Mirror/codiad
1
0
Fork 0
mirror of https://github.com/xevidos/codiad.git synced 2024-11-10 21:26:35 +01:00
Code Issues Packages Projects Releases Wiki Activity

Started table conversion to new access system

Browse Source
This commit is contained in:
xevidos 2019-07-01 18:22:33 -04:00
parent 6dd09ba1a6
commit d3d96e66f6
6 changed files with 188 additions and 84 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
components/permissions/class.permissions.php
View File

@ -57,25 +57,19 @@ class Permissions {
),
array(
"limit",
1
1
)
)
);*/
$query = "SELECT * FROM projects WHERE path=? LIMIT 1;";
$bind_variables = array( $_SESSION["project"] );
$result = $sql->query( $query, $bind_variables, array() )[0];
$result = $sql->query( $query, $bind_variables, array() );
if( ! empty( $result ) ) {
$result = $result[0];
try {
$users = json_decode( $result["access"], true );
} catch( exception $e ) {
$users = array();
}
$users = $sql->query( "SELECT * FOM access WHERE project = ? AND user = ? LIMIT 1", array( $result["id"], $_SESSION["user_id"] ), array() );
if( $result["owner"] == 'nobody' ) {
@ -83,7 +77,7 @@ class Permissions {
} elseif( $result["owner"] == $_SESSION["user"] ) {
$pass = true;
} elseif( in_array( $_SESSION["user"], array_keys( $users ) ) && ! empty( $users ) ) {
} elseif( ! empty( $users ) ) {
//Only allow the owner to delete the root dir / project
if( $path == $result["path"] && self::LEVELS[$level] == self::LEVELS["delete"] ) {
@ -91,18 +85,6 @@ class Permissions {
$level = "owner";
}
$is_assoc = ( array_keys( $users ) !== range( 0, count( $users ) - 1 ) );
if( $is_assoc ) {
$users_access = $users[$_SESSION["user"]];
} else {
$users_access = self::LEVELS["delete"];
}
echo var_dump( $path, $result, $users_access, $level, ( self::LEVELS[$level] >= $users_access ), self::LEVELS[$level] + " is more than or equal to {$users_access}" );
if( self::LEVELS[$level] >= $users_access ) {
$pass = true;

33
components/project/class.project.php
View File

@ -201,8 +201,17 @@ class Project extends Common {
$project = $this->path;
}
global $sql;
$query = "SELECT * FROM projects WHERE path=? AND ( owner=? OR owner='nobody' ) ORDER BY name;";
$bind_variables = array( $project, $_SESSION["user"] );
$query = "
SELECT * FROM projects
WHERE path = ?
AND (
owner=?
OR owner='nobody'
OR id IN ( SELECT project FROM access WHERE user = ? )
) ORDER BY name;";
$bind_variables = array( $project, $_SESSION["user"], $_SESSION["user_id"] );
//$query = "SELECT * FROM projects WHERE path=? AND ( owner=? OR owner='nobody' ) ORDER BY name;";
//$bind_variables = array( $project, $_SESSION["user"] );
$return = $sql->query( $query, $bind_variables, array() )[0];
if( ! empty( $return ) ) {
@ -218,8 +227,12 @@ class Project extends Common {
public function get_projects() {
global $sql;
$query = "SELECT * FROM projects WHERE owner=? OR owner='nobody' OR access LIKE ? ORDER BY name;";
$bind_variables = array( $_SESSION["user"], '%"' . $_SESSION["user"] . '"%' );
$query = "
SELECT * FROM projects
WHERE owner=?
OR owner='nobody'
OR path IN ( SELECT path FROM access WHERE user = ? );";
$bind_variables = array( $_SESSION["user"], $_SESSION["user_id"] );
$return = $sql->query( $query, $bind_variables, array() );
if( empty( $return ) ) {
@ -349,8 +362,15 @@ class Project extends Common {
public function Open() {
global $sql;
$query = "SELECT * FROM projects WHERE path=? AND ( owner=? OR owner='nobody' OR access LIKE ? );";
$bind_variables = array( $this->path, $_SESSION["user"], '%"' . $_SESSION["user"] . '"%' );
$query = "
SELECT * FROM projects
WHERE path = ?
AND (
owner=?
OR owner='nobody'
OR id IN ( SELECT project FROM access WHERE user = ? )
) ORDER BY name;";
$bind_variables = array( $this->path, $_SESSION["user"], $_SESSION["user_id"] );
$return = $sql->query( $query, $bind_variables, array() )[0];
if( ! empty( $return ) ) {
@ -360,6 +380,7 @@ class Project extends Common {
$sql->query( $query, $bind_variables, 0, "rowCount" );
$this->name = $return['name'];
$_SESSION['project'] = $return['path'];
$_SESSION['project_id'] = $return['id'];
echo formatJSEND( "success", array( "name" => $this->name, "path" => $this->path ) );
} else {

