codes")); diff --git a/inventory/prices.php b/inventory/prices.php index 29a6530d..d6e75adc 100644 --- a/inventory/prices.php +++ b/inventory/prices.php @@ -9,8 +9,8 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 2; -$path_to_root=".."; +$page_security = 'SA_SALESPRICE'; +$path_to_root = ".."; include_once($path_to_root . "/includes/session.inc"); page(_("Inventory Item Sales prices")); diff --git a/inventory/purchasing_data.php b/inventory/purchasing_data.php index 3d64db51..51464e04 100644 --- a/inventory/purchasing_data.php +++ b/inventory/purchasing_data.php @@ -9,8 +9,8 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 4; -$path_to_root=".."; +$page_security = 'SA_PURCHASEPRICING'; +$path_to_root = ".."; include_once($path_to_root . "/includes/session.inc"); page(_("Supplier Purchasing Data")); diff --git a/inventory/reorder_level.php b/inventory/reorder_level.php index 962dd268..7af7329e 100644 --- a/inventory/reorder_level.php +++ b/inventory/reorder_level.php @@ -9,8 +9,8 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 4; -$path_to_root=".."; +$page_security = 'SA_REORDER'; +$path_to_root = ".."; include_once($path_to_root . "/includes/session.inc"); page(_("Reorder Levels")); diff --git a/inventory/transfers.php b/inventory/transfers.php index b3115589..77fbc2f8 100644 --- a/inventory/transfers.php +++ b/inventory/transfers.php @@ -9,8 +9,8 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 3; -$path_to_root=".."; +$page_security = 'SA_LOCATIONTRANSFER'; +$path_to_root = ".."; include_once($path_to_root . "/includes/ui/items_cart.inc"); include_once($path_to_root . "/includes/session.inc"); diff --git a/inventory/view/view_adjustment.php b/inventory/view/view_adjustment.php index 4aad5a48..cd6575b9 100644 --- a/inventory/view/view_adjustment.php +++ b/inventory/view/view_adjustment.php @@ -9,8 +9,8 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 1; -$path_to_root="../.."; +$page_security = 'SA_ITEMSTRANSVIEW'; +$path_to_root = "../.."; include($path_to_root . "/includes/session.inc"); diff --git a/inventory/view/view_transfer.php b/inventory/view/view_transfer.php index 4d6a4473..0c448712 100644 --- a/inventory/view/view_transfer.php +++ b/inventory/view/view_transfer.php @@ -9,8 +9,8 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 1; -$path_to_root="../.."; +$page_security = 'SA_ITEMSTRANSVIEW'; +$path_to_root = "../.."; include($path_to_root . "/includes/session.inc"); diff --git a/manufacturing/inquiry/bom_cost_inquiry.php b/manufacturing/inquiry/bom_cost_inquiry.php index 8faae1cc..0552049d 100644 --- a/manufacturing/inquiry/bom_cost_inquiry.php +++ b/manufacturing/inquiry/bom_cost_inquiry.php @@ -9,8 +9,8 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 2; -$path_to_root="../.."; +$page_security = 'SA_WORKORDERCOST'; +$path_to_root = "../.."; include_once($path_to_root . "/includes/session.inc"); page(_("Costed Bill Of Material Inquiry")); diff --git a/manufacturing/inquiry/where_used_inquiry.php b/manufacturing/inquiry/where_used_inquiry.php index c792330b..aeea81cf 100644 --- a/manufacturing/inquiry/where_used_inquiry.php +++ b/manufacturing/inquiry/where_used_inquiry.php @@ -9,8 +9,8 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 2; -$path_to_root="../.."; +$page_security = 'SA_WORKORDERANALYTIC'; +$path_to_root = "../.."; include($path_to_root . "/includes/db_pager.inc"); include($path_to_root . "/includes/session.inc"); diff --git a/manufacturing/manage/bom_edit.php b/manufacturing/manage/bom_edit.php index cc3ee43b..45aaab40 100644 --- a/manufacturing/manage/bom_edit.php +++ b/manufacturing/manage/bom_edit.php @@ -9,8 +9,8 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 9; -$path_to_root="../.."; +$page_security = 'SA_BOM'; +$path_to_root = "../.."; include_once($path_to_root . "/includes/session.inc"); page(_("Bill Of Materials")); diff --git a/manufacturing/manage/work_centres.php b/manufacturing/manage/work_centres.php index 769d1b4b..4ae7e90f 100644 --- a/manufacturing/manage/work_centres.php +++ b/manufacturing/manage/work_centres.php @@ -9,8 +9,8 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 3; -$path_to_root="../.."; +$page_security = 'SA_WORKCENTRES'; +$path_to_root = "../.."; include($path_to_root . "/includes/session.inc"); page(_("Work Centres")); diff --git a/manufacturing/search_work_orders.php b/manufacturing/search_work_orders.php index f4cf1624..dfd74f8e 100644 --- a/manufacturing/search_work_orders.php +++ b/manufacturing/search_work_orders.php @@ -9,8 +9,8 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 2; -$path_to_root=".."; +$page_security = 'SA_MANUFTRANSVIEW'; +$path_to_root = ".."; include($path_to_root . "/includes/db_pager.inc"); include_once($path_to_root . "/includes/session.inc"); diff --git a/manufacturing/view/wo_issue_view.php b/manufacturing/view/wo_issue_view.php index 80f624c4..7b49484e 100644 --- a/manufacturing/view/wo_issue_view.php +++ b/manufacturing/view/wo_issue_view.php @@ -9,8 +9,8 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 10; -$path_to_root="../.."; +$page_security = 'SA_MANUFTRANSVIEW'; +$path_to_root = "../.."; include_once($path_to_root . "/includes/session.inc"); $js = ""; diff --git a/manufacturing/view/wo_production_view.php b/manufacturing/view/wo_production_view.php index 1ab3e442..28a4c7ae 100644 --- a/manufacturing/view/wo_production_view.php +++ b/manufacturing/view/wo_production_view.php @@ -9,8 +9,8 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 10; -$path_to_root="../.."; +$page_security = 'SA_MANUFTRANSVIEW'; +$path_to_root = "../.."; include_once($path_to_root . "/includes/session.inc"); diff --git a/manufacturing/view/work_order_view.php b/manufacturing/view/work_order_view.php index 60daf028..2c12edc8 100644 --- a/manufacturing/view/work_order_view.php +++ b/manufacturing/view/work_order_view.php @@ -9,8 +9,8 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 10; -$path_to_root="../.."; +$page_security = 'SA_MANUFTRANSVIEW'; +$path_to_root = "../.."; include_once($path_to_root . "/includes/session.inc"); diff --git a/manufacturing/work_order_add_finished.php b/manufacturing/work_order_add_finished.php index f94970ba..2804ea1e 100644 --- a/manufacturing/work_order_add_finished.php +++ b/manufacturing/work_order_add_finished.php @@ -9,8 +9,8 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 10; -$path_to_root=".."; +$page_security = 'SA_MANUFRECEIVE'; +$path_to_root = ".."; include_once($path_to_root . "/includes/session.inc"); include_once($path_to_root . "/includes/date_functions.inc"); diff --git