264 lines
10 KiB
PHP
264 lines
10 KiB
PHP
|
|
<?php
|
|||
|
|
|
|||
|
|
require_once($_SERVER['DOCUMENT_ROOT'] . "/config.php");
|
|||
|
|
|
|||
|
|
header('Content-Type: application/json');
|
|||
|
|
|
|||
|
|
$response = [
|
|||
|
|
'success' => false,
|
|||
|
|
'message' => 'Unauthorized',
|
|||
|
|
'data' => [],
|
|||
|
|
'hidden_objects' => []
|
|||
|
|
];
|
|||
|
|
|
|||
|
|
if ($_SESSION['id'] && isset($_GET['object_ids'])) {
|
|||
|
|
$currentUserId = $_SESSION['id'];
|
|||
|
|
|
|||
|
|
$userSql = "SELECT agency, users_admin, id_manager, company_id FROM users WHERE id = $currentUserId LIMIT 1";
|
|||
|
|
$userResult = mysql_query($userSql);
|
|||
|
|
$userData = mysql_fetch_assoc($userResult);
|
|||
|
|
|
|||
|
|
$currentCompanyID = $userData['company_id'];
|
|||
|
|
|
|||
|
|
$isAdmin = ($userData['agency'] == 1 || $userData['users_admin'] == 1);
|
|||
|
|
|
|||
|
|
$permSql = "SELECT menu_all_clients, menu_all_clients_edit FROM user_permissions
|
|||
|
|
WHERE user_id = $currentUserId LIMIT 1";
|
|||
|
|
$permResult = mysql_query($permSql);
|
|||
|
|
$permData = mysql_fetch_assoc($permResult);
|
|||
|
|
|
|||
|
|
|
|||
|
|
$depClass = new Department();
|
|||
|
|
$dep_user = $depClass->getDepartment((int)$_SESSION['id']);
|
|||
|
|
|
|||
|
|
$canViewAll = ($isAdmin || $permData['menu_all_clients'] == 1 || $dep_user['role'] == 'admin_department');
|
|||
|
|
$canEditAll = ($isAdmin || $permData['menu_all_clients_edit'] == 1 || $dep_user['role'] == 'admin_department');
|
|||
|
|
|
|||
|
|
$objectIds = array_filter(
|
|||
|
|
array_map('intval', explode(',', $_GET['object_ids'])),
|
|||
|
|
function($id) { return $id > 0; }
|
|||
|
|
);
|
|||
|
|
|
|||
|
|
if (empty($objectIds)) {
|
|||
|
|
$response['message'] = 'No valid object IDs provided';
|
|||
|
|
echo json_encode($response);
|
|||
|
|
exit;
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
$objectIdsStr = implode(',', $objectIds);
|
|||
|
|
|
|||
|
|
$validObjectIds = [];
|
|||
|
|
|
|||
|
|
if ($currentCompanyID) {
|
|||
|
|
$agencyUsersSql = "SELECT id FROM users WHERE company_id = " . (int)$currentCompanyID;
|
|||
|
|
$agencyUsersRes = mysql_query($agencyUsersSql);
|
|||
|
|
$agencyUserIDs = [];
|
|||
|
|
while ($row = mysql_fetch_assoc($agencyUsersRes)) {
|
|||
|
|
$agencyUserIDs[] = (int)$row['id'];
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
if (!empty($agencyUserIDs)) {
|
|||
|
|
$agencyUserIDsStr = implode(',', $agencyUserIDs);
|
|||
|
|
$validObjectsSql = "
|
|||
|
|
SELECT id
|
|||
|
|
FROM objects
|
|||
|
|
WHERE id IN ($objectIdsStr)
|
|||
|
|
AND id_add_user IN ($agencyUserIDsStr)
|
|||
|
|
";
|
|||
|
|
$validRes = mysql_query($validObjectsSql);
|
|||
|
|
while ($row = mysql_fetch_assoc($validRes)) {
|
|||
|
|
$validObjectIds[] = (int)$row['id'];
|
|||
|
|
}
|
|||
|
|
}
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
if (empty($validObjectIds)) {
|
|||
|
|
$fallbackSql = "SELECT o.id, o.id_add_user, u.id_manager FROM objects o JOIN users u ON u.id = o.id_add_user WHERE o.id IN ($objectIdsStr)";
|
|||
|
|
$fallbackRes = mysql_query($fallbackSql);
|
|||
|
|
while ($row = mysql_fetch_assoc($fallbackRes)) {
|
|||
|
|
if ($row['id_add_user'] == $currentUserId || $row['id_manager'] == $currentUserId) {
|
|||
|
|
$validObjectIds[] = (int)$row['id'];
|
|||
|
|
}
|
|||
|
|
}
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
if (empty($validObjectIds)) {
|
|||
|
|
$response['success'] = true;
|
|||
|
|
$response['message'] = 'Нет доступных объектов в вашем агентстве';
|
|||
|
|
echo json_encode($response, JSON_UNESCAPED_UNICODE);
|
|||
|
|
exit;
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
$objectIds = $validObjectIds;
|
|||
|
|
$objectIdsStr = implode(',', $objectIds);
|
|||
|
|
|
|||
|
|
//$objectsSql = "SELECT id, id_add_user FROM objects WHERE id IN ($objectIdsStr)";
|
|||
|
|
$objectsSql = "SELECT o.id, o.id_add_user, u.id_manager FROM objects o JOIN users u ON u.id = o.id_add_user WHERE o.id IN ($objectIdsStr);";
|
|||
|
|
$objectsResult = mysql_query($objectsSql);
|
|||
|
|
$objectsOwnersManager = [];
|
|||
|
|
$objectsOwners = [];
|
|||
|
|
while ($row = mysql_fetch_assoc($objectsResult)) {
|
|||
|
|
$objectsOwners[$row['id']] = $row['id_add_user'];
|
|||
|
|
$objectsOwnersManager[$row['id']] = $row['id_manager'];
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
$userOwnedObjects = [];
|
|||
|
|
foreach ($objectsOwners as $objectId => $ownerId) {
|
|||
|
|
if ($ownerId == $currentUserId || (isset($objectsOwnersManager[$objectId]) && $objectsOwnersManager[$objectId] == $currentUserId)) {
|
|||
|
|
$userOwnedObjects[] = $objectId;
|
|||
|
|
}
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
$applyFilter = (isset($_SESSION['agency_id']) && $_SESSION['agency_id'] == 19794 && !$isAdmin && $permData['menu_all_clients'] == 1);
|
|||
|
|
|
|||
|
|
$filteredObjectIds = $objectIds;
|
|||
|
|
if ($applyFilter) {
|
|||
|
|
$filteredObjectIds = [];
|
|||
|
|
|
|||
|
|
// Объекты с Юр.лицо = Да
|
|||
|
|
$sqlLegalYes = "SELECT DISTINCT object_id FROM object_data WHERE field_id = 445 AND value = '[\"1\"]' AND object_id IN ($objectIdsStr)";
|
|||
|
|
$resultLegalYes = mysql_query($sqlLegalYes);
|
|||
|
|
while ($row = mysql_fetch_assoc($resultLegalYes)) {
|
|||
|
|
$filteredObjectIds[] = $row['object_id'];
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
// Объекты с Юр.лицо = Нет и Эксклюзив = Нет
|
|||
|
|
$sqlLegalNoExclusiveNo = "
|
|||
|
|
SELECT DISTINCT od1.object_id
|
|||
|
|
FROM object_data od1
|
|||
|
|
JOIN object_data od2 ON od1.object_id = od2.object_id
|
|||
|
|
WHERE od1.field_id = 445 AND od1.value = '[\"2\"]'
|
|||
|
|
AND od2.field_id = 482 AND od2.value = '[\"2\"]'
|
|||
|
|
AND od1.object_id IN ($objectIdsStr)";
|
|||
|
|
$resultLegalNoExclusiveNo = mysql_query($sqlLegalNoExclusiveNo);
|
|||
|
|
while ($row = mysql_fetch_assoc($resultLegalNoExclusiveNo)) {
|
|||
|
|
$filteredObjectIds[] = $row['object_id'];
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
$filteredObjectIds = array_merge($filteredObjectIds, $userOwnedObjects);
|
|||
|
|
$filteredObjectIds = array_unique($filteredObjectIds);
|
|||
|
|
|
|||
|
|
$response['hidden_objects'] = array_values(array_diff($objectIds, $filteredObjectIds));
|
|||
|
|
|
|||
|
|
if (empty($filteredObjectIds)) {
|
|||
|
|
$response['success'] = true;
|
|||
|
|
$response['message'] = 'No objects match the condition';
|
|||
|
|
echo json_encode($response);
|
|||
|
|
exit;
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
$objectIdsStr = implode(',', $filteredObjectIds);
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
$sql = "SELECT object_id, client_id FROM client_objects WHERE object_id IN ($objectIdsStr)";
|
|||
|
|
$result = mysql_query($sql);
|
|||
|
|
|
|||
|
|
$clientIds = [];
|
|||
|
|
$objectClientsMap = [];
|
|||
|
|
|
|||
|
|
while ($row = mysql_fetch_assoc($result)) {
|
|||
|
|
$objectId = $row['object_id'];
|
|||
|
|
$clientId = $row['client_id'];
|
|||
|
|
|
|||
|
|
// Проверяем права на просмотр для каждого объекта
|
|||
|
|
$isOwner = (isset($objectsOwners[$objectId]) && ($objectsOwners[$objectId] == $currentUserId || $objectsOwnersManager[$objectId] == $currentUserId));
|
|||
|
|
$hasAccess = $canViewAll || $isOwner;
|
|||
|
|
|
|||
|
|
if ($hasAccess) {
|
|||
|
|
if (!isset($objectClientsMap[$objectId])) {
|
|||
|
|
$objectClientsMap[$objectId] = [];
