240 lines
9.3 KiB
PHP
240 lines
9.3 KiB
PHP
|
|
<?php
|
||
|
|
require_once($_SERVER['DOCUMENT_ROOT']."/config.php");
|
||
|
|
|
||
|
|
function get_agency($user_id){
|
||
|
|
//Поиск агенства
|
||
|
|
/* $result = array();
|
||
|
|
$sql = "SELECT `manager`, `agency`, `id_manager` FROM users WHERE id = ".$user_id;
|
||
|
|
$q = mysql_query($sql);
|
||
|
|
$r = mysql_fetch_assoc($q);
|
||
|
|
if($r['agency'] > 0){
|
||
|
|
$result['agency'] = $user_id;
|
||
|
|
} else if ($r['manager'] > 0){
|
||
|
|
$result['agency'] = $r['id_manager'];
|
||
|
|
$manager = $user_id;
|
||
|
|
} else {
|
||
|
|
$result['manager'] = $r['id_manager'];
|
||
|
|
$sql_2 = "SELECT `manager`, `agency`, `id_manager` FROM users WHERE id = ".$result['manager'];
|
||
|
|
$q_2 = mysql_query($sql_2);
|
||
|
|
$r_2 = mysql_fetch_assoc($q_2);
|
||
|
|
if($r_2['agency'] > 0){
|
||
|
|
$result['agency'] = $r['id_manager'];
|
||
|
|
} else {
|
||
|
|
$result['agency'] = $r_2['id_manager'];
|
||
|
|
}
|
||
|
|
}*/
|
||
|
|
$user = new User();
|
||
|
|
$user->get($user_id);
|
||
|
|
$result['agency'] = $user->agencyId;
|
||
|
|
return $result;
|
||
|
|
}
|
||
|
|
|
||
|
|
if(isset($_POST['add_new_folder'])){
|
||
|
|
$user_id = $_POST['user_id'];
|
||
|
|
$name = $_POST['add_new_folder'];
|
||
|
|
$agency = 0;
|
||
|
|
$manager = 0;
|
||
|
|
|
||
|
|
$man = get_agency($user_id);
|
||
|
|
$agency = $man['agency'];
|
||
|
|
$manager = $man['manager'];
|
||
|
|
$permissions = '';
|
||
|
|
|
||
|
|
if ($_POST['permissions']) {
|
||
|
|
$permissions = implode(",", $_POST['permissions']);
|
||
|
|
}
|
||
|
|
|
||
|
|
$sql_in = "INSERT INTO `agency_folders` (`name`, `agency_id`, `manager_id`, `user_id`, `permissions`) VALUES ('".$name."', '".$agency."', '".$manager."', '".$user_id."', '".$permissions."')";
|
||
|
|
|
||
|
|
mysql_query($sql_in);
|
||
|
|
}
|
||
|
|
|
||
|
|
if(isset($_POST['get_folders_all'])){
|
||
|
|
$user_id = $_SESSION['id'];
|
||
|
|
$man = get_agency($user_id);
|
||
|
|
$agency = $man['agency'];
|
||
|
|
$manager = $man['manager'];
|
||
|
|
|
||
|
|
$sql = "SELECT * FROM `agency_folders` WHERE `agency_id` = ".$agency." or `id` = 11 order by id desc";
|
||
|
|
$q = mysql_query($sql);
|
||
|
|
if(mysql_num_rows($q) > 0){
|
||
|
|
?>
|
||
|
|
<ul class="docs docsdirs">
|
||
|
|
<?php
|
||
|
|
while($r = mysql_fetch_assoc($q)){
|
||
|
|
|
||
|
|
/*if ($r['id'] == 11 && $agency == 13154) {
|
||
|
|
continue;
|
||
|
|
}*/
|
||
|
|
|
||
|
|
$array_permissions = explode(",", $r['permissions']);
|
||
|
|
if ((in_array($user_id, $array_permissions)) || ($r['permissions'] === '') || ($user_id === $r['user_id'])) {
|
||
|
|
?>
|
||
|
|
<li class="dir opened" id="folder_id_<?=$r['id']?>">
|
||
|
|
<span class="dir-link">
|
||
|
|
<span class="dir-span ti-folder"></span>
|
||
|
|
<span class="dir-name"><?=$r['name']?></span>
|
||
|
|
</span>
|
||
|
|
<?php
|
||
|
|
if($r['id'] == 11){
|
||
|
|
