Finish switching to Roles

diff --git a/Classes/class-paneluser.php b/Classes/class-paneluser.php
index 217226f11fa46420854b4545987479bdfa40e857..a579e088add856485512645f3c09069b2eea5ce6 100644 (file)
--- a/Classes/class-paneluser.php
+++ b/Classes/class-paneluser.php
@@ -270,9 +270,25 @@ function current_user_can($permission) : bool
  */
 function user_can(PanelUser $user, $permission) : bool
 {
+       global $config;
        if (!$user)
                return false;
 
+       if (isset($user->user_meta['role']))
+       {
+               if ($user->user_meta['role'] == "Super-Admin")
+                       return true;
+
+               else if ($user->user_meta['role'] == "Read-Only")
+                       return false;
+
+               else if (in_array($permission, $config['user_roles'][$user->user_meta['role']]))
+                       return true;
+                       
+               return false;
+       }
+
+       /* compatibility fallback */
        if (isset($user->user_meta['permissions']))
        {
                $perms = unserialize($user->user_meta['permissions']);
@@ -355,8 +371,8 @@ function get_panel_user_roles_list()
 {
        /* Defaults */
        $list = [
-        "Super Admin" => get_panel_user_permission_list(), // SuperAdmin can do everything
-        "Read Only" => [], // Read Only can do nothing
+        "Super-Admin" => get_panel_user_permission_list(), // SuperAdmin can do everything
+        "Read-Only" => [], // Read Only can do nothing
        ];
 
        Hook::run(HOOKTYPE_USER_ROLE_LIST, $list);
@@ -384,7 +400,7 @@ function generate_role_list($list)
                <div id="collapse_<?php echo to_slug($role); ?>" class="collapse" aria-labelledby="<?php echo to_slug($role); ?>_heading" data-parent="#roles_accord">
                        <div id="results_rpc" class="card-body">
                                <form method="post">
-                               <?php if ($role !== "Super Admin" && $role !== "Read Only") { ?>
+                               <?php if ($role !== "Super-Admin" && $role !== "Read-Only") { ?>
                                        <div class="container row mb-2">
                                                <button id="update_role" name="update_role" value="<?php echo $role ?>" class="btn btn-primary ml-1 mr-2" >Update</button>
                                                <button id="delete_role" name="del_role_name" value="<?php echo $role ?>" class="btn btn-danger"><i class="fa fa-trash fa-1" aria-hidden="true"></i></button>
@@ -395,7 +411,7 @@ function generate_role_list($list)
                                        foreach($list2 as $desc => $slug)
                                        {
                                        $attributes = "";
-                                       $attributes .= ($role == "Super Admin" || $role == "Read Only") ? "disabled " : "";
+                                       $attributes .= ($role == "Super-Admin" || $role == "Read-Only") ? "disabled " : "";
 
                                                ?>
                                                <div class="input-group">

diff --git a/settings/index.php b/settings/index.php
index a3ca2f2cd3a0669b4b0077614c2ccca503b9757f..453101ba0c85ddcca1662ba992b481c25693c5f4 100644 (file)
--- a/settings/index.php
+++ b/settings/index.php
@@ -52,6 +52,7 @@ if (isset($_POST))
                }
                else if (($usr_obj = new PanelUser($user['user_name'])) && isset($usr_obj->id))
                {
+                       $usr_obj->add_meta("role", $p['user_role']);
                        Message::Success("Successfully created user \"" . $user['user_name'] . "\"");
                }
                else
@@ -95,6 +96,15 @@ Click on a username to view more information.
                                <label for="password" id="user_add">Password
                                        <input style="width: 170%;" name="password" id="password" class="form-control curvy" type="password"></label>
                        </div>
+                       <div class="input-group mb-3">
+                               <label for="user_role" id="user_add">Role
+                               <select name="user_role" class="custom-select form-control" id="user_role" style="width:170%">
+                                       <?php
+                                               foreach(get_panel_user_roles_list() as $s => $l)
+                                                       echo "<option value=\"$s\">$s</option>";
+                                       ?>
+                               </select>
+                       </div>
                        <div class="input-group mb-3">
                                <label for="user_email" id="user_add">Email
                                        <input style="width: 170%;" name="user_email" id="user_email" class="form-control curvy" type="text"></label>
@@ -129,6 +139,7 @@ Click on a username to view more information.
        <form method="post">
        <th scope="col"><input type="checkbox" label='selectall' onClick="toggle_tkl(this)" /></th>
        <th scope="col">Username</th>
+       <th scope="col">Role</th>
        <th scope="col">First Name</th>
        <th scope="col">Last Name</th>
        <th scope="col">Email</th>
@@ -144,6 +155,7 @@ Click on a username to view more information.
                        
