Commit 80bee61f authored by Falko Timme's avatar Falko Timme

- Added circle access control so that 1) a reseller can create circles that...

- Added circle access control so that 1) a reseller can create circles that contain only his clients, not all clients, and 2) a reseller can send messages only to his own circles instead of all circles.
parent ec3d9abb
...@@ -36,7 +36,7 @@ $app->auth->check_module_permissions('client'); ...@@ -36,7 +36,7 @@ $app->auth->check_module_permissions('client');
//* This function is not available in demo mode //* This function is not available in demo mode
if($conf['demo_mode'] == true) $app->error('This function is disabled in demo mode.'); if($conf['demo_mode'] == true) $app->error('This function is disabled in demo mode.');
$app->uses('tpl'); $app->uses('tpl,tform');
$app->tpl->newTemplate('form.tpl.htm'); $app->tpl->newTemplate('form.tpl.htm');
$app->tpl->setInclude('content_tpl', 'templates/client_message.htm'); $app->tpl->setInclude('content_tpl', 'templates/client_message.htm');
...@@ -60,7 +60,7 @@ if(isset($_POST) && count($_POST) > 1) { ...@@ -60,7 +60,7 @@ if(isset($_POST) && count($_POST) > 1) {
//* Send message //* Send message
if($error == '') { if($error == '') {
if(intval($_POST['recipient']) > 0){ if(intval($_POST['recipient']) > 0){
$circle = $app->db->queryOneRecord("SELECT client_ids FROM client_circle WHERE active = 'y' AND circle_id = ".intval($_POST['recipient'])); $circle = $app->db->queryOneRecord("SELECT client_ids FROM client_circle WHERE active = 'y' AND circle_id = ".intval($_POST['recipient'])." AND ".$app->tform->getAuthSQL('r'));
if(isset($circle['client_ids']) && $circle['client_ids'] != ''){ if(isset($circle['client_ids']) && $circle['client_ids'] != ''){
$tmp_client_ids = explode(',',$circle['client_ids']); $tmp_client_ids = explode(',',$circle['client_ids']);
$where = array(); $where = array();
...@@ -106,15 +106,25 @@ if(isset($_POST) && count($_POST) > 1) { ...@@ -106,15 +106,25 @@ if(isset($_POST) && count($_POST) > 1) {
$app->tpl->setVar('subject',$_POST['subject']); $app->tpl->setVar('subject',$_POST['subject']);
$app->tpl->setVar('message',$_POST['message']); $app->tpl->setVar('message',$_POST['message']);
} }
} else {
// pre-fill Sender field with reseller's email address
if($_SESSION["s"]["user"]["typ"] != 'admin'){
$client_id = intval($_SESSION['s']['user']['client_id']);
if($client_id > 0){
$sql = "SELECT email FROM client WHERE client_id = ".$client_id;
$client = $app->db->queryOneRecord($sql);
if($client['email'] != '') $app->tpl->setVar('sender',$client['email']);
}
}
} }
// Recipient Drop-Down // Recipient Drop-Down
$recipient = '<option value="0">'.$wb['all_clients_resellers_txt'].'</option>'; $recipient = '<option value="0"'.(intval($_POST['recipient']) == 0 ? ' selected="selected"' : '').'>'.($_SESSION["s"]["user"]["typ"] == 'admin'? $wb['all_clients_resellers_txt'] : $wb['all_clients_txt']).'</option>';
$sql = "SELECT * FROM client_circle WHERE active = 'y'"; $sql = "SELECT * FROM client_circle WHERE active = 'y' AND ".$app->tform->getAuthSQL('r');
$circles = $app->db->queryAllRecords($sql); $circles = $app->db->queryAllRecords($sql);
if(is_array($circles) && !empty($circles)){ if(is_array($circles) && !empty($circles)){
foreach($circles as $circle){ foreach($circles as $circle){
$recipient .= '<option value="'.$circle['circle_id'].'">'.$circle['circle_name'].'</option>'; $recipient .= '<option value="'.$circle['circle_id'].'"'.(intval($_POST['recipient']) == $circle['circle_id'] ? ' selected="selected"' : '').'>'.$circle['circle_name'].'</option>';
} }
} }
$app->tpl->setVar('recipient',$recipient); $app->tpl->setVar('recipient',$recipient);
......
...@@ -104,7 +104,7 @@ $form["tabs"]['circle'] = array ( ...@@ -104,7 +104,7 @@ $form["tabs"]['circle'] = array (
'default' => '', 'default' => '',
'separator' => ',', 'separator' => ',',
'datasource' => array ( 'type' => 'SQL', 'datasource' => array ( 'type' => 'SQL',
'querystring' => 'SELECT client_id,contact_name FROM client WHERE 1 ORDER BY contact_name', 'querystring' => 'SELECT client_id,contact_name FROM client WHERE {AUTHSQL} ORDER BY contact_name',
'keyfield'=> 'client_id', 'keyfield'=> 'client_id',
'valuefield'=> 'contact_name' 'valuefield'=> 'contact_name'
), ),
......
...@@ -12,4 +12,5 @@ $wb["message_invalid_error"] = 'Nachricht ist leer.'; ...@@ -12,4 +12,5 @@ $wb["message_invalid_error"] = 'Nachricht ist leer.';
$wb["email_sent_to_txt"] = 'E-Mail verschickt an:'; $wb["email_sent_to_txt"] = 'E-Mail verschickt an:';
$wb["recipient_txt"] = 'Empfänger'; $wb["recipient_txt"] = 'Empfänger';
$wb["all_clients_resellers_txt"] = 'Alle Kunden und Reseller'; $wb["all_clients_resellers_txt"] = 'Alle Kunden und Reseller';
$wb["all_clients_txt"] = 'Alle Kunden';
?> ?>
...@@ -12,4 +12,5 @@ $wb["message_invalid_error"] = 'Message is empty.'; ...@@ -12,4 +12,5 @@ $wb["message_invalid_error"] = 'Message is empty.';
$wb["email_sent_to_txt"] = 'Email sent to:'; $wb["email_sent_to_txt"] = 'Email sent to:';
$wb["recipient_txt"] = 'Recipient'; $wb["recipient_txt"] = 'Recipient';
$wb["all_clients_resellers_txt"] = 'All clients and resellers'; $wb["all_clients_resellers_txt"] = 'All clients and resellers';
$wb["all_clients_txt"] = 'All clients';
?> ?>
...@@ -12,7 +12,7 @@ ...@@ -12,7 +12,7 @@
</tmpl_if> </tmpl_if>
<div class="ctrlHolder"> <div class="ctrlHolder">
<label for="sender">{tmpl_var name='sender_txt'}</label> <label for="sender">{tmpl_var name='sender_txt'}</label>
<input name="sender" id="sender" value="{tmpl_var name='sender'}" style="width:500px" size="30" maxlength="255" type="text" class="textInput" /> <input name="sender" id="sender" value="{tmpl_var name='sender'}" size="30" maxlength="255" type="text" class="textInput" />
</div> </div>
<div class="ctrlHolder"> <div class="ctrlHolder">
<label for="recipient">{tmpl_var name='recipient_txt'}</label> <label for="recipient">{tmpl_var name='recipient_txt'}</label>
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment