From 937f44eb11dcdd409ee6e80da3db463f2dd4aef0 Mon Sep 17 00:00:00 2001 From: Skylar Ittner Date: Sun, 28 May 2017 23:24:56 -0600 Subject: [PATCH] Add permission editor --- action.php | 27 +++++++++++++ lang/en_us.php | 12 +++++- lang/messages.php | 14 ++++++- lib/getpermtable.php | 78 ++++++++++++++++++++++++++++++++++++++ pages.php | 28 ++++++++++++++ pages/addpermission.php | 38 +++++++++++++++++++ pages/delpermission.php | 54 ++++++++++++++++++++++++++ pages/permissions.php | 27 +++++++++++++ static/js/addpermission.js | 47 +++++++++++++++++++++++ static/js/permissions.js | 47 +++++++++++++++++++++++ 10 files changed, 370 insertions(+), 2 deletions(-) create mode 100644 lib/getpermtable.php create mode 100644 pages/addpermission.php create mode 100644 pages/delpermission.php create mode 100644 pages/permissions.php create mode 100644 static/js/addpermission.js create mode 100644 static/js/permissions.js diff --git a/action.php b/action.php index ce5fee3..584963c 100644 --- a/action.php +++ b/action.php @@ -105,6 +105,26 @@ switch ($VARS['action']) { } $database->delete('managers', ['AND' => ['managerid' => $VARS['mid'], 'employeeid' => $VARS['eid']]]); returnToSender("relationship_deleted"); + case "addpermission": + if (!$database->has('accounts', ['username' => $VARS['user']])) { + returnToSender("invalid_userid"); + } + if (!$database->has('permissions', ['permcode' => $VARS['perm']])) { + returnToSender("permission_not_exists"); + } + $uid = $database->select('accounts', 'uid', ['username' => $VARS['user']])[0]; + $pid = $database->select('permissions', 'permid', ['permcode' => $VARS['perm']])[0]; + $database->insert('assigned_permissions', ['uid' => $uid, 'permid' => $pid]); + returnToSender("permission_added"); + case "delpermission": + if (!$database->has('accounts', ['uid' => $VARS['uid']])) { + returnToSender("invalid_userid"); + } + if (!$database->has('permissions', ['permid' => $VARS['pid']])) { + returnToSender("permission_not_exists"); + } + $database->delete('assigned_permissions', ['AND' => ['uid' => $VARS['uid'], 'permid' => $VARS['pid']]]); + returnToSender("permission_deleted"); case "autocomplete_user": header("Content-Type: application/json"); if (is_empty($VARS['q']) || strlen($VARS['q']) < 3) { @@ -112,6 +132,13 @@ switch ($VARS['action']) { } $data = $database->select('accounts', ['uid', 'username', 'realname (name)'], ["OR" => ['username[~]' => $VARS['q'], 'realname[~]' => $VARS['q']], "LIMIT" => 10]); exit(json_encode($data)); + case "autocomplete_permission": + header("Content-Type: application/json"); + if (is_empty($VARS['q'])) { + exit(json_encode([])); + } + $data = $database->select('permissions', ['permcode (name)', 'perminfo (info)'], ["OR" => ['permcode[~]' => $VARS['q'], 'perminfo[~]' => $VARS['q']], "LIMIT" => 10]); + exit(json_encode($data)); case "signout": session_destroy(); header('Location: index.php'); diff --git a/lang/en_us.php b/lang/en_us.php index 68c111c..3c85967 100644 --- a/lang/en_us.php +++ b/lang/en_us.php @@ -71,5 +71,15 @@ define("STRINGS", [ "relationship deleted" => "Relationship deleted.", "edit relationship" => "Edit Relationship", "adding relationship" => "Adding Relationship", - "relationship added" => "Relationship added." + "relationship added" => "Relationship added.", + "permissions" => "Permissions", + "permission" => "Permission", + "new permission" => "New Permission", + "delete permission" => "Delete Permission", + "adding permission" => "Adding