* api has its own log file now.
* User profile for editing own settings.
* Collection management has the option to update entry rights with the collection ones.
+ * Entry rights can now be managed. More info about user and rights can be found in documentation.
1.0 - Castle 20210106
* First usable version
--- /dev/null
+Currently there is only a user management. Groups or default users can not be changed.
+
+Default users are:
+
+admin
+Should not be changed or removed.
+
+anonymoose
+The guest user. Should not be changed or removed.
+
+
+Default user groups are:
+
+Administration
+Default admin user group. Should not be changed or removed.
+
+Users
+Default user group. Should not be changed or removed.
+
+Anonymous
+Guest user group. Should not be changed or removed.
+
+
+## Rights
+A user can be in multiple groups.
+A collection has one owner and one group.
+An entry has one owner and group.
+
+The entries will be given the owner if its creator and group of its collection.
+Rights can be modified. (Default are the rights of the collection)
+
+A user can have multiple private collections.
+A user can have multiple private entries within a collection.
+There are no different groups within a collection.
+++ /dev/null
-Currently there is only a user management. Groups or default users can not be changed.
-
-Default users are:
-
-admin
-Should not be changed or removed.
-
-anonymoose
-The guest user. Should not be changed or removed.
-
-
-Default user groups are:
-
-Administration
-Default admin user group. Should not be changed or removed.
-
-Users
-Default user group. Should not be changed or removed.
-
-Anonymous
-Guest user group. Should not be changed or removed.
* @return void
*/
protected function _loginActions() {
- # @todo:
- # garbage collection for error files
-
# clean old sessions on session table
$timeframe = date("Y-m-d H:i:s",time()-SESSION_LIFETIME);
$queryStr = "DELETE FROM `".DB_PREFIX."_userSession`
if(($result = $query->fetch_assoc()) != false) {
$ret = $this->_mergeEntryWithFields($result, $_entryFields);
+ $ret['rights'] = Summoner::prepareRightsArray($result['rights']);
$ret['_canDelete'] = $this->_canDelete($entryId);
+ $ret['_isOwner'] = $this->_isOwner($result);
}
}
if(DEBUG) error_log("[DEBUG] ".__METHOD__." data: ".var_export($data,true));
- //@todo there is no setting for individual rights available yet
if(!empty($data) && !empty($owner) && !empty($group) && !empty($rights)) {
// create the queryData array
if(!empty($queryData['init'])) {
- $queryStr = "INSERT INTO `".DB_PREFIX."_collection_entry_".$this->_collectionId."`";
- if($update !== false && is_numeric($update)) {
- $queryStr = "UPDATE `".DB_PREFIX."_collection_entry_".$this->_collectionId."`";
- }
- $queryStr .= " SET
- `modificationuser` = '".$this->_DB->real_escape_string($owner)."',
+ $queryStr = "INSERT INTO `".DB_PREFIX."_collection_entry_".$this->_collectionId."`
+ SET `modificationuser` = '".$this->_DB->real_escape_string($owner)."',
`owner` = '".$this->_DB->real_escape_string($owner)."',
`group` = '".$this->_DB->real_escape_string($group)."',
`rights`= '".$this->_DB->real_escape_string($rights)."',";
+ if($update !== false && is_numeric($update)) {
+ $queryStr = "UPDATE `".DB_PREFIX."_collection_entry_".$this->_collectionId."`
+ SET `modificationuser` = '".$this->_DB->real_escape_string($owner)."',
+ `rights`= '".$this->_DB->real_escape_string($rights)."',";
+ }
$queryStr .= implode(", ",$queryData['init']);
if($update !== false && is_numeric($update)) {
$queryStr .= " WHERE `id` = '".$this->_DB->real_escape_string($update)."'";
$queryStr = "SELECT `id`
FROM `".DB_PREFIX."_collection_entry_".$this->_collectionId."`
WHERE `id` = '".$this->_DB->real_escape_string($entryId)."'