if($_SESSION['id'] == 4){
|
||
|
|
?>
|
||
|
|
<a href="javascript:{};" data-id="<?=$r['id']?>" class="delFolder no-border" title="Удалить папку">
|
||
|
|
<span class="simple-button delete"><i class="jw-action-icon-delete"></i></span>
|
||
|
|
</a>
|
||
|
|
<?php }
|
||
|
|
} else { ?>
|
||
|
|
<a href="javascript:{};" data-id="<?=$r['id']?>" class="delFolder no-border" title="Удалить папку">
|
||
|
|
<span class="simple-button delete"><i class="jw-action-icon-delete"></i></span>
|
||
|
|
</a>
|
||
|
|
<?php }
|
||
|
|
|
||
|
|
if($r['id'] != 11) {
|
||
|
|
?>
|
||
|
|
|
||
|
|
<a href="javascript:{};" class="no-border" onclick="changeDocPermissons('<?=$r['id'] ?>');" title="Предоставить права">
|
||
|
|
<span class="simple-button delete"><i class="jw-action-icon-settings"></i></span>
|
||
|
|
</a>
|
||
|
|
|
||
|
|
<?php
|
||
|
|
}
|
||
|
|
|
||
|
|
if($r['id'] == 11){
|
||
|
|
if($_SESSION['id'] == 4){
|
||
|
|
?>
|
||
|
|
<a href="javascript:{}" class="tab tab__new-object add_doc" data-id="<?=$r['id']?>">
|
||
|
|
<i class="ti-plus"></i><span>Новый документ</span>
|
||
|
|
</a>
|
||
|
|
<?php }
|
||
|
|
} else {
|
||
|
|
?>
|
||
|
|
<a href="javascript:{}" class="tab tab__new-object add_doc" data-id="<?=$r['id']?>">
|
||
|
|
<i class="ti-plus"></i><span>Новый документ</span>
|
||
|
|
</a>
|
||
|
|
<?php
|
||
|
|
}
|
||
|
|
|
||
|
|
|
||
|
|
$sql_d = "SELECT * FROM `agency_folders_docs` WHERE `folder_id` = ".$r['id']." order by id desc";
|
||
|
|
$q_d = mysql_query($sql_d);
|
||
|
|
if(mysql_num_rows($q_d) > 0){
|
||
|
|
?>
|
||
|
|
<ul class="docs docsfiles hidden">
|
||
|
|
<?php
|
||
|
|
while($r_d = mysql_fetch_assoc($q_d)){
|
||
|
|
|
||
|
|
?>
|
||
|
|
<li class="file" id="agencyDocument_<?=$r_d['id']?>">
|
||
|
|
<a title="Скачать файл" target="_blank" href="/download_file.php?afd_id=<?=$r_d['id']?>&preview=1">
|
||
|
|
<span class="file-span ti-file"></span>
|
||
|
|
<span class="file-name"><?=$r_d['name']?></span>
|
||
|
|
<?php
|
||
|
|
if($r['id'] == 11){
|
||
|
|
if($_SESSION['id'] == 4){
|
||
|
|
?>
|
||
|
|
<a href="javascript:{};" data-id="<?=$r_d['id']?>" class="delDocument no-border" title="Удалить документ">
|
||
|
|
<span class="simple-button delete"><i class="jw-action-icon-delete"></i></span>
|
||
|
|
</a>
|
||
|
|
<?php
|
||
|
|
}
|
||
|
|
} else { ?>
|
||
|
|
<a href="javascript:{};" data-id="<?=$r_d['id']?>" class="delDocument no-border" title="Удалить документ">
|
||
|
|
<span class="simple-button delete"><i class="jw-action-icon-delete"></i></span>
|
||
|
|
</a>
|
||
|
|
<?php } ?>
|
||
|
|
</a>
|
||
|
|
</li>
|
||
|
|
<?php }
|
||
|
|
?>
|
||
|
|
</ul>
|
||
|
|
<?php
|
||
|
|
}
|
||
|
|
?>
|
||
|
|
|
||
|
|
</li>
|
||
|
|
<?php
|
||
|
|
}
|
||
|
|
}
|
||
|
|
?>
|
||
|
|
</ul>
|
||
|
|
<?php
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
|
||
|
|
if(isset($_POST['delete_folder'])){
|
||
|
|
$id = (int)$_POST['delete_folder'];
