code

include.ini.php

@@ -418,7 +418,124 @@ function _customerAirFilerSearch($schemas = "public", $s = 'shipper_id', $c = 'c
     return $sqlWhere1;
 }
 
+/**
+ * 员工的有关的group_name 和contact id 权限配置查询 ocean air 合并写
+ * @return string sql
+ */
+function _employeeFilerSearch($ocean_air,$contact_field,$group_name_field,$schemas = "public", $p = 'place_of_delivery', $s = 'shipper_id', $c = 'consignee_id', $b = 'billto_id', $n = 'notify_party_id', $d = 'port_of_discharge_code'){
+    if($ocean_air == "ocean"){
+        $tt = _employeeSearchType($schemas,"employee_search_type");
+    }else{
+        $tt = _employeeSearchType($schemas,"employee_air_search_type");
+    }
+    if (empty($tt))
+        return "1<>1";
+    $_contact_id = _getEmployeeContactID($schemas,$contact_field,$group_name_field);
+    if (empty($_contact_id)) {
+        return "1<>1";
+    }
+    $sqlWhere1 = "";
+    if (utils::checkExist($tt, 's') && !empty($s)) {
+        if (empty($sqlWhere1)) {
+            $sqlWhere1 = " lower($s) " . common::getInNotInSql($_contact_id);
+        } else {
+            $sqlWhere1 .= " or lower($s) " . common::getInNotInSql($_contact_id);
+        }
+    }
+    if (utils::checkExist($tt, 'c') && !empty($c)) {
+        if (empty($sqlWhere1)) {
+            $sqlWhere1 = " lower($c) " . common::getInNotInSql($_contact_id);
+        } else {
+            $sqlWhere1 .= " or lower($c) " . common::getInNotInSql($_contact_id);
+        }
+    }
+    if (utils::checkExist($tt, 'b') && !empty($b)) {
+        if (empty($sqlWhere1)) {
+            $sqlWhere1 = " lower($b) " . common::getInNotInSql($_contact_id);
+        } else {
+            $sqlWhere1 .= " or lower($b) " . common::getInNotInSql($_contact_id);
+        }
+    }
+    if (utils::checkExist($tt, 'n') && !empty($n)) {
+        if (empty($sqlWhere1)) {
+            $sqlWhere1 = " lower($n) " . common::getInNotInSql($_contact_id);
+        } else {
+            $sqlWhere1 .= " or lower($n) " . common::getInNotInSql($_contact_id);
+        }
+    }
+    //controlling_customer_code
+    if($ocean_air == "ocean"){
+        if (utils::checkExist($tt, 't')) {
+            if (empty($sqlWhere1)) {
+                $sqlWhere1 = " exists(select 1 from $schemas.ocean_extend ex where ex.serial_no = serial_no and lower(ex.customer_code) " . common::getInNotInSql($_contact_id)."  limit 1)";
+            } else {
+                $sqlWhere1 .= " or exists(select 1 from $schemas.ocean_extend ex where ex.serial_no = serial_no and lower(ex.customer_code) " . common::getInNotInSql($_contact_id)." limit 1)";
+            }
+        }
+    }else{
+        if (utils::checkExist($tt, 't')) {
+            if (empty($sqlWhere1)) {
+                $sqlWhere1 = " exists(select 1 from $schemas.air_extend ex where ex.serial_no = serial_no and lower(ex.customer_code) " . common::getInNotInSql($_contact_id)."  limit 1)";
+            } else {
+                $sqlWhere1 .= " or exists(select 1 from $schemas.air_extend ex where ex.serial_no = serial_no and lower(ex.customer_code) " . common::getInNotInSql($_contact_id)." limit 1)";
+            }
+        }
+    }
+    if (empty($sqlWhere1))
+        return "1<>1";
+    return $sqlWhere1 = "(" . $sqlWhere1 . ")";
+}
+
+
 function _isCustomerLoginHandNew($user) {
     return strtolower($user["user_type"]) == 'customer';
 }
+
+function _employeeSearchType($schemas = "public",$filed) {
+    if ($schemas == "public") {
+        return $_SESSION['ONLINE_USER'][$filed];
+    } else {
+        return $_SESSION[$schemas . '_ONLINE_USER'][$filed];
+    }
+}
+
+function _getEmployeeContactID($schemas = "public",$contact_field,$group_name_field) {
+    if(!empty($contact_field)){
+       $contact_id_user = _getEmployeeCompanyContact($schemas,$contact_field); 
+    }
+    $id = "";
+    if(!empty(_getEmployeeCompany($schemas,$group_name_field))){
+        if ($schemas == "public") {
+            $contact_id = common::excuteListSql("select contacts_id from " . $schemas . ".contacts_group_all where lower(company_name)  " . utils::getInSql(_getEmployeeCompany($schemas,$group_name_field)));
+        } else {
+            $contact_id = common::excuteListSql("select contacts_id from " . $schemas . ".contacts_group_all where lower(company_name)  " . utils::getInSql(_getEmployeeCompany($schemas,$group_name_field)));
+        }
+    }
+    foreach ($contact_id as $v) {
+        if (empty($id))
+            $id = trim($v['contacts_id']);
+        else
+            $id .= ";" . $v['contacts_id'];
+    }
+    if (!empty($contact_id_user)) {
+        $id .= ";" . $contact_id_user;
+    }
+    return $id;
+}
+
+function _getEmployeeCompanyContact($schemas = "public",$contact_field) {
+    if ($schemas == "public") {
+        return $_SESSION['ONLINE_USER'][$contact_field];
+    } else {
+        return $_SESSION[$schemas . '_ONLINE_USER'][$contact_field];
+    }
+}
+
+function _getEmployeeCompany($schemas = "public",$group_name_field) {
+    if ($schemas == "public") {
+        return $_SESSION['ONLINE_USER'][$group_name_field];
+    } else {
+        return $_SESSION[$schemas . '_ONLINE_USER'][$group_name_field];
+    }
+}
 ?>

main_new_version.php

@@ -26,7 +26,7 @@ include 'service/report.class.php';
 //为了调用，临时做一个登录动作  如果是正式版 要注释掉菜单System Settings
  //$_POST['uname'] = "ra.admin";
  //$_POST['psw'] = common::excuteOneSql("select ra_password from public.ra_online_user where user_login = 'ra.admin'");
- //$name = "dddde";
+//  $name = "dddde";
 //  $name = "ra.admin";
 //  $_POST['uname'] = $name;
 //  $_POST['psw'] = common::excuteOneSql("select ra_password from public.ra_online_user where user_login = '".$name."'");

service/login.class.php

@@ -23,6 +23,8 @@ class login {
 
     private function getLoginSql() {
         return "select first_name,last_name,user_login,
+        redant_decode(temp_password) as temp_password,(temp_password_expires > LOCALTIMESTAMP) as is_temp_password_expires,
+        employee_company_name,employee_contact_id_user,employee_search_type,employee_air_company_name,employee_air_contact_id_user,
         (select active from public.employee ee where ee.employee_id=u.employee_id) as employee_id_active,
         (select email from public.employee ee where ee.employee_id=u.employee_id) as employee_email,
          can_visit_vgm,can_add_booking, can_add_tk_status,truck_driver,po_booking,o_final_delivery_u,ipad_view_po,can_view_doc,can_upload_doc,can_add_catalog,can_add_po,packing_list_company,is_only_vgm,contact_id_user,is_demo, ra_password as password,employee_id, contact_id, user_type, last_pwd_change, EXTRACT(DAY from (now() - last_pwd_change)) as last_pwd_change_date, email, user_webtype_id, active, is_online, station, allow_login_remote, can_see_amslog,can_view_eccn, can_see_isflog, can_see_isflog_withaddress, 
@@ -163,7 +165,7 @@ class login {
                         }
 
