mirror of
https://github.com/fusionpbx/fusionpbx.git
synced 2025-12-30 00:53:50 +00:00
Added group permission protection (#5320)
This commit is contained in:
agree
@@ -173,6 +173,14 @@
|
||||
$apps[$x]['db'][$y]['fields'][$z]['type'] = "text";
|
||||
$apps[$x]['db'][$y]['fields'][$z]['description']['en-us'] = "";
|
||||
$z++;
|
||||
$apps[$x]['db'][$y]['fields'][$z]['name']['text'] = "permission_protected";
|
||||
$apps[$x]['db'][$y]['fields'][$z]['type'] = "text";
|
||||
$apps[$x]['db'][$y]['fields'][$z]['description']['en-us'] = "";
|
||||
$z++;
|
||||
$apps[$x]['db'][$y]['fields'][$z]['name']['text'] = "permission_assigned";
|
||||
$apps[$x]['db'][$y]['fields'][$z]['type'] = "text";
|
||||
$apps[$x]['db'][$y]['fields'][$z]['description']['en-us'] = "";
|
||||
$z++;
|
||||
$apps[$x]['db'][$y]['fields'][$z]['name'] = "group_name";
|
||||
$apps[$x]['db'][$y]['fields'][$z]['type'] = "text";
|
||||
$apps[$x]['db'][$y]['fields'][$z]['search'] = "true";
|
||||
|
||||
@@ -66,6 +66,7 @@
|
||||
$x = 0;
|
||||
$sql = "select distinct(permission_name) from v_group_permissions ";
|
||||
$sql .= "where (domain_uuid = :domain_uuid or domain_uuid is null) ";
|
||||
$sql .= "and permission_assigned = 'true' ";
|
||||
foreach ($_SESSION["groups"] as $field) {
|
||||
if (strlen($field['group_name']) > 0) {
|
||||
$sql_where_or[] = "group_name = :group_name_".$x;
|
||||
@@ -100,61 +101,132 @@
|
||||
$group_permissions = $_POST['group_permissions'];
|
||||
}
|
||||
|
||||
//add the search string
|
||||
if (isset($_REQUEST["search"])) {
|
||||
$search = strtolower($_REQUEST["search"]);
|
||||
$sql_search = " (";
|
||||
$sql_search .= " lower(p.permission_name) like :search \n";
|
||||
$sql_search .= ") ";
|
||||
$parameters['search'] = '%'.$search.'%';
|
||||
}
|
||||
|
||||
//get the list
|
||||
$sql = "select ";
|
||||
$sql .= " distinct p.permission_name, \n";
|
||||
$sql .= " p.application_name, \n";
|
||||
$sql .= " g.permission_protected, \n";
|
||||
$sql .= " g.group_permission_uuid, \n";
|
||||
$sql .= " g.permission_assigned \n";
|
||||
$sql .= "from v_permissions as p \n";
|
||||
$sql .= "left join \n";
|
||||
$sql .= " v_group_permissions as g \n";
|
||||
$sql .= " on p.permission_name = g.permission_name \n";
|
||||
$sql .= " and group_name = :group_name \n";
|
||||
if (isset($sql_search)) {
|
||||
$sql .= "where ".$sql_search;
|
||||
}
|
||||
$sql .= " order by p.application_name, p.permission_name asc ";
|
||||
$parameters['group_name'] = $group_name;
|
||||
$database = new database;
|
||||
$group_permissions = $database->select($sql, $parameters, 'all');
|
||||
|
||||
//process the user data and save it to the database
|
||||
if (count($_POST) > 0 && strlen($_POST["persistformvar"]) == 0) {
|
||||
//get the list
|
||||
$sql = "select p.*, ";
|
||||
$sql .= "exists(select from v_group_permissions where permission_name = p.permission_name and group_name = :group_name) as permission_assigned ";
|
||||
$sql .= "from v_permissions as p ";
|
||||
$parameters['group_name'] = $group_name;
|
||||
//$sql = "select * from v_group_permissions ";
|
||||
//$sql .= "where group_uuid = :group_uuid ";
|
||||
//$parameters['group_uuid'] = $group_uuid;
|
||||
$database = new database;
|
||||
$group_permissions = $database->select($sql, $parameters, 'all');
|
||||
|
||||
//add or remove permissions from the group
|
||||
$x = 0;
|
||||
if (is_array($_POST['group_permissions'])) {
|
||||
foreach($_POST['group_permissions'] as $row) {
|
||||
//check to see if the group has been assigned the permission
|
||||
$in_database = false;
|
||||
foreach($group_permissions as $field) {
|
||||
if ($field['permission_name'] === $row['permission_name'] && $field['permission_assigned'] === true) {
|
||||
$in_database = true;
|
||||
break;
|
||||
}
|
||||
}
|
||||
//reset values
|
||||
$action = "";
|
||||
$save_permission = false;
|
||||
$delete_permission = false;
|
||||
$save_protected = false;
|
||||
$delete_protected = false;
|
||||
$persist = false;
|
||||
|
||||
//add - checked on html form and not in the database
|
||||
if ($row['checked'] === 'true') {
|
||||
if (!$in_database) {
|
||||
//get the action save or delete
|
||||
foreach($group_permissions as $field) {
|
||||
if ($field['permission_name'] === $row['permission_name']) {
|
||||
if ($field['permission_assigned'] == 'true') {
|
||||
if ($row['checked'] == "true") {
|
||||
$persist = true;
|
||||
}
|
||||
else {
|
||||
$delete_permission = true;
|
||||
}
|
||||
}
|
||||
else {
|
||||
|
||||
if ($row['checked'] == "true") {
|
||||
$save_permission = true;
|
||||
}
|
||||
else {
|
||||
//do nothing
|
||||
}
|
||||
}
|
||||
|
||||
if ($field['permission_protected'] == 'true') {
|
||||
if ($row['permission_protected'] == "true") {
|
||||
$persist = true;
|
||||
}
|
||||
else {
|
||||
$delete_protected = true;
|
||||
}
|
||||
}
|
||||
else {
|
||||
if ($row['permission_protected'] == "true") {
|
||||
$save_protected = true;
|
||||
}
|
||||
else {
|
||||
//do nothing
|
||||
}
|
||||
}
|
||||
|
||||
if ($save_permission || $save_protected) {
|
||||
$action = "save";
|
||||
}
|
||||
elseif ($delete_permission || $delete_protected){
|
||||
if ($persist) {
|
||||
$action = "save";
|
||||
}
|
||||
else {
|
||||
$action = "delete";
|
||||
}
|
||||
}
|
||||
else {
|
||||
$action = "";
|
||||
}
|
||||
$group_permission_uuid = $field['group_permission_uuid'];
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
//build the array;
|
||||
if ($action == "save") {
|
||||
if (strlen($group_permission_uuid) == 0) {
|
||||
$group_permission_uuid = uuid();
|
||||
}
|
||||
if (isset($row['permission_name']) && strlen($row['permission_name']) > 0) {
|
||||
$array['add']['group_permissions'][$x]['group_permission_uuid'] = uuid();
|
||||
$array['add']['group_permissions'][$x]['permission_name'] = $row['permission_name'];
|
||||
$array['add']['group_permissions'][$x]['group_uuid'] = $group_uuid;
|
||||
$array['add']['group_permissions'][$x]['group_name'] = $group_name;
|
||||
//$array['add']['group_permissions'][$x]['permission_uuid'] = $row['uuid'];
|
||||
$array['save']['group_permissions'][$x]['group_permission_uuid'] = $group_permission_uuid;
|
||||
$array['save']['group_permissions'][$x]['permission_name'] = $row['permission_name'];
|
||||
$array['save']['group_permissions'][$x]['permission_protected'] = $row['permission_protected'] == 'true' ? "true" : 'false';
|
||||
$array['save']['group_permissions'][$x]['permission_assigned'] = $row['checked'] != "true" ? "false" : "true";
|
||||
$array['save']['group_permissions'][$x]['group_uuid'] = $group_uuid;
|
||||
$array['save']['group_permissions'][$x]['group_name'] = $group_name;
|
||||
$x++;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
//delete - unchecked on the form and in the database
|
||||
if ($row['checked'] !== 'true') {
|
||||
if ($in_database) {
|
||||
if ($action == "delete") {
|
||||
if (isset($row['permission_name']) && strlen($row['permission_name']) > 0) {
|
||||
