pcwvanbeers/assetmgt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
aeda4e4cb9f548116a8c1af9b2ad7b839e0606ac
assetmgt/user_role.php
“VeLiTi” 18469fe958 Refactor authorization checks to use 'permissions' instead of 'profile' in multiple files 
- Updated authorization checks in product management, product attributes, configurations, software, and user management files to use 'permissions' for consistency.
- Ensured that all relevant pages correctly check user permissions for read, update, delete, and create actions.
- Adjusted session variable references to align with the new permissions structure across various modules.
2026-01-20 15:00:00 +01:00

384 lines
17 KiB
PHP
Raw Blame History

<?php
defined(page_security_key) or exit;
if (debug && debug_id == $_SESSION['authorization']['id']){
ini_set('display_errors', '1');
ini_set('display_startup_errors', '1');
error_reporting(E_ALL);
}
include_once './assets/functions.php';
include_once './settings/settings_redirector.php';
//SET ORIGIN FOR NAVIGATION
$_SESSION['prev_origin_user_role'] = $_SERVER['REQUEST_URI'];
$page = 'user_role';
//Check if allowed
if (isAllowed($page,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 0){
header('location: index.php');
exit;
}
//PAGE Security
$page_manage = 'user_role_manage';
$update_allowed = isAllowed($page ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'U');
$update_allowed_edit = isAllowed($page_manage ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'U');
$delete_allowed = isAllowed($page_manage ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'D');
$create_allowed = isAllowed($page_manage ,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'C');
//GET Details from URL
$GET_VALUES = urlGETdetails($_GET) ?? '';
//CALL TO API FOR General information
$api_url = '/v2/user_roles/'.$GET_VALUES;
$responses = ioServer($api_url,'');
//Decode Payload
if (!empty($responses)){$responses = json_decode($responses);}else{$responses = null;}
$responses = $responses[0];
$role_id = $responses->rowID;
//CALL TO API FOR Role Permissions
$api_url = '/v2/role_access_permissions/role_id='.$role_id;
$permissions = ioServer($api_url,'');
//Decode Payload
if (!empty($permissions)){$permissions = json_decode($permissions);}else{$permissions = null;}
//CALL TO API FOR All Access Elements (no paging)
$api_url = '/v2/access_elements/all=';
$all_access_elements = ioServer($api_url,'');
//Decode Payload
if (!empty($all_access_elements)){$all_access_elements = json_decode($all_access_elements);}else{$all_access_elements = null;}
// Create lookup array for existing permissions
$permission_lookup = [];
if (!empty($permissions)){
foreach ($permissions as $perm){
$permission_lookup[$perm->access_id] = $perm;
}
}
//CALL TO API FOR User Role Assignments
$api_url = '/v2/user_role_assignments/role_id='.$role_id;
$assignments = ioServer($api_url,'');
//Decode Payload
if (!empty($assignments)){$assignments = json_decode($assignments);}else{$assignments = null;}
//------------------------------
// Handle POST for inline edit
//------------------------------
if (isset($_POST['save_permissions']) && $update_allowed_edit === 1) {
// Update role info (name, description, status)
$role_data = json_encode([
'rowID' => $role_id,
'name' => $_POST['name'] ?? '',
'description' => $_POST['description'] ?? '',
'is_active' => $_POST['is_active'] ?? 1
], JSON_UNESCAPED_UNICODE);
ioServer('/v2/user_roles', $role_data);
// Process permission updates
$posted_permissions = $_POST['permissions'] ?? [];
// For each access element, update or create permission
foreach ($all_access_elements as $element) {
$access_id = $element->rowID;
$has_permission = isset($posted_permissions[$access_id]);
$existing_permission = $permission_lookup[$access_id] ?? null;
if ($has_permission) {
// Get CRUD values
$can_create = isset($posted_permissions[$access_id]['C']) ? 1 : 0;
$can_read = isset($posted_permissions[$access_id]['R']) ? 1 : 0;
$can_update = isset($posted_permissions[$access_id]['U']) ? 1 : 0;
$can_delete = isset($posted_permissions[$access_id]['D']) ? 1 : 0;
