Started new permissions module

common.php

@@ -5,6 +5,9 @@
 *  [root]/license.txt for more. This information must remain intact.
 */
 
+ini_set('display_errors', 1);
+ini_set('display_startup_errors', 1);
+error_reporting(E_ALL);
 
 $sql = null;
 Common::startSession();
@@ -93,6 +96,7 @@ class Common {
 			define( "LANGUAGE", "en" );
 		}
 		
+		require_once( COMPONENTS . "/permissions/class.permissions.php" );
 		require_once( COMPONENTS . "/update/class.update.php" );
 		require_once( COMPONENTS . "/sql/class.sql.php" );
 		global $sql;
@@ -564,47 +568,7 @@ class Common {
 	
 	public static function checkPath( $path ) {
 		
-		global $sql;
+		return Permissions::has_manager( $path );
-		//$query = "SELECT * FROM projects WHERE LOCATE( path, ? ) > 0 LIMIT 1;";
-		//$bind_variables = array( $path );
-		//$result = $sql->query( $query, $bind_variables, array() )[0];
-		$result = $sql->select(
-			"projects",
-			array(),
-			array(
-				array(
-					"find",
-					"[path]",
-					$path,
-					array(
-						"more than",
-						0
-					)
-				),
-				array(
-					"limit",
-					1
-				)
-			)
-		);
-		
-		if( ! empty( $result ) ) {
-			
-			$result = $result[0];
-			try {
-				
-				$users = json_decode( $result["access"] );
-			} catch( exception $e ) {
-				
-				$users = array();
-			}
-			
-			if( $result["owner"] == 'nobody' || $result["owner"] == $_SESSION["user"] || ( in_array( $_SESSION["user"], $users ) && ! empty( $users ) ) ) {
-				
-				return( true );
-			}
-		}
-		return( false );
 	}
 	
 	

components/filemanager/class.filemanager.php

@@ -164,7 +164,7 @@ class Filemanager extends Common {
 	//////////////////////////////////////////////////////////////////
 	
 	public function index() {
-	
+		
 		if ( file_exists( $this->path ) ) {
 			
 			$index = array();
@@ -450,7 +450,7 @@ class Filemanager extends Common {
 	
 	public function delete( $keep_parent = false ) {
 		
-		if( Common::checkPath( $path ) ) {
+		if( ! Permissions::has_delete( $this->path ) ) {
 			
 			$this->status = "error";
 			$this->message = "No access.";
@@ -530,7 +530,9 @@ class Filemanager extends Common {
 			
 			if ( ! file_exists( $new_path ) ) {
 				
-				if ( rename( $this->path, $new_path ) ) {
+				echo var_dump( Permissions::has_create( $this->path ) );
+				
+				if ( Permissions::has_create( $this->path ) && rename( $this->path, $new_path ) ) {
 					
 					//unlink($this->path);
 					$this->status = "success";
@@ -545,10 +547,10 @@ class Filemanager extends Common {
 				$this->message = "Path Already Exists";
 			}
 		} else {
-				
+			
 			// Change content
 			if ( $this->content || $this->patch ) {
-					
+				
 				if ( $this->content == ' ' ) {
 					
 					$this->content = ''; // Blank out file
@@ -560,7 +562,8 @@ class Filemanager extends Common {
 					$this->respond();
 					return;
 				}
-				if ( is_file( $this->path ) ) {
+				echo var_dump( Permissions::has_write( $this->path ) );
+				if ( is_file( $this->path ) && Permissions::has_write( $this->path ) ) {
 					
 					$serverMTime = filemtime( $this->path );
 					$fileContents = file_get_contents( $this->path );

components/filemanager/controller.php

@@ -39,7 +39,8 @@ if (!isset($_SESSION['project'])) {
     // Security Check
     //////////////////////////////////////////////////////////////////
 
