mirror of
https://github.com/xevidos/codiad.git
synced 2025-01-03 11:42:12 +01:00
Fixed permission management under projects, Updated get_user and get_users functions, Updated readme
This commit is contained in:
parent
5dd46b32a3
commit
b42cf37eca
7 changed files with 69 additions and 62 deletions
13
README.md
13
README.md
|
@ -37,9 +37,8 @@ Current Tasks:
|
||||||
|
|
||||||
Task List:
|
Task List:
|
||||||
|
|
||||||
* Add ability to create shortlinks with certain permissions for users to share.
|
* Add ability to create shortlinks with permissions for users to share files or projects.
|
||||||
* Add ability to login with LDAP
|
* Add ability to login with LDAP
|
||||||
* Add archive management abilities
|
|
||||||
* Add bookmark files
|
* Add bookmark files
|
||||||
* Add custom market
|
* Add custom market
|
||||||
* \- Add in new admin interface ( Check admin-portal branch for progress )
|
* \- Add in new admin interface ( Check admin-portal branch for progress )
|
||||||
|
@ -50,24 +49,22 @@ Task List:
|
||||||
- System Settings
|
- System Settings
|
||||||
- User Management
|
- User Management
|
||||||
* Add different code linters
|
* Add different code linters
|
||||||
* Add Drag and Drop natively to filemanager
|
|
||||||
* Add folder / filestructure upload ability
|
|
||||||
* Add if file could not be saved 5 times close the open file
|
* Add if file could not be saved 5 times close the open file
|
||||||
* Add multi level users. ( Projects for only certain groups, Permission levels )
|
* Add multi level users. ( Projects for only certain groups, Permission levels )
|
||||||
* Add mobile compatibility
|
* Add mobile compatibility
|
||||||
* Add move files
|
|
||||||
* Add permissions module ( more in depth permissions such as read/write, delete, etc )
|
|
||||||
* Add print code
|
* Add print code
|
||||||
* Add support for more archive types ( Add commands add more accepted PHP extension types )
|
* Add support for more archive types ( Add commands add more accepted PHP extension types )
|
||||||
* Add support for more database systems ( MSSQL, Oracle, SQLite, Filesystem storage, etc )
|
* Add support for more database systems ( MSSQL, Oracle, SQLite, Filesystem storage, etc )
|
||||||
* Add terminal support ( optional per permission level )
|
* Add terminal support ( optional per permission level )
|
||||||
* Add in auto save timer that saves after the user stops typing instead of after every change
|
|
||||||
* Clean up update script
|
* Clean up update script
|
||||||
|
* Create standards for php ( For example a lot of projects are using API like standards for their backends maybe create something like those? )
|
||||||
* Fix broken themes
|
* Fix broken themes
|
||||||
* Re Add the custom language recognition system after recode
|
* Re Add the custom language recognition system after recode
|
||||||
* Remove all old and unneeded dependencies
|
* Remove all old and unneeded dependencies
|
||||||
* Seperate Upload filemanager instance from main filemanager instance
|
* Seperate Upload filemanager instance from main filemanager instance
|
||||||
* Update all current components to use more current standards ( async await and .then in favor over callbacks )
|
* Update all current components to use more current standards
|
||||||
|
- async await and .then in favor over callbacks in JS
|
||||||
|
- standards for php functions when created
|
||||||
|
|
||||||
|
|
||||||
Completed:
|
Completed:
|
||||||
|
|
26
common.php
26
common.php
|
@ -137,35 +137,27 @@ class Common {
|
||||||
|
|
||||||
global $sql;
|
global $sql;
|
||||||
$query = "SELECT * FROM users";
|
$query = "SELECT * FROM users";
|
||||||
$bind = "";
|
|
||||||
$bind_variables = array();
|
$bind_variables = array();
|
||||||
|
|
||||||
if( $exclude_current ) {
|
if( $exclude_current ) {
|
||||||
|
|
||||||
$query .= " WHERE username!=?";
|
$query .= " WHERE username <> ?";
|
||||||
$bind .= "s";
|
|
||||||
array_push( $bind_variables, $_SESSION["user"] );
|
array_push( $bind_variables, $_SESSION["user"] );
|
||||||
}
|
}
|
||||||
|
|
||||||
$result = $sql->query( $query, $bind_variables, formatJSEND( "error", "Error checking users." ) );
|
$result = $sql->query( $query, $bind_variables, array() );
|
||||||
|
|
||||||
if( ! empty( $result ) ) {
|
switch( $return ) {
|
||||||
|
|
||||||
switch( $return ) {
|
case( "json" ):
|
||||||
|
|
||||||
case( "json" ):
|
$return = json_encode( $result );
|
||||||
|
break;
|
||||||
|
|
||||||
$return = json_encode( $result );
|
case( "return" ):
|
||||||
break;
|
|
||||||
|
|
||||||
case( "return" ):
|
$return = $result;
|
||||||
|
break;
|
||||||
$return = $result;
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
|
|
||||||
$return = formatJSEND( "error", "Error selecting user information." );
|
|
||||||
}
|
}
|
||||||
return( $return );
|
return( $return );
|
||||||
}
|
}
|
||||||
|
|
|
@ -257,12 +257,10 @@ class Project extends Common {
|
||||||
return( $return );
|
return( $return );
|
||||||
}
|
}
|
||||||
|
|
||||||
public function remove_user() {
|
public function remove_user( $user_id ) {
|
||||||
|
|
||||||
global $sql;
|
global $sql;
|
||||||
|
|
||||||
$user_id = get_user_id( $this->user );
|
|
||||||
|
|
||||||
if( $user_id === false ) {
|
if( $user_id === false ) {
|
||||||
|
|
||||||
return formatJSEND( "error", "Error fetching user information." );
|
return formatJSEND( "error", "Error fetching user information." );
|
||||||
|
|
|
@ -197,15 +197,7 @@ if( $_GET['action'] == 'remove_user' ) {
|
||||||
"undefined"
|
"undefined"
|
||||||
);
|
);
|
||||||
|
|
||||||
if( ! in_array( $_GET['username'], $invalid ) ) {
|
if( isset( $_GET["project_path"] ) && ! in_array( $_GET['project_path'], $invalid ) ) {
|
||||||
|
|
||||||
$Project->user = $_GET['username'];
|
|
||||||
} else {
|
|
||||||
|
|
||||||
exit( formatJSEND( "error", "No username set." ) );
|
|
||||||
}
|
|
||||||
|
|
||||||
if( ! in_array( $_GET['project_path'], $invalid ) ) {
|
|
||||||
|
|
||||||
$Project->path = $_GET['project_path'];
|
$Project->path = $_GET['project_path'];
|
||||||
} else {
|
} else {
|
||||||
|
@ -213,7 +205,7 @@ if( $_GET['action'] == 'remove_user' ) {
|
||||||
exit( formatJSEND( "error", "No project path set." ) );
|
exit( formatJSEND( "error", "No project path set." ) );
|
||||||
}
|
}
|
||||||
|
|
||||||
if( ! in_array( $_GET['project_id'], $invalid ) ) {
|
if( isset( $_GET["project_id"] ) && ! in_array( $_GET['project_id'], $invalid ) ) {
|
||||||
|
|
||||||
$Project->project_id = $_GET['project_id'];
|
$Project->project_id = $_GET['project_id'];
|
||||||
} else {
|
} else {
|
||||||
|
@ -221,9 +213,17 @@ if( $_GET['action'] == 'remove_user' ) {
|
||||||
exit( formatJSEND( "error", "No project id set." ) );
|
exit( formatJSEND( "error", "No project id set." ) );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if( isset( $_GET["user_id"] ) && ! in_array( $_GET['user_id'], $invalid ) ) {
|
||||||
|
|
||||||
|
$user_id = $_GET["user_id"];
|
||||||
|
} else {
|
||||||
|
|
||||||
|
exit( formatJSEND( "error", "No user id set." ) );
|
||||||
|
}
|
||||||
|
|
||||||
if( $Project->check_owner( $_GET["project_path"], true ) ) {
|
if( $Project->check_owner( $_GET["project_path"], true ) ) {
|
||||||
|
|
||||||
$Project->remove_user();
|
$Project->remove_user( $user_id );
|
||||||
} else {
|
} else {
|
||||||
|
|
||||||
exit( formatJSEND( "error", "You can not manage this project." ) );
|
exit( formatJSEND( "error", "You can not manage this project." ) );
|
||||||
|
|
|
@ -7,8 +7,9 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
|
||||||
require_once('../../common.php');
|
require_once( '../../common.php' );
|
||||||
require_once('./class.project.php');
|
require_once( './class.project.php' );
|
||||||
|
require_once( '../user/class.user.php' );
|
||||||
|
|
||||||
//////////////////////////////////////////////////////////////////
|
//////////////////////////////////////////////////////////////////
|
||||||
// Verify Session or Key
|
// Verify Session or Key
|
||||||
|
@ -208,16 +209,36 @@ switch( $_GET['action'] ) {
|
||||||
*/
|
*/
|
||||||
if( ! isset( $_GET["path"] ) || ! $Project->check_owner( $_GET["path"], true ) ) {
|
if( ! isset( $_GET["path"] ) || ! $Project->check_owner( $_GET["path"], true ) ) {
|
||||||
?>
|
?>
|
||||||
<pre>Error, you either do not own this project or it is a public project.</pre>
|
<p>Error, you either do not own this project or it is a public project.</p>
|
||||||
|
<button class="btn-right" onclick="codiad.project.list();return false;"><?php i18n( "Back" );?></button>
|
||||||
<?php
|
<?php
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
// Get projects data
|
// Get projects data
|
||||||
|
$User = new User();
|
||||||
$path = $_GET['path'];
|
$path = $_GET['path'];
|
||||||
$project = $Project->get_project( $path );
|
$project = $Project->get_project( $path );
|
||||||
$access = $Project->get_access( $project["id"] );
|
$access = $Project->get_access( $project["id"] );
|
||||||
$users = get_users( "return", true );
|
$users = get_users( "return", true );
|
||||||
|
$user = $User->get_user( $_SESSION["user"] );
|
||||||
|
|
||||||
|
if( isset( $users["status"] ) && $users["status"] == "error" ) {
|
||||||
|
|
||||||
|
?>
|
||||||
|
<p>Error, could not fetch users information.</p>
|
||||||
|
<button class="btn-left" onclick="codiad.project.list();return false;"><?php i18n( "Back" );?></button>
|
||||||
|
<?php
|
||||||
|
exit();
|
||||||
|
} else if( empty( $users ) ) {
|
||||||
|
|
||||||
|
?>
|
||||||
|
<p>Error, You must have more than one user registered in your Codiad instance to manage permissions.</p>
|
||||||
|
<button class="btn-left" onclick="codiad.project.list();return false;"><?php i18n( "Back" );?></button>
|
||||||
|
<?php
|
||||||
|
exit();
|
||||||
|
}
|
||||||
|
|
||||||
?>
|
?>
|
||||||
<form onSubmit="event.preventDefault();">
|
<form onSubmit="event.preventDefault();">
|
||||||
<input type="hidden" name="project_path" value="<?php echo $path;?>">
|
<input type="hidden" name="project_path" value="<?php echo $path;?>">
|
||||||
|
@ -226,10 +247,10 @@ switch( $_GET['action'] ) {
|
||||||
<input id="search_users" type="text" onkeyup="codiad.project.search_users();" />
|
<input id="search_users" type="text" onkeyup="codiad.project.search_users();" />
|
||||||
<select id="user_list" name="user_list">
|
<select id="user_list" name="user_list">
|
||||||
<?php
|
<?php
|
||||||
foreach( $users as $user ) {
|
foreach( $users as $i ) {
|
||||||
|
|
||||||
?>
|
?>
|
||||||
<option value="<?php echo htmlentities( $user["id"] );?>"><?php echo htmlentities( $user["username"] );?></option>
|
<option value="<?php echo htmlentities( $i["id"] );?>"><?php echo htmlentities( $i["username"] );?></option>
|
||||||
<?php
|
<?php
|
||||||
}
|
}
|
||||||
?>
|
?>
|
||||||
|
@ -247,23 +268,28 @@ switch( $_GET['action'] ) {
|
||||||
<table id="access_list">
|
<table id="access_list">
|
||||||
<?php
|
<?php
|
||||||
|
|
||||||
$user = null;
|
|
||||||
|
|
||||||
foreach( $access as $row => $user_permissions ) {
|
foreach( $access as $row => $user_permissions ) {
|
||||||
|
|
||||||
foreach( $users as $row => $current_user ) {
|
$i = null;
|
||||||
|
|
||||||
|
foreach( $users as $r => $current_user ) {
|
||||||
|
|
||||||
if( $current_user["id"] == $user_permissions["user"] ) {
|
if( $current_user["id"] == $user_permissions["user"] ) {
|
||||||
|
|
||||||
$user = $current_user;
|
$i = $current_user;
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if( ! $i ) {
|
||||||
|
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
|
||||||
?>
|
?>
|
||||||
<tr>
|
<tr>
|
||||||
<td>
|
<td>
|
||||||
<p><?php echo htmlentities( $user["username"] );?></p>
|
<p><?php echo htmlentities( $i["username"] );?></p>
|
||||||
</td>
|
</td>
|
||||||
<td>
|
<td>
|
||||||
<select onchange="codiad.project.change_access( event );">
|
<select onchange="codiad.project.change_access( event );">
|
||||||
|
@ -281,7 +307,7 @@ switch( $_GET['action'] ) {
|
||||||
}
|
}
|
||||||
?>
|
?>
|
||||||
</select>
|
</select>
|
||||||
<button class="btn-left" onclick="codiad.project.remove_user( '<?php echo htmlentities( $user["id"] );?>' );">Remove Access</button>
|
<button class="btn-left" onclick="codiad.project.remove_user( '<?php echo htmlentities( $i["id"] );?>' );">Remove Access</button>
|
||||||
</td>
|
</td>
|
||||||
</tr>
|
</tr>
|
||||||
<?php
|
<?php
|
||||||
|
@ -291,6 +317,7 @@ switch( $_GET['action'] ) {
|
||||||
<?php
|
<?php
|
||||||
}
|
}
|
||||||
?>
|
?>
|
||||||
|
<button class="btn-left" onclick="codiad.project.list();return false;"><?php i18n( "Back" );?></button>
|
||||||
<button class="btn-right" onclick="codiad.modal.unload();return false;"><?php i18n( "Done" );?></button>
|
<button class="btn-right" onclick="codiad.modal.unload();return false;"><?php i18n( "Done" );?></button>
|
||||||
<form>
|
<form>
|
||||||
<?php
|
<?php
|
||||||
|
|
|
@ -379,7 +379,7 @@
|
||||||
let project_path = $( '#modal-content form input[name="project_path"]' ).val();
|
let project_path = $( '#modal-content form input[name="project_path"]' ).val();
|
||||||
let project_id = $( '#modal-content form input[name="project_id"]' ).val();
|
let project_id = $( '#modal-content form input[name="project_id"]' ).val();
|
||||||
|
|
||||||
$.get( _this.controller + '?action=remove_user&project_path=' + encodeURIComponent( project_path ) + '&project_id=' + encodeURIComponent( project_id ) + '&username=' + encodeURIComponent( user ), function( data ) {
|
$.get( _this.controller + '?action=remove_user&project_path=' + encodeURIComponent( project_path ) + '&project_id=' + encodeURIComponent( project_id ) + '&user_id=' + encodeURIComponent( user ), function( data ) {
|
||||||
|
|
||||||
response = codiad.jsend.parse( data );
|
response = codiad.jsend.parse( data );
|
||||||
console.log( response );
|
console.log( response );
|
||||||
|
|
|
@ -95,15 +95,8 @@ class User {
|
||||||
global $sql;
|
global $sql;
|
||||||
$query = "SELECT * FROM users WHERE username=?";
|
$query = "SELECT * FROM users WHERE username=?";
|
||||||
$bind_variables = array( $username );
|
$bind_variables = array( $username );
|
||||||
$return = $sql->query( $query, $bind_variables, array() );
|
$return = $sql->query( $query, $bind_variables, array(), "fetch" );
|
||||||
|
return $return;
|
||||||
if( ! empty( $return ) ) {
|
|
||||||
|
|
||||||
echo formatJSEND( "success", $return );
|
|
||||||
} else {
|
|
||||||
|
|
||||||
echo formatJSEND( "error", "Could not select user." );
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public function list_users() {
|
public function list_users() {
|
||||||
|
|
Loading…
Reference in a new issue