diff --git a/APPL/API2/model_reportcolumns.inc b/APPL/API2/model_reportcolumns.inc
index d02dda16f5..6b194df171 100644
--- a/APPL/API2/model_reportcolumns.inc
+++ b/APPL/API2/model_reportcolumns.inc
@@ -25,7 +25,7 @@ function model_reportcolumns(usrrap_key, params)
this.record_name = "column";
this.records_title = L("lcl_rap_columns");
this.record_title = L("lcl_rap_column");
- this.autfunction = "WEB_PRSSYS",
+ this.autfunction = "WEB_UDRMAN",
this.edit = { modal: true };
this.fields =
@@ -117,10 +117,11 @@ function model_reportcolumns(usrrap_key, params)
if (i != -1)
view_name_short = view_name_short.substring(i+1);
+ var hasFACFAC = user.checkAutorisation("WEB_FACFAC", true); // Die mag ook tabellen doen
var sql = "SELECT object_name, object_type, last_ddl_time, status"
+ " FROM user_objects"
+ " WHERE "
- + (user.oslogin() == "_FACILITOR" ? "object_type IN ('VIEW', 'TABLE')" : " object_type = 'VIEW'")
+ + (hasFACFAC ? "object_type IN ('VIEW', 'TABLE')" : " object_type = 'VIEW'")
+ " AND object_name = UPPER(" + safe.quoted_sql(view_name_short) + ")";
var oRs = Oracle.Execute(sql);
if (oRs.Eof)
diff --git a/APPL/API2/model_reportsx.inc b/APPL/API2/model_reportsx.inc
index 87b4b9669f..2deebf4595 100644
--- a/APPL/API2/model_reportsx.inc
+++ b/APPL/API2/model_reportsx.inc
@@ -80,13 +80,15 @@ function model_reportsx(usrrap_key, rapparams)
this._check_authorization = function(params, method)
{
params.message = "";
- var autfunction = "WEB_PRSSYS";
+ var autfunction = "WEB_UDRMAN";
params.authparams = user.checkAutorisation(autfunction); // pessimistisch
};
+ var hasFACFAC = user.checkAutorisation("WEB_FACFAC", true); // Die mag ook tabellen doen
+
this._analyze_fields = function (dbfields, params, jsondata) /* analyseer inkomende data, common voor PUT en POST */
{
- if (user.oslogin() != "_FACILITOR") // Die mag alles
+ if (hasFACFAC) // Die mag alles
{
// viewname zit alleen in dbfields als het een insert is. In edit-mode is dit veld readonly, dus niet in dbfields.
if ("viewname" in dbfields)
@@ -126,7 +128,7 @@ function model_reportsx(usrrap_key, rapparams)
var wheres = api2.sqlfilter(params, this);
query.wheres = query.wheres.concat(wheres);
- var authparams = user.checkAutorisation("WEB_PRSSYS", true);
+ var authparams = user.checkAutorisation("WEB_UDRMAN", true);
if (!authparams)
{
query.wheres.push("(fac_functie_key IN"
@@ -222,7 +224,7 @@ function model_reportsx(usrrap_key, rapparams)
if (!rapparams.internal)
{
- if (user.oslogin() == "_FACILITOR")
+ if (hasFACFAC)
settings.overrule_setting("fac_usrrap_mode", 1); // _FACILITOR mag alles
else
{
@@ -235,7 +237,7 @@ function model_reportsx(usrrap_key, rapparams)
this.fields["pivot"].readonly = true;
this.fields["graph"].readonly = true;
}
- if (!user.checkAutorisation("WEB_PRSSYS", true))
+ if (!user.checkAutorisation("WEB_UDRMAN", true))
{ // Dit heeft betrekking op de zoekvelden van appl/fac/fac_reportx_show.asp?mode=search
// Omdat wij standaard linken naar mode=list speelt dit zelden.
