Refactor authorization checks to use 'permissions' instead of 'profile' in multiple files

- Updated authorization checks in product management, product attributes, configurations, software, and user management files to use 'permissions' for consistency.
- Ensured that all relevant pages correctly check user permissions for read, update, delete, and create actions.
- Adjusted session variable references to align with the new permissions structure across various modules.

assets/functions.php

@@ -304,7 +304,7 @@ function menu($selected,$selected_child){
   $menu = '';
 
   //filter the main_menu array based on profile
-  $filteredMenu = filterMenuByProfile($main_menu, $_SESSION['authorization']['profile']);
+  $filteredMenu = filterMenuByProfile($main_menu, $_SESSION['authorization']['permissions']);
 
   foreach ($filteredMenu  as $menu_item){
       //Main Item
@@ -1539,13 +1539,15 @@ function getProfile($profile, $permission){
   //+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
   //Is allowed  (yes=1)++++++++++++++++++++++++++++++++++++++++
   //+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-  function isAllowed($page,$profile,$permission,$action){    
-    
-   //override for testing only
-   return 1;
-    
-    //Include settingsa
-    include dirname(__FILE__,2).'/settings/settings_redirector.php';
+  // RBAC-based permission check
+  // $access_element = the page/element to check access for (e.g., 'user', 'equipment')
+  // $permissions = array of user permissions from $_SESSION['authorization']['permissions'] (from getUserPermissions())
+  // $basic_permission_level = optional legacy permission level (5 = system, always allowed)
+  // $action = C, R, U, or D
+  function isAllowed($access_element, $permissions, $basic_permission_level = null, $action = 'R'){
+
+    $date = date('Y-m-d H:i:s');
+    $filelocation = dirname(__FILE__,2).'/log/permission_log_'.date('d').'.txt';
 
     // Always allowed collections: [collection => allowed_actions_string]
     $always_allowed = [
@@ -1563,87 +1565,70 @@ function getProfile($profile, $permission){
         'marketing_delete' => 'CRUD'
     ];
 
-    // Group permissions: [granting_page => [collection => allowed_actions_string]]
-    $group_permissions = [
-        'products_software' => [
-            'products_software_version_access_rules' => 'CRU',
-            'products_software_licenses' => 'CRU',
-            'products_software_upgrade_paths' => 'CRU',
-            'products_software_versions' => 'CRU',
-            'products_software_assignment' => 'CRU',
-            'products_software_assignments' => 'CRU'
-        ]
-    ];
-
-    // Debug log
+    // Debug log - initial call
     if(debug){
-        $test = "$date - isAllowed called: page=$page, permission=$permission, action=$action".PHP_EOL;
-        $filelocation = dirname(__FILE__,2).'/log/permission_log_'.date('d').'.txt';
-        error_log($test, 3, $filelocation);
-    }
-    // 1. Check always allowed
-    if (isset($always_allowed[$page]) && str_contains($always_allowed[$page], $action)) {
-        
-        if(debug){
-            $test = "$date - Allowed by always_allowed".PHP_EOL;
-            $filelocation = dirname(__FILE__,2).'/log/permission_log_'.date('d').'.txt';
-            error_log($test, 3, $filelocation);
-        }
-        
-        return 1;
-    }
-
-    //GET ALLOWED ACTIONS
-    $user_permission = ${'permission_'.$permission};
-    
-    //CHECK ALLOWED
-    $page_action = str_contains($user_permission,$action) > 0 ? 1 : 0; //CHECK IF USER IS ALLOWED TO DO THE ACTION
-    $page_access = str_contains($profile,$page) > 0 ? 1 : 0; //CHECK USER IS ALLOWED TO ACCESS PAGE
-    
-    if(debug){
-        $test = "$date - user_permission=$user_permission, page_action=$page_action, page_access=$page_access".PHP_EOL;
-        $filelocation = dirname(__FILE__,2).'/log/permission_log_'.date('d').'.txt';
+        $perm_count = is_array($permissions) ? count($permissions) : 'not_array';
+        $test = "$date - isAllowed called: access_element=$access_element, basic_permission_level=$basic_permission_level, action=$action, permissions_count=$perm_count".PHP_EOL;
         error_log($test, 3, $filelocation);
     }
 
-    // 2. Check user permissions (standard)
-    if ($page_access == 1 && $page_action == 1){
+    // 1. Check if basic_permission_level is 5 (System) - always allow
+    if ($basic_permission_level !== null && $basic_permission_level == 5) {
         if(debug){
-            $test = "$date - Allowed by user permissions".PHP_EOL;
-            $filelocation = dirname(__FILE__,2).'/log/permission_log_'.date('d').'.txt';
+            $test = "$date - Allowed by system permission (level 5)".PHP_EOL;
             error_log($test, 3, $filelocation);
-            
         }
         return 1;
     }
 
-    // 3. If not allowed by user, check group permissions
-    if ($page_access == 0) {
-        foreach ($group_permissions as $granting_page => $grants) {
-            if (str_contains($profile, $granting_page)) {
-                if(debug){
-                    $test = "$date - Found granting_page: $granting_page".PHP_EOL;
-                    $filelocation = dirname(__FILE__,2).'/log/permission_log_'.date('d').'.txt';
-                    error_log($test, 3, $filelocation);
-                }
-                if (isset($grants[$page]) && str_contains($grants[$page], $action)) {
-                    if(debug){
-                        $test = "$date - Allowed by group permissions".PHP_EOL;
-                        $filelocation = dirname(__FILE__,2).'/log/permission_log_'.date('d').'.txt';
-                        error_log($test, 3, $filelocation);
-                    }
-                    return 1;
-                }
+    // 2. Check always_allowed list
+    if (isset($always_allowed[$access_element]) && str_contains($always_allowed[$access_element], $action)) {
+        if(debug){
+            $test = "$date - Allowed by always_allowed list".PHP_EOL;
+            error_log($test, 3, $filelocation);
+        }
+        return 1;
+    }
+
+    // 3. Check RBAC permissions array (from getUserPermissions())
+    if (is_array($permissions) && isset($permissions[$access_element])) {
+        $element_permissions = $permissions[$access_element];
+
+        // Map action letter to permission key
+        $action_map = [
+            'C' => 'can_create',
+            'R' => 'can_read',
+            'U' => 'can_update',
+            'D' => 'can_delete'
+        ];
+
+        $permission_key = $action_map[$action] ?? null;
+
+        if ($permission_key && isset($element_permissions[$permission_key]) && $element_permissions[$permission_key] == 1) {
+            if(debug){
+                $test = "$date - Allowed by RBAC permissions: $access_element -> $permission_key = 1".PHP_EOL;
+                error_log($test, 3, $filelocation);
             }
+            return 1;
+        }
+
+        if(debug){
+            $perm_value = $element_permissions[$permission_key] ?? 'not_set';
+            $test = "$date - RBAC check failed: $access_element -> $permission_key = $perm_value".PHP_EOL;
+            error_log($test, 3, $filelocation);
+        }
+    } else {
+        if(debug){
+            $test = "$date - Access element '$access_element' not found in permissions array".PHP_EOL;
+            error_log($test, 3, $filelocation);
         }
     }
 
-    if(debug){
-        $test = "$date - Not allowed".PHP_EOL;
-        $filelocation = dirname(__FILE__,2).'/log/permission_log_'.date('d').'.txt';
-        error_log($test, 3, $filelocation);         
-    }
     // Not allowed
+    if(debug){
+        $test = "$date - Not allowed: access_element=$access_element, action=$action".PHP_EOL;
+        error_log($test, 3, $filelocation);
+    }
     return 0;
   }