-if (!checkPath($_GET['path'])) {
+if ( ! Permissions::has_read( $_GET['path'] ) ) {
+	
     die('{"status":"error","message":"Invalid Path"}');
 }
 

components/permissions/class.permissions.php

@@ -0,0 +1,146 @@
+<?php
+/*
+*  Copyright (c) Codiad & Kent Safranski (codiad.com), and Isaac Brown (telaaedifex.com), distributed
+*  as-is and without warranty under the MIT License. See
+*  [root]/license.txt for more. This information must remain intact.
+*/
+
+class Permissions {
+	
+	const LEVELS = array(
+		
+		"admin" => 0,
+		"owner" => 1,
+		"manager" => 2,
+		"delete" => 3,
+		"create" => 4,
+		"write" => 5,
+		"read" => 6,
+	);
+	
+	function __construct() {
+		
+		
+	}
+	
+	public static function check_path( $level, $path ) {
+		
+		$project_path = $_SESSION["project"];
+		$project_path = rtrim( $project_path, '/' ) . '/';
+		
+		if( ! in_array( $level, array_keys( self::LEVELS ) ) ) {
+			
+			exit( Common::formatJSEND( "error", "Access Level does not exist." ) );
+		}
+		
+		if( strpos( $path, $project_path ) === 0 ) {
+			
+			exit( Common::formatJSEND( "error", "Error with path." ) );
+		}
+		
+		global $sql;
+		$pass = false;
+		//$query = "SELECT * FROM projects WHERE LOCATE( path, ? ) > 0 LIMIT 1;";
+		//$bind_variables = array( $path );
+		//$result = $sql->query( $query, $bind_variables, array() )[0];
+		/*$result = $sql->select(
+			"projects",
+			array(),
+			array(
+				array(
+					"find",
+					$path,
+					array(
+						"more than",
+						0
+					)
+				),
+				array(
+					"limit",
+					1
+				)
+			)
+		);*/
+		
+		$query = "SELECT * FROM projects WHERE path=? LIMIT 1;";
+		$bind_variables = array( $_SESSION["project"] );
+		$result = $sql->query( $query, $bind_variables, array() )[0];
+		
+		if( ! empty( $result ) ) {
+			
+			$result = $result[0];
+			try {
+				
+				$users = json_decode( $result["access"], true );
+			} catch( exception $e ) {
+				
+				$users = array();
+			}
+			
+			if( $result["owner"] == 'nobody' ) {
+				
+				$pass = true;
+			} elseif( $result["owner"] == $_SESSION["user"] ) {
+				
+				$pass = true;
+			} elseif( in_array( $_SESSION["user"], array_keys( $users ) ) && ! empty( $users ) ) {
+				
+				//Only allow the owner to delete the root dir / project
+				if( $path == $result["path"] && self::LEVELS[$level] == self::LEVELS["delete"] ) {
+					
+					$level = "owner";
+				}
+				
+				$is_assoc = ( array_keys( $users ) !== range( 0, count( $users ) - 1 ) );
+				
+				if( $is_assoc ) {
+					
+					$users_access = $users[$_SESSION["user"]];
+				} else {
+					
+					$users_access = self::LEVELS["delete"];
+				}
+				
+				echo var_dump( $path, $result, $users_access, $level, ( self::LEVELS[$level] >= $users_access ), self::LEVELS[$level] + " is more than or equal to {$users_access}" );
+				
+				if( self::LEVELS[$level] >= $users_access ) {
+					
+					$pass = true;
+				}
+			}
+		}
+		return( $pass );
+	}
+	
+	public static function has_owner( $path ) {
+		
+		return self::check_path( "owner", $path );
+	}
+	
+	public static function has_manager( $path ) {
+		
+		return self::check_path( "manager", $path );
+	}
+	
+	public static function has_delete( $path ) {
+		
+		return self::check_path( "delete", $path );
+	}
+	
+	public static function has_create( $path ) {
+		
+		return self::check_path( "create", $path );
+	}
+	
+	public static function has_write( $path ) {
+		
+		return self::check_path( "write", $path );
+	}
+	
+	public static function has_read( $path ) {
+		
+		return self::check_path( "read", $path );
+	}
+}
+
+?>

components/project/class.project.php

@@ -14,13 +14,14 @@ class Project extends Common {
 	// PROPERTIES
 	//////////////////////////////////////////////////////////////////
 	
