pcwvanbeers/assetmgt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c4cb99b9450d30c38b200d4127a57ae95a961045
assetmgt/profiles.php
“VeLiTi” 18469fe958 Refactor authorization checks to use 'permissions' instead of 'profile' in multiple files 
- Updated authorization checks in product management, product attributes, configurations, software, and user management files to use 'permissions' for consistency.
- Ensured that all relevant pages correctly check user permissions for read, update, delete, and create actions.
- Adjusted session variable references to align with the new permissions structure across various modules.
2026-01-20 15:00:00 +01:00

366 lines
14 KiB
PHP
Raw Blame History

<?php
defined(page_security_key) or exit;
//=============================
// Configuration file
//=============================
$domain = getDomainName($_SERVER['SERVER_NAME']);
$file = ((file_exists(dirname(__FILE__).'/custom/'.$domain.'/settings/settingsprofiles.php')) ? dirname(__FILE__).'/custom/'.$domain.'/settings/settingsprofiles.php' : dirname(__FILE__).'/settings/settingsprofiles.php');
// Include settings views globally
include dirname(__FILE__).'/settings/settingsviews.php';
$page = 'profiles';
//Check if allowed
if (isAllowed($page,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 0){
header('location: index.php');
exit;
}
// Open the configuration file for reading
$contents = file_get_contents($file);
//empty view
$view = '';
// Function to scan for new views and update settingsviews.php
function scan_and_update_views() {
global $all_views;
$new_views = [];
// Scan root PHP files
$root_files = glob(dirname(__FILE__) . '/*.php');
foreach ($root_files as $file) {
$filename = basename($file, '.php');
if ($filename !== 'index' && $filename !== 'login' && $filename !== 'logout') {
$new_views[] = $filename;
}
}
// Scan API v2 get folder
$get_files = glob(dirname(__FILE__) . '/api/v2/get/*.php');
foreach ($get_files as $file) {
$filename = basename($file, '.php');
$new_views[] = $filename;
}
// Scan API v2 post folder
$post_files = glob(dirname(__FILE__) . '/api/v2/post/*.php');
foreach ($post_files as $file) {
$filename = basename($file, '.php');
$new_views[] = $filename;
}
// Remove duplicates and filter out existing views
$new_views = array_unique($new_views);
$views_to_add = array_diff($new_views, $all_views);
if (!empty($views_to_add)) {
// Update the all_views array
$all_views = array_merge($all_views, $views_to_add);
sort($all_views);
// Update settingsviews.php file
$views_file = dirname(__FILE__) . '/settings/settingsviews.php';
$new_content = "<?php\n\n// +++++++++++++++++++++++++++++++++++++++++++++++++++++++\n";
$new_content .= "// All individual views and APIs - Profile ++++++++++++++\n";
$new_content .= "// +++++++++++++++++++++++++++++++++++++++++++++++++++++++\n";
$new_content .= "\$all_views = [\n";
foreach ($all_views as $view) {
$new_content .= ' "' . $view . "\",\n";
}
$new_content .= "];\n\n?>";
file_put_contents($views_file, $new_content);
return count($views_to_add);
}
return 0;
}
// Handle view scanning
if (isset($_POST['scan_views'])) {
$added_count = scan_and_update_views();
header('Location: index.php?page=profiles&views_added=' . $added_count);
exit;
}
// Format key function
function format_key($key) {
$key = str_replace(
['_', 'url', 'db ', ' pass', ' user', 'ipn', 'paypal'],
[' ', 'URL', 'Database ', ' Password', ' Username', 'IPN', 'PayPal'],
strtolower($key)
);
return ucwords($key);
}
// Format HTML output function
function format_var_html($key, $value) {
global $all_views;
// Ensure all_views is loaded
if (!isset($all_views) || !is_array($all_views)) {
include dirname(__FILE__).'/settings/settingsviews.php';
}
$html = '';
$value = htmlspecialchars(trim($value, '\''), ENT_QUOTES);
$profile_contents = explode(',',$value);
// Add profile header with bulk select options
$checked_count = count(array_intersect($profile_contents, $all_views));
$total_count = count($all_views);
$html .= '<div class="profile-header" style="margin-bottom: 10px; padding: 10px; background: #f5f5f5; border-radius: 4px;">';
$html .= '<h4 style="margin: 0 0 8px 0; color: #333;">Profile: ' . ucwords(str_replace('_', ' ', $key)) . ' (' . $checked_count . '/' . $total_count . ' selected)</h4>';
$html .= '<div style="margin-bottom: 8px;">';
$html .= '<button type="button" class="btn-small select-all" data-profile="'.$key.'">Select All</button> ';
$html .= '<button type="button" class="btn-small select-none" data-profile="'.$key.'">Select None</button>';
$html .= '</div></div>';
// Create a container for the checkboxes with data attributes for filtering
$html .= '<div class="profile-checkboxes" data-profile="'.$key.'" style="max-height: 400px; overflow-y: auto; border: 1px solid #ddd; padding: 10px; background: white;">';
// Group views by category for better organization
$grouped_views = [];
foreach ($all_views as $view) {
$category = 'Other';
if (strpos($view, 'equipment') === 0) $category = 'Equipment';
elseif (strpos($view, 'product') === 0) $category = 'Products';
elseif (strpos($view, 'account') === 0) $category = 'Accounts';
elseif (strpos($view, 'user') === 0) $category = 'Users';
elseif (strpos($view, 'report') === 0) $category = 'Reports';
elseif (strpos($view, 'contract') === 0) $category = 'Contracts';
elseif (strpos($view, 'dealer') === 0) $category = 'Dealers';
elseif (strpos($view, 'rma') === 0) $category = 'RMA';
elseif (in_array($view, ['dashboard', 'profile', 'admin', 'settings', 'config'])) $category = 'Core';
$grouped_views[$category][] = $view;
}
// Output grouped checkboxes
foreach ($grouped_views as $category => $views) {
$html .= '<div class="view-category" style="margin-bottom: 15px;">';
$html .= '<h5 style="margin: 0 0 5px 0; color: #666; font-size: 12px; text-transform: uppercase; border-bottom: 1px solid #eee; padding-bottom: 3px;">' . $category . '</h5>';
foreach ($views as $view) {
$checked = in_array($view, $profile_contents) ? 'checked' : '';
$html .= '<div class="checkbox-item" data-view="'.$view.'" style="display: inline-block; width: 33.33%; margin-bottom: 5px; font-size: 13px;">';
$html .= '<label style="cursor: pointer; display: flex; align-items: center;">';
$html .= '<input type="checkbox" name="'.$key .'[]" value="'.$view.'" '.$checked.' style="margin-right: 5px;"> ';
$html .= '<span>' . $view . '</span>';
$html .= '</label>';
$html .= '</div>';
}
$html .= '</div>';
}
$html .= '</div>';
return $html;
}
// Format tabs and content together (interleaved for collapsible functionality)
function format_tabs_and_content($contents) {
global $all_views;
// Ensure all_views is loaded
if (!isset($all_views) || !is_array($all_views)) {
include dirname(__FILE__).'/settings/settingsviews.php';
}
$rows = explode("\n", $contents);
$output = '';
$profile_count = 0;
// Count profiles for performance warning
foreach ($rows as $row) {
if (preg_match('/\/\*(.*?)\*\//', $row)) {
$profile_count++;
}
}
// Add performance notice for large numbers of profiles
if ($profile_count > 10) {
$output .= '<div class="msg info" style="margin-bottom: 15px;">';
$output .= '<i class="fas fa-info-circle"></i>';
$output .= '<p>Managing ' . $profile_count . ' profiles.</p>';
$output .= '<i class="fa-times fas" style="cursor: pointer;"></i>';
$output .= '</div>';
}
// Start with General tab and its content
$output .= '<div class="tabs"><a href="#" class="profile-tab" data-profile="general">General</a></div>';
$output .= '<div id="general-content" class="content-block tab-content profile-content" style="display: none;"><div class="form responsive-width-100">';
$output .= '<p class="responsive-width-100" style="margin-bottom: 15px; color: #666;">Each tab represents a profile. Each element in a profile represents a view and or API access. Total views available: ' . (isset($all_views) && is_array($all_views) ? count($all_views) : 0) . '</p>';
// Add scan views functionality
$output .= '<div class="responsive-width-100" style="margin-bottom: 20px; padding: 15px; background: #f8f9fa; border: 1px solid #dee2e6; border-radius: 4px;">';
$output .= '<button type="submit" name="scan_views" class="btn" style="background: #28a745; color: white; border: none; padding: 8px 16px; border-radius: 4px; cursor: pointer;">';
$output .= '<i class="fas fa-sync-alt"></i>Update views</button>';
$output .= '</div>';
$current_content = '';
$current_profile = 'general';
for ($i = 0; $i < count($rows); $i++) {
// Check for tab comment
preg_match('/\/\*(.*?)\*\//', $rows[$i], $tab_match);
if ($tab_match) {
// Close previous content section and start new tab
$output .= $current_content . '</div></div>';
$current_profile = strtolower(str_replace(' ', '_', $tab_match[1]));
$output .= '<div class="tabs"><a href="#" class="profile-tab" data-profile="' . $current_profile . '">' . $tab_match[1] . '</a></div>';
