Filtrage par profil

This commit is contained in:
Fred Tempez 2023-05-14 22:38:18 +02:00
parent 55f8e592c8
commit 327bf0ddb6
4 changed files with 29 additions and 45 deletions

View File

@ -344,7 +344,7 @@ class layout extends common
$items .= $this->getData(['theme', 'footer', 'displaymemberAccount']) === false ? ' class="displayNone">' : '>'; $items .= $this->getData(['theme', 'footer', 'displaymemberAccount']) === false ? ' class="displayNone">' : '>';
$items .= '<wbr>&nbsp;|&nbsp;'; $items .= '<wbr>&nbsp;|&nbsp;';
if ( if (
$this->getPermission('filemanager') === true $this->getUser('permission','filemanager') === true
) { ) {
$items .= '<wbr>' . template::ico('folder', [ $items .= '<wbr>' . template::ico('folder', [
'href' => helper::baseUrl(false) . 'core/vendor/filemanager/dialog.php?type=0&akey=' . md5_file(self::DATA_DIR . 'core.json') . '&lang=' . $this->getData(['user', $this->getUser('id'), 'language']), 'href' => helper::baseUrl(false) . 'core/vendor/filemanager/dialog.php?type=0&akey=' . md5_file(self::DATA_DIR . 'core.json') . '&lang=' . $this->getData(['user', $this->getUser('id'), 'language']),
@ -498,7 +498,7 @@ class layout extends common
&& $this->getData(['theme', 'menu', 'memberBar']) === true && $this->getData(['theme', 'menu', 'memberBar']) === true
) { ) {
if ( if (
$this->getUser('group') >= self::GROUP_MEMBER && $this->getPermission('folder', 'share') === true $this->getUser('group') >= self::GROUP_MEMBER && $this->getUser('permission','folder', 'share') === true
) { ) {
$itemsRight .= '<li>' . template::ico('folder', [ $itemsRight .= '<li>' . template::ico('folder', [
'href' => helper::baseUrl(false) . 'core/vendor/filemanager/dialog.php?type=0&akey=' . md5_file(self::DATA_DIR . 'core.json') . '&lang=' . $this->getData(['user', $this->getUser('id'), 'language']), 'href' => helper::baseUrl(false) . 'core/vendor/filemanager/dialog.php?type=0&akey=' . md5_file(self::DATA_DIR . 'core.json') . '&lang=' . $this->getData(['user', $this->getUser('id'), 'language']),
@ -936,7 +936,7 @@ class layout extends common
$leftItems .= '</optgroup>'; $leftItems .= '</optgroup>';
$leftItems .= '</select></li>'; $leftItems .= '</select></li>';
// Bouton Ajouter une page // Bouton Ajouter une page
if ($this->getPermission('page', 'add')) { if ($this->getUser('permission','page', 'add')) {
$leftItems .= '<li>' . template::ico('plus', [ $leftItems .= '<li>' . template::ico('plus', [
'href' => helper::baseUrl() . 'page/add', 'href' => helper::baseUrl() . 'page/add',
'help' => 'Nouvelle page ou barre latérale' 'help' => 'Nouvelle page ou barre latérale'
@ -955,7 +955,7 @@ class layout extends common
or $this->getUrl(0) === '' or $this->getUrl(0) === ''
) { ) {
// Bouton Editer une page // Bouton Editer une page
if ($this->getPermission('page', 'edit')) { if ($this->getUser('permission','page', 'edit')) {
$leftItems .= '<li>' . template::ico('pencil', [ $leftItems .= '<li>' . template::ico('pencil', [
'href' => helper::baseUrl() . 'page/edit/' . $this->getUrl(0), 'href' => helper::baseUrl() . 'page/edit/' . $this->getUrl(0),
'help' => 'Éditer la page' 'help' => 'Éditer la page'
@ -963,7 +963,7 @@ class layout extends common
} }
// Bouton Editer le module d'une page // Bouton Editer le module d'une page
if ( if (
$this->getPermission('page', 'module') $this->getUser('permission','page', 'module')
&& $this->getData(['page', $this->getUrl(0), 'moduleId']) && $this->getData(['page', $this->getUrl(0), 'moduleId'])
) { ) {
$leftItems .= '<li>' . template::ico('gear', [ $leftItems .= '<li>' . template::ico('gear', [
@ -973,7 +973,7 @@ class layout extends common
} }
// Bouton dupliquer une page // Bouton dupliquer une page
if ( if (
$this->getPermission('page', 'duplicate') $this->getUser('permission','page', 'duplicate')
) { ) {
$leftItems .= '<li>' . template::ico('clone', [ $leftItems .= '<li>' . template::ico('clone', [
'href' => helper::baseUrl() . 'page/duplicate/' . $this->getUrl(0) . '&csrf=' . $_SESSION['csrf'], 'href' => helper::baseUrl() . 'page/duplicate/' . $this->getUrl(0) . '&csrf=' . $_SESSION['csrf'],
@ -983,7 +983,7 @@ class layout extends common
} }
// Bouton Effacer une page // Bouton Effacer une page
if ( if (
$this->getPermission('page', 'delete') $this->getUser('permission','page', 'delete')
) { ) {
$leftItems .= '<li>' . template::ico('trash', [ $leftItems .= '<li>' . template::ico('trash', [
'href' => helper::baseUrl() . 'page/delete/' . $this->getUrl(0) . '&csrf=' . $_SESSION['csrf'], 'href' => helper::baseUrl() . 'page/delete/' . $this->getUrl(0) . '&csrf=' . $_SESSION['csrf'],
@ -998,7 +998,7 @@ class layout extends common
$rightItems = ''; $rightItems = '';
if ( if (
$this->getUser('group') >= self::GROUP_MODERATOR $this->getUser('group') >= self::GROUP_MODERATOR
&& $this->getPermission('filemanager') && $this->getUser('permission','filemanager')
) { ) {
$rightItems .= '<li>' . template::ico('folder', [ $rightItems .= '<li>' . template::ico('folder', [
'help' => 'Fichiers', 'help' => 'Fichiers',

