From ec341d594af880699768ff3180df7828006cd6e8 Mon Sep 17 00:00:00 2001 From: rylon Date: Tue, 28 Jan 2014 17:07:54 +0100 Subject: [PATCH] sai security rightmanagement working, rights for security, im and locale --- dbd/qq/SYS_SAIMOD_SECURITY_USER_RIGHTS.php | 12 ++++ .../SYS_SAIMOD_SECURITY_USER_RIGHT_CHECK.php | 12 ++++ .../SYS_SAIMOD_SECURITY_USER_RIGHT_DELETE.php | 12 ++++ .../SYS_SAIMOD_SECURITY_USER_RIGHT_INSERT.php | 12 ++++ sai/modules/saimod_sys_img/saimod_sys_img.php | 2 +- .../saimod_sys_locale/saimod_sys_locale.php | 2 +- .../saimod_sys_security.js | 25 ++++++- .../saimod_sys_security.php | 69 +++++++++++++++++-- .../saimod_sys_security_right.tpl | 3 +- .../saimod_sys_security_rights.tpl | 2 +- .../saimod_sys_security_user.tpl | 4 +- .../saimod_sys_security_user_right.tpl | 7 ++ .../saimod_sys_security_user_right_add.tpl | 1 + .../saimod_sys_security_user_rights.tpl | 11 +++ .../saimod_sys_security_user_rights_add.tpl | 4 ++ .../saimod_sys_security_user_view.tpl | 4 ++ .../saimod_sys_security_users.tpl | 2 +- security/RIGHTS.php | 13 +++- 18 files changed, 180 insertions(+), 17 deletions(-) create mode 100644 dbd/qq/SYS_SAIMOD_SECURITY_USER_RIGHTS.php create mode 100644 dbd/qq/SYS_SAIMOD_SECURITY_USER_RIGHT_CHECK.php create mode 100644 dbd/qq/SYS_SAIMOD_SECURITY_USER_RIGHT_DELETE.php create mode 100644 dbd/qq/SYS_SAIMOD_SECURITY_USER_RIGHT_INSERT.php create mode 100644 sai/modules/saimod_sys_security/saimod_sys_security_user_right.tpl create mode 100644 sai/modules/saimod_sys_security/saimod_sys_security_user_right_add.tpl create mode 100644 sai/modules/saimod_sys_security/saimod_sys_security_user_rights.tpl create mode 100644 sai/modules/saimod_sys_security/saimod_sys_security_user_rights_add.tpl diff --git a/dbd/qq/SYS_SAIMOD_SECURITY_USER_RIGHTS.php b/dbd/qq/SYS_SAIMOD_SECURITY_USER_RIGHTS.php new file mode 100644 index 0000000..98ff612 --- /dev/null +++ b/dbd/qq/SYS_SAIMOD_SECURITY_USER_RIGHTS.php @@ -0,0 +1,12 @@ +Img';} public static function right_public(){return false;} - public static function right_right(){return \SYSTEM\SECURITY\Security::check(\SYSTEM\SECURITY\RIGHTS::SYS_SAI);} + public static function right_right(){return \SYSTEM\SECURITY\Security::check(\SYSTEM\SECURITY\RIGHTS::SYS_SAI) && \SYSTEM\SECURITY\Security::check(\SYSTEM\SECURITY\RIGHTS::SYS_SAI_IMG);} public static function sai_mod__SYSTEM_SAI_saimod_sys_img_flag_css(){} public static function sai_mod__SYSTEM_SAI_saimod_sys_img_flag_js(){return \SYSTEM\LOG\JsonResult::toString( diff --git a/sai/modules/saimod_sys_locale/saimod_sys_locale.php b/sai/modules/saimod_sys_locale/saimod_sys_locale.php index d91f1b5..2e315ce 100644 --- a/sai/modules/saimod_sys_locale/saimod_sys_locale.php +++ b/sai/modules/saimod_sys_locale/saimod_sys_locale.php @@ -132,7 +132,7 @@ class saimod_sys_locale extends \SYSTEM\SAI\SaiModule { public static function html_li_menu(){return '
  • DB Text