                        echo "<td scope=\"col\"><input type=\"checkbox\" value='" .$user->id . "' name=\"userch[]\"></td>";
                        echo "<td scope=\"col\"><a href=\"".get_config("base_url")."settings/user-edit.php?id=$user->id\">$user->username</a></td>";
+                       echo "<td scope=\"col\"><code>".((isset($user->user_meta['role'])) ? $user->user_meta['role'] : "")."</code></td>";
                        echo "<td scope=\"col\">".$user->first_name."</td>";
                        echo "<td scope=\"col\">".$user->last_name."</td>";
                        echo "<td scope=\"col\"><a href=\"mailto:$user->email\">$user->email</a></td>";

diff --git a/settings/install.php b/settings/install.php
index d215ed912dbd601332d7f2e5f30f3542206708ac..c114b5f87433b39a45d2a4fc870d895c18ad7a77 100644 (file)
--- a/settings/install.php
+++ b/settings/install.php
@@ -160,7 +160,7 @@ $writable = (is_writable("../config/")) ? true: false;
                        Message::Fail("Could not create user");
                        return;
                }
-               $lkup->add_permission(PERMISSION_MANAGE_USERS);
+               $lkup->add_meta('role', 'Super-Admin');
 
                /* Now, write all the config (config.php + settings in DB) */
                write_config();

diff --git a/settings/user-edit.php b/settings/user-edit.php
index e95307f8f9fa2aeb4ee1bbc5d9e708b1d18682b9..69b52c18cc2901e1f02247cd27adda7523771f5f 100644 (file)
--- a/settings/user-edit.php
+++ b/settings/user-edit.php
@@ -8,25 +8,19 @@ $us = unreal_get_current_user();
 $id = (isset($_GET['id'])) ? $_GET['id'] : $us->id;
 $edit_user = new PanelUser(NULL, $id);
 $can_edit_profile = (user_can($us, PERMISSION_MANAGE_USERS) || $edit_user->id == $us->id) ? true : false;
+$caneditprofile = ($can_edit_profile) ? "" : "disabled";
 $caneditpermissions = (user_can($us, PERMISSION_MANAGE_USERS)) ? true : false;
 $can_edit = ($caneditpermissions) ? "" : "disabled";
 $postbutton = (isset($_POST['update_user'])) ? true : false;
-$permissions = (isset($_POST['permissions'])) ? $_POST['permissions'] : [];
-$edit_perms = (isset($edit_user->user_meta['permissions'])) ? unserialize($edit_user->user_meta['permissions']) : [];
+$roles_list = get_panel_user_roles_list();
 
-/* Check if they can edit their permissions and if the permissions have indeed been changed */
-if ($postbutton && is_array($permissions) && $caneditpermissions
-        && $permissions != $edit_perms)
+if ($postbutton && isset($_POST['user_role']) && $caneditpermissions)
 {
-    foreach ($permissions as $p)
-        if (!in_array($p, $edit_perms))
-            $edit_user->add_permission($p);
-
-    foreach($edit_perms as $p)
-        if (!in_array($p, $permissions))
-            $edit_user->delete_permission($p);
-
-    Message::Success("Permissions for <strong>$edit_user->username</strong> have been updated");
+    if ($_POST['user_role'] != $edit_user->user_meta['role'])
+    {
+        $edit_user->add_meta("role", $_POST['user_role']);
+        Message::Success("Updated the role of $edit_user->username");
+    }
 }
 
 if ($postbutton && $can_edit_profile)
@@ -65,66 +59,70 @@ if ($postbutton && $can_edit_profile)
 <h4>Edit User: "<?php echo $edit_user->username; ?>"</h4>
 <br>
 <form method="post" action="user-edit.php?id=<?php echo $edit_user->id; ?>" autocomplete="off" enctype="multipart/form-data">
-<?php if ($can_edit_profile) { ?>
-<a class="btn btn-<?php echo (user_can($us, PERMISSION_MANAGE_USERS)) ? "danger" : "info"; ?>" data-toggle="collapse" href="#collapseExample" role="button" aria-expanded="false" aria-controls="collapseExample">
-<?php echo (user_can($us, PERMISSION_MANAGE_USERS)) ? "Edit" : "View"; ?> Permissions
-</a>
-<div class="collapse" id="collapseExample">
-    <br>
-  <div class="card card-body">
-    <h6>Here are all the things <?php echo $edit_user->username; ?> can do</h6>
-    <?php generate_panel_user_permission_table($edit_user); ?>
-  </div>
-</div>
-<?php } ?>
-<br><br>
+
 <div class="input-group mb-3">
     <div class="input-group-prepend">
-        <span class="input-group-text" style="width: 175px;">@</span>
+        <span class="input-group-text" style="width: 175px;">Username</span>
     </div><input disabled type="text" class="form-control" name="username" id="username" placeholder="<?php echo $edit_user->username; ?>">
 </div>
 
