Adds access control to pages based on user rights

main
Yasen Pramatarov 2024-09-13 12:13:00 +03:00
parent 172a545acf
commit 7cc8da562d
7 changed files with 82 additions and 10 deletions

View File

@ -164,6 +164,27 @@ class User {
} }
// check if the user has a specific right
function hasRight($user_id, $right_name) {
$userRights = $this->getUserRights($user_id);
$userHasRight = false;
// superuser always has all the rights
if ($user_id === 1) {
$userHasRight = true;
}
foreach ($userRights as $right) {
if ($right['right_name'] === $right_name) {
$userHasRight = true;
break;
}
}
return $userHasRight;
}
// update an existing user // update an existing user
public function editUser($user_id, $updatedUser) { public function editUser($user_id, $updatedUser) {
try { try {

View File

@ -0,0 +1,15 @@
<?php
// get the UTC offset of a specified timezone
function getUTCOffset($timezone) {
$datetime = new DateTime("now", new DateTimeZone($timezone));
$offsetInSeconds = $datetime->getOffset();
$hours = intdiv($offsetInSeconds, 3600);
$minutes = ($offsetInSeconds % 3600) / 60;
$formattedOffset = sprintf("UTC%+03d:%02d", $hours, $minutes); // Format UTC+01:00
return $formattedOffset;
}
?>

View File

@ -93,7 +93,11 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST') {
include '../app/templates/config-delete-platform.php'; include '../app/templates/config-delete-platform.php';
break; break;
default: default:
if ($userObject->hasRight($user_id, 'view config file')) {
include '../app/templates/config-list.php'; include '../app/templates/config-list.php';
} else {
include '../app/templates/unauthorized.php';
}
} }
} }
} }

View File

@ -1,13 +1,13 @@
<?php <?php
$action = $_REQUEST['action'] ?? ''; $action = $_REQUEST['action'] ?? '';
require '../app/classes/user.php'; //require '../app/classes/user.php';
//
$userObject = new User($dbWeb); //$userObject = new User($dbWeb);
//
$user_id = $userObject->getUserId($user)[0]['id']; //$user_id = $userObject->getUserId($user)[0]['id'];
$userDetails = $userObject->getUserDetails($user_id); //$userDetails = $userObject->getUserDetails($user_id);
$userRights = $userObject->getUserRights($user_id); //$userRights = $userObject->getUserRights($user_id);
// if a form is submitted, it's from the edit page // if a form is submitted, it's from the edit page
if ($_SERVER['REQUEST_METHOD'] == 'POST') { if ($_SERVER['REQUEST_METHOD'] == 'POST') {

View File

@ -2,6 +2,17 @@
<!-- Sidebar --> <!-- Sidebar -->
<div class="col-md-3 sidebar-wrapper bg-light" id="sidebar"> <div class="col-md-3 sidebar-wrapper bg-light" id="sidebar">
<div class="text-center" style="border: 1px solid #0dcaf0; height: 22px;" id="time_now">
<?php
$userTimezone = 'Europe/Sofia';
//$userTimezone = 'UTC';
$timezone = isset($userTimezone) ? $userTimezone : 'UTC'; // Default to UTC if no timezone is set
$timeNow = new DateTime('now', new DateTimeZone($timezone));
?>
<!--span style="vertical-align: top; font-size: 12px;"><?= $timeNow->format('d M Y H:i'); ?> <?= $userTimezone ?></span-->
<span style="vertical-align: top; font-size: 12px;"><?= $timeNow->format('H:i'); ?>&nbsp;&nbsp;<?= $userTimezone ?></span>
</div>
<div class="col-4"><button class="btn btn-sm btn-info toggle-sidebar-button" type="button" id="toggleSidebarButton" value=">>"></button></div> <div class="col-4"><button class="btn btn-sm btn-info toggle-sidebar-button" type="button" id="toggleSidebarButton" value=">>"></button></div>
<div class="sidebar-content card ml-3 mt-3"> <div class="sidebar-content card ml-3 mt-3">
<ul class="list-group"> <ul class="list-group">
@ -31,16 +42,20 @@
<li class="list-group-item bg-light" style="border: none;"><p class="text-end mb-0"><small>jilo-web config</small></p></li> <li class="list-group-item bg-light" style="border: none;"><p class="text-end mb-0"><small>jilo-web config</small></p></li>
<?php if ($userObject->hasRight($user_id, 'view config file')) {?>
<a href="<?= $app_root ?>?page=config"> <a href="<?= $app_root ?>?page=config">
<li class="list-group-item<?php if ($page === 'config' && $item === '') echo ' list-group-item-secondary'; else echo ' list-group-item-action'; ?>"> <li class="list-group-item<?php if ($page === 'config' && $item === '') echo ' list-group-item-secondary'; else echo ' list-group-item-action'; ?>">
<i class="fas fa-wrench" data-toggle="tooltip" data-placement="right" data-offset="30.0" title="configuration"></i>config <i class="fas fa-wrench" data-toggle="tooltip" data-placement="right" data-offset="30.0" title="configuration"></i>config
</li> </li>
</a> </a>
<?php } ?>
<?php if ($userObject->hasRight($user_id, 'view app logs')) {?>
<a href="<?= $app_root ?>?page=logs"> <a href="<?= $app_root ?>?page=logs">
<li class="list-group-item<?php if ($page === 'logs') echo ' list-group-item-secondary'; else echo ' list-group-item-action'; ?>"> <li class="list-group-item<?php if ($page === 'logs') echo ' list-group-item-secondary'; else echo ' list-group-item-action'; ?>">
<i class="fas fa-list" data-toggle="tooltip" data-placement="right" data-offset="30.0" title="logs"></i>logs <i class="fas fa-list" data-toggle="tooltip" data-placement="right" data-offset="30.0" title="logs"></i>logs
</li> </li>
</a> </a>
<?php } ?>
<li class="list-group-item bg-light" style="border: none;"><p class="text-end mb-0"><small>current Jitsi platform</small></p></li> <li class="list-group-item bg-light" style="border: none;"><p class="text-end mb-0"><small>current Jitsi platform</small></p></li>

View File

@ -0,0 +1,8 @@
<div class="text-center">
<div class="mt-3 h5">You have no access to this page.</div>
<div>
<small>go to <a href="<?= $app_root ?>">front page</a> or to <a href="<?= $app_root ?>?page=profile">your profile</a></small>
</div>
</div>

View File

@ -77,12 +77,12 @@ if (isset($_REQUEST['item'])) {
} }
// check if logged in // check if logged in
unset($user); unset($currentUser);
if (isset($_COOKIE['username'])) { if (isset($_COOKIE['username'])) {
if ( !isset($_SESSION['username']) ) { if ( !isset($_SESSION['username']) ) {
$_SESSION['username'] = $_COOKIE['username']; $_SESSION['username'] = $_COOKIE['username'];
} }
$user = htmlspecialchars($_SESSION['username']); $currentUser = htmlspecialchars($_SESSION['username']);
} }
// redirect to login // redirect to login
@ -130,6 +130,15 @@ if ($page == 'logout') {
} else { } else {
// if user is logged in, we need user details and rights
require '../app/classes/user.php';
include '../app/helpers/profile.php';
$userObject = new User($dbWeb);
$user = $currentUser;
$user_id = $userObject->getUserId($user)[0]['id'];
$userDetails = $userObject->getUserDetails($user_id);
$userRights = $userObject->getUserRights($user_id);
// page building // page building
if (in_array($page, $allowed_urls)) { if (in_array($page, $allowed_urls)) {