DJIN#40651 Bij doorklikken naar (fac_list) van een persoon alleen de lopende meldingen tonen waar je rechten voor hebt

svn path=/Website/trunk/; revision=34858

APPL/FAC/fac_list.asp

@@ -340,6 +340,25 @@ function sqlTracking(refkey, node)
     else
       module_filter = " AND xmlnode IN (" + safe.quoted_sql_join(modules) + ")";
 
+    // Bij MLD hebben we de discipline_key toch al en kunnen we strenger controleren
+    // Merk op dat het nog wel een beetje grof is: we betrekken ALG en PRS-scope er verder niet
+    // bij
+    function lees_rechten_op(discipline_veld, autfunctions)
+    {
+        var sql = " AND {0} IN ".format(discipline_veld)
+                + "     (SELECT ins_discipline_key"
+                + "       FROM fac_v_webgebruiker w, "
+                + "            fac_functie"
+                + "      WHERE fac_functie_code IN ({0})".format(safe.quoted_sql_join(autfunctions))
+                + "        AND w.prs_perslid_key = {0}".format(user_key)
+                + "        AND fac_gebruiker_prs_level_read < 9)";
+        return sql;
+    }
+    if (pkey == user_key) // dan altijd goed hoewel we res_use rechten zouden kunnen controleren
+    {
+        lees_rechten_op = function () { return "" };
+    }
+
     var sqln = "SELECT m.prs_perslid_key prs_perslid_key"   // melding van jou
              + "     , isd.ins_srtdiscipline_prefix || TO_CHAR (m.mld_melding_key) item"
              + "     , m.mld_melding_key item_key"
@@ -378,6 +397,7 @@ function sqlTracking(refkey, node)
              + "          AND tr.fac_tracking_datum > SYSDATE - " + S("facilities_flike_past")
              + "          AND str.fac_srtnotificatie_code = 'MLDAFM'))"
              + "   AND (m.mld_melding_einddatum BETWEEN SYSDATE - " + S("facilitiespast_mld") + " AND SYSDATE + " + S("facilitiesfuture_mld") + " OR m.mld_melding_einddatum IS NULL)"
+             + lees_rechten_op("sm.mld_ins_discipline_key", ["WEB_MLDBOF", "WEB_MLDFOF"])
              + " UNION ALL "
              + "SELECT m.prs_perslid_key_voor prs_perslid_key"  // melding voor jou
              + "     , isd.ins_srtdiscipline_prefix || TO_CHAR (m.mld_melding_key) item"
@@ -417,6 +437,7 @@ function sqlTracking(refkey, node)
              + "          AND tr.fac_tracking_datum > SYSDATE - " + S("facilities_flike_past")
              + "          AND str.fac_srtnotificatie_code = 'MLDAFM'))"
              + "   AND (m.mld_melding_einddatum BETWEEN SYSDATE - " + S("facilitiespast_mld") + " AND SYSDATE + " + S("facilitiesfuture_mld") + " OR m.mld_melding_einddatum IS NULL)"
+             + lees_rechten_op("sm.mld_ins_discipline_key", ["WEB_MLDBOF", "WEB_MLDFOF"])
              + " UNION ALL "
              + "SELECT b.prs_perslid_key prs_perslid_key" // Bestelling door jou
              + "     , TO_CHAR (bes_bestelling_key)"