mirror of
https://github.com/xevidos/codiad.git
synced 2024-12-22 13:52:16 +01:00
Fixed permission management under projects, Updated get_user and get_users functions, Updated readme
This commit is contained in:
parent
5dd46b32a3
commit
b42cf37eca
7 changed files with 69 additions and 62 deletions
13
README.md
13
README.md
|
@ -37,9 +37,8 @@ Current Tasks:
|
|||
|
||||
Task List:
|
||||
|
||||
* Add ability to create shortlinks with certain permissions for users to share.
|
||||
* Add ability to create shortlinks with permissions for users to share files or projects.
|
||||
* Add ability to login with LDAP
|
||||
* Add archive management abilities
|
||||
* Add bookmark files
|
||||
* Add custom market
|
||||
* \- Add in new admin interface ( Check admin-portal branch for progress )
|
||||
|
@ -50,24 +49,22 @@ Task List:
|
|||
- System Settings
|
||||
- User Management
|
||||
* Add different code linters
|
||||
* Add Drag and Drop natively to filemanager
|
||||
* Add folder / filestructure upload ability
|
||||
* Add if file could not be saved 5 times close the open file
|
||||
* Add multi level users. ( Projects for only certain groups, Permission levels )
|
||||
* Add mobile compatibility
|
||||
* Add move files
|
||||
* Add permissions module ( more in depth permissions such as read/write, delete, etc )
|
||||
* Add print code
|
||||
* Add support for more archive types ( Add commands add more accepted PHP extension types )
|
||||
* Add support for more database systems ( MSSQL, Oracle, SQLite, Filesystem storage, etc )
|
||||
* Add terminal support ( optional per permission level )
|
||||
* Add in auto save timer that saves after the user stops typing instead of after every change
|
||||
* Clean up update script
|
||||
* Create standards for php ( For example a lot of projects are using API like standards for their backends maybe create something like those? )
|
||||
* Fix broken themes
|
||||
* Re Add the custom language recognition system after recode
|
||||
* Remove all old and unneeded dependencies
|
||||
* Seperate Upload filemanager instance from main filemanager instance
|
||||
* Update all current components to use more current standards ( async await and .then in favor over callbacks )
|
||||
* Update all current components to use more current standards
|
||||
- async await and .then in favor over callbacks in JS
|
||||
- standards for php functions when created
|
||||
|
||||
|
||||
Completed:
|
||||
|
|
12
common.php
12
common.php
|
@ -137,19 +137,15 @@ class Common {
|
|||
|
||||
global $sql;
|
||||
$query = "SELECT * FROM users";
|
||||
$bind = "";
|
||||
$bind_variables = array();
|
||||
|
||||
if( $exclude_current ) {
|
||||
|
||||
$query .= " WHERE username!=?";
|
||||
$bind .= "s";
|
||||
$query .= " WHERE username <> ?";
|
||||
array_push( $bind_variables, $_SESSION["user"] );
|
||||
}
|
||||
|
||||
$result = $sql->query( $query, $bind_variables, formatJSEND( "error", "Error checking users." ) );
|
||||
|
||||
if( ! empty( $result ) ) {
|
||||
$result = $sql->query( $query, $bind_variables, array() );
|
||||
|
||||
switch( $return ) {
|
||||
|
||||
|
@ -163,10 +159,6 @@ class Common {
|
|||
$return = $result;
|
||||
break;
|
||||
}
|
||||
} else {
|
||||
|
||||
$return = formatJSEND( "error", "Error selecting user information." );
|
||||
}
|
||||
return( $return );
|
||||
}
|
||||
|
||||
|
|
|
@ -257,12 +257,10 @@ class Project extends Common {
|
|||
return( $return );
|
||||
}
|
||||
|
||||
public function remove_user() {
|
||||
public function remove_user( $user_id ) {
|
