Fixed permission management under projects, Updated get_user and get_users functions, Updated readme

This commit is contained in:
xevidos 2020-02-24 22:00:45 -05:00
parent 5dd46b32a3
commit b42cf37eca
7 changed files with 69 additions and 62 deletions

View file

@ -37,9 +37,8 @@ Current Tasks:
Task List: Task List:
* Add ability to create shortlinks with certain permissions for users to share. * Add ability to create shortlinks with permissions for users to share files or projects.
* Add ability to login with LDAP * Add ability to login with LDAP
* Add archive management abilities
* Add bookmark files * Add bookmark files
* Add custom market * Add custom market
* \- Add in new admin interface ( Check admin-portal branch for progress ) * \- Add in new admin interface ( Check admin-portal branch for progress )
@ -50,24 +49,22 @@ Task List:
- System Settings - System Settings
- User Management - User Management
* Add different code linters * Add different code linters
* Add Drag and Drop natively to filemanager
* Add folder / filestructure upload ability
* Add if file could not be saved 5 times close the open file * Add if file could not be saved 5 times close the open file
* Add multi level users. ( Projects for only certain groups, Permission levels ) * Add multi level users. ( Projects for only certain groups, Permission levels )
* Add mobile compatibility * Add mobile compatibility
* Add move files
* Add permissions module ( more in depth permissions such as read/write, delete, etc )
* Add print code * Add print code
* Add support for more archive types ( Add commands add more accepted PHP extension types ) * Add support for more archive types ( Add commands add more accepted PHP extension types )
* Add support for more database systems ( MSSQL, Oracle, SQLite, Filesystem storage, etc ) * Add support for more database systems ( MSSQL, Oracle, SQLite, Filesystem storage, etc )
* Add terminal support ( optional per permission level ) * Add terminal support ( optional per permission level )
* Add in auto save timer that saves after the user stops typing instead of after every change
* Clean up update script * Clean up update script
* Create standards for php ( For example a lot of projects are using API like standards for their backends maybe create something like those? )
* Fix broken themes * Fix broken themes
* Re Add the custom language recognition system after recode * Re Add the custom language recognition system after recode
* Remove all old and unneeded dependencies * Remove all old and unneeded dependencies
* Seperate Upload filemanager instance from main filemanager instance * Seperate Upload filemanager instance from main filemanager instance
* Update all current components to use more current standards ( async await and .then in favor over callbacks ) * Update all current components to use more current standards
- async await and .then in favor over callbacks in JS
- standards for php functions when created
Completed: Completed:

View file

@ -137,35 +137,27 @@ class Common {
global $sql; global $sql;
$query = "SELECT * FROM users"; $query = "SELECT * FROM users";
$bind = "";
$bind_variables = array(); $bind_variables = array();
if( $exclude_current ) { if( $exclude_current ) {
$query .= " WHERE username!=?"; $query .= " WHERE username <> ?";
$bind .= "s";
array_push( $bind_variables, $_SESSION["user"] ); array_push( $bind_variables, $_SESSION["user"] );
} }
$result = $sql->query( $query, $bind_variables, formatJSEND( "error", "Error checking users." ) ); $result = $sql->query( $query, $bind_variables, array() );
if( ! empty( $result ) ) { switch( $return ) {
switch( $return ) { case( "json" ):
case( "json" ): $return = json_encode( $result );
break;
$return = json_encode( $result ); case( "return" ):
break;
case( "return" ): $return = $result;
break;
$return = $result;
break;
}
} else {
$return = formatJSEND( "error", "Error selecting user information." );
} }
return( $return ); return( $return );
} }

View file

@ -257,12 +257,10 @@ class Project extends Common {
return( $return ); return( $return );
} }
public function remove_user() { public function remove_user( $user_id ) {
global $sql; global $sql;
$user_id = get_user_id( $this->user );
if( $user_id === false ) { if( $user_id === false ) {
return formatJSEND( "error", "Error fetching user information." ); return formatJSEND( "error", "Error fetching user information." );

