From 80a446c20f87ee4331746fda1eb71605266f429b Mon Sep 17 00:00:00 2001 From: Flatlogic Bot Date: Mon, 13 Apr 2026 15:20:18 +0000 Subject: [PATCH] update permissions --- events.php | 61 +++++++++++++++++++------- fix.php | 113 ++++++++++++++++++++++++++++++++++++++++++++++++ fix2.php | 74 +++++++++++++++++++++++++++++++ fix_events.php | 113 ++++++++++++++++++++++++++++++++++++++++++++++++ fix_events2.php | 105 ++++++++++++++++++++++++++++++++++++++++++++ users.php | 106 +++++++++++++++++++++++++++++++++++++++------ 6 files changed, 543 insertions(+), 29 deletions(-) create mode 100644 fix.php create mode 100644 fix2.php create mode 100644 fix_events.php create mode 100644 fix_events2.php diff --git a/events.php b/events.php index 56e62ee..e798dc1 100644 --- a/events.php +++ b/events.php @@ -44,7 +44,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_GET['ajax'])) { exit; } - if ($action === 'save' && ($can_add || $can_edit)) { + if ($action === 'save') { $id = $_POST['id'] ?? 0; $title = $_POST['title'] ?? ''; $date = $_POST['event_date'] ?? ''; @@ -58,22 +58,37 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_GET['ajax'])) { exit; } - if ($id && $can_edit) { - $stmt = db()->prepare("UPDATE events SET title=?, description=?, event_date=?, start_time=?, end_time=?, location=? WHERE id=?"); - $stmt->execute([$title, $description, $date, $start_time, $end_time, $location, $id]); - } elseif (!$id && $can_add) { - $stmt = db()->prepare("INSERT INTO events (title, description, event_date, start_time, end_time, location, created_by) VALUES (?, ?, ?, ?, ?, ?, ?)"); - $stmt->execute([$title, $description, $date, $start_time, $end_time, $location, $_SESSION['user_id']]); + try { + if ($id && $can_edit) { + $stmt = db()->prepare("UPDATE events SET title=?, description=?, event_date=?, start_time=?, end_time=?, location=? WHERE id=?"); + $stmt->execute([$title, $description, $date, $start_time, $end_time, $location, $id]); + } elseif (!$id && $can_add) { + $stmt = db()->prepare("INSERT INTO events (title, description, event_date, start_time, end_time, location, created_by) VALUES (?, ?, ?, ?, ?, ?, ?)"); + $stmt->execute([$title, $description, $date, $start_time, $end_time, $location, $_SESSION['user_id']]); + } else { + echo json_encode(['success' => false, 'error' => 'عفواً، لا تملك الصلاحيات الكافية للتقويم (إضافة/تعديل) في هذا الخادم. يرجى تفعيل الصلاحيات من صفحة إدارة المستخدمين.']); + exit; + } + + echo json_encode(['success' => true]); + } catch (Exception $e) { + echo json_encode(['success' => false, 'error' => 'خطأ قاعدة البيانات: ' . $e->getMessage()]); } - - echo json_encode(['success' => true]); exit; } - if ($action === 'delete' && $can_delete) { - $id = $_POST['id'] ?? 0; - db()->prepare("DELETE FROM events WHERE id=?")->execute([$id]); - echo json_encode(['success' => true]); + if ($action === 'delete') { + if (!$can_delete) { + echo json_encode(['success' => false, 'error' => 'لا تملك صلاحية الحذف.']); + exit; + } + try { + $id = $_POST['id'] ?? 0; + db()->prepare("DELETE FROM events WHERE id=?")->execute([$id]); + echo json_encode(['success' => true]); + } catch (Exception $e) { + echo json_encode(['success' => false, 'error' => 'خطأ قاعدة البيانات: ' . $e->getMessage()]); + } exit; } } @@ -249,7 +264,10 @@ function saveEvent() { method: 'POST', body: new FormData(form) }) - .then(r => r.json()) + .then(r => { + if (!r.ok) throw new Error("Network Error"); + return r.json(); + }) .then(res => { if (res.success) { eventModal.hide(); @@ -258,6 +276,10 @@ function saveEvent() { } else { Swal.fire({icon: 'error', title: 'خطأ', text: res.error || 'حدث خطأ أثناء الحفظ'}); } + }) + .catch(err => { + console.error(err); + Swal.fire({icon: 'error', title: 'حدث خطأ غير متوقع', text: 'إما أن جلسة تسجيل الدخول انتهت، أو لا توجد صلاحيات (راجع سجل وحدة التحكم). يرجى تحديث الصفحة والمحاولة مجدداً.'}); }); } @@ -283,13 +305,22 @@ function deleteEvent() { method: 'POST', body: fd }) - .then(r => r.json()) + .then(r => { + if (!r.ok) throw new Error("Network Error"); + return r.json(); + }) .then(res => { if (res.success) { eventModal.hide(); calendar.refetchEvents(); Swal.fire({icon: 'success', title: 'تم الحذف', showConfirmButton: false, timer: 1500}); + } else { + Swal.fire({icon: 'error', title: 'خطأ', text: res.error || 'حدث خطأ أثناء الحذف'}); } + }) + .catch(err => { + console.error(err); + Swal.fire({icon: 'error', title: 'حدث خطأ غير متوقع', text: 'إما أن جلسة تسجيل الدخول انتهت، أو لا توجد صلاحيات. يرجى تحديث الصفحة والمحاولة مجدداً.'}); }); } }); diff --git a/fix.php b/fix.php new file mode 100644 index 0000000..5ce6e80 --- /dev/null +++ b/fix.php @@ -0,0 +1,113 @@ + false, 'error' => 'البيانات الأساسية مطلوبة']); + exit; + } + + if ($id && $can_edit) { + $stmt = db()->prepare("UPDATE events SET title=?, description=?, event_date=?, start_time=?, end_time=?, location=? WHERE id=?"); + $stmt->execute([$title, $description, $date, $start_time, $end_time, $location, $id]); + } elseif (!$id && $can_add) { + $stmt = db()->prepare("INSERT INTO events (title, description, event_date, start_time, end_time, location, created_by) VALUES (?, ?, ?, ?, ?, ?, ?)"); + $stmt->execute([$title, $description, $date, $start_time, $end_time, $location, $_SESSION['user_id']]); + } + + echo json_encode(['success' => true]); + exit; + } +EOD; + +$replace = <<<'EOD' + if ($action === 'save') { + $id = $_POST['id'] ?? 0; + $title = $_POST['title'] ?? ''; + $date = $_POST['event_date'] ?? ''; + $start_time = !empty($_POST['start_time']) ? $_POST['start_time'] : null; + $end_time = !empty($_POST['end_time']) ? $_POST['end_time'] : null; + $location = $_POST['location'] ?? ''; + $description = $_POST['description'] ?? ''; + + if (!$title || !$date) { + echo json_encode(['success' => false, 'error' => 'البيانات الأساسية مطلوبة']); + exit; + } + + try { + if ($id && $can_edit) { + $stmt = db()->prepare("UPDATE events SET title=?, description=?, event_date=?, start_time=?, end_time=?, location=? WHERE id=?"); + $stmt->execute([$title, $description, $date, $start_time, $end_time, $location, $id]); + } elseif (!