From a315650fbc2b5ede7f0697122ce2b880136e9386 Mon Sep 17 00:00:00 2001
From: SofianeLasri <alasri250@gmail.com>
Date: Thu, 12 Aug 2021 14:05:40 +0200
Subject: [PATCH] =?UTF-8?q?14H05=20-=20Base=20des=20perms=20de=20groupes?=
=?UTF-8?q?=20termin=C3=A9e?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
vbcms-admin/backTasks.php | 29 +++++++++++++++++++++++-
vbcms-admin/includes/settings/groups.php | 25 +++++++++++++++++++-
vbcms-admin/includes/settingsPage.php | 2 +-
vbcms-core/permissions.php | 5 ++--
4 files changed, 56 insertions(+), 5 deletions(-)
diff --git a/vbcms-admin/backTasks.php b/vbcms-admin/backTasks.php
index b7a2fc3..047d598 100644
--- a/vbcms-admin/backTasks.php
+++ b/vbcms-admin/backTasks.php
@@ -224,7 +224,34 @@ if (isset($_GET["getNotifications"])) {
}
echo json_encode($permissions);
-} elseif (isset($_GET["setNetIdLocalAccount"])&&!empty($_GET["setNetIdLocalAccount"]) && (isset($_POST)&&!empty($_POST)) && verifyUserPermission($_SESSION['user_id'], "vbcms", 'manageUsersSettings')) {
+} elseif (isset($_GET["editPermissions"])&&!empty($_GET["editPermissions"]) && verifyUserPermission($_SESSION['user_id'], "vbcms", 'editPermissions')) {
+ if(isJson(urldecode($_GET["editPermissions"]))){
+ $requestDetails = json_decode($_GET["editPermissions"], true);
+
+ if($requestDetails['type'] == 'group' && $requestDetails['id']!=1){ // Le groupe n°1 étant celui des superadmins, ils auront tj tous les droits
+ $query = $bdd->prepare('DELETE FROM `vbcms-groupsPerms` WHERE groupId=?'); // On vide les perms du groupe
+ $query->execute([$requestDetails['id']]);
+ foreach($_POST as $permissionJson => $checked) { // Puis on les recréées
+ $permissionDetail = json_decode(urldecode($permissionJson), true);
+ $query = $bdd->prepare('INSERT INTO `vbcms-groupsPerms` (`groupId`, `extensionName`, `permission`) VALUES (?,?,?)');
+ $query->execute([$requestDetails['id'], $permissionDetail['extension'], $permissionDetail['permission']]);
+ }
+ }elseif($requestDetails['type'] == 'user'){
+ $query = $bdd->prepare('DELETE FROM `vbcms-usersPerms` WHERE userId=?'); // On vide les perms du groupe
+ $query->execute([$requestDetails['id']]);
+ foreach($_POST as $permissionJson => $checked) { // Puis on les recréées
+ $permissionDetail = json_decode(urldecode($permissionJson), true);
+ $query = $bdd->prepare('INSERT INTO `vbcms-usersPerms` (`userId`, `extensionName`, `permission`) VALUES (?,?,?)');
+ $query->execute([$requestDetails['id'], $permissionDetail['extension'], $permissionDetail['permission']]);
+ }
+ }else{
+ echo 'Paramètre non reconnu.';
+ }
+
+ } else {
+ echo translate('error').': '.translate('thisIsNotJSON');
+ }
+} elseif (isset($_GET["setNetIdLocalAccount"])&&!empty($_GET["setNetIdLocalAccount"]) && (isset($_POST)&&!empty($_POST)) && verifyUserPermission($_SESSION['user_id'], "vbcms", 'manageUsersSettings')) {
$localAccountExist = $bdd->prepare("SELECT * FROM `vbcms-localAccounts` WHERE netIdAssoc = ?");
$localAccountExist->execute([$_GET["setNetIdLocalAccount"]]);
$localAccountExist = $localAccountExist->fetch(PDO::FETCH_ASSOC);
diff --git a/vbcms-admin/includes/settings/groups.php b/vbcms-admin/includes/settings/groups.php
index 0ec459c..e555b54 100644
--- a/vbcms-admin/includes/settings/groups.php
+++ b/vbcms-admin/includes/settings/groups.php
@@ -166,7 +166,7 @@ function selectGroup(id){
permission: permission.name
};
$("#permsForm").append('<div class="form-check">\
- <input class="form-check-input" type="checkbox" name="'+encodeURIComponent(JSON.stringify(inputName))+'" '+hasPerm+'>\
+ <input class="form-check-input" type="checkbox" name="'+encodeURIComponent(JSON.stringify(inputName))+'" onclick="editPermissions('+id+')" '+hasPerm+'>\
<label class="form-check-label">'+permission.name+'</label>\
</div>');
});
@@ -175,4 +175,27 @@ function selectGroup(id){
}
});
}
+
+function editPermissions(id){
+ var array = {
+ type: "group",
+ id: id
+ };
+
+ $.post( "<?=VBcmsGetSetting("websiteUrl")?>vbcms-admin/backTasks?editPermissions="+encodeURIComponent(JSON.stringify(array)), $( "#permsForm" ).serialize() )
+ .done(function( data ) {
+ if(data!=""){
+ SnackBar({
+ message: data,
+ status: "danger",
+ timeout: false
+ });
+ } else {
+ SnackBar({
+ message: '<?=translate("success-saving")?>',
+ status: "success"
+ });
+ }
+ });
+}
</script>
\ No newline at end of file
diff --git a/vbcms-admin/includes/settingsPage.php b/vbcms-admin/includes/settingsPage.php
index 942c4de..84aeb0d 100644
--- a/vbcms-admin/includes/settingsPage.php
+++ b/vbcms-admin/includes/settingsPage.php
@@ -62,7 +62,7 @@ function getSettingsHTML($params){
include "settings/general.php";
}elseif($params=="users" && verifyUserPermission($_SESSION['user_id'], "vbcms", 'manageUsersSettings')){
include "settings/users.php";
- }elseif($params=="userGroups" && verifyUserPermission($_SESSION['user_id'], "vbcms", 'manageuserGroupsSettings')){
+ }elseif($params=="userGroups" && verifyUserPermission($_SESSION['user_id'], "vbcms", 'manageUserGroupsSettings')){
include "settings/groups.php";
} ?>
</div>
diff --git a/vbcms-core/permissions.php b/vbcms-core/permissions.php
index 271171e..841a9dd 100644
--- a/vbcms-core/permissions.php
+++ b/vbcms-core/permissions.php
@@ -1,10 +1,11 @@
<?php
$permissions = [
- 'manageUsersSettings',
+ 'accessAdmin',
'viewPermissions',
+ 'editPermissions',
'access-generalSettings',
'manageUsersSettings',
- 'manageuserGroupsSettings',
+ 'manageUserGroupsSettings',
'permissionsSettings',
'extAndWsSettings'
];
\ No newline at end of file
--
GitLab