- AND " . $this->_User->getSQLRightsString("delete") . "";
+ AND ".$this->_User->getSQLRightsString("delete")."";
if(QUERY_DEBUG) error_log("[QUERY] ".__METHOD__." query: ".var_export($queryStr,true));
try {
$query = $this->_DB->query($queryStr);
}
}
}
+
+
+ /**
+ * If the given entry has the current user as its owner
+ * or if root
+ *
+ * @param $data array The entry data from getEditData
+ * @return bool
+ */
+ private function _isOwner($data) {
+ $ret = false;
+
+ if($this->_User->param('isRoot')) {
+ $ret = true;
+ }
+ elseif($data['owner'] == $this->_User->param('id')) {
+ $ret = true;
+ }
+
+ return $ret;
+ }
}
</select>
</div>
</div>
- <hr class="uk-margin-large">
+ <hr class="uk-margin-medium">
<div class="uk-margin">
<label class="uk-form-label" for="owner">Owner</label>
<div class="uk-form-controls">
}
}
- if(!empty($TemplateData['editData']['_canDelete'])) {
+ if(!empty($TemplateData['editData']['_isOwner'])) {
?>
+ <div class="uk-margin">
+ <div class="uk-form-label">Rights</div>
+ <div class="uk-form-controls uk-form-controls-text">
+ <table class="uk-table uk-table-small">
+ <tr>
+ <th>User</th>
+ <th>Group</th>
+ <th>Other</th>
+ </tr>
+ <tr>
+ <td>
+ <label>r:<input class="uk-checkbox" type="checkbox" name="fdata[rights][user][read]" value="1"
+ <?php if(Summoner::ifsetValue($TemplateData['editData']['rights']['user'], 'read', 'r')) echo "checked"; ?>></label>
+ <label>w:<input class="uk-checkbox" type="checkbox" name="fdata[rights][user][write]" value="1"
+ <?php if(Summoner::ifsetValue($TemplateData['editData']['rights']['user'], 'write', 'w')) echo "checked"; ?>></label>
+ <label>x:<input class="uk-checkbox" type="checkbox" name="fdata[rights][user][delete]" value="1"
+ <?php if(Summoner::ifsetValue($TemplateData['editData']['rights']['user'], 'delete', 'x')) echo "checked"; ?>></label>
+ </td>
+ <td>
+ <label>r:<input class="uk-checkbox" type="checkbox" name="fdata[rights][group][read]" value="1"
+ <?php if(Summoner::ifsetValue($TemplateData['editData']['rights']['group'], 'read', 'r')) echo "checked"; ?>></label>
+ <label>w:<input class="uk-checkbox" type="checkbox" name="fdata[rights][group][write]" value="1"
+ <?php if(Summoner::ifsetValue($TemplateData['editData']['rights']['group'], 'write', 'w')) echo "checked"; ?>></label>
+ <label>x:<input class="uk-checkbox" type="checkbox" name="fdata[rights][group][delete]" value="1"
+ <?php if(Summoner::ifsetValue($TemplateData['editData']['rights']['group'], 'delete', 'x')) echo "checked"; ?>></label>
+ </td>
+ <td>
+ <label>r:<input class="uk-checkbox" type="checkbox" name="fdata[rights][other][read]" value="1"
+ <?php if(Summoner::ifsetValue($TemplateData['editData']['rights']['other'], 'read', 'r')) echo "checked"; ?>></label>
+ <label>w:<input class="uk-checkbox" type="checkbox" name="fdata[rights][other][write]" value="1"
+ <?php if(Summoner::ifsetValue($TemplateData['editData']['rights']['other'], 'write', 'w')) echo "checked"; ?>></label>
+ <label>x:<input class="uk-checkbox" type="checkbox" name="fdata[rights][other][delete]" value="1"
+ <?php if(Summoner::ifsetValue($TemplateData['editData']['rights']['other'], 'delete', 'x')) echo "checked"; ?>></label>
+ </td>
+ </tr>
+ </table>
+ </div>
+ </div>
+
+ <?php } ?>
+
+ <?php if(!empty($TemplateData['editData']['_canDelete'])) { ?>
+
+ <hr class="uk-margin-medium">
<div class="uk-margin">
<div class="uk-form-label">Delete <span uk-icon="warning"></span></div>
<div class="uk-form-controls uk-form-controls-text">
}
$_fieldsToSave = array();
if (!empty($fdata)) {
- // @todo there is no setting for individual rights available yet, use the collection rights for now.
+ // default
$_owner = $Doomguy->param('id');
$_group = $Trite->param('group');
$_rights = $Trite->param('rights');
+ if(!empty($fdata['rights'])) {
+ $_rightsString = Summoner::prepareRightsString($fdata['rights']);
+ if(!empty($_rightsString)) {
+ $_rights = $_rightsString;
+ }
+ }
+
foreach ($TemplateData['editFields'] as $fieldId=>$fieldData) {
if(isset($fdata[$fieldData['identifier']])) {
$_value = trim($fdata[$fieldData['identifier']]);
$fieldData['deleteData'] = $fdata[$fieldData['identifier']."_delete"];
}
// special case upload
- // $_FILES data is combinend
+ // $_FILES data is combined
$fieldData['uploadData'] = $fupload;
$_fieldsToSave[$fieldData['identifier']] = $fieldData;
<div class="uk-form-controls uk-form-controls-text">
<label>
<input class="uk-checkbox" type="checkbox" name="fdata[doDelete]" value="1">
+ Warning: Content owned by this user will not be deleted and thus only manageable by admin!<br />
+ Better disable the user if there is content.
</label>
</div>
</div>
projects / bibliotheca-php.git / commitdiff