a/manufacturing/work_order_costs.php b/manufacturing/work_order_costs.php index 0d68a3f9..107c073b 100644 --- a/manufacturing/work_order_costs.php +++ b/manufacturing/work_order_costs.php @@ -9,8 +9,8 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 10; -$path_to_root=".."; +$page_security = 'SA_WORKORDERCOST'; +$path_to_root = ".."; include_once($path_to_root . "/includes/session.inc"); include_once($path_to_root . "/includes/date_functions.inc"); diff --git a/manufacturing/work_order_entry.php b/manufacturing/work_order_entry.php index c2560b47..a278e1e6 100644 --- a/manufacturing/work_order_entry.php +++ b/manufacturing/work_order_entry.php @@ -9,8 +9,8 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 10; -$path_to_root=".."; +$page_security = 'SA_WORKORDERENTRY'; +$path_to_root = ".."; include_once($path_to_root . "/includes/session.inc"); diff --git a/manufacturing/work_order_issue.php b/manufacturing/work_order_issue.php index 5c853841..775527aa 100644 --- a/manufacturing/work_order_issue.php +++ b/manufacturing/work_order_issue.php @@ -9,8 +9,8 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 3; -$path_to_root=".."; +$page_security = 'SA_MANUFISSUE'; +$path_to_root = ".."; include_once($path_to_root . "/includes/ui/items_cart.inc"); include_once($path_to_root . "/includes/session.inc"); diff --git a/manufacturing/work_order_release.php b/manufacturing/work_order_release.php index 55f2e1ff..ca72da7c 100644 --- a/manufacturing/work_order_release.php +++ b/manufacturing/work_order_release.php @@ -9,8 +9,8 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 10; -$path_to_root=".."; +$page_security = 'SA_MANUFRELEASE'; +$path_to_root = ".."; include_once($path_to_root . "/includes/session.inc"); include_once($path_to_root . "/includes/date_functions.inc"); diff --git a/purchasing/allocations/supplier_allocate.php b/purchasing/allocations/supplier_allocate.php index 2a19c464..4a4b85a8 100644 --- a/purchasing/allocations/supplier_allocate.php +++ b/purchasing/allocations/supplier_allocate.php @@ -9,8 +9,8 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$path_to_root="../.."; -$page_security = 3; +$page_security = 'SA_SUPPLIERALLOC'; +$path_to_root = "../.."; include($path_to_root . "/includes/ui/allocation_cart.inc"); include_once($path_to_root . "/includes/session.inc"); diff --git a/purchasing/allocations/supplier_allocation_main.php b/purchasing/allocations/supplier_allocation_main.php index 2bef7bab..78b0b660 100644 --- a/purchasing/allocations/supplier_allocation_main.php +++ b/purchasing/allocations/supplier_allocation_main.php @@ -9,8 +9,8 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$path_to_root="../.."; -$page_security = 3; +$page_security = 'SA_SUPPLIERALLOC'; +$path_to_root = "../.."; include($path_to_root . "/includes/db_pager.inc"); include_once($path_to_root . "/includes/session.inc"); diff --git a/purchasing/inquiry/po_search.php b/purchasing/inquiry/po_search.php index bd863ff2..5638582b 100644 --- a/purchasing/inquiry/po_search.php +++ b/purchasing/inquiry/po_search.php @@ -9,8 +9,8 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 2; -$path_to_root="../.."; +$page_security = 'SA_SUPPTRANSVIEW'; +$path_to_root = "../.."; include($path_to_root . "/includes/db_pager.inc"); include($path_to_root . "/includes/session.inc"); diff --git a/purchasing/inquiry/po_search_completed.php b/purchasing/inquiry/po_search_completed.php index 1f9ff810..7f014d8c 100644 --- a/purchasing/inquiry/po_search_completed.php +++ b/purchasing/inquiry/po_search_completed.php @@ -9,7 +9,7 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 2; +$page_security = 'SA_SUPPTRANSVIEW'; $path_to_root="../.."; include($path_to_root . "/includes/db_pager.inc"); include($path_to_root . "/includes/session.inc"); diff --git a/purchasing/inquiry/supplier_allocation_inquiry.php b/purchasing/inquiry/supplier_allocation_inquiry.php index 1b99f735..30b11bfb 100644 --- a/purchasing/inquiry/supplier_allocation_inquiry.php +++ b/purchasing/inquiry/supplier_allocation_inquiry.php @@ -9,8 +9,8 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security=2; -$path_to_root="../.."; +$page_security = 'SA_SUPPLIERALLOC'; +$path_to_root = "../.."; include($path_to_root . "/includes/db_pager.inc"); include($path_to_root . "/includes/session.inc"); diff --git a/purchasing/inquiry/supplier_inquiry.php b/purchasing/inquiry/supplier_inquiry.php index 817fbfc5..7de2319c 100644 --- a/purchasing/inquiry/supplier_inquiry.php +++ b/purchasing/inquiry/supplier_inquiry.php @@ -9,8 +9,8 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security=2; -$path_to_root="../.."; +$page_security = 'SA_SUPPTRANSVIEW'; +$path_to_root = "../.."; include($path_to_root . "/includes/db_pager.inc"); include($path_to_root . "/includes/session.inc"); diff --git a/purchasing/manage/suppliers.php b/purchasing/manage/suppliers.php index be2f1a7d..82ee660a 100644 --- a/purchasing/manage/suppliers.php +++ b/purchasing/manage/suppliers.php @@ -9,8 +9,8 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security=5; -$path_to_root="../.."; +$page_security = 'SA_SUPPLIER'; +$path_to_root = "../.."; include($path_to_root . "/includes/session.inc"); page(_("Suppliers"), @$_REQUEST['popup']); diff --git a/purchasing/po_entry_items.php b/purchasing/po_entry_items.php index 1630da5c..09fc0663 100644 --- a/purchasing/po_entry_items.php +++ b/purchasing/po_entry_items.php @@ -9,8 +9,8 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 4; -$path_to_root=".."; +$page_security = 'SA_PURCHASEORDER'; +$path_to_root = ".."; include_once($path_to_root . "/purchasing/includes/po_class.inc"); include_once($path_to_root . "/includes/session.inc"); include_once($path_to_root . "/purchasing/includes/purchasing_ui.inc"); diff --git a/purchasing/po_receive_items.php b/purchasing/po_receive_items.php index 2bcd6085..cec4715f 100644 --- a/purchasing/po_receive_items.php +++ b/purchasing/po_receive_items.php @@ -9,8 +9,8 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 11; -$path_to_root=".."; +$page_security = 'SA_GRN'; +$path_to_root = ".."; include_once($path_to_root . "/purchasing/includes/po_class.inc"); include_once($path_to_root . "/includes/session.inc"); diff --git a/purchasing/supplier_credit.php b/purchasing/supplier_credit.php index bd2fb08a..102184b0 100644 --- a/purchasing/supplier_credit.php +++ b/purchasing/supplier_credit.php @@ -9,12 +9,11 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$path_to_root=".."; +$page_security = 'SA_SUPPLIERCREDIT'; +$path_to_root = ".."; include_once($path_to_root . "/purchasing/includes/supp_trans_class.inc"); -$page_security=5; - include_once($path_to_root . "/includes/session.inc"); include_once($path_to_root . "/includes/data_checks.inc"); diff --git a/purchasing/supplier_invoice.php b/purchasing/supplier_invoice.php index 9e10d57b..11cd376a 100644 --- a/purchasing/supplier_invoice.php +++ b/purchasing/supplier_invoice.php @@ -9,8 +9,8 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security=5; -$path_to_root=".."; +$page_security = 'SA_SUPPLIERINVOICE'; +$path_to_root = ".."; include_once($path_to_root . "/purchasing/includes/purchasing_db.inc"); diff --git a/purchasing/supplier_payment.php b/purchasing/supplier_payment.php index a2603dfb..f4e4f776 100644 --- a/purchasing/supplier_payment.php +++ b/purchasing/supplier_payment.php @@ -9,8 +9,8 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$path_to_root=".."; -$page_security = 5; +$page_security = 'SA_SUPPLIERPAYMNT'; +$path_to_root = ".."; include_once($path_to_root . "/includes/ui/allocation_cart.inc"); include_once($path_to_root . "/includes/session.inc"); include_once($path_to_root . "/includes/date_functions.inc"); diff --git a/purchasing/view/view_grn.php b/purchasing/view/view_grn.php index b0c37d7f..b4788199 100644 --- a/purchasing/view/view_grn.php +++ b/purchasing/view/view_grn.php @@ -9,8 +9,8 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 2; -$path_to_root="../.."; +$page_security = 'SA_SUPPTRANSVIEW'; +$path_to_root = "../.."; include($path_to_root . "/purchasing/includes/po_class.inc"); include($path_to_root . "/includes/session.inc"); diff --git a/purchasing/view/view_po.php b/purchasing/view/view_po.php index 81028338..049c8c5e 100644 --- a/purchasing/view/view_po.php +++ b/purchasing/view/view_po.php @@ -9,8 +9,8 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 2; -$path_to_root="../.."; +$page_security = 'SA_SUPPTRANSVIEW'; +$path_to_root = "../.."; include($path_to_root . "/purchasing/includes/po_class.inc"); include($path_to_root . "/includes/session.inc"); diff --git a/purchasing/view/view_supp_credit.php b/purchasing/view/view_supp_credit.php index b83a24cc..9a81bec1 100644 --- a/purchasing/view/view_supp_credit.php +++ b/purchasing/view/view_supp_credit.php @@ -9,8 +9,8 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 1; -$path_to_root="../.."; +$page_security = 'SA_SUPPTRANSVIEW'; +$path_to_root = "../.."; include_once($path_to_root . "/purchasing/includes/purchasing_db.inc"); include_once($path_to_root . "/includes/session.inc"); diff --git a/purchasing/view/view_supp_invoice.php b/purchasing/view/view_supp_invoice.php index 0380ccd0..bf77703a 100644 --- a/purchasing/view/view_supp_invoice.php +++ b/purchasing/view/view_supp_invoice.php @@ -9,8 +9,8 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 1; -$path_to_root="../.."; +$page_security = 'SA_SUPPTRANSVIEW'; +$path_to_root = "../.."; include_once($path_to_root . "/purchasing/includes/purchasing_db.inc"); include_once($path_to_root . "/includes/session.inc"); diff --git a/purchasing/view/view_supp_payment.php b/purchasing/view/view_supp_payment.php index 793f6d41..c7da2a56 100644 --- a/purchasing/view/view_supp_payment.php +++ b/purchasing/view/view_supp_payment.php @@ -9,8 +9,8 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 1; -$path_to_root="../.."; +$page_security = 'SA_SUPPTRANSVIEW'; +$path_to_root = "../.."; include($path_to_root . "/includes/session.inc"); diff --git a/reporting/includes/pdf_report.inc b/reporting/includes/pdf_report.inc index 3d072e66..af7ba6cc 100644 --- a/reporting/includes/pdf_report.inc +++ b/reporting/includes/pdf_report.inc @@ -9,7 +9,6 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 8; //include_once($path_to_root . "reporting/includes/class.pdf.inc"); include_once(dirname(__FILE__)."/class.pdf.inc"); include_once(dirname(__FILE__)."/printer_class.inc"); diff --git a/reporting/prn_redirect.php b/reporting/prn_redirect.php index 347e9ed7..3d985ec8 100644 --- a/reporting/prn_redirect.php +++ b/reporting/prn_redirect.php @@ -14,7 +14,7 @@ print button in reporting module. */ $path_to_root = ".."; -$page_security = 2; // this level is later overriden in rep file +$page_security = 'SA_OPEN'; // this level is later overriden in rep file include_once($path_to_root . "/includes/session.inc"); if (isset($_GET['xls'])) diff --git a/reporting/rep101.php b/reporting/rep101.php index d8f37c77..633ef3e9 100644 --- a/reporting/rep101.php +++ b/reporting/rep101.php @@ -9,7 +9,7 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 2; +$page_security = 'SA_CUSTPAYMREP'; // ---------------------------------------------------------------- // $ Revision: 2.0 $ diff --git a/reporting/rep102.php b/reporting/rep102.php index d6cc82d8..7ce89ad2 100644 --- a/reporting/rep102.php +++ b/reporting/rep102.php @@ -9,7 +9,7 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 2; +$page_security = 'SA_CUSTPAYMREP'; // ---------------------------------------------------------------- // $ Revision: 2.0 $ // Creator: Joe Hunt diff --git a/reporting/rep103.php b/reporting/rep103.php index f7ae195e..ead177fd 100644 --- a/reporting/rep103.php +++ b/reporting/rep103.php @@ -9,7 +9,7 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 2; +$page_security = 'SA_CUSTBULKREP'; // ---------------------------------------------------------------- // $ Revision: 2.0 $ // Creator: Joe Hunt diff --git a/reporting/rep104.php b/reporting/rep104.php index 42eed722..e1cbdefc 100644 --- a/reporting/rep104.php +++ b/reporting/rep104.php @@ -9,7 +9,7 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 2; +$page_security = 'SA_PRICEREP'; // ---------------------------------------------------------------- // $ Revision: 2.0 $ // Creator: Joe Hunt diff --git a/reporting/rep105.php b/reporting/rep105.php index bc367e6a..63a804d6 100644 --- a/reporting/rep105.php +++ b/reporting/rep105.php @@ -9,7 +9,7 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 2; +$page_security = 'SA_SALESBULKREP'; // ---------------------------------------------------------------- // $ Revision: 2.0 $ // Creator: Joe Hunt diff --git a/reporting/rep106.php b/reporting/rep106.php index aa3a83f7..09dd921c 100644 --- a/reporting/rep106.php +++ b/reporting/rep106.php @@ -9,12 +9,12 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 2; +$page_security = 'SA_SALESMANREP'; // ---------------------------------------------------------------- // $ Revision: 2.0 $ // Creator: Joe Hunt // date_: 2005-05-19 -// Title: Order Status List +// Title: Salesman Report // ---------------------------------------------------------------- $path_to_root=".."; diff --git a/reporting/rep107.php b/reporting/rep107.php index d9f8aa22..262d04da 100644 --- a/reporting/rep107.php +++ b/reporting/rep107.php @@ -9,7 +9,8 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 2; +$page_security = $_POST['PARAM_0'] == $_POST['PARAM_1'] ? + 'SA_SALESTRANSVIEW' : 'SA_SALESBULKREP'; // ---------------------------------------------------------------- // $ Revision: 2.0 $ // Creator: Joe Hunt @@ -32,7 +33,7 @@ print_invoices(); function print_invoices() { global $path_to_root; - + include_once($path_to_root . "/reporting/includes/pdf_report.inc"); $from = $_POST['PARAM_0']; @@ -49,7 +50,7 @@ function print_invoices() $to = 0; $dec = user_price_dec(); - $fno = explode("-", $from); + $fno = explode("-", $from); $tno = explode("-", $to); $cols = array(4, 60, 225, 300, 325, 385, 450, 515); diff --git a/reporting/rep108.php b/reporting/rep108.php index 4d29faea..b5232a12 100644 --- a/reporting/rep108.php +++ b/reporting/rep108.php @@ -9,7 +9,7 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 2; +$page_security = 'SA_CUSTSTATREP'; // ---------------------------------------------------------------- // $ Revision: 2.0 $ // Creator: Joe Hunt diff --git a/reporting/rep109.php b/reporting/rep109.php index 31a769df..66cdad59 100644 --- a/reporting/rep109.php +++ b/reporting/rep109.php @@ -9,7 +9,8 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 2; +$page_security = $_POST['PARAM_0'] == $_POST['PARAM_1'] ? + 'SA_SALESTRANSVIEW' : 'SA_SALESBULKREP'; // ---------------------------------------------------------------- // $ Revision: 2.0 $ // Creator: Joe Hunt diff --git a/reporting/rep110.php b/reporting/rep110.php index b7aeb500..271b0fc0 100644 --- a/reporting/rep110.php +++ b/reporting/rep110.php @@ -9,7 +9,8 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 2; +$page_security = $_POST['PARAM_0'] == $_POST['PARAM_1'] ? + 'SA_SALESTRANSVIEW' : 'SA_SALESBULKREP'; // ---------------------------------------------------------------- // $ Revision: 2.0 $ // Creator: Janusz Dobrwolski diff --git a/reporting/rep201.php b/reporting/rep201.php index 756e83c6..fce97382 100644 --- a/reporting/rep201.php +++ b/reporting/rep201.php @@ -9,7 +9,7 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 2; +$page_security = 'SA_SUPPLIERANALYTIC'; // ---------------------------------------------------------------- // $ Revision: 2.0 $ // Creator: Joe Hunt diff --git a/reporting/rep202.php b/reporting/rep202.php index 3b543fcf..ba15545c 100644 --- a/reporting/rep202.php +++ b/reporting/rep202.php @@ -9,7 +9,7 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 2; +$page_security = 'SA_SUPPLIERANALYTIC'; // ---------------------------------------------------------------- // $ Revision: 2.0 $ // Creator: Joe Hunt diff --git a/reporting/rep203.php b/reporting/rep203.php index 122c6826..3ad684ad 100644 --- a/reporting/rep203.php +++ b/reporting/rep203.php @@ -9,7 +9,7 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 2; +$page_security = 'SA_SUPPPAYMREP'; // ---------------------------------------------------------------- // $ Revision: 2.0 $ // Creator: Joe Hunt diff --git a/reporting/rep204.php b/reporting/rep204.php index c0efd034..5dd8d29f 100644 --- a/reporting/rep204.php +++ b/reporting/rep204.php @@ -9,7 +9,7 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 2; +$page_security = 'SA_SUPPLIERANALYTIC'; // ---------------------------------------------------------------- // $ Revision: 2.0 $ // Creator: Joe Hunt diff --git a/reporting/rep209.php b/reporting/rep209.php index b9a8a049..7bd5c4ae 100644 --- a/reporting/rep209.php +++ b/reporting/rep209.php @@ -9,7 +9,9 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 2; + +$page_security = $_POST['PARAM_0'] == $_POST['PARAM_1'] ? + 'SA_SUPPTRANSVIEW' : 'SA_SUPPBULKREP'; // ---------------------------------------------------------------- // $ Revision: 2.0 $ // Creator: Joe Hunt diff --git a/reporting/rep301.php b/reporting/rep301.php index 2b18d24b..dede5207 100644 --- a/reporting/rep301.php +++ b/reporting/rep301.php @@ -9,12 +9,12 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 2; +$page_security = 'SA_ITEMSVALREP'; // ---------------------------------------------------------------- // $ Revision: 2.0 $ // Creator: Joe Hunt // date_: 2005-05-19 -// Title: Supplier Balances +// Title: Inventory Valuation // ---------------------------------------------------------------- $path_to_root=".."; diff --git a/reporting/rep302.php b/reporting/rep302.php index e92c27c5..1678b2ab 100644 --- a/reporting/rep302.php +++ b/reporting/rep302.php @@ -9,7 +9,7 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 2; +$page_security = 'SA_ITEMSANALYTIC'; // ---------------------------------------------------------------- // $ Revision: 2.0 $ // Creator: Joe Hunt diff --git a/reporting/rep303.php b/reporting/rep303.php index 19be2ee9..85bb02d8 100644 --- a/reporting/rep303.php +++ b/reporting/rep303.php @@ -9,7 +9,7 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 2; +$page_security = 'SA_ITEMSVALREP'; // ---------------------------------------------------------------- // $ Revision: 2.0 $ // Creator: Joe Hunt diff --git a/reporting/rep304.php b/reporting/rep304.php index bb4006f1..40b87584 100644 --- a/reporting/rep304.php +++ b/reporting/rep304.php @@ -9,12 +9,12 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 2; +$page_security = 'SA_SALESANALYTIC'; // ---------------------------------------------------------------- // $ Revision: 2.0 $ // Creator: Joe Hunt // date_: 2005-05-19 -// Title: Inventory Planning +// Title: Inventory Sales Report // ---------------------------------------------------------------- $path_to_root=".."; diff --git a/reporting/rep305.php b/reporting/rep305.php index 54a1be31..b752c6ef 100644 --- a/reporting/rep305.php +++ b/reporting/rep305.php @@ -9,7 +9,7 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 2; +$page_security = 'SA_SUPPLIERANALYTIC'; // ---------------------------------------------------------------- // $ Revision: 2.0 $ // Creator: Joe Hunt diff --git a/reporting/rep401.php b/reporting/rep401.php index 8ae240e3..0113375e 100644 --- a/reporting/rep401.php +++ b/reporting/rep401.php @@ -9,7 +9,7 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 2; +$page_security = 'SA_BOMREP'; // ---------------------------------------------------------------- // $ Revision: 2.0 $ // Creator: Joe Hunt diff --git a/reporting/rep409.php b/reporting/rep409.php index f454c41f..7140ee23 100644 --- a/reporting/rep409.php +++ b/reporting/rep409.php @@ -9,10 +9,11 