201
components/sql/class.sql.php
View File

@ -1,6 +1,7 @@
<?php
require_once( __DIR__ . "/class.sql.conversions.php" );
require_once( __DIR__ . "/../permissions/class.permissions.php" );
class sql {
@ -35,8 +36,11 @@ class sql {
$dbtype = DBTYPE;
$username = DBUSER;
$password = DBPASS;
$options = array(
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
);
$this->connection = new PDO( "{$dbtype}:host={$host};dbname={$dbname}", $username, $password );
$this->connection = new PDO( "{$dbtype}:host={$host};dbname={$dbname}", $username, $password, $options );
}
return( $this->connection );
@ -65,6 +69,18 @@ class sql {
"focused" => array( "not null" ),
)
),
"access" => array(
"fields" => array(
"project" => "int",
"user" => "int",
"level" => "int",
),
"attributes" => array(
"id" => array( "not null" ),
"user" => array( "not null" ),
"level" => array( "not null" ),
)
),
"options" => array(
"fields" => array(
"id" => "int",
@ -83,7 +99,6 @@ class sql {
"name" => "string",
"path" => "text",
"owner" => "string",
"access" => "string",
),
"attributes" => array(
@ -91,7 +106,6 @@ class sql {
"name" => array( "not null" ),
"path" => array( "not null", "unique" ),
"owner" => array( "not null", "unique" ),
"access" => array(),
)
),
"users" => array(
@ -102,7 +116,7 @@ class sql {
"username" => "string",
"password" => "text",
"email" => "string",
"project" => "string",
"project" => "int",
"access" => "string",
"groups" => "string",
"token" => "string",
@ -131,6 +145,85 @@ class sql {
)
);
if( $result === true ) {
$sql_conversions = new sql_conversions();
try {
$access_query = "INSERT INTO access( project, user, level ) VALUES ";
$projects = $this->query( "SELECT id, access FROM projects", array(), array(), "fetchAll", "exception" );
$users = $this->query( "SELECT id, username FROM users", array(), array(), "fetchAll", "exception" );
$delete = Permissions::LEVELS["delete"];
foreach( $users as $row => $user ) {
foreach( $projects as $row => $project ) {
$access = json_decode( $project["access"], true );
if( ! is_array( $access ) || empty( $access ) ) {
continue;
}
foreach( $access as $granted_user ) {
if( $granted_user == $user["username"] ) {
$access_query .= "( {$project["id"]}, {$user["id"]}, $delete ),";
}
}
}
}
if( $access_query !== "INSERT INTO access( project, user, level ) " ) {
$result = $this->query( substr( $access_query, 0, -1 ), array(), 0, "rowCount", "exception" );
}
$result = $this->query( "ALTER TABLE projects DROP COLUMN access", array(), 0, "rowCount" );
} catch( Exception $error ) {
//The access field is not there.
//echo var_export( $error->getMessage(), $access_query );
}
try {
$update_query = "";
$projects = $this->query( "SELECT id, path FROM projects", array(), array(), "fetchAll", "exception" );
$result = $this->query( "SELECT project FROM users", array(), array(), "fetchAll", "exception" );
$convert = false;
$delete = Permissions::LEVELS["delete"];
foreach( $result as $row => $user ) {
if( ! is_numeric( $user["project"] ) ) {
$convert = true;
}
foreach( $projects as $row => $project ) {
if( $project["path"] == $user["project"] ) {
$update_query .= "UPDATE users SET project={$project["id"]};";
}
}
}
if( $convert ) {
//change project to users table
$result = $this->query( "ALTER TABLE users DROP COLUMN project", array(), array(), "rowCount", "exception" );
$result = $this->query( "ALTER TABLE users ADD COLUMN project " . $sql_conversions->data_types["int"][DBTYPE], array(), array(), "rowCount", "exception" );
$result = $this->query( $update_query, array(), array(), "rowCount", "exception" );
}
} catch( Exception $error ) {
//echo var_dump( $error->getMessage() );
}
}
return $result;
}
@ -169,18 +262,15 @@ class sql {
);
*/
$query = $this->conversions->tables( $table );
$connection = $this->connect();
$result = $connection->exec( $query );
$error = $connection->errorInfo();
//echo var_dump( $query, $result, $connection->errorInfo() ) . "<br>";
if ( $result === false || ! $error[0] == "00000" ) {
return $error;
} else {
try {
$query = $this->conversions->tables( $table );
$connection = $this->connect();
$result = $connection->exec( $query );
return true;
} catch( exception $error ) {
return $error->getMessage();
}
}
@ -227,53 +317,58 @@ class sql {
$query = $this->conversions->update( $table, $fields, $where );
//echo var_dump( $query ) . "<br>";
//return $query;
}
public function query( $query, $bind_variables, $default, $action='fetchAll', $show_errors=false ) {
public function query( $query, $bind_variables, $default, $action='fetchAll', $errors="default" ) {
$connection = $this->connect();
$statement = $connection->prepare( $query );
$statement->execute( $bind_variables );
switch( $action ) {
case( 'rowCount' ):
$return = $statement->rowCount();
break;
case( 'fetchAll' ):
$return = $statement->fetchAll( \PDO::FETCH_ASSOC );
break;
case( 'fetchColumn' ):
$return = $statement->fetchColumn();
break;
default:
$return = $statement->fetchAll( \PDO::FETCH_ASSOC );
break;
}
/**
* Errors:
* default - this value could be anything such as true or foobar
* message
* exception
*/
$error = $statement->errorInfo();
if( ! $error[0] == "00000" ) {
try {
$connection = $this->connect();
$statement = $connection->prepare( $query );
$statement->execute( $bind_variables );
switch( $action ) {
case( 'rowCount' ):
$return = $statement->rowCount();
break;
case( 'fetchAll' ):
$return = $statement->fetchAll( \PDO::FETCH_ASSOC );
break;
case( 'fetchColumn' ):
$return = $statement->fetchColumn();
break;
default:
$return = $statement->fetchAll( \PDO::FETCH_ASSOC );
break;
}
} catch( exception $error ) {
echo var_export( $error );
echo var_export( $return );
$return = $default;
}
if( $show_errors ) {
$return = json_encode( $error );
if( $errors == "message" ) {
$return = json_encode( array( $error->getMessage() ) );
} elseif( $errors == "exception" ) {
throw $error;
}
}
//echo var_dump( $error, $return );
$this->close();
return( $return );
}