|
|||
|
|
}
|
|||
|
|
$objectClientsMap[$objectId][] = $clientId;
|
|||
|
|
$clientIds[] = $clientId;
|
|||
|
|
}
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
if (!empty($clientIds)) {
|
|||
|
|
$clientIds = array_unique($clientIds);
|
|||
|
|
$clientIdsStr = implode(',', $clientIds);
|
|||
|
|
|
|||
|
|
$sqlClients = "SELECT id, fio, email, phone, id_agent, who_work FROM clients WHERE id IN ($clientIdsStr)";
|
|||
|
|
$resultClients = mysql_query($sqlClients);
|
|||
|
|
|
|||
|
|
$clientsMap = [];
|
|||
|
|
if (is_null($userData['company_id'])) {
|
|||
|
|
$allowedUserIds = [$currentUserId];
|
|||
|
|
if (!empty($userData['id_manager']) && $userData['id_manager'] != 0) {
|
|||
|
|
$allowedUserIds[] = (int)$userData['id_manager'];
|
|||
|
|
}
|
|||
|
|
while ($resultClient = mysql_fetch_assoc($resultClients)) {
|
|||
|
|
if (in_array($resultClient['who_work'], $allowedUserIds) || in_array($resultClient['id_agent'], $allowedUserIds)) {
|
|||
|
|
$clientsMap[$resultClient['id']] = $resultClient;
|
|||
|
|
}
|
|||
|
|
}
|
|||
|
|
} else {
|
|||
|
|
$companyId = isset($_SESSION['agency_id']) ? (int)$_SESSION['agency_id'] : 0;
|
|||
|
|
if ($companyId > 0) {
|
|||
|
|
$agencyUsersSql = "SELECT id FROM users WHERE company_id = $companyId";
|
|||
|
|
$agencyUsersResult = mysql_query($agencyUsersSql);
|
|||
|
|
$agencyUserIds = [];
|
|||
|
|
while ($row = mysql_fetch_assoc($agencyUsersResult)) {
|
|||
|
|
$agencyUserIds[] = $row['id'];
|
|||
|
|
}
|
|||
|
|
} else {
|
|||
|
|
$agencyUserIds = [$currentUserId];
|
|||
|
|
}
|
|||
|
|
$agencyUserIdsStr = implode(',', array_unique($agencyUserIds));
|
|||
|
|
|
|||
|
|
while ($client = mysql_fetch_assoc($resultClients)) {
|
|||
|
|
$belongsToCompany = $isAdmin
|
|||
|
|
|| in_array($client['who_work'], $agencyUserIds)
|
|||
|
|
|| ($client['who_work'] == 0 && in_array($client['id_agent'], $agencyUserIds));
|
|||
|
|
|
|||
|
|
if ($belongsToCompany) {
|
|||
|
|
$clientsMap[$client['id']] = $client;
|
|||
|
|
}
|
|||
|
|
}
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
foreach ($objectClientsMap as $objectId => $clientIdsForObject) {
|
|||
|
|
|
|||
|
|
if ($applyFilter && !in_array($objectId, $filteredObjectIds) && !in_array($objectId, $userOwnedObjects)) {
|
|||
|
|
continue;
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
$clientsForObject = [];
|
|||
|
|
|
|||
|
|
$objectOwnerId = isset($objectsOwners[$objectId]) ? $objectsOwners[$objectId] : 0;
|
|||
|
|
|
|||
|
|
foreach ($clientIdsForObject as $clientId) {
|
|||
|
|
if (isset($clientsMap[$clientId])) {
|
|||
|
|
$client = $clientsMap[$clientId];
|
|||
|
|
|
|||
|
|
$canEdit = $canEditAll || $client['who_work'] == $currentUserId || $objectOwnerId == $currentUserId;
|
|||
|
|
|
|||
|
|
$clientItem = array(
|
|||
|
|
'id' => $client['id'],
|
|||
|
|
'fio' => $client['fio'],
|
|||
|
|
'email' => $client['email'],
|
|||
|
|
'phone' => $client['phone'],
|
|||
|
|
'can_edit' => $canEdit
|
|||
|
|
);
|
|||
|
|
mask_client_contacts_inplace($clientItem);
|
|||
|
|
$clientsForObject[] = $clientItem;
|
|||
|
|
}
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
if (!empty($clientsForObject)) {
|
|||
|
|
$response['data'][] = [
|
|||
|
|
'object_id' => $objectId,
|
|||
|
|
'clients' => $clientsForObject,
|
|||
|
|
'clients_count' => count($clientsForObject)
|
|||
|
|
];
|
|||
|
|
}
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
$response['success'] = true;
|
|||
|
|
$response['message'] = '';
|
|||
|
|
} else {
|
|||
|
|
$response['message'] = 'Клиентов не найдено';
|
|||
|
|
}
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
echo json_encode($response, JSON_UNESCAPED_UNICODE);
|
|||
|
|
exit;
|