From 47bf368903280aa8ebba47f4877200c6fa6f0e95 Mon Sep 17 00:00:00 2001 From: ragu Date: Fri, 24 Mar 2023 08:06:35 +0100 Subject: [PATCH] rental end station restriction --- copri4/main/src/Mod/APIfunc.pm | 18 ++++++------------ copri4/main/src/Mod/Indexsharee.pm | 11 ++++++----- copri4/main/src/Tpl/SubListe.pm | 4 +++- 3 files changed, 15 insertions(+), 18 deletions(-) diff --git a/copri4/main/src/Mod/APIfunc.pm b/copri4/main/src/Mod/APIfunc.pm index 906d4ad..ddbc418 100755 --- a/copri4/main/src/Mod/APIfunc.pm +++ b/copri4/main/src/Mod/APIfunc.pm @@ -2131,7 +2131,7 @@ sub stations_available(){ $station_bike_node = $record_pos->{int12} if(ref($record_pos) eq "HASH" && $record_pos->{int12}); #take start station from pos - my $aa_station = ""; + my $aa_station = 0; $aa_station = $record_pos->{int06} if(ref($record_pos) eq "HASH" && $record_pos->{int06} && $record_pos->{int42}); my $return = {}; @@ -2148,29 +2148,23 @@ sub stations_available(){ #select by bike.type_id bike-group on booking update, to get available stations on bike return by filter logic if(ref($record_pos) eq "HASH" && $record_pos->{int29}){ - $pref_sql .= " and ("; foreach my $type_id (@{$bike_group}){ - #on rental end select only stations which are defined #A-A rental + #on rental-end select only station which is the same as on start and A-A if($station_group && $type_id =~ /(\d+)/ && $aa_station){ my $group_id = $1; if($group_id == $station_group){ - $pref_sql .= " ct.int04 = $aa_station OR"; + $pref_sql = " and ct.int04 = $aa_station and ct.int42=1"; } #A-B rental + #on rental-end select only stations which are in ststion_group and be A-B }elsif($station_group && $type_id =~ /(\d+)/){ my $group_id = $1; if($group_id == $station_group){ - $pref_sql .= " ct.txt25 like '%$group_id%' OR"; + $pref_sql = " and ct.txt25 like '%$group_id%' and ct.int42=0"; } - #without a rental - }elsif(!$station_group && $type_id =~ /(\d+)/){ - my $group_id = $1; - $pref_sql .= " ct.txt25 like '%$group_id%' OR"; } } - $pref_sql =~ s/OR$//; - $pref_sql .= ")"; } #select by bike.main_id Flot only if no booking update, to keep private/hidden Tarif logic else{ @@ -2187,7 +2181,7 @@ sub stations_available(){ $pref_sql = "" if($pref_sql !~ /\d/); - $bw->log("stations_available --> station_bike_node:$station_bike_node|aa_station:$aa_station|bike_node:@{$bike_node}|bike_group:@{$bike_group}|pref_sql:\n",$pref_sql,""); + $bw->log("stations_available --> rental station_bike_node:$station_bike_node|rental aa_station:$aa_station|user has access to bike_node:@{$bike_node}|user has access to bike_group:@{$bike_group}|pref_sql:\n",$pref_sql,""); my $record = {}; $record = $dbt->fetch_record($dbh,$pref,$pref_sql) if(ref($bike_node) eq "ARRAY" && @{$bike_node}[0]); diff --git a/copri4/main/src/Mod/Indexsharee.pm b/copri4/main/src/Mod/Indexsharee.pm index df7668a..6fb3a34 100755 --- a/copri4/main/src/Mod/Indexsharee.pm +++ b/copri4/main/src/Mod/Indexsharee.pm @@ -352,7 +352,7 @@ sub handler { } #DMS Waren - if($node_meta->{ct_table} eq "content"){ + if(($R::rel_edit || $R::base_edit) && $node_meta->{ct_table} eq "content"){ $bw->log("DMS action from $users_dms->{u_id} on $node_meta->{ct_table}",$q,""); if($users_dms->{u_id} && $users_dms->{int01} == 2){ if($R::rel_edit eq "save_relation" && $R::main_id && $R::main_id >= 200000){ @@ -365,13 +365,13 @@ sub handler { $feedb = $pl->new_content($q,$users_dms); }elsif($R::base_edit eq "save_content"){ $feedb = $pl->save_content($q,$users_dms,$node_meta,$R::c_id) if(looks_like_number($R::c_id)); - $apif->stations_caching($q,\%varenv,$users_sharee) if($node_meta->{template_id} =~ /210|225/); + $apif->stations_caching($q,\%varenv,$users_sharee) if($node_meta->{template_id} =~ /210|205|225/); }elsif($R::c_id && $R::base_edit eq "remove_chk4rel"){ my $delete_key = "delete_content"; $feedb->{message} = "failure::Datensatz wirklich löschen. ::?base_edit=$delete_key\&exit_box2=1\&c_id=$R::c_id ::löschen"; }elsif($R::c_id && $R::base_edit eq "delete_content"){ $feedb = $pl->delete_content($node_meta,$R::c_id); - $apif->stations_caching($q,\%varenv,$users_sharee) if($node_meta->{template_id} =~ /210|225/); + $apif->stations_caching($q,\%varenv,$users_sharee) if($node_meta->{template_id} =~ /210|205|225/); } }else{ $feedb->{message} = "failure::Abbruch. Schreibender Zugriff \"Waren Stammdaten\" verweigert."; @@ -379,7 +379,7 @@ sub handler { } #Einstellung - if($node_meta->{ct_table} eq "contentuser"){ + if(($R::rel_edit || $R::base_edit) && $node_meta->{ct_table} eq "contentuser"){ $bw->log("DMS action from $users_dms->{u_id} on $node_meta->{ct_table}",$q,""); if($users_dms->{u_id} && $users_dms->{int08} == 2){ if($R::rel_edit eq "save_ctuser" && $R::main_id && $R::main_id >= 200000){ @@ -400,7 +400,7 @@ sub handler { } #DMS Faktura - if($node_meta->{ct_table} eq "contenttrans"){ + if($R::ct_trans && $node_meta->{ct_table} eq "contenttrans"){ $bw->log("DMS action from $users_dms->{u_id} on $node_meta->{ct_table}",$q,""); my $dbh_primary = $dbt->dbconnect_extern($dbt->{primary}->{sharee_primary}->{database}->{dbname}); my $users_dms_primary = { u_id => 0 }; @@ -436,6 +436,7 @@ sub handler { #DMS Mietjournal if($node_meta->{ct_table} eq "contenttranspos" && $R::base_edit eq "save_pos"){ $feedb = $pl->save_contenttranspos($q,$R::c_id,$users_dms->{u_id}); + $apif->stations_caching($q,\%varenv,$users_sharee); } #DMS insert part or fee diff --git a/copri4/main/src/Tpl/SubListe.pm b/copri4/main/src/Tpl/SubListe.pm index 1025c24..a25d6bf 100755 --- a/copri4/main/src/Tpl/SubListe.pm +++ b/copri4/main/src/Tpl/SubListe.pm @@ -348,7 +348,7 @@ EOF #Statistic file view if($node_meta->{tpl_id} == 195){ - if( -d "$opdir_dms/csv"){ + if( -d "$opdir_dms/csv" && $users_dms->{int08} >= 1){ my @pdfs = $lb->read_dirfiles("$opdir_dms/csv","\.ZIP","file",""); @pdfs = reverse(@pdfs); foreach (@tpl_order){ @@ -360,6 +360,8 @@ EOF } } } + }else{ + $return = "failure::Abbruch. Keine Zugriffsberechtigung"; } } #BIG LOOP loop content table