if ($existing_permission) {
// Update existing permission
$data = json_encode([
'rowID' => $existing_permission->rowID,
'role_id' => $role_id,
'access_id' => $access_id,
'can_create' => $can_create,
'can_read' => $can_read,
'can_update' => $can_update,
'can_delete' => $can_delete
], JSON_UNESCAPED_UNICODE);
} else {
// Insert new permission
$data = json_encode([
'role_id' => $role_id,
'access_id' => $access_id,
'can_create' => $can_create,
'can_read' => $can_read,
'can_update' => $can_update,
'can_delete' => $can_delete
], JSON_UNESCAPED_UNICODE);
}
ioServer('/v2/role_access_permissions', $data);
} else {
// If no permission checkboxes selected but had existing permission, delete it
if ($existing_permission) {
$data = json_encode([
'rowID' => $existing_permission->rowID,
'delete' => 'delete'
], JSON_UNESCAPED_UNICODE);
ioServer('/v2/role_access_permissions', $data);
}
}
}
// Redirect to refresh
header('Location: index.php?page=user_role&rowID='.$role_id.'&success_msg=2');
exit;
}
//------------------------------
//Variables
//------------------------------
$status_text = ($responses->is_active == 1) ? ($enabled ?? 'Active') : ($disabled ?? 'Inactive');
$status_class = ($responses->is_active == 1) ? 'id1' : 'id0';
// Handle success messages
if (isset($_GET['success_msg'])) {
if ($_GET['success_msg'] == 1) {
$success_msg = ($message_role_1 ?? 'Role created successfully');
}
if ($_GET['success_msg'] == 2) {
$success_msg = ($message_role_2 ?? 'Role updated successfully');
}
if ($_GET['success_msg'] == 3) {
$success_msg = ($message_role_3 ?? 'Role deleted successfully');
}
}
template_header(($user_role_title ?? 'User Role'), 'user_role', 'view');
$view = '
<div class="content-title responsive-flex-wrap responsive-pad-bot-3">
<h2 class="responsive-width-100">'.($view_role_h2 ?? 'User Role').' - '.$responses->name.'</h2>
<a href="index.php?page='.$_SESSION['origin'].'&p='.$_SESSION['p'].$_SESSION['status'].$_SESSION['sort'].$_SESSION['search'].'" class="btn alt mar-right-2">←</a>
';
if ($update_allowed_edit === 1){
$view .= '<a href="javascript:void(0);" id="editBtn" class="btn mar-right-2" onclick="togglePermissionsEdit()">✏️</a>';
$view .= '<button type="submit" form="permissionsForm" id="saveBtn" class="btn" style="display:none;">💾</button>';
}
$view .= '</div>';
if (isset($success_msg)){
$view .= ' <div class="msg success">
<i class="fas fa-check-circle"></i>
<p>'.$success_msg.'</p>
<i class="fas fa-times"></i>
</div>';
}
// Start form wrapper for edit mode
$view .= '<form id="permissionsForm" action="" method="post">
<input type="hidden" name="save_permissions" value="1">
<input type="hidden" name="rowID" value="'.$role_id.'">';
$view .= '<div class="content-block-wrapper">';
// Role Information Block
$view .= ' <div class="content-block order-details">
<div class="block-header">
<i class="fa-solid fa-circle-info"></i>'.($view_role_information ?? 'Role Information').'
</div>
<div class="order-detail">
<h3>'.($general_status ?? 'Status').'</h3>
<p>
<span class="view-mode status '.$status_class.'">'.$status_text.'</span>
<select class="edit-mode" name="is_active" style="display:none;">
<option value="1"'.($responses->is_active == 1 ? ' selected' : '').'>'.($enabled ?? 'Active').'</option>
<option value="0"'.($responses->is_active == 0 ? ' selected' : '').'>'.($disabled ?? 'Inactive').'</option>
</select>
</p>
</div>
<div class="order-detail">
<h3>'.($role_name ?? 'Role Name').'</h3>
<p>
<span class="view-mode">'.$responses->name.'</span>
<input type="text" class="edit-mode" name="name" value="'.$responses->name.'" style="display:none;" required>
</p>
</div>
<div class="order-detail">
<h3>'.($role_description ?? 'Description').'</h3>
<p>
<span class="view-mode">'.($responses->description ?? '-').'</span>
<textarea class="edit-mode" name="description" style="display:none;">'.($responses->description ?? '').'</textarea>
</p>
</div>
</div>
';
// Role Assignments Block
$view .='<div class="content-block order-details">
<div class="block-header">
<i class="fa-solid fa-users fa-sm"></i>'.($view_role_assignments ?? 'Assigned Users').'
