pcwvanbeers/assetmgt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Implement RBAC migration and role management enhancements

Browse Source 
- Added AJAX functionality to fetch role permissions for copying.
- Introduced system role management with permission checks for updates.
- Implemented role deletion with confirmation modal and backend handling.
- Enhanced user role assignment migration scripts to transition from legacy profiles to RBAC.
- Created SQL migration scripts for user roles and permissions mapping.
- Updated user interface to support new role management features including copy permissions and system role indicators.
This commit is contained in:
“VeLiTi”
2026-01-27 15:10:21 +01:00
parent aeda4e4cb9
commit f7a91737bc
30 changed files with 1285 additions and 236 deletions
Download Patch File Download Diff File Expand all files Collapse all files

94
assets/functions.php
View File

@@ -515,10 +515,19 @@ echo <<<EOT
// Intercept form submissions
setupFormInterception();
// Intercept fetch and XMLHttpRequest
interceptNetworkRequests();
// Intercept form submissions to show loading
function setupFormInterception() {
document.querySelectorAll('form').forEach(function(form) {
form.addEventListener('submit', function() {
showLoading();
});
});
}
// Intercept all network requests (fetch and XMLHttpRequest)
function interceptNetworkRequests() {
// Track active requests
@@ -1637,42 +1646,25 @@ function getProfile($profile, $permission){
// Always allowed collections: [collection => allowed_actions_string]
$always_allowed = [
'com_log' => 'U',
'com_log' => 'CRU',
'application' => 'CRU',
'user_permissions' => 'R',
'software_update' => 'R',
'software_download' => 'R',
'software_available' => 'R',
'history' => 'U',
'payment' => 'U',
'marketing_files' => 'CRUD',
'marketing_folders' => 'CRUD',
'marketing_tags' => 'CRUD',
'marketing_upload' => 'CRUD',
'marketing_delete' => 'CRUD'
'history' => 'RU',
'payment' => 'U'
];
// Debug log - initial call
if(debug){
$perm_count = is_array($permissions) ? count($permissions) : 'not_array';
$test = "$date - isAllowed called: access_element=$access_element, basic_permission_level=$basic_permission_level, action=$action, permissions_count=$perm_count".PHP_EOL;
error_log($test, 3, $filelocation);
}
// 1. Check if basic_permission_level is 4 (System-admin+) - always allow
if ($basic_permission_level !== null && $basic_permission_level == 4) {
if(debug){
$test = "$date - Allowed by system permission (level 5)".PHP_EOL;
error_log($test, 3, $filelocation);
}
return 1;
}
// 2. Check always_allowed list
if (isset($always_allowed[$access_element]) && str_contains($always_allowed[$access_element], $action)) {
if(debug){
$test = "$date - Allowed by always_allowed list".PHP_EOL;
error_log($test, 3, $filelocation);
}
return 1;
}
@@ -1691,20 +1683,21 @@ function getProfile($profile, $permission){
$permission_key = $action_map[$action] ?? null;
if ($permission_key && isset($element_permissions[$permission_key]) && $element_permissions[$permission_key] == 1) {
if(debug){
$test = "$date - Allowed by RBAC permissions: $access_element -> $permission_key = 1".PHP_EOL;
error_log($test, 3, $filelocation);
}
return 1;
}
if(debug){
$test = "$date - isAllowed called: access_element=$access_element, basic_permission_level=$basic_permission_level, action=$action".PHP_EOL;
error_log($test, 3, $filelocation);
$perm_value = $element_permissions[$permission_key] ?? 'not_set';
$test = "$date - RBAC check failed: $access_element -> $permission_key = $perm_value".PHP_EOL;
error_log($test, 3, $filelocation);
}
} else {
if(debug){
$test = "$date - isAllowed called: access_element=$access_element, basic_permission_level=$basic_permission_level, action=$action".PHP_EOL;
error_log($test, 3, $filelocation);
$test = "$date - Access element '$access_element' not found in permissions array".PHP_EOL;
error_log($test, 3, $filelocation);
}
@@ -1712,9 +1705,12 @@ function getProfile($profile, $permission){
// Not allowed
if(debug){
$test = "$date - isAllowed called: access_element=$access_element, basic_permission_level=$basic_permission_level, action=$action".PHP_EOL;
error_log($test, 3, $filelocation);
$test = "$date - Not allowed: access_element=$access_element, action=$action".PHP_EOL;
error_log($test, 3, $filelocation);
}
return 0;
}
@@ -3913,27 +3909,29 @@ function dateInRange($start_date, $end_date, $date_check)
function getLatestVersion($productcode,$token){
//CALL TO API TO GET ALL ACTIVE CONTRACTS
$api_url = '/v2/products_software/productcode='.$productcode;
$responses = ioAPIv2($api_url,'',$token);
//$pdo = dbConnect($dbname);
//Decode Payload
if (!empty($responses)){$responses = json_decode($responses,true);
}
else{
$responses = $output = array(
"productcode" => "",
"version"=> "",
"mandatory"=> "",
"latest"=> "",
"software"=> "",
"source" => "",
"source_type" => ""
);
;}
//CALL TO API TO GET ALL ACTIVE CONTRACTS
$api_url = '/v2/products_software/productcode='.$productcode;
$responses = ioAPIv2($api_url,'',$token);
//Decode Payload
if (!empty($responses)){$responses = json_decode($responses,true);
}
else{
$responses = $output = array(
"productcode" => "",
"version"=> "",
"mandatory"=> "",
"latest"=> "",
"software"=> "",
"source" => "",
"source_type" => ""
);
;}
//DEFAULT OUTPUT
return $responses;
//DEFAULT OUTPUT
return $responses;
}
// +++++++++++++++++++++++++++++++++++++++++++++++++++++++