From d4cd81d862033f80450d536acc5f3a08ec4a53f2 Mon Sep 17 00:00:00 2001
From: Banana <mail@bananas-playground.net>
Date: Fri, 8 Jan 2021 12:48:26 +0100
Subject: [PATCH] entry user rights managable

---
 CHANGELOG                                     |  1 +
 ...ment.txt => usermanagement-and-rights.txt} | 13 ++++++
 webclient/lib/doomguy.class.php               |  3 --
 webclient/lib/manageentry.class.php           | 39 ++++++++++++----
 .../managecolletions/managecolletions.html    |  2 +-
 .../view/default/manageentry/manageentry.html | 46 ++++++++++++++++++-
 .../view/default/manageentry/manageentry.php  | 11 ++++-
 .../view/default/manageusers/manageusers.html |  2 +
 8 files changed, 102 insertions(+), 15 deletions(-)
 rename documentation/{usermanagement.txt => usermanagement-and-rights.txt} (50%)

diff --git a/CHANGELOG b/CHANGELOG
index 0bc865f..646be51 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -4,6 +4,7 @@
 	* api has its own log file now.
 	* User profile for editing own settings.
 	* Collection management has the option to update entry rights with the collection ones.
+	* Entry rights can now be managed. More info about user and rights can be found in documentation.
 
 1.0 - Castle 20210106
 	* First usable version
diff --git a/documentation/usermanagement.txt b/documentation/usermanagement-and-rights.txt
similarity index 50%
rename from documentation/usermanagement.txt
rename to documentation/usermanagement-and-rights.txt
index 9780596..aba4b04 100644
--- a/documentation/usermanagement.txt
+++ b/documentation/usermanagement-and-rights.txt
@@ -19,3 +19,16 @@ Default user group. Should not be changed or removed.
 
 Anonymous
 Guest user group. Should not be changed or removed.
+
+
+## Rights
+A user can be in multiple groups.
+A collection has one owner and one group.
+An entry has one owner and group.
+
+The entries will be given the owner if its creator and group of its collection.
+Rights can be modified. (Default are the rights of the collection)
+
+A user can have multiple private collections.
+A user can have multiple private entries within a collection.
+There are no different groups within a collection.
diff --git a/webclient/lib/doomguy.class.php b/webclient/lib/doomguy.class.php
index bc55e03..3058afd 100644
--- a/webclient/lib/doomguy.class.php
+++ b/webclient/lib/doomguy.class.php
@@ -395,9 +395,6 @@ class Doomguy {
 	 * @return void
 	 */
 	protected function _loginActions() {
-		# @todo:
-		# garbage collection for error files
-
 		# clean old sessions on session table
 		$timeframe = date("Y-m-d H:i:s",time()-SESSION_LIFETIME);
 		$queryStr = "DELETE FROM `".DB_PREFIX."_userSession`
diff --git a/webclient/lib/manageentry.class.php b/webclient/lib/manageentry.class.php
index d713d8e..82fe6f9 100644
--- a/webclient/lib/manageentry.class.php
+++ b/webclient/lib/manageentry.class.php
@@ -138,7 +138,9 @@ class Manageentry {
 
 					if(($result = $query->fetch_assoc()) != false) {
 						$ret = $this->_mergeEntryWithFields($result, $_entryFields);
+						$ret['rights'] = Summoner::prepareRightsArray($result['rights']);
 						$ret['_canDelete'] = $this->_canDelete($entryId);
+						$ret['_isOwner'] = $this->_isOwner($result);
 					}
 
 				}
@@ -166,7 +168,6 @@ class Manageentry {
 
 		if(DEBUG) error_log("[DEBUG] ".__METHOD__." data: ".var_export($data,true));
 
-		//@todo there is no setting for individual rights available yet
 		if(!empty($data) && !empty($owner) && !empty($group) && !empty($rights)) {
 
 			// create the queryData array
@@ -189,15 +190,16 @@ class Manageentry {
 			if(!empty($queryData['init'])) {
 
 
-				$queryStr = "INSERT INTO `".DB_PREFIX."_collection_entry_".$this->_collectionId."`";
-				if($update !== false && is_numeric($update)) {
-					$queryStr = "UPDATE `".DB_PREFIX."_collection_entry_".$this->_collectionId."`";
-				}
-				$queryStr .= " SET
-								`modificationuser` = '".$this->_DB->real_escape_string($owner)."',
+				$queryStr = "INSERT INTO `".DB_PREFIX."_collection_entry_".$this->_collectionId."`
+								SET `modificationuser` = '".$this->_DB->real_escape_string($owner)."',
 								`owner` = '".$this->_DB->real_escape_string($owner)."',
 								`group` = '".$this->_DB->real_escape_string($group)."',
 								`rights`= '".$this->_DB->real_escape_string($rights)."',";
+				if($update !== false && is_numeric($update)) {
+					$queryStr = "UPDATE `".DB_PREFIX."_collection_entry_".$this->_collectionId."`
+								SET `modificationuser` = '".$this->_DB->real_escape_string($owner)."',
+								`rights`= '".$this->_DB->real_escape_string($rights)."',";
+				}
 				$queryStr .= implode(", ",$queryData['init']);
 				if($update !== false && is_numeric($update)) {
 					$queryStr .= " WHERE `id` = '".$this->_DB->real_escape_string($update)."'";
@@ -352,7 +354,7 @@ class Manageentry {
 			$queryStr = "SELECT `id`
 						FROM `".DB_PREFIX."_collection_entry_".$this->_collectionId."`
 						WHERE `id` = '".$this->_DB->real_escape_string($entryId)."'
-							AND " . $this->_User->getSQLRightsString("delete") . "";
+							AND ".$this->_User->getSQLRightsString("delete")."";
 			if(QUERY_DEBUG) error_log("[QUERY] ".__METHOD__." query: ".var_export($queryStr,true));
 			try {
 				$query = $this->_DB->query($queryStr);
@@ -761,4 +763,25 @@ class Manageentry {
 			}
 		}
 	}
+
+
+	/**
+	 * If the given entry has the current user as its owner
+	 * or if root
+	 *
+	 * @param $data array The entry data from getEditData
+	 * @return bool
+	 */
+	private function _isOwner($data) {
+		$ret = false;
+
+		if($this->_User->param('isRoot')) {
+			$ret = true;
+		}
+		elseif($data['owner'] == $this->_User->param('id')) {
+			$ret = true;
+		}
+
+		return $ret;
+	}
 }
diff --git a/webclient/view/default/managecolletions/managecolletions.html b/webclient/view/default/managecolletions/managecolletions.html
index a127e55..197095e 100644
--- a/webclient/view/default/managecolletions/managecolletions.html
+++ b/webclient/view/default/managecolletions/managecolletions.html
@@ -48,7 +48,7 @@
 					</select>
 				</div>
 			</div>
-			<hr class="uk-margin-large">
+			<hr class="uk-margin-medium">
 			<div class="uk-margin">
 				<label class="uk-form-label" for="owner">Owner</label>
 				<div class="uk-form-controls">
diff --git a/webclient/view/default/manageentry/manageentry.html b/webclient/view/default/manageentry/manageentry.html
index f57e59d..4bb6397 100644
--- a/webclient/view/default/manageentry/manageentry.html
+++ b/webclient/view/default/manageentry/manageentry.html
@@ -26,9 +26,53 @@ if(!empty($TemplateData['editFields'])) {
 				}
 			}
 
-			if(!empty($TemplateData['editData']['_canDelete'])) {
+			if(!empty($TemplateData['editData']['_isOwner'])) {
 			?>
 