View File

@ -474,7 +474,7 @@ class core extends common
header('Location:' . helper::baseUrl() . 'install'); header('Location:' . helper::baseUrl() . 'install');
exit(); exit();
} }
// Journalisation // Journalisation
$this->saveLog(); $this->saveLog();
@ -699,9 +699,6 @@ class core extends common
} }
} }
$action = array_key_exists($action, $module::$actions) ? $action : 'index'; $action = array_key_exists($action, $module::$actions) ? $action : 'index';
var_dump( $moduleId);
var_dump ($action);
var_dump ($this->getPermission('user', 'login'));
if (array_key_exists($action, $module::$actions)) { if (array_key_exists($action, $module::$actions)) {
$module->$action(); $module->$action();
$output = $module->output; $output = $module->output;
@ -710,7 +707,7 @@ class core extends common
($module::$actions[$action] === self::GROUP_VISITOR ($module::$actions[$action] === self::GROUP_VISITOR
or ($this->getUser('password') === $this->getInput('ZWII_USER_PASSWORD') or ($this->getUser('password') === $this->getInput('ZWII_USER_PASSWORD')
and $this->getUser('group') >= $module::$actions[$action] and $this->getUser('group') >= $module::$actions[$action]
and $this->getPermission($moduleId, $action) and $this->getUser('permission', $moduleId, $action)
) )
) )
and $output['access'] === true and $output['access'] === true

