Make widgets disappear if the user doesn't have permission to use them

7 years ago · be892b007d
parent 14f401f355
commit be892b007d
6 changed files with 105 additions and 55 deletions
--- a/apps/inventory_link.php
+++ b/apps/inventory_link.php
@ -12,4 +12,9 @@ $APPS["inventory_link"]["icon"] = "cubes";
 $APPS["inventory_link"]["type"] = "teal";
 $content = "<p class='mobile-app-hide'>" . lang("open inventory system", false) . '</p><a href="' . INVENTORY_HOME . '" class="btn btn-primary btn-block mobile-app-hide">' . lang("open app", false) . ' &nbsp;<i class="fa fa-external-link-square"></i></a>';
 $APPS["inventory_link"]["content"] = $content;
 require_once __DIR__ . "/../lib/login.php";
 if (account_has_permission($_SESSION['username'], "INV_VIEW") !== true) {
    unset($APPS['inventory_link']);
 }
 ?>
--- a/apps/qwikclock_inout.php
+++ b/apps/qwikclock_inout.php
@ -1,10 +1,12 @@
 <?php
 dieifnotloggedin();
 require_once __DIR__ . "/../lib/login.php";
 addMultiLangStrings(["en_us" => [
        "qwikclock" => "QwikClock",
        "punch in" => "Punch in",
-        "punch out" => "Punch out"
+        "punch out" => "Punch out",
        "permission denied" => "You do not have permission to do that."
    ]
 ]);
 $APPS["qwikclock_inout"]["i18n"] = TRUE;
@ -12,6 +14,9 @@ $APPS["qwikclock_inout"]["title"] = "qwikclock";
 $APPS["qwikclock_inout"]["icon"] = "clock-o";
 $APPS["qwikclock_inout"]["type"] = "blue";
 $content = "";
 use GuzzleHttp\Exception\ClientException;
 if (!is_empty($_GET['qwikclock']) && ($_GET['qwikclock'] === "punchin" || $_GET['qwikclock'] === "punchout")) {
    try {
        $client = new GuzzleHttp\Client();
@ -28,6 +33,10 @@ if (!is_empty($_GET['qwikclock']) && ($_GET['qwikclock'] === "punchin" || $_GET[
        } else {
            $content = "<div class=\"alert alert-danger alert-dismissable\"><button type=\"button\" class=\"close\">&times;</button>" . $resp['msg'] . "</div>";
        }
    } catch (ClientException $e) {
        if ($e->getResponse()->getStatusCode() == 403) {
            $content = "<div class=\"alert alert-danger alert-dismissable\"><button type=\"button\" class=\"close\">&times;</button>" . lang("permission denied", false) . "</div>";
        }
    } catch (Exception $e) {
        $content = "<div class=\"alert alert-danger alert-dismissable\"><button type=\"button\" class=\"close\">&times;</button>" . lang("error loading widget", false) . "  " . $e->getMessage() . "</div>";
    }
@ -40,4 +49,9 @@ $content .= <<<END
 END;
 $content .= '<br /><a href="' . QWIKCLOCK_HOME . '" class="btn btn-primary btn-block mobile-app-hide">' . lang("open app", false) . ' &nbsp;<i class="fa fa-external-link-square"></i></a>';
 $APPS["qwikclock_inout"]["content"] = $content;
 if (account_has_permission($_SESSION['username'], "QWIKCLOCK") !== true) {
    unset($APPS['qwikclock_inout']);
 }
 ?>
--- a/apps/sync_mobile.php
+++ b/apps/sync_mobile.php
@ -4,64 +4,65 @@ dieifnotloggedin();
 use Endroid\QrCode\QrCode;
-addMultiLangStrings(["en_us" => [
+if (MOBILE_ENABLED) {
-        "sync mobile" => "Sync Mobile App",
+    addMultiLangStrings(["en_us" => [
-        "scan sync qrcode" => "Scan this code with the mobile app or enter the code manually.",
+            "sync mobile" => "Sync Mobile App",
-        "sync explained" => "Access your account and apps on the go.  Use a sync code to securely connect your phone or tablet to Portal with the Netsyms Business mobile app.",
+            "scan sync qrcode" => "Scan this code with the mobile app or enter the code manually.",
-        "generate sync" => "Create new sync code",
+            "sync explained" => "Access your account and apps on the go.  Use a sync code to securely connect your phone or tablet to Portal with the Netsyms Business mobile app.",
