Adds access control to pages based on user rights
parent
172a545acf
commit
7cc8da562d
|
|
@ -164,6 +164,27 @@ class User {
|
|||
|
||||
}
|
||||
|
||||
// check if the user has a specific right
|
||||
function hasRight($user_id, $right_name) {
|
||||
$userRights = $this->getUserRights($user_id);
|
||||
$userHasRight = false;
|
||||
|
||||
// superuser always has all the rights
|
||||
if ($user_id === 1) {
|
||||
$userHasRight = true;
|
||||
}
|
||||
|
||||
foreach ($userRights as $right) {
|
||||
if ($right['right_name'] === $right_name) {
|
||||
$userHasRight = true;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
return $userHasRight;
|
||||
|
||||
}
|
||||
|
||||
// update an existing user
|
||||
public function editUser($user_id, $updatedUser) {
|
||||
try {
|
||||
|
|
|
|||
|
|
@ -0,0 +1,15 @@
|
|||
<?php
|
||||
|
||||
// get the UTC offset of a specified timezone
|
||||
function getUTCOffset($timezone) {
|
||||
$datetime = new DateTime("now", new DateTimeZone($timezone));
|
||||
$offsetInSeconds = $datetime->getOffset();
|
||||
|
||||
$hours = intdiv($offsetInSeconds, 3600);
|
||||
$minutes = ($offsetInSeconds % 3600) / 60;
|
||||
$formattedOffset = sprintf("UTC%+03d:%02d", $hours, $minutes); // Format UTC+01:00
|
||||
|
||||
return $formattedOffset;
|
||||
}
|
||||
|
||||
?>
|
||||
|
|
@ -93,7 +93,11 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST') {
|
|||
include '../app/templates/config-delete-platform.php';
|
||||
break;
|
||||
default:
|
||||
include '../app/templates/config-list.php';
|
||||
if ($userObject->hasRight($user_id, 'view config file')) {
|
||||
include '../app/templates/config-list.php';
|
||||
} else {
|
||||
include '../app/templates/unauthorized.php';
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,13 +1,13 @@
|
|||
<?php
|
||||
|
||||
$action = $_REQUEST['action'] ?? '';
|
||||
require '../app/classes/user.php';
|
||||
|
||||
$userObject = new User($dbWeb);
|
||||
|
||||
$user_id = $userObject->getUserId($user)[0]['id'];
|
||||
$userDetails = $userObject->getUserDetails($user_id);
|
||||
$userRights = $userObject->getUserRights($user_id);
|
||||
//require '../app/classes/user.php';
|
||||
//
|
||||
//$userObject = new User($dbWeb);
|
||||
//
|
||||
//$user_id = $userObject->getUserId($user)[0]['id'];
|
||||
//$userDetails = $userObject->getUserDetails($user_id);
|
||||
//$userRights = $userObject->getUserRights($user_id);
|
||||
|
||||
// if a form is submitted, it's from the edit page
|
||||
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
|
||||
|
|
|
|||
|
|
@ -2,6 +2,17 @@
|
|||
|
||||
<!-- Sidebar -->
|
||||
<div class="col-md-3 sidebar-wrapper bg-light" id="sidebar">
|
||||
<div class="text-center" style="border: 1px solid #0dcaf0; height: 22px;" id="time_now">
|
||||
<?php
|
||||
$userTimezone = 'Europe/Sofia';
|
||||
//$userTimezone = 'UTC';
|
||||
$timezone = isset($userTimezone) ? $userTimezone : 'UTC'; // Default to UTC if no timezone is set
|
||||
$timeNow = new DateTime('now', new DateTimeZone($timezone));
|
||||
?>
|
||||
<!--span style="vertical-align: top; font-size: 12px;"><?= $timeNow->format('d M Y H:i'); ?> <?= $userTimezone ?></span-->
|
||||
<span style="vertical-align: top; font-size: 12px;"><?= $timeNow->format('H:i'); ?> <?= $userTimezone ?></span>
|
||||
</div>
|
||||
|
||||
<div class="col-4"><button class="btn btn-sm btn-info toggle-sidebar-button" type="button" id="toggleSidebarButton" value=">>"></button></div>
|
||||
<div class="sidebar-content card ml-3 mt-3">
|
||||
<ul class="list-group">
|
||||
|
|
@ -31,16 +42,20 @@
|
|||
|
||||
<li class="list-group-item bg-light" style="border: none;"><p class="text-end mb-0"><small>jilo-web config</small></p></li>
|
||||
|
||||
<?php if ($userObject->hasRight($user_id, 'view config file')) {?>
|
||||
<a href="<?= $app_root ?>?page=config">
|
||||
<li class="list-group-item<?php if ($page === 'config' && $item === '') echo ' list-group-item-secondary'; else echo ' list-group-item-action'; ?>">
|
||||
<i class="fas fa-wrench" data-toggle="tooltip" data-placement="right" data-offset="30.0" title="configuration"></i>config
|
||||
</li>
|
||||
</a>
|
||||
<?php } ?>
|
||||
<?php if ($userObject->hasRight($user_id, 'view app logs')) {?>
|
||||
<a href="<?= $app_root ?>?page=logs">
|
||||
<li class="list-group-item<?php if ($page === 'logs') echo ' list-group-item-secondary'; else echo ' list-group-item-action'; ?>">
|
||||
<i class="fas fa-list" data-toggle="tooltip" data-placement="right" data-offset="30.0" title="logs"></i>logs
|
||||
</li>
|
||||
</a>
|
||||
<?php } ?>
|
||||
|
||||
<li class="list-group-item bg-light" style="border: none;"><p class="text-end mb-0"><small>current Jitsi platform</small></p></li>
|
||||
|
||||
|
|
|
|||
|
|
@ -0,0 +1,8 @@
|
|||
|
||||
<div class="text-center">
|
||||
<div class="mt-3 h5">You have no access to this page.</div>
|
||||
<div>
|
||||
<small>go to <a href="<?= $app_root ?>">front page</a> or to <a href="<?= $app_root ?>?page=profile">your profile</a></small>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
|
|
@ -77,12 +77,12 @@ if (isset($_REQUEST['item'])) {
|
|||
}
|
||||
|
||||
// check if logged in
|
||||
unset($user);
|
||||
unset($currentUser);
|
||||
if (isset($_COOKIE['username'])) {
|
||||
if ( !isset($_SESSION['username']) ) {
|
||||
$_SESSION['username'] = $_COOKIE['username'];
|
||||
}
|
||||
$user = htmlspecialchars($_SESSION['username']);
|
||||
$currentUser = htmlspecialchars($_SESSION['username']);
|
||||
}
|
||||
|
||||
// redirect to login
|
||||
|
|
@ -130,6 +130,15 @@ if ($page == 'logout') {
|
|||
|
||||
} else {
|
||||
|
||||
// if user is logged in, we need user details and rights
|
||||
require '../app/classes/user.php';
|
||||
include '../app/helpers/profile.php';
|
||||
$userObject = new User($dbWeb);
|
||||
$user = $currentUser;
|
||||
$user_id = $userObject->getUserId($user)[0]['id'];
|
||||
$userDetails = $userObject->getUserDetails($user_id);
|
||||
$userRights = $userObject->getUserRights($user_id);
|
||||
|
||||
// page building
|
||||
if (in_array($page, $allowed_urls)) {
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue