pcwvanbeers/assetmgt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
0723df45160b7da9400106465e1e1698a6af574e
assetmgt/user_role_manage.php
“VeLiTi” 18469fe958 Refactor authorization checks to use 'permissions' instead of 'profile' in multiple files 
- Updated authorization checks in product management, product attributes, configurations, software, and user management files to use 'permissions' for consistency.
- Ensured that all relevant pages correctly check user permissions for read, update, delete, and create actions.
- Adjusted session variable references to align with the new permissions structure across various modules.
2026-01-20 15:00:00 +01:00

228 lines
9.0 KiB
PHP
Raw Blame History

<?php
defined(page_security_key) or exit;
if (debug && debug_id == $_SESSION['authorization']['id']){
ini_set('display_errors', '1');
ini_set('display_startup_errors', '1');
error_reporting(E_ALL);
}
include_once './assets/functions.php';
include_once './settings/settings_redirector.php';
$page = 'user_role_manage';
//Check if allowed
if (isAllowed($page,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 0){
header('location: index.php');
exit;
}
//PAGE Security
$update_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'U');
$delete_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'D');
$create_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'C');
// Default input values
$role = [
'rowID' => '',
'name' => '',
'description' => '',
'is_active' => 1,
'created' => '',
'createdby' => $_SESSION['authorization']['clientID'],
'updated' => '',
'updatedby' => ''
];
$role_ID = $_GET['rowID'] ?? '';
if ($role_ID !=''){
$url = 'index.php?page=user_role&rowID='.$role_ID.'';
} else {
$url = 'index.php?page=user_roles';
}
//GET ALL ACCESS ELEMENTS
$api_url = '/v2/access_elements/status=1';
$access_elements = ioServer($api_url,'');
//Decode Payload
if (!empty($access_elements)){$access_elements = json_decode($access_elements);}else{$access_elements = null;}
//GET ROLE PERMISSIONS (if editing)
$role_permissions = [];
if ($role_ID != ''){
$api_url = '/v2/role_access_permissions/role_id='.$role_ID;
$role_permissions_response = ioServer($api_url,'');
if (!empty($role_permissions_response)){
$role_permissions_data = json_decode($role_permissions_response);
foreach ($role_permissions_data as $perm){
$role_permissions[$perm->access_id] = [
'can_create' => $perm->can_create,
'can_read' => $perm->can_read,
'can_update' => $perm->can_update,
'can_delete' => $perm->can_delete
];
}
}
}
if (isset($_GET['rowID'])) {
// ID param exists, edit an existing role
//CALL TO API
$api_url = '/v2/user_roles/rowID='.$role_ID;
$responses = ioServer($api_url,'');
//Decode Payload
if (!empty($responses)){$responses = json_decode($responses,true);}else{$responses = null;}
$role = $responses[0];
if ($update_allowed === 1){
if (isset($_POST['submit'])) {
//GET ALL POST DATA
$data = json_encode($_POST, JSON_UNESCAPED_UNICODE);
//API call
$responses = ioServer('/v2/user_roles', $data);
if ($responses === 'NOK'){
} else {
header('Location: index.php?page=user_role&rowID='.$role_ID.'&success_msg=2');
exit;
}
}
}
if ($delete_allowed === 1){
if (isset($_POST['delete'])) {
//GET ALL POST DATA
$data = json_encode($_POST , JSON_UNESCAPED_UNICODE);
//API call
$responses = ioServer('/v2/user_roles', $data);
// Redirect and delete role
if ($responses === 'NOK'){
} else {
header('Location: index.php?page=user_roles&success_msg=3');
exit;
}
}
}
} else {
// Create a new role
if (isset($_POST['submit']) && $create_allowed === 1) {
//GET ALL POST DATA
$data = json_encode($_POST, JSON_UNESCAPED_UNICODE);
//API call
$responses = ioServer('/v2/user_roles', $data);
if ($responses === 'NOK'){
} else {
header('Location: index.php?page=user_roles&success_msg=1');
exit;
}
}
}
template_header(($user_role_title ?? 'User Role'), 'user_role', 'manage');
$label_h2 = (($role_ID !='')? ($manage_role_h2 ?? 'Edit Role') : ($button_create_role ?? 'Create Role'));
$view ='
<form action="" method="post">
<div class="content-title responsive-flex-wrap responsive-pad-bot-3">
<h2 class="responsive-width-100">'.$label_h2.'</h2>
<a href="'.$url.'" class="btn alt mar-right-2">←</a>
';
if ($delete_allowed === 1 && $role_ID != ''){
$view .= '<input type="submit" name="delete" value="X" class="btn red mar-right-2" onclick="return confirm(\''.($confirm_delete_role ?? 'Are you sure you want to delete this role?').'\')">';
}
if ($update_allowed === 1 || ($create_allowed === 1 && $role_ID == '')){
$view .= '<input type="submit" name="submit" value="💾" class="btn">';
}
$view .= '</div>';
$view .= '<div class="tabs">
<a href="#" class="active">'.($tab1 ?? 'General').'</a>
</div>
<div class="content-block tab-content active">
<div class="form responsive-width-100">
<label for="is_active">'.($general_status ?? 'Status').'</label>
<select id="is_active" name="is_active">
<option value="1" '.($role['is_active']==1?' selected':'').'>'.($enabled ?? 'Active').'</option>
<option value="0" '.($role['is_active']==0?' selected':'').'>'.($disabled ?? 'Inactive').'</option>
</select>
<label for="name">'.($role_name ?? 'Role Name').' <i class="required">*</i></label>
<input id="name" type="text" name="name" placeholder="'.($role_name ?? 'Role Name').'" value="'.$role['name'].'" required>
<label for="description">'.($role_description ?? 'Description').'</label>
<textarea id="description" name="description" placeholder="'.($role_description ?? 'Description').'" style="height: 100px;">'.$role['description'].'</textarea>
<input type="hidden" name="rowID" value="'.$role_ID.'">
</div>
</div>';
// Permissions Tab
$view .= '<div class="tabs">
<a href="#">'.($tab_permissions ?? 'Permissions').'</a>
</div>
<div class="content-block tab-content">
<div class="table">
<table>
<thead>
<tr>
<th>'.($access_element_name ?? 'Access Element').'</th>
<th>'.($permission_create ?? 'Create').'</th>
<th>'.($permission_read ?? 'Read').'</th>
<th>'.($permission_update ?? 'Update').'</th>
<th>'.($permission_delete ?? 'Delete').'</th>
</tr>
</thead>
<tbody>';
if (!empty($access_elements)){
foreach ($access_elements as $element){
$perm = $role_permissions[$element->rowID] ?? ['can_create' => 0, 'can_read' => 0, 'can_update' => 0, 'can_delete' => 0];
$view .= '<tr>
<td>'.$element->access_name.'<br><small style="color:#888;">'.$element->access_path.'</small></td>
<td><input type="checkbox" name="permissions['.$element->rowID.'][can_create]" value="1" '.($perm['can_create']==1?'checked':'').'></td>
<td><input type="checkbox" name="permissions['.$element->rowID.'][can_read]" value="1" '.($perm['can_read']==1?'checked':'').'></td>
<td><input type="checkbox" name="permissions['.$element->rowID.'][can_update]" value="1" '.($perm['can_update']==1?'checked':'').'></td>
<td><input type="checkbox" name="permissions['.$element->rowID.'][can_delete]" value="1" '.($perm['can_delete']==1?'checked':'').'></td>
</tr>';
}
} else {
$view .= '<tr>
<td colspan="5" style="text-align:center;">'.($no_access_elements ?? 'No access elements found').'</td>
</tr>';
}
$view .= ' </tbody>
</table>
</div>
</div>';
//DISPLAY TAB 3 - Metadata
if ($role_ID != ''){
$view .= '<div class="tabs">
<a href="#">'.($tab3 ?? 'Details').'</a>
</div>
<div class="content-block tab-content">
<div class="form responsive-width-100">
<label for="created">'.($general_created ?? 'Created').'</label>
<input id="created" type="text" name="" placeholder="'.($general_created ?? 'Created').'" value="'.$role['created'].'" readonly>
<label for="createdby">'.($general_createdby ?? 'Created By').'</label>
<input id="createdby" type="text" name="" placeholder="'.($general_createdby ?? 'Created By').'" value="'.$role['createdby'].'" readonly>
<label for="updated">'.($general_updated ?? 'Updated').'</label>
<input id="updated" type="text" name="" placeholder="'.($general_updated ?? 'Updated').'" value="'.$role['updated'].'" readonly>
<label for="updatedby">'.($general_updatedby ?? 'Updated By').'</label>
<input id="updatedby" type="text" name="" placeholder="'.($general_updatedby ?? 'Updated By').'" value="'.$role['updatedby'].'" readonly>
</div>
</div>';
}
$view .= '</form>';
//Output
echo $view;
template_footer()?>
Reference in New Issue View Git Blame Copy Permalink