Merge branch 'master' of https://git.dirt.kz/igor/Metadata_PHP
This commit is contained in:
@ -306,44 +306,49 @@
|
||||
if ($currNode!=null)
|
||||
{
|
||||
//Вернём значение прав доступа для запрошенного объекта
|
||||
$allow=true;
|
||||
/*$allow=false;
|
||||
//$res = $db->query('select a.*,at.name from "_Access" a, "_Actions" at where a.del=false and at.id=a.action_id and at.name=\'Insert_'.$name.'\' and a.group_id in (select group_id from "_UsersGroups" where user_id='.$_SESSION['USER_ID'].');');
|
||||
$res = $db->query('select "getAccess"('.getSQLValue(gettype($_SESSION['USER_ID']),$_SESSION['USER_ID']).',\'Insert_'.$name.'\') as allow;');
|
||||
//$allow=true;
|
||||
$allow=false;
|
||||
//$sql_query='select a.*,at.name from "_Access" a, "_Actions" at where a.del=false and at.id=a.action_id and at.name=\'Insert_'.$name.'\' and a.group_id in (select group_id from "_UsersGroups" where user_id='.$_SESSION['USER_ID'].');'
|
||||
$sql_query='select main.p_getaccess('.getSQLValue(gettype($_SESSION['USER_ID']),$_SESSION['USER_ID']).',\'Insert_'.$name.'\') as allow;';
|
||||
|
||||
$res = $db->query($sql_query);
|
||||
while ($row = $res->fetch(PDO::FETCH_ASSOC))// $row - ассоциативный массив значений, ключи - названия столбцов
|
||||
{
|
||||
$allow=$allow || ($row['allow'] == 't');
|
||||
}*/
|
||||
}
|
||||
$xmlAttr = $objXMLDocument->createAttribute("ins"); //insert
|
||||
$xmlAttr->nodeValue = $allow ? "1" : "0";
|
||||
$currNode->setAttributeNode($xmlAttr);
|
||||
|
||||
/*$allow=false;
|
||||
//$res = $db->query('select a.*,at.name from "_Access" a, "_Actions" at where a.del=false and at.id=a.action_id and at.name=\'Update_'.$name.'\' and a.group_id in (select group_id from "_UsersGroups" where user_id='.$_SESSION['USER_ID'].');');
|
||||
$res = $db->query('select "getAccess"('.getSQLValue(gettype($_SESSION['USER_ID']),$_SESSION['USER_ID']).',\'Update_'.$name.'\') as allow;');
|
||||
$allow=false;
|
||||
//$sql_query='select a.*,at.name from "_Access" a, "_Actions" at where a.del=false and at.id=a.action_id and at.name=\'Update_'.$name.'\' and a.group_id in (select group_id from "_UsersGroups" where user_id='.$_SESSION['USER_ID'].');';
|
||||
$sql_query='select main.p_getaccess('.getSQLValue(gettype($_SESSION['USER_ID']),$_SESSION['USER_ID']).',\'Update_'.$name.'\') as allow;';
|
||||
$res = $db->query($sql_query);
|
||||
while ($row = $res->fetch(PDO::FETCH_ASSOC))// $row - ассоциативный массив значений, ключи - названия столбцов
|
||||
{
|
||||
$allow=$allow || ($row['allow'] == 't');
|
||||
}*/
|
||||
}
|
||||
$xmlAttr = $objXMLDocument->createAttribute("upd"); //insert
|
||||
$xmlAttr->nodeValue = $allow ? "1" : "0";
|
||||
$currNode->setAttributeNode($xmlAttr);
|
||||
|
||||
/*$allow=false;
|
||||
//$res = $db->query('select a.*,at.name from "_Access" a, "_Actions" at where a.del=false and at.id=a.action_id and at.name=\'Delete_'.$name.'\' and a.group_id in (select group_id from "_UsersGroups" where user_id='.$_SESSION['USER_ID'].');');
|
||||
$res = $db->query('select "getAccess"('.getSQLValue(gettype($_SESSION['USER_ID']),$_SESSION['USER_ID']).',\'Delete_'.$name.'\') as allow;');
|
||||
$allow=false;
|
||||
//$sql_query='select a.*,at.name from "_Access" a, "_Actions" at where a.del=false and at.id=a.action_id and at.name=\'Delete_'.$name.'\' and a.group_id in (select group_id from "_UsersGroups" where user_id='.$_SESSION['USER_ID'].');';
|
||||
$sql_query='select main.p_getaccess('.getSQLValue(gettype($_SESSION['USER_ID']),$_SESSION['USER_ID']).',\'Delete_'.$name.'\') as allow;';
|
||||
$res = $db->query($sql_query);
|
||||
while ($row = $res->fetch(PDO::FETCH_ASSOC))// $row - ассоциативный массив значений, ключи - названия столбцов
|
||||
{
|
||||
$allow=$allow || ($row['allow'] == 't');
|
||||
}*/
|
||||
}
|
||||
$xmlAttr = $objXMLDocument->createAttribute("del"); //delete
|
||||
$xmlAttr->nodeValue = $allow ? "1" : "0";
|
||||
$currNode->setAttributeNode($xmlAttr);
|
||||
|
||||
$allow=true;
|
||||
$xmlAttr = $objXMLDocument->createAttribute("sel"); //select
|
||||
$xmlAttr->nodeValue = $allow ? "1" : "0";
|
||||
$currNode->setAttributeNode($xmlAttr);
|
||||
|
||||
|
||||
//Удаляем все запросы из узла
|
||||
for($i=0;$i<5;$i++)
|
||||
{ $nsql=findFirstNode($currNode, "sql-query");
|
||||
|
||||
@ -892,7 +892,10 @@ class TRequest
|
||||
|
||||
//загрузился xml документ начинаем его разбирать (по id функции в документе)
|
||||
var xmldoc = xmlHttpRequest.responseXML;
|
||||
if(xmldoc==null) alert(_('Wrong_XML_document')+"!\nXML=("+xmlHttpRequest.responseText+')\nURL=('+url+')\nxmlString=('+xmlString+')');
|
||||
if(xmldoc==null){
|
||||
alert(_('Wrong_XML_document')+"!\nXML=("+xmlHttpRequest.responseText+')\nURL=('+url+')\nxmlString=('+xmlString+')');
|
||||
return;
|
||||
}
|
||||
|
||||
var node = xmldoc.documentElement;
|
||||
if((node==null)||(node.getAttribute("fn")==null)) alert(_('Error')+"\n"+_('No_data')+"!\n"+xmlHttpRequest.responseText);
|
||||
|
||||
Reference in New Issue
Block a user