diff --git a/system/controllers/settings.php b/system/controllers/settings.php index cdb418e6..04c4f2d8 100644 --- a/system/controllers/settings.php +++ b/system/controllers/settings.php @@ -170,7 +170,6 @@ switch ($action) { } } $ui->assign('admins', $admins); - $ui->assign('d', $d); $ui->assign('search', $search); $ui->assign('paginator', $paginator); @@ -183,6 +182,7 @@ switch ($action) { r2(U . "dashboard", 'e', Lang::T('You do not have permission to access this page')); } $ui->assign('_title', Lang::T('Add User')); + $ui->assign('agents', ORM::for_table('tbl_users')->where('user_type', 'Agent')->find_many()); $ui->display('users-add.tpl'); break; @@ -197,13 +197,17 @@ switch ($action) { } else { if ($admin['user_type'] == 'SuperAdmin') { $d = ORM::for_table('tbl_users')->find_one($id); + $ui->assign('agents', ORM::for_table('tbl_users')->where('user_type', 'Agent')->find_many()); } else if ($admin['user_type'] == 'Admin') { $d = ORM::for_table('tbl_users')->where_any_is([ ['user_type' => 'Report'], ['user_type' => 'Agent'], ['user_type' => 'Sales'] ])->find_one($id); + $ui->assign('agents', ORM::for_table('tbl_users')->where('user_type', 'Agent')->find_many()); } else { + // Agent cannot move Sales to other Agent + $ui->assign('agents', ORM::for_table('tbl_users')->where('id', $admin['id'])->find_many()); $d = ORM::for_table('tbl_users')->where('root', $admin['id'])->find_one($id); } } @@ -247,6 +251,7 @@ switch ($action) { $subdistrict = _post('subdistrict'); $ward = _post('ward'); $send_notif = _post('send_notif'); + $root = _post('root'); $msg = ''; if (Validator::Length($username, 45, 2) == false) { $msg .= Lang::T('Username should be between 3 to 45 characters') . '
'; @@ -279,7 +284,10 @@ switch ($action) { $d->status = 'Active'; $d->creationdate = $date_now; if ($admin['user_type'] == 'Agent') { + // Prevent hacking from form $d->root = $admin['id']; + }else if($user_type == 'Sales'){ + $d->root = $root; } $d->save(); @@ -308,6 +316,7 @@ switch ($action) { $subdistrict = _post('subdistrict'); $ward = _post('ward'); $status = _post('status'); + $root = _post('root'); $msg = ''; if (Validator::Length($username, 45, 2) == false) { $msg .= Lang::T('Username should be between 3 to 45 characters') . '
'; @@ -370,6 +379,13 @@ switch ($action) { $d->ward = $ward; $d->status = $status; + if ($admin['user_type'] == 'Agent') { + // Prevent hacking from form + $d->root = $admin['id']; + }else if($user_type == 'Sales'){ + $d->root = $root; + } + $d->save(); _log('[' . $admin['username'] . ']: $username ' . Lang::T('User Updated Successfully'), $admin['user_type'], $admin['id']); diff --git a/system/lan/english.json b/system/lan/english.json index ba1370ad..483626f8 100644 --- a/system/lan/english.json +++ b/system/lan/english.json @@ -411,5 +411,7 @@ "Agent": "Agent", "Send To Customer": "Send To Customer", "Code": "Code", - "Generated By": "Generated By" + "Generated By": "Generated By", + "Report Viewer": "Report Viewer", + "Super Administrator": "Super Administrator" } \ No newline at end of file diff --git a/ui/ui/users-add.tpl b/ui/ui/users-add.tpl index 8c7424f2..f2eae010 100644 --- a/ui/ui/users-add.tpl +++ b/ui/ui/users-add.tpl @@ -46,22 +46,32 @@
- {if $_admin['user_type'] eq 'Agent'} - + {/if} {if $_admin['user_type'] eq 'Admin' || $_admin['user_type'] eq 'SuperAdmin'} - - - + + + {/if} {if $_admin['user_type'] eq 'SuperAdmin'} - - + + {/if}
+
@@ -94,4 +104,16 @@ Or {Lang::T('Cancel')}
+{literal} + +{/literal} + {include file="sections/footer.tpl"} \ No newline at end of file diff --git a/ui/ui/users-edit.tpl b/ui/ui/users-edit.tpl index a9f0e85c..926bfe09 100644 --- a/ui/ui/users-edit.tpl +++ b/ui/ui/users-edit.tpl @@ -87,6 +87,16 @@
+
+ +
+ +
+
{/if}
@@ -120,4 +130,15 @@
+{literal} + +{/literal} {include file="sections/footer.tpl"} \ No newline at end of file