code

include.ini.php

@@ -132,6 +132,12 @@ function _isDocAdmin($username) {
     || strtolower($username) == "doc.leah" || strtolower($username) == "doc.yuki" || strtolower($username) == "doc.yoyo";
 }
 
+function _isVipReportAdmin($username) {
+     return strtolower($username) == "doc.alice" || strtolower($username) == "maria" || strtolower($username) == "chud"
+           || strtolower($username) == "doc.sansa1" || strtolower($username) == "ra.admin"
+           || strtolower($username) == "doc.tianna" || strtolower($username) == "it.andywu" || strtolower($username) == "ra.admin";
+}
+
 function _customerFilerSearchHandNew($user, $schemas = "public", $p = 'place_of_delivery', $s = 'shipper_id', $c = 'consignee_id', $b = 'billto_id', $n = 'notify_party_id', $d = 'port_of_discharge_code') {
     $tt = $user['customer_search_type'];
     $sales = $user['ocean_sales'];

main_new_version.php

@@ -93,7 +93,6 @@ switch ($action) {
                     }
                     //单独拼接URL
                     foreach ($ll as $v) {
-                        //if($v['s_column'] =="Ocean Booking" || $v['s_column'] =="Ocean B/L Info."){
                         if($v['s_column'] =="Ocean B/L Info."){
                             $urlData = $menuSetting[$v['s_column']];
                             $menuList[] = array("index"=>"$index","label"=>$urlData['label'],"icon"=>$urlData['icon'],"path"=>$urlData['path']);
@@ -101,24 +100,31 @@ switch ($action) {
                         }
                         //特殊处理book,需要加二级菜
                         if($v['s_column'] =="Ocean Booking"){
-                            $urlData = $menuSetting[$v['s_column']];
-                            $menuList[] = array("index"=>"$index","label"=>$urlData['label'],"icon"=>$urlData['icon'],"path"=>$urlData['path']);
-                            // $bookingManagement = array("index"=>"$index","label"=>"Booking","icon"=>"icon_booking__fill_b","type"=>"list");
-                            // $children  = array(); 
-
                             // $urlData = $menuSetting[$v['s_column']];
-                            // $children[] = array("index"=>$index.'-1',"label"=>"Booking Management","path"=>$urlData['path']);
-                            // $children[] = array("index"=>$index.'-2',"label"=>"Destination Delivery","path"=>"/destination-delivery");
-                            // $bookingManagement["children"] = $children;
-                            // $menuList[] = $bookingManagement;
-                            // $index = $index + 1;
+                            // $menuList[] = array("index"=>"$index","label"=>$urlData['label'],"icon"=>$urlData['icon'],"path"=>$urlData['path']);
+                            $bookingManagement = array("index"=>"$index","label"=>"Booking","icon"=>"icon_booking__fill_b","type"=>"list");
+                            $children  = array(); 
+
+                            $urlData = $menuSetting[$v['s_column']];
+                            $children[] = array("index"=>$index.'-1',"label"=>"Booking Management","path"=>$urlData['path']);
+                            $children[] = array("index"=>$index.'-2',"label"=>"Destination Delivery","path"=>"/destination-delivery");
+                            $bookingManagement["children"] = $children;
+                            $menuList[] = $bookingManagement;
+                            $index = $index + 1;
                         }
                     }
                 }
             }
+            //Report 暂时先这么写，后面这个kln 单独维护独有的菜单栏，和online 隔离开
+            $urlData = $menuSetting[$v['s_column']];
+            $menuList[] = array("index"=>"4","label"=>"Report","icon"=>'icon_report__fill_b',"path"=>'/report');
+            $index = $index + 1;
 
