pcwvanbeers/assetmgt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Refactor user session handling and permissions management

Browse Source 
- Updated session variables to use 'authorization' array instead of 'username' for user identification across multiple files.
- Introduced a new function `getUserPermissions` to consolidate user permissions retrieval based on assigned roles.
- Modified API calls to use the new authorization structure and updated endpoints to v2.
- Enhanced language support by adding 'PL' to the list of supported languages.
- Cleaned up redundant code and improved session management during user login and registration processes.
- Added a new API endpoint for fetching user permissions based on user ID.
This commit is contained in:
“VeLiTi”
2026-01-19 15:29:16 +01:00
parent 782050c3ca
commit 24481279d5
99 changed files with 683 additions and 539 deletions
Download Patch File Download Diff File Expand all files Collapse all files

70
api/v2/get/user_permissions.php Normal file
View File

@@ -0,0 +1,70 @@
<?php
defined($security_key) or exit;
//------------------------------------------
// User Role Assignments
//------------------------------------------
//Connect to DB
$pdo = dbConnect($dbname);
//------------------------------------------
//NEW ARRAY
//------------------------------------------
$criterias = [];
$user_permissions = [];
//------------------------------------------
//Check for $_GET variables and build up clause
//------------------------------------------
if(isset($get_content) && $get_content!=''){
//GET VARIABLES FROM URL
$requests = explode("&", $get_content);
//Check for keys and values
foreach ($requests as $y){
$v = explode("=", $y);
//INCLUDE VARIABLES IN ARRAY
$criterias[$v[0]] = $v[1];
}
}
$user_key = $criterias['userkey'] ?? null;
if (!$user_key) {
http_response_code(400);
exit(json_encode(['error_code' => 'API_INPUT_1','error' => 'user_key is required']));
}
//GET USER_DATA
$stmt = $pdo->prepare('SELECT * FROM users WHERE userkey = ?');
$stmt->execute([$user_key]);
if ($stmt->rowCount() == 1) {
//Get results
$user_data = $stmt->fetch();
//GET DATA
$user_permissions['id'] = $user_data['id'];
$user_permissions['email'] = $user_data['email'];
$user_permissions['partnerhierarchy'] = $user_data['partnerhierarchy']; //clean;
$user_permissions['permission'] = userRights($user_data['view']);
$user_permissions['profile'] = getProfile($user_data['settings'],userRights($user_data['view']));
//NEW DATA REPLACING PROFILE AND LATER PERMISSION ABOVE
$user_permissions['permissions'] = getUserPermissions($pdo, $user_data['id']);
if (!$user_permissions['permissions']) {
http_response_code(404);
exit(json_encode(['error_code' => 'API_NOT_FOUND','error' => 'No permissions found']));
}
//+++++++++++++++++++++++++++++++++++++++++++
//Return as JSON
//+++++++++++++++++++++++++++++++++++++++++++
echo json_encode($user_permissions);
}
else {
http_response_code(404);
exit(json_encode(['error_code' => 'API_NOT_FOUND','error' => 'User not found']));
}
?>