Limit User access to restricted clients under global search

itflow-org · May 12, 2024 · bd12319 · bd12319
1 parent ff46284
commit bd12319
Showing 1 changed file with 12 additions and 0 deletions.
diff --git a/global_search.php b/global_search.php
@@ -24,6 +24,7 @@
         LEFT JOIN locations ON clients.client_id = locations.location_client_id AND location_primary = 1
         WHERE client_archived_at IS NULL
             AND client_name LIKE '%$query%'
+            $access_permission_query
         ORDER BY client_id DESC LIMIT 5"
     );
 
@@ -35,6 +36,7 @@
             OR contact_email LIKE '%$query%'
             OR contact_phone LIKE '%$phone_query%'
             OR contact_mobile LIKE '%$phone_query%')
+            $access_permission_query
         ORDER BY contact_id DESC LIMIT 5"
     );
 
@@ -43,13 +45,15 @@
         WHERE vendor_archived_at IS NULL
             AND vendor_template = 0
             AND (vendor_name LIKE '%$query%' OR vendor_phone LIKE '%$phone_query%')
+            $access_permission_query
         ORDER BY vendor_id DESC LIMIT 5"
     );
 
     $sql_domains = mysqli_query($mysqli, "SELECT * FROM domains
         LEFT JOIN clients ON domain_client_id = client_id
         WHERE domain_archived_at IS NULL
             AND domain_name LIKE '%$query%'
+            $access_permission_query
         ORDER BY domain_id DESC LIMIT 5"
     );
 
@@ -63,6 +67,7 @@
         LEFT JOIN clients on document_client_id = clients.client_id
         WHERE document_archived_at IS NULL
             AND MATCH(document_content_raw) AGAINST ('$query')
+            $access_permission_query
         ORDER BY document_id DESC LIMIT 5"
     );
 
@@ -72,6 +77,7 @@
         WHERE file_archived_at IS NULL
             AND (file_name LIKE '%$query%'
             OR file_description LIKE '%$query%')
+            $access_permission_query
         ORDER BY file_id DESC LIMIT 5"
     );
 
@@ -81,13 +87,15 @@
         WHERE ticket_archived_at IS NULL
             AND (ticket_subject LIKE '%$query%'
             OR ticket_number = '$ticket_num_query')
+            $access_permission_query
         ORDER BY ticket_id DESC LIMIT 5"
     );
 
     $sql_recurring_tickets = mysqli_query($mysqli, "SELECT * FROM scheduled_tickets
         LEFT JOIN clients ON scheduled_ticket_client_id = client_id
         WHERE scheduled_ticket_subject LIKE '%$query%'
             OR scheduled_ticket_details LIKE '%$query%'
+            $access_permission_query
         ORDER BY scheduled_ticket_id DESC LIMIT 5"
     );
 
@@ -96,6 +104,7 @@
         LEFT JOIN clients ON login_client_id = client_id
         WHERE login_archived_at IS NULL
             AND (login_name LIKE '%$query%' OR login_description LIKE '%$query%')
+            $access_permission_query
         ORDER BY login_id DESC LIMIT 5"
     );
 
@@ -104,6 +113,7 @@
         LEFT JOIN categories ON invoice_category_id = category_id
         WHERE invoice_archived_at IS NULL
             AND (CONCAT(invoice_prefix,invoice_number) LIKE '%$query%' OR invoice_scope LIKE '%$query%')
+            $access_permission_query
         ORDER BY invoice_number DESC LIMIT 5"
     );
 
@@ -113,6 +123,7 @@
         LEFT JOIN clients ON asset_client_id = client_id
         WHERE asset_archived_at IS NULL
             AND (asset_name LIKE '%$query%' OR asset_description LIKE '%$query%' OR asset_type LIKE '%$query%' OR asset_make LIKE '%$query%' OR asset_model LIKE '%$query%' OR asset_serial LIKE '%$query%' OR asset_os LIKE '%$query%' OR asset_ip LIKE '%$query%' OR asset_nat_ip LIKE '%$query%' OR asset_mac LIKE '%$query%' OR asset_status LIKE '%$query%')
+            $access_permission_query
         ORDER BY asset_name DESC LIMIT 5"
     );
 
@@ -121,6 +132,7 @@
         LEFT JOIN clients ON ticket_client_id = client_id
         WHERE ticket_reply_archived_at IS NULL
             AND (ticket_reply LIKE '%$query%')
+            $access_permission_query
         ORDER BY ticket_id DESC, ticket_reply_id ASC LIMIT 20"
     );