1<?php
2
3include('includes/session.php');
4$Title = _('User Authorised Inventory Locations Maintenance');
5$ViewTopic = 'Inventory';// Filename in ManualContents.php's TOC.
6$BookMark = 'LocationUsers';// Anchor's id in the manual's html document.
7include('includes/header.php');
8
9echo '<p class="page_title_text"><img src="' . $RootPath . '/css/' . $Theme . '/images/money_add.png" title="' . _('User Authorised Locations') . '" alt="" />' . ' ' . $Title . '</p>';
10
11if (isset($_POST['SelectedLocation'])) {
12	$SelectedLocation = mb_strtoupper($_POST['SelectedLocation']);
13} elseif (isset($_GET['SelectedLocation'])) {
14	$SelectedLocation = mb_strtoupper($_GET['SelectedLocation']);
15} else {
16	$SelectedLocation = '';
17}
18
19if (isset($_POST['SelectedUser'])) {
20	$SelectedUser = mb_strtoupper($_POST['SelectedUser']);
21} elseif (isset($_GET['SelectedUser'])) {
22	$SelectedUser = mb_strtoupper($_GET['SelectedUser']);
23}
24
25if (isset($_POST['Cancel'])) {
26	unset($SelectedUser);
27	unset($SelectedLocation);
28}
29
30if (isset($_POST['Process'])) {
31	if ($_POST['SelectedUser'] == '') {
32		prnMsg(_('You have not selected any User'), 'error');
33		echo '<br />';
34		unset($SelectedUser);
35		unset($_POST['SelectedUser']);
36	}
37}
38
39if (isset($_POST['submit'])) {
40
41	$InputError = 0;
42
43	if ($_POST['SelectedLocation'] == '') {
44		$InputError = 1;
45		prnMsg(_('You have not selected an inventory location to be authorised for this user'), 'error');
46		echo '<br />';
47		unset($SelectedUser);
48	}
49
50	if ($InputError != 1) {
51
52		// First check the user is not being duplicated
53
54		$CheckSql = "SELECT count(*)
55			     FROM locationusers
56			     WHERE loccode= '" . $_POST['SelectedLocation'] . "'
57				 AND userid = '" . $_POST['SelectedUser'] . "'";
58
59		$CheckResult = DB_query($CheckSql);
60		$CheckRow = DB_fetch_row($CheckResult);
61
62		if ($CheckRow[0] > 0) {
63			$InputError = 1;
64			prnMsg(_('The location') . ' ' . $_POST['SelectedLocation'] . ' ' . _('is already authorised for this user'), 'error');
65		} else {
66			// Add new record on submit
67			$SQL = "INSERT INTO locationusers (loccode,
68												userid,
69												canview,
70												canupd)
71										VALUES ('" . $_POST['SelectedLocation'] . "',
72												'" . $_POST['SelectedUser'] . "',
73												'1',
74												'1')";
75
76			$msg = _('User') . ': ' . $_POST['SelectedUser'] . ' ' . _('authority to use the') . ' ' . $_POST['SelectedLocation'] . ' ' . _('location has been changed');
77			$Result = DB_query($SQL);
78			prnMsg($msg, 'success');
79			unset($_POST['SelectedLocation']);
80		}
81	}
82} elseif (isset($_GET['delete'])) {
83	$SQL = "DELETE FROM locationusers
84		WHERE loccode='" . $SelectedLocation . "'
85		AND userid='" . $SelectedUser . "'";
86
87	$ErrMsg = _('The Location user record could not be deleted because');
88	$Result = DB_query($SQL, $ErrMsg);
89	prnMsg(_('User') . ' ' . $SelectedUser . ' ' . _('has had their authority to use the') . ' ' . $SelectedLocation . ' ' . _('location removed'), 'success');
90	unset($_GET['delete']);
91} elseif (isset($_GET['ToggleUpdate'])) {
92	$SQL = "UPDATE locationusers
93			SET canupd='" . $_GET['ToggleUpdate'] . "'
94			WHERE loccode='" . $SelectedLocation . "'
95			AND userid='" . $SelectedUser . "'";
96
97	$ErrMsg = _('The Location user record could not be deleted because');
98	$Result = DB_query($SQL, $ErrMsg);
99	prnMsg(_('User') . ' ' . $SelectedUser . ' ' . _('has had their authority to update') . ' ' . $SelectedLocation . ' ' . _('location removed'), 'success');
100	unset($_GET['ToggleUpdate']);
101}
102
103if (!isset($SelectedUser)) {
104
105	/* It could still be the second time the page has been run and a record has been selected for modification - SelectedLocation will exist because it was sent with the new call. If its the first time the page has been displayed with no parameters
106	then none of the above are true. These will call the same page again and allow update/input or deletion of the records*/
107	echo '<form method="post" action="' . htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . '">';
108	echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />
109			<table class="selection">
110			<tr>
111				<td>' . _('Select User') . ':</td>
112				<td><select name="SelectedUser">';
113
114	$Result = DB_query("SELECT userid,
115								realname
116						FROM www_users
117						ORDER BY userid");
118
119	echo '<option value="">' . _('Not Yet Selected') . '</option>';
120	while ($MyRow = DB_fetch_array($Result)) {
121		if (isset($SelectedUser) and $MyRow['userid'] == $SelectedUser) {
122			echo '<option selected="selected" value="';
123		} else {
124			echo '<option value="';
125		}
126		echo $MyRow['userid'] . '">' . $MyRow['userid'] . ' - ' . $MyRow['realname'] . '</option>';
127
128	} //end while loop
129
130	echo '</select></td></tr>';
131
132	echo '</table>'; // close main table
133	DB_free_result($Result);
134
135	echo '<div class="centre">
136			<input type="submit" name="Process" value="' . _('Accept') . '" />
137			<input type="submit" name="Cancel" value="' . _('Cancel') . '" />
138		</div>';
139
140	echo '</form>';
141
142}
143
144//end of ifs and buts!