                     }else{
-                    if ($rs['password'] != $_POST['psw']) {    
+                    if ($rs['password'] != $_POST['psw'] && ($rs['temp_password'] != $_POST['psw'] || $rs['is_temp_password_expires'] == 'f')) {   
                         common::excuteUpdateSql("update public.ra_online_user set error_login_count=error_login_count+1, error_login_time=now() where lower(user_login) = '" . strtolower($uname) . "'");
                         $data = array(
                             'msg' => 'password_error',

service/report.class.php

@@ -254,6 +254,7 @@ class report {
             $access_type = common::check_input($_POST['access_type']);
             $party_ids = $_POST['party_ids'];
             $group_names = $_POST['group_names'];
+            $system_account = $_POST['system_account'];
 
             //单独处理字段id
             $fieldsList = $_POST['fieldsList'];
@@ -294,6 +295,10 @@ class report {
                     $ids_filed =  common::toPgTextArrayLiteral($field_ids);
                     $updateSqlSet.= ", field_ids = $ids_filed";
                 }
+                if (!empty($system_account)) {
+                    $system_account_filed = common::toPgTextArrayLiteral($system_account);
+                    $updateSqlSet.= ", system_account = $system_account_filed";
+                }
                 //代表update 
                 $sql .= "update public.kln_report_template set ".$updateSqlSet."
                     where serial_no = '$serial_no';";
@@ -313,13 +318,18 @@ class report {
                     $ids_filed =  common::toPgTextArrayLiteral($field_ids);
                 }
 
+                $system_account_filed = "NULL";
+                if (!empty($system_account)) {
+                    $system_account_filed = common::toPgTextArrayLiteral($system_account);
+                }
+
                 $serial_no = common::uuid();
                 $sql .= "INSERT INTO public.kln_report_template(
                                 serial_no,name, description, level, field_ids, access_type, report_sql,count_sql,
-                                party_ids, group_names, create_by, created_time, modify_by, update_time )
+                                party_ids, group_names, system_account, create_by, created_time, modify_by, update_time )
                         VALUES ('$serial_no','$name', '$description', '$level', $ids_filed, '$access_type',
                                 '".common::check_input($report_sql_data['sql'])."','".common::check_input($report_sql_data['count_sql'])."',
-                                $party_ids_filed, $group_names_filed , '"._getLoginName()."', now(), '"._getLoginName()."', now());";              
+                                $party_ids_filed, $group_names_filed ,$system_account_filed,'"._getLoginName()."', now(), '"._getLoginName()."', now());";              
             }
             //先删除，后添加
             $sql .= "delete from  public.kln_report_field_config where template_serial_no = '$serial_no';";
@@ -483,7 +493,6 @@ class report {
             $report_sql = str_replace('<{CustomFiled}>', $CustomFiled, $report_sql);
             $report_sql = str_replace('<{vvSearchKLN}>', $filterSQLArr['vvSearchKLN'], $report_sql);
             $report_sql = str_replace('<{orderby}>', $this->returnSortBySql(), $report_sql);
-            error_log($reportFiled['name'].": report_detail_search, ".$report_sql);
 
             //查询data
             $cp = common::check_input($_POST ['cp']); //current_page
@@ -501,6 +510,7 @@ class report {
             if ($rc > 0) {
                 $tmp_search_without_limit = $report_sql;
                 $report_sql .= " limit " . $ps . " offset " . ($cp - 1) * $ps;
+                error_log($reportFiled['name'].": report_detail_search, ".$report_sql);
 
                 $rs = common::excuteListSql($report_sql);
                 $arrTmp = array('searchData' => $rs, 
@@ -748,7 +758,6 @@ class report {
             $report_sql = str_replace('<{CustomFiled}>', $CustomFiled, $report_sql);
             $report_sql = str_replace('<{vvSearchKLN}>', " ", $report_sql);
             $report_sql = str_replace('<{orderby}>', $orderby, $report_sql);
-            error_log($schedule_search['name'].": report_schedule_search, ".$report_sql);
 
             //查询sql
             $cp = common::check_input($_POST ['cp']); //current_page
@@ -766,6 +775,7 @@ class report {
             if ($rc > 0) {
                 $tmp_search_without_limit = $report_sql;
                 $report_sql .= " limit " . $ps . " offset " . ($cp - 1) * $ps;
+                error_log($schedule_search['name'].": report_schedule_search, ".$report_sql);
 