             $systemManagement = array("index"=>"$index","label"=>"System Management","icon"=>"icon_system__management_fill_b","type"=>"list"); 
-            $children  = array(); 
+            $children  = array();
+            if(_isVipReportAdmin(_getLoginName())){
+                $children[] = array("index" =>$index.'-7',"label" =>"Template Management","path"=>"/template-management");
+            } 
             $children[] = array("index" =>$index.'-1',"label" =>"System Message","path"=>"/system-message");
             $children[] = array("index" =>$index.'-2',"label" =>"System Settings","path"=>"/SystemSettings");   
             //只有chud的账户可以看日志记录
@@ -130,11 +136,6 @@ switch ($action) {
                     $children[] = array("index" =>$index.'-5',"label" =>"Operation Log","path"=>"/Operationlog");
                     $children[] = array("index" =>$index.'-6',"label" =>"Prompt Configuration","path"=>"/PromptConfiguration");  
             }
-            //特殊放开一个帐号
-            if(strtolower(_getLoginName()) == strtolower("michaelW")){
-                $children[] = array("index" =>$index.'-4',"label" =>"AI API Log","path"=>"/ai-api-log");
-                $children[] = array("index" =>$index.'-6',"label" =>"Prompt Configuration","path"=>"/PromptConfiguration");
-            }
             $systemManagement["children"] = $children;
             if (!empty($children)){
                 $menuList[] = $systemManagement;

service/ajax.class.php

@@ -298,7 +298,13 @@ class ajax {
             $sql .= " order by contact_id limit 20";
         }
 
-
+        //system account
+        if (strtolower($type) == "system_account") {
+            $sql = "SELECT user_login as code, user_id as id from public.ra_online_user where user_login ilike '" . common::check_input($term) . "%'";
+            if (!empty($input))
+                $sql .= " and lower(user_login) " . utils::getInSql($input, TRUE);
+            $sql .= " order by user_login limit 20";
+        }
         $rs = common::excuteListSql($sql);
 
         foreach ($rs as $value) {

service/report.class.php

@@ -25,41 +25,6 @@ class report {
      * report 配置
     */
     public function report_config(){
-        // $config = [
-        //     'delivery_frequency' => 'monthly',
-        //     'timezone'           => 'UTC+05',
-        //     'monthly_day'        => [2,3,4],
-        //     'monthly_time'       => '09:00:00',
-        // ];
-        // $config = [
-        //     'delivery_frequency' => 'daily',
-        //     'timezone'           => 'UTC+05',
-        //     'daily_time'       => '09:00:00',
-        // ];
-        // $config = [
-        //     'delivery_frequency' => 'weekly',
-        //     'timezone'           => 'UTC+05',
-        //     'weekly_day'        => [1],
-        //     'weekly_time'       => '09:00:00',
-        // ];
-        // $config = [
-        //     'delivery_frequency' => 'quarterly',
-        //     'timezone'           => 'UTC+05',
-        //     'quarterly_month'        =>'1',
-        //     'quarterly_day'        =>'1',
-        //     'quarterly_time'       => '09:00:00',
-        // ];
-        // $config = [
-        //     'delivery_frequency' => 'yearly',
-        //     'timezone'           => 'UTC+05',
-        //     'yearly_month'        =>[1,2],
-        //     'yearly_day'        =>'1',
-        //     'yearly_time'       => '09:00:00',
-        // ];
-
-        // $next = common::calculateNextRunTime($config);
-        //echo $next->format('Y-m-d H:i:s');
-
         $operate = utils::_get('operate');
         $operate = strtolower($operate);
 
@@ -111,7 +76,7 @@ class report {
                 $sqlWhere .= " and access_type ='". common::check_input($pplication_scope)."'";
             }
             if(!empty($_POST['is_active'])){
-                if($_POST['is_active'] == 't'){
+                if($_POST['is_active'] == 'true'){
                     $sqlWhere .= " and is_active = true";
                 }else{
                     $sqlWhere .= " and is_active = false";
@@ -124,6 +89,9 @@ class report {
                 }
             }
 
+            $sqlWhere_party_id = '';
+            $sqlWhere_group_name = '';
+            $systemAccountsqlWhere = " OR system_account IS NULL  OR array_length(system_account, 1) = 0  OR '".common::check_input(_getLoginName())."' = any(system_account)";
             if(_isCustomerLogin()){
                 $ocean_contact_id = _getCompanyContactHandNew($_SESSION["ONLINE_USER"]);
                 $air_contact_id = _getAirContactID('public');
@@ -137,7 +105,6 @@ class report {
                 $all_id = strtolower($all_id);
                 $unique_arr = explode(';', $all_id);
                 //构建安全的数组字面量用于 PostgreSQL 的 && 交集判断
-                $sqlWhere_party_id = '';
                 if (!empty($unique_arr)) {
                     // 转义每个 ID 防注入
                     $escaped_ids = array();
@@ -149,7 +116,7 @@ class report {
                     }
                     if(!empty($escaped_ids)){
                         $array_str = 'ARRAY[' . implode(',', $escaped_ids) . ']';
-                        $sqlWhere_party_id = " or party_ids && $array_str ";
+                        $sqlWhere_party_id = " OR party_ids && $array_str ";
                     }
                 }
                 //Group Name 判断
@@ -157,7 +124,6 @@ class report {
                 $company = strtolower($company);
                 $aa = explode(";", $company);
 
