Started table conversion to new access system

This commit is contained in:
xevidos 2019-07-01 18:22:33 -04:00
parent 6dd09ba1a6
commit d3d96e66f6
6 changed files with 188 additions and 84 deletions

View file

@ -64,18 +64,12 @@ class Permissions {
$query = "SELECT * FROM projects WHERE path=? LIMIT 1;"; $query = "SELECT * FROM projects WHERE path=? LIMIT 1;";
$bind_variables = array( $_SESSION["project"] ); $bind_variables = array( $_SESSION["project"] );
$result = $sql->query( $query, $bind_variables, array() )[0]; $result = $sql->query( $query, $bind_variables, array() );
if( ! empty( $result ) ) { if( ! empty( $result ) ) {
$result = $result[0]; $result = $result[0];
try { $users = $sql->query( "SELECT * FOM access WHERE project = ? AND user = ? LIMIT 1", array( $result["id"], $_SESSION["user_id"] ), array() );
$users = json_decode( $result["access"], true );
} catch( exception $e ) {
$users = array();
}
if( $result["owner"] == 'nobody' ) { if( $result["owner"] == 'nobody' ) {
@ -83,7 +77,7 @@ class Permissions {
} elseif( $result["owner"] == $_SESSION["user"] ) { } elseif( $result["owner"] == $_SESSION["user"] ) {
$pass = true; $pass = true;
} elseif( in_array( $_SESSION["user"], array_keys( $users ) ) && ! empty( $users ) ) { } elseif( ! empty( $users ) ) {
//Only allow the owner to delete the root dir / project //Only allow the owner to delete the root dir / project
if( $path == $result["path"] && self::LEVELS[$level] == self::LEVELS["delete"] ) { if( $path == $result["path"] && self::LEVELS[$level] == self::LEVELS["delete"] ) {
@ -91,18 +85,6 @@ class Permissions {
$level = "owner"; $level = "owner";
} }
$is_assoc = ( array_keys( $users ) !== range( 0, count( $users ) - 1 ) );
if( $is_assoc ) {
$users_access = $users[$_SESSION["user"]];
} else {
$users_access = self::LEVELS["delete"];
}
echo var_dump( $path, $result, $users_access, $level, ( self::LEVELS[$level] >= $users_access ), self::LEVELS[$level] + " is more than or equal to {$users_access}" );
if( self::LEVELS[$level] >= $users_access ) { if( self::LEVELS[$level] >= $users_access ) {
$pass = true; $pass = true;

View file

@ -201,8 +201,17 @@ class Project extends Common {
$project = $this->path; $project = $this->path;
} }
global $sql; global $sql;
$query = "SELECT * FROM projects WHERE path=? AND ( owner=? OR owner='nobody' ) ORDER BY name;"; $query = "
$bind_variables = array( $project, $_SESSION["user"] ); SELECT * FROM projects
WHERE path = ?
AND (
owner=?
OR owner='nobody'
OR id IN ( SELECT project FROM access WHERE user = ? )
) ORDER BY name;";
$bind_variables = array( $project, $_SESSION["user"], $_SESSION["user_id"] );
//$query = "SELECT * FROM projects WHERE path=? AND ( owner=? OR owner='nobody' ) ORDER BY name;";
//$bind_variables = array( $project, $_SESSION["user"] );
$return = $sql->query( $query, $bind_variables, array() )[0]; $return = $sql->query( $query, $bind_variables, array() )[0];
if( ! empty( $return ) ) { if( ! empty( $return ) ) {
@ -218,8 +227,12 @@ class Project extends Common {
public function get_projects() { public function get_projects() {
global $sql; global $sql;
$query = "SELECT * FROM projects WHERE owner=? OR owner='nobody' OR access LIKE ? ORDER BY name;"; $query = "
$bind_variables = array( $_SESSION["user"], '%"' . $_SESSION["user"] . '"%' ); SELECT * FROM projects
WHERE owner=?
OR owner='nobody'
OR path IN ( SELECT path FROM access WHERE user = ? );";
$bind_variables = array( $_SESSION["user"], $_SESSION["user_id"] );
$return = $sql->query( $query, $bind_variables, array() ); $return = $sql->query( $query, $bind_variables, array() );
if( empty( $return ) ) { if( empty( $return ) ) {
@ -349,8 +362,15 @@ class Project extends Common {
public function Open() { public function Open() {
global $sql; global $sql;
$query = "SELECT * FROM projects WHERE path=? AND ( owner=? OR owner='nobody' OR access LIKE ? );"; $query = "
$bind_variables = array( $this->path, $_SESSION["user"], '%"' . $_SESSION["user"] . '"%' ); SELECT * FROM projects
WHERE path = ?
AND (
owner=?
OR owner='nobody'
OR id IN ( SELECT project FROM access WHERE user = ? )
) ORDER BY name;";
$bind_variables = array( $this->path, $_SESSION["user"], $_SESSION["user_id"] );
$return = $sql->query( $query, $bind_variables, array() )[0]; $return = $sql->query( $query, $bind_variables, array() )[0];
if( ! empty( $return ) ) { if( ! empty( $return ) ) {
@ -360,6 +380,7 @@ class Project extends Common {
$sql->query( $query, $bind_variables, 0, "rowCount" ); $sql->query( $query, $bind_variables, 0, "rowCount" );
$this->name = $return['name']; $this->name = $return['name'];
$_SESSION['project'] = $return['path']; $_SESSION['project'] = $return['path'];
$_SESSION['project_id'] = $return['id'];
echo formatJSEND( "success", array( "name" => $this->name, "path" => $this->path ) ); echo formatJSEND( "success", array( "name" => $this->name, "path" => $this->path ) );
} else { } else {

View file

@ -1,6 +1,7 @@
<?php <?php
require_once( __DIR__ . "/class.sql.conversions.php" ); require_once( __DIR__ . "/class.sql.conversions.php" );
require_once( __DIR__ . "/../permissions/class.permissions.php" );
class sql { class sql {
@ -35,8 +36,11 @@ class sql {
$dbtype = DBTYPE; $dbtype = DBTYPE;
$username = DBUSER; $username = DBUSER;
$password = DBPASS; $password = DBPASS;
$options = array(
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
);
$this->connection = new PDO( "{$dbtype}:host={$host};dbname={$dbname}", $username, $password ); $this->connection = new PDO( "{$dbtype}:host={$host};dbname={$dbname}", $username, $password, $options );
} }
return( $this->connection ); return( $this->connection );
@ -65,6 +69,18 @@ class sql {
"focused" => array( "not null" ), "focused" => array( "not null" ),
) )
), ),
"access" => array(
"fields" => array(
"project" => "int",
"user" => "int",
"level" => "int",
),
"attributes" => array(
"id" => array( "not null" ),
"user" => array( "not null" ),
"level" => array( "not null" ),
)
),
"options" => array( "options" => array(
"fields" => array( "fields" => array(
"id" => "int", "id" => "int",
@ -83,7 +99,6 @@ class sql {
"name" => "string", "name" => "string",
"path" => "text", "path" => "text",
"owner" => "string", "owner" => "string",
"access" => "string",
), ),
"attributes" => array( "attributes" => array(
@ -91,7 +106,6 @@ class sql {
"name" => array( "not null" ), "name" => array( "not null" ),
"path" => array( "not null", "unique" ), "path" => array( "not null", "unique" ),
"owner" => array( "not null", "unique" ), "owner" => array( "not null", "unique" ),
"access" => array(),
) )
), ),
"users" => array( "users" => array(
@ -102,7 +116,7 @@ class sql {
"username" => "string", "username" => "string",
"password" => "text", "password" => "text",
"email" => "string", "email" => "string",
"project" => "string", "project" => "int",
"access" => "string", "access" => "string",
"groups" => "string", "groups" => "string",
"token" => "string", "token" => "string",
@ -131,6 +145,85 @@ class sql {
) )
); );
if( $result === true ) {
$sql_conversions = new sql_conversions();
try {
$access_query = "INSERT INTO access( project, user, level ) VALUES ";
$projects = $this->query( "SELECT id, access FROM projects", array(), array(), "fetchAll", "exception" );
$users = $this->query( "SELECT id, username FROM users", array(), array(), "fetchAll", "exception" );
$delete = Permissions::LEVELS["delete"];
foreach( $users as $row => $user ) {
foreach( $projects as $row => $project ) {
$access = json_decode( $project["access"], true );
if( ! is_array( $access ) || empty( $access ) ) {
continue;
}
foreach( $access as $granted_user ) {
if( $granted_user == $user["username"] ) {
$access_query .= "( {$project["id"]}, {$user["id"]}, $delete ),";
}
}
}
}
if( $access_query !== "INSERT INTO access( project, user, level ) " ) {
$result = $this->query( substr( $access_query, 0, -1 ), array(), 0, "rowCount", "exception" );
}
$result = $this->query( "ALTER TABLE projects DROP COLUMN access", array(), 0, "rowCount" );
} catch( Exception $error ) {
//The access field is not there.
//echo var_export( $error->getMessage(), $access_query );
}
try {
$update_query = "";
$projects = $this->query( "SELECT id, path FROM projects", array(), array(), "fetchAll", "exception" );
$result = $this->query( "SELECT project FROM users", array(), array(), "fetchAll", "exception" );
$convert = false;
$delete = Permissions::LEVELS["delete"];
foreach( $result as $row => $user ) {
if( ! is_numeric( $user["project"] ) ) {
$convert = true;
}
foreach( $projects as $row => $project ) {
if( $project["path"] == $user["project"] ) {
$update_query .= "UPDATE users SET project={$project["id"]};";
}
}
}
if( $convert ) {
//change project to users table
$result = $this->query( "ALTER TABLE users DROP COLUMN project", array(), array(), "rowCount", "exception" );
$result = $this->query( "ALTER TABLE users ADD COLUMN project " . $sql_conversions->data_types["int"][DBTYPE], array(), array(), "rowCount", "exception" );
$result = $this->query( $update_query, array(), array(), "rowCount", "exception" );
}
} catch( Exception $error ) {
//echo var_dump( $error->getMessage() );
}
}
return $result; return $result;
} }
@ -169,18 +262,15 @@ class sql {
); );
*/ */
try {
$query = $this->conversions->tables( $table ); $query = $this->conversions->tables( $table );
$connection = $this->connect(); $connection = $this->connect();
$result = $connection->exec( $query ); $result = $connection->exec( $query );
$error = $connection->errorInfo();
//echo var_dump( $query, $result, $connection->errorInfo() ) . "<br>";
if ( $result === false || ! $error[0] == "00000" ) {
return $error;
} else {
return true; return true;
} catch( exception $error ) {
return $error->getMessage();
} }
} }
@ -227,9 +317,19 @@ class sql {
$query = $this->conversions->update( $table, $fields, $where ); $query = $this->conversions->update( $table, $fields, $where );
//echo var_dump( $query ) . "<br>"; //echo var_dump( $query ) . "<br>";
//return $query;
} }
public function query( $query, $bind_variables, $default, $action='fetchAll', $show_errors=false ) { public function query( $query, $bind_variables, $default, $action='fetchAll', $errors="default" ) {
/**
* Errors:
* default - this value could be anything such as true or foobar
* message
* exception
*/
try {
$connection = $this->connect(); $connection = $this->connect();
$statement = $connection->prepare( $query ); $statement = $connection->prepare( $query );
@ -257,23 +357,18 @@ class sql {
$return = $statement->fetchAll( \PDO::FETCH_ASSOC ); $return = $statement->fetchAll( \PDO::FETCH_ASSOC );
break; break;
} }
} catch( exception $error ) {
$error = $statement->errorInfo();
if( ! $error[0] == "00000" ) {
echo var_export( $error );
echo var_export( $return );
$return = $default; $return = $default;
if( $errors == "message" ) {
$return = json_encode( array( $error->getMessage() ) );
} elseif( $errors == "exception" ) {
throw $error;
} }
if( $show_errors ) {
$return = json_encode( $error );
} }
//echo var_dump( $error, $return );
$this->close(); $this->close();
return( $return ); return( $return );
} }