$id && $can_add) { + $stmt = db()->prepare("INSERT INTO events (title, description, event_date, start_time, end_time, location, created_by) VALUES (?, ?, ?, ?, ?, ?, ?)"); + $stmt->execute([$title, $description, $date, $start_time, $end_time, $location, $_SESSION['user_id']]); + } else { + echo json_encode(['success' => false, 'error' => 'عفواً، لا تملك الصلاحيات الكافية للتقويم (إضافة/تعديل) في هذا الخادم. يرجى تفعيل الصلاحيات من صفحة إدارة المستخدمين.']); + exit; + } + + echo json_encode(['success' => true]); + } catch (Exception $e) { + echo json_encode(['success' => false, 'error' => 'خطأ قاعدة البيانات: ' . $e->getMessage()]); + } + exit; + } +EOD; + +$c = str_replace($search, $replace, $c); + +$search2 = <<<'EOD' + fetch('events.php?ajax=1', { + method: 'POST', + body: new FormData(form) + }) + .then(r => r.json()) + .then(res => { + if (res.success) { + eventModal.hide(); + calendar.refetchEvents(); + Swal.fire({icon: 'success', title: 'تم الحفظ', showConfirmButton: false, timer: 1500}); + } else { + Swal.fire({icon: 'error', title: 'خطأ', text: res.error || 'حدث خطأ أثناء الحفظ'}); + } + }); +EOD; + +$replace2 = <<<'EOD' + fetch('events.php?ajax=1', { + method: 'POST', + body: new FormData(form) + }) + .then(r => { + if (!r.ok) throw new Error("Network Error"); + return r.json(); + }) + .then(res => { + if (res.success) { + eventModal.hide(); + calendar.refetchEvents(); + Swal.fire({icon: 'success', title: 'تم الحفظ', showConfirmButton: false, timer: 1500}); + } else { + Swal.fire({icon: 'error', title: 'خطأ', text: res.error || 'حدث خطأ أثناء الحفظ'}); + } + }) + .catch(err => { + console.error(err); + Swal.fire({icon: 'error', title: 'حدث خطأ غير متوقع', text: 'إما أن جلسة تسجيل الدخول انتهت، أو لا توجد صلاحيات (راجع سجل وحدة التحكم). يرجى تحديث الصفحة والمحاولة مجدداً.'}); + }); +EOD; + +$c = str_replace($search2, $replace2, $c); +file_put_contents('events.php', $c); +echo "Patched events.php successfully.\n"; + diff --git a/fix2.php b/fix2.php new file mode 100644 index 0000000..ea0a79c --- /dev/null +++ b/fix2.php @@ -0,0 +1,74 @@ +prepare("DELETE FROM events WHERE id=?")->execute([$id]); + echo json_encode(['success' => true]); + exit; + } +EOD; + +$replace = <<<'EOD' + if ($action === 'delete') { + if (!$can_delete) { + echo json_encode(['success' => false, 'error' => 'لا تملك صلاحية الحذف.']); + exit; + } + try { + $id = $_POST['id'] ?? 0; + db()->prepare("DELETE FROM events WHERE id=?")->execute([$id]); + echo json_encode(['success' => true]); + } catch (Exception $e) { + echo json_encode(['success' => false, 'error' => 'خطأ قاعدة البيانات: ' . $e->getMessage()]); + } + exit; + } +EOD; + +$c = str_replace($search, $replace, $c); + +$search2 = <<<'EOD' + fetch('events.php?ajax=1', { + method: 'POST', + body: fd + }) + .then(r => r.json()) + .then(res => { + if (res.success) { + eventModal.hide(); + calendar.refetchEvents(); + Swal.fire({icon: 'success', title: 'تم الحذف', showConfirmButton: false, timer: 1500}); + } + }); +EOD; + +$replace2 = <<<'EOD' + fetch('events.php?ajax=1', { + method: 'POST', + body: fd + }) + .then(r => { + if (!r.ok) throw new Error("Network Error"); + return r.json(); + }) + .then(res => { + if (res.success) { + eventModal.hide(); + calendar.refetchEvents(); + Swal.fire({icon: 'success', title: 'تم الحذف', showConfirmButton: false, timer: 1500}); + } else { + Swal.fire({icon: 'error', title: 'خطأ', text: res.error || 'حدث خطأ أثناء الحذف'}); + } + }) + .catch(err => { + console.error(err); + Swal.fire({icon: 'error', title: 'حدث خطأ غير متوقع', text: 'إما أن جلسة تسجيل الدخول انتهت، أو لا توجد صلاحيات. يرجى تحديث الصفحة والمحاولة مجدداً.'