add userinfo to ajax calls; combine settings and global-search to one

Signed-off-by: Michael Kaufmann <d00p@froxlor.org>

lib/Froxlor/Ajax/Ajax.php

@@ -6,6 +6,7 @@ use Exception;
 use Froxlor\Http\HttpClient;
 use Froxlor\PhpHelper;
 use Froxlor\Settings;
+use Froxlor\User;
 use Froxlor\UI\Panel\UI;
 use Froxlor\UI\Request;
 
@@ -29,6 +30,7 @@ class Ajax
 	protected string $session;
 	protected string $action;
 	protected string $theme;
+	protected array $userinfo;
 	protected array $lng;
 
 	/**
@@ -40,6 +42,17 @@ class Ajax
 		$this->action = $_GET['action'] ?? $_POST['action'] ?? null;
 		$this->theme = $_GET['theme'] ?? 'Froxlor';
 
+		UI::sendHeaders();
+		UI::sendSslHeaders();
+
+		ini_set("session.name", "s");
+		ini_set("url_rewriter.tags", "");
+		ini_set("session.use_cookies", false);
+		ini_set("session.cookie_httponly", true);
+		ini_set("session.cookie_secure", UI::$SSL_REQ);
+		session_id($this->session);
+		session_start();
+
 		$this->initLang();
 	}
 
@@ -97,15 +110,15 @@ class Ajax
 	 */
 	public function handle()
 	{
-		$session = $this->getValidatedSession();
+		$this->userinfo = $this->getValidatedSession();
 
 		switch ($this->action) {
 			case 'newsfeed':
 				return $this->getNewsfeed();
 			case 'updatecheck':
 				return $this->getUpdateCheck();
-			case 'searchsetting':
+			case 'searchglobal':
-				return $this->searchSetting();
+				return $this->searchGlobal();
 			default:
 				return $this->errorResponse('Action not found!');
 		}
@@ -150,7 +163,27 @@ class Ajax
 			throw new Exception('Session is not defined!');
 		}
 
-		return $session;
+		if ($session['adminsession'] == 1) {
+			// test for admin
+			$sel_stmt = \Froxlor\Database\Database::prepare("
+				SELECT * FROM `" . TABLE_PANEL_ADMINS . "`
+				WHERE `adminid` = :userid
+			");
+		} else {
+			// test for customer
+			$sel_stmt = \Froxlor\Database\Database::prepare("
+				SELECT * FROM `" . TABLE_PANEL_CUSTOMERS . "`
+				WHERE `customerid` = :userid
+			");
+		}
+		$user = \Froxlor\Database\Database::pexecute_first($sel_stmt, [
+			'userid' => $session['userid']
+		]);
+		if (!$user) {
+			throw new Exception('Session is not defined!');
+		}
+		$user['adminsession'] = $session['adminsession'];
+		return $user;
 	}
 
 	/**
@@ -237,34 +270,96 @@ class Ajax
 		}
 	}
 
-	private function searchSetting()
+	/**
+	 * @todo $userinfo
+	 */
+	private function searchGlobal()
 	{
 		$searchtext = Request::get('searchtext');
 