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 2; +$page_security = $_POST['PARAM_0'] == $_POST['PARAM_1'] ? + 'SA_MANUFTRANSVIEW' : 'SA_MANUFBULKREP'; // ---------------------------------------------------------------- // $ Revision: 2.0 $ -// Creator: Janusz Dobrwolski +// Creator: Janusz Dobrowolski // date_: 2008-01-14 // Title: Print Workorders // draft version! diff --git a/reporting/rep501.php b/reporting/rep501.php index b697925f..8e9653b4 100644 --- a/reporting/rep501.php +++ b/reporting/rep501.php @@ -9,7 +9,7 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 2; +$page_security = 'SA_DIMENSIONREP'; // ---------------------------------------------------------------- // $ Revision: 2.0 $ // Creator: Joe Hunt diff --git a/reporting/rep601.php b/reporting/rep601.php index 66fbbf2a..b5ed420a 100644 --- a/reporting/rep601.php +++ b/reporting/rep601.php @@ -9,7 +9,7 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 2; +$page_security = 'SA_BANKREP'; // ---------------------------------------------------------------- // $ Revision: 2.0 $ // Creator: Joe Hunt diff --git a/reporting/rep701.php b/reporting/rep701.php index 4f49b549..847fb04e 100644 --- a/reporting/rep701.php +++ b/reporting/rep701.php @@ -9,7 +9,7 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 2; +$page_security = 'SA_GLREP'; // ---------------------------------------------------------------- // $ Revision: 2.0 $ // Creator: Joe Hunt diff --git a/reporting/rep702.php b/reporting/rep702.php index 26a09c2d..478770f2 100644 --- a/reporting/rep702.php +++ b/reporting/rep702.php @@ -9,7 +9,7 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 2; +$page_security = 'SA_GLANALYTIC'; // ---------------------------------------------------------------- // $ Revision: 2.0 $ // Creator: Joe Hunt diff --git a/reporting/rep704.php b/reporting/rep704.php index b584c97c..ffa888fd 100644 --- a/reporting/rep704.php +++ b/reporting/rep704.php @@ -9,7 +9,7 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 2; +$page_security = 'SA_GLREP'; // ---------------------------------------------------------------- // $ Revision: 2.0 $ // Creator: Joe Hunt diff --git a/reporting/rep705.php b/reporting/rep705.php index a9ca35ea..4361b6e7 100644 --- a/reporting/rep705.php +++ b/reporting/rep705.php @@ -9,7 +9,7 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 2; +$page_security = 'SA_GLANALYTIC'; // ---------------------------------------------------------------- // $ Revision: 2.0 $ // Creator: Joe Hunt diff --git a/reporting/rep706.php b/reporting/rep706.php index a1dece20..1ef4a9d7 100644 --- a/reporting/rep706.php +++ b/reporting/rep706.php @@ -9,7 +9,7 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 2; +$page_security = 'SA_GLANALYTIC'; // ---------------------------------------------------------------- // $ Revision: 2.0 $ // Creator: Joe Hunt diff --git a/reporting/rep707.php b/reporting/rep707.php index 1b93637b..15690a09 100644 --- a/reporting/rep707.php +++ b/reporting/rep707.php @@ -9,7 +9,7 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 2; +$page_security = 'SA_GLANALYTIC'; // ---------------------------------------------------------------- // $ Revision: 2.0 $ // Creator: Joe Hunt diff --git a/reporting/rep708.php b/reporting/rep708.php index dd027188..9e95275a 100644 --- a/reporting/rep708.php +++ b/reporting/rep708.php @@ -9,7 +9,7 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 2; +$page_security = 'SA_GLANALYTIC'; // ---------------------------------------------------------------- // $ Revision: 2.0 $ // Creator: Joe Hunt diff --git a/reporting/rep709.php b/reporting/rep709.php index 39b2e04a..9b762ddc 100644 --- a/reporting/rep709.php +++ b/reporting/rep709.php @@ -9,7 +9,7 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 2; +$page_security = 'SA_TAXREP'; // ---------------------------------------------------------------- // $ Revision: 2.0 $ // Creator: Joe Hunt diff --git a/reporting/rep710.php b/reporting/rep710.php index 761e3bc2..1c2e86ec 100644 --- a/reporting/rep710.php +++ b/reporting/rep710.php @@ -9,7 +9,7 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 15; +$page_security = 'SA_GLANALYTIC'; // ---------------------------------------------------------------- // $ Revision: 2.0 $ // Creator: Joe Hunt diff --git a/reporting/reports_main.php b/reporting/reports_main.php index d02f01f7..7536d2b2 100644 --- a/reporting/reports_main.php +++ b/reporting/reports_main.php @@ -10,7 +10,7 @@ See the License here . ***********************************************************************/ $path_to_root=".."; -$page_security = 5; +$page_security = 'SA_OPEN'; include_once($path_to_root . "/includes/session.inc"); include_once($path_to_root . "/includes/date_functions.inc"); diff --git a/sales/allocations/customer_allocate.php b/sales/allocations/customer_allocate.php index 14f87fb8..411ee7bd 100644 --- a/sales/allocations/customer_allocate.php +++ b/sales/allocations/customer_allocate.php @@ -9,8 +9,8 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$path_to_root="../.."; -$page_security = 3; +$page_security = 'SA_SALESALLOC'; +$path_to_root = "../.."; include($path_to_root . "/includes/ui/allocation_cart.inc"); include_once($path_to_root . "/includes/session.inc"); diff --git a/sales/allocations/customer_allocation_main.php b/sales/allocations/customer_allocation_main.php index e874d53d..4bc5cef6 100644 --- a/sales/allocations/customer_allocation_main.php +++ b/sales/allocations/customer_allocation_main.php @@ -9,8 +9,8 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$path_to_root="../.."; -$page_security = 3; +$page_security = 'SA_SALESALLOC'; +$path_to_root = "../.."; include($path_to_root . "/includes/db_pager.inc"); include_once($path_to_root . "/includes/session.inc"); diff --git a/sales/create_recurrent_invoices.php b/sales/create_recurrent_invoices.php index 80b019a5..8cdf543b 100644 --- a/sales/create_recurrent_invoices.php +++ b/sales/create_recurrent_invoices.php @@ -9,8 +9,8 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 3; -$path_to_root=".."; +$page_security = 'SA_SALESINVOICE'; +$path_to_root = ".."; include_once($path_to_root . "/sales/includes/cart_class.inc"); include_once($path_to_root . "/includes/session.inc"); include_once($path_to_root . "/sales/includes/ui/sales_order_ui.inc"); diff --git a/sales/credit_note_entry.php b/sales/credit_note_entry.php index 31f640f4..18e945c2 100644 --- a/sales/credit_note_entry.php +++ b/sales/credit_note_entry.php @@ -13,8 +13,8 @@ // // Entry/Modify free hand Credit Note // -$page_security = 3; -$path_to_root=".."; +$page_security = 'SA_SALESCREDIT'; +$path_to_root = ".."; include_once($path_to_root . "/sales/includes/cart_class.inc"); include_once($path_to_root . "/includes/session.inc"); include_once($path_to_root . "/includes/data_checks.inc"); diff --git a/sales/customer_credit_invoice.php b/sales/customer_credit_invoice.php index b8aa6da8..d6bb4057 100644 --- a/sales/customer_credit_invoice.php +++ b/sales/customer_credit_invoice.php @@ -14,7 +14,7 @@ // Entry/Modify Credit Note for selected Sales Invoice // -$page_security = 3; +$page_security = 'SA_SALESCREDITINV'; $path_to_root = ".."; include_once($path_to_root . "/sales/includes/cart_class.inc"); diff --git a/sales/customer_delivery.php b/sales/customer_delivery.php index 23cbd79a..74a4c81d 100644 --- a/sales/customer_delivery.php +++ b/sales/customer_delivery.php @@ -13,8 +13,8 @@ // // Entry/Modify Delivery Note against Sales Order // -$page_security = 2; -$path_to_root=".."; +$page_security = 'SA_SALESDELIVERY'; +$path_to_root = ".."; include_once($path_to_root . "/sales/includes/cart_class.inc"); include_once($path_to_root . "/includes/session.inc"); diff --git a/sales/customer_invoice.php b/sales/customer_invoice.php index 249a0aa9..2e92bc1b 100644 --- a/sales/customer_invoice.php +++ b/sales/customer_invoice.php @@ -14,8 +14,8 @@ // Entry/Modify Sales Invoice against single delivery // Entry/Modify Batch Sales Invoice against batch of deliveries // -$page_security = 2; -$path_to_root=".."; +$page_security = 'SA_SALESINVOICE'; +$path_to_root = ".."; include_once($path_to_root . "/sales/includes/cart_class.inc"); include_once($path_to_root . "/includes/session.inc"); include_once($path_to_root . "/includes/data_checks.inc"); diff --git a/sales/customer_payments.php b/sales/customer_payments.php index b7b1e1da..ca2fcf62 100644 --- a/sales/customer_payments.php +++ b/sales/customer_payments.php @@ -9,8 +9,8 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$path_to_root=".."; -$page_security = 3; +$page_security = 'SA_SALESPAYMNT'; +$path_to_root = ".."; include_once($path_to_root . "/includes/ui/allocation_cart.inc"); include_once($path_to_root . "/includes/session.inc"); include_once($path_to_root . "/includes/date_functions.inc"); diff --git a/sales/inquiry/customer_allocation_inquiry.php b/sales/inquiry/customer_allocation_inquiry.php index 3313cebf..6d09615f 100644 --- a/sales/inquiry/customer_allocation_inquiry.php +++ b/sales/inquiry/customer_allocation_inquiry.php @@ -9,8 +9,8 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 1; -$path_to_root="../.."; +$page_security = 'SA_SALESALLOC'; +$path_to_root = "../.."; include($path_to_root . "/includes/db_pager.inc"); include_once($path_to_root . "/includes/session.inc"); diff --git a/sales/inquiry/customer_inquiry.php b/sales/inquiry/customer_inquiry.php index 160cb250..aba36135 100644 --- a/sales/inquiry/customer_inquiry.php +++ b/sales/inquiry/customer_inquiry.php @@ -9,8 +9,8 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 1; -$path_to_root="../.."; +$page_security = 'SA_SALESTRANSVIEW'; +$path_to_root = "../.."; include($path_to_root . "/includes/db_pager.inc"); include_once($path_to_root . "/includes/session.inc"); diff --git a/sales/inquiry/sales_deliveries_view.php b/sales/inquiry/sales_deliveries_view.php index 7995696d..1c5f342d 100644 --- a/sales/inquiry/sales_deliveries_view.php +++ b/sales/inquiry/sales_deliveries_view.php @@ -9,8 +9,8 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 2; -$path_to_root="../.."; +$page_security = 'SA_SALESTRANSVIEW'; +$path_to_root = "../.."; include($path_to_root . "/includes/db_pager.inc"); include($path_to_root . "/includes/session.inc"); diff --git a/sales/inquiry/sales_orders_view.php b/sales/inquiry/sales_orders_view.php index 6b1f3689..2269561f 100644 --- a/sales/inquiry/sales_orders_view.php +++ b/sales/inquiry/sales_orders_view.php @@ -9,8 +9,8 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 2; -$path_to_root="../.."; +$page_security = 'SA_STEMPLATE'; +$path_to_root = "../.."; include($path_to_root . "/includes/db_pager.inc"); include($path_to_root . "/includes/session.inc"); diff --git a/sales/manage/credit_status.php b/sales/manage/credit_status.php index bab7f269..097956b7 100644 --- a/sales/manage/credit_status.php +++ b/sales/manage/credit_status.php @@ -9,8 +9,8 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 3; -$path_to_root="../.."; +$page_security = 'SA_CRSTATUS'; +$path_to_root = "../.."; include($path_to_root . "/includes/session.inc"); page(_("Credit Status")); diff --git a/sales/manage/customer_branches.php b/sales/manage/customer_branches.php index 1147dcf3..117e2a0a 100644 --- a/sales/manage/customer_branches.php +++ b/sales/manage/customer_branches.php @@ -9,8 +9,8 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 3; -$path_to_root="../.."; +$page_security = 'SA_CUSTOMER'; +$path_to_root = "../.."; include($path_to_root . "/includes/session.inc"); page(_("Customer Branches"), @$_REQUEST['popup']); diff --git a/sales/manage/customers.php b/sales/manage/customers.php index d98a21f0..a2b79cb9 100644 --- a/sales/manage/customers.php +++ b/sales/manage/customers.php @@ -9,8 +9,8 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 3; -$path_to_root="../.."; +$page_security = 'SA_CUSTOMER'; +$path_to_root = "../.."; include_once($path_to_root . "/includes/session.inc"); page(_("Customers"), @$_REQUEST['popup']); diff --git a/sales/manage/recurrent_invoices.php b/sales/manage/recurrent_invoices.php index 4e83cb02..ad2e4b4e 100644 --- a/sales/manage/recurrent_invoices.php +++ b/sales/manage/recurrent_invoices.php @@ -9,8 +9,8 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 3; -$path_to_root="../.."; +$page_security = 'SA_SRECURRENT'; +$path_to_root = "../.."; include($path_to_root . "/includes/session.inc"); include($path_to_root . "/includes/ui.inc"); diff --git a/sales/manage/sales_areas.php b/sales/manage/sales_areas.php index ad9d87d8..3fd37dd2 100644 --- a/sales/manage/sales_areas.php +++ b/sales/manage/sales_areas.php @@ -9,8 +9,8 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 3; -$path_to_root="../.."; +$page_security = 'SA_SALESAREA'; +$path_to_root = "../.."; include($path_to_root . "/includes/session.inc"); page(_("Sales Areas")); diff --git a/sales/manage/sales_groups.php b/sales/manage/sales_groups.php index 73b4467a..4978299f 100644 --- a/sales/manage/sales_groups.php +++ b/sales/manage/sales_groups.php @@ -9,8 +9,8 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 3; -$path_to_root="../.."; +$page_security = 'SA_SALESGROUP'; +$path_to_root = "../.."; include($path_to_root . "/includes/session.inc"); page(_("Sales Groups")); diff --git a/sales/manage/sales_people.php b/sales/manage/sales_people.php index 333fe896..8546ba7e 100644 --- a/sales/manage/sales_people.php +++ b/sales/manage/sales_people.php @@ -9,8 +9,8 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 3; -$path_to_root="../.."; +$page_security = 'SA_SALESMAN'; +$path_to_root = "../.."; include($path_to_root . "/includes/session.inc"); page(_("Sales Persons")); diff --git a/sales/manage/sales_points.php b/sales/manage/sales_points.php index 09be7f19..c76196e5 100644 --- a/sales/manage/sales_points.php +++ b/sales/manage/sales_points.php @@ -9,8 +9,8 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 15; -$path_to_root="../.."; +$page_security = 'SA_POSSETUP'; +$path_to_root = "../.."; include_once($path_to_root . "/includes/session.inc"); page(_("POS settings")); diff --git a/sales/manage/sales_types.php b/sales/manage/sales_types.php index 05a3166a..75a504fa 100644 --- a/sales/manage/sales_types.php +++ b/sales/manage/sales_types.php @@ -9,8 +9,8 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 14; -$path_to_root="../.."; +$page_security = 'SA_SALESTYPES'; +$path_to_root = "../.."; include_once($path_to_root . "/includes/session.inc"); page(_("Sales Types")); diff --git a/sales/sales_order_entry.php b/sales/sales_order_entry.php index e7cd0636..d429648b 100644 --- a/sales/sales_order_entry.php +++ b/sales/sales_order_entry.php @@ -16,8 +16,8 @@ // Entry Direct Invoice // -$page_security = 1; -$path_to_root=".."; +$page_security = 'SA_SALESORDER'; +$path_to_root = ".."; include_once($path_to_root . "/sales/includes/cart_class.inc"); include_once($path_to_root . "/includes/session.inc"); diff --git a/sales/view/view_credit.php b/sales/view/view_credit.php index f800c3a7..d36df282 100644 --- a/sales/view/view_credit.php +++ b/sales/view/view_credit.php @@ -9,8 +9,8 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 1; -$path_to_root="../.."; +$page_security = 'SA_SALESTRANSVIEW'; +$path_to_root = "../.."; include_once($path_to_root . "/includes/session.inc"); include_once($path_to_root . "/includes/date_functions.inc"); diff --git a/sales/view/view_dispatch.php b/sales/view/view_dispatch.php index d2edafca..45df15d5 100644 --- a/sales/view/view_dispatch.php +++ b/sales/view/view_dispatch.php @@ -9,8 +9,8 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 1; -$path_to_root="../.."; +$page_security = 'SA_SALESTRANSVIEW'; +$path_to_root = "../.."; include_once($path_to_root . "/includes/session.inc"); include_once($path_to_root . "/sales/includes/sales_ui.inc"); diff --git a/sales/view/view_invoice.php b/sales/view/view_invoice.php index 6669ca5e..b1aa50c5 100644 --- a/sales/view/view_invoice.php +++ b/sales/view/view_invoice.php @@ -9,8 +9,8 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 1; -$path_to_root="../.."; +$page_security = 'SA_SALESTRANSVIEW'; +$path_to_root = "../.."; include_once($path_to_root . "/includes/session.inc"); include_once($path_to_root . "/sales/includes/sales_ui.inc"); diff --git a/sales/view/view_receipt.php b/sales/view/view_receipt.php index 458e9071..9127b112 100644 --- a/sales/view/view_receipt.php +++ b/sales/view/view_receipt.php @@ -9,8 +9,8 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 1; -$path_to_root="../.."; +$page_security = 'SA_SALESTRANSVIEW'; +$path_to_root = "../.."; include_once($path_to_root . "/includes/session.inc"); include_once($path_to_root . "/includes/date_functions.inc"); diff --git a/sales/view/view_sales_order.php b/sales/view/view_sales_order.php index 77d41175..24265495 100644 --- a/sales/view/view_sales_order.php +++ b/sales/view/view_sales_order.php @@ -9,8 +9,8 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 2; -$path_to_root="../.."; +$page_security = 'SA_SALESTRANSVIEW'; +$path_to_root = "../.."; include_once($path_to_root . "/sales/includes/cart_class.inc"); include_once($path_to_root . "/includes/session.inc"); diff --git a/sql/alter2.2.php b/sql/alter2.2.php index 9e4eaacb..1d6cb8fc 100644 --- a/sql/alter2.2.php +++ b/sql/alter2.2.php @@ -9,6 +9,7 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ + class fa2_2 { var $version = '2.2'; // version installed var $description = 'Version 2.2'; @@ -81,14 +82,15 @@ class fa2_2 { } } */ - return true; + return convert_roles($pref); } // // Checking before install // function pre_check($pref) { - return true; // true when ok, fail otherwise + global $security_groups; + return isset($security_groups); // true when ok, fail otherwise } // // Test if patch was applied before. @@ -99,9 +101,93 @@ class fa2_2 { if (check_table($pref, 'users', 'sticky_doc_date')) return false; if (check_table($pref, 'audit_trail')) return false; if (check_table($pref, 'stock_master','no_sale')) return false; + if (check_table($pref, 'users', 'role_id')) return false; return true; } }; +/* + Conversion of old security roles stored into $security_groups table +*/ +function convert_roles($pref) +{ + global $security_groups, $security_headings, $security_areas, $path_to_root; + include_once($path_to_root."/includes/access_levels.inc"); + + $trans_sec = array( + 1 => array('SA_CHGPASSWD', 'SA_SETUPDISPLAY', 'SA_BANKTRANSVIEW', + 'SA_ITEMSTRANSVIEW','SA_SUPPTRANSVIEW', 'SA_SALESORDER', + 'SA_SALESALLOC', 'SA_SALESTRANSVIEW'), + 2 => array('SA_DIMTRANSVIEW', 'SA_STANDARDCOST', 'SA_ITEMSTRANSVIEW', + 'SA_ITEMSSTATVIEW', 'SA_SALESPRICE', 'SA_MANUFTRANSVIEW', + 'SA_WORKORDERANALYTIC', 'SA_WORKORDERCOST', 'SA_SUPPTRANSVIEW', + 'SA_SUPPLIERALLOC', 'SA_STEMPLATE', 'SA_SALESTRANSVIEW', + 'SA_SALESINVOICE', 'SA_SALESDELIVERY', 'SA_CUSTPAYMREP', + 'SA_CUSTBULKREP', 'SA_PRICEREP', 'SA_SALESBULKREP', 'SA_SALESMANREP', + 'SA_SALESBULKREP', 'SA_CUSTSTATREP', 'SA_SUPPLIERANALYTIC', + 'SA_SUPPPAYMREP', 'SA_SUPPBULKREP', 'SA_ITEMSVALREP', 'SA_ITEMSANALYTIC', + 'SA_BOMREP', 'SA_MANUFBULKREP', 'SA_DIMENSIONREP', 'SA_BANKREP', 'SA_GLREP', + 'SA_GLANALYTIC', 'SA_TAXREP', 'SA_SALESANALYTIC'), + 3 => array('SA_GLACCOUNTGROUP', 'SA_GLACCOUNTCLASS','SA_PAYMENT', + 'SA_DEPOSIT', 'SA_JOURNALENTRY', 'SA_INVENTORYMOVETYPE', + 'SA_LOCATIONTRANSFER', 'SA_INVENTORYADJUSTMENT', 'SA_WORKCENTRES', + 'SA_MANUFISSUE', 'SA_SUPPLIERALLOC', 'SA_CUSTOMER', 'SA_CRSTATUS', + 'SA_SALESMAN', 'SA_SALESAREA', 'SA_SALESALLOC', 'SA_SALESCREDITINV', + 'SA_SALESPAYMNT', 'SA_SALESCREDIT', 'SA_SALESGROUP', 'SA_SRECURRENT', + 'SA_TAXRATES', 'SA_ITEMTAXTYPE', 'SA_TAXGROUPS', 'SA_QUICKENTRY'), + 4 => array('SA_REORDER', 'SA_PURCHASEPRICING', 'SA_PURCHASEORDER'), + 5 => array('SA_VIEWPRINTTRANSACTION', 