}); + }); +EOD; + +$c = str_replace($search2, $replace2, $c); +file_put_contents('events.php', $c); +echo "Patched delete in events.php\n"; + diff --git a/fix_events.php b/fix_events.php new file mode 100644 index 0000000..43b500a --- /dev/null +++ b/fix_events.php @@ -0,0 +1,113 @@ + false, 'error' => 'البيانات الأساسية مطلوبة']); + exit; + } + + if ($id && $can_edit) { + $stmt = db()->prepare("UPDATE events SET title=?, description=?, event_date=?, start_time=?, end_time=?, location=? WHERE id=?"); + $stmt->execute([$title, $description, $date, $start_time, $end_time, $location, $id]); + } elseif (!$id && $can_add) { + $stmt = db()->prepare("INSERT INTO events (title, description, event_date, start_time, end_time, location, created_by) VALUES (?, ?, ?, ?, ?, ?, ?)"); + $stmt->execute([$title, $description, $date, $start_time, $end_time, $location, $_SESSION['user_id']]); + } + + echo json_encode(['success' => true]); + exit; + } +EOT; + +$replace = << false, 'error' => 'البيانات الأساسية مطلوبة']); + exit; + } + + try { + if ($id && $can_edit) { + $stmt = db()->prepare("UPDATE events SET title=?, description=?, event_date=?, start_time=?, end_time=?, location=? WHERE id=?"); + $stmt->execute([$title, $description, $date, $start_time, $end_time, $location, $id]); + } elseif (!$id && $can_add) { + $stmt = db()->prepare("INSERT INTO events (title, description, event_date, start_time, end_time, location, created_by) VALUES (?, ?, ?, ?, ?, ?, ?)"); + $stmt->execute([$title, $description, $date, $start_time, $end_time, $location, $_SESSION['user_id']]); + } else { + echo json_encode(['success' => false, 'error' => 'ليس لديك صلاحية لإضافة أو تعديل الأحداث. يرجى تفعيل هذه الصلاحيات من "إدارة المستخدمين" أولاً.']); + exit; + } + echo json_encode(['success' => true]); + } catch (Exception $e) { + echo json_encode(['success' => false, 'error' => 'خطأ قاعدة البيانات: ' . $e->getMessage()]); + } + exit; + } +EOT; + +$content = str_replace($search, $replace, $content); + +$search2 = << r.json()) + .then(res => { + if (res.success) { + eventModal.hide(); + calendar.refetchEvents(); + Swal.fire({icon: 'success', title: 'تم الحفظ', showConfirmButton: false, timer: 1500}); + } else { + Swal.fire({icon: 'error', title: 'خطأ', text: res.error || 'حدث خطأ أثناء الحفظ'}); + } + }); +EOT; + +$replace2 = << { + if (!r.ok) throw new Error("Network Error"); + return r.json(); + }) + .then(res => { + if (res.success) { + eventModal.hide(); + calendar.refetchEvents(); + Swal.fire({icon: 'success', title: 'تم الحفظ', showConfirmButton: false, timer: 1500}); + } else { + Swal.fire({icon: 'error', title: 'خطأ', text: res.error || 'حدث خطأ أثناء الحفظ'}); + } + }) + .catch(err => { + console.error(err); + Swal.fire({icon: 'error', title: 'حدث خطأ غير متوقع', text: 'ربما تكون جلسة تسجيل الدخول قد انتهت أو لا توجد صلاحيات كافية، يرجى تحديث الصفحة والمحاولة مجدداً.'}); + }); +EOT; + +$content = str_replace($search2, $replace2, $content); + +file_put_contents('events.php', $content); +echo "Patched events.php successfully.\n"; + diff --git a/fix_events2.php b/fix_events2.php new file mode 100644 index 0000000..b0f460c --- /dev/null +++ b/fix_events2.php @@ -0,0 +1,105 @@ + false, 'error' => 'البيانات الأساسية مطلوبة']); + exit; + } + + if (\$id && \$can_edit) { + \$stmt = db()->prepare("UPDATE events SET title=?, description=?, event_date=?, start_time=?, end_time=?, location=? WHERE id=?"); + \$stmt->execute([\$title, \$description, \$date, \$start_time, \$end_time, \$location, \$id]); + } elseif (!\$id && \$can_add) { + \$stmt = db()->prepare("INSERT INTO events (title, description, event_date, start_time, end_time, location, created_by) VALUES (?, ?, ?, ?, ?, ?, ?)"); + \$stmt->execute([\$title, \$description, \$date, \$start_time, \$end_time, \$location, etrieve_SESSION['user_id']]); + } + + echo json_encode(['success' => true]); + exit; + }"; + +$replace = " if (\$action === 'save') { + \$id = etrieve_POST['id'] ?? 0; + \$title = etrieve_POST['title'] ?? ''; + \$date = etrieve_POST['event_date'] ?? ''; + \$start_time = !empty( etrieve_POST['start_time']) ? etrieve_POST['start_time'] : null; + \$end_time = !empty( etrieve_POST['end_time']) ? etrieve_POST['end_time'] : null; + \$location = etrieve_POST['location'] ?? ''; + \$description = etrieve_POST['description'] ?? ''; + + if (!\$title || !\$date) { + echo json_encode(['success' => false, 'error' => 'البيانات الأساسية مطلوبة']); + exit; + } + + try { + if (\$id && \$can_edit) { + \$stmt = db()->prepare("UPDATE events SET title=?, description=?, event_date=?, start_time=?, end_time=?, location=? WHERE id=?"); + \$stmt->execute([\$title, \$description, \$date, \$start_time, \$end_time, \$location, \$id]); + } elseif (!\$id && \$can_add) { + \$stmt = db()->prepare("INSERT INTO events (title, description, event_date, start_time, end_time, location, created_by) VALUES (?, ?, ?, ?, ?, ?, ?)"); + \$stmt->execute([\$title, \$description, \$date, \$start_time, \$end_time, \$location, etrieve_SESSION['user_id']]); + } else { + echo json_encode(['success' => false, 'error' => 'عفواً، لا تملك الصلاحيات الكافية. يرجى تفعيل صلاحيات "الإضافة" أو "التعديل" للتقويم من صفحة إدارة المستخدمين.']); + exit; + } + + echo json_encode(['success' => true]); + } catch (Exception \$e) { + echo json_encode(['success' => false, 'error' => 'خطأ قاعدة البيانات: ' . \$e->getMessage()]); + } + exit; + }"; + +$content = str_replace($search, $replace, $content); + +$search2 = " fetch('events.php?ajax=1', { + method: 'POST', + body: new FormData(form) + }) + .then(r => r.json()) + .then(res => { + if (res.success) { + eventModal.hide(); + calendar.refetchEvents(); + Swal.fire({icon: 'success', title: 'تم الحفظ', showConfirmButton: false, timer: 1500}); + } else { + Swal.fire({icon: 'error', title: 'خطأ', text: res.error || 'حدث خطأ أثناء الحفظ'}); + } + });"; + +$replace2 = " fetch('events.php?ajax=1', { + method: 'POST', + body: new FormData(form) + }) + .then(r => { + if (!r.ok) throw new Error(\"Network Error\"); + return r.json(); + }) + .then(res => { + if (res.success) { + eventModal.hide(); + calendar.refetchEvents(); + Swal.fire({icon: 'success', title: 'تم الحفظ', showConfirmButton: false, timer: 1500}); + } else { + Swal.fire({icon: 'error', title: 'خطأ', text: res.error || 'حدث خطأ أثناء الحفظ'}); + } + }) + .catch(err => { + console.error(err); + Swal.fire({icon: 'error', title: 'حدث خطأ غير متوقع', text: 'إما أن جلسة تسجيل الدخول انتهت، أو لا توجد صلاحيات. يرجى تحديث الصفحة والمحاولة مجدداً.'