mirror of
https://github.com/xevidos/codiad.git
synced 2024-11-14 07:41:14 +01:00
Started table conversion to new access system
This commit is contained in:
parent
6dd09ba1a6
commit
d3d96e66f6
6 changed files with 188 additions and 84 deletions
|
@ -64,18 +64,12 @@ class Permissions {
|
||||||
|
|
||||||
$query = "SELECT * FROM projects WHERE path=? LIMIT 1;";
|
$query = "SELECT * FROM projects WHERE path=? LIMIT 1;";
|
||||||
$bind_variables = array( $_SESSION["project"] );
|
$bind_variables = array( $_SESSION["project"] );
|
||||||
$result = $sql->query( $query, $bind_variables, array() )[0];
|
$result = $sql->query( $query, $bind_variables, array() );
|
||||||
|
|
||||||
if( ! empty( $result ) ) {
|
if( ! empty( $result ) ) {
|
||||||
|
|
||||||
$result = $result[0];
|
$result = $result[0];
|
||||||
try {
|
$users = $sql->query( "SELECT * FOM access WHERE project = ? AND user = ? LIMIT 1", array( $result["id"], $_SESSION["user_id"] ), array() );
|
||||||
|
|
||||||
$users = json_decode( $result["access"], true );
|
|
||||||
} catch( exception $e ) {
|
|
||||||
|
|
||||||
$users = array();
|
|
||||||
}
|
|
||||||
|
|
||||||
if( $result["owner"] == 'nobody' ) {
|
if( $result["owner"] == 'nobody' ) {
|
||||||
|
|
||||||
|
@ -83,7 +77,7 @@ class Permissions {
|
||||||
} elseif( $result["owner"] == $_SESSION["user"] ) {
|
} elseif( $result["owner"] == $_SESSION["user"] ) {
|
||||||
|
|
||||||
$pass = true;
|
$pass = true;
|
||||||
} elseif( in_array( $_SESSION["user"], array_keys( $users ) ) && ! empty( $users ) ) {
|
} elseif( ! empty( $users ) ) {
|
||||||
|
|
||||||
//Only allow the owner to delete the root dir / project
|
//Only allow the owner to delete the root dir / project
|
||||||
if( $path == $result["path"] && self::LEVELS[$level] == self::LEVELS["delete"] ) {
|
if( $path == $result["path"] && self::LEVELS[$level] == self::LEVELS["delete"] ) {
|
||||||
|
@ -91,18 +85,6 @@ class Permissions {
|
||||||
$level = "owner";
|
$level = "owner";
|
||||||
}
|
}
|
||||||
|
|
||||||
$is_assoc = ( array_keys( $users ) !== range( 0, count( $users ) - 1 ) );
|
|
||||||
|
|
||||||
if( $is_assoc ) {
|
|
||||||
|
|
||||||
$users_access = $users[$_SESSION["user"]];
|
|
||||||
} else {
|
|
||||||
|
|
||||||
$users_access = self::LEVELS["delete"];
|
|
||||||
}
|
|
||||||
|
|
||||||
echo var_dump( $path, $result, $users_access, $level, ( self::LEVELS[$level] >= $users_access ), self::LEVELS[$level] + " is more than or equal to {$users_access}" );
|
|
||||||
|
|
||||||
if( self::LEVELS[$level] >= $users_access ) {
|
if( self::LEVELS[$level] >= $users_access ) {
|
||||||
|
|
||||||
$pass = true;
|
$pass = true;
|
||||||
|
|
|
@ -201,8 +201,17 @@ class Project extends Common {
|
||||||
$project = $this->path;
|
$project = $this->path;
|
||||||
}
|
}
|
||||||
global $sql;
|
global $sql;
|
||||||
$query = "SELECT * FROM projects WHERE path=? AND ( owner=? OR owner='nobody' ) ORDER BY name;";
|
$query = "
|
||||||
$bind_variables = array( $project, $_SESSION["user"] );
|
SELECT * FROM projects
|
||||||
|
WHERE path = ?
|
||||||
|
AND (
|
||||||
|
owner=?