||||
|
||||
global $sql;
|
||||
|
||||
$user_id = get_user_id( $this->user );
|
||||
|
||||
if( $user_id === false ) {
|
||||
|
||||
return formatJSEND( "error", "Error fetching user information." );
|
||||
|
|
|
@ -197,15 +197,7 @@ if( $_GET['action'] == 'remove_user' ) {
|
|||
"undefined"
|
||||
);
|
||||
|
||||
if( ! in_array( $_GET['username'], $invalid ) ) {
|
||||
|
||||
$Project->user = $_GET['username'];
|
||||
} else {
|
||||
|
||||
exit( formatJSEND( "error", "No username set." ) );
|
||||
}
|
||||
|
||||
if( ! in_array( $_GET['project_path'], $invalid ) ) {
|
||||
if( isset( $_GET["project_path"] ) && ! in_array( $_GET['project_path'], $invalid ) ) {
|
||||
|
||||
$Project->path = $_GET['project_path'];
|
||||
} else {
|
||||
|
@ -213,7 +205,7 @@ if( $_GET['action'] == 'remove_user' ) {
|
|||
exit( formatJSEND( "error", "No project path set." ) );
|
||||
}
|
||||
|
||||
if( ! in_array( $_GET['project_id'], $invalid ) ) {
|
||||
if( isset( $_GET["project_id"] ) && ! in_array( $_GET['project_id'], $invalid ) ) {
|
||||
|
||||
$Project->project_id = $_GET['project_id'];
|
||||
} else {
|
||||
|
@ -221,9 +213,17 @@ if( $_GET['action'] == 'remove_user' ) {
|
|||
exit( formatJSEND( "error", "No project id set." ) );
|
||||
}
|
||||
|
||||
if( isset( $_GET["user_id"] ) && ! in_array( $_GET['user_id'], $invalid ) ) {
|
||||
|
||||
$user_id = $_GET["user_id"];
|
||||
} else {
|
||||
|
||||
exit( formatJSEND( "error", "No user id set." ) );
|
||||
}
|
||||
|
||||
if( $Project->check_owner( $_GET["project_path"], true ) ) {
|
||||
|
||||
$Project->remove_user();
|
||||
$Project->remove_user( $user_id );
|
||||
} else {
|
||||
|
||||
exit( formatJSEND( "error", "You can not manage this project." ) );
|
||||
|
|
|
@ -7,8 +7,9 @@
|
|||
*/
|
||||
|
||||
|
||||
require_once('../../common.php');
|
||||
require_once('./class.project.php');
|
||||
require_once( '../../common.php' );
|
||||
require_once( './class.project.php' );
|
||||
require_once( '../user/class.user.php' );
|
||||
|
||||
//////////////////////////////////////////////////////////////////
|
||||
// Verify Session or Key
|
||||
|
@ -208,16 +209,36 @@ switch( $_GET['action'] ) {
|
|||
*/
|
||||
if( ! isset( $_GET["path"] ) || ! $Project->check_owner( $_GET["path"], true ) ) {
|
||||
?>
|
||||
<pre>Error, you either do not own this project or it is a public project.</pre>
|
||||
<p>Error, you either do not own this project or it is a public project.</p>
|
||||
<button class="btn-right" onclick="codiad.project.list();return false;"><?php i18n( "Back" );?></button>
|
||||
<?php
|
||||
return;
|
||||
}
|
||||
|
||||
// Get projects data
|
||||
$User = new User();
|
||||
$path = $_GET['path'];
|
||||
$project = $Project->get_project( $path );
|
||||
$access = $Project->get_access( $project["id"] );
|
||||
$users = get_users( "return", true );
|
||||
$user = $User->get_user( $_SESSION["user"] );
|
||||
|
||||
if( isset( $users["status"] ) && $users["status"] == "error" ) {
|
||||
|
||||
?>
|
||||
<p>Error, could not fetch users information.</p>
|
||||
<button class="btn-left" onclick="codiad.project.list();return false;"><?php i18n( "Back" );?></button>
|
||||
<?php
|
||||
exit();
|
||||
} else if( empty( $users ) ) {
|
||||
|
||||
?>
|
||||
<p>Error, You must have more than one user registered in your Codiad instance to manage permissions.</p>
|
||||
<button class="btn-left" onclick="codiad.project.list();return false;"><?php i18n( "Back" );?></button>
|
||||
<?php
|
||||
exit();
|
||||
}
|
||||
|
||||
?>
|
||||
<form onSubmit="event.preventDefault();">
