pcwvanbeers/assetmgt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Refactor user session handling and permissions management

Browse Source 
- Updated session variables to use 'authorization' array instead of 'username' for user identification across multiple files.
- Introduced a new function `getUserPermissions` to consolidate user permissions retrieval based on assigned roles.
- Modified API calls to use the new authorization structure and updated endpoints to v2.
- Enhanced language support by adding 'PL' to the list of supported languages.
- Cleaned up redundant code and improved session management during user login and registration processes.
- Added a new API endpoint for fetching user permissions based on user ID.
This commit is contained in:
“VeLiTi”
2026-01-19 15:29:16 +01:00
parent 782050c3ca
commit 24481279d5
99 changed files with 683 additions and 539 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
user.php
View File

@@ -1,7 +1,7 @@
<?php
defined(page_security_key) or exit;
if (debug && debug_id == $_SESSION['id']){
if (debug && debug_id == $_SESSION['authorization']['id']){
ini_set('display_errors', '1');
ini_set('display_startup_errors', '1');
error_reporting(E_ALL);
@@ -14,16 +14,16 @@ include_once './settings/settings_redirector.php';
$_SESSION['prev_origin_user'] = $_SERVER['REQUEST_URI'];
$page = 'user';
//Check if allowed
if (isAllowed($page,$_SESSION['profile'],$_SESSION['permission'],'R') === 0){
if (isAllowed($page,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'R') === 0){
header('location: index.php');
exit;
}
//PAGE Security
$page_manage = 'user_manage';
$update_allowed = isAllowed($page ,$_SESSION['profile'],$_SESSION['permission'],'U');
$update_allowed_edit = isAllowed($page_manage ,$_SESSION['profile'],$_SESSION['permission'],'U');
$delete_allowed = isAllowed($page_manage ,$_SESSION['profile'],$_SESSION['permission'],'D');
$create_allowed = isAllowed($page_manage ,$_SESSION['profile'],$_SESSION['permission'],'C');
$update_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'U');
$update_allowed_edit = isAllowed($page_manage ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'U');
$delete_allowed = isAllowed($page_manage ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'D');
$create_allowed = isAllowed($page_manage ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'C');
//GET Details from URL
$user_ID = $_GET['id'] ?? '';
@@ -344,10 +344,10 @@ $view .= '</span>
<option value="2"'.($user->view == 2 ? ' selected' : '').'>'.($permission2 ?? 'Edit').'</option>
<option value="1"'.($user->view == 1 ? ' selected' : '').'>'.($permission1 ?? 'View').'</option>';
if ($_SESSION['permission'] == 3){
if ($_SESSION['authorization']['permission'] == 3){
$view .= '<option value="4"'.($user->view == 4 ? ' selected' : '').'>'.($permission4 ?? 'Super Admin').'</option>';
}
if ($_SESSION['permission'] == 4){
if ($_SESSION['authorization']['permission'] == 4){
$view .= '<option value="4"'.($user->view == 4 ? ' selected' : '').'>'.($permission4 ?? 'Super Admin').'</option>
<option value="5"'.($user->view == 5 ? ' selected' : '').'>'.($permission5 ?? 'System').'</option>';
}
@@ -360,7 +360,7 @@ $view .= ' </select>
<td>
<span class="view-mode">'.($user->settings ?? '-').'</span>';
if ($_SESSION['permission'] == 3 || $_SESSION['permission'] == 4){
if ($_SESSION['authorization']['permission'] == 3 || $_SESSION['authorization']['permission'] == 4){
$view .= '<select class="edit-mode" name="settings" style="display:none;">
<option value="">-</option>';
foreach ($all_profiles as $profile) {
@@ -388,7 +388,7 @@ $view .= ' </td>
</div>';
// Partner Hierarchy Block
$partner_data = json_decode($user->partnerhierarchy) ?? json_decode($_SESSION['partnerhierarchy']);
$partner_data = json_decode($user->partnerhierarchy) ?? json_decode($_SESSION['authorization']['partnerhierarchy']);
$view .= '<div class="content-block">
<div class="block-header">
@@ -397,9 +397,9 @@ $view .= '<div class="content-block">
<div class="table order-table">
<table>';
if ($_SESSION['permission'] == 3 || $_SESSION['permission'] == 4){
$salesid_dropdown = listPartner('salesid', $_SESSION['permission'], $partner_data->salesid ?? '', '');
$soldto_dropdown = listPartner('soldto', $_SESSION['permission'], $partner_data->soldto ?? '', '');
if ($_SESSION['authorization']['permission'] == 3 || $_SESSION['authorization']['permission'] == 4){
$salesid_dropdown = listPartner('salesid', $_SESSION['authorization']['permission'], $partner_data->salesid ?? '', '');
$soldto_dropdown = listPartner('soldto', $_SESSION['authorization']['permission'], $partner_data->soldto ?? '', '');
$view .= '<tr>
<td style="width:25%;">'.($general_salesid ?? 'Sales ID').'</td>
@@ -417,8 +417,8 @@ if ($_SESSION['permission'] == 3 || $_SESSION['permission'] == 4){
</tr>';
}
$shipto_dropdown = listPartner('shipto', $_SESSION['permission'], $partner_data->shipto ?? '', '');
$location_dropdown = listPartner('location', $_SESSION['permission'], $partner_data->location ?? '', '');
$shipto_dropdown = listPartner('shipto', $_SESSION['authorization']['permission'], $partner_data->shipto ?? '', '');
$location_dropdown = listPartner('location', $_SESSION['authorization']['permission'], $partner_data->location ?? '', '');
$view .= '<tr>
<td style="width:25%;">'.($general_shipto ?? 'Ship To').'</td>
@@ -466,7 +466,7 @@ $view .= '<div class="content-block">
<td>
<span class="view-mode">'.$user->login_count.'</span>';
if ($_SESSION['permission'] == 3 || $_SESSION['permission'] == 4){
if ($_SESSION['authorization']['permission'] == 3 || $_SESSION['authorization']['permission'] == 4){
$view .= '<input type="number" class="edit-mode" name="login_count" value="'.$user->login_count.'" style="display:none; width: 80px;">';
} else {
$view .= '<input type="hidden" name="login_count" value="'.$user->login_count.'">';