pcwvanbeers/assetmgt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Refactor user session handling and permissions management

Browse Source 
- Updated session variables to use 'authorization' array instead of 'username' for user identification across multiple files.
- Introduced a new function `getUserPermissions` to consolidate user permissions retrieval based on assigned roles.
- Modified API calls to use the new authorization structure and updated endpoints to v2.
- Enhanced language support by adding 'PL' to the list of supported languages.
- Cleaned up redundant code and improved session management during user login and registration processes.
- Added a new API endpoint for fetching user permissions based on user ID.
This commit is contained in:
“VeLiTi”
2026-01-19 15:29:16 +01:00
parent 782050c3ca
commit 24481279d5
99 changed files with 683 additions and 539 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
profile.php
View File

@@ -3,14 +3,14 @@ defined(page_security_key) or exit;
$page = 'profile';
//Check if allowed
if (isAllowed($page,$_SESSION['profile'],$_SESSION['permission'],'R') === 0){
if (isAllowed($page,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'R') === 0){
header('location: index.php');
exit;
}
//PAGE Security
$update_allowed = isAllowed($page ,$_SESSION['profile'],$_SESSION['permission'],'U');
$delete_allowed = isAllowed($page ,$_SESSION['profile'],$_SESSION['permission'],'D');
$create_allowed = isAllowed($page ,$_SESSION['profile'],$_SESSION['permission'],'C');
$update_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'U');
$delete_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'D');
$create_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'C');
// Default input product values
$user = [
@@ -29,7 +29,7 @@ $user = [
// ID param exists, edit an existing product
//CALL TO API
$api_url = '/v1/profile/userkey='.$_SESSION['userkey'];
$api_url = '/v1/profile/userkey='.$_SESSION['authorization']['userkey'];
$responses = ioServer($api_url,'');
//Decode Payload
if (!empty($responses)){$responses = decode_payload($responses);}else{$responses = null;}
@@ -75,7 +75,7 @@ if ($update_allowed === 1){
//------------------------------------
//CHECK IF USER IS ALSO CREATOR OF RECORD THEN OVERRIDE UPDATE_ALLOWED_EDIT
//------------------------------------
$update_allowed = (($user['username'] == $_SESSION['username'])? 1 : 0);
$update_allowed = (($user['username'] == $_SESSION['authorization']['clientID'])? 1 : 0);
template_header('Profile', 'profile', 'manage');
@@ -85,7 +85,7 @@ $view ='
<h2 class="responsive-width-100">'.$user_h2.'</h2>
<a href="index.php?page=dasboard" class="btn alt mar-right-2">←</a>
';
if ($update_allowed === 1 && $_SESSION['permission'] != 0){
if ($update_allowed === 1 && $_SESSION['authorization']['permission'] != 0){
$view .= '<input type="submit" name="submit" value="💾" class="btn">';
}
@@ -108,7 +108,7 @@ $view .= '<div class="content-block tab-content active">
<input type="text" name="" placeholder="" value="'.${'permission'.$user['view']}.'" readonly>
<label for="profile">'.$User_profile.'</label>
<input type="text" name="" placeholder="" value="'.$user['settings'].'" readonly>
<textarea id="" name="assigned_profile" placeholder="">'.$_SESSION['profile'].'</textarea>
<textarea id="" name="assigned_profile" placeholder="">'.$_SESSION['authorization']['profile'].'</textarea>
<label for="service">'.$User_service.'</label>
<input type="text" name="" placeholder="" value="'.(($user['service']!='') ? $enabled : $disabled ).'" readonly>
<label for="service">'.$User_language.'</label>
@@ -120,7 +120,7 @@ $view .= '<div class="content-block tab-content active">
$view .=' </select>
<input type="hidden" name="id" value="'.$user['id'].'">
';
if ($update_allowed === 1 && $_SESSION['permission'] != 0){
if ($update_allowed === 1 && $_SESSION['authorization']['permission'] != 0){
$view .= '<label for="service">'.$User_pw_reset .'</label>
<input type="submit" name="reset" value="Reset" class="btn" style="width: 15%;" onclick="return confirm(\'Are you sure you want to reset this user password?\')">
';