itflow-org · johnnyq · Sep 7, 2024 · Sep 7, 2024 · Sep 7, 2024
diff --git a/client_document_details.php b/client_document_details.php
@@ -35,6 +35,7 @@
 $document_archived_at = nullable_htmlentities($row['document_archived_at']);
 $document_folder_id = intval($row['document_folder_id']);
 $document_parent = intval($row['document_parent']);
+$document_client_visible = intval($row['document_client_visible']);
 
 ?>
 
@@ -292,6 +293,24 @@
             ?>
         </div>
 
+        <?php if ($config_client_portal_enable) { ?>
+            <div class="card card-body bg-light">
+                <h6><i class="fas fa-handshake mr-2"></i>Portal Collaboration</h6>
+                <div class="mt-1">
+                    <i class="fa fa-fw fa-eye<?php if (!$document_client_visible) { echo '-slash'; } ?> text-secondary mr-2"></i>Document is
+                    <a href="#" data-toggle="modal" data-target="#editDocumentClientVisibileModal">
+                        <?php
+                        if ($document_client_visible) {
+                            echo "<span class='text-bold text-dark'>visible</span>";
+                        } else {
+                            echo "<span class='text-muted'>not visible</span>";
+                        }
+                        ?>
+                    </a>
+                </div>
+            </div>
+        <?php } ?>
+
         <div class="card card-body bg-light">
             <h6><i class="fas fa-history mr-2"></i>Revisions</h6>
             <?php
@@ -345,6 +364,8 @@
 
 require_once "client_document_link_vendor_modal.php";
 
+require_once "document_edit_visibility_modal.php";
+
 require_once "share_modal.php";
 
 require_once "footer.php";

diff --git a/document_edit_visibility_modal.php b/document_edit_visibility_modal.php
@@ -0,0 +1,42 @@
+<div class="modal" id="editDocumentClientVisibileModal" tabindex="-1">
+    <div class="modal-dialog">
+        <div class="modal-content bg-dark">
+            <div class="modal-header">
+                <h5 class="modal-title">
+                    <i class="fa fa-fw fa-handshake mr-2"></i>
+                    Edit Visibility Status for <strong><?php echo "$document_name"; ?></strong>
+                </h5>
+                <button type="button" class="close text-white" data-dismiss="modal">
+                    <span>&times;</span>
+                </button>
+            </div>
+            <form action="post.php" method="post" autocomplete="off">
+                <div class="modal-body bg-white">
+                    <input type="hidden" name="document_id" value="<?php echo $document_id; ?>">
+                    <div class="form-group">
+                        <label>Visibility</label>
+                        <p>Should this document be visible in the portal to client contacts with the 'Technical' role?</p>
+                        <div class="input-group">
+                            <div class="input-group-prepend">
+                                <span class="input-group-text"><i class="fa fa-fw fa-eye"></i></span>
+                            </div>
+                            <select class="form-control" name="document_visible">
+                                <option <?php if ($document_client_visible == 1) { echo "selected"; } ?> value="1">Yes</option>
+                                <option <?php if ($document_client_visible == 0) { echo "selected"; } ?> value="0">No</option>
+                            </select>
+                        </div>
+
+                    </div>
+
+                </div>
+
+                <div class="modal-footer bg-white">
+                    <button type="submit" name="edit_document_visible" class="btn btn-primary text-bold"><i class="fa fa-check mr-2"></i>Save</button>
+                    <button type="button" class="btn btn-light" data-dismiss="modal"><i class="fa fa-times mr-2"></i>Cancel</button>
+                </div>
+
+            </form>
+
+        </div>
+    </div>
+</div>
diff --git a/portal/document.php b/portal/document.php
@@ -4,7 +4,7 @@
  * Docs for PTC / technical contacts
  */
 
-header("Content-Security-Policy: default-src 'self' fonts.googleapis.com fonts.gstatic.com");
+header("Content-Security-Policy: default-src 'self' fonts.googleapis.com fonts.gstatic.com; img-src 'self' data:");
 
 require_once "inc_portal.php";
 
@@ -27,7 +27,12 @@
 }
 
 $document_id = intval($_GET['id']);
-$sql_document = mysqli_query($mysqli, "SELECT document_id, document_name, document_content FROM documents WHERE document_id = $document_id AND document_client_id = $session_client_id AND document_template = 0 AND document_archived_at IS NULL LIMIT 1");
+$sql_document = mysqli_query($mysqli,
+        "SELECT document_id, document_name, document_content
+        FROM documents
+        WHERE document_id = $document_id AND document_client_visible = 1 AND document_client_id = $session_client_id AND document_template = 0 AND document_archived_at IS NULL
+        LIMIT 1"
+);
 
 $row = mysqli_fetch_array($sql_document);
 

diff --git a/portal/documents.php b/portal/documents.php
@@ -13,7 +13,7 @@
     exit();
 }
 
-$documents_sql = mysqli_query($mysqli, "SELECT document_id, document_name, document_created_at, folder_name FROM documents LEFT JOIN folders ON document_folder_id = folder_id WHERE document_client_id = $session_client_id AND document_template = 0 AND document_archived_at IS NULL ORDER BY folder_id, document_name DESC");
+$documents_sql = mysqli_query($mysqli, "SELECT document_id, document_name, document_created_at, folder_name FROM documents LEFT JOIN folders ON document_folder_id = folder_id WHERE document_client_visible = 1 AND document_client_id = $session_client_id AND document_template = 0 AND document_archived_at IS NULL ORDER BY folder_id, document_name DESC");
 ?>
 
 <h3>Documents</h3>

diff --git a/post/document.php b/post/document.php
@@ -438,6 +438,23 @@
 
 }
 
+if (isset($_POST['document_visible'])) {
+    validateTechRole();
+
+    $document_id = intval($_POST['document_id']);
+    $document_visible = intval($_POST['document_visible']);
+
+    mysqli_query($mysqli,"UPDATE documents SET document_client_visible = $document_visible WHERE document_id = $document_id");
+
+    //Logging
+    mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Document', log_action = 'Modify', log_description = '$session_name modified document visibility', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, log_entity_id = $document_id");
+
+    $_SESSION['alert_message'] = "Document visibility updated";
+
+    header("Location: " . $_SERVER["HTTP_REFERER"]);
+
+}
+
 if (isset($_GET['archive_document'])) {
 
     validateTechRole();
-Original file line number
+Diff line change
@@ Expand Up / @@ -13,7 +13,7 @@ @@
         exit();
     }
-    $documents_sql = mysqli_query($mysqli, "SELECT document_id, document_name, document_created_at, folder_name FROM documents LEFT JOIN folders ON document_folder_id = folder_id WHERE document_client_id = $session_client_id AND document_template = 0 AND document_archived_at IS NULL ORDER BY folder_id, document_name DESC");
+    $documents_sql = mysqli_query($mysqli, "SELECT document_id, document_name, document_created_at, folder_name FROM documents LEFT JOIN folders ON document_folder_id = folder_id WHERE document_client_visible = 1 AND document_client_id = $session_client_id AND document_template = 0 AND document_archived_at IS NULL ORDER BY folder_id, document_name DESC");
     ?>
     <h3>Documents</h3>
@@ Expand Down @@