- \ No newline at end of file + diff --git a/index.php b/index.php index e135af4..be8571e 100644 --- a/index.php +++ b/index.php @@ -10,8 +10,8 @@ $user_id = $_SESSION['user_id']; $is_admin = isAdmin(); // Stats -$total_inbound = db()->query("SELECT COUNT(*) FROM mailbox WHERE type = 'inbound'")->fetchColumn(); -$total_outbound = db()->query("SELECT COUNT(*) FROM mailbox WHERE type = 'outbound'")->fetchColumn(); +$total_inbound = canView('inbound') ? db()->query("SELECT COUNT(*) FROM mailbox WHERE type = 'inbound'")->fetchColumn() : 0; +$total_outbound = canView('outbound') ? db()->query("SELECT COUNT(*) FROM mailbox WHERE type = 'outbound'")->fetchColumn() : 0; // Fetch statuses for badge and count $statuses_data = db()->query("SELECT * FROM mailbox_statuses")->fetchAll(PDO::FETCH_UNIQUE); @@ -26,35 +26,60 @@ foreach ($statuses_data as $id => $s) { } $in_progress_count = 0; if ($in_progress_id) { - $stmt = db()->prepare("SELECT COUNT(*) FROM mailbox WHERE status_id = ?"); - $stmt->execute([$in_progress_id]); - $in_progress_count = $stmt->fetchColumn(); + $where_types = []; + if (canView('inbound')) $where_types[] = "'inbound'"; + if (canView('outbound')) $where_types[] = "'outbound'"; + + if (!empty($where_types)) { + $types_sql = implode(',', $where_types); + $stmt = db()->prepare("SELECT COUNT(*) FROM mailbox WHERE status_id = ? AND type IN ($types_sql)"); + $stmt->execute([$in_progress_id]); + $in_progress_count = $stmt->fetchColumn(); + } } // My Assignments -$my_assignments = db()->prepare("SELECT m.*, s.name as status_name, s.color as status_color - FROM mailbox m - LEFT JOIN mailbox_statuses s ON m.status_id = s.id - WHERE m.assigned_to = ? - ORDER BY m.created_at DESC LIMIT 5"); -$my_assignments->execute([$user_id]); -$my_assignments = $my_assignments->fetchAll(); +$my_assignments = []; +$assignment_types = []; +if (canView('inbound')) $assignment_types[] = "'inbound'"; +if (canView('outbound')) $assignment_types[] = "'outbound'"; +if (canView('internal')) $assignment_types[] = "'internal'"; + +if (!empty($assignment_types)) { + $types_sql = implode(',', $assignment_types); + $my_assignments = db()->prepare("SELECT m.*, s.name as status_name, s.color as status_color + FROM mailbox m + LEFT JOIN mailbox_statuses s ON m.status_id = s.id + WHERE m.assigned_to = ? AND m.type IN ($types_sql) + ORDER BY m.created_at DESC LIMIT 5"); + $my_assignments->execute([$user_id]); + $my_assignments = $my_assignments->fetchAll(); +} // Recent Mail (Global for Admin/Clerk, otherwise limited) -$recent_mail_query = "SELECT m.*, s.name as status_name, s.color as status_color, u.full_name as assigned_to_name - FROM mailbox m - LEFT JOIN mailbox_statuses s ON m.status_id = s.id - LEFT JOIN users u ON m.assigned_to = u.id"; +$recent_mail = []; +$recent_types = []; +if (canView('inbound')) $recent_types[] = "'inbound'"; +if (canView('outbound')) $recent_types[] = "'outbound'"; -if (!$is_admin && ($_SESSION['user_role'] ?? '') !== 'clerk') { - $recent_mail_query .= " WHERE m.assigned_to = ? OR m.created_by = ?"; - $recent_stmt = db()->prepare($recent_mail_query . " ORDER BY m.created_at DESC LIMIT 10"); - $recent_stmt->execute([$user_id, $user_id]); -} else { - $recent_stmt = db()->prepare($recent_mail_query . " ORDER BY m.created_at DESC LIMIT 10"); - $recent_stmt->execute(); +if (!empty($recent_types)) { + $types_sql = implode(',', $recent_types); + $recent_mail_query = "SELECT m.*, s.name as status_name, s.color as status_color, u.full_name as assigned_to_name + FROM mailbox m + LEFT JOIN mailbox_statuses s ON m.status_id = s.id + LEFT JOIN users u ON m.assigned_to = u.id + WHERE m.type IN ($types_sql)"; + + if (!$is_admin && ($_SESSION['user_role'] ?? '') !== 'clerk') { + $recent_mail_query .= " AND (m.assigned_to = ? OR m.created_by = ?)"; + $recent_stmt = db()->prepare($recent_mail_query . " ORDER BY m.created_at DESC LIMIT 10"); + $recent_stmt->execute([$user_id, $user_id]); + } else { + $recent_stmt = db()->prepare($recent_mail_query . " ORDER BY m.created_at DESC LIMIT 10"); + $recent_stmt->execute(); + } + $recent_mail = $recent_stmt->fetchAll(); } -$recent_mail = $recent_stmt->fetchAll(); function getStatusBadge($mail) { $status_name = $mail['status_name'] ?? 'غير معروف'; @@ -74,33 +99,44 @@ function getStatusBadge($mail) {

لوحة التحكم الإدارية

+ الإعدادات + + إضافة بريد وارد + + إضافة بريد صادر +