|
|
@@ -88,60 +88,16 @@ class report {
|
|
|
$sqlWhere .= " and '".common::check_input($_POST['party_id'])."' = any(party_ids)";
|
|
|
}
|
|
|
}
|
|
|
-
|
|
|
- $sqlWhere_party_id = '';
|
|
|
- $sqlWhere_group_name = '';
|
|
|
- if(_isCustomerLogin()){
|
|
|
- $ocean_contact_id = _getCompanyContactHandNew($_SESSION["ONLINE_USER"]);
|
|
|
- $air_contact_id = _getAirContactID('public');
|
|
|
-
|
|
|
- $all_id = $ocean_contact_id;
|
|
|
- if (utils::endWith($ocean_contact_id,";")){
|
|
|
- $all_id .=$air_contact_id;
|
|
|
- } else {
|
|
|
- $all_id .=";".$air_contact_id;
|
|
|
- }
|
|
|
- $all_id = strtolower($all_id);
|
|
|
- $unique_arr = explode(';', $all_id);
|
|
|
- //构建安全的数组字面量用于 PostgreSQL 的 && 交集判断
|
|
|
- // 转义每个 ID 防注入
|
|
|
- $escaped_ids = array();
|
|
|
- foreach($unique_arr as $id){
|
|
|
- $id = trim($id);
|
|
|
- if (empty($id))
|
|
|
- continue;
|
|
|
- $escaped_ids[] = "'" .common::check_input($id) . "'";
|
|
|
- }
|
|
|
- if(empty($escaped_ids)){
|
|
|
- $escaped_ids[] = "'" .common::check_input('default_value_that_does_not_exist') . "'";
|
|
|
- }
|
|
|
- $array_str = 'ARRAY[' . implode(',', $escaped_ids) . ']';
|
|
|
- $sqlWhere_party_id = " OR party_ids && $array_str ";
|
|
|
-
|
|
|
- //Group Name 判断
|
|
|
- $company = _getCompanyHandNew($_SESSION["ONLINE_USER"],'public');
|
|
|
- //$company = strtolower($company);
|
|
|
- $aa = explode(";", $company);
|
|
|
-
|
|
|
- $escaped_company = array();
|
|
|
- foreach ($aa as $value) {
|
|
|
- $value = trim($value);
|
|
|
- if (empty($value))
|
|
|
- continue;
|
|
|
- $escaped_company[] = "'" . common::check_input($value) . "'";
|
|
|
- }
|
|
|
- if(empty($escaped_company)){
|
|
|
- $escaped_company[] = "'" . common::check_input('default_value_that_does_not_exist') . "'";
|
|
|
- }
|
|
|
- $array_str = 'ARRAY[' . implode(',', $escaped_company) . ']';
|
|
|
- $sqlWhere_group_name = " OR group_names && $array_str";
|
|
|
-
|
|
|
- $systemAccountsqlWhere = " OR '".common::check_input(_getLoginName())."' = any(system_account)";
|
|
|
- $sqlWhere .= " and ( access_type = 'All Users' ".$sqlWhere_party_id . " ".$sqlWhere_group_name ." ".$systemAccountsqlWhere .")";
|
|
|
- } else {
|
|
|
- //$systemAccountsqlWhere = " OR system_account IS NULL OR array_length(system_account, 1) = 0 OR '".common::check_input(_getLoginName())."' = any(system_account)";
|
|
|
- //$sqlWhere .= " and ( 1<>1 ".$systemAccountsqlWhere .")";
|
|
|
- }
|
|
|
+ //这里不需要控制,能进来这个页面的帐号,都可以配置任何权限的模板的
|
|
|
+ // if(strtolower(_getLoginName()) == "chud" ||strtolower(_getLoginName()) == "it.andywu" ){
|
|
|
+ // //这两个帐号不受KlnReportControl控制
|
|
|
+ // } else {
|
|
|
+ // $sqlWhereArr = common::getKlnReportControl();
|
|
|
+ // $sqlWhere_party_id = $sqlWhereArr['contactIdSqlWhere'];
|
|
|
+ // $sqlWhere_group_name = $sqlWhereArr['groupNameSqlWhere'];
|
|
|
+ // $systemAccountsqlWhere = " OR '".common::check_input(_getLoginName())."' = any(system_account)";
|
|
|
+ // $sqlWhere .= " and ( access_type = 'All Users' ".$sqlWhere_party_id . " ".$sqlWhere_group_name ." ".$systemAccountsqlWhere .")";
