From 13bf590aa09d2d02c7bb82b8c6e5cff3b36540c0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?T=C3=B3th=20Rich=C3=A1rd?= Date: Fri, 26 Jul 2019 16:03:01 +0200 Subject: [PATCH] menu authorities --- _class/class_authority.php | 48 ++++++++ _class/class_page.php | 55 ++++++++- _class/class_sql.php | 1 + _class/class_user.php | 77 ++++++++++-- _include/include_access_denied.php | 3 + _include/include_coaches.php | 65 ++++++---- _include/include_create.php | 10 ++ common.php | 49 ++++++++ event_handler.php | 6 +- queries/authority_20190725.sql | 31 +++++ queries/trt_default_price_20190718.sql | 4 +- template/templates/access_denied.tpl | 1 + template/templates/coach_create.tpl | 85 ++++++++----- template/templates/coach_data_edit.tpl | 88 ++++++++++---- template/templates/training_data_edit.tpl | 142 +++++++++++++--------- 15 files changed, 507 insertions(+), 158 deletions(-) create mode 100644 _class/class_authority.php create mode 100644 _include/include_access_denied.php create mode 100644 queries/authority_20190725.sql create mode 100644 template/templates/access_denied.tpl diff --git a/_class/class_authority.php b/_class/class_authority.php new file mode 100644 index 0000000..8620ceb --- /dev/null +++ b/_class/class_authority.php @@ -0,0 +1,48 @@ +a_id = $_id; + } + + public function get_a_id() { + return $this->a_id; + } + + public function set_a_name($_name) { + $this->a_name = $_name; + } + + public function get_a_name() { + return $this->a_name; + } + + public function set_a_title($_title) { + $this->a_title = $_title; + } + + public function get_a_title() { + return $this->a_title; + } + + public function set_a_data_by_id($_id) { + global $sql; + $a_query = "SELECT * FROM authority WHERE a_id = " . $_id . ";"; + $a_assoc_array = $sql->assoc_array($a_query); + foreach ($a_assoc_array[0] as $field => $value) { + $function_name = "set_" . $field; + $this->$function_name($value); //alapadatok beállítása + } + } + +} + +?> diff --git a/_class/class_page.php b/_class/class_page.php index 5d11770..6749ac2 100644 --- a/_class/class_page.php +++ b/_class/class_page.php @@ -21,10 +21,28 @@ class page { } public function get_page_nav() { - global $smarty, $sql; + global $smarty, $sql, $user; //nem kell if, hanem page alapján beillesztük az id-t if ($this->get_page() == 'admin') { - $menus_query = "SELECT * FROM subpage WHERE spage_page_id = 1;"; + if ($user) { + $menus_query = " + SELECT + * + FROM + subpage + LEFT JOIN + authority ON a_name = spage_url + JOIN + user_authority ON (ua_authority_a_id = a_id + OR ua_authority_a_id = 1) + WHERE + spage_page_id = 1 + AND ua_user_kid_uk_id = " . $user->get_ua_id() ."; + "; + } + else { + $menus_query = "SELECT * FROM subpage WHERE spage_page_id = 1;"; + } $menu_assoc_array = $sql->assoc_array($menus_query); $smarty->assign('menus', $menu_assoc_array); } @@ -53,8 +71,22 @@ class page { $smarty->display('nav.tpl'); } + + + function findInStructure($id, &$array) { + if (array_key_exists($id, $array)) { + return $id; + } + + foreach ($array as $key => $submenu) { + if (in_array($id, $submenu)) { + return $key; + } + } + } + public function get_page_content() { - global $sql, $user, $smarty; + global $sql, $user, $smarty, $structure; //var_dump($user); ini_set('include_path', '_include/'); //ini_set('include_path', '/var/www/badminton_coach/_include'); @@ -63,6 +95,23 @@ class page { //TODO: mi van ha nincs page? átirányítás v 404? //page alapján betölti a tpl-t + if ($this->is_subpage() && $this->get_page() == 'admin') { + if ('create' == $this->get_subpage()) { + $toFind = $this->get_id(); + } elseif (strpos($this->get_subpage(), 'delete') !== false) { + //delete_ utáni rész + $toFind = substr($this->get_subpage(), 7); + } + else { + $toFind = $this->get_subpage(); + } + $subPage = $this->findInStructure($toFind, $structure); + if ('exception' != $subPage && !$user->has_authority_by_name($subPage)) { + include('include_access_denied.php'); + return; + } + } + switch ($this->get_page()) { case 'admin': # ADMIN OLDALAK diff --git a/_class/class_sql.php b/_class/class_sql.php index 9891ba7..4a0a14c 100644 --- a/_class/class_sql.php +++ b/_class/class_sql.php @@ -82,6 +82,7 @@ class sql extends mysqli { } public function execute_query($_query) { + //var_dump($_query); return self::query($_query); } diff --git a/_class/class_user.php b/_class/class_user.php index e5464fa..987bc9e 100644 --- a/_class/class_user.php +++ b/_class/class_user.php @@ -19,6 +19,7 @@ class user { private $user_admin; private $logged_in; private $user_type; + private $authorities = array(); private $user_deleted; public function set_ua_id($_uid) { @@ -92,6 +93,16 @@ class user { $this->logged_in = $_login; } + public function add_ua_authority($_a_id) { + $this->authorities[] = $_a_id; + } + + public function remove_ua_authority($_a_id) { + if (($key = array_search($del_val, $messages)) !== false) { + unset($messages[$key]); + } + } + public function set_user_data_by_id($_ua_id) { global $sql, $user; $user_data_assoc_array = $sql->assoc_array("select * from user_coach where ua_id = " . $_ua_id); @@ -103,6 +114,11 @@ class user { $this->set_login(true); } + $authorities_aa = $sql->assoc_array('SELECT * FROM user_authority WHERE ua_user_kid_uk_id = ' . $_ua_id); + + foreach($authorities_aa as $key => $authority) { + $this->add_ua_authority($authority['ua_authority_a_id']); + } } @@ -135,40 +151,77 @@ class user { return $sql->single_variable('select count(distinct trc_id) from training_coach join training on tr_id = trc_training_tr_id where year(tr_date) = '.$_year.' and month(tr_date) = '.$_month.' and trc_coach_uc_id = '.$this->get_ua_id().' and tr_deleted = 0;'); } - public static function create_user($_name, $_password) { + public function has_authority($a_id) { global $sql; - return $sql->insert_into('user_coach', array( + return $sql->num_of_rows('SELECT * FROM user_authority WHERE ua_user_kid_uk_id = ' . $this->get_ua_id() . ' AND ua_authority_a_id = ' . $a_id. ';'); + } + + public function has_authority_by_name($a_name) { + global $sql; + return $sql->num_of_rows("SELECT * FROM user_authority JOIN authority ON a_id = ua_authority_a_id WHERE ua_user_kid_uk_id = " . $this->get_ua_id() . " AND (a_name = '" . $a_name. "' OR a_name = 'admin');"); + } + + public function get_authorities() { + return $this->authorities; + } + + public static function create_user($_name, $_password, $_authorities = array()) { + global $sql; + $new_user_id = $sql->insert_into('user_coach', array( 'ua_name' => $_name, 'ua_password' => $_password ) ); + + if (is_array($_authorities) && !empty($_authorities)) { + foreach ($_authorities as $key => $authority_id) { + $sql->insert_into('user_authority', array( + 'ua_user_kid_uk_id' => $new_user_id, + 'ua_authority_a_id' => $authority_id, + )); + } + } + + return $new_user_id; } - public static function update_user($_name, $_password, $_admin, $_ua_id) { + public static function update_user($_name, $_password, $_admin, $_ua_id, $_authorities = array()) { global $sql; if ($_password != "-1") { - return $sql->update_table('user_coach', + $sql->update_table('user_coach', array( - 'ua_name' => $_name, - 'ua_admin' => ($_admin?1:0), - 