|
||||||
|
OR owner='nobody'
|
||||||
|
OR id IN ( SELECT project FROM access WHERE user = ? )
|
||||||
|
) ORDER BY name;";
|
||||||
|
$bind_variables = array( $project, $_SESSION["user"], $_SESSION["user_id"] );
|
||||||
|
//$query = "SELECT * FROM projects WHERE path=? AND ( owner=? OR owner='nobody' ) ORDER BY name;";
|
||||||
|
//$bind_variables = array( $project, $_SESSION["user"] );
|
||||||
$return = $sql->query( $query, $bind_variables, array() )[0];
|
$return = $sql->query( $query, $bind_variables, array() )[0];
|
||||||
|
|
||||||
if( ! empty( $return ) ) {
|
if( ! empty( $return ) ) {
|
||||||
|
@ -218,8 +227,12 @@ class Project extends Common {
|
||||||
public function get_projects() {
|
public function get_projects() {
|
||||||
|
|
||||||
global $sql;
|
global $sql;
|
||||||
$query = "SELECT * FROM projects WHERE owner=? OR owner='nobody' OR access LIKE ? ORDER BY name;";
|
$query = "
|
||||||
$bind_variables = array( $_SESSION["user"], '%"' . $_SESSION["user"] . '"%' );
|
SELECT * FROM projects
|
||||||
|
WHERE owner=?
|
||||||
|
OR owner='nobody'
|
||||||
|
OR path IN ( SELECT path FROM access WHERE user = ? );";
|
||||||
|
$bind_variables = array( $_SESSION["user"], $_SESSION["user_id"] );
|
||||||
$return = $sql->query( $query, $bind_variables, array() );
|
$return = $sql->query( $query, $bind_variables, array() );
|
||||||
|
|
||||||
if( empty( $return ) ) {
|
if( empty( $return ) ) {
|
||||||
|
@ -349,8 +362,15 @@ class Project extends Common {
|
||||||
public function Open() {
|
public function Open() {
|
||||||
|
|
||||||
global $sql;
|
global $sql;
|
||||||
$query = "SELECT * FROM projects WHERE path=? AND ( owner=? OR owner='nobody' OR access LIKE ? );";
|
$query = "
|
||||||
$bind_variables = array( $this->path, $_SESSION["user"], '%"' . $_SESSION["user"] . '"%' );
|
SELECT * FROM projects
|
||||||
|
WHERE path = ?
|
||||||
|
AND (
|
||||||
|
owner=?
|
||||||
|
OR owner='nobody'
|
||||||
|
OR id IN ( SELECT project FROM access WHERE user = ? )
|
||||||
|
) ORDER BY name;";
|
||||||
|
$bind_variables = array( $this->path, $_SESSION["user"], $_SESSION["user_id"] );
|
||||||
$return = $sql->query( $query, $bind_variables, array() )[0];
|
$return = $sql->query( $query, $bind_variables, array() )[0];
|
||||||
|
|
||||||
if( ! empty( $return ) ) {
|
if( ! empty( $return ) ) {
|
||||||
|
@ -360,6 +380,7 @@ class Project extends Common {
|
||||||
$sql->query( $query, $bind_variables, 0, "rowCount" );
|
$sql->query( $query, $bind_variables, 0, "rowCount" );
|
||||||
$this->name = $return['name'];
|
$this->name = $return['name'];
|
||||||
$_SESSION['project'] = $return['path'];
|
$_SESSION['project'] = $return['path'];
|
||||||
|
$_SESSION['project_id'] = $return['id'];
|
||||||
|
|
||||||
echo formatJSEND( "success", array( "name" => $this->name, "path" => $this->path ) );
|
echo formatJSEND( "success", array( "name" => $this->name, "path" => $this->path ) );
|
||||||
} else {
|
} else {
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
<?php
|
<?php
|
||||||
|
|
||||||
require_once( __DIR__ . "/class.sql.conversions.php" );
|
require_once( __DIR__ . "/class.sql.conversions.php" );
|
||||||
|
require_once( __DIR__ . "/../permissions/class.permissions.php" );
|
||||||
|
|
||||||
class sql {
|
class sql {
|
||||||
|
|
||||||
|
@ -35,8 +36,11 @@ class sql {
|
||||||
$dbtype = DBTYPE;
|
$dbtype = DBTYPE;
|
||||||
$username = DBUSER;
|
$username = DBUSER;
|
||||||
$password = DBPASS;
|
$password = DBPASS;
|
||||||
|
$options = array(
|
||||||
|
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
|
||||||
|
);
|
||||||
|
|
||||||
$this->connection = new PDO( "{$dbtype}:host={$host};dbname={$dbname}", $username, $password );
|
$this->connection = new PDO( "{$dbtype}:host={$host};dbname={$dbname}", $username, $password, $options );
|
||||||
}
|
}
|
||||||
|
|
||||||
return( $this->connection );
|
return( $this->connection );
|
||||||
|
@ -65,6 +69,18 @@ class sql {
|
||||||
"focused" => array( "not null" ),
|
"focused" => array( "not null" ),
|
||||||
)
|
)
|
||||||
),
|
),
|
||||||
|
"access" => array(
|
||||||
|
"fields" => array(
|
||||||
|
"project" => "int",
|
||||||
|
"user" => "int",
|
||||||
|
"level" => "int",
|
||||||
|
),
|
||||||
|
"attributes" => array(
|
||||||
|
"id" => array( "not null" ),
|
||||||
|
"user" => array( "not null" ),
|
||||||
|
"level" => array( "not null" ),
|
||||||
|
)
|
||||||
|
),
|
||||||
"options" => array(
|
"options" => array(
|
||||||
"fields" => array(
|
"fields" => array(
|
||||||
"id" => "int",
|
"id" => "int",
|
||||||
|
@ -83,7 +99,6 @@ class sql {
|
||||||
"name" => "string",
|
"name" => "string",
|
||||||
"path" => "text",
|
"path" => "text",
|
||||||
"owner" => "string",
|
"owner" => "string",
|
||||||
"access" => "string",
|
|
||||||
),
|
),
|
||||||
"attributes" => array(
|
"attributes" => array(
|
||||||
|
|
||||||
|
@ -91,7 +106,6 @@ class sql {
|
||||||
"name" => array( "not null" ),
|
"name" => array( "not null" ),
|
||||||
"path" => array( "not null", "unique" ),
|
"path" => array( "not null", "unique" ),
|
||||||
"owner" => array( "not null", "unique" ),
|
"owner" => array( "not null", "unique" ),
|
||||||
"access" => array(),
|
|
||||||
)
|
)
|
||||||
),
|
),
|
||||||
"users" => array(
|
"users" => array(
|
||||||
|
@ -102,7 +116,7 @@ class sql {
|
||||||
"username" => "string",
|
"username" => "string",
|
||||||
"password" => "text",
|
"password" => "text",
|
||||||
"email" => "string",
|
"email" => "string",
|
||||||
"project" => "string",
|
"project" => "int",
|
||||||
"access" => "string",
|
"access" => "string",
|
||||||
"groups" => "string",
|
"groups" => "string",
|
||||||
"token" => "string",
|
"token" => "string",
|
||||||
|
@ -131,6 +145,85 @@ class sql {
|
||||||
)
|
)
|
||||||
);
|
);
|
||||||
|
|
||||||
|
if( $result === true ) {
|
||||||
|
|
||||||
|
$sql_conversions = new sql_conversions();
|
||||||
|
|
||||||
|
try {
|
||||||
|
|
||||||
|
$access_query = "INSERT INTO access( project, user, level ) VALUES ";
|
||||||
|
$projects = $this->query( "SELECT id, access FROM projects", array(), array(), "fetchAll", "exception" );
|
||||||
|
$users = $this->query( "SELECT id, username FROM users", array(), array(), "fetchAll", "exception" );
|
||||||
|
$delete = Permissions::LEVELS["delete"];
|
||||||
|
|
||||||
|
foreach( $users as $row => $user ) {
|
||||||
|
|
||||||
|
foreach( $projects as $row => $project ) {
|
||||||
|
|
||||||
|
$access = json_decode( $project["access"], true );
|
||||||
|
if( ! is_array( $access ) || empty( $access ) ) {
|
||||||
|
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
|
||||||
|
foreach( $access as $granted_user ) {
|
||||||
|
|
||||||
|
if( $granted_user == $user["username"] ) {
|
||||||
|
|
||||||
|
$access_query .= "( {$project["id"]}, {$user["id"]}, $delete ),";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if( $access_query !== "INSERT INTO access( project, user, level ) " ) {
|
||||||
|
|
||||||
|
$result = $this->query( substr( $access_query, 0, -1 ), array(), 0, "rowCount", "exception" );
|
||||||
|
}
|
||||||
|
$result = $this->query( "ALTER TABLE projects DROP COLUMN access", array(), 0, "rowCount" );
|
||||||
|
} catch( Exception $error ) {
|
||||||
|
|
||||||
|
//The access field is not there.