 		$result = [];
-		if ($searchtext && strlen($searchtext) > 2) {
+		if ($searchtext && strlen(trim($searchtext)) > 2) {
+
+			$processed = [];
+
+			$stparts = explode(" ", $searchtext);
+
+			foreach ($stparts as $searchtext) {
+				$searchtext = trim($searchtext);
+
+				// settings (if allowed)
+				if (isset($this->userinfo['adminsession']) && $this->userinfo['adminsession'] == 1) {
+
+					if ($this->userinfo['change_serversettings'] == 1) {
 						$settings_data = PhpHelper::loadConfigArrayDir(\Froxlor\Froxlor::getInstallDir() . '/actions/admin/settings/');
 						$results = array();
+						if (!isset($processed['settings'])) {
+							$processed['settings'] = [];
+						}
 						PhpHelper::recursive_array_search($searchtext, $settings_data, $results);
-			$processed_setting = array();
 						foreach ($results as $pathkey) {
 							$pk = explode(".", $pathkey);
 							if (count($pk) > 4) {
 								$settingkey = $pk[0] . '.' . $pk[1] . '.' . $pk[2] . '.' . $pk[3];
-					if (!array_key_exists($settingkey, $processed_setting)) {
+								if (is_array($processed['settings']) && !array_key_exists($settingkey, $processed['settings'])) {
-						$processed_setting[$settingkey] = true;
+									$processed['settings'][$settingkey] = true;
 									$sresult = $settings_data[$pk[0]][$pk[1]][$pk[2]][$pk[3]];
 									if ($sresult['type'] != 'hidden') {
 										$result[] = [
 											'title' => (is_array($sresult['label']) ? $sresult['label']['title'] : $sresult['label']),
 											'href' => 'admin_settings.php?page=overview&part=' . $pk[1] . '&em=' . $pk[3] . '&s=' . $this->session,
+											'category' => 'settings'
 										];
 									}
 								}
 							}
 						}
 					}
+
+					// customers
+					$searchfields = [
+						'c.loginname',
+						'c.name',
+						'c.firstname',
+						'c.company',
+						'c.street',
+						'c.zipcode',
+						'c.city',
+						'c.email',
+						'c.customernumber'
+					];
+					$collection = (new \Froxlor\UI\Collection(\Froxlor\Api\Commands\Customers::class, $this->userinfo))
+						->addParam(['sql_search' => [
+							'_plainsql' =>  $this->searchStringSql($searchfields, $searchtext)
+						]]);
+					if ($collection->count() > 0) {
+						if (!isset($processed['customer'])) {
+							$processed['customer'] = [];
+						}
+						foreach ($collection->getList() as $cresult) {
+							if (is_array($processed['customer']) && !array_key_exists($cresult['customerid'], $processed['customer'])) {
+								$processed['customer'][$cresult['customerid']] = true;
+								$result[] = [
+									'title' => User::getCorrectFullUserDetails($cresult),
+									'href' => 'admin_customers.php?page=customers&action=edit&id=' . $cresult['customerid'] . '&s=' . $this->session,
+									'category' => 'customer'
+								];
+							}
+						}
+					}
+				} // is-admin
+			} // foreach splitted search-term
+		}
 		header("Content-type: application/json");
-		echo json_encode(['settings' => $result]);
+		echo json_encode($result);
+	}
+
+	private function searchStringSql(array $searchfields, $searchtext)
+	{
+		$result = "(";
+		foreach ($searchfields as $sf) {
+			$result .= $sf . " LIKE " . \Froxlor\Database\Database::quote('%' . $searchtext . '%') . " OR ";
+		}
+		return substr($result, 0, -3) . ")";
 	}
 }

lib/Froxlor/Api/ApiCommand.php

@@ -1,4 +1,5 @@
 <?php
+
 namespace Froxlor\Api;
 
 /**
@@ -285,6 +286,9 @@ abstract class ApiCommand extends ApiParameter
 			);
 			$first = true;
 			foreach ($search as $field => $valoper) {
+				if ($field == '_plainsql') {
+					$condition .= $valoper;
+				} else {
 					$cleanfield = str_replace(".", "", $field);
 					$sortfield = explode('.', $field);
 					foreach ($sortfield as $id => $sfield) {
@@ -325,6 +329,7 @@ abstract class ApiCommand extends ApiParameter
 					}
 				}
 			}
+		}
 		return $condition;
 	}
 

lib/ajax.php

@@ -1,11 +1,9 @@
 <?php
+
 namespace Froxlor;
 
 use Exception;
 use Froxlor\Ajax\Ajax;
-use Twig\Error\LoaderError;
-use Twig\Error\RuntimeError;
-use Twig\Error\SyntaxError;
 
 /**
  * This file is part of the Froxlor project.

templates/Froxlor/src/js/components/search.js

@@ -1,30 +1,20 @@
 $(document).ready(function () {
 	console.log('included search');
 
-	$.typeahead({
+	$('input[class=js-typeahead-search_v1]').on('change keyup keydown', function () {
-		input: '.js-typeahead-search_v1',
+		$.ajax({
-		order: "desc",
+			url: "lib/ajax.php?action=searchglobal&theme=" + window.$theme + "&s=" + window.$session,
-		dynamic: true,
+			type: "POST",
-		display: ['title'],
-		href: "{{href}}",
-		emptyTemplate: "No results for {{query}}",
-		debug: true,
-		source: {
-			settings: {
-				ajax: {
-					method: "post",
-					url: "lib/ajax.php?action=searchsetting&theme=" + window.$theme + "&s=" + window.$session,
-					path: "settings",
 			data: {
-						searchtext: '{{query}}'
+				searchtext: $(this).val()
 			},
-				}
+			dataType: "json",
+			success: function (data) {
+				console.log(data);
 			},
-		},
+			error: function (a, b) {
-		callback: {
+				console.log(a, b);
-			onInit: function (node) {
-				console.log('Typeahead Initiated');
-			}
 			}
 		});
 	});
+});