$output .= '<div id="' . $current_profile . '-content" class="content-block tab-content profile-content" style="display: none;"><div class="form responsive-width-100">';
$current_content = '';
}
// Check for define statements
preg_match('/define\(\'(.*?)\', ?(.*?)\)/', $rows[$i], $define_match);
if ($define_match) {
$current_content .= format_var_html($define_match[1], $define_match[2]);
}
}
// Close final content section
$output .= $current_content . '</div></div>';
return $output;
}
if (isset($_POST['submit']) && !empty($_POST)) {
//remove submit from POST
unset($_POST['submit']);
//Make POST ready for save into definition
foreach($_POST as $profile_name => $profile_views){
$view_input = '';
foreach($profile_views as $profile_view){
$view_input .= $profile_view.',';
}
$view_input = "'".substr($view_input,0,-1)."'";
// Update the configuration file with the new keys and values
$contents = preg_replace('/define\(\'' . $profile_name . '\'\, ?(.*?)\)/s', 'define(\'' . $profile_name . '\',' . $view_input . ')', $contents);
}
//SAVE TO FILE
file_put_contents($file, $contents);
//Return succesmessage
header('Location: index.php?page=profiles&success_msg=1');
exit;
}
// Handle success messages
if (isset($_GET['success_msg'])) {
if ($_GET['success_msg'] == 1) {
$success_msg = 'Profiles updated successfully!';
}
}
// Handle views added message
if (isset($_GET['views_added'])) {
$added_count = (int)$_GET['views_added'];
if ($added_count > 0) {
$success_msg = $added_count . ' new views added!';
} else {
$success_msg = 'No new views found. All views are up to date.';
}
}
template_header('Profiles', 'profiles');
$view .= '
<form action="" method="post">
<div class="content-title responsive-flex-wrap responsive-pad-bot-3">
<h2 class="responsive-width-100">Profiles</h2>
<input type="submit" name="submit" value="💾" class="btn">
</div>';
if (isset($success_msg)){
$view .= '<div class="msg success">
<i class="fas fa-check-circle"></i>
<p>'.$success_msg.'</p>
<i class="fa-times fas" style="cursor: pointer;"></i>
</div>';
}
$view .= format_tabs_and_content($contents);
$view .= '</form>';
// Add basic JavaScript functionality
$view .= '
<style>
.profile-content { display: none; }
.profile-content.active { display: block !important; }
.profile-tab { background: #f8f9fa; color: #333; }
.profile-tab.active { background: #007bff; color: white; }
</style>
<script>
// Use the working tab functionality from admin.js
document.querySelectorAll(\'.profile-tab\').forEach((element, index) => {
element.onclick = event => {
event.preventDefault();
// Toggle the clicked tab
const isActive = element.classList.contains(\'active\');
const profileId = element.dataset.profile;
const tabContent = document.getElementById(profileId + \'-content\');
// Remove active class from all tabs and contents
document.querySelectorAll(\'.profile-tab\').forEach(el => el.classList.remove(\'active\'));
document.querySelectorAll(\'.profile-content\').forEach(content => {
content.classList.remove(\'active\');
content.style.display = \'none\';
});
// If it wasn\'t active, make it active (collapsible behavior)
if (!isActive && tabContent) {
element.classList.add(\'active\');
tabContent.classList.add(\'active\');
tabContent.style.display = \'block\';
}
};
});
// Initialize first tab as open by default
if (document.querySelectorAll(\'.profile-tab\').length > 0) {
const firstTab = document.querySelectorAll(\'.profile-tab\')[0];
const profileId = firstTab.dataset.profile;
const firstContent = document.getElementById(profileId + \'-content\');
if (firstTab && firstContent) {
firstTab.classList.add(\'active\');
firstContent.classList.add(\'active\');
firstContent.style.display = \'block\';
}
}
// Bulk select functionality
document.addEventListener("click", function(e) {
if (e.target.classList.contains("select-all")) {
const profile = e.target.dataset.profile;
const checkboxes = document.querySelectorAll("[name=\\"" + profile + "[]\\"]");
checkboxes.forEach(cb => cb.checked = true);
}
if (e.target.classList.contains("select-none")) {
const profile = e.target.dataset.profile;
const checkboxes = document.querySelectorAll("[name=\\"" + profile + "[]\\"]");
checkboxes.forEach(cb => cb.checked = false);
}
});
</script>';
//Output
echo $view;
template_footer();
?>
Reference in New Issue View Git Blame Copy Permalink