for (var fld in this.fields)
diff --git a/APPL/FAC/fac_edit_api.asp b/APPL/FAC/fac_edit_api.asp
index 4bc65b1bd8..033cd39ff0 100644
--- a/APPL/FAC/fac_edit_api.asp
+++ b/APPL/FAC/fac_edit_api.asp
@@ -19,7 +19,7 @@ FCLTHeader.Requires({ plugins:["jQuery"] })
var api_key = getQParamInt("api_key", -1);
-user.auth_required_or_abort(user.oslogin() == "_FACILITOR");
+var hasFACFAC = user.checkAutorisation("WEB_FACFAC");
var api_name;
var api_omschrijving;
@@ -37,7 +37,7 @@ function prettyJson(j)
{
try
{
- var xx = JSON.stringify(eval("("+j + ")"), null, 2);
+ var xx = JSON.stringify(eval("(" + j + ")"), null, 2);
if (xx == "null")
return "";
return xx;
@@ -53,16 +53,16 @@ if (api_key > 0)
var sql = "SELECT * FROM fac_api a"
+ " WHERE fac_api_key =" + api_key;
var oRs = Oracle.Execute(sql);
- api_name = oRs("fac_api_name").Value;
- api_omschrijving = oRs("fac_api_omschrijving").Value;
- api_filepath = oRs("fac_api_filepath").Value;
- api_loglevel = oRs("fac_api_loglevel").Value;
- usrrap_key = oRs("fac_usrrap_key").Value;
- api_viewmapping_json = prettyJson(oRs("fac_api_viewmapping_json").Value);
- api_stylesheet = oRs("fac_api_stylesheet").Value;
- import_app_key = oRs("fac_import_app_key").Value;
- api_options_json = prettyJson(oRs("fac_api_options_json").Value);
-
+ var api_name = oRs("fac_api_name").Value;
+ var api_omschrijving = oRs("fac_api_omschrijving").Value;
+ var api_filepath = oRs("fac_api_filepath").Value;
+ var api_loglevel = oRs("fac_api_loglevel").Value;
+ var usrrap_key = oRs("fac_usrrap_key").Value;
+ var api_viewmapping_json = prettyJson(oRs("fac_api_viewmapping_json").Value);
+ var api_stylesheet = oRs("fac_api_stylesheet").Value;
+ var import_app_key = oRs("fac_import_app_key").Value;
+ var api_options_json = prettyJson(oRs("fac_api_options_json").Value);
+ oRs.Close();
}
%>
diff --git a/APPL/FAC/fac_edit_api_save.asp b/APPL/FAC/fac_edit_api_save.asp
index 4f60456c61..4350edfcd9 100644
--- a/APPL/FAC/fac_edit_api_save.asp
+++ b/APPL/FAC/fac_edit_api_save.asp
@@ -21,7 +21,7 @@ var JSON_Result = true;
<%
var api_key = getQParamInt("api_key", -1 );
-user.auth_required_or_abort(user.oslogin() == "_FACILITOR");
+var hasFACFAC = user.checkAutorisation("WEB_FACFAC");
var viewoptions = getFParam("fac_api_options_json", "");
if (viewoptions)
diff --git a/APPL/FAC/fac_edit_template.asp b/APPL/FAC/fac_edit_template.asp
index 6e0fd23674..3f185a2557 100644
--- a/APPL/FAC/fac_edit_template.asp
+++ b/APPL/FAC/fac_edit_template.asp
@@ -24,7 +24,7 @@ function prettyJson(j)
{
try
{
- var xx = JSON.stringify(eval("("+j + ")"), null, 2);
+ var xx = JSON.stringify(eval("(" + j + ")"), null, 2);
if (xx == "null")
return "";
return xx;
@@ -35,8 +35,6 @@ function prettyJson(j)
};
};
-//var canChange = (user.oslogin() == "_FACILITOR");
-
%>
diff --git a/APPL/FAC/fac_setting.asp b/APPL/FAC/fac_setting.asp