-        "active sync codes" => "Active codes",
+            "generate sync" => "Create new sync code",
-        "no active codes" => "No active codes.",
+            "active sync codes" => "Active codes",
-        "done adding sync code" => "Done adding code"
+            "no active codes" => "No active codes.",
-    ]
+            "done adding sync code" => "Done adding code"
-]);
+        ]
    ]);
-$APPS["sync_mobile"]["title"] = lang("sync mobile", false);
+    $APPS["sync_mobile"]["title"] = lang("sync mobile", false);
-$APPS["sync_mobile"]["icon"] = "mobile";
+    $APPS["sync_mobile"]["icon"] = "mobile";
-if (!is_empty($_GET['delsynccode'])) {
+    if (!is_empty($_GET['delsynccode'])) {
-    if ($database->has("mobile_codes", ["AND" => ["uid" => $_SESSION['uid'], "codeid" => $_GET['delsynccode']]])) {
+        if ($database->has("mobile_codes", ["AND" => ["uid" => $_SESSION['uid'], "codeid" => $_GET['delsynccode']]])) {
-        $database->delete("mobile_codes", ["AND" => ["uid" => $_SESSION['uid'], "codeid" => $_GET['delsynccode']]]);
+            $database->delete("mobile_codes", ["AND" => ["uid" => $_SESSION['uid'], "codeid" => $_GET['delsynccode']]]);
        }
    }
 }
-if ($_GET['mobilecode'] == "generate") {
+    if ($_GET['mobilecode'] == "generate") {
-    if (!is_empty($_GET['showsynccode']) && $database->has("mobile_codes", ["AND" => ["uid" => $_SESSION['uid'], "codeid" => $_GET['showsynccode']]])) {
+        if (!is_empty($_GET['showsynccode']) && $database->has("mobile_codes", ["AND" => ["uid" => $_SESSION['uid'], "codeid" => $_GET['showsynccode']]])) {
-        $code = $database->get("mobile_codes", 'code', ["AND" => ["uid" => $_SESSION['uid'], "codeid" => $_GET['showsynccode']]]);
+            $code = $database->get("mobile_codes", 'code', ["AND" => ["uid" => $_SESSION['uid'], "codeid" => $_GET['showsynccode']]]);
-    } else {
+        } else {
-        $code = strtoupper(substr(md5(mt_rand() . uniqid("", true)), 0, 20));
+            $code = strtoupper(substr(md5(mt_rand() . uniqid("", true)), 0, 20));
-        $database->insert('mobile_codes', ['uid' => $_SESSION['uid'], 'code' => $code]);
+            $database->insert('mobile_codes', ['uid' => $_SESSION['uid'], 'code' => $code]);
-    }
+        }
-    $url = URL . "mobile/index.php";
+        $url = URL . "mobile/index.php";
-    $encodedurl = str_replace("/", "\\", $url);
+        $encodedurl = str_replace("/", "\\", $url);
-    $codeuri = "bizsync://" . $encodedurl . "/" . $_SESSION['username'] . "/" . $code;
+        $codeuri = "bizsync://" . $encodedurl . "/" . $_SESSION['username'] . "/" . $code;
-    $qrCode = new QrCode($codeuri);
+        $qrCode = new QrCode($codeuri);
-    $qrCode->setSize(200);
+        $qrCode->setSize(200);
-    $qrCode->setErrorCorrection("H");
+        $qrCode->setErrorCorrection("H");
-    $qrcode = $qrCode->getDataUri();
+        $qrcode = $qrCode->getDataUri();
-    $chunk_code = trim(chunk_split($code, 5, ' '));
+        $chunk_code = trim(chunk_split($code, 5, ' '));
-    $lang_done = lang("done adding sync code", false);
+        $lang_done = lang("done adding sync code", false);
-    $APPS["sync_mobile"]["content"] = '<div class="alert alert-info"><i class="fa fa-info-circle"></i> ' . lang("scan sync qrcode", false) . '</div>' . <<<END
+        $APPS["sync_mobile"]["content"] = '<div class="alert alert-info"><i class="fa fa-info-circle"></i> ' . lang("scan sync qrcode", false) . '</div>' . <<<END
 <img src="$qrcode" class="img-responsive qrcode" />
 <div class="well well-sm" style="text-align: center; font-size: 110%; font-family: monospace;">$chunk_code</div>
