gary_wms/wms/menu-record-update.php

<?php
ini_set('display_errors', 'on');
include "header.php";

$auth_change_status = false;

if (isset($_POST['update'])) {

    // foreach ($_POST as $k => $v) {
    //     $$k = htmlspecialchars(stripslashes(trim($v)));
    // }

    if (!empty($_POST['can_read'])) {
        $auth_change_status = true;
        $link_content = explode("\r\n", $_POST['link_content']);
        foreach ($_POST['can_read'] as $id) {

            // 更新部門可寫權限 json
            $permission = [];
            $department_id = 0;
            $role_id = 0;

            $sql = "
                SELECT 
                    department_id,
                    role_id,
                    permission
                FROM department
                WHERE 1=1
                AND id = '$id'
            ";
            $result = mysqli_query($link, $sql);
            $data = mysqli_fetch_assoc($result);
            $department_id = $data['department_id'];
            $role_id = $data['role_id'];
            mysqli_free_result($result);
            $permission = json_decode($data['permission'], true);
            foreach ($link_content as $row) {
                $permission[$row] = '1';
            }
            $new_permiccion = json_encode($permission);

            // 更改此職位權限
            $sql = "
                UPDATE department
                SET permission = '$new_permiccion'
                WHERE 1=1
                AND id = '$id'
            ";
            mysqli_query($link, $sql);

            // 更改此職位底下所有員工的權限
            $sql = "
                SELECT accountid
                FROM account
                WHERE 1=1
                AND department_id = '$department_id'
                AND role_id = '$role_id'
            ";
            $result = mysqli_query($link, $sql);
            $data2 = mysqli_fetch_all($result, MYSQLI_ASSOC);
            mysqli_free_result($result);
            foreach ($data2 as $row) {
                $sql = "
                    UPDATE account_auth
                    SET permission = '$new_permiccion'
                    WHERE 1=1
                    AND accountid = '" . $row['accountid'] . "'
                ";
                mysqli_query($link, $sql);
            }
        }
    }

    if (!empty($_POST['can_write'])) {
        $auth_change_status = true;
        $link_content = explode("\r\n", $_POST['link_content']);
        foreach ($_POST['can_write'] as $id) {

            // 更新部門可寫權限 json
            $permission = [];
            $department_id = 0;
            $role_id = 0;

            $sql = "
                SELECT 
                    department_id,
                    role_id,
                    permission
                FROM department
                WHERE 1=1
                AND id = '$id'
            ";
            $result = mysqli_query($link, $sql);
            $data = mysqli_fetch_assoc($result);
            $department_id = $data['department_id'];
            $role_id = $data['role_id'];
            mysqli_free_result($result);
            $permission = json_decode($data['permission'], true);
            foreach ($link_content as $row) {
                $permission[$row] = '3';
            }
            $new_permiccion = json_encode($permission);

            // 更改此職位權限
            $sql = "
                UPDATE department
                SET permission = '$new_permiccion'
                WHERE 1=1
                AND id = '$id'
            ";
            mysqli_query($link, $sql);

            // 更改此職位底下所有員工的權限
            $sql = "
                SELECT accountid
                FROM account
                WHERE 1=1
                AND department_id = '$department_id'
                AND role_id = '$role_id'
            ";
            $result = mysqli_query($link, $sql);
            $data2 = mysqli_fetch_all($result, MYSQLI_ASSOC);
            mysqli_free_result($result);
            foreach ($data2 as $row) {
                $sql = "
                    UPDATE account_auth
                    SET permission = '$new_permiccion'
                    WHERE 1=1
                    AND accountid = '" . $row['accountid'] . "'
                ";
                mysqli_query($link, $sql);
            }
        }
    }
    $main_menu_seq = empty($_POST['main_menu_seq']) ? '' : $_POST['main_menu_seq'];
    $main_menu = empty($_POST['main_menu']) ? '' : $_POST['main_menu'];
    $sub_menu_seq = empty($_POST['sub_menu_seq']) ? '' : $_POST['sub_menu_seq'];
    $sub_menu = empty($_POST['sub_menu']) ? '' : $_POST['sub_menu'];
    $sub_menu_eng = empty($_POST['sub_menu_eng']) ? '' : $_POST['sub_menu_eng'];
    $mlink = empty($_POST['mlink']) ? '' : $_POST['mlink'];
    $link_content = empty($_POST['link_content']) ? '' : $_POST['link_content'];
    $status = empty($_POST['status']) ? '' : $_POST['status'];
    $id = empty($_POST['id']) ? '' : $_POST['id'];
    $create_at = date('Y-m-d H:i:s');

    //$link_content = str_replace(PHP_EOL, ',', $link_content);
    $db_query  = "UPDATE menu set main_menu_seq = '$main_menu_seq', main_menu = '$main_menu', sub_menu_seq = '$sub_menu_seq', sub_menu = '$sub_menu', ";
    $db_query .= "sub_menu_eng = '$sub_menu_eng', mlink = '$mlink', link_content = '$link_content', status = '$status', create_at = '$create_at' WHERE id='$id'";

    mysqli_query($link, $db_query);
    $affected = mysqli_affected_rows($link);
    mysqli_close($link);
    if ($affected > 0) {
        echo "<script type ='text/JavaScript'>";
        echo "alert('update成功');";
        echo "location.href='menu-index.php?function_name=menu&" . $token_link . "';";
        echo "</script>";
    } elseif ($auth_change_status == true) {
        echo "<script type ='text/JavaScript'>";
        echo "alert('權限調整成功');";
        echo "location.href='menu-index.php?function_name=menu&" . $token_link . "';";
        echo "</script>";
    } elseif ($affected == 0) {
        echo "<script type ='text/JavaScript'>";
        echo "alert('無新增資料');";
        echo "location.href='menu-index.php?function_name=menu&" . $token_link . "';";
        echo "</script>";
    } else {
        echo "{$db_query} 語法執行失敗，錯誤訊息SSS: " . mysqli_error($link);
    }
}