Skip to content

Commit

Permalink
Move account/asset post logic to new permissions system
Browse files Browse the repository at this point in the history
  • Loading branch information
wrongecho committed Oct 3, 2024
1 parent 6d6689e commit 18889d2
Show file tree
Hide file tree
Showing 3 changed files with 41 additions and 17 deletions.
4 changes: 3 additions & 1 deletion client_assets.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -99,7 +99,8 @@
<div class="card-header py-2">
<h3 class="card-title mt-2"><i class="fa fa-fw fa-desktop mr-2"></i>Assets</h3>
<div class="card-tools">
<div class="btn-group">
<?php if (lookupUserPermission("module_support") >= 2) { ?>
<div class="btn-group">
<button type="button" class="btn btn-primary" data-toggle="modal" data-target="#addAssetModal">
<i class="fas fa-plus mr-2"></i>New <?php if (!empty($_GET['type'])) { echo ucwords(strip_tags(nullable_htmlentities($_GET['type']))); } else { echo "Asset"; } ?>
</button>
Expand All @@ -116,6 +117,7 @@
<?php } ?>
</div>
</div>
<?php } ?>
</div>
</div>
<div class="card-body">
Expand Down
6 changes: 6 additions & 0 deletions post/user/account.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@
*/

if (isset($_POST['add_account'])) {
enforceUserPermission('module_financial', 2);
validateCSRFToken($_POST['csrf_token']);

$name = sanitizeInput($_POST['name']);
Expand All @@ -24,6 +25,7 @@
}

if (isset($_POST['edit_account'])) {
enforceUserPermission('module_financial', 2);
validateCSRFToken($_POST['csrf_token']);

$account_id = intval($_POST['account_id']);
Expand All @@ -42,6 +44,8 @@
}

if (isset($_GET['archive_account'])) {
enforceUserPermission('module_financial', 2);

validateCSRFToken($_GET['csrf_token']);
$account_id = intval($_GET['archive_account']);

Expand All @@ -58,6 +62,8 @@

// Not used anywhere?
if (isset($_GET['delete_account'])) {
enforceUserPermission('module_financial', 3);

$account_id = intval($_GET['delete_account']);

mysqli_query($mysqli,"DELETE FROM accounts WHERE account_id = $account_id");
Expand Down
48 changes: 32 additions & 16 deletions post/user/asset.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,8 +6,9 @@

if (isset($_POST['add_asset'])) {

enforceUserPermission('module_support', 2);

validateCSRFToken($_POST['csrf_token']);
validateTechRole();

$client_id = intval($_POST['client_id']);
$name = sanitizeInput($_POST['name']);
Expand Down Expand Up @@ -106,8 +107,9 @@

if (isset($_POST['edit_asset'])) {

enforceUserPermission('module_support', 2);

validateCSRFToken($_POST['csrf_token']);
validateTechRole();

$asset_id = intval($_POST['asset_id']);
$client_id = intval($_POST['client_id']);
Expand Down Expand Up @@ -199,8 +201,9 @@

if (isset($_POST['change_client_asset'])) {

enforceUserPermission('module_support', 2);

validateCSRFToken($_POST['csrf_token']);
validateTechRole();

$current_asset_id = intval($_POST['current_asset_id']);
$new_client_id = intval($_POST['new_client_id']);
Expand Down Expand Up @@ -247,8 +250,9 @@

if (isset($_GET['archive_asset'])) {

enforceUserPermission('module_support', 2);

validateCSRFToken($_GET['csrf_token']);
validateTechRole();

$asset_id = intval($_GET['archive_asset']);

Expand All @@ -272,8 +276,9 @@

if (isset($_GET['unarchive_asset'])) {

enforceUserPermission('module_support', 2);

validateCSRFToken($_GET['csrf_token']);
validateTechRole();

$asset_id = intval($_GET['unarchive_asset']);

Expand All @@ -296,8 +301,9 @@

if (isset($_GET['delete_asset'])) {

enforceUserPermission('module_support', 3);

validateCSRFToken($_GET['csrf_token']);
validateAdminRole();

$asset_id = intval($_GET['delete_asset']);

Expand All @@ -324,8 +330,9 @@

if (isset($_POST['bulk_assign_asset_location'])) {

enforceUserPermission('module_support', 2);

validateCSRFToken($_POST['csrf_token']);
validateTechRole();

$location_id = intval($_POST['bulk_location_id']);

Expand Down Expand Up @@ -364,8 +371,9 @@

if (isset($_POST['bulk_assign_asset_contact'])) {

enforceUserPermission('module_support', 2);

validateCSRFToken($_POST['csrf_token']);
validateTechRole();

$contact_id = intval($_POST['bulk_contact_id']);

Expand Down Expand Up @@ -404,8 +412,9 @@

if (isset($_POST['bulk_edit_asset_status'])) {

enforceUserPermission('module_support', 2);

validateCSRFToken($_POST['csrf_token']);
validateTechRole();

$status = sanitizeInput($_POST['bulk_status']);

Expand Down Expand Up @@ -439,8 +448,9 @@

if (isset($_POST['bulk_archive_assets'])) {

enforceUserPermission('module_support', 2);

validateCSRFToken($_POST['csrf_token']);
validateAdminRole();

$count = 0; // Default 0
$asset_ids = $_POST['asset_ids']; // Get array of asset IDs to be deleted
Expand Down Expand Up @@ -480,8 +490,9 @@

if (isset($_POST['bulk_unarchive_assets'])) {

enforceUserPermission('module_support', 2);

validateCSRFToken($_POST['csrf_token']);
validateAdminRole();

$count = 0; // Default 0
$asset_ids = $_POST['asset_ids']; // Get array of asset IDs to be deleted
Expand Down Expand Up @@ -520,8 +531,9 @@

if (isset($_POST["import_client_assets_csv"])) {

enforceUserPermission('module_support', 2);

validateCSRFToken($_POST['csrf_token']);
validateTechRole();

$client_id = intval($_POST['client_id']);
$file_name = $_FILES["file"]["tmp_name"];
Expand Down Expand Up @@ -667,8 +679,9 @@

if (isset($_POST['export_client_assets_csv'])) {

enforceUserPermission('module_support');

validateCSRFToken($_POST['csrf_token']);
validateTechRole();

$client_id = intval($_POST['client_id']);

Expand Down Expand Up @@ -717,8 +730,9 @@

if (isset($_POST['add_asset_interface'])) {

enforceUserPermission('module_support', 2);

validateCSRFToken($_POST['csrf_token']);
validateTechRole();

$asset_id = intval($_POST['asset_id']);

Expand Down Expand Up @@ -754,8 +768,9 @@

if (isset($_POST['edit_asset_interface'])) {

enforceUserPermission('module_support', 2);

validateCSRFToken($_POST['csrf_token']);
validateTechRole();

$interface_id = intval($_POST['interface_id']);

Expand Down Expand Up @@ -790,8 +805,9 @@

if (isset($_GET['delete_asset_interface'])) {

enforceUserPermission('module_support', 2);

validateCSRFToken($_GET['csrf_token']);
validateAdminRole();

$interface_id = intval($_GET['delete_asset_interface']);

Expand Down

0 comments on commit 18889d2

Please sign in to comment.