+<div class="input-group mb-3">
+    <div class="input-group-prepend">
+        <span class="input-group-text" style="width: 175px;">Role</span>
+    </div><select name="user_role" <?php echo $can_edit; ?> class="custom-select" id="user_role">
+                <?php
+                    foreach($roles_list as $s => $l)
+                    {
+                        $selected = ($s == $edit_user->user_meta['role']) ? "selected=\"selected\"" : "";
+                        echo "<option value=\"$s\" $selected>$s</option>";
+                    }
+                ?>
+            </select>
+</div>
+
+
+
 <div class="input-group mb-3">
     <div class="input-group-prepend">
         <span class="input-group-text" style="width: 175px;">First Name</span>
-    </div><input <?php echo $can_edit; ?> type="text" class="form-control" name="first_name" id="first_name" placeholder="<?php echo $edit_user->first_name; ?>">
+    </div><input <?php echo $caneditprofile; ?> type="text" class="form-control" name="first_name" id="first_name" placeholder="<?php echo $edit_user->first_name; ?>">
 </div>
 
 
 <div class="input-group mb-3">
     <div class="input-group-prepend">
         <span class="input-group-text" style="width: 175px;">Last Name</span>
-    </div><input <?php echo $can_edit; ?> type="text" class="form-control" name="last_name" id="last_name" placeholder="<?php echo $edit_user->last_name; ?>">
+    </div><input <?php echo $caneditprofile; ?> type="text" class="form-control" name="last_name" id="last_name" placeholder="<?php echo $edit_user->last_name; ?>">
 </div>
 
 
 <div class="input-group mb-3">
     <div class="input-group-prepend">
         <span class="input-group-text" style="width: 175px;">Bio</span>
-    </div><textarea <?php echo $can_edit; ?> class="form-control" name="bio" id="username"><?php echo $edit_user->bio; ?></textarea>
+    </div><textarea <?php echo $caneditprofile; ?> class="form-control" name="bio" id="username"><?php echo $edit_user->bio; ?></textarea>
 </div>
 
 
 <div class="input-group mb-3">
     <div class="input-group-prepend">
         <span class="input-group-text" style="width: 175px;">Email</span>
-    </div><input <?php echo $can_edit; ?> type="text" class="form-control" name="email" id="email" autocomplete="off" value="<?php echo $edit_user->email; ?>">
+    </div><input <?php echo $caneditprofile; ?> type="text" class="form-control" name="email" id="email" autocomplete="off" value="<?php echo $edit_user->email; ?>">
 </div>
 
 <div class="input-group mb-3">
     <div class="input-group-prepend">
         <span class="input-group-text" style="width: 175px;">Session timeout</span>
-    </div><input <?php echo $can_edit; ?> type="text" class="form-control" name="session_timeout" id="session_timeout" autocomplete="off" value="<?php echo $edit_user->user_meta['session_timeout'] ?? 3600; ?>">
+    </div><input <?php echo $caneditprofile; ?> type="text" class="form-control" name="session_timeout" id="session_timeout" autocomplete="off" value="<?php echo $edit_user->user_meta['session_timeout'] ?? 3600; ?>">
 </div>
 
 <div class="input-group mb-3">
     <div class="input-group-prepend">
         <span class="input-group-text" style="width: 175px;">New Password</span>
-    </div><input <?php echo $can_edit; ?> type="password" class="form-control" name="password" id="password" autocomplete="off">
+    </div><input <?php echo $caneditprofile; ?> type="password" class="form-control" name="password" id="password" autocomplete="off">
 </div><div class="input-group mb-3">
     <div class="input-group-prepend">
         <span class="input-group-text" style="width: 175px;">Confirm Password</span>
-    </div><input <?php echo $can_edit; ?> type="password" class="form-control" name="passwordconfirm" id="passwordconfirm" autocomplete="off">
+    </div><input <?php echo $caneditprofile; ?> type="password" class="form-control" name="passwordconfirm" id="passwordconfirm" autocomplete="off">
 </div>
 
 <br>

diff --git a/settings/user-role-edit.php b/settings/user-role-edit.php
index e85b11cb2e5d684428ef02545ac014aeafb40d4e..88e009208327f64b85e20b7f6c174e6dadba5b71 100644 (file)
--- a/settings/user-role-edit.php
+++ b/settings/user-role-edit.php
@@ -72,6 +72,30 @@ elseif (isset($_POST['del_role_name']) && $role_name = $_POST['del_role_name'])
     else
         $errors[] = "Could not delete role \"$role_name\": Role does not exist.";
 }
+
+elseif (isset($_POST['update_role']) && $role_name = $_POST['update_role'])
+{
+    $found = 0;
+    foreach ($list as $name => $u) // don't add it if it already exists
+    {
+        if (!strcmp(to_slug($name),to_slug($role_name)))
+        {
+            $found = 1;
+            break;
+        }
+    }
+    if (!$found) // so far so good
+    {
+        $errors[] = "Could not update role \"$role_name\": Role does not exist.";
+    }
+    else
+    {
+        $config['user_roles'][$role_name] = $_POST['permissions'];
+        write_config('user_roles');
+        $success[] = "Successfully updated role \"$role_name\"";
+        $list = get_panel_user_roles_list(); // refresh
+    }
+}
 ?>