From 09719c7f368e1f8cb28352944ce88f27832f2cce Mon Sep 17 00:00:00 2001 From: FusionPBX Date: Sat, 20 Apr 2024 16:51:53 -0600 Subject: [PATCH] Update authentication, groups and permissions classes --- .../resources/classes/authentication.php | 28 +++--- resources/classes/groups.php | 86 +++++++++++++------ resources/classes/permissions.php | 68 ++++++++++++--- 3 files changed, 135 insertions(+), 47 deletions(-) diff --git a/core/authentication/resources/classes/authentication.php b/core/authentication/resources/classes/authentication.php index 4025a6ab7a..7aef339947 100644 --- a/core/authentication/resources/classes/authentication.php +++ b/core/authentication/resources/classes/authentication.php @@ -35,7 +35,9 @@ class authentication { /** * Define variables and their scope */ + private $database; public $domain_uuid; + public $user_uuid; public $domain_name; public $username; public $password; @@ -44,7 +46,7 @@ class authentication { * Called when the object is created */ public function __construct() { - + $this->database = new database(); } /** @@ -111,6 +113,12 @@ class authentication { $result['domain_uuid'] = $array["domain_uuid"]; $result['authorized'] = $array["authorized"]; + //set the domain_uuid + $this->domain_uuid = $array["domain_uuid"]; + + //set the user_uuid + $this->user_uuid = $array["user_uuid"]; + //save the result to the authentication plugin $_SESSION['authentication']['plugin'][$name] = $result; } @@ -191,8 +199,7 @@ class authentication { $sql .= "and user_setting_enabled = 'true' "; $parameters['domain_uuid'] = $result["domain_uuid"]; $parameters['user_uuid'] = $result["user_uuid"]; - $database = new database; - $user_settings = $database->select($sql, $parameters, 'all'); + $user_settings = $this->database->select($sql, $parameters, 'all'); unset($sql, $parameters); //build the user cidr array @@ -228,7 +235,7 @@ class authentication { //set the session variables $_SESSION["domain_uuid"] = $result["domain_uuid"]; - //$_SESSION["domain_name"] = $result["domain_name"]; + $_SESSION["domain_name"] = $result["domain_name"]; $_SESSION["user_uuid"] = $result["user_uuid"]; $_SESSION["context"] = $result['domain_name']; @@ -250,12 +257,14 @@ class authentication { $_SESSION["user"]["contact_uuid"] = $result["contact_uuid"]; //get the groups assigned to the user - $group = new groups; - $group->session($result["domain_uuid"], $result["user_uuid"]); + $group = new groups($this->database, $result["domain_uuid"], $result["user_uuid"]); + $groups = $group->get_groups(); + $group_level = $group->group_level; + $group->session(); //get the permissions assigned to the user through the assigned groups - $permission = new permissions; - $permission->session($result["domain_uuid"], $_SESSION["groups"]); + $permission = new permissions($this->database, $result["domain_uuid"], $result["user_uuid"]); + $permission->session(); //get the domains if (file_exists($_SERVER["PROJECT_ROOT"]."/app/domains/app_config.php") && !is_cli()){ @@ -317,8 +326,7 @@ class authentication { $sql .= "e.extension asc "; $parameters['domain_uuid'] = $_SESSION['domain_uuid']; $parameters['user_uuid'] = $_SESSION['user_uuid']; - $database = new database; - $result = $database->select($sql, $parameters, 'all'); + $result = $this->database->select($sql, $parameters, 'all'); if (is_array($result) && @sizeof($result) != 0) { foreach($result as $x => $row) { //set the destination diff --git a/resources/classes/groups.php b/resources/classes/groups.php index 663155ab92..132e129f0c 100644 --- a/resources/classes/groups.php +++ b/resources/classes/groups.php @@ -37,22 +37,70 @@ if (!class_exists('groups')) { /** * declare the variables */ + private $database; private $app_name; private $app_uuid; + public $group_uuid; + private $groups; + public $group_level; private $name; private $table; private $toggle_field; private $toggle_values; private $location; - public $group_uuid; /** * called when the object is created */ - public function __construct() { + public function __construct($database = null, $domain_uuid = null, $user_uuid = null) { //assign the variables - $this->app_name = 'groups'; - $this->app_uuid = '2caf27b0-540a-43d5-bb9b-c9871a1e4f84'; + $this->app_name = 'groups'; + $this->app_uuid = '2caf27b0-540a-43d5-bb9b-c9871a1e4f84'; + + //handle the database object + if (isset($database)) { + $this->database = $database; + } + else { + $this->database = new database; + } + + + //set the application name and uuid + $this->database->app_name = $this->app_name; + $this->database->app_uuid = $this->app_uuid; + + //set the domain_uuid + if (is_uuid($domain_uuid)) { + $this->domain_uuid = $domain_uuid; + } + + //set the user_uuid + if (is_uuid($user_uuid)) { + $this->user_uuid = $user_uuid; + } + + //get the list of groups the user is a member of + if (is_uuid($domain_uuid) && is_uuid($user_uuid)) { + //get the groups and save them to the groups variable + $this->groups = $this->assigned(); + + //get the users group level + $group_level = 0; + foreach ($this->groups as $row) { + if ($this->group_level < $row['group_level']) { + $this->group_level = $row['group_level']; + } + } + } + } + + /** + * get the list of groups the user is assigned to + */ + public function get_groups() { + //return the groups + return $this->groups; } /** @@ -473,7 +521,7 @@ if (!class_exists('groups')) { /** * get the groups assigned to the user */ - public function assigned($domain_uuid, $user_uuid) { + public function assigned() { $sql = "select "; $sql .