prepare("SELECT name FROM roles WHERE id = :role_id"); $stmt->execute([':role_id' => $_SESSION['user_role_id']]); $role = $stmt->fetch(PDO::FETCH_ASSOC); if ($role) { $_SESSION['user_role_name'] = $role['name']; } } catch (PDOException $e) { // Could not fetch role name, do nothing, the check later will handle it } } // Get allowed fields for the current user $allowed_fields_str = can($_SESSION['user_role_id'], 'asset', 'read'); $allowed_fields = []; if ($allowed_fields_str === '*') { // Wildcard means all fields try { $pdo = db(); $stmt = $pdo->query("SHOW COLUMNS FROM assets"); $allowed_fields = $stmt->fetchAll(PDO::FETCH_COLUMN); } catch (PDOException $e) { // Handle error, maybe log it $allowed_fields = []; } } elseif ($allowed_fields_str) { $allowed_fields = explode(',', $allowed_fields_str); } // Function to count total assets function count_assets($search = '', $status = '') { $sql = "SELECT COUNT(*) FROM assets"; $where = []; $params = []; // Role-based filtering for 'Employee' if (isset($_SESSION['user_role_name']) && strtolower($_SESSION['user_role_name']) === 'employee' && isset($_SESSION['user_id'])) { $where[] = "assigned_to = :user_id"; $params[':user_id'] = $_SESSION['user_id']; } if (!empty($search)) { $where[] = "name LIKE :search"; $params[':search'] = "%$search%"; } if (!empty($status)) { $where[] = "status = :status"; $params[':status'] = $status; } if (!empty($where)) { $sql .= " WHERE " . implode(' AND ', $where); } try { $pdo = db(); $stmt = $pdo->prepare($sql); $stmt->execute($params); return $stmt->fetchColumn(); } catch (PDOException $e) { return 0; } } // Function to execute query and return results function get_assets($fields, $search = '', $status = '', $limit = 10, $offset = 0, $sort_by = 'created_at', $sort_order = 'DESC') { if (empty($fields)) { return []; // No read permission } // Always include id for edit/delete links if (!in_array('id', $fields)) { $fields[] = 'id'; } $select_fields = []; $join_users = in_array('assigned_to', $fields); foreach ($fields as $field) { if ($field === 'assigned_to') { // Use a different alias for the user name to avoid conflict with the original column name $select_fields[] = 'users.name AS assigned_to_name'; } // Always select the original assigned_to field for reference if needed $select_fields[] = 'assets.' . $field; } // Remove duplicates that might be caused by adding assets.id and assets.assigned_to $select_fields = array_unique($select_fields); $select_fields_sql = implode(', ', $select_fields); $sql = "SELECT $select_fields_sql FROM assets"; if ($join_users) { $sql .= " LEFT JOIN users ON assets.assigned_to = users.id"; } $where = []; $params = []; // Role-based filtering for 'Employee' if (isset($_SESSION['user_role_name']) && strtolower($_SESSION['user_role_name']) === 'employee' && isset($_SESSION['user_id'])) { $where[] = "assets.assigned_to = :user_id"; $params[':user_id'] = $_SESSION['user_id']; } if (!empty($search)) { // Assuming 'name' is a field that can be searched. if (in_array('name', $fields)) { $where[] = "assets.name LIKE :search"; $params[':search'] = "%$search%"; } } if (!empty($status)) { if (in_array('status', $fields)) { $where[] = "assets.status = :status"; $params[':status'] = $status; } } if (!empty($where)) { $sql .= " WHERE " . implode(' AND ', $where); } // Whitelist sortable columns $sortable_columns = array_merge($fields, ['created_at']); if ($sort_by === 'assigned_to') { $sort_by = 'assigned_to_name'; // Sort by the alias } elseif (in_array($sort_by, $fields)) { $sort_by = 'assets.' . $sort_by; } elseif (!in_array($sort_by, $sortable_columns)) { $sort_by = 'assets.created_at'; } $sort_order = strtoupper($sort_order) === 'ASC' ? 'ASC' : 'DESC'; $sql .= " ORDER BY $sort_by $sort_order LIMIT :limit OFFSET :offset"; $params[':limit'] = $limit; $params[':offset'] = $offset; try { $pdo = db(); $stmt = $pdo->prepare($sql); // Bind parameters separately to handle integer binding for LIMIT and OFFSET foreach ($params as $key => &$val) { if ($key === ':limit' || $key === ':offset') { $stmt->bindParam($key, $val, PDO::PARAM_INT); } else { $stmt->bindParam($key, $val); } } $stmt->execute(); return $stmt->fetchAll(PDO::FETCH_ASSOC); } catch (PDOException $e) { return ['error' => 'Database error: ' . $e->getMessage()]; } } $search = $_GET['search'] ?? ''; $status = $_GET['status'] ?? ''; $page = isset($_GET['page']) ? (int)$_GET['page'] : 1; $limit = 10; $offset = ($page - 1) * $limit; $sort_by = $_GET['sort_by'] ?? 'created_at'; $sort_order = $_GET['sort_order'] ?? 'DESC'; $total_assets = count_assets($search, $status); $total_pages = ceil($total_assets / $limit); $assets = get_assets($allowed_fields, $search, $status, $limit, $offset, $sort_by, $sort_order); function getStatusClass($status) { switch (strtolower($status)) { case 'in service': return 'status-in-service'; case 'under repair': return 'status-under-repair'; case 'retired': return 'status-retired'; default: return ''; } } ?> IC-Inventory

Asset Dashboard

Add New Asset
Asset successfully added!
Asset successfully updated!
Asset successfully deleted!
You do not have permission to access that page.

No assets found.

Get started by adding your first company asset.

Add Asset
Actions
Edit Delete