    • ';} public static function right_public(){return false;} - public static function right_right(){return \SYSTEM\SECURITY\Security::check(\SYSTEM\SECURITY\RIGHTS::SYS_SAI);} + public static function right_right(){return \SYSTEM\SECURITY\Security::check(\SYSTEM\SECURITY\RIGHTS::SYS_SAI) && \SYSTEM\SECURITY\Security::check(\SYSTEM\SECURITY\RIGHTS::SYS_SAI_LOCALE);} public static function sai_mod__SYSTEM_SAI_saimod_sys_locale_flag_css(){} public static function sai_mod__SYSTEM_SAI_saimod_sys_locale_flag_js(){ diff --git a/sai/modules/saimod_sys_security/saimod_sys_security.js b/sai/modules/saimod_sys_security/saimod_sys_security.js index 5d7f9eb..a5060fb 100644 --- a/sai/modules/saimod_sys_security/saimod_sys_security.js +++ b/sai/modules/saimod_sys_security/saimod_sys_security.js @@ -92,6 +92,29 @@ function register_users(){ }); $('#user_search').val(user_search); $('.user_entry').click(function(){ - $('#tab_users').load(SAI_ENDPOINT+'sai_mod=.SYSTEM.SAI.saimod_sys_security&action=user&username='+encodeURIComponent($(this).attr('username'))); + $('#tab_users').load(SAI_ENDPOINT+'sai_mod=.SYSTEM.SAI.saimod_sys_security&action=user&username='+encodeURIComponent($(this).attr('username')),function(){ + $('.deleteuserright').click(function(){ + $.get( SAI_ENDPOINT+ + 'sai_mod=.SYSTEM.SAI.saimod_sys_security&action=deleterightuser&rightid='+$(this).attr('right_id')+ + '&userid='+$(this).attr('user_id'),function(data){ + if(data==1){ + alert('sucess'); + } else { + alert('fail'); + } + }); + }) + $('#adduserright_add').click(function(){ + $.get( SAI_ENDPOINT+ + 'sai_mod=.SYSTEM.SAI.saimod_sys_security&action=addrightuser&rightid='+$('#adduserright_rightid').val()+ + '&userid='+$(this).attr('user_id'),function(data){ + if(data==1){ + alert('sucess'); + } else { + alert('fail'); + } + }); + }); + }); }); } \ No newline at end of file diff --git a/sai/modules/saimod_sys_security/saimod_sys_security.php b/sai/modules/saimod_sys_security/saimod_sys_security.php index f3d7ffb..036653d 100644 --- a/sai/modules/saimod_sys_security/saimod_sys_security.php +++ b/sai/modules/saimod_sys_security/saimod_sys_security.php @@ -10,23 +10,51 @@ class saimod_sys_security extends \SYSTEM\SAI\SaiModule { return \SYSTEM\PAGE\replace::replaceFile(\SYSTEM\SERVERPATH(new \SYSTEM\PSAI(),'modules/saimod_sys_security/saimod_sys_security_newright.tpl'),array());} public static function sai_mod__SYSTEM_SAI_saimod_sys_security_action_rights(){ + $vars = array(); $rows = ''; $res = \SYSTEM\DBD\SYS_SAIMOD_SECURITY_RIGHTS::QQ(); while($r = $res->next()){ + $r['right_edit_btn'] = \SYSTEM\SECURITY\Security::check(\SYSTEM\SECURITY\RIGHTS::SYS_SAI_SECURITY_RIGHTS_EDIT) ? + ' + ' : + 'Missing rights.'; $rows .= \SYSTEM\PAGE\replace::replaceFile(\SYSTEM\SERVERPATH(new \SYSTEM\PSAI(),'modules/saimod_sys_security/saimod_sys_security_right.tpl'),$r);} - return \SYSTEM\PAGE\replace::replaceFile(\SYSTEM\SERVERPATH(new \SYSTEM\PSAI(),'modules/saimod_sys_security/saimod_sys_security_rights.tpl'),array('rows' => $rows)); + $vars['rows'] = $rows; + $vars['addright_btn'] = \SYSTEM\SECURITY\Security::check(\SYSTEM\SECURITY\RIGHTS::SYS_SAI_SECURITY_RIGHTS_EDIT) ? + '' : + 'You are missing the required rights for adding or removing rights.'; + return \SYSTEM\PAGE\replace::replaceFile(\SYSTEM\SERVERPATH(new \SYSTEM\PSAI(),'modules/saimod_sys_security/saimod_sys_security_rights.tpl'),$vars); } + public static function sai_mod__SYSTEM_SAI_saimod_sys_security_action_deleterightuser($rightid,$userid){ + if(!