View file

@ -19,6 +19,8 @@ if ( $_POST['action'] == 'create_default_tables' ) {
global $sql; global $sql;
$result = $sql->create_default_tables(); $result = $sql->create_default_tables();
echo var_dump( $result );
if( $result === true ) { if( $result === true ) {
exit( formatJSEND( "success", "Created tables." ) ); exit( formatJSEND( "success", "Created tables." ) );

View file

@ -15,6 +15,7 @@ $projects_file = BASE_PATH . "/data/projects.php";
$users_file = BASE_PATH . "/data/users.php"; $users_file = BASE_PATH . "/data/users.php";
//checkSession(); //checkSession();
if ( ! checkAccess() ) { if ( ! checkAccess() ) {
echo "Error, you do not have access to update Codiad."; echo "Error, you do not have access to update Codiad.";
exit(); exit();
} }

View file

@ -243,23 +243,26 @@ class User {
if( ! empty( $return ) ) { if( ! empty( $return ) ) {
$user = $return[0];
$pass = true; $pass = true;
$token = mb_strtoupper( strval( bin2hex( openssl_random_pseudo_bytes( 16 ) ) ) ); $token = mb_strtoupper( strval( bin2hex( openssl_random_pseudo_bytes( 16 ) ) ) );
$_SESSION['id'] = SESSION_ID; $_SESSION['id'] = SESSION_ID;
$_SESSION['user'] = $this->username; $_SESSION['user'] = $this->username;
$_SESSION['user_id'] = $user["id"];
$_SESSION['token'] = $token; $_SESSION['token'] = $token;
$_SESSION['lang'] = $this->lang; $_SESSION['lang'] = $this->lang;
$_SESSION['theme'] = $this->theme; $_SESSION['theme'] = $this->theme;
$_SESSION["login_session"] = true; $_SESSION["login_session"] = true;
$user = $return[0];
$query = "UPDATE users SET token=? WHERE username=?;"; $query = "UPDATE users SET token=? WHERE username=?;";
$bind_variables = array( sha1( $token ), $this->username ); $bind_variables = array( sha1( $token ), $this->username );
$return = $sql->query( $query, $bind_variables, 0, 'rowCount' ); $return = $sql->query( $query, $bind_variables, 0, 'rowCount' );
$projects = $sql->query( "SELECT path FROM projects WHERE id = ?", array( $user["project"] ), array(), 'rowCount' );
if( isset( $user['project'] ) && $user['project'] != '' ) { if( isset( $user['project'] ) && $user['project'] != '' && ! empty( $projects ) ) {
$_SESSION['project'] = $user['project']; $_SESSION['project'] = $projects[0]["path"];
$_SESSION['project_id'] = $user['project'];
} }
$this->checkDuplicateSessions( $this->username ); $this->checkDuplicateSessions( $this->username );