From 630fed94947b751d0d0a776dbc0fa6f18c46bd76 Mon Sep 17 00:00:00 2001 From: FusionPBX Date: Wed, 25 Mar 2026 15:00:36 +0000 Subject: [PATCH] Update the permissions again music_on_hold_all permission - Used with the show all button to view across all domains. This should be only assigned to the global admin group such as the superadmin group music_on_hold_domain permission - The permission to view and upload music on hold on the current domain music_on_hold_global permission - The permission to view and upload to the global music on hold --- app/music_on_hold/music_on_hold.php | 81 ++++++++++++++++------------- 1 file changed, 44 insertions(+), 37 deletions(-) diff --git a/app/music_on_hold/music_on_hold.php b/app/music_on_hold/music_on_hold.php index 4f79e3647c..258a31fbe7 100644 --- a/app/music_on_hold/music_on_hold.php +++ b/app/music_on_hold/music_on_hold.php @@ -45,14 +45,21 @@ //get the music_on_hold array $sql = "select * from v_music_on_hold "; - $sql .= "where true "; - if ( permission_exists('music_on_hold_all')) { - $sql .= "and (domain_uuid = :domain_uuid or domain_uuid is null) "; - $parameters['domain_uuid'] = $_SESSION['domain_uuid']; + if (!empty($show) && $show == "all" && permission_exists('music_on_hold_all')) { + $sql .= "where true "; } - elseif (permission_exists('music_on_hold_domain')) { - $sql .= "and domain_uuid = :domain_uuid "; - $parameters['domain_uuid'] = $_SESSION['domain_uuid']; + else { + $conditions = []; + $sql .= "where ("; + if (permission_exists('music_on_hold_domain')) { + $conditions[] = "domain_uuid = :domain_uuid"; + $parameters['domain_uuid'] = $_SESSION['domain_uuid']; + } + if (permission_exists('music_on_hold_global')) { + $conditions[] = "domain_uuid is null "; + } + $sql .= implode(" or ", $conditions); + $sql .= ")"; } $sql .= "order by domain_uuid desc, music_on_hold_name asc, music_on_hold_rate asc"; $streams = $database->select($sql, $parameters ?? null, 'all'); @@ -327,36 +334,39 @@ //script echo ""; @@ -376,7 +386,7 @@ echo "