</div>';
if (!empty($assignments)){
foreach ($assignments as $assignment){
$assignment_status = ($assignment->is_active == 1) ? ($enabled ?? 'Active') : ($disabled ?? 'Inactive');
$view .= '<div class="order-detail">
<h3>'.$assignment->username.'</h3>
<p>'.$assignment_status.((!empty($assignment->expires_at))? ' - '.($expires ?? 'Expires').': '.$assignment->expires_at : '').'</p>
</div>';
}
} else {
$view .= '<div class="order-detail">
<h3>-</h3>
<p>'.($no_users_assigned ?? 'No users assigned to this role').'</p>
</div>';
}
$view .= '</div>';
$view .= '</div>'; // Close content-block-wrapper
// Permissions Table Block
$view .= '<div class="content-block">
<div class="block-header">
<i class="fa-solid fa-key fa-sm"></i>'.($view_role_permissions ?? 'Role Permissions').'
</div>
<div class="table">
<table>
<thead>
<tr>
<th>'.($access_element_name ?? 'Access Element').'</th>
<th class="responsive-hidden">'.($access_element_path ?? 'Path').'</th>
<th class="responsive-hidden">'.($access_element_group ?? 'Group').'</th>
<th><span class="view-mode">'.($permission_create ?? 'C').'</span><a href="javascript:void(0);" class="edit-mode" style="display:none;" onclick="toggleColumn(\'C\')">'.($permission_create ?? 'C').'</a></th>
<th><span class="view-mode">'.($permission_read ?? 'R').'</span><a href="javascript:void(0);" class="edit-mode" style="display:none;" onclick="toggleColumn(\'R\')">'.($permission_read ?? 'R').'</a></th>
<th><span class="view-mode">'.($permission_update ?? 'U').'</span><a href="javascript:void(0);" class="edit-mode" style="display:none;" onclick="toggleColumn(\'U\')">'.($permission_update ?? 'U').'</a></th>
<th><span class="view-mode">'.($permission_delete ?? 'D').'</span><a href="javascript:void(0);" class="edit-mode" style="display:none;" onclick="toggleColumn(\'D\')">'.($permission_delete ?? 'D').'</a></th>
</tr>
</thead>
<tbody>';
if (!empty($all_access_elements)){
foreach ($all_access_elements as $element){
$access_id = $element->rowID;
$existing_perm = $permission_lookup[$access_id] ?? null;
// Determine current permission values
$has_create = ($existing_perm && $existing_perm->can_create == 1);
$has_read = ($existing_perm && $existing_perm->can_read == 1);
$has_update = ($existing_perm && $existing_perm->can_update == 1);
$has_delete = ($existing_perm && $existing_perm->can_delete == 1);
$has_any_permission = ($has_create || $has_read || $has_update || $has_delete);
// Row class - hide unassigned rows in view mode
$row_class = $has_any_permission ? '' : ' class="edit-only-row" style="display:none;"';
// View mode icons
$icon_create = $has_create ? '<i class="fa-solid fa-check" style="color:green;"></i>' : '<i class="fa-solid fa-times" style="color:red;"></i>';
$icon_read = $has_read ? '<i class="fa-solid fa-check" style="color:green;"></i>' : '<i class="fa-solid fa-times" style="color:red;"></i>';
$icon_update = $has_update ? '<i class="fa-solid fa-check" style="color:green;"></i>' : '<i class="fa-solid fa-times" style="color:red;"></i>';
$icon_delete = $has_delete ? '<i class="fa-solid fa-check" style="color:green;"></i>' : '<i class="fa-solid fa-times" style="color:red;"></i>';
// Edit mode checkboxes
$cb_create_checked = $has_create ? ' checked' : '';
$cb_read_checked = $has_read ? ' checked' : '';