-	public $name         = '';
+	public $access = 100;
-	public $path         = '';
+	public $name = '';
-	public $gitrepo      = false;
+	public $path = '';
-	public $gitbranch    = '';
+	public $gitrepo = false;
-	public $projects     = array();
+	public $gitbranch = '';
-	public $no_return    = false;
+	public $projects = array();
-	public $assigned     = false;
+	public $no_return = false;
+	public $assigned = false;
 	public $command_exec = '';
 	public $public_project = false;
 	public $user = '';
@@ -70,21 +71,32 @@ class Project extends Common {
 		$query = "SELECT access FROM projects WHERE path=? AND owner=?";
 		$bind_variables = array( $this->path, $_SESSION["user"] );
 		$result = $sql->query( $query, $bind_variables, array() )[0];
-
+		
 		if( ! empty( $result ) ) {
 			
 			$access = json_decode( $result["access"] );
 			
-			if( is_array( $access ) ) {
+			if( is_array( $access ) && ! empty( $access ) ) {
 				
-				if( ! in_array( $this->user, $access ) ) {
+				$is_assoc = ( array_keys( $access ) !== range( 0, count( $access ) - 1 ) );
+				
+				if( $is_assoc ) {
 					
-					array_push( $access, $this->user );
+					$access[$this->user] = $this->access;
+				} else {
+					
+					$new_access = array();
+					foreach( $access as $user ) {
+						
+						$new_access[$user] = Permission::LEVELS["delete"];
+					}
+					$access[$this->user] = $this->access;
+					$access = $new_access;
 				}
 			} else {
 				
 				$access = array(
-					$this->user
+					$this->user => $this->access
 				);
 			}
 			
@@ -361,7 +373,7 @@ class Project extends Common {
 	//////////////////////////////////////////////////////////////////
 	
 	public function Create() {
-			
+		
 		if ( $this->name != '' && $this->path != '' ) {
 			
 			$this->path = $this->cleanPath();

components/project/controller.php

@@ -32,8 +32,15 @@ if( $_GET['action'] == 'add_user' ) {
 		"undefined"
 	);
 	
-	if( ! in_array( $_GET['username'], $invalid_users ) ) {
+	if( ! isset( $_GET['access'] ) || in_array( $_GET['access'], $invalid_users ) || ! in_array( $_GET['access'], array_keys( Permissions::LEVELS ) ) ) {
 		
+		echo formatJSEND( "error", "No access set." );
+		return;
+	}
+	
+	if( isset( $_GET['username'] ) && ! in_array( $_GET['username'], $invalid_users ) ) {
+		
+		$Project->access = $_GET['access'];
 		$Project->user = $_GET['username'];
 	} else {
 		
@@ -110,7 +117,7 @@ if( $_GET['action'] == 'current' ) {
 
 if( $_GET['action'] == 'delete' ) {
 	
-	if( checkPath( $_GET['project_path'] ) ) {
+	if( isset( $_GET['project_path'] ) ) {
 		