'ua_password' => $_password + 'ua_name' => $_name, + 'ua_admin' => ($_admin?1:0), + 'ua_password' => $_password ), array( - 'ua_id' => $_ua_id + 'ua_id' => $_ua_id ) ); } else { - return $sql->update_table('user_coach', + $sql->update_table('user_coach', array( - 'ua_name' => $_name, - 'ua_admin' => ($_admin?1:0), + 'ua_name' => $_name, + 'ua_admin' => ($_admin?1:0), ), array( - 'ua_id' => $_ua_id + 'ua_id' => $_ua_id ) ); } + + $sql->execute_query('DELETE FROM user_authority WHERE ua_user_kid_uk_id = ' . $_ua_id); + if (is_array($_authorities) && !empty($_authorities)) { + foreach ($_authorities as $key => $authority_id) { + $sql->insert_into('user_authority', array( + 'ua_user_kid_uk_id' => $_ua_id, + 'ua_authority_a_id' => $authority_id, + )); + } + } + + return true; } } diff --git a/_include/include_access_denied.php b/_include/include_access_denied.php new file mode 100644 index 0000000..6adc30f --- /dev/null +++ b/_include/include_access_denied.php @@ -0,0 +1,3 @@ +display('access_denied.tpl'); +?> diff --git a/_include/include_coaches.php b/_include/include_coaches.php index 9e755b0..eca9a02 100644 --- a/_include/include_coaches.php +++ b/_include/include_coaches.php @@ -3,35 +3,46 @@ # HA NINCS ID, AKKOR TAGLISTA # HA VAN ID, AKKOR TAG ADATAINAK MEGJELENÍTÉSE/SZERKESZTÉSE if ($this->is_id()) { - # ADOTT TAG ADATAINAK MEGJELENÍTÉSE - //user adatok - $user_data_query = "SELECT * FROM user_coach WHERE ua_id = " . $this->get_id(); - $user_data_assoc_array = $sql->assoc_array($user_data_query); - - $new_coach = new user(); - $new_coach->set_user_data_by_id($user_data_assoc_array[0]['ua_id']); - - //smarty thingz - - $smarty->assign('user_data', $user_data_assoc_array[0]); - $smarty->assign('coach', $new_coach); - $smarty->display('coach_data_edit.tpl'); + # ADOTT TAG ADATAINAK MEGJELENÍTÉSE + //user adatok + $user_data_query = "SELECT * FROM user_coach WHERE ua_id = " . $this->get_id(); + $user_data_assoc_array = $sql->assoc_array($user_data_query); + + $new_coach = new user(); + $new_coach->set_user_data_by_id($user_data_assoc_array[0]['ua_id']); + + //smarty thingz + + $a_assoc_array = $sql->assoc_array('SELECT * FROM authority'); + + $a_array = array(); + foreach ($a_assoc_array as $key => $a) { + $new_a = new authority(); + $new_a->set_a_data_by_id($a['a_id']); + $a_array[] = $new_a; + } + + $smarty->assign('a_array', $a_array); + + $smarty->assign('user_data', $user_data_assoc_array[0]); + $smarty->assign('coach', $new_coach); + $smarty->display('coach_data_edit.tpl'); } else { - # TAG LISTA + # TAG LISTA - $user_list_query = "SELECT * FROM user_coach WHERE ua_deleted = 0 ORDER BY ua_name ASC;"; - $user_list_assoc_array = $sql->assoc_array($user_list_query); - //végigmegyünk a tömbbön, objektumot csinálunk belőlük, és átadjuk egy array-ben a template-nek - $user_array = array(); - foreach ($user_list_assoc_array as $user_list_array) { - $current_user = new user(); - $current_user->set_user_data_by_id($user_list_array['ua_id']); - $user_array[] = $current_user; - } - $smarty->assign('user_array', $user_array); - $smarty->display('coach_list.tpl'); - //var_dump($user_array); + $user_list_query = "SELECT * FROM user_coach WHERE ua_deleted = 0 ORDER BY ua_name ASC;"; + $user_list_assoc_array = $sql->assoc_array($user_list_query); + //végigmegyünk a tömbbön, objektumot csinálunk belőlük, és átadjuk egy array-ben a template-nek + $user_array = array(); + foreach ($user_list_assoc_array as $user_list_array) { + $current_user = new user(); + $current_user->set_user_data_by_id($user_list_array['ua_id']); + $user_array[] = $current_user; + } + $smarty->assign('user_array', $user_array); + $smarty->display('coach_list.tpl'); + //var_dump($user_array); } -?