View File

@ -888,12 +888,14 @@ class common
* @param int $key Clé de la valeur * @param int $key Clé de la valeur
* @return string|null * @return string|null
*/ */
public function getUser($key) public function getUser($key, $perm1 = null, $perm2 = null)
{ {
if (is_array($this->user) === false) { if (is_array($this->user) === false) {
return false; return false;
} elseif ($key === 'id') { } elseif ($key === 'id') {
return $this->getInput('ZWII_USER_ID'); return $this->getInput('ZWII_USER_ID');
} elseif ($key === 'permission') {
return $this->getPermission($perm1, $perm2);
} elseif (array_key_exists($key, $this->user)) { } elseif (array_key_exists($key, $this->user)) {
return $this->user[$key]; return $this->user[$key];
} else { } else {
@ -912,21 +914,19 @@ class common
// if (is_array($this->user) === false) { // if (is_array($this->user) === false) {
// return false; // return false;
// Administrateur, toutes les permissions // Administrateur, toutes les permissions
//} elseif ($this->getUser('group') === self::GROUP_ADMIN) { if ($this->getUser('group') === self::GROUP_ADMIN) {
// return true; return true;
// Groupe sans autorisation } elseif ($this->getUser('group') < 1) { // Groupe sans autorisation
//} elseif ($this->getUser('group') < 1) { return false;
// return false; } elseif ( // Groupe avec profil, consultation des autorisations sur deux clés
// Groupe avec profil, consultation des autorisations sur deux clés $key1
//} elseif (
if ($key1
&& $key2 && $key2
&& $this->user && $this->user
&& $this->getData(['profil', $this->user['group'], $this->user['profil'], $key1]) && $this->getData(['profil', $this->user['group'], $this->user['profil'], $key1])
&& array_key_exists($key2, $this->getData(['profil', $this->user['group'], $this->user['profil'], $key1])) && array_key_exists($key2, $this->getData(['profil', $this->user['group'], $this->user['profil'], $key1]))
) { ) {
return $this->getData(['profil', $this->user['group'], $this->user['profil'], $key1, $key2]); return $this->getData(['profil', $this->user['group'], $this->user['profil'], $key1, $key2]);
// Groupe avec profil, consultation des autorisations sur une seule clé // Groupe avec profil, consultation des autorisations sur une seule clé
} elseif ( } elseif (
$key1 $key1
&& $this->user && $this->user
@ -935,9 +935,8 @@ class common
) { ) {
return $this->getData(['profil', $this->user['group'], $this->user['profil'], $key1]); return $this->getData(['profil', $this->user['group'], $this->user['profil'], $key1]);
} else { } else {
// Permission non spécifiée dans le profil est autorisée par défaut pour le fonctionnement de $action // Une permission non spécifiée dans le profil est autorisée par défaut pour le fonctionnement de $action
return true; return true;
//return false;
} }
} }

View File

@ -21,11 +21,13 @@ setlocale(LC_CTYPE, $lang);
$userId = $_COOKIE['ZWII_USER_ID']; $userId = $_COOKIE['ZWII_USER_ID'];
$u = json_decode(file_get_contents('../../../site/data/user.json'), true); $u = json_decode(file_get_contents('../../../site/data/user.json'), true);
$g = json_decode(file_get_contents('../../../site/data/profil.json'), true); $g = json_decode(file_get_contents('../../../site/data/profil.json'), true);
// Lecture les droits // Lecture les droits
if (!is_null($u) && !is_null($g) && !is_null($userId)) { if (!is_null($u) && !is_null($g) && !is_null($userId)) {
$group = $u['user'][$userId]['group']; $group = $u['user'][$userId]['group'];
switch ($group) { switch ($group) {
case 3: case 3:
// Accès admin
$file['delete'] = true; $file['delete'] = true;
$file['upload'] = true; $file['upload'] = true;
$file['rename'] = true; $file['rename'] = true;
@ -47,7 +49,11 @@ if (!is_null($u) && !is_null($g) && !is_null($userId)) {
break; break;
case 2: case 2:
case 1: case 1:
// Accès contrôlés par le profil
$profil = $u['user'][$userId]['profil']; $profil = $u['user'][$userId]['profil'];
if ($g['profil'][$group][$profil]['filemanager'] === false)
exit('Accès interdit');
// lecture du profil
if (!is_null($profil)) { if (!is_null($profil)) {
$file = $g['profil'][$group][$profil]['file']; $file = $g['profil'][$group][$profil]['file'];
$folder = $g['profil'][$group][$profil]['folder']; $folder = $g['profil'][$group][$profil]['folder'];
@ -58,27 +64,9 @@ if (!is_null($u) && !is_null($g) && !is_null($userId)) {
} }
break; break;
} }
// Applique default si $profil null
default: default:
$file['delete'] = false; // Pas d'autorisation d'accès au gestionnaire de fichiers
$file['upload'] = false; exit('Accès interdit');
$file['rename'] = false;
$file['duplicate'] = false;
$file['extract'] = false;
$file['copycut'] = false;
$file['preview'] = false;
$file['edit'] = false;
$file['extract'] = false;
$file['download'] = false;
$file['chmod'] = false;
$folder['create'] = false;
$folder['create'] = false;
$folder['delete'] = false;
$folder['copycut'] = false;
$folder['chmod'] = false;
$uploadDir = null;
$currentPath = '../../../site/file/source/';
break;
} }
} }