|
||||
<input type="hidden" name="project_path" value="<?php echo $path;?>">
|
||||
|
@ -226,10 +247,10 @@ switch( $_GET['action'] ) {
|
|||
<input id="search_users" type="text" onkeyup="codiad.project.search_users();" />
|
||||
<select id="user_list" name="user_list">
|
||||
<?php
|
||||
foreach( $users as $user ) {
|
||||
foreach( $users as $i ) {
|
||||
|
||||
?>
|
||||
<option value="<?php echo htmlentities( $user["id"] );?>"><?php echo htmlentities( $user["username"] );?></option>
|
||||
<option value="<?php echo htmlentities( $i["id"] );?>"><?php echo htmlentities( $i["username"] );?></option>
|
||||
<?php
|
||||
}
|
||||
?>
|
||||
|
@ -247,23 +268,28 @@ switch( $_GET['action'] ) {
|
|||
<table id="access_list">
|
||||
<?php
|
||||
|
||||
$user = null;
|
||||
|
||||
foreach( $access as $row => $user_permissions ) {
|
||||
|
||||
foreach( $users as $row => $current_user ) {
|
||||
$i = null;
|
||||
|
||||
foreach( $users as $r => $current_user ) {
|
||||
|
||||
if( $current_user["id"] == $user_permissions["user"] ) {
|
||||
|
||||
$user = $current_user;
|
||||
$i = $current_user;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
if( ! $i ) {
|
||||
|
||||
continue;
|
||||
}
|
||||
|
||||
?>
|
||||
<tr>
|
||||
<td>
|
||||
<p><?php echo htmlentities( $user["username"] );?></p>
|
||||
<p><?php echo htmlentities( $i["username"] );?></p>
|
||||
</td>
|
||||
<td>
|
||||
<select onchange="codiad.project.change_access( event );">
|
||||
|
@ -281,7 +307,7 @@ switch( $_GET['action'] ) {
|
|||
}
|
||||
?>
|
||||
</select>
|
||||
<button class="btn-left" onclick="codiad.project.remove_user( '<?php echo htmlentities( $user["id"] );?>' );">Remove Access</button>
|
||||
<button class="btn-left" onclick="codiad.project.remove_user( '<?php echo htmlentities( $i["id"] );?>' );">Remove Access</button>
|
||||
</td>
|
||||
</tr>
|
||||
<?php
|
||||
|
@ -291,6 +317,7 @@ switch( $_GET['action'] ) {
|
|||
<?php
|
||||
}
|
||||
?>
|
||||
<button class="btn-left" onclick="codiad.project.list();return false;"><?php i18n( "Back" );?></button>
|
||||
<button class="btn-right" onclick="codiad.modal.unload();return false;"><?php i18n( "Done" );?></button>
|
||||
<form>
|
||||
<?php
|
||||
|
|
|
@ -379,7 +379,7 @@
|
|||
let project_path = $( '#modal-content form input[name="project_path"]' ).val();
|
||||
let project_id = $( '#modal-content form input[name="project_id"]' ).val();
|
||||
|
||||
$.get( _this.controller + '?action=remove_user&project_path=' + encodeURIComponent( project_path ) + '&project_id=' + encodeURIComponent( project_id ) + '&username=' + encodeURIComponent( user ), function( data ) {
|
||||
$.get( _this.controller + '?action=remove_user&project_path=' + encodeURIComponent( project_path ) + '&project_id=' + encodeURIComponent( project_id ) + '&user_id=' + encodeURIComponent( user ), function( data ) {
|
||||
|
||||
response = codiad.jsend.parse( data );
|
||||
console.log( response );
|
||||
|
|
|
@ -95,15 +95,8 @@ class User {
|
|||
global $sql;
|
||||
$query = "SELECT * FROM users WHERE username=?";
|
||||
$bind_variables = array( $username );
|
||||
$return = $sql->query( $query, $bind_variables, array() );
|
||||
|
||||
if( ! empty( $return ) ) {
|
||||
|
||||
echo formatJSEND( "success", $return );
|
||||
} else {
|
||||
|
||||
echo formatJSEND( "error", "Could not select user." );
|
||||
}
|
||||
$return = $sql->query( $query, $bind_variables, array(), "fetch" );
|
||||
return $return;
|
||||
}
|
||||
|
||||
public function list_users() {
|
||||
|
|
Loading…
Reference in a new issue