$cb_update_checked = $has_update ? ' checked' : '';
$cb_delete_checked = $has_delete ? ' checked' : '';
$view .= '<tr'.$row_class.'>
<td>'.$element->access_name.'</td>
<td class="responsive-hidden">'.$element->access_path.'</td>
<td class="responsive-hidden">'.($element->access_group ?? '-').'</td>
<td>
<span class="view-mode">'.$icon_create.'</span>
<input type="checkbox" class="edit-mode" name="permissions['.$access_id.'][C]" value="1"'.$cb_create_checked.' style="display:none;">
</td>
<td>
<span class="view-mode">'.$icon_read.'</span>
<input type="checkbox" class="edit-mode" name="permissions['.$access_id.'][R]" value="1"'.$cb_read_checked.' style="display:none;">
</td>
<td>
<span class="view-mode">'.$icon_update.'</span>
<input type="checkbox" class="edit-mode" name="permissions['.$access_id.'][U]" value="1"'.$cb_update_checked.' style="display:none;">
</td>
<td>
<span class="view-mode">'.$icon_delete.'</span>
<input type="checkbox" class="edit-mode" name="permissions['.$access_id.'][D]" value="1"'.$cb_delete_checked.' style="display:none;">
</td>
</tr>';
}
} else {
$view .= '<tr>
<td colspan="7" style="text-align:center;">'.($no_access_elements ?? 'No access elements found').'</td>
</tr>';
}
$view .= ' </tbody>
</table>
</div>
</div>
';
// Metadata Block
$view .= '<div class="content-block">
<div class="block-header">
<i class="fa-solid fa-bars fa-sm"></i>'.($tab3 ?? 'Details').'
</div>
<div class="table order-table">
<table>
<tr>
<td style="width:25%;">'.($general_created ?? 'Created').'</td>
<td>'.getRelativeTime($responses->created).'</td>
</tr>
<tr>
<td style="width:25%;">'.($general_updated ?? 'Updated').'</td>
<td>'.getRelativeTime($responses->updated).'</td>
</tr>
</table>
</div>
</div>
</form>
';
//OUTPUT
echo $view;
$js = 'var permissionsEditMode = false;
function togglePermissionsEdit() {
permissionsEditMode = !permissionsEditMode;
var editBtn = document.getElementById("editBtn");
var saveBtn = document.getElementById("saveBtn");
var viewElements = document.querySelectorAll(".view-mode");
var editElements = document.querySelectorAll(".edit-mode");
var editOnlyRows = document.querySelectorAll(".edit-only-row");
var i;
if (permissionsEditMode) {
for (i = 0; i < viewElements.length; i++) { viewElements[i].style.display = "none"; }
for (i = 0; i < editElements.length; i++) { editElements[i].style.display = "inline"; }
for (i = 0; i < editOnlyRows.length; i++) { editOnlyRows[i].style.display = "table-row"; }
editBtn.style.display = "none";
saveBtn.style.display = "inline-block";
} else {
for (i = 0; i < viewElements.length; i++) { viewElements[i].style.display = "inline"; }
for (i = 0; i < editElements.length; i++) { editElements[i].style.display = "none"; }
for (i = 0; i < editOnlyRows.length; i++) { editOnlyRows[i].style.display = "none"; }
editBtn.style.display = "inline-block";
saveBtn.style.display = "none";
}
}
function toggleColumn(type) {
var checkboxes = document.querySelectorAll("input[name$=\\"[" + type + "]\\"]");
var allChecked = true;
for (var i = 0; i < checkboxes.length; i++) {
if (!checkboxes[i].checked) {
allChecked = false;
break;
}
}
for (var i = 0; i < checkboxes.length; i++) {
checkboxes[i].checked = !allChecked;
}
}';
template_footer($js);
Reference in New Issue View Git Blame Copy Permalink