diff --git a/client_document_details.php b/client_document_details.php index 9f011a5b5..b4c7433e3 100644 --- a/client_document_details.php +++ b/client_document_details.php @@ -35,6 +35,7 @@ $document_archived_at = nullable_htmlentities($row['document_archived_at']); $document_folder_id = intval($row['document_folder_id']); $document_parent = intval($row['document_parent']); +$document_client_visible = intval($row['document_client_visible']); ?> @@ -292,6 +293,24 @@ ?> + +
+
Portal Collaboration
+
+ Document is + + visible"; + } else { + echo "not visible"; + } + ?> + +
+
+ +
Revisions
+
+
+
+
+ + Edit Visibility Status for +
+ +
+
+
+ +
+ +

Should this document be visible in the portal to client contacts with the 'Technical' role?

+
+
+ +
+ +
+ +
+ +
+ +
+ + +
+ +
+ +
+
+
diff --git a/portal/document.php b/portal/document.php index 16b39ac06..98b6f9b97 100644 --- a/portal/document.php +++ b/portal/document.php @@ -4,7 +4,7 @@ * Docs for PTC / technical contacts */ -header("Content-Security-Policy: default-src 'self' fonts.googleapis.com fonts.gstatic.com"); +header("Content-Security-Policy: default-src 'self' fonts.googleapis.com fonts.gstatic.com; img-src 'self' data:"); require_once "inc_portal.php"; @@ -27,7 +27,12 @@ } $document_id = intval($_GET['id']); -$sql_document = mysqli_query($mysqli, "SELECT document_id, document_name, document_content FROM documents WHERE document_id = $document_id AND document_client_id = $session_client_id AND document_template = 0 AND document_archived_at IS NULL LIMIT 1"); +$sql_document = mysqli_query($mysqli, + "SELECT document_id, document_name, document_content + FROM documents + WHERE document_id = $document_id AND document_client_visible = 1 AND document_client_id = $session_client_id AND document_template = 0 AND document_archived_at IS NULL + LIMIT 1" +); $row = mysqli_fetch_array($sql_document); diff --git a/portal/documents.php b/portal/documents.php index 095525fe2..b19b402a8 100644 --- a/portal/documents.php +++ b/portal/documents.php @@ -13,7 +13,7 @@ exit(); } -$documents_sql = mysqli_query($mysqli, "SELECT document_id, document_name, document_created_at, folder_name FROM documents LEFT JOIN folders ON document_folder_id = folder_id WHERE document_client_id = $session_client_id AND document_template = 0 AND document_archived_at IS NULL ORDER BY folder_id, document_name DESC"); +$documents_sql = mysqli_query($mysqli, "SELECT document_id, document_name, document_created_at, folder_name FROM documents LEFT JOIN folders ON document_folder_id = folder_id WHERE document_client_visible = 1 AND document_client_id = $session_client_id AND document_template = 0 AND document_archived_at IS NULL ORDER BY folder_id, document_name DESC"); ?>

Documents

diff --git a/post/document.php b/post/document.php index 728b290ce..2cf3f4f27 100644 --- a/post/document.php +++ b/post/document.php @@ -438,6 +438,23 @@ } +if (isset($_POST['document_visible'])) { + validateTechRole(); + + $document_id = intval($_POST['document_id']); + $document_visible = intval($_POST['document_visible']); + + mysqli_query($mysqli,"UPDATE documents SET document_client_visible = $document_visible WHERE document_id = $document_id"); + + //Logging + mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Document', log_action = 'Modify', log_description = '$session_name modified document visibility', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, log_entity_id = $document_id"); + + $_SESSION['alert_message'] = "Document visibility updated"; + + header("Location: " . $_SERVER["HTTP_REFERER"]); + +} + if (isset($_GET['archive_document'])) { validateTechRole();