pcwvanbeers/assetmgt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add user role management functionality with CRUD operations and permissions handling

Browse Source 
- Created user_role.php for viewing and editing user roles and their permissions.
- Implemented inline editing for role details and permissions.
- Added user_role_manage.php for creating and managing user roles.
- Introduced user_roles.php for listing all user roles with pagination and filtering options.
- Integrated API calls for fetching and updating role data and permissions.
- Enhanced user interface with success messages and navigation controls.
This commit is contained in:
“VeLiTi”
2026-01-19 11:16:54 +01:00
parent 3db13b9ebf
commit 782050c3ca
35 changed files with 4071 additions and 370 deletions
Download Patch File Download Diff File Expand all files Collapse all files

317
access_elements.php Normal file
View File

@@ -0,0 +1,317 @@
<?php
defined(page_security_key) or exit;
if (debug && debug_id == $_SESSION['id']){
ini_set('display_errors', '1');
ini_set('display_startup_errors', '1');
error_reporting(E_ALL);
}
include_once './assets/functions.php';
include_once './settings/settings_redirector.php';
//SET PAGE ORIGIN FOR NAVIGATION AND SECURITY
$prev_page = $_SESSION['prev_origin'] ?? '';
$page = $_SESSION['origin'] = 'access_elements';
//create backbutton to prev_origin
$back_btn_orgin = ($prev_page != '')? '<a href="'.$prev_page.'" class="btn alt mar-right-2">←</a>':'';
//Check if allowed
if (isAllowed($page,$_SESSION['profile'],$_SESSION['permission'],'R') === 0){
header('location: index.php');
exit;
}
//PAGE Security
$page_manage = 'access_element_manage';
$update_allowed = isAllowed($page_manage ,$_SESSION['profile'],$_SESSION['permission'],'U');
$delete_allowed = isAllowed($page_manage ,$_SESSION['profile'],$_SESSION['permission'],'D');
$create_allowed = isAllowed($page_manage ,$_SESSION['profile'],$_SESSION['permission'],'C');
// Function to scan project for new PHP files and add to access_elements
function scan_and_update_access_elements() {
$new_elements = [];
$base_path = dirname(__FILE__);
// Scan root PHP files (excluding index, login, logout)
$root_files = glob($base_path . '/*.php');
foreach ($root_files as $file) {
$filename = basename($file, '.php');
if (!in_array($filename, ['index', 'login', 'logout'])) {
// Only add if not already in array (first occurrence wins)
if (!isset($new_elements[$filename])) {
$new_elements[$filename] = [
'name' => ucwords(str_replace('_', ' ', $filename)),
'path' => $filename,
'group' => 'Views',
'description' => 'Auto-scanned: ' . $filename
];
}
}
}
// Scan API v2 get folder - only add if not already found in root
$get_files = glob($base_path . '/api/v2/get/*.php');
foreach ($get_files as $file) {
$filename = basename($file, '.php');
if (!isset($new_elements[$filename])) {
$new_elements[$filename] = [
'name' => ucwords(str_replace('_', ' ', $filename)),
'path' => $filename,
'group' => 'API',
'description' => 'Auto-scanned: ' . $filename
];
}
}
// Scan API v2 post folder - only add if not already found
$post_files = glob($base_path . '/api/v2/post/*.php');
foreach ($post_files as $file) {
$filename = basename($file, '.php');
if (!isset($new_elements[$filename])) {
$new_elements[$filename] = [
'name' => ucwords(str_replace('_', ' ', $filename)),
'path' => $filename,
'group' => 'API',
'description' => 'Auto-scanned: ' . $filename
];
}
}
// Get existing access elements from API
$api_url = '/v2/access_elements/';
$existing = ioServer($api_url, '');
$existing_paths = [];
if (!empty($existing)) {
$existing_data = json_decode($existing);
foreach ($existing_data as $element) {
$existing_paths[] = $element->access_path;
}
}
// Filter out elements that already exist
$elements_to_add = [];
foreach ($new_elements as $path => $element) {
if (!in_array($path, $existing_paths)) {