'SA_BANKTRANSFER', 'SA_SUPPLIER', + 'SA_SUPPLIERINVOICE', 'SA_SUPPLIERPAYMNT', 'SA_SUPPLIERCREDIT'), + 8 => array('SA_ATTACHDOCUMENT', 'SA_RECONCILE', 'SA_GLANALYTIC', + 'SA_TAXREP', 'SA_BANKTRANSVIEW', 'SA_GLTRANSVIEW'), + 9 => array('SA_FISCALYEARS', 'SA_CURRENCY', 'SA_EXCHANGERATE', + 'SA_BOM'), + 10 => array('SA_PAYTERMS', 'SA_GLSETUP', 'SA_SETUPCOMPANY', + 'SA_FORMSETUP', 'SA_DIMTRANSVIEW', 'SA_DIMENSION', 'SA_BANKACCOUNT', + 'SA_GLACCOUNT', 'SA_BUDGETENTRY', 'SA_MANUFRECEIVE', + 'SA_MANUFRELEASE', 'SA_WORKORDERENTRY', 'SA_MANUFTRANSVIEW', + 'SA_WORKORDERCOST'), + 11 => array('SA_ITEMCATEGORY', 'SA_ITEM', 'SA_UOM', 'SA_INVENTORYLOCATION', + 'SA_GRN', 'SA_FORITEMCODE', 'SA_SALESKIT'), + 14 => array('SA_SHIPPING', 'SA_VOIDTRANSACTION', 'SA_SALESTYPES'), + 15 => array('SA_PRINTERS', 'SA_PRINTPROFILE', 'SA_BACKUP', 'SA_USERS', + 'SA_POSSETUP'), + 20 => array('SA_CREATECOMPANY', 'SA_CREATELANGUAGE', 'SA_CREATEMODULES', + 'SA_SOFTWAREUPGRADE', 'SA_SECROLES') + ); + + foreach ($security_groups as $role_id => $areas) { + $area_set = array(); + $sections = array(); + foreach ($areas as $a) { + if (isset($trans_sec[$a])) + foreach ($trans_sec[$a] as $id) { + if ($security_areas[$id][0]==0) +// error_log('invalid area id: '.$a.':'.$id); + $area_set[] = $security_areas[$id][0]; + $sections[$security_areas[$id][0]&~0xff] = 1; + } + } + $sections = array_keys($sections); + sort($sections); sort($area_set); + import_security_role($pref, $security_headings[$role_id], $sections, $area_set); + $new = db_insert_id(); + $sql = "UPDATE {$pref}users set role_id=$new WHERE role_id=$role_id"; + $ret = db_query($sql, 'cannot update users roles'); + if(!$ret) return false; + } + return true; +} + +function import_security_role($pref, $name, $sections, $areas) +{ + $sql = "INSERT INTO {$pref}security_roles (role, description, sections, areas) + VALUES (".db_escape('FA 2.1 '.$name).",".db_escape($name)."," + .db_escape(implode(';',$sections)).",".db_escape(implode(';',$areas)).")"; + + db_query($sql, "could not add new security role"); +} + $install = new fa2_2; + ?> \ No newline at end of file diff --git a/sql/alter2.2.sql b/sql/alter2.2.sql index b3662df5..61edd4a8 100644 --- a/sql/alter2.2.sql +++ b/sql/alter2.2.sql @@ -34,14 +34,14 @@ ALTER TABLE `0_stock_category` ADD COLUMN `dflt_dim2` int(11) default NULL; ALTER TABLE `0_stock_category` ADD COLUMN `dflt_no_sale` tinyint(1) NOT NULL default '0'; ALTER TABLE `0_users` ADD COLUMN `sticky_doc_date` TINYINT(1) DEFAULT '0'; -ALTER TABLE `0_users` ADD COLUMN `startup_tab` VARCHAR(20) NOT NULL default '' AFTER sticky_doc_date; +ALTER TABLE `0_users` ADD COLUMN `startup_tab` VARCHAR(20) NOT NULL default 'orders' AFTER `sticky_doc_date`; ALTER TABLE `0_debtors_master` MODIFY COLUMN `name` varchar(100) NOT NULL default ''; ALTER TABLE `0_cust_branch` ADD COLUMN `inactive` tinyint(1) NOT NULL default '0'; ALTER TABLE `0_sys_types` DROP COLUMN `type_name`; -ALTER TABLE `0_chart_class` DROP COLUMN `sign_convert`; + ALTER TABLE `0_chart_class` CHANGE `balance_sheet` `ctype` TINYINT(1) NOT NULL DEFAULT '0'; ALTER TABLE `0_chart_class` ADD COLUMN `inactive` tinyint(1) NOT NULL default '0'; @@ -50,7 +50,6 @@ ALTER TABLE `0_movement_types` ADD COLUMN `inactive` tinyint(1) NOT NULL default ALTER TABLE `0_item_tax_types` ADD COLUMN `inactive` tinyint(1) NOT NULL default '0'; ALTER TABLE `0_tax_types` ADD COLUMN `inactive` tinyint(1) NOT NULL default '0'; ALTER TABLE `0_tax_groups` ADD COLUMN `inactive` tinyint(1) NOT NULL default '0'; -ALTER TABLE `0_tax_group_items` DROP COLUMN `included_in_price`; ALTER TABLE `0_users` DROP PRIMARY KEY; ALTER TABLE `0_users` ADD `id` SMALLINT(6) AUTO_INCREMENT PRIMARY KEY FIRST; @@ -83,11 +82,13 @@ UPDATE `0_suppliers` SET `supp_ref`=`supp_name` WHERE 1; ALTER TABLE `0_cust_branch` ADD COLUMN `branch_ref` varchar(30) NOT NULL; UPDATE `0_cust_branch` SET `branch_ref`=`br_name` WHERE 1; +DROP TABLE IF EXISTS `0_security_roles`; + CREATE TABLE `0_security_roles` ( `id` int(11) NOT NULL auto_increment, - `role` varchar(20) NOT NULL, + `role` varchar(30) NOT NULL, `description` varchar(50) default NULL, - `modules` text, + `sections` text, `areas` text, `inactive` tinyint(1) NOT NULL default '0', PRIMARY KEY (`id`), @@ -95,3 +96,5 @@ CREATE TABLE `0_security_roles` ( ) TYPE=MyISAM AUTO_INCREMENT=8 AUTO_INCREMENT=8 ; ALTER TABLE `0_company` ADD COLUMN `login_tout` SMALLINT(6) NOT NULL DEFAULT '600'; +ALTER TABLE `0_users` CHANGE COLUMN `full_access` `role_id` int(11) NOT NULL default '1'; + diff --git a/sql/en_US-demo.sql b/sql/en_US-demo.sql index 3a008e4c..0e10cc2a 100644 --- a/sql/en_US-demo.sql +++ b/sql/en_US-demo.sql @@ -1826,7 +1826,7 @@ CREATE TABLE `0_users` ( `user_id` varchar(60) NOT NULL default '', `password` varchar(100) NOT NULL default '', `real_name` varchar(100) NOT NULL default '', - `full_access` int(11) NOT NULL default '1', + `role_id` int(11) NOT NULL default '1', `phone` varchar(30) NOT NULL default '', `email` varchar(100) default NULL, `language` varchar(20) default NULL, diff --git a/sql/en_US-new.sql b/sql/en_US-new.sql index 793fc514..27593590 100644 --- a/sql/en_US-new.sql +++ b/sql/en_US-new.sql @@ -1598,7 +1598,7 @@ CREATE TABLE `0_users` ( `user_id` varchar(60) NOT NULL default '', `password` varchar(100) NOT NULL default '', `real_name` varchar(100) NOT NULL default '', - `full_access` int(11) NOT NULL default '1', + `role_id` int(11) NOT NULL default '1', `phone` varchar(30) NOT NULL default '', `email` varchar(100) default NULL, `language` varchar(20) default NULL, diff --git a/taxes/item_tax_types.php b/taxes/item_tax_types.php index 295d3595..817ce4ec 100644 --- a/taxes/item_tax_types.php +++ b/taxes/item_tax_types.php @@ -9,8 +9,8 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ +$page_security = 'SA_ITEMTAXTYPE'; $path_to_root = ".."; -$page_security = 3; include($path_to_root . "/includes/session.inc"); diff --git a/taxes/tax_groups.php b/taxes/tax_groups.php index b28f4fa9..c633c556 100644 --- a/taxes/tax_groups.php +++ b/taxes/tax_groups.php @@ -9,8 +9,8 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 3; -$path_to_root=".."; +$page_security = 'SA_TAXGROUPS'; +$path_to_root = ".."; include($path_to_root . "/includes/session.inc"); diff --git a/taxes/tax_types.php b/taxes/tax_types.php index af2a2e09..5976f1a9 100644 --- a/taxes/tax_types.php +++ b/taxes/tax_types.php @@ -9,8 +9,8 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 3; -$path_to_root=".."; +$page_security = 'SA_TAXRATES'; +$path_to_root = ".."; include($path_to_root . "/includes/session.inc"); page(_("Tax Types")); -- 2.30.2