|
||
|
|
$sql = "DELETE FROM `agency_folders` WHERE id=".$id;
|
||
|
|
mysql_query($sql);
|
||
|
|
}
|
||
|
|
|
||
|
|
if(isset($_POST['save_files'])){
|
||
|
|
$folder_id = (int)$_POST['save_files'];
|
||
|
|
$files = json_decode(html_entity_decode($_POST['files']), ENT_QUOTES);
|
||
|
|
foreach($files as $file){
|
||
|
|
if (!$file['error']) {
|
||
|
|
$sql = "INSERT INTO `agency_folders_docs` (`name`, `folder_id`, `url`, `type`) VALUES ('" . $file['name'] . "', " . $folder_id . ", '" . $file['url'] . "', '" . $file['type'] . "')";
|
||
|
|
mysql_query($sql);
|
||
|
|
}
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
if(isset($_POST['delete_document'])){
|
||
|
|
$id = (int)$_POST['delete_document'];
|
||
|
|
$sql = "SELECT * FROM `agency_folders_docs` WHERE `id` = ".$id;
|
||
|
|
$r = mysql_fetch_assoc(mysql_query($sql));
|
||
|
|
$name = $r['folder_id'].'/'.$r['name'];
|
||
|
|
$path = $_SERVER['DOCUMENT_ROOT'].'/server/php/files/docs/'.$name;
|
||
|
|
echo $path;
|
||
|
|
if(file_exists($path)){
|
||
|
|
unlink($path);
|
||
|
|
}
|
||
|
|
mysql_query("DELETE FROM `agency_folders_docs` WHERE id=".$id);
|
||
|
|
}
|
||
|
|
|
||
|
|
|
||
|
|
if(isset($_POST['get_users_perm_folder'])){
|
||
|
|
$folder_id = (int)$_POST['get_users_perm_folder'];
|
||
|
|
$agency_id = $_SESSION["agency_id"];
|
||
|
|
|
||
|
|
$sql_agency_folder = "SELECT `permissions` FROM `agency_folders` WHERE id = {$folder_id}";
|
||
|
|
$r_agency_folder = mysql_fetch_assoc(mysql_query($sql_agency_folder));
|
||
|
|
$agency_folder_permissions = explode(",", $r_agency_folder['permissions']);
|
||
|
|
|
||
|
|
$userIds = User::getAllAgencyUsers($agency_id);
|
||
|
|
|
||
|
|
if (empty($userIds)) {
|
||
|
|
echo json_encode([], JSON_UNESCAPED_UNICODE);
|
||
|
|
exit;
|
||
|
|
}
|
||
|
|
|
||
|
|
$userIdsStr = implode(',', array_map('intval', $userIds));
|
||
|
|
$sql = "SELECT * FROM `users` WHERE `id` IN ({$userIdsStr})";
|
||
|
|
$result = mysql_query($sql);
|
||
|
|
|
||
|
|
$output_array = [];
|
||
|
|
|
||
|
|
while ($row = mysql_fetch_assoc($result)) {
|
||
|
|
$hasPermission = in_array($row["id"], $agency_folder_permissions);
|
||
|
|
|
||
|
|
$output_array[] = [
|
||
|
|
'user_name' => $row["last_name"] . ' ' . $row["first_name"] . ' ' . $row["middle_name"],
|
||
|
|
'user_id' => $row["id"],
|
||
|
|
'user_select' => $hasPermission ? 1 : 0
|
||
|
|
];
|
||
|
|
}
|
||
|
|
echo json_encode($output_array, JSON_UNESCAPED_UNICODE);
|
||
|
|
}
|
||
|
|
|
||
|
|
if(isset($_POST['change_perm_folder'])){
|
||
|
|
$id = (int)$_POST['folder_id'];
|
||
|
|
$users_perm_array = $_POST['users_perm'];
|
||
|
|
$users_perm = '';
|
||
|
|
if ($users_perm_array != null) {
|
||
|
|
$users_perm = implode(",", $users_perm_array);
|
||
|
|
}
|
||
|
|
$sql = "UPDATE `agency_folders` SET `permissions` = '$users_perm' WHERE `id` = '$id'";
|
||
|
|
mysql_query($sql);
|
||
|
|
echo $users_perm;
|
||
|
|
}
|