Permission", + "user" => "User", + "permission does not exist" => "Permission does not exist.", + "really delete permission" => "Are you sure you want to revoke this permission?", + "permission added" => "Permission assigned.", + "permission deleted" => "Permission deleted." ]); \ No newline at end of file diff --git a/lang/messages.php b/lang/messages.php index d79dff6..017f3bb 100644 --- a/lang/messages.php +++ b/lang/messages.php @@ -40,5 +40,17 @@ define("MESSAGES", [ "relationship_deleted" => [ "string" => "relationship deleted", "type" => "success" - ] + ], + "permission_not_exists" => [ + "string" => "permission does not exist", + "type" => "danger" + ], + "permission_added" => [ + "string" => "permission added", + "type" => "success" + ], + "permission_deleted" => [ + "string" => "permission deleted", + "type" => "success" + ], ]); diff --git a/lib/getpermtable.php b/lib/getpermtable.php new file mode 100644 index 0000000..be14dcd --- /dev/null +++ b/lib/getpermtable.php @@ -0,0 +1,78 @@ +count('assigned_permissions'); +$filter = false; + +// sort +$order = null; +$sortby = "DESC"; +if ($VARS['order'][0]['dir'] == 'asc') { + $sortby = "ASC"; +} +switch ($VARS['order'][0]['column']) { + case 2: + $order = ["realname" => $sortby]; + break; + case 3: + $order = ["permcode" => $sortby]; + break; +} + +// search +if (!is_empty($VARS['search']['value'])) { + $filter = true; + $wherenolimit = [ + "OR" => [ + "username[~]" => $VARS['search']['value'], + "realname[~]" => $VARS['search']['value'], + "permcode[~]" => $VARS['search']['value'] + ] + ]; + $where = $wherenolimit; + $where["LIMIT"] = [$VARS['start'], $VARS['length']]; +} else { + $where = ["LIMIT" => [$VARS['start'], $VARS['length']]]; +} +if (!is_null($order)) { + $where["ORDER"] = $order; +} + + +$data = $database->select('assigned_permissions', [ + "[>]accounts" => ['uid' => 'uid'], + "[>]permissions" => ['permid' => 'permid'] + ], [ + 'username', + 'realname', + 'assigned_permissions.uid', + 'permissions.permid', + 'permcode' + ], $where); + + +$out['status'] = "OK"; +if ($filter) { + $recordsFiltered = $database->count('assigned_permissions', [ + "[>]accounts" => ['uid' => 'uid'], + "[>]permissions" => ['permid' => 'permid'] + ], 'assigned_permissions.uid', $wherenolimit); +} else { + $recordsFiltered = $out['recordsTotal']; +} +$out['recordsFiltered'] = $recordsFiltered; +for ($i = 0; $i < count($data); $i++) { + $data[$i]["delbtn"] = ' ' . lang("delete", false) . ''; +} +$out['perms'] = $data; + +echo json_encode($out); diff --git a/pages.php b/pages.php index c5a2ae0..f96cfb5 100644 --- a/pages.php +++ b/pages.php @@ -76,6 +76,34 @@ define("PAGES", [ "title" => "delete manager", "navbar" => false ], + "permissions" => [ + "title" => "permissions", + "navbar" => true, + "icon" => "key", + "styles" => [ + "static/css/datatables.min.css", + "static/css/tables.css" + ], + "scripts" => [ + "static/js/datatables.min.js", + "static/js/permissions.js" + ], + ], + "addpermission" => [ + "title" => "new permission", + "navbar" => false, + "styles" => [ + "static/css/easy-autocomplete.min.css" + ], + "scripts" => [ + "static/js/jquery.easy-autocomplete.min.js", + "static/js/addpermission.js" + ] + ], + "delpermission" => [ + "title" => "delete permission", + "navbar" => false + ], "404" => [ "title" => "404 error" ] diff --git a/pages/addpermission.php b/pages/addpermission.php new file mode 100644 index 0000000..c3b2fe3 --- /dev/null +++ b/pages/addpermission.php @@ -0,0 +1,38 @@ + + +
+
+
+

