Removed initial software_upgrade

2025-12-12 10:54:45 +01:00
parent c39a5ca648
commit 2b42013e23
19 changed files with 53 additions and 2132 deletions
--- a/assets/functions.php
+++ b/assets/functions.php
@@ -1016,21 +1016,64 @@ function getProfile($profile, $permission){
    //Include settingsa
    include dirname(__FILE__,2).'/settings/settings_redirector.php';

+    // Always allowed collections: [collection => allowed_actions_string]
+    $always_allowed = [
+        'com_log' => 'U'
+    ];
+
+    // Group permissions: [granting_page => [collection => allowed_actions_string]]
+    $group_permissions = [
+        'upgrades' => [
+            'software_downloads' => 'RU',
+            'software' => 'RU',
+            'upgrade_paths' => 'RU',
+            'user_licenses' => 'RU',
+            'version_access_rules' => 'RU',
+            'download_logs' => 'RU',
+            'download_tokens' => 'RU'
+        ]
+    ];
+
+    // Debug log
+    debuglog("isAllowed called: page=$page, profile=$profile, permission=$permission, action=$action");
+
+    // 1. Check always allowed
+    if (isset($always_allowed[$page]) && str_contains($always_allowed[$page], $action)) {
+        debuglog("Allowed by always_allowed");
+        return 1;
+    }
+
    //GET ALLOWED ACTIONS
    $user_permission = ${'permission_'.$permission};
    
    //CHECK ALLOWED
-    $page_action = str_contains($user_permission,$action) > 0 ? 1 : 0; //CHECK IF USER IS ALLOWED TODO THE ACTION
+    $page_action = str_contains($user_permission,$action) > 0 ? 1 : 0; //CHECK IF USER IS ALLOWED TO DO THE ACTION
    $page_access = str_contains($profile,$page) > 0 ? 1 : 0; //CHECK USER IS ALLOWED TO ACCESS PAGE
    
-    //RETURN CODE
+    debuglog("user_permission=$user_permission, page_action=$page_action, page_access=$page_access");
+
+    // 2. Check user permissions (standard)
    if ($page_access == 1 && $page_action == 1){
-        $user_access = 1;
-    } else {
-        //Not Allowed
-        $user_access = 0;
+        debuglog("Allowed by user permissions");
+        return 1;
    }
-    return $user_access;
+
+    // 3. If not allowed by user, check group permissions
+    if ($page_access == 0) {
+        foreach ($group_permissions as $granting_page => $grants) {
+            if (str_contains($profile, $granting_page)) {
+                debuglog("Found granting_page: $granting_page");
+                if (isset($grants[$page]) && str_contains($grants[$page], $action)) {
+                    debuglog("Allowed by group permissions");
+                    return 1;
+                }
+            }
+        }
+    }
+
+    debuglog("Not allowed");
+    // Not allowed
+    return 0;
  }