Adds access control to pages based on user rights

app/classes/user.php

@@ -164,6 +164,27 @@ class User {
 
     }
 
+    // check if the user has a specific right
+    function hasRight($user_id, $right_name) {
+        $userRights = $this->getUserRights($user_id);
+        $userHasRight = false;
+
+        // superuser always has all the rights
+        if ($user_id === 1) {
+            $userHasRight = true;
+        }
+
+        foreach ($userRights as $right) {
+            if ($right['right_name'] === $right_name) {
+                $userHasRight = true;
+                break;
+            }
+        }
+
+        return $userHasRight;
+
+    }
+
     // update an existing user
     public function editUser($user_id, $updatedUser) {
         try {

app/helpers/profile.php

@@ -0,0 +1,15 @@
+<?php
+
+// get the UTC offset of a specified timezone
+function getUTCOffset($timezone) {
+    $datetime = new DateTime("now", new DateTimeZone($timezone));
+    $offsetInSeconds = $datetime->getOffset();
+
+    $hours = intdiv($offsetInSeconds, 3600);
+    $minutes = ($offsetInSeconds % 3600) / 60;
+    $formattedOffset = sprintf("UTC%+03d:%02d", $hours, $minutes); // Format UTC+01:00
+
+    return $formattedOffset;
+}
+
+?>

app/pages/config.php

@@ -93,7 +93,11 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST') {
                     include '../app/templates/config-delete-platform.php';
                     break;
                 default:
+                    if ($userObject->hasRight($user_id, 'view config file')) {
                         include '../app/templates/config-list.php';
+                    } else {
+                        include '../app/templates/unauthorized.php';
+                    }
             }
     }
 }

app/pages/profile.php

@@ -1,13 +1,13 @@
 <?php
 
 $action = $_REQUEST['action'] ?? '';
-require '../app/classes/user.php';
+//require '../app/classes/user.php';
-
+//
-$userObject = new User($dbWeb);
+//$userObject = new User($dbWeb);
-
+//
-$user_id = $userObject->getUserId($user)[0]['id'];
+//$user_id = $userObject->getUserId($user)[0]['id'];
-$userDetails = $userObject->getUserDetails($user_id);
+//$userDetails = $userObject->getUserDetails($user_id);
-$userRights = $userObject->getUserRights($user_id);
+//$userRights = $userObject->getUserRights($user_id);
 
 // if a form is submitted, it's from the edit page
 if ($_SERVER['REQUEST_METHOD'] == 'POST') {

app/templates/page-sidebar.php

@@ -2,6 +2,17 @@
 
             <!-- Sidebar -->
             <div class="col-md-3 sidebar-wrapper bg-light" id="sidebar">
+            <div class="text-center" style="border: 1px solid #0dcaf0; height: 22px;" id="time_now">
+<?php
+$userTimezone = 'Europe/Sofia';
+//$userTimezone = 'UTC';
+$timezone = isset($userTimezone) ? $userTimezone : 'UTC'; // Default to UTC if no timezone is set
+$timeNow = new DateTime('now', new DateTimeZone($timezone));
+?>
+                <!--span style="vertical-align: top; font-size: 12px;"><?= $timeNow->format('d M Y H:i'); ?> <?= $userTimezone ?></span-->
+                <span style="vertical-align: top; font-size: 12px;"><?= $timeNow->format('H:i'); ?>&nbsp;&nbsp;<?= $userTimezone ?></span>
+            </div>
+
                 <div class="col-4"><button class="btn btn-sm btn-info toggle-sidebar-button" type="button" id="toggleSidebarButton" value=">>"></button></div>
                 <div class="sidebar-content card ml-3 mt-3">
                     <ul class="list-group">
@@ -31,16 +42,20 @@
 
                         <li class="list-group-item bg-light" style="border: none;"><p class="text-end mb-0"><small>jilo-web config</small></p></li>
 
+<?php if ($userObject->hasRight($user_id, 'view config file')) {?>
                         <a href="<?= $app_root ?>?page=config">
                             <li class="list-group-item<?php if ($page === 'config' && $item === '') echo ' list-group-item-secondary'; else echo ' list-group-item-action'; ?>">
                                 <i class="fas fa-wrench" data-toggle="tooltip" data-placement="right" data-offset="30.0" title="configuration"></i>config
                             </li>
                         </a>
+<?php } ?>
+<?php if ($userObject->hasRight($user_id, 'view app logs')) {?>
                         <a href="<?= $app_root ?>?page=logs">
                             <li class="list-group-item<?php if ($page === 'logs') echo ' list-group-item-secondary'; else echo ' list-group-item-action'; ?>">
                                 <i class="fas fa-list" data-toggle="tooltip" data-placement="right" data-offset="30.0" title="logs"></i>logs
                             </li>
                         </a>
+<?php } ?>
 
                         <li class="list-group-item bg-light" style="border: none;"><p class="text-end mb-0"><small>current Jitsi platform</small></p></li>
 

app/templates/unauthorized.php

@@ -0,0 +1,8 @@
+
+<div class="text-center">
+    <div class="mt-3 h5">You have no access to this page.</div>
+    <div>
+        <small>go to <a href="<?= $app_root ?>">front page</a> or to <a href="<?= $app_root ?>?page=profile">your profile</a></small>
+    </div>
+</div>
+

public_html/index.php

@@ -77,12 +77,12 @@ if (isset($_REQUEST['item'])) {
 }
 
 // check if logged in
-unset($user);
+unset($currentUser);
 if (isset($_COOKIE['username'])) {
     if ( !isset($_SESSION['username']) ) {
         $_SESSION['username'] = $_COOKIE['username'];
     }
-    $user = htmlspecialchars($_SESSION['username']);
+    $currentUser = htmlspecialchars($_SESSION['username']);
 }
 
 // redirect to login
@@ -130,6 +130,15 @@ if ($page == 'logout') {
 
 } else {
 
+    // if user is logged in, we need user details and rights
+    require '../app/classes/user.php';
+    include '../app/helpers/profile.php';
+    $userObject = new User($dbWeb);
+    $user = $currentUser;
+    $user_id = $userObject->getUserId($user)[0]['id'];
+    $userDetails = $userObject->getUserDetails($user_id);
+    $userRights = $userObject->getUserRights($user_id);
+
     // page building
     if (in_array($page, $allowed_urls)) {