Fixed permission management under projects, Updated get_user and get_users functions, Updated readme

This commit is contained in:
xevidos 2020-02-24 22:00:45 -05:00
parent 5dd46b32a3
commit b42cf37eca
7 changed files with 69 additions and 62 deletions

View file

@ -37,9 +37,8 @@ Current Tasks:
Task List:
* Add ability to create shortlinks with certain permissions for users to share.
* Add ability to create shortlinks with permissions for users to share files or projects.
* Add ability to login with LDAP
* Add archive management abilities
* Add bookmark files
* Add custom market
* \- Add in new admin interface ( Check admin-portal branch for progress )
@ -50,24 +49,22 @@ Task List:
- System Settings
- User Management
* Add different code linters
* Add Drag and Drop natively to filemanager
* Add folder / filestructure upload ability
* Add if file could not be saved 5 times close the open file
* Add multi level users. ( Projects for only certain groups, Permission levels )
* Add mobile compatibility
* Add move files
* Add permissions module ( more in depth permissions such as read/write, delete, etc )
* Add print code
* Add support for more archive types ( Add commands add more accepted PHP extension types )
* Add support for more database systems ( MSSQL, Oracle, SQLite, Filesystem storage, etc )
* Add terminal support ( optional per permission level )
* Add in auto save timer that saves after the user stops typing instead of after every change
* Clean up update script
* Create standards for php ( For example a lot of projects are using API like standards for their backends maybe create something like those? )
* Fix broken themes
* Re Add the custom language recognition system after recode
* Remove all old and unneeded dependencies
* Seperate Upload filemanager instance from main filemanager instance
* Update all current components to use more current standards ( async await and .then in favor over callbacks )
* Update all current components to use more current standards
- async await and .then in favor over callbacks in JS
- standards for php functions when created
Completed:

View file

@ -137,19 +137,15 @@ class Common {
global $sql;
$query = "SELECT * FROM users";
$bind = "";
$bind_variables = array();
if( $exclude_current ) {
$query .= " WHERE username!=?";
$bind .= "s";
$query .= " WHERE username <> ?";
array_push( $bind_variables, $_SESSION["user"] );
}
$result = $sql->query( $query, $bind_variables, formatJSEND( "error", "Error checking users." ) );
if( ! empty( $result ) ) {
$result = $sql->query( $query, $bind_variables, array() );
switch( $return ) {
@ -163,10 +159,6 @@ class Common {
$return = $result;
break;
}
} else {
$return = formatJSEND( "error", "Error selecting user information." );
}
return( $return );
}

View file

@ -257,12 +257,10 @@ class Project extends Common {
return( $return );
}
public function remove_user() {
public function remove_user( $user_id ) {
global $sql;
$user_id = get_user_id( $this->user );
if( $user_id === false ) {
return formatJSEND( "error", "Error fetching user information." );

View file

@ -197,15 +197,7 @@ if( $_GET['action'] == 'remove_user' ) {
"undefined"
);
if( ! in_array( $_GET['username'], $invalid ) ) {
$Project->user = $_GET['username'];
} else {
exit( formatJSEND( "error", "No username set." ) );
}
if( ! in_array( $_GET['project_path'], $invalid ) ) {
if( isset( $_GET["project_path"] ) && ! in_array( $_GET['project_path'], $invalid ) ) {
$Project->path = $_GET['project_path'];
} else {
@ -213,7 +205,7 @@ if( $_GET['action'] == 'remove_user' ) {
exit( formatJSEND( "error", "No project path set." ) );
}
if( ! in_array( $_GET['project_id'], $invalid ) ) {
if( isset( $_GET["project_id"] ) && ! in_array( $_GET['project_id'], $invalid ) ) {
$Project->project_id = $_GET['project_id'];
} else {
@ -221,9 +213,17 @@ if( $_GET['action'] == 'remove_user' ) {
exit( formatJSEND( "error", "No project id set." ) );
}
if( isset( $_GET["user_id"] ) && ! in_array( $_GET['user_id'], $invalid ) ) {
$user_id = $_GET["user_id"];
} else {
exit( formatJSEND( "error", "No user id set." ) );
}
if( $Project->check_owner( $_GET["project_path"], true ) ) {
$Project->remove_user();
$Project->remove_user( $user_id );
} else {
exit( formatJSEND( "error", "You can not manage this project." ) );

View file

@ -9,6 +9,7 @@
require_once( '../../common.php' );
require_once( './class.project.php' );
require_once( '../user/class.user.php' );
//////////////////////////////////////////////////////////////////
// Verify Session or Key
@ -208,16 +209,36 @@ switch( $_GET['action'] ) {
*/
if( ! isset( $_GET["path"] ) || ! $Project->check_owner( $_GET["path"], true ) ) {
?>
<pre>Error, you either do not own this project or it is a public project.</pre>
<p>Error, you either do not own this project or it is a public project.</p>
<button class="btn-right" onclick="codiad.project.list();return false;"><?php i18n( "Back" );?></button>
<?php
return;
}
// Get projects data
$User = new User();
$path = $_GET['path'];
$project = $Project->get_project( $path );
$access = $Project->get_access( $project["id"] );
$users = get_users( "return", true );
$user = $User->get_user( $_SESSION["user"] );
if( isset( $users["status"] ) && $users["status"] == "error" ) {
?>
<p>Error, could not fetch users information.</p>
<button class="btn-left" onclick="codiad.project.list();return false;"><?php i18n( "Back" );?></button>
<?php
exit();
} else if( empty( $users ) ) {
?>
<p>Error, You must have more than one user registered in your Codiad instance to manage permissions.</p>
<button class="btn-left" onclick="codiad.project.list();return false;"><?php i18n( "Back" );?></button>
<?php
exit();
}
?>
<form onSubmit="event.preventDefault();">
<input type="hidden" name="project_path" value="<?php echo $path;?>">
@ -226,10 +247,10 @@ switch( $_GET['action'] ) {
<input id="search_users" type="text" onkeyup="codiad.project.search_users();" />
<select id="user_list" name="user_list">
<?php
foreach( $users as $user ) {
foreach( $users as $i ) {
?>
<option value="<?php echo htmlentities( $user["id"] );?>"><?php echo htmlentities( $user["username"] );?></option>
<option value="<?php echo htmlentities( $i["id"] );?>"><?php echo htmlentities( $i["username"] );?></option>
<?php
}
?>
@ -247,23 +268,28 @@ switch( $_GET['action'] ) {
<table id="access_list">
<?php
$user = null;
foreach( $access as $row => $user_permissions ) {
foreach( $users as $row => $current_user ) {
$i = null;
foreach( $users as $r => $current_user ) {
if( $current_user["id"] == $user_permissions["user"] ) {
$user = $current_user;
$i = $current_user;
break;
}
}
if( ! $i ) {
continue;
}
?>
<tr>
<td>
<p><?php echo htmlentities( $user["username"] );?></p>
<p><?php echo htmlentities( $i["username"] );?></p>
</td>
<td>
<select onchange="codiad.project.change_access( event );">
@ -281,7 +307,7 @@ switch( $_GET['action'] ) {
}
?>
</select>
<button class="btn-left" onclick="codiad.project.remove_user( '<?php echo htmlentities( $user["id"] );?>' );">Remove Access</button>
<button class="btn-left" onclick="codiad.project.remove_user( '<?php echo htmlentities( $i["id"] );?>' );">Remove Access</button>
</td>
</tr>
<?php
@ -291,6 +317,7 @@ switch( $_GET['action'] ) {
<?php
}
?>
<button class="btn-left" onclick="codiad.project.list();return false;"><?php i18n( "Back" );?></button>
<button class="btn-right" onclick="codiad.modal.unload();return false;"><?php i18n( "Done" );?></button>
<form>
<?php

View file

@ -379,7 +379,7 @@
let project_path = $( '#modal-content form input[name="project_path"]' ).val();
let project_id = $( '#modal-content form input[name="project_id"]' ).val();
$.get( _this.controller + '?action=remove_user&project_path=' + encodeURIComponent( project_path ) + '&project_id=' + encodeURIComponent( project_id ) + '&username=' + encodeURIComponent( user ), function( data ) {
$.get( _this.controller + '?action=remove_user&project_path=' + encodeURIComponent( project_path ) + '&project_id=' + encodeURIComponent( project_id ) + '&user_id=' + encodeURIComponent( user ), function( data ) {
response = codiad.jsend.parse( data );
console.log( response );

View file

@ -95,15 +95,8 @@ class User {
global $sql;
$query = "SELECT * FROM users WHERE username=?";
$bind_variables = array( $username );
$return = $sql->query( $query, $bind_variables, array() );
if( ! empty( $return ) ) {
echo formatJSEND( "success", $return );
} else {
echo formatJSEND( "error", "Could not select user." );
}
$return = $sql->query( $query, $bind_variables, array(), "fetch" );
return $return;
}
public function list_users() {