= "u.user_group_uuid, "; $sql .= "u.domain_uuid, "; @@ -487,8 +535,8 @@ if (!class_exists('groups')) { $sql .= "where u.domain_uuid = :domain_uuid "; $sql .= "and u.user_uuid = :user_uuid "; $sql .= "and u.group_uuid = g.group_uuid "; - $parameters['domain_uuid'] = $domain_uuid; - $parameters['user_uuid'] = $user_uuid; + $parameters['domain_uuid'] = $this->domain_uuid; + $parameters['user_uuid'] = $this->user_uuid; $database = new database; $groups = $database->select($sql, $parameters, 'all'); unset($sql, $parameters); @@ -496,29 +544,17 @@ if (!class_exists('groups')) { return $groups; } else { - return false; + return []; } } /** - * add the assigned groups the session array + * add the assigned groups to the session array */ - public function session($domain_uuid, $user_uuid) { - //get the groups - $groups = $this->assigned($domain_uuid, $user_uuid); - - //set the groups in the session - $_SESSION["groups"] = $groups; - $_SESSION["user"]["groups"] = $groups; - - //get the users group level - $_SESSION["user"]["group_level"] = 0; - foreach ($_SESSION['user']['groups'] as $row) { - if ($_SESSION["user"]["group_level"] < $row['group_level']) { - $_SESSION["user"]["group_level"] = $row['group_level']; - } - } - + public function session() { + $_SESSION["groups"] = $this->groups; + $_SESSION["user"]["groups"] = $this->groups; + $_SESSION["user"]["group_level"] = $this->group_level; } } } diff --git a/resources/classes/permissions.php b/resources/classes/permissions.php index 1956522442..8c5752242a 100644 --- a/resources/classes/permissions.php +++ b/resources/classes/permissions.php @@ -30,6 +30,56 @@ if (!class_exists('permissions')) { class permissions { + private $database; + private $domain_uuid; + private $groups; + private $permissions; + + /** + * called when the object is created + */ + public function __construct($database = null, $domain_uuid = null, $user_uuid = null) { + + //handle the database object + if (isset($database)) { + $this->database = $database; + } + else { + $this->database = new database; + } + + //set the domain_uuid + if (is_uuid($domain_uuid)) { + $this->domain_uuid = $domain_uuid; + } + elseif (isset($_SESSION['domain_uuid']) && is_uuid($_SESSION['domain_uuid'])) { + $this->domain_uuid = $_SESSION['domain_uuid']; + } + + //set the user_uuid + if (is_uuid($user_uuid)) { + $this->user_uuid = $user_uuid; + } + elseif (isset($_SESSION['user_uuid']) && is_uuid($_SESSION['user_uuid'])) { + $this->user_uuid = $_SESSION['user_uuid']; + } + + //create the groups object + $group = new groups($this->database, $this->domain_uuid, $this->user_uuid); + $this->groups = $group->assigned(); + + //get the list of groups assigned to the user + $this->permissions = $this->assigned(); + + } + + /** + * get the array of permissions + */ + public function get_permissions() { + return $this->permissions; + } + /** * Add the permission * @var string $permission @@ -95,15 +145,10 @@ if (!class_exists('permissions')) { * get the assigned permissions * @var array $groups */ - public function assigned($domain_uuid, $groups) { - //groups not provided return false - if (empty($groups)) { - return false; - } - + public function assigned() { //prepare the parameters $x = 0; - foreach ($groups as $field) { + foreach ($this->groups as $field) { if (!empty($field['group_name'])) { $parameter_names[] = ":group_name_".$x; $parameters['group_name_'.$x] = $field['group_name']; @@ -118,7 +163,7 @@ if (!class_exists('permissions')) { $sql .= "and group_name in (".implode(", ", $parameter_names).") \n"; } $sql .= "and permission_assigned = 'true' "; - $parameters['domain_uuid'] = $domain_uuid; + $parameters['domain_uuid'] = $this->domain_uuid; $database = new database; $permissions = $database->select($sql, $parameters, 'all'); unset($sql, $parameters, $result); @@ -128,10 +173,9 @@ if (!class_exists('permissions')) { /** * save the assigned permissions to a session */ - public function session($domain_uuid, $groups) { - $permissions = $this->assigned($domain_uuid, $groups); - if (!empty($permissions)) { - foreach ($permissions as $row) { + public function session() { + if (!empty($this->permissions)) { + foreach ($this->permissions as $row) { $_SESSION['permissions'][$row["permission_name"]] = true; $_SESSION["user"]["permissions"][$row["permission_name"]] = true; }