Refactor user permissions handling and enhance menu functionality with collapsible headers

2026-01-21 12:48:46 +01:00
parent 18469fe958
commit aeda4e4cb9
14 changed files with 349 additions and 80 deletions
--- a/index.php
+++ b/index.php
@@ -108,8 +108,8 @@ if (isset($_GET['page']) && $_GET['page'] == 'logout') {

 //=====================================
 //DEFINE WHERE TO SEND THE USER TO. GET first assigned view in the profile if not available use dashboard
-//=====================================
-$allowed_views = explode(',',$_SESSION['authorization']['permissions']);
+/*=====================================
+$allowed_views = explode(',',$_SESSION['authorization']['profile']);
 $ignoreViews = ['profile','assets','sales'];

 // If dashboard is in the profile, prioritize it
@@ -118,16 +118,93 @@ if (in_array('dashboard', $allowed_views) && file_exists('dashboard.php')) {
 } else {
    $allowed_views = findExistingView($allowed_views, 'dashboard', $ignoreViews);
 } 
+*/
+//+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+// SIMPLE ROUTING SYSTEM
+//+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+$page = $_GET['page'] ?? 'dashboard';

-//=====================================
-//FORWARD THE USER TO THE CORRECT PAGE
-//=====================================
-$page = isset($_GET['page']) && file_exists($_GET['page'] . '.php') ? $_GET['page'] : $allowed_views;
+// Sanitize page parameter to prevent directory traversal
+$page = preg_replace('/[^a-zA-Z0-9_-]/', '', $page);
+$page_file = $page . '.php';

 // Output error variable
 $error = '';
-// Include the requested page
-include $page . '.php';
+
+try {
+    $file_exists = file_exists($page_file);
+    $is_allowed = $file_exists ? isAllowed($page, $_SESSION['authorization']['permissions'], $_SESSION['authorization']['permission'], 'R') : 0;
+
+    if (debug) {
+        debuglog("Routing: page={$page}, file_exists={$file_exists}, is_allowed={$is_allowed}");
+    }
+
+    if ($file_exists && $is_allowed !== 0) {
+        include $page_file;
+    } else {
+        // Show error page for missing files or unauthorized access
+        $page_exists = file_exists($page_file);
+        $error_title = $page_exists ? 'Access Denied' : 'Page Not Found';
+        $error_message = $page_exists
+            ? 'You do not have permission to access this page.'
+            : 'The requested page "' . htmlspecialchars($page) . '" could not be found.';
+        $error_icon = $page_exists ? 'fa-solid fa-lock' : 'fa-solid fa-file-circle-xmark';
+
+        template_header($error_title, '');
+        echo '
+        <div class="content-title">
+            <div class="title">
+                <i class="' . $error_icon . '"></i>
+                <div class="txt">
+                    <h2>' . $error_title . '</h2>
+                    <p>' . $error_message . '</p>
+                </div>
+            </div>
+        </div>
+        <div class="content-block" style="text-align: center; padding: 60px 20px;">
+            <div style="font-size: 64px; color: var(--gray-400, #9ca3af); margin-bottom: 20px;">
+                <i class="' . $error_icon . '"></i>
+            </div>
+            <p style="color: var(--gray-500, #6b7280); margin-bottom: 30px;">Please check the URL or navigate using the menu.</p>
+            <a href="index.php?page=dashboard" class="btn">
+                <i class="fa-solid fa-house"></i> Return to Dashboard
+            </a>
+        </div>';
+        template_footer();
+    }
+} catch (Exception $e) {
+    // Handle any errors during page inclusion
+    if (debug) {
+        debuglog("Error loading page {$page}: " . $e->getMessage());
+    }
+
+    template_header('System Error', '');
+    echo '
+    <div class="content-title">
+        <div class="title">
+            <i class="fa-solid fa-triangle-exclamation"></i>
+            <div class="txt">
+                <h2>System Error</h2>
+                <p>An error occurred while loading the page.</p>
+            </div>
+        </div>
+    </div>
+    <div class="content-block" style="text-align: center; padding: 60px 20px;">
+        <div style="font-size: 64px; color: var(--gray-400, #9ca3af); margin-bottom: 20px;">
+            <i class="fa-solid fa-triangle-exclamation"></i>
+        </div>
+        <p style="color: var(--gray-500, #6b7280); margin-bottom: 30px;">Please try again or contact the system administrator.</p>
+        <div style="display: flex; gap: 10px; justify-content: center;">
+            <a href="index.php?page=dashboard" class="btn">
+                <i class="fa-solid fa-house"></i> Return to Dashboard
+            </a>
+            <button onclick="location.reload()" class="btn">
+                <i class="fa-solid fa-rotate-right"></i> Reload Page
+            </button>
+        </div>
+    </div>';
+    template_footer();
+}

 //=====================================
 //debuglog