From 9a0d14869116e5fffe969256e8c1fb94704ad98d Mon Sep 17 00:00:00 2001
From: igor <irigm@mail.ru>
Date: Thu, 12 Mar 2020 10:23:45 +0600
Subject: [PATCH 1/2] Add README.md

---
 README.md | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 README.md

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..60157f1
--- /dev/null
+++ b/README.md
@@ -0,0 +1 @@
+Библиотека для работы с базой данных через JavaScript.
\ No newline at end of file

From b373762848a5ae24eea29d9a96d7b4bcafee5f28 Mon Sep 17 00:00:00 2001
From: irigm <irigm@mail.ru>
Date: Thu, 26 Mar 2020 16:55:46 +0600
Subject: [PATCH 2/2] =?UTF-8?q?=D0=BC=D0=B5=D0=BB=D0=BA=D0=BE=D0=B5=20?=
 =?UTF-8?q?=D1=81=20=D1=80=D0=B0=D0=B1=D0=BE=D1=82=D1=8B?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 metadata/dbms/records.php | 33 +++++++++++++++++++--------------
 metadata/dbms/tools.js    |  5 ++++-
 2 files changed, 23 insertions(+), 15 deletions(-)

diff --git a/metadata/dbms/records.php b/metadata/dbms/records.php
index 7a2bbb8..0b5fdc3 100644
--- a/metadata/dbms/records.php
+++ b/metadata/dbms/records.php
@@ -306,44 +306,49 @@
 		if ($currNode!=null)
 		{
 			//Вернём значение прав доступа для запрошенного объекта
-			$allow=true;
-			/*$allow=false;
-			//$res = $db->query('select a.*,at.name from "_Access" a, "_Actions" at where a.del=false and at.id=a.action_id and at.name=\'Insert_'.$name.'\' and a.group_id in (select group_id from "_UsersGroups" where user_id='.$_SESSION['USER_ID'].');');
-			$res = $db->query('select "getAccess"('.getSQLValue(gettype($_SESSION['USER_ID']),$_SESSION['USER_ID']).',\'Insert_'.$name.'\') as allow;');
+			//$allow=true;
+			$allow=false;
+			//$sql_query='select a.*,at.name from "_Access" a, "_Actions" at where a.del=false and at.id=a.action_id and at.name=\'Insert_'.$name.'\' and a.group_id in (select group_id from "_UsersGroups" where user_id='.$_SESSION['USER_ID'].');'
+			$sql_query='select main.p_getaccess('.getSQLValue(gettype($_SESSION['USER_ID']),$_SESSION['USER_ID']).',\'Insert_'.$name.'\') as allow;';
+			
+			$res = $db->query($sql_query);
 			while ($row = $res->fetch(PDO::FETCH_ASSOC))// $row - ассоциативный массив значений, ключи - названия столбцов
 			{
 				$allow=$allow || ($row['allow'] == 't');
-			}*/
+			}
 			$xmlAttr = $objXMLDocument->createAttribute("ins"); //insert
 			$xmlAttr->nodeValue = $allow ? "1" : "0";
 			$currNode->setAttributeNode($xmlAttr);
 
-			/*$allow=false;
-			//$res = $db->query('select a.*,at.name from "_Access" a, "_Actions" at where a.del=false and at.id=a.action_id and at.name=\'Update_'.$name.'\' and a.group_id in (select group_id from "_UsersGroups" where user_id='.$_SESSION['USER_ID'].');');
-			$res = $db->query('select "getAccess"('.getSQLValue(gettype($_SESSION['USER_ID']),$_SESSION['USER_ID']).',\'Update_'.$name.'\') as allow;');
+			$allow=false;
+			//$sql_query='select a.*,at.name from "_Access" a, "_Actions" at where a.del=false and at.id=a.action_id and at.name=\'Update_'.$name.'\' and a.group_id in (select group_id from "_UsersGroups" where user_id='.$_SESSION['USER_ID'].');';
+			$sql_query='select main.p_getaccess('.getSQLValue(gettype($_SESSION['USER_ID']),$_SESSION['USER_ID']).',\'Update_'.$name.'\') as allow;';
+			$res = $db->query($sql_query);
 			while ($row = $res->fetch(PDO::FETCH_ASSOC))// $row - ассоциативный массив значений, ключи - названия столбцов
 			{
 				$allow=$allow || ($row['allow'] == 't');
-			}*/
+			}
 			$xmlAttr = $objXMLDocument->createAttribute("upd"); //insert
 			$xmlAttr->nodeValue = $allow ? "1" : "0";
 			$currNode->setAttributeNode($xmlAttr);
 
-			/*$allow=false;
-			//$res = $db->query('select a.*,at.name from "_Access" a, "_Actions" at where a.del=false and at.id=a.action_id and at.name=\'Delete_'.$name.'\' and a.group_id in (select group_id from "_UsersGroups" where user_id='.$_SESSION['USER_ID'].');');
-			$res = $db->query('select "getAccess"('.getSQLValue(gettype($_SESSION['USER_ID']),$_SESSION['USER_ID']).',\'Delete_'.$name.'\') as allow;');
+			$allow=false;
+			//$sql_query='select a.*,at.name from "_Access" a, "_Actions" at where a.del=false and at.id=a.action_id and at.name=\'Delete_'.$name.'\' and a.group_id in (select group_id from "_UsersGroups" where user_id='.$_SESSION['USER_ID'].');';
+			$sql_query='select main.p_getaccess('.getSQLValue(gettype($_SESSION['USER_ID']),$_SESSION['USER_ID']).',\'Delete_'.$name.'\') as allow;';
+			$res = $db->query($sql_query);
 			while ($row = $res->fetch(PDO::FETCH_ASSOC))// $row - ассоциативный массив значений, ключи - названия столбцов
 			{
 				$allow=$allow || ($row['allow'] == 't');
-			}*/
+			}
 			$xmlAttr = $objXMLDocument->createAttribute("del"); //delete
 			$xmlAttr->nodeValue = $allow ? "1" : "0";
 			$currNode->setAttributeNode($xmlAttr);
 
+			$allow=true;
 			$xmlAttr = $objXMLDocument->createAttribute("sel"); //select
 			$xmlAttr->nodeValue = $allow ? "1" : "0";
 			$currNode->setAttributeNode($xmlAttr);
-			
+
 			//Удаляем все запросы из узла
 			for($i=0;$i<5;$i++)
 			{	$nsql=findFirstNode($currNode, "sql-query");
diff --git a/metadata/dbms/tools.js b/metadata/dbms/tools.js
index 3ded532..c7ff147 100644
--- a/metadata/dbms/tools.js
+++ b/metadata/dbms/tools.js
@@ -891,7 +891,10 @@ class TRequest
 
 				//загрузился xml документ начинаем его разбирать (по id функции в документе)
 				var xmldoc = xmlHttpRequest.responseXML;
-				if(xmldoc==null) alert(_('Wrong_XML_document')+"!\nXML=("+xmlHttpRequest.responseText+')\nURL=('+url+')\nxmlString=('+xmlString+')');
+				if(xmldoc==null){
+					alert(_('Wrong_XML_document')+"!\nXML=("+xmlHttpRequest.responseText+')\nURL=('+url+')\nxmlString=('+xmlString+')');
+					return;
+				}
 				
 				var node = xmldoc.documentElement;
 				if((node==null)||(node.getAttribute("fn")==null)) alert(_('Error')+"\n"+_('No_data')+"!\n"+xmlHttpRequest.responseText);