\SYSTEM\SECURITY\Security::check(\SYSTEM\SECURITY\RIGHTS::SYS_SAI_SECURITY_RIGHTS_EDIT)){ + return false;} + $res = \SYSTEM\DBD\SYS_SAIMOD_SECURITY_USER_RIGHT_CHECK::Q1(array($rightid,$userid)); + if(!$res || $res['count'] == 0){ + return false;} + return \SYSTEM\DBD\SYS_SAIMOD_SECURITY_USER_RIGHT_DELETE::QI(array($rightid,$userid));} + + public static function sai_mod__SYSTEM_SAI_saimod_sys_security_action_addrightuser($rightid,$userid){ + if(!\SYSTEM\SECURITY\Security::check(\SYSTEM\SECURITY\RIGHTS::SYS_SAI_SECURITY_RIGHTS_EDIT)){ + return false;} + $res = \SYSTEM\DBD\SYS_SAIMOD_SECURITY_USER_RIGHT_CHECK::Q1(array($rightid,$userid)); + if(!$res || $res['count'] != 0){ + return false;} + return \SYSTEM\DBD\SYS_SAIMOD_SECURITY_USER_RIGHT_INSERT::QI(array($rightid,$userid));} + public static function sai_mod__SYSTEM_SAI_saimod_sys_security_action_addright($id,$name,$description){ - //TODO rightcheck + if(!\SYSTEM\SECURITY\Security::check(\SYSTEM\SECURITY\RIGHTS::SYS_SAI_SECURITY_RIGHTS_EDIT)){ + return false;} return \SYSTEM\DBD\SYS_SAIMOD_SECURITY_RIGHT_INSERT::QI(array($id,$name,$description));} public static function sai_mod__SYSTEM_SAI_saimod_sys_security_action_deleterightconfirm($id){ - //TODO rightcheck + if(!\SYSTEM\SECURITY\Security::check(\SYSTEM\SECURITY\RIGHTS::SYS_SAI_SECURITY_RIGHTS_EDIT)){ + return false;} $vars = \SYSTEM\DBD\SYS_SAIMOD_SECURITY_RIGHT_CHECK::Q1(array($id)); return \SYSTEM\PAGE\replace::replaceFile(\SYSTEM\SERVERPATH(new \SYSTEM\PSAI(),'modules/saimod_sys_security/saimod_sys_security_deleteright.tpl'),$vars);} public static function sai_mod__SYSTEM_SAI_saimod_sys_security_action_deleteright($id){ - //TODO rightcheck + if(!\SYSTEM\SECURITY\Security::check(\SYSTEM\SECURITY\RIGHTS::SYS_SAI_SECURITY_RIGHTS_EDIT)){ + return false;} return \SYSTEM\DBD\SYS_SAIMOD_SECURITY_RIGHT_DELETE::QI(array($id));} private static function user_actions($userid){ @@ -45,6 +73,36 @@ class saimod_sys_security extends \SYSTEM\SAI\SaiModule { return \SYSTEM\PAGE\replace::replaceFile(\SYSTEM\SERVERPATH(new \SYSTEM\PSAI(),'modules/saimod_sys_log/saimod_sys_log_table.tpl'), $vars); } + private static function user_rights($userid){ + $vars = array(); + + $vars['user_rights_table'] = ''; + $res = \SYSTEM\DBD\SYS_SAIMOD_SECURITY_USER_RIGHTS::QQ(array($userid)); + while($r = $res->next()){ + $r['user_id'] = $userid; + $r['remove_btn'] = \SYSTEM\SECURITY\Security::check(\SYSTEM\SECURITY\RIGHTS::SYS_SAI_SECURITY_RIGHTS_EDIT) ? + '' : + 'Missing Rights'; + $vars['user_rights_table'] .= \SYSTEM\PAGE\replace::replaceFile(\SYSTEM\SERVERPATH(new \SYSTEM\PSAI(),'modules/saimod_sys_security/saimod_sys_security_user_right.tpl'), $r);} + + $vars['user_rights_add'] = 'You are missing the required rights for adding or removing the rights of an user.'; + if(\SYSTEM\SECURITY\Security::check(\SYSTEM\SECURITY\RIGHTS::SYS_SAI_SECURITY_RIGHTS_EDIT)){ + $opts = ''; + $res = \SYSTEM\DBD\SYS_SAIMOD_SECURITY_RIGHTS::QQ(); + $b = true; + while($r = $res->next()){ + $r['selected'] = $b ? 'selected="selected"' : ''; + $b = false; + $opts .