Adds access control to pages based on user rights
parent
172a545acf
commit
7cc8da562d
|
@ -164,6 +164,27 @@ class User {
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// check if the user has a specific right
|
||||||
|
function hasRight($user_id, $right_name) {
|
||||||
|
$userRights = $this->getUserRights($user_id);
|
||||||
|
$userHasRight = false;
|
||||||
|
|
||||||
|
// superuser always has all the rights
|
||||||
|
if ($user_id === 1) {
|
||||||
|
$userHasRight = true;
|
||||||
|
}
|
||||||
|
|
||||||
|
foreach ($userRights as $right) {
|
||||||
|
if ($right['right_name'] === $right_name) {
|
||||||
|
$userHasRight = true;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return $userHasRight;
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
// update an existing user
|
// update an existing user
|
||||||
public function editUser($user_id, $updatedUser) {
|
public function editUser($user_id, $updatedUser) {
|
||||||
try {
|
try {
|
||||||
|
|
|
@ -0,0 +1,15 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
// get the UTC offset of a specified timezone
|
||||||
|
function getUTCOffset($timezone) {
|
||||||
|
$datetime = new DateTime("now", new DateTimeZone($timezone));
|
||||||
|
$offsetInSeconds = $datetime->getOffset();
|
||||||
|
|
||||||
|
$hours = intdiv($offsetInSeconds, 3600);
|
||||||
|
$minutes = ($offsetInSeconds % 3600) / 60;
|
||||||
|
$formattedOffset = sprintf("UTC%+03d:%02d", $hours, $minutes); // Format UTC+01:00
|
||||||
|
|
||||||
|
return $formattedOffset;
|
||||||
|
}
|
||||||
|
|
||||||
|
?>
|
|
@ -93,7 +93,11 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST') {
|
||||||
include '../app/templates/config-delete-platform.php';
|
include '../app/templates/config-delete-platform.php';
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
|
if ($userObject->hasRight($user_id, 'view config file')) {
|
||||||
include '../app/templates/config-list.php';
|
include '../app/templates/config-list.php';
|
||||||
|
} else {
|
||||||
|
include '../app/templates/unauthorized.php';
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,13 +1,13 @@
|
||||||
<?php
|
<?php
|
||||||
|
|
||||||
$action = $_REQUEST['action'] ?? '';
|
$action = $_REQUEST['action'] ?? '';
|
||||||
require '../app/classes/user.php';
|
//require '../app/classes/user.php';
|
||||||
|
//
|
||||||
$userObject = new User($dbWeb);
|
//$userObject = new User($dbWeb);
|
||||||
|
//
|
||||||
$user_id = $userObject->getUserId($user)[0]['id'];
|
//$user_id = $userObject->getUserId($user)[0]['id'];
|
||||||
$userDetails = $userObject->getUserDetails($user_id);
|
//$userDetails = $userObject->getUserDetails($user_id);
|
||||||
$userRights = $userObject->getUserRights($user_id);
|
//$userRights = $userObject->getUserRights($user_id);
|
||||||
|
|
||||||
// if a form is submitted, it's from the edit page
|
// if a form is submitted, it's from the edit page
|
||||||
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
|
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
|
||||||
|
|
|
@ -2,6 +2,17 @@
|
||||||
|
|
||||||
<!-- Sidebar -->
|
<!-- Sidebar -->
|
||||||
<div class="col-md-3 sidebar-wrapper bg-light" id="sidebar">
|
<div class="col-md-3 sidebar-wrapper bg-light" id="sidebar">
|
||||||
|
<div class="text-center" style="border: 1px solid #0dcaf0; height: 22px;" id="time_now">
|
||||||
|
<?php
|
||||||
|
$userTimezone = 'Europe/Sofia';
|
||||||
|
//$userTimezone = 'UTC';
|
||||||
|
$timezone = isset($userTimezone) ? $userTimezone : 'UTC'; // Default to UTC if no timezone is set
|
||||||
|
$timeNow = new DateTime('now', new DateTimeZone($timezone));
|
||||||
|
?>
|
||||||
|
<!--span style="vertical-align: top; font-size: 12px;"><?= $timeNow->format('d M Y H:i'); ?> <?= $userTimezone ?></span-->
|
||||||
|
<span style="vertical-align: top; font-size: 12px;"><?= $timeNow->format('H:i'); ?> <?= $userTimezone ?></span>
|
||||||
|
</div>
|
||||||
|
|
||||||
<div class="col-4"><button class="btn btn-sm btn-info toggle-sidebar-button" type="button" id="toggleSidebarButton" value=">>"></button></div>
|
<div class="col-4"><button class="btn btn-sm btn-info toggle-sidebar-button" type="button" id="toggleSidebarButton" value=">>"></button></div>
|
||||||
<div class="sidebar-content card ml-3 mt-3">
|
<div class="sidebar-content card ml-3 mt-3">
|
||||||
<ul class="list-group">
|
<ul class="list-group">
|
||||||
|
@ -31,16 +42,20 @@
|
||||||
|
|
||||||
<li class="list-group-item bg-light" style="border: none;"><p class="text-end mb-0"><small>jilo-web config</small></p></li>
|
<li class="list-group-item bg-light" style="border: none;"><p class="text-end mb-0"><small>jilo-web config</small></p></li>
|
||||||
|
|
||||||
|
<?php if ($userObject->hasRight($user_id, 'view config file')) {?>
|
||||||
<a href="<?= $app_root ?>?page=config">
|
<a href="<?= $app_root ?>?page=config">
|
||||||
<li class="list-group-item<?php if ($page === 'config' && $item === '') echo ' list-group-item-secondary'; else echo ' list-group-item-action'; ?>">
|
<li class="list-group-item<?php if ($page === 'config' && $item === '') echo ' list-group-item-secondary'; else echo ' list-group-item-action'; ?>">
|
||||||
<i class="fas fa-wrench" data-toggle="tooltip" data-placement="right" data-offset="30.0" title="configuration"></i>config
|
<i class="fas fa-wrench" data-toggle="tooltip" data-placement="right" data-offset="30.0" title="configuration"></i>config
|
||||||
</li>
|
</li>
|
||||||
</a>
|
</a>
|
||||||
|
<?php } ?>
|
||||||
|
<?php if ($userObject->hasRight($user_id, 'view app logs')) {?>
|
||||||
<a href="<?= $app_root ?>?page=logs">
|
<a href="<?= $app_root ?>?page=logs">
|
||||||
<li class="list-group-item<?php if ($page === 'logs') echo ' list-group-item-secondary'; else echo ' list-group-item-action'; ?>">
|
<li class="list-group-item<?php if ($page === 'logs') echo ' list-group-item-secondary'; else echo ' list-group-item-action'; ?>">
|
||||||
<i class="fas fa-list" data-toggle="tooltip" data-placement="right" data-offset="30.0" title="logs"></i>logs
|
<i class="fas fa-list" data-toggle="tooltip" data-placement="right" data-offset="30.0" title="logs"></i>logs
|
||||||
</li>
|
</li>
|
||||||
</a>
|
</a>
|
||||||
|
<?php } ?>
|
||||||
|
|
||||||
<li class="list-group-item bg-light" style="border: none;"><p class="text-end mb-0"><small>current Jitsi platform</small></p></li>
|
<li class="list-group-item bg-light" style="border: none;"><p class="text-end mb-0"><small>current Jitsi platform</small></p></li>
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,8 @@
|
||||||
|
|
||||||
|
<div class="text-center">
|
||||||
|
<div class="mt-3 h5">You have no access to this page.</div>
|
||||||
|
<div>
|
||||||
|
<small>go to <a href="<?= $app_root ?>">front page</a> or to <a href="<?= $app_root ?>?page=profile">your profile</a></small>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
|
|
@ -77,12 +77,12 @@ if (isset($_REQUEST['item'])) {
|
||||||
}
|
}
|
||||||
|
|
||||||
// check if logged in
|
// check if logged in
|
||||||
unset($user);
|
unset($currentUser);
|
||||||
if (isset($_COOKIE['username'])) {
|
if (isset($_COOKIE['username'])) {
|
||||||
if ( !isset($_SESSION['username']) ) {
|
if ( !isset($_SESSION['username']) ) {
|
||||||
$_SESSION['username'] = $_COOKIE['username'];
|
$_SESSION['username'] = $_COOKIE['username'];
|
||||||
}
|
}
|
||||||
$user = htmlspecialchars($_SESSION['username']);
|
$currentUser = htmlspecialchars($_SESSION['username']);
|
||||||
}
|
}
|
||||||
|
|
||||||
// redirect to login
|
// redirect to login
|
||||||
|
@ -130,6 +130,15 @@ if ($page == 'logout') {
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
|
|
||||||
|
// if user is logged in, we need user details and rights
|
||||||
|
require '../app/classes/user.php';
|
||||||
|
include '../app/helpers/profile.php';
|
||||||
|
$userObject = new User($dbWeb);
|
||||||
|
$user = $currentUser;
|
||||||
|
$user_id = $userObject->getUserId($user)[0]['id'];
|
||||||
|
$userDetails = $userObject->getUserDetails($user_id);
|
||||||
|
$userRights = $userObject->getUserRights($user_id);
|
||||||
|
|
||||||
// page building
|
// page building
|
||||||
if (in_array($page, $allowed_urls)) {
|
if (in_array($page, $allowed_urls)) {
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue