From 41409363962a7c396b8ede634e73fcbe70ec1681 Mon Sep 17 00:00:00 2001 From: xdrm-brackets Date: Tue, 5 Jul 2016 15:50:24 +0200 Subject: [PATCH] =?UTF-8?q?Int=C3=A9gration=20de=20l'entrepot=20dans=20les?= =?UTF-8?q?=20'repositories'=20(invisibles=20pour=20les=20'modules')=20'ma?= =?UTF-8?q?chine'=20et=20'user'?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- manager/Authentification.php | 4 +-- manager/Repo.php | 11 +++++++ manager/repo/machine.php | 38 +++++++++++++-------- manager/repo/user.php | 64 +++++++++++++++++++++--------------- 4 files changed, 76 insertions(+), 41 deletions(-) diff --git a/manager/Authentification.php b/manager/Authentification.php index af3415c..8050127 100644 --- a/manager/Authentification.php +++ b/manager/Authentification.php @@ -84,7 +84,7 @@ // On met à jour les informations $_SESSION['WAREHOUSE'] = [ - 'id' => $checkRoot->answer()[0]['id_warehouse'], + 'id' => (int) $checkRoot->answer()[0]['id_warehouse'], 'name' => $checkRoot->answer()[0]['name'] ]; } @@ -104,7 +104,7 @@ // On met à jour les informations $_SESSION['ADMIN'] = [ - 'id' => $checkBranch->answer()[0]['id_admin'], + 'id' => (int) $checkBranch->answer()[0]['id_admin'], 'username' => $checkBranch->answer()[0]['username'], 'mail' => $checkBranch->answer()[0]['mail'] ]; diff --git a/manager/Repo.php b/manager/Repo.php index df30f9d..3744746 100755 --- a/manager/Repo.php +++ b/manager/Repo.php @@ -46,6 +46,14 @@ * */ public function __construct($path=null, $params=null){ + + // Si pas authentifié, erreur + if( Authentification::auth() < 2 ){ + $this->error = ManagerError::PermissionError; + return false; + } + + // Si pas parametre manquant, on quitte if( $path == null ){ $this->error = ManagerError::MissingPath; @@ -103,6 +111,9 @@ public function answer(){ + if( $this->error != ManagerError::Success ) + return false; + return $this->answer; } diff --git a/manager/repo/machine.php b/manager/repo/machine.php index fee5e26..87b0e56 100755 --- a/manager/repo/machine.php +++ b/manager/repo/machine.php @@ -30,11 +30,12 @@ /* [2] Creation de la machine =========================================================*/ - $insert_machine = Database::getPDO()->prepare("INSERT INTO machine(id_machine, code, name) - VALUES(DEFAULT, :code, :name)"); + $insert_machine = Database::getPDO()->prepare("INSERT INTO machine(id_machine, id_warehouse, code, name) + VALUES(DEFAULT, :id_warehouse, :code, :name)"); $insert_machine->execute([ - ':code' => $code, - ':name' => $name + ':id_warehouse' => $_SESSION['WAREHOUSE']['id'], + ':code' => $code, + ':name' => $name ]); /* [3] On retourne l'id_machine ou FALSE si erreur @@ -63,11 +64,17 @@ */ public static function search($keyword){ // On recupere les donnees - $searchmachines = Database::getPDO()->query("SELECT * FROM machine - WHERE code LIKE '%".$keyword."%' - OR name LIKE '%".$keyword."%' + $searchmachines = Database::getPDO()->prepare("SELECT * FROM machine + WHERE id_warehouse = :id_warehouse + AND ( code LIKE '%".$keyword."%' + OR name LIKE '%".$keyword."%' + ) "); + $searchmachines->execute([ + ':id_warehouse' => $_SESSION['WAREHOUSE']['id'] + ]); + return Database::delNumeric( $searchmachines->fetchAll() ); } @@ -136,11 +143,13 @@ $edit_machine = Database::getPDO()->prepare("UPDATE machine SET code = :code, name = :name - WHERE id_machine = :id_machine"); + WHERE id_machine = :id_machine + AND id_warehouse = :id_warehouse"); $edit_machine->execute([ - ':code' => $code, - ':name' => $name, - ':id_machine' => $id_machine + ':code' => $code, + ':name' => $name, + ':id_machine' => $id_machine, + ':id_warehouse' => $_SESSION['WAREHOUSE']['id'] ]); @@ -174,8 +183,11 @@ public static function delete($id_machine){ /* [1] On redige/execute la requete =========================================================*/ - $delete_machine = Database::getPDO()->prepare("DELETE FROM machine WHERE id_machine = :id_machine"); - $delete_machine->execute([ ':id_machine' => $id_machine ]); + $delete_machine = Database::getPDO()->prepare("DELETE FROM machine WHERE id_machine = :id_machine AND id_warehouse = :id_warehouse"); + $delete_machine->execute([ + ':id_machine' => $id_machine, + ':id_warehouse' => $_SESSION['WAREHOUSE']['id'] + ]); /* [2] On verifie que la machine n'existe plus diff --git a/manager/repo/user.php b/manager/repo/user.php index e41542c..8688a30 100755 --- a/manager/repo/user.php +++ b/manager/repo/user.php @@ -34,16 +34,17 @@ /* [2] Creation de l'utilisateur =========================================================*/ - $insert_user = Database::getPDO()->prepare("INSERT INTO user(id_user, code, username, firstname, lastname, mail, password, status) - VALUES(DEFAULT, :code, :username, :firstname, :lastname, :mail, :password, :status)"); + $insert_user = Database::getPDO()->prepare("INSERT INTO user(id_user, id_warehouse, code, username, firstname, lastname, mail, password, status) + VALUES(DEFAULT, :id_warehouse, :code, :username, :firstname, :lastname, :mail, :password, :status)"); $insert_user->execute([ - ':code' => $code, - ':username' => $username, - ':firstname' => $firstname, - ':lastname' => $lastname, - ':mail' => $mail, - ':password' => $password, - ':status' => $status + ':id_warehouse' => $_SESSION['WAREHOUSE']['id'], + ':code' => $code, + ':username' => $username, + ':firstname' => $firstname, + ':lastname' => $lastname, + ':mail' => $mail, + ':password' => $password, + ':status' => $status ]); /* [3] On retourne l'id_user ou FALSE si erreur @@ -72,14 +73,20 @@ */ public static function search($keyword){ // On recupere les donnees - $searchusers = Database::getPDO()->query("SELECT * FROM user - WHERE code LIKE '%".$keyword."%' - OR username LIKE '%".$keyword."%' - OR firstname LIKE '%".$keyword."%' - OR lastname LIKE '%".$keyword."%' - OR mail LIKE '%".$keyword."%' + $searchusers = Database::getPDO()->prepare("SELECT * FROM user + WHERE id_warehouse = :id_warehouse + AND ( code LIKE '%".$keyword."%' + OR username LIKE '%".$keyword."%' + OR firstname LIKE '%".$keyword."%' + OR lastname LIKE '%".$keyword."%' + OR mail LIKE '%".$keyword."%' + ) "); + $searchusers->execute([ + ':id_warehouse' => $_SESSION['WAREHOUSE']['id'] + ]); + return Database::delNumeric( $searchusers->fetchAll() ); } @@ -161,16 +168,18 @@ mail = :mail, password = :password, status = :status - WHERE id_user = :id_user"); + WHERE id_user = :id_user + AND id_warehouse = :id_warehouse"); $edit_user->execute([ - ':code' => $code, - ':username' => $username, - ':firstname' => $firstname, - ':lastname' => $lastname, - ':mail' => $mail, - ':password' => $password, - ':status' => $status, - ':id_user' => $id_user + ':code' => $code, + ':username' => $username, + ':firstname' => $firstname, + ':lastname' => $lastname, + ':mail' => $mail, + ':password' => $password, + ':status' => $status, + ':id_user' => $id_user, + ':id_warehouse' => $_SESSION['WAREHOUSE']['id'] ]); @@ -209,8 +218,11 @@ public static function delete($id_user){ /* [1] On redige/execute la requete =========================================================*/ - $delete_user = Database::getPDO()->prepare("DELETE FROM user WHERE id_user = :id_user"); - $delete_user->execute([ ':id_user' => $id_user ]); + $delete_user = Database::getPDO()->prepare("DELETE FROM user WHERE id_user = :id_user AND id_warehouse = :id_warehouse"); + $delete_user->execute([ + ':id_user' => $id_user, + ':id_warehouse' => $_SESSION['WAREHOUSE']['id'] + ]); /* [2] On verifie que l'utilisateur n'existe plus