Add user role management functionality with CRUD operations and permissions handling

- Created user_role.php for viewing and editing user roles and their permissions. - Implemented inline editing for role details and permissions. - Added user_role_manage.php for creating and managing user roles. - Introduced user_roles.php for listing all user roles with pagination and filtering options. - Integrated API calls for fetching and updating role data and permissions. - Enhanced user interface with success messages and navigation controls.
2026-01-19 11:16:54 +01:00
parent 3db13b9ebf
commit 782050c3ca
35 changed files with 4071 additions and 370 deletions
--- a/user_role_manage.php
+++ b/user_role_manage.php
@@ -0,0 +1,227 @@
+<?php
+defined(page_security_key) or exit;
+
+if (debug && debug_id == $_SESSION['id']){
+    ini_set('display_errors', '1');
+    ini_set('display_startup_errors', '1');
+    error_reporting(E_ALL);
+}
+
+include_once './assets/functions.php';
+include_once './settings/settings_redirector.php';
+
+$page = 'user_role_manage';
+//Check if allowed
+if (isAllowed($page,$_SESSION['profile'],$_SESSION['permission'],'R') === 0){
+    header('location: index.php');
+    exit;
+}
+//PAGE Security
+$update_allowed = isAllowed($page ,$_SESSION['profile'],$_SESSION['permission'],'U');
+$delete_allowed = isAllowed($page ,$_SESSION['profile'],$_SESSION['permission'],'D');
+$create_allowed = isAllowed($page ,$_SESSION['profile'],$_SESSION['permission'],'C');
+
+// Default input values
+$role = [
+    'rowID' => '',
+    'name' => '',
+    'description' => '',
+    'is_active' => 1,
+    'created' => '',
+    'createdby' => $_SESSION['username'],
+    'updated' => '',
+    'updatedby' => ''
+];
+
+$role_ID = $_GET['rowID'] ?? '';
+
+if ($role_ID !=''){
+    $url = 'index.php?page=user_role&rowID='.$role_ID.'';
+} else {
+    $url = 'index.php?page=user_roles';
+}
+
+//GET ALL ACCESS ELEMENTS
+$api_url = '/v2/access_elements/status=1';
+$access_elements = ioServer($api_url,'');
+//Decode Payload
+if (!empty($access_elements)){$access_elements = json_decode($access_elements);}else{$access_elements = null;}
+
+//GET ROLE PERMISSIONS (if editing)
+$role_permissions = [];
+if ($role_ID != ''){
+    $api_url = '/v2/role_access_permissions/role_id='.$role_ID;
+    $role_permissions_response = ioServer($api_url,'');
+    if (!empty($role_permissions_response)){
+        $role_permissions_data = json_decode($role_permissions_response);
+        foreach ($role_permissions_data as $perm){
+            $role_permissions[$perm->access_id] = [
+                'can_create' => $perm->can_create,
+                'can_read' => $perm->can_read,
+                'can_update' => $perm->can_update,
+                'can_delete' => $perm->can_delete
+            ];
+        }
+    }
+}
+
+if (isset($_GET['rowID'])) {
+    // ID param exists, edit an existing role
+    //CALL TO API
+    $api_url = '/v2/user_roles/rowID='.$role_ID;
+    $responses = ioServer($api_url,'');
+    //Decode Payload
+    if (!empty($responses)){$responses = json_decode($responses,true);}else{$responses = null;}
+
+    $role = $responses[0];
+
+    if ($update_allowed === 1){
+        if (isset($_POST['submit'])) {
+            //GET ALL POST DATA
+            $data = json_encode($_POST, JSON_UNESCAPED_UNICODE);
+            //API call
+            $responses = ioServer('/v2/user_roles', $data);
+
+            if ($responses === 'NOK'){
+
+            } else {
+                header('Location: index.php?page=user_role&rowID='.$role_ID.'&success_msg=2');
+                exit;
+            }
+        }
+    }
+
+    if ($delete_allowed === 1){
+        if (isset($_POST['delete'])) {
+            //GET ALL POST DATA
+            $data = json_encode($_POST , JSON_UNESCAPED_UNICODE);
+            //API call
+            $responses = ioServer('/v2/user_roles', $data);
+            // Redirect and delete role
+            if ($responses === 'NOK'){
+
+            } else {
+            header('Location: index.php?page=user_roles&success_msg=3');
+            exit;
+            }
+        }
+    }
+
+} else {
+    // Create a new role
+    if (isset($_POST['submit']) && $create_allowed === 1) {
+        //GET ALL POST DATA
+        $data = json_encode($_POST, JSON_UNESCAPED_UNICODE);
+        //API call
+        $responses = ioServer('/v2/user_roles', $data);
+        if ($responses === 'NOK'){
+
+        } else {
+        header('Location: index.php?page=user_roles&success_msg=1');
+        exit;
+        }
+    }
+}
+
+template_header(($user_role_title ?? 'User Role'), 'user_role', 'manage');
+
+$label_h2 = (($role_ID !='')? ($manage_role_h2 ?? 'Edit Role') : ($button_create_role ?? 'Create Role'));
+$view ='
+<form action="" method="post">
+    <div class="content-title responsive-flex-wrap responsive-pad-bot-3">
+        <h2 class="responsive-width-100">'.$label_h2.'</h2>
+        <a href="'.$url.'" class="btn alt mar-right-2">←</a>
+';
+
+if ($delete_allowed === 1 && $role_ID != ''){
+    $view .= '<input type="submit" name="delete" value="X" class="btn red mar-right-2" onclick="return confirm(\''.($confirm_delete_role ?? 'Are you sure you want to delete this role?').'\')">';
+}
+if ($update_allowed === 1 || ($create_allowed === 1 && $role_ID == '')){
+    $view .= '<input type="submit" name="submit" value="💾" class="btn">';
+}
+
+$view .= '</div>';
+
+$view .= '<div class="tabs">
+            <a href="#" class="active">'.($tab1 ?? 'General').'</a>
+         </div>
+         <div class="content-block tab-content active">
+            <div class="form responsive-width-100">
+                <label for="is_active">'.($general_status ?? 'Status').'</label>
+                <select id="is_active" name="is_active">
+                    <option value="1" '.($role['is_active']==1?' selected':'').'>'.($enabled ?? 'Active').'</option>
+                    <option value="0" '.($role['is_active']==0?' selected':'').'>'.($disabled ?? 'Inactive').'</option>
+                </select>
+                <label for="name">'.($role_name ?? 'Role Name').' <i class="required">*</i></label>
+                <input id="name" type="text" name="name" placeholder="'.($role_name ?? 'Role Name').'" value="'.$role['name'].'" required>
+                <label for="description">'.($role_description ?? 'Description').'</label>
+                <textarea id="description" name="description" placeholder="'.($role_description ?? 'Description').'" style="height: 100px;">'.$role['description'].'</textarea>
+                <input type="hidden" name="rowID" value="'.$role_ID.'">
+            </div>
+        </div>';
+
+// Permissions Tab
+$view .= '<div class="tabs">
+            <a href="#">'.($tab_permissions ?? 'Permissions').'</a>
+         </div>
+         <div class="content-block tab-content">
+            <div class="table">
+                <table>
+                    <thead>
+                        <tr>
+                            <th>'.($access_element_name ?? 'Access Element').'</th>
+                            <th>'.($permission_create ?? 'Create').'</th>
+                            <th>'.($permission_read ?? 'Read').'</th>
+                            <th>'.($permission_update ?? 'Update').'</th>
+                            <th>'.($permission_delete ?? 'Delete').'</th>
+                        </tr>
+                    </thead>
+                    <tbody>';
+
+if (!empty($access_elements)){
+    foreach ($access_elements as $element){
+        $perm = $role_permissions[$element->rowID] ?? ['can_create' => 0, 'can_read' => 0, 'can_update' => 0, 'can_delete' => 0];
+
+        $view .= '<tr>
+                    <td>'.$element->access_name.'<br><small style="color:#888;">'.$element->access_path.'</small></td>
+                    <td><input type="checkbox" name="permissions['.$element->rowID.'][can_create]" value="1" '.($perm['can_create']==1?'checked':'').'></td>
+                    <td><input type="checkbox" name="permissions['.$element->rowID.'][can_read]" value="1" '.($perm['can_read']==1?'checked':'').'></td>
+                    <td><input type="checkbox" name="permissions['.$element->rowID.'][can_update]" value="1" '.($perm['can_update']==1?'checked':'').'></td>
+                    <td><input type="checkbox" name="permissions['.$element->rowID.'][can_delete]" value="1" '.($perm['can_delete']==1?'checked':'').'></td>
+                </tr>';
+    }
+} else {
+    $view .= '<tr>
+                <td colspan="5" style="text-align:center;">'.($no_access_elements ?? 'No access elements found').'</td>
+            </tr>';
+}
+
+$view .= '      </tbody>
+                </table>
+            </div>
+        </div>';
+
+//DISPLAY TAB 3 - Metadata
+if ($role_ID != ''){
+$view .= '<div class="tabs">
+            <a href="#">'.($tab3 ?? 'Details').'</a>
+         </div>
+         <div class="content-block tab-content">
+            <div class="form responsive-width-100">
+                <label for="created">'.($general_created ?? 'Created').'</label>
+                <input id="created" type="text" name="" placeholder="'.($general_created ?? 'Created').'" value="'.$role['created'].'" readonly>
+                <label for="createdby">'.($general_createdby ?? 'Created By').'</label>
+                <input id="createdby" type="text" name="" placeholder="'.($general_createdby ?? 'Created By').'" value="'.$role['createdby'].'" readonly>
+                <label for="updated">'.($general_updated ?? 'Updated').'</label>
+                <input id="updated" type="text" name="" placeholder="'.($general_updated ?? 'Updated').'" value="'.$role['updated'].'" readonly>
+                <label for="updatedby">'.($general_updatedby ?? 'Updated By').'</label>
+                <input id="updatedby" type="text" name="" placeholder="'.($general_updatedby ?? 'Updated By').'" value="'.$role['updatedby'].'" readonly>
+            </div>
+        </div>';
+}
+
+$view .= '</form>';
+
+//Output
+echo $view;
+template_footer()?>