$elements_to_add[] = $element;
}
}
// Add new elements via API
$added_count = 0;
foreach ($elements_to_add as $element) {
$data = json_encode([
'access_name' => $element['name'],
'access_path' => $element['path'],
'access_group' => $element['group'],
'description' => $element['description'],
'is_active' => 1
], JSON_UNESCAPED_UNICODE);
$response = ioServer('/v2/access_elements', $data);
if ($response !== 'NOK') {
$added_count++;
}
}
return $added_count;
}
// Handle scan request
if (isset($_POST['scan_elements']) && $create_allowed === 1) {
$added_count = scan_and_update_access_elements();
header('Location: index.php?page=access_elements&elements_added=' . $added_count);
exit;
}
//GET PARAMETERS && STORE in SESSION for FURTHER USE/NAVIGATION
$pagination_page = $_SESSION['p'] = isset($_GET['p']) ? $_GET['p'] : 1;
$status = $_SESSION['status'] = isset($_GET['status']) ? '&status='.$_GET['status'] : '';
$sort = $_SESSION['sort'] = isset($_GET['sort']) ? '&sort='.$_GET['sort'] : '';
$search = $_SESSION['search'] = isset($_GET['search']) ? '&search='.$_GET['search'] : '';
//GET PARAMETERS FOR FILTERS
$filter = urlGETdetailsFilter($_GET) ?? '';
// Determine the URL
$url = 'index.php?page=access_elements'.$status.$search.$sort;
//GET Details from URL
$GET_VALUES = urlGETdetails($_GET) ?? '';
//CALL TO API
$api_url = '/v2/access_elements/'.$GET_VALUES;
$responses = ioServer($api_url,'');
//Decode Payload
if (!empty($responses)){$responses = json_decode($responses);}else{$responses = null;}
//Return QueryTotal from API
$total_url = ((!empty($GET_VALUES) && $GET_VALUES !='') ? '&totals=' : 'totals=' );
$api_url = '/v2/access_elements/'.$GET_VALUES.$total_url;
$query_total = ioServer($api_url,'');
//Decode Payload
if (!empty($query_total)){$query_total = json_decode($query_total);}else{$query_total = null;}
// Handle success messages
if (isset($_GET['success_msg'])) {
if ($_GET['success_msg'] == 1) {
$success_msg = ($message_access_1 ?? 'Access element created successfully');
}
if ($_GET['success_msg'] == 2) {
$success_msg = ($message_access_2 ?? 'Access element updated successfully');
}
if ($_GET['success_msg'] == 3) {
$success_msg = ($message_access_3 ?? 'Access element deleted successfully');
}
}
// Handle elements added message from scan
if (isset($_GET['elements_added'])) {
$added_count = (int)$_GET['elements_added'];
if ($added_count > 0) {
$success_msg = $added_count . ' ' . ($message_elements_added ?? 'new access elements added');
} else {
$success_msg = ($message_no_new_elements ?? 'No new elements found. All elements are up to date.');
}
}
template_header(($access_elements_title ?? 'Access Elements'), 'access_elements','view');
$view = '
<div class="content-title">
<div class="title">
<i class="fa-solid fa-lock"></i>
<div class="txt">
<h2>'.($access_elements_h2 ?? 'Access Elements').' ('.$query_total.')</h2>
<p>'.($access_elements_p ?? 'Manage system access elements and paths').'</p>
</div>
</div>
<div class="title-actions">
'.$back_btn_orgin;
// Scan button - only show if user has create permission
if ($create_allowed === 1){
$view .= '
<form action="" method="post" style="display:inline;">
<button type="submit" name="scan_elements" class="btn alt" title="'.($scan_elements_title ?? 'Scan for new files').'">
<i class="fa-solid fa-sync-alt"></i>
</button>
</form>';
$view .= '<a href="index.php?page=access_element_manage" class="btn">+</a>';
}
$view .= '<button id="filter-toggle" class="btn alt" onclick="toggleFilters()">
<i class="fa-solid fa-search"></i>
</button>
</div>
</div>';
if (isset($success_msg)){
$view .= ' <div class="msg success">
<i class="fas fa-check-circle"></i>
<p>'.$success_msg.'</p>
<i class="fas fa-times"></i>
</div>';
}
$view .= '
<div id="filter-panel" class="filter-panel" style="display: none;">
<div class="filter-content">
<form action="" method="get">
'.$filter.'