 <div class="well well-sm" style="text-align: center; font-size: 110%; font-family: monospace;">$url</div>
 <a class="btn btn-success btn-sm btn-block" href="home.php?page=security">$lang_done</a>
 END;
 } else {
    $activecodes = $database->select("mobile_codes", ["codeid", "code"], ["uid" => $_SESSION['uid']]);
    $content = '<div class="alert alert-info"><i class="fa fa-info-circle"></i> ' . lang("sync explained", false) . '</div>'
            . '<a class="btn btn-success btn-sm btn-block" href="home.php?page=security&mobilecode=generate">'
            . lang("generate sync", false) . '</a>';
    $content .= "<br /><b>" . lang("active sync codes", false) . ":</b><br />";
    $content .= "<div class='list-group'>";
    if (count($activecodes) > 0) {
        foreach ($activecodes as $c) {
            $content .= "<div class='list-group-item mobilekey'><span style='font-family: Ubuntu Mono,monospace; flex-shrink: 0'>" . trim(chunk_split($c['code'], 5, ' ')) . "</span> <span class='tinybuttons'><a class='btn btn-primary btn-sm' href='home.php?page=security&mobilecode=generate&showsynccode=" . $c['codeid'] . "'><i class='fa fa-qrcode'></i></a> <a class='btn btn-danger btn-sm' href='home.php?page=security&delsynccode=" . $c['codeid'] . "'><i class='fa fa-trash'></i></a></span></div>";
        }
    } else {
-        $content .= "<div class='list-group-item'>" . lang("no active codes", false) . "</div>";
+        $activecodes = $database->select("mobile_codes", ["codeid", "code"], ["uid" => $_SESSION['uid']]);
-    }
+        $content = '<div class="alert alert-info"><i class="fa fa-info-circle"></i> ' . lang("sync explained", false) . '</div>'
-    $content .= "</div>";
+                . '<a class="btn btn-success btn-sm btn-block" href="home.php?page=security&mobilecode=generate">'
-    $content .= <<<END
+                . lang("generate sync", false) . '</a>';
        $content .= "<br /><b>" . lang("active sync codes", false) . ":</b><br />";
        $content .= "<div class='list-group'>";
        if (count($activecodes) > 0) {
            foreach ($activecodes as $c) {
                $content .= "<div class='list-group-item mobilekey'><span style='font-family: Ubuntu Mono,monospace; flex-shrink: 0'>" . trim(chunk_split($c['code'], 5, ' ')) . "</span> <span class='tinybuttons'><a class='btn btn-primary btn-sm' href='home.php?page=security&mobilecode=generate&showsynccode=" . $c['codeid'] . "'><i class='fa fa-qrcode'></i></a> <a class='btn btn-danger btn-sm' href='home.php?page=security&delsynccode=" . $c['codeid'] . "'><i class='fa fa-trash'></i></a></span></div>";
            }
        } else {
            $content .= "<div class='list-group-item'>" . lang("no active codes", false) . "</div>";
        }
        $content .= "</div>";
        $content .= <<<END
            <style>
                .mobilekey {
                    display: flex;
@ -70,5 +71,6 @@ END;
                }
            </style>
 END;
-    $APPS["sync_mobile"]["content"] = $content;
+        $APPS["sync_mobile"]["content"] = $content;
    }
 }
--- a/apps/taskfloor_messages.php
+++ b/apps/taskfloor_messages.php
@ -10,6 +10,9 @@ $APPS["taskfloor_messages"]["i18n"] = TRUE;
 $APPS["taskfloor_messages"]["title"] = "messages";
 $APPS["taskfloor_messages"]["icon"] = "comments";
 $APPS["taskfloor_messages"]["type"] = "deep-purple";
 use GuzzleHttp\Exception\ClientException;
 try {
    $client = new GuzzleHttp\Client();
@ -46,9 +49,15 @@ END;
            $content = "<div class=\"alert alert-info\">" . lang("no messages", false) . "</div>";
        }
    }
    $content .= '<a href="' . TASKFLOOR_HOME . '" class="btn btn-primary btn-block mobile-app-hide">' . lang("open app", false) . ' &nbsp;<i class="fa fa-external-link-square"></i></a>';
