Refactor user permission handling to utilize hierarchy levels across user credential retrieval and role management. Update permission checks in user_roles.php and enhance session management in index.php for improved security and consistency.
This commit is contained in:
“VeLiTi”
@@ -14,7 +14,6 @@ $stmt->execute([$userkey, $userkey]);
|
||||
$user_data = $stmt->fetch();
|
||||
//Define User data
|
||||
$partnerhierarchy = $user_data['partnerhierarchy'];
|
||||
$permission = userRights($user_data['view']);
|
||||
$profile= getUserPermissions($pdo, $user_data['id']);
|
||||
$username = $user_data['username'];
|
||||
$useremail = $user_data['email'];
|
||||
@@ -22,6 +21,7 @@ $servicekey = $user_data['service'];
|
||||
$partner = json_decode($partnerhierarchy);
|
||||
$language = $user_data['language'];
|
||||
$clientsecret = $user_data['userkey'];
|
||||
$permission = getHierarchyLevel($partner); //upgrade from userrights(view)
|
||||
|
||||
//Update Lastlogin
|
||||
$logindate = date('Y-m-d H:i:s');
|
||||
|
||||
@@ -16,7 +16,6 @@ if ($stmt->rowCount() == 1) {
|
||||
$user_data = $stmt->fetch();
|
||||
//Define User data
|
||||
$partnerhierarchy = $user_data['partnerhierarchy'];
|
||||
$permission = userRights($user_data['view']);
|
||||
$profile= getUserPermissions($pdo, $user_data['id']);
|
||||
$username = $user_data['username'];
|
||||
$useremail = $user_data['email'];
|
||||
@@ -24,6 +23,7 @@ if ($stmt->rowCount() == 1) {
|
||||
$language = $user_data['language'];
|
||||
$partner = json_decode($partnerhierarchy);
|
||||
$clientsecret = $user_data['userkey'];
|
||||
$permission = getHierarchyLevel($partner); //upgrade from userrights(view)
|
||||
|
||||
//Update Lastlogin
|
||||
$logindate = date('Y-m-d H:i:s');
|
||||
|
||||
@@ -18,7 +18,6 @@ if ($stmt->rowCount() == 1) {
|
||||
$user_data = $stmt->fetch();
|
||||
//Define User data
|
||||
$partnerhierarchy = $user_data['partnerhierarchy'];
|
||||
$permission = userRights($user_data['view']);
|
||||
$profile= getUserPermissions($pdo, $user_data['id']); //getProfile($user_data['settings'],$permission);
|
||||
$username = $user_data['username'];
|
||||
$useremail = $user_data['email'];
|
||||
@@ -26,6 +25,7 @@ if ($stmt->rowCount() == 1) {
|
||||
$language = $user_data['language'];
|
||||
$partner = json_decode($partnerhierarchy);
|
||||
$clientsecret = $user_data['userkey'];
|
||||
$permission = getHierarchyLevel($partner); //upgrade from userrights(view)
|
||||
|
||||
//Update Lastlogin
|
||||
$logindate = date('Y-m-d H:i:s');
|
||||
|
||||
@@ -55,7 +55,7 @@ $clause_insert = substr($clause_insert, 2);
|
||||
$input_insert = substr($input_insert, 1);
|
||||
|
||||
//QUERY AND VERIFY ALLOWED
|
||||
if ($command == 'update' && isAllowed('user_role_manage',$profile,$permission,'U') === 1){
|
||||
if ($command == 'update' && isAllowed('user_roles',$profile,$permission,'U') === 1){
|
||||
$sql = 'UPDATE user_roles SET '.$clause.' WHERE rowID = ?';
|
||||
$execute_input[] = $id;
|
||||
$stmt = $pdo->prepare($sql);
|
||||
@@ -82,7 +82,7 @@ if ($command == 'update' && isAllowed('user_role_manage',$profile,$permission,'U
|
||||
}
|
||||
}
|
||||
}
|
||||
elseif ($command == 'insert' && isAllowed('user_role_manage',$profile,$permission,'C') === 1){
|
||||
elseif ($command == 'insert' && isAllowed('user_roles',$profile,$permission,'C') === 1){
|
||||
$sql = 'INSERT INTO user_roles ('.$clause_insert.') VALUES ('.$input_insert.')';
|
||||
$stmt = $pdo->prepare($sql);
|
||||
$stmt->execute($execute_input);
|
||||
@@ -106,7 +106,7 @@ elseif ($command == 'insert' && isAllowed('user_role_manage',$profile,$permissio
|
||||
}
|
||||
}
|
||||
}
|
||||
elseif ($command == 'delete' && isAllowed('user_role_manage',$profile,$permission,'D') === 1){
|
||||
elseif ($command == 'delete' && isAllowed('user_roles',$profile,$permission,'D') === 1){
|
||||
//Delete role permissions first (foreign key constraint)
|
||||
$stmt = $pdo->prepare('DELETE FROM role_access_permissions WHERE role_id = ?');
|
||||
$stmt->execute([$id]);
|
||||
|
||||
Reference in New Issue
Block a user