<div class="filter-row">
<div class="filter-group">
<select name="status">
<option value="" disabled selected>'.($general_status ?? 'Status').'</option>
<option value="1"'.(isset($_GET['status']) && $_GET['status']==1?' selected':'').'>'.($enabled ?? 'Active').'</option>
<option value="0"'.(isset($_GET['status']) && $_GET['status']==0?' selected':'').'>'.($disabled ?? 'Inactive').'</option>
</select>
</div>
<div class="filter-group">
<select name="sort">
<option value="" disabled selected>'.($general_sort ?? 'Sort').'</option>
<option value="1"'.(isset($_GET['sort']) && $_GET['sort']==1?' selected':'').'>'.($access_element_name ?? 'Name').' '.($general_sort_type_1 ?? 'ASC').'</option>
<option value="2"'.(isset($_GET['sort']) && $_GET['sort']==2?' selected':'').'>'.($access_element_name ?? 'Name').' '.($general_sort_type_2 ?? 'DESC').'</option>
<option value="3"'.(isset($_GET['sort']) && $_GET['sort']==3?' selected':'').'>'.($access_element_path ?? 'Path').' '.($general_sort_type_1 ?? 'ASC').'</option>
<option value="4"'.(isset($_GET['sort']) && $_GET['sort']==4?' selected':'').'>'.($access_element_path ?? 'Path').' '.($general_sort_type_2 ?? 'DESC').'</option>
</select>
</div>
<div class="filter-group search-group">
<input type="text" name="search" placeholder="'.($access_search ?? 'Search access elements...').'" value="">
</div>
</div>
<div class="filter-actions">
<button type="submit" class="btn"><i class="fas fa-level-down-alt fa-rotate-90"></i></button>
<a class="btn alt" href="index.php?page=access_elements">X</a>
</div>
</form>
</div>
</div>
';
$view .= '
<div class="content-block">
<div class="table">
<table class="sortable">
<thead>
<tr>
<th>'.($access_element_name ?? 'Name').'</th>
<th>'.($access_element_path ?? 'Path').'</th>
<th>'.($access_element_group ?? 'Group').'</th>
<th class="responsive-hidden">'.($role_description ?? 'Description').'</th>
<th>'.($general_status ?? 'Status').'</th>
<th class="responsive-hidden">'.($general_created ?? 'Created').'</th>
</tr>
</thead>
<tbody>
';
if (empty($responses)){
$view .= '
<tr>
<td colspan="6" style="text-align:center;">'.($message_no_access_elements ?? 'No access elements found').'</td>
</tr>';
}
foreach ($responses as $response){
//Translate status INT to STR
$status_text = ($response->is_active == 1) ? ($enabled ?? 'Active') : ($disabled ?? 'Inactive');
$status_class = ($response->is_active == 1) ? 'id1' : 'id0';
$view .= '<tr onclick="window.location.href=\'index.php?page=access_element&rowID='.$response->rowID.'\'" style="cursor: pointer;">
<td>'.$response->access_name.'</td>
<td>'.$response->access_path.'</td>
<td>'.($response->access_group ?? '-').'</td>
<td class="responsive-hidden">'.($response->description ?? '-').'</td>
<td><span class="status '.$status_class.'">'.$status_text.'</span></td>
<td class="responsive-hidden">'.getRelativeTime($response->created).'</td>
</tr>
';
}
$view .= '
</tbody>
</table>
</div>
</div>
';
$page_rows = $page_rows_equipment ?? 20;
$view.='<div class="pagination">';
if ($pagination_page > 1) {
$page = $pagination_page-1;
$view .= '<a href="'.$url.'&p=1">'.($general_first ?? 'First').'</a>';
$view .= '<a href="'.$url.'&p='.$page.'">'.($general_prev ?? 'Prev').'</a>';
}
$totals = ceil($query_total / $page_rows) == 0 ? 1 : ceil($query_total / $page_rows);
$view .= '<span> '.($general_page ?? 'Page ').$pagination_page.($general_page_of ?? ' of ').$totals.'</span>';
if ($pagination_page * $page_rows < $query_total){
$page = $pagination_page+1;
$view .= '<a href="'.$url.'&p='.$page.'">'.($general_next ?? 'Next').'</a>';
$view .= '<a href="'.$url.'&p='.$totals.'">'.($general_last ?? 'Last').'</a>';
}
$view .= '</div>';
//OUTPUT
echo $view;
template_footer();
?>