|
||||||
|
//echo var_export( $error->getMessage(), $access_query );
|
||||||
|
}
|
||||||
|
|
||||||
|
try {
|
||||||
|
|
||||||
|
$update_query = "";
|
||||||
|
$projects = $this->query( "SELECT id, path FROM projects", array(), array(), "fetchAll", "exception" );
|
||||||
|
$result = $this->query( "SELECT project FROM users", array(), array(), "fetchAll", "exception" );
|
||||||
|
$convert = false;
|
||||||
|
$delete = Permissions::LEVELS["delete"];
|
||||||
|
|
||||||
|
foreach( $result as $row => $user ) {
|
||||||
|
|
||||||
|
if( ! is_numeric( $user["project"] ) ) {
|
||||||
|
|
||||||
|
$convert = true;
|
||||||
|
}
|
||||||
|
|
||||||
|
foreach( $projects as $row => $project ) {
|
||||||
|
|
||||||
|
if( $project["path"] == $user["project"] ) {
|
||||||
|
|
||||||
|
$update_query .= "UPDATE users SET project={$project["id"]};";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if( $convert ) {
|
||||||
|
|
||||||
|
//change project to users table
|
||||||
|
$result = $this->query( "ALTER TABLE users DROP COLUMN project", array(), array(), "rowCount", "exception" );
|
||||||
|
$result = $this->query( "ALTER TABLE users ADD COLUMN project " . $sql_conversions->data_types["int"][DBTYPE], array(), array(), "rowCount", "exception" );
|
||||||
|
$result = $this->query( $update_query, array(), array(), "rowCount", "exception" );
|
||||||
|
}
|
||||||
|
} catch( Exception $error ) {
|
||||||
|
|
||||||
|
//echo var_dump( $error->getMessage() );
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
return $result;
|
return $result;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -169,18 +262,15 @@ class sql {
|
||||||
);
|
);
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
try {
|
||||||
|
|
||||||
$query = $this->conversions->tables( $table );
|
$query = $this->conversions->tables( $table );
|
||||||
$connection = $this->connect();
|
$connection = $this->connect();
|
||||||
$result = $connection->exec( $query );
|
$result = $connection->exec( $query );
|
||||||
$error = $connection->errorInfo();
|
|
||||||
//echo var_dump( $query, $result, $connection->errorInfo() ) . "<br>";
|
|
||||||
|
|
||||||
if ( $result === false || ! $error[0] == "00000" ) {
|
|
||||||
|
|
||||||
return $error;
|
|
||||||
} else {
|
|
||||||
|
|
||||||
return true;
|
return true;
|
||||||
|
} catch( exception $error ) {
|
||||||
|
|
||||||
|
return $error->getMessage();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -227,9 +317,19 @@ class sql {
|
||||||
|
|
||||||
$query = $this->conversions->update( $table, $fields, $where );
|
$query = $this->conversions->update( $table, $fields, $where );
|
||||||
//echo var_dump( $query ) . "<br>";
|
//echo var_dump( $query ) . "<br>";
|
||||||
|
//return $query;
|
||||||
}
|
}
|
||||||
|
|
||||||
public function query( $query, $bind_variables, $default, $action='fetchAll', $show_errors=false ) {
|
public function query( $query, $bind_variables, $default, $action='fetchAll', $errors="default" ) {
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Errors:
|
||||||
|
* default - this value could be anything such as true or foobar
|
||||||
|
* message
|
||||||
|
* exception
|
||||||
|
*/
|
||||||
|
|
||||||
|
try {
|
||||||
|
|
||||||
$connection = $this->connect();
|
$connection = $this->connect();
|
||||||
$statement = $connection->prepare( $query );
|
$statement = $connection->prepare( $query );
|
||||||
|
@ -257,23 +357,18 @@ class sql {
|
||||||
$return = $statement->fetchAll( \PDO::FETCH_ASSOC );
|
$return = $statement->fetchAll( \PDO::FETCH_ASSOC );
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
} catch( exception $error ) {
|
||||||
|
|