-                $sqlWhere_group_name = '';
                 if(!empty($aa)){
                     $escaped_company = array();
                     foreach ($aa as $value) {
@@ -168,14 +134,11 @@ class report {
                     }
                     if(!empty($escaped_company)){
                         $array_str = 'ARRAY[' . implode(',', $escaped_company) . ']';
-                        $sqlWhere_group_name = "  or group_names && $array_str";
+                        $sqlWhere_group_name = "  OR group_names && $array_str";
                     }
                 }
-
-                $sqlWhere .= " and ( access_type = 'All Users' ".$sqlWhere_party_id . " ".$sqlWhere_group_name .")";
-            } 
-            $sqlWhere .= " and (system_account IS NULL  OR array_length(system_account, 1) = 0  OR '".common::check_input(_getLoginName())."' = any(system_account))";
-
+                $sqlWhere .= " and ( access_type = 'All Users' ".$sqlWhere_party_id . " ".$sqlWhere_group_name ." ".$systemAccountsqlWhere .")";
+            }
 
             $rc = $_POST ['rc'];
             if ($rc == -1) {
@@ -187,7 +150,8 @@ class report {
                 $sql = "select * from public.kln_report_template where " .$sqlWhere;
                 $sql .= " order by id desc limit " . $ps . " offset " . ($cp - 1) * $ps;
                 $rs = common::excuteListSql($sql);
-                $arrTmp = array('searchData' => $rs, 
+                $arrTmp = array('searchData' => $rs,
+                        'isDelete' =>_isVipReportAdmin(_getLoginName()), 
                         'rc' => intval($rc),
                         'ps' => intval($ps),
                         'cp' => intval($cp),
@@ -195,7 +159,12 @@ class report {
                 common::echo_json_encode(200,$arrTmp);
                 exit();
             }else{
-                $arrTmp = array('searchData' => array());
+                $arrTmp = array('searchData' =>array(),
+                        'isDelete' =>_isVipReportAdmin(_getLoginName()), 
+                        'rc' => intval($rc),
+                        'ps' => intval($ps),
+                        'cp' => intval($cp),
+                        'tp' => intval($tp));
                 common::echo_json_encode(200, $arrTmp);
                 exit();
             }
@@ -207,7 +176,8 @@ class report {
                 //代表编辑
                 $reportMain = common::excuteObjectSql("select *,
                         array_to_json(party_ids) as party_ids_json,
-                        array_to_json(group_names) as group_names_json
+                        array_to_json(group_names) as group_names_json,
+                        array_to_json(system_account) as system_account_json
                     from kln_report_template where serial_no = '$serial_no'");
                 
                 $reportFields = array();    
@@ -232,7 +202,8 @@ class report {
 
                 $reportAccess = array("type"=>$reportMain['access_type'],
                     "partyId"=>json_decode($reportMain['party_ids_json'],true),
-                    "groupName"=>json_decode($reportMain['group_names_json'],true));
+                    "groupName"=>json_decode($reportMain['group_names_json'],true),
+                    "systemAccount"=>json_decode($reportMain['system_account_json'],true));
                 $data = array("reportName"=>$reportMain['name'],"reportLevel"=>$reportMain['level'],"reportDescription"=>$reportMain['description'],
                     "reportFields"=>$reportFields,"reportAccess"=>$reportAccess);
             }else{
@@ -378,6 +349,16 @@ class report {
             exit(); 
         }
 
+        if ($operate == "delete"){
+            $serial_no =$_POST['serial_no'];
+            $sql = "delete from  public.kln_report_template  where serial_no = '$serial_no';";
+            $sql .= "delete from  public.kln_report_field_config where template_serial_no = '$serial_no';";
+            common::excuteUpdateSql($sql);
+            $data = array("msg" =>"success");
+            common::echo_json_encode(200,$data);                
+            exit(); 
+        }
+
     }
 
     /**
@@ -400,6 +381,58 @@ class report {
             if (!empty($text_search)){
                 $sqlWhere .= " and (lower(name) like '%".strtolower($text_search)."%')";
             }
+            
+            $sqlWhere_party_id = '';
+            $sqlWhere_group_name = '';
+            $systemAccountsqlWhere = " OR system_account IS NULL  OR array_length(system_account, 1) = 0  OR '".common::check_input(_getLoginName())."' = any(system_account)";
+            if(_isCustomerLogin()){
+                $ocean_contact_id = _getCompanyContactHandNew($_SESSION["ONLINE_USER"]);
+                $air_contact_id = _getAirContactID('public');
+
+                $all_id = $ocean_contact_id;
+                if (utils::endWith($ocean_contact_id,";")){
+                    $all_id .=$air_contact_id;
+                } else {
+                    $all_id .=";".$air_contact_id;
+                }
+                $all_id = strtolower($all_id);
+                $unique_arr = explode(';', $all_id);
+                //构建安全的数组字面量用于 PostgreSQL 的 && 交集判断
+                if (!empty($unique_arr)) {
+                    // 转义每个 ID 防注入
+                    $escaped_ids = array();
+                    foreach($unique_arr as $id){
+                        $id = trim($id);
+                        if (empty($id))
+                            continue;
+                        $escaped_ids[] =  "'" .common::check_input($id) . "'";
+                    }
+                    if(!empty($escaped_ids)){
+                        $array_str = 'ARRAY[' . implode(',', $escaped_ids) . ']';
+                        $sqlWhere_party_id = " OR party_ids && $array_str ";
+                    }
+                }
+                //Group Name 判断
+                $company = _getCompanyHandNew($_SESSION["ONLINE_USER"],'public');
+                $company = strtolower($company);
+                $aa = explode(";", $company);
+
+                if(!empty($aa)){
+                    $escaped_company = array();
+                    foreach ($aa as $value) {
+                        $value = trim($value);
+                        if (empty($value))
+                            continue;
+                        $escaped_company[] = "'" . common::check_input($value) . "'";
+                    }
+                    if(!empty($escaped_company)){
+                        $array_str = 'ARRAY[' . implode(',', $escaped_company) . ']';
+                        $sqlWhere_group_name = "  OR group_names && $array_str";
+                    }
+                }
+                $sqlWhere .= " and ( access_type = 'All Users' ".$sqlWhere_party_id . " ".$sqlWhere_group_name ." ".$systemAccountsqlWhere .")";
+            }
+
            
             $rc = $_POST ['rc'];
             if ($rc == - 1) {
@@ -411,7 +444,7 @@ class report {
                 $sql = "select serial_no,name,description from public.kln_report_template where " .$sqlWhere;
                 $sql .= " order by id desc limit " . $ps . " offset " . ($cp - 1) * $ps;
                 $rs = common::excuteListSql($sql);
-                $arrTmp = array('searchData' => $rs, 
+                $arrTmp = array('searchData' => $rs,
                         'rc' => intval($rc),
                         'ps' => intval($ps),
                         'cp' => intval($cp),
@@ -419,12 +452,16 @@ class report {
                 common::echo_json_encode(200,$arrTmp);
                 exit();
             }else{
-                $arrTmp = array('searchData' => array());
+                $arrTmp = array('searchData' => array(),
+                        'rc' => intval($rc),
+                        'ps' => intval($ps),
+                        'cp' => intval($cp),
+                        'tp' => intval($tp));
                 common::echo_json_encode(200, $arrTmp);
                 exit();
             }
         }
-
+        
         if ($operate == "report_detail") {
             $serial_no = common::check_input($_POST ['serial_no']); 
             $dataReturn = array();
@@ -523,6 +560,7 @@ class report {
             }
             $dataReturn['tableData'] =  $arrTmp;
             $dataReturn['tmp_search'] =  common::deCode($tmp_search_without_limit, 'E');
+            $dataReturn['reportName'] =  $reportFiled['name'];
             common::echo_json_encode(200, $dataReturn);
             exit();
         }