                 $rs = common::excuteListSql($report_sql);
                 $arrTmp = array('searchData' => $rs, 

utils/common.class.php

@@ -596,16 +596,26 @@ class common {
         $follow = $user['ocean_following_sales'];
         $follow_or = $user['ocean_following_sales_or'];
 
-        if (strtolower($o_or) == "all" || strtolower($d_or) == "all" || strtolower($sales_or) == "all" || strtolower($op_or) == "all") {
-            return " and 1=1";
-        }
         $sqlWhere = "";
         if (_isCustomerLoginHandNew($user)) {
             $sqlWhere .= " and " . _customerFilerSearchHandNew($user, $schemas);
         } else {
-            if (empty($o) && empty($d) && empty($sales) && empty($op) && empty($follow)) {
+            //employee_search_type 的设置
+            $sqlStr = _employeeFilerSearch('ocean','employee_contact_id_user','employee_company_name',$schemas);
+            if( $sqlStr != "1<>1"){
+                $sqlWhere .= " and " .$sqlStr;
+            }
+
+            if (empty($o) && empty($d) && empty($sales) && empty($op) && empty($follow)&& $sqlStr == "1<>1") {
                 return " and 1<>1";
             }
+            if (strtolower($o_or) == "all" || strtolower($d_or) == "all" || strtolower($sales_or) == "all" || strtolower($op_or) == "all") {
+                if( $sqlStr != "1<>1"){
+                    return " and 1=1 and " .$sqlStr;
+                }else{
+                    return " and 1=1";
+                }
+            }
             if ((strtolower($o) == 'all' || empty($o)) && (strtolower($d) == "all" || empty($d))) {
                 
             } else {
@@ -718,17 +728,25 @@ class common {
                 $follow = $user['ocean_following_sales'];
                 $follow_or = $user['ocean_following_sales_or'];
         
-                if (strtolower($o_or) == "all" || strtolower($d_or) == "all" || strtolower($sales_or) == "all") {
-                    return " and 1=1";
-                }
-
                 $sqlWhere = "";
                 if (_isCustomerLoginHandNew($user)) {
                     $sqlWhere .= " and " . _customerFilerSearchHandNew($user, $schames);
                 } else {
-                    if (empty($o) && empty($d) && empty($sales) && empty($op) && empty($follow)) {
+                    //employee_search_type 的设置
+                    $sqlStr = _employeeFilerSearch('ocean','employee_contact_id_user','employee_company_name',$schames);
+                    if( $sqlStr != "1<>1"){
+                        $sqlWhere .= " and " .$sqlStr;
+                    }
+                    if (empty($o) && empty($d) && empty($sales) && empty($op) && empty($follow)&& $sqlStr == "1<>1") {
                         return " and 1<>1";
                     }
+                    if (strtolower($o_or) == "all" || strtolower($d_or) == "all" || strtolower($sales_or) == "all") {
+                        if( $sqlStr != "1<>1"){
+                            return " and 1=1 and " .$sqlStr;
+                        }else{
+                            return " and 1=1";
+                        }
+                    }
                     if ((strtolower($o) == 'all' || empty($o)) && (strtolower($d) == "all" || empty($d))) {
                         
                     } else {
@@ -828,11 +846,17 @@ class common {
         if (_isCustomerLogin()) {
             $sqlWhere .= " and " . _customerAirFilerSearch($schemas);
         } else {
-            if (empty($station) && empty($sales)) {
+            //employee_search_type 的设置
+            $sqlStr = _employeeFilerSearch('air','employee_air_contact_id_user','employee_air_company_name',$schemas);
+            if( $sqlStr != "1<>1"){
+                $sqlWhere .= " and " .$sqlStr;
+            }
+
+            if (empty($station) && empty($sales) && $sqlStr == "1<>1") {
                 return "and 1<>1";
             }
             if (strtolower($station_or) == "all" || strtolower($sales_or) == "all")
-                        return " and ($sqlWhere)";
+                return " and ($sqlWhere)";
         
             if (strtolower($station) == 'all' || empty($station)) {