145if (isset($_POST['process']) or isset($SelectedUser)) {
146	$SQLName = "SELECT realname
147			FROM www_users
148			WHERE userid='" . $SelectedUser . "'";
149	$Result = DB_query($SQLName);
150	$MyRow = DB_fetch_array($Result);
151	$SelectedUserName = $MyRow['realname'];
152
153	echo '<div class="centre"><a href="' . htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . '">' . _('Authorised inventory locations for') . ' ' . $SelectedUserName . '</a></div>
154		<form method="post" action="' . htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . '">
155		<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />
156		<input type="hidden" name="SelectedUser" value="' . $SelectedUser . '" />';
157
158	$SQL = "SELECT locationusers.loccode,
159					canview,
160					canupd,
161					locations.locationname
162			FROM locationusers INNER JOIN locations
163			ON locationusers.loccode=locations.loccode
164			WHERE locationusers.userid='" . $SelectedUser . "'
165			ORDER BY locations.locationname ASC";
166
167	$Result = DB_query($SQL);
168
169	echo '<table class="selection">';
170	echo '<tr>
171			<th colspan="6"><h3>' . _('Authorised Inventory Locations for User') . ': ' . $SelectedUserName . '</h3></th>
172		</tr>';
173	echo '<tr>
174			<th>' . _('Code') . '</th>
175			<th>' . _('Name') . '</th>
176			<th>' . _('View') . '</th>
177			<th>' . _('Update') . '</th>
178		</tr>';
179
180	while ($MyRow = DB_fetch_array($Result)) {
181
182		if ($MyRow['canupd'] == 1) {
183			$ToggleText = '<td><a href="%s?SelectedLocation=%s&amp;ToggleUpdate=0&amp;SelectedUser=' . $SelectedUser . '" onclick="return confirm(\'' . _('Are you sure you wish to remove Update for this location?') . '\');">' . _('Remove Update') . '</a></td>';
184		} else {
185			$ToggleText = '<td><a href="%s?SelectedLocation=%s&amp;ToggleUpdate=1&amp;SelectedUser=' . $SelectedUser . '" onclick="return confirm(\'' . _('Are you sure you wish to add Update for this location?') . '\');">' . _('Add Update') . '</a></td>';
186		}
187
188		printf('<tr class="striped_row">
189				<td>%s</td>
190				<td>%s</td>
191				<td>%s</td>
192				<td>%s</td>' .
193				$ToggleText . '
194				<td><a href="%s?SelectedLocation=%s&amp;delete=yes&amp;SelectedUser=' . $SelectedUser . '" onclick="return confirm(\'' . _('Are you sure you wish to un-authorise this location?') . '\');">' . _('Un-authorise') . '</a></td>
195				</tr>',
196				$MyRow['loccode'],
197				$MyRow['locationname'],
198				$MyRow['canview'],
199				$MyRow['canupd'],
200				htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8'),
201				$MyRow['loccode'],
202				htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8'),
203				$MyRow['loccode']);
204	}
205	//END WHILE LIST LOOP
206	echo '</table>';
207
208	if (!isset($_GET['delete'])) {
209
210
211		echo '<table  class="selection">'; //Main table
212
213		echo '<tr>
214				<td>' . _('Select Location') . ':</td>
215				<td><select name="SelectedLocation">';
216
217		$Result = DB_query("SELECT loccode,
218									locationname
219							FROM locations
220							WHERE NOT EXISTS (SELECT locationusers.loccode
221											FROM locationusers
222											WHERE locationusers.userid='" . $SelectedUser . "'
223												AND locationusers.loccode=locations.loccode)
224							ORDER BY locationname");
225
226		if (!isset($_POST['SelectedLocation'])) {
227			echo '<option selected="selected" value="">' . _('Not Yet Selected') . '</option>';
228		}
229		while ($MyRow = DB_fetch_array($Result)) {
230			if (isset($_POST['SelectedLocation']) and $MyRow['loccode'] == $_POST['SelectedLocation']) {
231				echo '<option selected="selected" value="';
232			} else {
233				echo '<option value="';
234			}
235			echo $MyRow['loccode'] . '">' . $MyRow['locationname'] . '</option>';
236
237		} //end while loop
238
239		echo '</select>
240					</td>
241				</tr>
242			</table>'; // close main table
243		DB_free_result($Result);
244
245		echo '<div class="centre">
246				<input type="submit" name="submit" value="' . _('Accept') . '" />
247				<input type="submit" name="Cancel" value="' . _('Cancel') . '" />
248			</div>
249			</form>';
250
251	} // end if user wish to delete
252}
253
254include('includes/footer.php');
255?>
256