index 11af41f1f8..5cfe8d9a2c 100644
--- a/APPL/FAC/fac_setting.asp
+++ b/APPL/FAC/fac_setting.asp
@@ -19,9 +19,9 @@ FCLTHeader.Requires({ plugins:["jQuery"],
var fac_key = getQParamInt("fac_key");
-var autfunction = "WEB_PRSSYS";
-var authparams = user.checkAutorisation(autfunction);
-
+var authPRSSYS = user.checkAutorisation("WEB_PRSSYS");
+var authFACFAC = user.checkAutorisation("WEB_FACFAC", true);
+var authFACTAB = user.checkAutorisation("WEB_FACTAB", true);
function prettyJson(j)
{
@@ -44,11 +44,14 @@ var sql = "SELECT * FROM fac_setting s, prs_v_perslid_fullnames pf"
var oRs = Oracle.Execute(sql);
-if (user.oslogin() != "_FACILITOR")
+if (!authFACFAC)
user.auth_required_or_abort(oRs("fac_setting_flags").Value & 1); // moet zichtbaar zijn voor PRSSYS
-var isProtected = (oRs("fac_setting_flags").Value & 2) == 0;
-var canChange = (user.oslogin() == "_FACILITOR" || !isProtected); // 2 is wijzigbaar PRSSYS
+var functie_key = oRs("fac_functie_key").Value;
+var isProtected = (functie_key != authPRSSYS.autfunctionkey);
+canChange = (!isProtected ||
+ authFACFAC && functie_key == authFACFAC.autfunctionkey ||
+ authFACTAB && functie_key == authFACTAB.autfunctionkey)
%>
diff --git a/APPL/FAC/fac_setting_save.asp b/APPL/FAC/fac_setting_save.asp
index 8936ea3c34..bd35d11c63 100644
--- a/APPL/FAC/fac_setting_save.asp
+++ b/APPL/FAC/fac_setting_save.asp
@@ -19,41 +19,46 @@
<% FCLTHeader.Requires({ plugins:["jQuery"] }) %>
<%
- var fac_key = getQParamInt( "fac_key", -1 );
+var fac_key = getQParamInt( "fac_key" );
- var autfunction = "WEB_PRSSYS";
- var authparams = user.checkAutorisation(autfunction);
+var authPRSSYS = user.checkAutorisation("WEB_PRSSYS");
+var authFACFAC = user.checkAutorisation("WEB_FACFAC", true);
+var authFACTAB = user.checkAutorisation("WEB_FACTAB", true);
- var sql = "SELECT * FROM fac_setting s"
- + " WHERE fac_setting_key ="+fac_key;
+var sql = "SELECT * FROM fac_setting s"
+ + " WHERE fac_setting_key ="+fac_key;
- var oRs = Oracle.Execute(sql);
- var canChange = (user.oslogin() == "_FACILITOR" || oRs("fac_setting_flags").Value & 2); // 2 is wijzigbaar PRSSYS
+var oRs = Oracle.Execute(sql);
- user.auth_required_or_abort(canChange);
+var functie_key = oRs("fac_functie_key").Value;
+var isProtected = (functie_key != authPRSSYS.autfunctionkey);
+canChange = (!isProtected ||
+ authFACFAC && functie_key == authFACFAC.autfunctionkey ||
+ authFACTAB && functie_key == authFACTAB.autfunctionkey)
- var pvalue = getFParam("pvalue", "");
- if (oRs("fac_setting_type").value == 'float')
- {
- pvalue = pvalue.replace(",", ".");
- }
+user.auth_required_or_abort(canChange);
- var fields = [ { dbs: "fac_setting_pvalue", typ: "varchar", val: pvalue, len: 1024 },
- { dbs: "fac_setting_datum", typ: "sql", val: "SYSDATE" },
- { dbs: "prs_perslid_key", typ: "key", val: user_key }];
+var pvalue = getFParam("pvalue", "");
+if (oRs("fac_setting_type").value == 'float')
+{
+ pvalue = pvalue.replace(",", ".");
+}
+
+var fields = [ { dbs: "fac_setting_pvalue", typ: "varchar", val: pvalue, len: 1024 },
+ { dbs: "fac_setting_datum", typ: "sql", val: "SYSDATE" },
+ { dbs: "prs_perslid_key", typ: "key", val: user_key }];
var warning = "";
-if (fac_key > 0)
- {
- sql = buildUpdate("fac_setting", fields)
- + " fac_setting_key = " + fac_key;
- var err = Oracle.Execute(sql, true);
- if (err.friendlyMsg)
- warning = err.friendlyMsg;
- settings.loadSET(true); // Forceer caching opnieuw
- }
-%>
+sql = buildUpdate("fac_setting", fields)
+ + " fac_setting_key = " + fac_key;
+
+var err = Oracle.Execute(sql, true);
+if (err.friendlyMsg)
+ warning = err.friendlyMsg;
+settings.loadSET(true); // Forceer caching opnieuw
+
+ %>
<% FCLTHeader.Generate() %>
diff --git a/APPL/FAC/fac_settings_list.asp b/APPL/FAC/fac_settings_list.asp
index e522b8df34..efb97196ce 100644
--- a/APPL/FAC/fac_settings_list.asp
+++ b/APPL/FAC/fac_settings_list.asp
@@ -27,6 +27,7 @@ var outputmode = getQParamInt("outputmode", 0);
var autfunction = "WEB_PRSSYS";
var authparams = user.checkAutorisation(autfunction);
+var hasFACFAC = user.checkAutorisation("WEB_FACFAC", true);
FCLTHeader.Requires({ plugins: ["jQuery"] })
%>
@@ -46,18 +47,22 @@ FCLTHeader.Requires({ plugins: ["jQuery"] })
}
<%
- var sqln = "SELECT * FROM fac_setting s, prs_v_perslid_fullnames pf"
+ var sqln = "SELECT *"
+ + " FROM fac_setting s, "
+ + " fac_functie f, "
+ + " prs_v_perslid_fullnames pf"
+ " WHERE s.prs_perslid_key = pf.prs_perslid_key(+)"
- + (zoek ? " AND (UPPER(fac_setting_name) LIKE " + safe.quoted_sql_wild("%" + zoek + "%")
+ + " AND s.fac_functie_key = f.fac_functie_key"
+ + (zoek ? " AND (UPPER(fac_setting_name) LIKE " + safe.quoted_sql_wild("%" + zoek + "%")
+ " OR UPPER(fac_setting_description) LIKE " + safe.quoted_sql_wild("%" + zoek + "%")
- + " OR UPPER(fac_setting_default) LIKE " + safe.quoted_sql_wild("%" + zoek + "%")
- + " OR UPPER(fac_setting_pvalue) LIKE " + safe.quoted_sql_wild("%" + zoek + "%")
+ + " OR UPPER(fac_setting_default) LIKE " + safe.quoted_sql_wild("%" + zoek + "%")
+ + " OR UPPER(fac_setting_pvalue) LIKE " + safe.quoted_sql_wild("%" + zoek + "%")
+ ")"
: "")
+ (smodule != "-1"
? "AND fac_setting_module = " + safe.quoted_sql(smodule)
: "")
- + (user.oslogin() != "_FACILITOR"
+ + (!hasFACFAC
? " AND BITAND (fac_setting_flags, 1) = 1" // zichtbaar voor PRSSYS
:"")
+ " ORDER BY fac_setting_name";
@@ -88,10 +93,9 @@ function prettyJson(j)
}
function fnprotected(oRs)
{
- if (oRs("fac_setting_flags").Value & 2)
+ if (oRs("fac_functie_code").Value == 'WEB_PRSSYS')
return "";
- else
- return "Protected";
+ return "Protected";
}
var rst = new ResultsetTable({ sql: sqln,
keyColumn: "fac_setting_key",
diff --git a/APPL/FAC/fac_show_api.asp b/APPL/FAC/fac_show_api.asp
index 5fe5a550a7..7c652f337a 100644
--- a/APPL/FAC/fac_show_api.asp
+++ b/APPL/FAC/fac_show_api.asp
@@ -20,7 +20,8 @@ var api_key = getQParamInt("api_key");
var autfunction = "WEB_PRSSYS";
var authparams = user.checkAutorisation(autfunction);
-var canChange = (user.oslogin() == "_FACILITOR");
+var canChange = user.checkAutorisation("WEB_FACFAC", true);
+
canChange = true;
var sql = "SELECT * FROM fac_api a"
diff --git a/APPL/PDA/reservering.asp b/APPL/PDA/reservering.asp
index 2726d9d96a..93e4a9ef37 100644
--- a/APPL/PDA/reservering.asp
+++ b/APPL/PDA/reservering.asp
@@ -16,8 +16,11 @@
-
-
+
+
+
+
+
@@ -553,7 +556,22 @@ else
if (this_res.canChange || rsv_ruimte_key == -1)
BUTTON((rsv_ruimte_key > -1 ? L("lcl_submit") : L("lcl_newsubmit")), {click: "res_submit()", dataicon: "refresh"});
if (this_res.canChange && rsv_ruimte_key > -1)
- BUTTON(L("lcl_mobile_bezoek"), {click: "res_vis()", dataicon: "grid"});
+ BUTTON(L("lcl_mobile_bezoek"), {click: "res_vis()", dataicon: "grid"});
+ // Toon meldingenknop als er bijbehorende lopende meldingen zijn en ik die mag zien (kan vast nog scherper)
+ if (user.checkAutorisation( "WEB_MLDBOF", true)) {
+ // De prijs is wel dat ik mld.inc moet includen..
+ var perform=false; // ???? JGL: MLD.INC gebruikt deze illegaal globaal
+ var frontend=false;
+ var tsql = "SELECT COUNT(m.mld_melding_key), MAX(m.mld_melding_key)"+ mld.getfromwherelist_sql("WEB_MLDBOF", {"rsv_ruimte_key": rsv_ruimte_key})
+ + " AND m.mld_melding_status IN (0,2,3,4,7)";
+ toRs = Oracle.Execute(tsql);
+ if (toRs(0).value == 1) { // eentje slechts, dan naar de details; max is vanzelfsprekend die ene
+ BUTTON(L("lcl_mobile_meldingen")+ " (1)", {linkid: "./melding.asp?mld_key="+toRs(1).value , dataicon: "alert", dataajax: 'false'});
+ } else if (toRs(0).value > 0) { // meerdere, dan naar lijst
+ BUTTON(L("lcl_mobile_meldingen")+" ("+toRs(0).value+")", {linkid: "./mld_list.asp?res_rsv_ruimte_key="+rsv_ruimte_key , dataicon: "alert", dataajax: 'false'});
+ }
+ }
+
CONTROLGROUP_END()
IFACE.FORM_END();
%>
diff --git a/APPL/RES/res_show_rsv_ruimte.asp b/APPL/RES/res_show_rsv_ruimte.asp
index ade9097788..38a5e00b9b 100644
--- a/APPL/RES/res_show_rsv_ruimte.asp
+++ b/APPL/RES/res_show_rsv_ruimte.asp
@@ -333,7 +333,8 @@ FCLTHeader.Requires({plugins: ["jQuery"]})
<% var buttons = [];
if (rrr.rsv_ruimte_verwijder == null) // Anders mag je niets meer
{
-
+ // Undocumented 'DEMO' feature voor _FACILITOR
+ // Hier (altijd) testen op user.checkAutorisation("WEB_FACFAC", true) vind ik te veel eer
if ((user.oslogin() == "_FACILITOR") && S("mobile_enabled") && restype == "R")
{
buttons.push( {title: "Touch", icon: "../Pictures/hand_point.png", action: "res_touch()" });