Joywork/ajax/getObjectClients.php

264 lines
10 KiB
PHP
Raw Normal View History

2026-05-22 20:21:54 +02:00
<?php
require_once($_SERVER['DOCUMENT_ROOT'] . "/config.php");
header('Content-Type: application/json');
$response = [
'success' => false,
'message' => 'Unauthorized',
'data' => [],
'hidden_objects' => []
];
if ($_SESSION['id'] && isset($_GET['object_ids'])) {
$currentUserId = $_SESSION['id'];
$userSql = "SELECT agency, users_admin, id_manager, company_id FROM users WHERE id = $currentUserId LIMIT 1";
$userResult = mysql_query($userSql);
$userData = mysql_fetch_assoc($userResult);
$currentCompanyID = $userData['company_id'];
$isAdmin = ($userData['agency'] == 1 || $userData['users_admin'] == 1);
$permSql = "SELECT menu_all_clients, menu_all_clients_edit FROM user_permissions
WHERE user_id = $currentUserId LIMIT 1";
$permResult = mysql_query($permSql);
$permData = mysql_fetch_assoc($permResult);
$depClass = new Department();
$dep_user = $depClass->getDepartment((int)$_SESSION['id']);
$canViewAll = ($isAdmin || $permData['menu_all_clients'] == 1 || $dep_user['role'] == 'admin_department');
$canEditAll = ($isAdmin || $permData['menu_all_clients_edit'] == 1 || $dep_user['role'] == 'admin_department');
$objectIds = array_filter(
array_map('intval', explode(',', $_GET['object_ids'])),
function($id) { return $id > 0; }
);
if (empty($objectIds)) {
$response['message'] = 'No valid object IDs provided';
echo json_encode($response);
exit;
}
$objectIdsStr = implode(',', $objectIds);
$validObjectIds = [];
if ($currentCompanyID) {
$agencyUsersSql = "SELECT id FROM users WHERE company_id = " . (int)$currentCompanyID;
$agencyUsersRes = mysql_query($agencyUsersSql);
$agencyUserIDs = [];
while ($row = mysql_fetch_assoc($agencyUsersRes)) {
$agencyUserIDs[] = (int)$row['id'];
}
if (!empty($agencyUserIDs)) {
$agencyUserIDsStr = implode(',', $agencyUserIDs);
$validObjectsSql = "
SELECT id
FROM objects
WHERE id IN ($objectIdsStr)
AND id_add_user IN ($agencyUserIDsStr)
";
$validRes = mysql_query($validObjectsSql);
while ($row = mysql_fetch_assoc($validRes)) {
$validObjectIds[] = (int)$row['id'];
}
}
}
if (empty($validObjectIds)) {
$fallbackSql = "SELECT o.id, o.id_add_user, u.id_manager FROM objects o JOIN users u ON u.id = o.id_add_user WHERE o.id IN ($objectIdsStr)";
$fallbackRes = mysql_query($fallbackSql);
while ($row = mysql_fetch_assoc($fallbackRes)) {
if ($row['id_add_user'] == $currentUserId || $row['id_manager'] == $currentUserId) {
$validObjectIds[] = (int)$row['id'];
}
}
}
if (empty($validObjectIds)) {
$response['success'] = true;
$response['message'] = 'Нет доступных объектов в вашем агентстве';
echo json_encode($response, JSON_UNESCAPED_UNICODE);
exit;
}
$objectIds = $validObjectIds;
$objectIdsStr = implode(',', $objectIds);
//$objectsSql = "SELECT id, id_add_user FROM objects WHERE id IN ($objectIdsStr)";
$objectsSql = "SELECT o.id, o.id_add_user, u.id_manager FROM objects o JOIN users u ON u.id = o.id_add_user WHERE o.id IN ($objectIdsStr);";
$objectsResult = mysql_query($objectsSql);
$objectsOwnersManager = [];
$objectsOwners = [];
while ($row = mysql_fetch_assoc($objectsResult)) {
$objectsOwners[$row['id']] = $row['id_add_user'];
$objectsOwnersManager[$row['id']] = $row['id_manager'];
}
$userOwnedObjects = [];
foreach ($objectsOwners as $objectId => $ownerId) {
if ($ownerId == $currentUserId || (isset($objectsOwnersManager[$objectId]) && $objectsOwnersManager[$objectId] == $currentUserId)) {
$userOwnedObjects[] = $objectId;
}
}
$applyFilter = (isset($_SESSION['agency_id']) && $_SESSION['agency_id'] == 19794 && !$isAdmin && $permData['menu_all_clients'] == 1);
$filteredObjectIds = $objectIds;
if ($applyFilter) {
$filteredObjectIds = [];
// Объекты с Юр.лицо = Да
$sqlLegalYes = "SELECT DISTINCT object_id FROM object_data WHERE field_id = 445 AND value = '[\"1\"]' AND object_id IN ($objectIdsStr)";
$resultLegalYes = mysql_query($sqlLegalYes);
while ($row = mysql_fetch_assoc($resultLegalYes)) {
$filteredObjectIds[] = $row['object_id'];
}
// Объекты с Юр.лицо = Нет и Эксклюзив = Нет
$sqlLegalNoExclusiveNo = "
SELECT DISTINCT od1.object_id
FROM object_data od1
JOIN object_data od2 ON od1.object_id = od2.object_id
WHERE od1.field_id = 445 AND od1.value = '[\"2\"]'
AND od2.field_id = 482 AND od2.value = '[\"2\"]'
AND od1.object_id IN ($objectIdsStr)";
$resultLegalNoExclusiveNo = mysql_query($sqlLegalNoExclusiveNo);
while ($row = mysql_fetch_assoc($resultLegalNoExclusiveNo)) {
$filteredObjectIds[] = $row['object_id'];
}
$filteredObjectIds = array_merge($filteredObjectIds, $userOwnedObjects);
$filteredObjectIds = array_unique($filteredObjectIds);
$response['hidden_objects'] = array_values(array_diff($objectIds, $filteredObjectIds));
if (empty($filteredObjectIds)) {
$response['success'] = true;
$response['message'] = 'No objects match the condition';
echo json_encode($response);
exit;
}
$objectIdsStr = implode(',', $filteredObjectIds);
}
$sql = "SELECT object_id, client_id FROM client_objects WHERE object_id IN ($objectIdsStr)";
$result = mysql_query($sql);
$clientIds = [];
$objectClientsMap = [];
while ($row = mysql_fetch_assoc($result)) {
$objectId = $row['object_id'];
$clientId = $row['client_id'];
// Проверяем права на просмотр для каждого объекта
$isOwner = (isset($objectsOwners[$objectId]) && ($objectsOwners[$objectId] == $currentUserId || $objectsOwnersManager[$objectId] == $currentUserId));
$hasAccess = $canViewAll || $isOwner;
if ($hasAccess) {
if (!isset($objectClientsMap[$objectId])) {
$objectClientsMap[$objectId] = [];
}
$objectClientsMap[$objectId][] = $clientId;
$clientIds[] = $clientId;
}
}
if (!empty($clientIds)) {
$clientIds = array_unique($clientIds);
$clientIdsStr = implode(',', $clientIds);
$sqlClients = "SELECT id, fio, email, phone, id_agent, who_work FROM clients WHERE id IN ($clientIdsStr)";
$resultClients = mysql_query($sqlClients);
$clientsMap = [];
if (is_null($userData['company_id'])) {
$allowedUserIds = [$currentUserId];
if (!empty($userData['id_manager']) && $userData['id_manager'] != 0) {
$allowedUserIds[] = (int)$userData['id_manager'];
}
while ($resultClient = mysql_fetch_assoc($resultClients)) {
if (in_array($resultClient['who_work'], $allowedUserIds) || in_array($resultClient['id_agent'], $allowedUserIds)) {
$clientsMap[$resultClient['id']] = $resultClient;
}
}
} else {
$companyId = isset($_SESSION['agency_id']) ? (int)$_SESSION['agency_id'] : 0;
if ($companyId > 0) {
$agencyUsersSql = "SELECT id FROM users WHERE company_id = $companyId";
$agencyUsersResult = mysql_query($agencyUsersSql);
$agencyUserIds = [];
while ($row = mysql_fetch_assoc($agencyUsersResult)) {
$agencyUserIds[] = $row['id'];
}
} else {
$agencyUserIds = [$currentUserId];
}
$agencyUserIdsStr = implode(',', array_unique($agencyUserIds));
while ($client = mysql_fetch_assoc($resultClients)) {
$belongsToCompany = $isAdmin
|| in_array($client['who_work'], $agencyUserIds)
|| ($client['who_work'] == 0 && in_array($client['id_agent'], $agencyUserIds));
if ($belongsToCompany) {
$clientsMap[$client['id']] = $client;
}
}
}
foreach ($objectClientsMap as $objectId => $clientIdsForObject) {
if ($applyFilter && !in_array($objectId, $filteredObjectIds) && !in_array($objectId, $userOwnedObjects)) {
continue;
}
$clientsForObject = [];
$objectOwnerId = isset($objectsOwners[$objectId]) ? $objectsOwners[$objectId] : 0;
foreach ($clientIdsForObject as $clientId) {
if (isset($clientsMap[$clientId])) {
$client = $clientsMap[$clientId];
$canEdit = $canEditAll || $client['who_work'] == $currentUserId || $objectOwnerId == $currentUserId;
$clientItem = array(
'id' => $client['id'],
'fio' => $client['fio'],
'email' => $client['email'],
'phone' => $client['phone'],
'can_edit' => $canEdit
);
mask_client_contacts_inplace($clientItem);
$clientsForObject[] = $clientItem;
}
}
if (!empty($clientsForObject)) {
$response['data'][] = [
'object_id' => $objectId,
'clients' => $clientsForObject,
'clients_count' => count($clientsForObject)
];
}
}
$response['success'] = true;
$response['message'] = '';
} else {
$response['message'] = 'Клиентов не найдено';
}
}
echo json_encode($response, JSON_UNESCAPED_UNICODE);
exit;