 		$Project->path = $_GET['project_path'];
 		$Project->Delete();
@@ -184,7 +191,7 @@ if( $_GET['action'] == 'get_owner' ) {
 
 if( $_GET['action'] == 'open' ) {
 	
-	if( ! checkPath( $_GET['path'] ) ) {
+	if( isset( $_GET['path'] ) && ! Permissions::has_read( $_GET['path'] ) ) {
 		
 		die( formatJSEND( "error", "No Access to path " . $_GET['path'] ) );
 	}
@@ -233,7 +240,7 @@ if( $_GET['action'] == 'remove_user' ) {
 
 if( $_GET['action'] == 'rename' ) {
 	
-	if( ! checkPath( $_GET['project_path'] ) ) {
+	if( ! isset( $_GET['project_path'] ) || ! Permissions::has_owner( $_GET['project_path'] ) ) {
 		
 		die( formatJSEND( "error", "No Access" ) );
 	}

components/project/dialog.php

@@ -233,7 +233,19 @@ switch( $_GET['action'] ) {
 				?>
 				<table id="access_list">
 				<?php
-				foreach( $access as $user ) {
+				
+				$is_assoc = ( array_keys( $access ) !== range( 0, count( $access ) - 1 ) );
+				if( ! $is_assoc ) {
+					
+					$temp = array();
+					foreach( $access as $user ) {
+						
+						$temp[$user] = "delete";
+					}
+					$access = $temp;
+				}
+				
+				foreach( $access as $user => $access_level ) {
 					
 					?>
 					<tr>
@@ -241,6 +253,21 @@ switch( $_GET['action'] ) {
 							<p><?php echo htmlentities( $user );?></p>
 						</td>
 						<td>
+							<select onchange="codiad.project.change_access( event );">
+								<?php
+								foreach( Permissions::LEVELS as $level => $id ) {
+									
+									if( $level == $access_level ) {
+										
+										$selected = "selected='selected'";
+									} else {
+										
+										$selected = "";
+									}
+									?><option value="<?php echo $level;?>" <?php echo $selected;?>><?php echo ucfirst( $level );?></option><?php
+								}
+								?>
+							</select>
 							<button class="btn-left" onclick="codiad.project.remove_user( '<?php echo htmlentities( $user );?>' );">Remove Access</button>
 						</td>
 					</tr>

components/project/init.js

@@ -53,26 +53,45 @@
 		
 		add_user: function() {
 			
-			var _this = this;
+			let _this = this;
 			
 			$( '#modal-content form' ).live( 'submit', function( e ) {
 			
 				e.preventDefault();
-				username = $( '#modal-content form select[name="user_list"]' ).val();
+				let username = $( '#modal-content form select[name="user_list"]' ).val();
-				project_path = $( '#modal-content form input[name="project_path"]' ).val()
+				let project_path = $( '#modal-content form input[name="project_path"]' ).val();
 				
-				$.get( _this.controller + '?action=add_user&project_path=' + encodeURIComponent( project_path ) + '&username=' + encodeURIComponent( username ), function( data ) {
+				$.get( _this.controller + '?action=add_user&project_path=' + encodeURIComponent( project_path ) + '&username=' + encodeURIComponent( username ) + '&access=delete', function( data ) {
 						
-						response = codiad.jsend.parse( data );
+					response = codiad.jsend.parse( data );
-						console.log( response );
+					console.log( response );
-						if ( response != 'error' ) {
+					if ( response != 'error' ) {
-							
+						
-							codiad.project.manage_access( project_path );
+						codiad.project.manage_access( project_path );
-						}
+					}
 				});
 			});
 		},
 		
+		change_access: function( e ) {
+			
+			let _this = codiad.project;
+			let username = $( '#modal-content form select[name="user_list"]' ).val();
+			let project_path = $( '#modal-content form input[name="project_path"]' ).val();
+			let access = $( e.target ).children( "option:selected" ).val();
+			
+			console.log( access, username, project_path );
+			
+			$.get( _this.controller + '?action=add_user&project_path=' + encodeURIComponent( project_path ) + '&username=' + encodeURIComponent( username ) + '&access=' + encodeURIComponent( access ), function( data ) {
+				
+				let response = codiad.jsend.parse( data );
+				console.log( response );
+				if ( response != 'error' ) {
+					
+					codiad.project.manage_access( project_path );
+				}
+			});
+		},
 		
 		//////////////////////////////////////////////////////////////////
 		// Create Project