|
|
|
+ // }
|
|
|
|
|
|
$rc = $_POST ['rc'];
|
|
|
if ($rc == -1) {
|
|
|
@@ -389,61 +345,15 @@ class report {
|
|
|
$sqlWhere .= " and (lower(name) like '%".strtolower($text_search)."%')";
|
|
|
}
|
|
|
|
|
|
- $sqlWhere_party_id = '';
|
|
|
- $sqlWhere_group_name = '';
|
|
|
- if(_isCustomerLogin()){
|
|
|
- $ocean_contact_id = _getCompanyContactHandNew($_SESSION["ONLINE_USER"]);
|
|
|
- $air_contact_id = _getAirContactID('public');
|
|
|
-
|
|
|
- $all_id = $ocean_contact_id;
|
|
|
- if (utils::endWith($ocean_contact_id,";")){
|
|
|
- $all_id .=$air_contact_id;
|
|
|
- } else {
|
|
|
- $all_id .=";".$air_contact_id;
|
|
|
- }
|
|
|
- $all_id = strtolower($all_id);
|
|
|
- $unique_arr = explode(';', $all_id);
|
|
|
- //构建安全的数组字面量用于 PostgreSQL 的 && 交集判断
|
|
|
- // 转义每个 ID 防注入
|
|
|
- $escaped_ids = array();
|
|
|
- foreach($unique_arr as $id){
|
|
|
- $id = trim($id);
|
|
|
- if (empty($id))
|
|
|
- continue;
|
|
|
- $escaped_ids[] = "'" .common::check_input($id) . "'";
|
|
|
- }
|
|
|
- if(empty($escaped_ids)){
|
|
|
- $escaped_ids[] = "'" .common::check_input('default_value_that_does_not_exist') . "'";
|
|
|
- }
|
|
|
- $array_str = 'ARRAY[' . implode(',', $escaped_ids) . ']';
|
|
|
- $sqlWhere_party_id = " OR party_ids && $array_str ";
|
|
|
-
|
|
|
- //Group Name 判断
|
|
|
- $company = _getCompanyHandNew($_SESSION["ONLINE_USER"],'public');
|
|
|
- //$company = strtolower($company);
|
|
|
- $aa = explode(";", $company);
|
|
|
-
|
|
|
- $escaped_company = array();
|
|
|
- foreach ($aa as $value) {
|
|
|
- $value = trim($value);
|
|
|
- if (empty($value))
|
|
|
- continue;
|
|
|
- $escaped_company[] = "'" . common::check_input($value) . "'";
|
|
|
- }
|
|
|
- if(empty($escaped_company)){
|
|
|
- $escaped_company[] = "'" . common::check_input('default_value_that_does_not_exist') . "'";
|
|
|
- }
|
|
|
- $array_str = 'ARRAY[' . implode(',', $escaped_company) . ']';
|
|
|
- $sqlWhere_group_name = " OR group_names && $array_str";
|
|
|
-
|
|
|
+ if(strtolower(_getLoginName()) == "chud" || strtolower(_getLoginName()) == "it.andywu" || strtolower(_getLoginName()) == "ra.admin"){
|
|
|
+ //这两个帐号不受KlnReportControl控制
|
|
|
+ } else {
|
|
|
+ $sqlWhereArr = common::getKlnReportControl();
|
|
|
+ $sqlWhere_party_id = $sqlWhereArr['contactIdSqlWhere'];
|
|
|
+ $sqlWhere_group_name = $sqlWhereArr['groupNameSqlWhere'];
|
|
|
$systemAccountsqlWhere = " OR '".common::check_input(_getLoginName())."' = any(system_account)";
|
|
|
$sqlWhere .= " and ( access_type = 'All Users' ".$sqlWhere_party_id . " ".$sqlWhere_group_name ." ".$systemAccountsqlWhere .")";
|
|
|
- } else {
|
|
|
- //$systemAccountsqlWhere = " OR system_account IS NULL OR array_length(system_account, 1) = 0 OR '".common::check_input(_getLoginName())."' = any(system_account)";
|
|
|
- //$sqlWhere .= " and ( 1<>1 ".$systemAccountsqlWhere .")";
|
|
|
}
|
|
|
-
|
|
|
-
|
|
|
$rc = $_POST ['rc'];
|
|
|
if ($rc == - 1) {
|
|
|
$sql = "select count(*) from public.kln_report_template where " .$sqlWhere;
|