+ +

+
+
+
+
+
+ + +
+
+
+
+ + +
+
+
+
+ + + + +
+ +
+
+
\ No newline at end of file diff --git a/pages/delpermission.php b/pages/delpermission.php new file mode 100644 index 0000000..6a00efe --- /dev/null +++ b/pages/delpermission.php @@ -0,0 +1,54 @@ +has('permissions', ['permid' => $VARS['pid']])) { + header('Location: app.php?page=permissions&msg=permission_not_exists'); + die(); +} +?> +
+
+
+
+

+ +

+
+
+
+

+

+ select('assigned_permissions', [ + "[>]accounts" => ['uid' => 'uid'], + "[>]permissions" => ['permid' => 'permid'] + ], [ + 'username', + 'realname', + 'permcode', + 'perminfo' + ], ["AND" => ['assigned_permissions.permid' => $VARS['pid'], 'assigned_permissions.uid' => $VARS['uid']]])[0]; + ?> +
+
+ () +
+
+ () +
+
+
+
+
+ + +
+
+
+
\ No newline at end of file diff --git a/pages/permissions.php b/pages/permissions.php new file mode 100644 index 0000000..54ba987 --- /dev/null +++ b/pages/permissions.php @@ -0,0 +1,27 @@ + +
+ +
+ + + + + + + + + + + + + + + + + + +
\ No newline at end of file diff --git a/static/js/addpermission.js b/static/js/addpermission.js new file mode 100644 index 0000000..f99266a --- /dev/null +++ b/static/js/addpermission.js @@ -0,0 +1,47 @@ +$("#user").easyAutocomplete({ + url: "action.php", + ajaxSettings: { + dataType: "json", + method: "GET", + data: { + action: "autocomplete_user" + } + }, + preparePostData: function (data) { + data.q = $("#user").val(); + return data; + }, + getValue: function (element) { + return element.username; + }, + template: { + type: "custom", + method: function (value, item) { + return item.name + " " + item.username + ""; + } + } +}); + +$("#perm").easyAutocomplete({ + url: "action.php", + ajaxSettings: { + dataType: "json", + method: "GET", + data: { + action: "autocomplete_permission" + } + }, + preparePostData: function (data) { + data.q = $("#perm").val(); + return data; + }, + getValue: function (element) { + return element.name; + }, + template: { + type: "custom", + method: function (value, item) { + return item.name + " " + item.info + ""; + } + } +}); \ No newline at end of file diff --git a/static/js/permissions.js b/static/js/permissions.js new file mode 100644 index 0000000..bcc8a26 --- /dev/null +++ b/static/js/permissions.js @@ -0,0 +1,47 @@ +$('#permtable').DataTable({ + responsive: { + details: { + display: $.fn.dataTable.Responsive.display.modal({ + header: function (row) { + var data = row.data(); + return " " + data[2] + " | " + data[3]; + } + }), + renderer: $.fn.dataTable.Responsive.renderer.tableAll({ + tableClass: 'table' + }), + type: "column" + } + }, + columnDefs: [ + { + targets: 0, + className: 'control', + orderable: false + }, + { + targets: 1, + orderable: false + } + ], + order: [ + [2, 'asc'] + ], + serverSide: true, + ajax: { + url: "lib/getpermtable.php", + dataFilter: function (data) { + var json = jQuery.parseJSON(data); + json.data = []; + json.perms.forEach(function (row) { + json.data.push([ + "", + row.delbtn, + row.realname + " (" + row.username + ")", + row.permcode + ]); + }); + return JSON.stringify(json); + } + } +}); \ No newline at end of file