View file

@ -197,15 +197,7 @@ if( $_GET['action'] == 'remove_user' ) {
"undefined" "undefined"
); );
if( ! in_array( $_GET['username'], $invalid ) ) { if( isset( $_GET["project_path"] ) && ! in_array( $_GET['project_path'], $invalid ) ) {
$Project->user = $_GET['username'];
} else {
exit( formatJSEND( "error", "No username set." ) );
}
if( ! in_array( $_GET['project_path'], $invalid ) ) {
$Project->path = $_GET['project_path']; $Project->path = $_GET['project_path'];
} else { } else {
@ -213,7 +205,7 @@ if( $_GET['action'] == 'remove_user' ) {
exit( formatJSEND( "error", "No project path set." ) ); exit( formatJSEND( "error", "No project path set." ) );
} }
if( ! in_array( $_GET['project_id'], $invalid ) ) { if( isset( $_GET["project_id"] ) && ! in_array( $_GET['project_id'], $invalid ) ) {
$Project->project_id = $_GET['project_id']; $Project->project_id = $_GET['project_id'];
} else { } else {
@ -221,9 +213,17 @@ if( $_GET['action'] == 'remove_user' ) {
exit( formatJSEND( "error", "No project id set." ) ); exit( formatJSEND( "error", "No project id set." ) );
} }
if( isset( $_GET["user_id"] ) && ! in_array( $_GET['user_id'], $invalid ) ) {
$user_id = $_GET["user_id"];
} else {
exit( formatJSEND( "error", "No user id set." ) );
}
if( $Project->check_owner( $_GET["project_path"], true ) ) { if( $Project->check_owner( $_GET["project_path"], true ) ) {
$Project->remove_user(); $Project->remove_user( $user_id );
} else { } else {
exit( formatJSEND( "error", "You can not manage this project." ) ); exit( formatJSEND( "error", "You can not manage this project." ) );

View file

@ -7,8 +7,9 @@
*/ */
require_once('../../common.php'); require_once( '../../common.php' );
require_once('./class.project.php'); require_once( './class.project.php' );
require_once( '../user/class.user.php' );
////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////
// Verify Session or Key // Verify Session or Key
@ -208,16 +209,36 @@ switch( $_GET['action'] ) {
*/ */
if( ! isset( $_GET["path"] ) || ! $Project->check_owner( $_GET["path"], true ) ) { if( ! isset( $_GET["path"] ) || ! $Project->check_owner( $_GET["path"], true ) ) {
?> ?>
<pre>Error, you either do not own this project or it is a public project.</pre> <p>Error, you either do not own this project or it is a public project.</p>
<button class="btn-right" onclick="codiad.project.list();return false;"><?php i18n( "Back" );?></button>
<?php <?php
return; return;
} }
// Get projects data // Get projects data
$User = new User();
$path = $_GET['path']; $path = $_GET['path'];
$project = $Project->get_project( $path ); $project = $Project->get_project( $path );
$access = $Project->get_access( $project["id"] ); $access = $Project->get_access( $project["id"] );
$users = get_users( "return", true ); $users = get_users( "return", true );
$user = $User->get_user( $_SESSION["user"] );
if( isset( $users["status"] ) && $users["status"] == "error" ) {
?>
<p>Error, could not fetch users information.</p>
<button class="btn-left" onclick="codiad.project.list();return false;"><?php i18n( "Back" );?></button>
<?php
exit();
} else if( empty( $users ) ) {
?>
<p>Error, You must have more than one user registered in your Codiad instance to manage permissions.</p>
<button class="btn-left" onclick="codiad.project.list();return false;"><?php i18n( "Back" );?></button>
<?php
exit();
}
?> ?>
<form onSubmit="event.preventDefault();"> <form onSubmit="event.preventDefault();">
<input type="hidden" name="project_path" value="<?php echo $path;?>"> <input type="hidden" name="project_path" value="<?php echo $path;?>">
@ -226,10 +247,10 @@ switch( $_GET['action'] ) {
<input id="search_users" type="text" onkeyup="codiad.project.search_users();" /> <input id="search_users" type="text" onkeyup="codiad.project.search_users();" />
<select id="user_list" name="user_list"> <select id="user_list" name="user_list">
<?php <?php
foreach( $users as $user ) { foreach( $users as $i ) {
?> ?>
<option value="<?php echo htmlentities( $user["id"] );?>"><?php echo htmlentities( $user["username"] );?></option> <option value="<?php echo htmlentities( $i["id"] );?>"><?php echo htmlentities( $i["username"] );?></option>
<?php <?php
} }
?> ?>
@ -247,23 +268,28 @@ switch( $_GET['action'] ) {
<table id="access_list"> <table id="access_list">
<?php <?php
$user = null;
foreach( $access as $row => $user_permissions ) { foreach( $access as $row => $user_permissions ) {
foreach( $users as $row => $current_user ) { $i = null;
foreach( $users as $r => $current_user ) {
if( $current_user["id"] == $user_permissions["user"] ) { if( $current_user["id"] == $user_permissions["user"] ) {
$user = $current_user; $i = $current_user;
break; break;
} }
} }
if( ! $i ) {
continue;
}
?> ?>
<tr> <tr>
<td> <td>
<p><?php echo htmlentities( $user["username"] );?></p> <p><?php echo htmlentities( $i["username"] );?></p>
</td> </td>
<td> <td>
<select onchange="codiad.project.change_access( event );"> <select onchange="codiad.project.change_access( event );">
@ -281,7 +307,7 @@ switch( $_GET['action'] ) {
} }
?> ?>
</select> </select>
<button class="btn-left" onclick="codiad.project.remove_user( '<?php echo htmlentities( $user["id"] );?>' );">Remove Access</button> <button class="btn-left" onclick="codiad.project.remove_user( '<?php echo htmlentities( $i["id"] );?>' );">Remove Access</button>
</td> </td>
</tr> </tr>
<?php <?php
@ -291,6 +317,7 @@ switch( $_GET['action'] ) {
<?php <?php
} }
?> ?>
<button class="btn-left" onclick="codiad.project.list();return false;"><?php i18n( "Back" );?></button>
<button class="btn-right" onclick="codiad.modal.unload();return false;"><?php i18n( "Done" );?></button> <button class="btn-right" onclick="codiad.modal.unload();return false;"><?php i18n( "Done" );?></button>
<form> <form>
<?php <?php

View file

@ -379,7 +379,7 @@
let project_path = $( '#modal-content form input[name="project_path"]' ).val(); let project_path = $( '#modal-content form input[name="project_path"]' ).val();
let project_id = $( '#modal-content form input[name="project_id"]' ).val(); let project_id = $( '#modal-content form input[name="project_id"]' ).val();
$.get( _this.controller + '?action=remove_user&project_path=' + encodeURIComponent( project_path ) + '&project_id=' + encodeURIComponent( project_id ) + '&username=' + encodeURIComponent( user ), function( data ) { $.get( _this.controller + '?action=remove_user&project_path=' + encodeURIComponent( project_path ) + '&project_id=' + encodeURIComponent( project_id ) + '&user_id=' + encodeURIComponent( user ), function( data ) {
response = codiad.jsend.parse( data ); response = codiad.jsend.parse( data );
console.log( response ); console.log( response );

View file

@ -95,15 +95,8 @@ class User {
global $sql; global $sql;
$query = "SELECT * FROM users WHERE username=?"; $query = "SELECT * FROM users WHERE username=?";
$bind_variables = array( $username ); $bind_variables = array( $username );
$return = $sql->query( $query, $bind_variables, array() ); $return = $sql->query( $query, $bind_variables, array(), "fetch" );
return $return;
if( ! empty( $return ) ) {
echo formatJSEND( "success", $return );
} else {
echo formatJSEND( "error", "Could not select user." );
}
} }
public function list_users() { public function list_users() {