||||||
$error = $statement->errorInfo();
|
|
||||||
|
|
||||||
if( ! $error[0] == "00000" ) {
|
|
||||||
|
|
||||||
echo var_export( $error );
|
|
||||||
echo var_export( $return );
|
|
||||||
$return = $default;
|
$return = $default;
|
||||||
|
|
||||||
|
if( $errors == "message" ) {
|
||||||
|
|
||||||
|
$return = json_encode( array( $error->getMessage() ) );
|
||||||
|
} elseif( $errors == "exception" ) {
|
||||||
|
|
||||||
|
throw $error;
|
||||||
}
|
}
|
||||||
|
|
||||||
if( $show_errors ) {
|
|
||||||
|
|
||||||
$return = json_encode( $error );
|
|
||||||
}
|
}
|
||||||
|
|
||||||
//echo var_dump( $error, $return );
|
|
||||||
|
|
||||||
$this->close();
|
$this->close();
|
||||||
return( $return );
|
return( $return );
|
||||||
}
|
}
|
||||||
|
|
|
@ -19,6 +19,8 @@ if ( $_POST['action'] == 'create_default_tables' ) {
|
||||||
global $sql;
|
global $sql;
|
||||||
$result = $sql->create_default_tables();
|
$result = $sql->create_default_tables();
|
||||||
|
|
||||||
|
echo var_dump( $result );
|
||||||
|
|
||||||
if( $result === true ) {
|
if( $result === true ) {
|
||||||
|
|
||||||
exit( formatJSEND( "success", "Created tables." ) );
|
exit( formatJSEND( "success", "Created tables." ) );
|
||||||
|
|
|
@ -15,6 +15,7 @@ $projects_file = BASE_PATH . "/data/projects.php";
|
||||||
$users_file = BASE_PATH . "/data/users.php";
|
$users_file = BASE_PATH . "/data/users.php";
|
||||||
//checkSession();
|
//checkSession();
|
||||||
if ( ! checkAccess() ) {
|
if ( ! checkAccess() ) {
|
||||||
|
|
||||||
echo "Error, you do not have access to update Codiad.";
|
echo "Error, you do not have access to update Codiad.";
|
||||||
exit();
|
exit();
|
||||||
}
|
}
|
||||||
|
|
|
@ -243,23 +243,26 @@ class User {
|
||||||
|
|
||||||
if( ! empty( $return ) ) {
|
if( ! empty( $return ) ) {
|
||||||
|
|
||||||
|
$user = $return[0];
|
||||||
$pass = true;
|
$pass = true;
|
||||||
$token = mb_strtoupper( strval( bin2hex( openssl_random_pseudo_bytes( 16 ) ) ) );
|
$token = mb_strtoupper( strval( bin2hex( openssl_random_pseudo_bytes( 16 ) ) ) );
|
||||||
$_SESSION['id'] = SESSION_ID;
|
$_SESSION['id'] = SESSION_ID;
|
||||||
$_SESSION['user'] = $this->username;
|
$_SESSION['user'] = $this->username;
|
||||||
|
$_SESSION['user_id'] = $user["id"];
|
||||||
$_SESSION['token'] = $token;
|
$_SESSION['token'] = $token;
|
||||||
$_SESSION['lang'] = $this->lang;
|
$_SESSION['lang'] = $this->lang;
|
||||||
$_SESSION['theme'] = $this->theme;
|
$_SESSION['theme'] = $this->theme;
|
||||||
$_SESSION["login_session"] = true;
|
$_SESSION["login_session"] = true;
|
||||||
$user = $return[0];
|
|
||||||
|
|
||||||
$query = "UPDATE users SET token=? WHERE username=?;";
|
$query = "UPDATE users SET token=? WHERE username=?;";
|
||||||
$bind_variables = array( sha1( $token ), $this->username );
|
$bind_variables = array( sha1( $token ), $this->username );
|
||||||
$return = $sql->query( $query, $bind_variables, 0, 'rowCount' );
|
$return = $sql->query( $query, $bind_variables, 0, 'rowCount' );
|
||||||
|
$projects = $sql->query( "SELECT path FROM projects WHERE id = ?", array( $user["project"] ), array(), 'rowCount' );
|
||||||
|
|
||||||
if( isset( $user['project'] ) && $user['project'] != '' ) {
|
if( isset( $user['project'] ) && $user['project'] != '' && ! empty( $projects ) ) {
|
||||||
|
|
||||||
$_SESSION['project'] = $user['project'];
|
$_SESSION['project'] = $projects[0]["path"];
|
||||||
|
$_SESSION['project_id'] = $user['project'];
|
||||||
}
|
}
|
||||||
|
|
||||||
$this->checkDuplicateSessions( $this->username );
|
$this->checkDuplicateSessions( $this->username );
|
||||||
|
|
Loading…
Reference in a new issue