= \SYSTEM\PAGE\replace::replaceFile(\SYSTEM\SERVERPATH(new \SYSTEM\PSAI(),'modules/saimod_sys_security/saimod_sys_security_user_right_add.tpl'), $r);} + + $v = array(); + $v['user_id'] = $userid; + $v['right_options'] = $opts; + $vars['user_rights_add'] = \SYSTEM\PAGE\replace::replaceFile(\SYSTEM\SERVERPATH(new \SYSTEM\PSAI(),'modules/saimod_sys_security/saimod_sys_security_user_rights_add.tpl'), $v); + } + + return \SYSTEM\PAGE\replace::replaceFile(\SYSTEM\SERVERPATH(new \SYSTEM\PSAI(),'modules/saimod_sys_security/saimod_sys_security_user_rights.tpl'), $vars);} + public static function sai_mod__SYSTEM_SAI_saimod_sys_security_action_stats(){ return \SYSTEM\PAGE\replace::replaceFile(\SYSTEM\SERVERPATH(new \SYSTEM\PSAI(),'modules/saimod_sys_security/saimod_sys_security_stats.tpl'),array()); } @@ -52,6 +110,7 @@ class saimod_sys_security extends \SYSTEM\SAI\SaiModule { public static function sai_mod__SYSTEM_SAI_saimod_sys_security_action_user($username){ $vars = \SYSTEM\DBD\SYS_SAIMOD_SECURITY_USER::Q1(array($username)); $vars['time_elapsed'] = self::time_elapsed_string($vars['last_active']); + $vars['user_rights'] = array_key_exists('id', $vars) ? self::user_rights($vars['id']) : ''; $vars['user_actions'] = array_key_exists('id', $vars) ? self::user_actions($vars['id']) : ''; return \SYSTEM\PAGE\replace::replaceFile(\SYSTEM\SERVERPATH(new \SYSTEM\PSAI(),'modules/saimod_sys_security/saimod_sys_security_user_view.tpl'),$vars); } @@ -117,7 +176,7 @@ class saimod_sys_security extends \SYSTEM\SAI\SaiModule { public static function html_li_menu(){return '
  • Security
    • ';} public static function right_public(){return false;} - public static function right_right(){return \SYSTEM\SECURITY\Security::check(\SYSTEM\SECURITY\RIGHTS::SYS_SAI);} + public static function right_right(){return \SYSTEM\SECURITY\Security::check(\SYSTEM\SECURITY\RIGHTS::SYS_SAI) && \SYSTEM\SECURITY\Security::check(\SYSTEM\SECURITY\RIGHTS::SYS_SAI_SECURITY);} public static function sai_mod__SYSTEM_SAI_saimod_sys_security_flag_css(){return \SYSTEM\LOG\JsonResult::toString( array(\SYSTEM\WEBPATH(new \SYSTEM\PSAI(),'modules/saimod_sys_security/saimod_sys_security.css')));} diff --git a/sai/modules/saimod_sys_security/saimod_sys_security_right.tpl b/sai/modules/saimod_sys_security/saimod_sys_security_right.tpl index 11ba748..d578bc7 100644 --- a/sai/modules/saimod_sys_security/saimod_sys_security_right.tpl +++ b/sai/modules/saimod_sys_security/saimod_sys_security_right.tpl @@ -3,7 +3,6 @@ ${name} ${description} - - + ${right_edit_btn} \ No newline at end of file diff --git a/sai/modules/saimod_sys_security/saimod_sys_security_rights.tpl b/sai/modules/saimod_sys_security/saimod_sys_security_rights.tpl index df47c7a..fea5083 100644 --- a/sai/modules/saimod_sys_security/saimod_sys_security_rights.tpl +++ b/sai/modules/saimod_sys_security/saimod_sys_security_rights.tpl @@ -1,4 +1,4 @@ - +${addright_btn}