> \ No newline at end of file +?> diff --git a/_include/include_create.php b/_include/include_create.php index 0edb2be..944494a 100644 --- a/_include/include_create.php +++ b/_include/include_create.php @@ -77,6 +77,16 @@ switch ($this->get_id()) { break; case 'coach': # COACH létrehozása + $a_assoc_array = $sql->assoc_array('SELECT * FROM authority'); + + $a_array = array(); + foreach ($a_assoc_array as $key => $a) { + $new_a = new authority(); + $new_a->set_a_data_by_id($a['a_id']); + $a_array[] = $new_a; + } + + $smarty->assign('a_array', $a_array); $smarty->display('coach_create.tpl'); break; case 'shirt': diff --git a/common.php b/common.php index e010378..b665863 100644 --- a/common.php +++ b/common.php @@ -112,6 +112,55 @@ else { //var_dump($sql); +//PAGE STRUCTURE FOR AUTHORITIES +$structure = array( + 'members' => array( + 'parents', + 'shirts', + 'cities', + 'schools', + 'regions', + 'member', + 'parent', + 'shirt', + 'city', + 'school', + 'region' + ), + 'trainings' => array( + 'training_types', + 'training_templates', + 'training', + 'training_type', + 'training_template', + 'edit_training', + ), + 'presence' => array( + 'lock_training', + ), + 'coaches' => array( + 'coach' + ), + 'money_deposit' => array( + 'balance_list', + 'money_update', + 'money_deposit', + ), + 'money_expense' => array( + 'money_expense_category', + 'money_expense', + ), + 'money_income' => array( + 'money_incode_category', + 'money_income' + ), + 'settings' => array(), + 'exception' => array( + 'logout' + ), +); + + //echo $_GET['page']; $logout = false; //meg kell-e jeleníteni a kijelentkezés gombot diff --git a/event_handler.php b/event_handler.php index 4a606c8..b90f22b 100644 --- a/event_handler.php +++ b/event_handler.php @@ -187,7 +187,7 @@ if (isset($_POST['action'])) { $psw = "null"; } - $new_coach_id = user::create_user($_POST['ua_name'], $psw); + $new_coach_id = user::create_user($_POST['ua_name'], $psw, $_POST['authorities']); log::register('new_coach', $new_coach_id); header("Location: /admin/coaches"); break; @@ -200,9 +200,9 @@ if (isset($_POST['action'])) { $psw = "-1"; //ez jelzi h nem szabad updatelni } - user::update_user($_POST['ua_name'], $psw, isset($_POST['ua_admin']), $_POST['ua_id']); + user::update_user($_POST['ua_name'], $psw, isset($_POST['ua_admin']), $_POST['ua_id'], $_POST['authorities']); log::register('update_coach', $_POST['ua_id']); - header("Location: /admin/coaches"); + header("Location: /admin/coaches/".$_POST['ua_id']); break; case 'shirt_create': # póló létrehozása diff --git a/queries/authority_20190725.sql b/queries/authority_20190725.sql new file mode 100644 index 0000000..69ab02b --- /dev/null +++ b/queries/authority_20190725.sql @@ -0,0 +1,31 @@ +CREATE TABLE `authority` ( + `a_id` INT NOT NULL AUTO_INCREMENT, + `a_name` VARCHAR(126) CHARACTER SET 'utf8' COLLATE 'utf8_hungarian_ci' NOT NULL, + `a_title` VARCHAR(126) CHARACTER SET 'utf8' COLLATE 'utf8_hungarian_ci' NOT NULL, + PRIMARY KEY (`a_id`)); + +CREATE TABLE `user_authority` ( + `ua_id` INT NOT NULL AUTO_INCREMENT, + `ua_user_kid_uk_id` INT NOT NULL, + `ua_authority_a_id` INT NOT NULL, + PRIMARY KEY (`ua_id`), + INDEX `index2` (`ua_user_kid_uk_id` ASC), + INDEX `index3` (`ua_authority_a_id` ASC)); + +CREATE TABLE `user_authority` ( + `ua_id` int(11) NOT NULL AUTO_INCREMENT, + `ua_user_kid_uk_id` int(11) NOT NULL, + `ua_authority_a_id` int(11) DEFAULT NULL, + PRIMARY KEY (`ua_id`), + INDEX `index2` (`ua_user_kid_uk_id` ASC), + INDEX `index3` (`ua_authority_a_id` ASC)); + +INSERT INTO `authority` (`a_name`, `a_title`) VALUES ('admin', 'Admin'); +INSERT INTO `authority` (`a_name`, `a_title`) VALUES ('members', 'Tagok'); +INSERT INTO `authority` (`a_name`, `a_title`) VALUES ('trainings', 'Edzések'); +INSERT INTO `authority` (`a_name`, `a_title`) VALUES ('presence', 'Jelenlét'); +INSERT INTO `authority` (`a_name`, `a_title`) VALUES ('coaches', 'Edzők'); +INSERT INTO `authority` (`a_name`, `a_title`) VALUES ('money_deposit', 'Befizetések'); +INSERT INTO `authority` (`a_name`, `a_title`) VALUES ('money_expense', 'Kiadások'); +INSERT INTO `authority` (`a_name`, `a_title`) VALUES ('money_income', 'Bevételek'); +INSERT INTO `authority` (`a_name`, `a_title`) VALUES ('settings', 'Beállítások'); diff --git a/queries/trt_default_price_20190718.sql b/queries/trt_default_price_20190718.sql index 03e8c2c..9952c18 100644 --- a/queries/trt_default_price_20190718.sql +++ b/queries/trt_default_price_20190718.sql @@ -1,5 +1,5 @@ -ALTER TABLE `badminton_coach`.`training_type` +ALTER TABLE `training_type` ADD COLUMN `trt_default_price` INT NULL DEFAULT NULL AFTER `trt_deleted`; -ALTER TABLE `badminton_coach`.`training` +ALTER TABLE `training` ADD COLUMN `tr_price` INT NULL DEFAULT NULL AFTER `tr_deleted`; diff --git a/template/templates/access_denied.tpl b/template/templates/access_denied.tpl new file mode 100644 index 0000000..e977017 --- /dev/null +++ b/template/templates/access_denied.tpl @@ -0,0 +1 @@ +

Nincs jogosultsága ehhez a menüponthoz!

diff --git a/template/templates/coach_create.tpl b/template/templates/coach_create.tpl index 5603c3d..57f5bb6 100644 --- a/template/templates/coach_create.tpl +++ b/template/templates/coach_create.tpl @@ -1,39 +1,66 @@
-
- - -
- -
-
+ + -
- -
-
+
+ +
+
-
- -
-
+
+ +
+
-
-
- -
-
+
+ +
+
+
+ + + {foreach $a_array as $a} + + + + + {/foreach} +
+
-
+
+
+ +
+
+ +
- \ No newline at end of file + $('.authorities').on('change', function () { + if ($('#authority_1').is(':checked')) { + $('.authorities').each(function (k,v) { + if ($(v).val() > 1) { + $(this).prop('checked', false); + $(this).prop('disabled', true); + } + }); + } + else { + $('.authorities').each(function (k,v) { + if ($(v).val() > 1) { + $(this).removeAttr('disabled'); + } + }); + } + }); + diff --git a/template/templates/coach_data_edit.tpl b/template/templates/coach_data_edit.tpl index bf20e71..d8b0ae2 100644 --- a/template/templates/coach_data_edit.tpl +++ b/template/templates/coach_data_edit.tpl @@ -1,32 +1,68 @@
-
-
- Edző törlése -
- - - -
- -
-
+ +
+ Edző törlése +
+ + + +
+ +
+
-
- -
get_ua_admin()}checked{/if}>
-
+
+ +
get_ua_admin()}checked{/if}>
+
-
- -
-
+
+ +
+
-
-
- -
-
+
+ + + {foreach $a_array as $a} + + + + + {/foreach} +
has_authority($a->get_a_id())}checked{/if}>
+
-
-
\ No newline at end of file +
+
+ +
+
+ + + + + diff --git a/template/templates/training_data_edit.tpl b/template/templates/training_data_edit.tpl index f577961..a179728 100644 --- a/template/templates/training_data_edit.tpl +++ b/template/templates/training_data_edit.tpl @@ -1,65 +1,95 @@
-
-
- Törlés -
- - + +
+ Törlés +
+ + -
- -
-
+
+ +
+
-
- -
- -
-
+
+ +
+ +
+
-
- -
-
+
+ +
+
-
- -
- -
-
+
+ +
+
-
- - - - - - - - {foreach $coach_array as $coach} - - - - - - {/foreach} -
NévESE
{$coach->get_ua_name()}is_coach_at_training($tr_id)} checked{/if}>is_helper_at_training($tr_id)} checked{/if}>
-
+
+ +
+ +
+
-
-
- -
-
+
+ + + + + + + + {foreach $coach_array as $coach} + + + + + + {/foreach} +
NévESE
{$coach->get_ua_name()}is_coach_at_training($tr_id)} checked{/if}>is_helper_at_training($tr_id)} checked{/if}>
+
-
+
+
+ +
+
+ +
+ +