    $APPS["taskfloor_messages"]["content"] = $content;
 } catch (ClientException $e) {
    if ($e->getResponse()->getStatusCode() == 403) {
        unset($APPS['taskfloor_messages']);
    }
 } catch (Exception $e) {
    $content = "<div class=\"alert alert-danger\">" . lang("error loading widget", false) . "  " . $e->getMessage() . "</div>";
    $content .= '<a href="' . TASKFLOOR_HOME . '" class="btn btn-primary btn-block mobile-app-hide">' . lang("open app", false) . ' &nbsp;<i class="fa fa-external-link-square"></i></a>';
    $APPS["taskfloor_messages"]["content"] = $content;
 }
 $content .= '<a href="' . TASKFLOOR_HOME . '" class="btn btn-primary btn-block mobile-app-hide">' . lang("open app", false) . ' &nbsp;<i class="fa fa-external-link-square"></i></a>';
 $APPS["taskfloor_messages"]["content"] = $content;
 ?>
--- a/apps/taskfloor_tasks.php
+++ b/apps/taskfloor_tasks.php
@ -10,6 +10,9 @@ $APPS["taskfloor_tasks"]["i18n"] = TRUE;
 $APPS["taskfloor_tasks"]["title"] = "tasks";
 $APPS["taskfloor_tasks"]["icon"] = "tasks";
 $APPS["taskfloor_tasks"]["type"] = "blue-grey";
 use GuzzleHttp\Exception\ClientException;
 try {
    $client = new GuzzleHttp\Client();
@ -34,9 +37,15 @@ try {
            $content = "<div class=\"alert alert-success\">" . lang("no tasks found", false) . "</div>";
        }
    }
    $content .= '<a href="' . TASKFLOOR_HOME . '" class="btn btn-primary btn-block mobile-app-hide">' . lang("open app", false) . ' &nbsp;<i class="fa fa-external-link-square"></i></a>';
    $APPS["taskfloor_tasks"]["content"] = $content;
 } catch (ClientException $e) {
    if ($e->getResponse()->getStatusCode() == 403) {
        unset($APPS['taskfloor_tasks']);
    }
 } catch (Exception $e) {
    $content = "<div class=\"alert alert-danger\">" . lang("error loading widget", false) . "  " . $e->getMessage() . "</div>";
    $content .= '<a href="' . TASKFLOOR_HOME . '" class="btn btn-primary btn-block mobile-app-hide">' . lang("open app", false) . ' &nbsp;<i class="fa fa-external-link-square"></i></a>';
    $APPS["taskfloor_tasks"]["content"] = $content;
 }
 $content .= '<a href="' . TASKFLOOR_HOME . '" class="btn btn-primary btn-block mobile-app-hide">' . lang("open app", false) . ' &nbsp;<i class="fa fa-external-link-square"></i></a>';
 $APPS["taskfloor_tasks"]["content"] = $content;
 ?>
--- a/home.php
+++ b/home.php
@ -156,7 +156,15 @@ END;
            <div class="row widget-box">
                <?php
                // Center the widgets horizontally on the screen
-                $appcount = count(APPS[$pageid]);
+                $appcount = 0;
                foreach (APPS[$pageid] as $app) {
                    if (file_exists(__DIR__ . "/apps/" . $app . ".php")) {
                        include_once __DIR__ . "/apps/" . $app . ".php";
                        if (isset($APPS[$app])) {
                            $appcount++;
                        }
                    }
                }
                if ($appcount == 1) {
                    ?>
                    <div class="hidden-xs col-sm-3 col-md-4 col-lg-4">
@ -175,6 +183,9 @@ END;
                foreach (APPS[$pageid] as $app) {
                    if (file_exists(__DIR__ . "/apps/" . $app . ".php")) {
                        include_once __DIR__ . "/apps/" . $app . ".php";
                        if (!isset($APPS[$app])) {
                            continue;
                        }
                        $apptitle = ($APPS[$app]['i18n'] === TRUE ? lang($APPS[$app]['title'], false) : $APPS[$app]['title']);
                        $appicon = (is_empty($APPS[$app]['icon']) ? "" : "fa fa-fw fa-" . $APPS[$app]['icon']);
                        $apptype = (is_empty($APPS[$app]['type']) ? "default" : $APPS[$app]['type']);