}); + });"; + +$content = str_replace($search2, $replace2, $content); +file_put_contents('events.php', $content); +echo "Patched events.php successfully.\n"; + diff --git a/users.php b/users.php index b3e7cbd..4ce2b1a 100644 --- a/users.php +++ b/users.php @@ -364,25 +364,57 @@ if (isset($_GET['action']) && $_GET['action'] === 'edit' && isset($_GET['id'])) إضافة تعديل حذف + الكل - $label): ?> - - - - - - - - - - - - - + ['inbound', 'outbound', 'internal', 'reports'], + 'الموارد البشرية' => ['hr_dashboard', 'hr_employees', 'hr_attendance', 'hr_leaves', 'hr_payroll', 'hr_reports'], + 'المخزون' => ['stock_dashboard', 'stock_items', 'stock_in', 'stock_out', 'stock_lending', 'stock_reports', 'stock_settings'], + 'المحاسبة والمصروفات' => ['accounting', 'expenses', 'expense_settings'], + 'اللجان والاجتماعات' => ['committees', 'charity_members', 'charity_plans', 'meetings'], + 'التقويم والأحداث' => ['events'], + 'الإدارة والتنظيم' => ['users', 'settings'] + ]; + foreach ($module_groups as $group_name => $group_keys): + $groupId = md5($group_name); + ?> + + + + +
+ +
+ + + + + + + + + + + + + + + + + +
+ +
+ + + + @@ -407,6 +439,50 @@ if (isset($_GET['action']) && $_GET['action'] === 'edit' && isset($_GET['id'])) let userModal; const modules = ; +function syncToggles() { + document.querySelectorAll('.row-toggle').forEach(toggle => { + const rowId = toggle.dataset.row; + const cbs = document.querySelectorAll(`.row-cb-${rowId}`); + let allChecked = true; + cbs.forEach(cb => { if (!cb.checked) allChecked = false; }); + toggle.checked = cbs.length > 0 && allChecked; + }); + + document.querySelectorAll('.group-toggle').forEach(toggle => { + const groupId = toggle.dataset.group; + const cbs = document.querySelectorAll(`.perm-cb-${groupId}`); + let allChecked = true; + cbs.forEach(cb => { if (!cb.checked) allChecked = false; }); + toggle.checked = cbs.length > 0 && allChecked; + }); +} + +document.addEventListener('DOMContentLoaded', function() { + document.querySelectorAll('.group-toggle').forEach(el => { + el.addEventListener('change', function() { + const groupId = this.dataset.group; + const checked = this.checked; + document.querySelectorAll(`.perm-cb-${groupId}`).forEach(cb => cb.checked = checked); + document.querySelectorAll(`.row-toggle[data-group="${groupId}"]`).forEach(cb => cb.checked = checked); + }); + }); + + document.querySelectorAll('.row-toggle').forEach(el => { + el.addEventListener('change', function() { + const rowId = this.dataset.row; + const checked = this.checked; + document.querySelectorAll(`.row-cb-${rowId}`).forEach(cb => cb.checked = checked); + syncToggles(); + }); + }); + + document.querySelectorAll('[class*="perm-cb-"]').forEach(el => { + el.addEventListener('change', function() { + syncToggles(); + }); + }); +}); + function applyRolePresets(role) { modules.forEach(m => { const view = document.getElementById(`perm_${m}_view`); @@ -433,6 +509,7 @@ function applyRolePresets(role) { } } }); + if(typeof syncToggles !== 'undefined') syncToggles(); } function openUserModal(action, data = null) { @@ -490,6 +567,7 @@ function openUserModal(action, data = null) { pwdHint.textContent = '(اتركه فارغاً للحفاظ على كلمة المرور الحالية)'; } + if(typeof syncToggles !== 'undefined') syncToggles(); userModal.show(); }