    diff --git a/sai/modules/saimod_sys_security/saimod_sys_security_user.tpl b/sai/modules/saimod_sys_security/saimod_sys_security_user.tpl index e50d11c..2f58820 100644 --- a/sai/modules/saimod_sys_security/saimod_sys_security_user.tpl +++ b/sai/modules/saimod_sys_security/saimod_sys_security_user.tpl @@ -6,10 +6,10 @@ - diff --git a/sai/modules/saimod_sys_security/saimod_sys_security_user_right.tpl b/sai/modules/saimod_sys_security/saimod_sys_security_user_right.tpl new file mode 100644 index 0000000..ad4478e --- /dev/null +++ b/sai/modules/saimod_sys_security/saimod_sys_security_user_right.tpl @@ -0,0 +1,7 @@ + + + + + + + \ No newline at end of file diff --git a/sai/modules/saimod_sys_security/saimod_sys_security_user_right_add.tpl b/sai/modules/saimod_sys_security/saimod_sys_security_user_right_add.tpl new file mode 100644 index 0000000..10a3128 --- /dev/null +++ b/sai/modules/saimod_sys_security/saimod_sys_security_user_right_add.tpl @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/sai/modules/saimod_sys_security/saimod_sys_security_user_rights.tpl b/sai/modules/saimod_sys_security/saimod_sys_security_user_rights.tpl new file mode 100644 index 0000000..7d7a430 --- /dev/null +++ b/sai/modules/saimod_sys_security/saimod_sys_security_user_rights.tpl @@ -0,0 +1,11 @@ +
    ${locale} ${time_elapsed} ${account_flag} +
    ${ID}${name}${description}true${remove_btn}
    + + + + + + + ${user_rights_table} + ${user_rights_add} +
    ID + NameDescriptionAccessRemove
    \ No newline at end of file diff --git a/sai/modules/saimod_sys_security/saimod_sys_security_user_rights_add.tpl b/sai/modules/saimod_sys_security/saimod_sys_security_user_rights_add.tpl new file mode 100644 index 0000000..684e419 --- /dev/null +++ b/sai/modules/saimod_sys_security/saimod_sys_security_user_rights_add.tpl @@ -0,0 +1,4 @@ + + + + \ No newline at end of file diff --git a/sai/modules/saimod_sys_security/saimod_sys_security_user_view.tpl b/sai/modules/saimod_sys_security/saimod_sys_security_user_view.tpl index d9a1612..d40c80f 100644 --- a/sai/modules/saimod_sys_security/saimod_sys_security_user_view.tpl +++ b/sai/modules/saimod_sys_security/saimod_sys_security_user_view.tpl @@ -32,5 +32,9 @@ ${account_flag} +
    +

    Users Rights

    +${user_rights} +

    Users Last Actions

    ${user_actions} diff --git a/sai/modules/saimod_sys_security/saimod_sys_security_users.tpl b/sai/modules/saimod_sys_security/saimod_sys_security_users.tpl index d493f31..d717202 100644 --- a/sai/modules/saimod_sys_security/saimod_sys_security_users.tpl +++ b/sai/modules/saimod_sys_security/saimod_sys_security_users.tpl @@ -12,7 +12,7 @@ Users: ${count} Locale Last Active Flag - Rights + reset password ${rows} diff --git a/security/RIGHTS.php b/security/RIGHTS.php index 0b12ceb..8bc9e4a 100644 --- a/security/RIGHTS.php +++ b/security/RIGHTS.php @@ -4,10 +4,17 @@ namespace SYSTEM\SECURITY; class RIGHTS { //Never use anything with 0 in php - const SYS_DONOTUSE = 0; + const SYS_DONOTUSE = 0; //System Administrator Interface - const SYS_SAI = 1; - + const SYS_SAI = 1; + //Security Module + const SYS_SAI_SECURITY = 5; //access + const SYS_SAI_SECURITY_RIGHTS_EDIT = 6; //edit rights + //Database Text Module + const SYS_SAI_LOCALE = 10; + //Image Module + const SYS_SAI_IMG = 15; + //Reserve first 1000 ids. const RESERVED_SYS_0_999 = 999; } \ No newline at end of file