code

service/report.class.php

@@ -76,7 +76,7 @@ class report {
                 } else {
                     $all_id .=";".$air_contact_id;
                 }
-                $arr = explode(',', $all_id);
+                $arr = explode(';', $all_id);
                 $unique_arr = array_unique($arr);
             }else{
                 $unique_arr= ['ALL'];
@@ -124,6 +124,59 @@ class report {
                 }
             }
 
+            if(_isCustomerLogin()){
+                $ocean_contact_id = _getCompanyContactHandNew($_SESSION["ONLINE_USER"]);
+                $air_contact_id = _getAirContactID('public');
+
+                $all_id = $ocean_contact_id;
+                if (utils::endWith($ocean_contact_id,";")){
+                    $all_id .=$air_contact_id;
+                } else {
+                    $all_id .=";".$air_contact_id;
+                }
+                $all_id = strtolower($all_id);
+                $unique_arr = explode(';', $all_id);
+                //构建安全的数组字面量用于 PostgreSQL 的 && 交集判断
+                $sqlWhere_party_id = '';
+                if (!empty($unique_arr)) {
+                    // 转义每个 ID 防注入
+                    $escaped_ids = array();
+                    foreach($unique_arr as $id){
+                        $id = trim($id);
+                        if (empty($id))
+                            continue;
+                        $escaped_ids[] =  "'" .common::check_input($id) . "'";
+                    }
+                    if(!empty($escaped_ids)){
+                        $array_str = 'ARRAY[' . implode(',', $escaped_ids) . ']';
+                        $sqlWhere_party_id = " or party_ids && $array_str ";
+                    }
+                }
+                //Group Name 判断
+                $company = _getCompanyHandNew($_SESSION["ONLINE_USER"],'public');
+                $company = strtolower($company);
+                $aa = explode(";", $company);
+
+                $sqlWhere_group_name = '';
+                if(!empty($aa)){
+                    $escaped_company = array();
+                    foreach ($aa as $value) {
+                        $value = trim($value);
+                        if (empty($value))
+                            continue;
+                        $escaped_company[] = "'" . common::check_input($value) . "'";
+                    }
+                    if(!empty($escaped_company)){
+                        $array_str = 'ARRAY[' . implode(',', $escaped_company) . ']';
+                        $sqlWhere_group_name = "  or group_names && $array_str";
+                    }
+                }
+
+                $sqlWhere .= " and ( access_type = 'All Users' ".$sqlWhere_party_id . " ".$sqlWhere_group_name .")";
+            } 
+            $sqlWhere .= " and (system_account IS NULL  OR array_length(system_account, 1) = 0  OR '".common::check_input(_getLoginName())."' = any(system_account))";
+
+
             $rc = $_POST ['rc'];
             if ($rc == -1) {
                 $sql = "select count(*) from public.kln_report_template where " .$sqlWhere;
@@ -282,9 +335,10 @@ class report {
                 $_value_type =  $_field_type == "System" ? "" : (empty($_tempFieldsList['value']) ? "Blank" :"Fixed Value");
                 $_fixed_value = common::check_input($_tempFieldsList['value']);
                 //这两个不能配置查询和过滤
-                if($_field_group_name == 'Container info' || $_field_group_name == 'Milestone' ){
+                if($_field_group_name == 'Container info' || $_field_group_name == 'Milestone'
+                        ||$_field_code == 'Other reference No.'  || $_field_code == 'Shipper Zip Code' || $_field_code == 'Consignee Zip Code' ){
                     $_is_filter_enabled = "false";
-                }else{
+                } else {
                     $_is_filter_enabled = $_tempFieldsList['isFilter'];
                 }
                 $_is_sort_enabled = $_tempFieldsList['isSort'];
@@ -410,9 +464,10 @@ class report {
                 $dataReturn['sortBy'] =  array("field"=>"","options"=>[],"order"=>"asc");
             }
             
-            $reportFiled = common::excuteObjectSql("select report_sql,count_sql from public.kln_report_template where serial_no = '".$serial_no."'");
-            $report_sql = $reportFiled["report_sql"];
-            $count_sql = $reportFiled["count_sql"];
+            $reportFiled = common::excuteObjectSql("select report_sql,count_sql,level from public.kln_report_template where serial_no = '".$serial_no."'");
+            $sqlManage = common::excuteObjectSql("select sql,count_sql,level from public.kln_report_sql_manage where level = '".$reportFiled['level']."'");
+            $report_sql = $sqlManage["sql"];
+            $count_sql = $sqlManage["count_sql"];
 
             $filterSQLArr = $this->returnFilterSql($filtersList);
             //return array("vvSearchKLN"=>$vvSearchKLN,"klnOceanSearchKLN"=>$klnOceanSearchKLN,"ocItemSearchKLN"=>$ocItemSearchKLN);
@@ -636,7 +691,8 @@ class report {
             $report_sql = $schedule_search["report_sql"];
             $count_sql = $schedule_search["count_sql"];
 
-            $klnOceanSearchKLN = ' where ' . common::searchExtendHand_KLN("ocean", $_SESSION["ONLINE_USER"]);
+            //$klnOceanSearchKLN = " where " . common::searchExtendHand_KLN("ocean", $_SESSION["ONLINE_USER"]);
+            $klnOceanSearchKLN = " where  created_time > CURRENT_DATE - INTERVAL '1 years' and  " . common::searchExtendHand_KLN("ocean", $_SESSION["ONLINE_USER"]);
             $orderby = "";
             if(!empty($data_range_type)){
                 //代表有用户设置的查询参数
@@ -856,7 +912,8 @@ class report {
         $klnVipDb = common::getReportRealDBFiled();
 
         $vvSearchKLN = " where 1=1 ";
-        $klnOceanSearchKLN = ' where ' . common::searchExtendHand_KLN("ocean", $_SESSION["ONLINE_USER"]);
+        $klnOceanSearchKLN = " where  created_time > CURRENT_DATE - INTERVAL '1 years' and  " . common::searchExtendHand_KLN("ocean", $_SESSION["ONLINE_USER"]);
+        //$klnOceanSearchKLN = " where   " . common::searchExtendHand_KLN("ocean", $_SESSION["ONLINE_USER"]);
         $ocItemSearchKLN = " where 1=1 ";
 
         foreach($filtersList as $fiter){

utils/common.class.php

@@ -158,6 +158,8 @@ class common {
                             && !(stripos($action, "monitoring_setting") === 0)
                             && !(stripos($action, "notifications_rules") === 0)
                             && !(stripos($action, "destination_delivery") === 0) // destination_delivery 开头的都匹配上了
+                            && !(stripos($action, "shipment_status_report") === 0)
+                            && !(stripos($action, "report_config") === 0)
                         ) {
                             $data = array("msg"=>"Permission Denied");
                             common::echo_json_encode(500, $data);
@@ -4430,8 +4432,8 @@ class common {
             "oo.ex_im" => "ex_im",
             "oo.incoterms" => "incoterms",
             //"oe.loadterm"=>"load_terms",
-            "oo.status" => "status",
-            "oo.carbon_emission" => "co2_emission",
+            //"oo.status" => "status",
+            "oo.carbon_emission" => "total_co2_emission",
             "oo.qty" => "shipment_qty",
             "oo.piece_count" => "shipment_gross_weight",
             "oo.weight" => "chargeable_weight",