$array['delete']['group_permissions'][$x]['permission_name'] = $row['permission_name'];
|
||||
$array['delete']['group_permissions'][$x]['group_uuid'] = $group_uuid;
|
||||
$array['delete']['group_permissions'][$x]['group_name'] = $group_name;
|
||||
//$array['delete'][$x]['permission_uuid'] = $row['uuid'];
|
||||
}
|
||||
$x++;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
//validate the token
|
||||
$token = new token;
|
||||
if (!$token->validate($_SERVER['PHP_SELF'])) {
|
||||
@@ -163,16 +235,16 @@
|
||||
exit;
|
||||
}
|
||||
|
||||
//save to the data
|
||||
if (is_array($array['add']) && @sizeof($array['add']) != 0) {
|
||||
//save the save array
|
||||
if (is_array($array['save']) && @sizeof($array['save']) != 0) {
|
||||
$database = new database;
|
||||
$database->app_name = 'groups';
|
||||
$database->app_uuid = '2caf27b0-540a-43d5-bb9b-c9871a1e4f84';
|
||||
$database->save($array['add']);
|
||||
$database->save($array['save']);
|
||||
$message = $database->message;
|
||||
}
|
||||
|
||||
//delete the permissions
|
||||
//delete the delete array
|
||||
if (is_array($array['delete']) && @sizeof($array['delete']) != 0) {
|
||||
if (permission_exists('group_permission_delete')) {
|
||||
$database = new database;
|
||||
@@ -194,41 +266,6 @@
|
||||
//$order_by = $_GET["order_by"];
|
||||
//$order = $_GET["order"];
|
||||
|
||||
//add the search string
|
||||
if (isset($_REQUEST["search"])) {
|
||||
$search = strtolower($_REQUEST["search"]);
|
||||
$sql_search = " (";
|
||||
$sql_search .= " lower(p.permission_name) like :search ";
|
||||
//$sql_search .= " or lower(p.group_name) like :search ";
|
||||
$sql_search .= ") ";
|
||||
$parameters['search'] = '%'.$search.'%';
|
||||
}
|
||||
|
||||
//get the count
|
||||
/*
|
||||
$sql = "select count(group_permission_uuid) from v_group_permissions ";
|
||||
$sql .= "where group_uuid = :group_uuid ";
|
||||
$parameters['group_uuid'] = $group_uuid;
|
||||
if (isset($sql_search)) {
|
||||
$sql .= "where ".$sql_search;
|
||||
}
|
||||
$database = new database;
|
||||
$num_rows = $database->select($sql, $parameters, 'column');
|
||||
*/
|
||||
|
||||
//get the list
|
||||
$sql = "select p.*, ";
|
||||
$sql .= "exists(select from v_group_permissions where permission_name = p.permission_name and group_name = :group_name) as permission_assigned ";
|
||||
$sql .= "from v_permissions as p ";
|
||||
$parameters['group_name'] = $group_name;
|
||||
if (isset($sql_search)) {
|
||||
$sql .= "where ".$sql_search;
|
||||
}
|
||||
$sql .= "order by application_name asc, permission_name asc ";
|
||||
$database = new database;
|
||||
$group_permissions = $database->select($sql, $parameters, 'all');
|
||||
unset($sql, $parameters);
|
||||
|
||||
//create token
|
||||
$object = new token;
|
||||
$token = $object->create($_SERVER['PHP_SELF']);
|
||||
@@ -270,7 +307,8 @@
|
||||
if (is_array($group_permissions) && @sizeof($group_permissions) != 0) {
|
||||
$x = 0;
|
||||
foreach ($group_permissions as $row) {
|
||||
$checked = ($row['permission_assigned'] === true) ? " checked=\"checked\"" : $checked = '';
|
||||
$checked = ($row['permission_assigned'] === 'true') ? " checked=\"checked\"" : $checked = '';
|
||||
$protected = ($row['permission_protected'] === 'true') ? " checked=\"checked\"" : '';
|
||||
$application_name = strtolower($row['application_name']);
|
||||
$label_application_name = ucwords(str_replace(['_','-'], " ", $row['application_name']));
|
||||
|
||||
@@ -293,6 +331,10 @@
|
||||
if (permission_exists('group_permission_edit') && $_SESSION['theme']['list_row_edit_button']['boolean'] == 'true') {
|
||||
echo " <td class='action-button'> </td>\n";
|
||||
}
|
||||
echo " <th class='checkbox'>\n";
|
||||
echo " <input type='checkbox' id='checkbox_all_".$application_name."_protected' name='checkbox_protected_all' onclick=\"list_all_toggle('".$application_name."_protected');\">\n";
|
||||
echo " </th>\n";
|
||||
echo th_order_by('group_permission_protected', $text['label-group_protected'], $order_by, $order, null, "class=''");
|
||||
echo "</tr>\n";
|
||||
|
||||
}
|
||||
@@ -305,6 +347,14 @@
|
||||
echo " </td>\n";
|
||||
}
|
||||
echo " <td class='no-wrap' onclick=\"if (document.getElementById('checkbox_".$x."').checked) { document.getElementById('checkbox_".$x."').checked = false; document.getElementById('checkbox_all_".$application_name."').checked = false; } else { document.getElementById('checkbox_".$x."').checked = true; }\">".escape($row['permission_name'])."</td>\n";
|
||||
if (permission_exists('group_permission_add') || permission_exists('group_permission_edit') || permission_exists('group_permission_delete')) {
|
||||
echo " <td class='checkbox'>\n";
|
||||
echo " <input type='checkbox' name='group_permissions[$x][permission_protected]' id='checkbox_protected_".$x."' class='checkbox_".$application_name."_protected' value='true' ".$protected." onclick=\"if (!this.checked) { document.getElementById('checkbox_all_".$application_name."_protected').checked = false; }\">\n";
|
||||
echo " </td>\n";
|
||||
}
|
||||
echo " </td>\n";
|
||||
echo " <td>";
|
||||
echo " </td>\n";
|
||||
echo "</tr>\n";
|
||||
|
||||
//set the previous category
|
||||
|
||||
@@ -445,6 +445,8 @@ if (!class_exists('groups')) {
|
||||
$array['group_permissions'][$x]['group_permission_uuid'] = uuid();
|
||||
$array['group_permissions'][$x]['domain_uuid'] = null;
|
||||
$array['group_permissions'][$x]['permission_name'] = $row['name'];
|
||||
$array['group_permissions'][$x]['permission_protected'] = 'false';
|
||||
$array['group_permissions'][$x]['permission_assigned'] = 'true';
|
||||
$array['group_permissions'][$x]['group_name'] = $group;
|
||||
$array['group_permissions'][$x]['group_uuid'] = $group_uuids[$group];
|
||||
}
|
||||
|
||||
@@ -58,14 +58,15 @@
|
||||
}
|
||||
$group_names = "'".implode("','", $group_name_array)."'";
|
||||
|
||||
//delete unprotected system group permissions
|
||||
//delete unprotected permissions
|
||||
$sql = "delete from v_group_permissions as p ";
|
||||
$sql .= "where group_name in ( ";
|
||||
$sql .= " select group_name ";
|
||||
$sql .= " from v_groups ";
|
||||
$sql .= " where group_protected <> 'true' ";
|
||||
$sql .= " and group_name in (".$group_names.") ";
|
||||
$sql .= ");";
|
||||
$sql .= ")";
|
||||
$sql .= "and (permission_protected <> 'true' or permission_protected is null)";
|
||||
$database = new database;
|
||||
$result = $database->select($sql);
|
||||
|
||||
@@ -166,6 +167,8 @@
|
||||
//build default permissions insert array
|
||||
$array['group_permissions'][$x]['group_permission_uuid'] = uuid();
|
||||
$array['group_permissions'][$x]['permission_name'] = $permission['name'];
|
||||
$array['group_permissions'][$x]['permission_protected'] = 'false';
|
||||
$array['group_permissions'][$x]['permission_assigned'] = 'true';
|
||||
$array['group_permissions'][$x]['group_name'] = $group_name;
|
||||
$array['group_permissions'][$x]['group_uuid'] = $group_uuid;
|
||||
$x++;
|
||||
|
||||
Reference in New Issue
Block a user