menu authorities

2019-07-26 16:03:01 +02:00
parent 2c663d7ed1
commit 13bf590aa0
15 changed files with 507 additions and 158 deletions
--- a/_class/class_page.php
+++ b/_class/class_page.php
@@ -21,10 +21,28 @@ class page {
    }

    public function get_page_nav() {
-        global $smarty, $sql;
+        global $smarty, $sql, $user;
        //nem kell if, hanem page alapján beillesztük az id-t
        if ($this->get_page() == 'admin') {
-            $menus_query = "SELECT * FROM subpage WHERE spage_page_id = 1;";
+            if ($user) {
+                $menus_query = "
+                    SELECT
+                        *
+                    FROM
+                        subpage
+                            LEFT JOIN
+                        authority ON a_name = spage_url
+                            JOIN
+                        user_authority ON (ua_authority_a_id = a_id
+                            OR ua_authority_a_id = 1)
+                    WHERE
+                        spage_page_id = 1
+                            AND ua_user_kid_uk_id = " . $user->get_ua_id() .";
+                ";
+            }
+            else {
+                $menus_query = "SELECT * FROM subpage WHERE spage_page_id = 1;";
+            }
            $menu_assoc_array = $sql->assoc_array($menus_query);
            $smarty->assign('menus', $menu_assoc_array);
        }
@@ -53,8 +71,22 @@ class page {
        $smarty->display('nav.tpl');
    }

+
+
+    function findInStructure($id, &$array) {
+        if (array_key_exists($id, $array)) {
+            return $id;
+        }
+
+        foreach ($array as $key => $submenu) {
+            if (in_array($id, $submenu)) {
+                return $key;
+            }
+        }
+    }
+
    public function get_page_content() {
-        global $sql, $user, $smarty;
+        global $sql, $user, $smarty, $structure;
        //var_dump($user);
        ini_set('include_path', '_include/');
        //ini_set('include_path', '/var/www/badminton_coach/_include');
@@ -63,6 +95,23 @@ class page {
                //TODO: mi van ha nincs page? átirányítás v 404?
                //page alapján betölti a tpl-t

+                if ($this->is_subpage() && $this->get_page() == 'admin') {
+                    if ('create' == $this->get_subpage()) {
+                        $toFind = $this->get_id();
+                    } elseif (strpos($this->get_subpage(), 'delete') !== false) {
+                        //delete_ utáni rész
+                        $toFind = substr($this->get_subpage(), 7);
+                    }
+                    else {
+                        $toFind = $this->get_subpage();
+                    }
+                    $subPage = $this->findInStructure($toFind, $structure);
+                    if ('exception' != $subPage && !$user->has_authority_by_name($subPage)) {
+                        include('include_access_denied.php');
+                        return;
+                    }
+                }
+
                switch ($this->get_page()) {
                    case 'admin':
                        # ADMIN OLDALAK