2
components/system/controller.php
View File

@ -19,6 +19,8 @@ if ( $_POST['action'] == 'create_default_tables' ) {
global $sql;
$result = $sql->create_default_tables();
echo var_dump( $result );
if( $result === true ) {
exit( formatJSEND( "success", "Created tables." ) );

1
components/update/update.php
View File

@ -15,6 +15,7 @@ $projects_file = BASE_PATH . "/data/projects.php";
$users_file = BASE_PATH . "/data/users.php";
//checkSession();
if ( ! checkAccess() ) {
echo "Error, you do not have access to update Codiad.";
exit();
}

9
components/user/class.user.php
View File

@ -243,23 +243,26 @@ class User {
if( ! empty( $return ) ) {
$user = $return[0];
$pass = true;
$token = mb_strtoupper( strval( bin2hex( openssl_random_pseudo_bytes( 16 ) ) ) );
$_SESSION['id'] = SESSION_ID;
$_SESSION['user'] = $this->username;
$_SESSION['user_id'] = $user["id"];
$_SESSION['token'] = $token;
$_SESSION['lang'] = $this->lang;
$_SESSION['theme'] = $this->theme;
$_SESSION["login_session"] = true;
$user = $return[0];
$query = "UPDATE users SET token=? WHERE username=?;";
$bind_variables = array( sha1( $token ), $this->username );
$return = $sql->query( $query, $bind_variables, 0, 'rowCount' );
$projects = $sql->query( "SELECT path FROM projects WHERE id = ?", array( $user["project"] ), array(), 'rowCount' );
if( isset( $user['project'] ) && $user['project'] != '' ) {
if( isset( $user['project'] ) && $user['project'] != '' && ! empty( $projects ) ) {
$_SESSION['project'] = $user['project'];
$_SESSION['project'] = $projects[0]["path"];
$_SESSION['project_id'] = $user['project'];
}
$this->checkDuplicateSessions( $this->username );