+			<div class="uk-margin">
+				<div class="uk-form-label">Rights</div>
+				<div class="uk-form-controls uk-form-controls-text">
+					<table class="uk-table uk-table-small">
+						<tr>
+							<th>User</th>
+							<th>Group</th>
+							<th>Other</th>
+						</tr>
+						<tr>
+							<td>
+								<label>r:<input class="uk-checkbox" type="checkbox" name="fdata[rights][user][read]" value="1"
+									<?php if(Summoner::ifsetValue($TemplateData['editData']['rights']['user'], 'read', 'r')) echo "checked"; ?>></label>
+								<label>w:<input class="uk-checkbox" type="checkbox" name="fdata[rights][user][write]" value="1"
+									<?php if(Summoner::ifsetValue($TemplateData['editData']['rights']['user'], 'write', 'w')) echo "checked"; ?>></label>
+								<label>x:<input class="uk-checkbox" type="checkbox" name="fdata[rights][user][delete]" value="1"
+									<?php if(Summoner::ifsetValue($TemplateData['editData']['rights']['user'], 'delete', 'x')) echo "checked"; ?>></label>
+							</td>
+							<td>
+								<label>r:<input class="uk-checkbox" type="checkbox" name="fdata[rights][group][read]" value="1"
+									<?php if(Summoner::ifsetValue($TemplateData['editData']['rights']['group'], 'read', 'r')) echo "checked"; ?>></label>
+								<label>w:<input class="uk-checkbox" type="checkbox" name="fdata[rights][group][write]" value="1"
+									<?php if(Summoner::ifsetValue($TemplateData['editData']['rights']['group'], 'write', 'w')) echo "checked"; ?>></label>
+								<label>x:<input class="uk-checkbox" type="checkbox" name="fdata[rights][group][delete]" value="1"
+									<?php if(Summoner::ifsetValue($TemplateData['editData']['rights']['group'], 'delete', 'x')) echo "checked"; ?>></label>
+							</td>
+							<td>
+								<label>r:<input class="uk-checkbox" type="checkbox" name="fdata[rights][other][read]" value="1"
+									<?php if(Summoner::ifsetValue($TemplateData['editData']['rights']['other'], 'read', 'r')) echo "checked"; ?>></label>
+								<label>w:<input class="uk-checkbox" type="checkbox" name="fdata[rights][other][write]" value="1"
+									<?php if(Summoner::ifsetValue($TemplateData['editData']['rights']['other'], 'write', 'w')) echo "checked"; ?>></label>
+								<label>x:<input class="uk-checkbox" type="checkbox" name="fdata[rights][other][delete]" value="1"
+									<?php if(Summoner::ifsetValue($TemplateData['editData']['rights']['other'], 'delete', 'x')) echo "checked"; ?>></label>
+							</td>
+						</tr>
+					</table>
+				</div>
+			</div>
+
+			<?php } ?>
+
+			<?php if(!empty($TemplateData['editData']['_canDelete'])) { ?>
+
+			<hr class="uk-margin-medium">
 			<div class="uk-margin">
 				<div class="uk-form-label">Delete <span uk-icon="warning"></span></div>
 				<div class="uk-form-controls uk-form-controls-text">
diff --git a/webclient/view/default/manageentry/manageentry.php b/webclient/view/default/manageentry/manageentry.php
index 93c38be..29720e1 100644
--- a/webclient/view/default/manageentry/manageentry.php
+++ b/webclient/view/default/manageentry/manageentry.php
@@ -70,11 +70,18 @@ if(!empty($_collection)) {
 			}
 			$_fieldsToSave = array();
 			if (!empty($fdata)) {
-				// @todo there is no setting for individual rights available yet, use the collection rights for now.
+				// default
 				$_owner = $Doomguy->param('id');
 				$_group = $Trite->param('group');
 				$_rights = $Trite->param('rights');
 
+				if(!empty($fdata['rights'])) {
+					$_rightsString = Summoner::prepareRightsString($fdata['rights']);
+					if(!empty($_rightsString)) {
+						$_rights = $_rightsString;
+					}
+				}
+
 				foreach ($TemplateData['editFields'] as $fieldId=>$fieldData) {
 					if(isset($fdata[$fieldData['identifier']])) {
 						$_value = trim($fdata[$fieldData['identifier']]);
@@ -85,7 +92,7 @@ if(!empty($_collection)) {
 							$fieldData['deleteData'] = $fdata[$fieldData['identifier']."_delete"];
 						}
 						// special case upload
-						// $_FILES data is combinend
+						// $_FILES data is combined
 						$fieldData['uploadData'] = $fupload;
 
 						$_fieldsToSave[$fieldData['identifier']] = $fieldData;
diff --git a/webclient/view/default/manageusers/manageusers.html b/webclient/view/default/manageusers/manageusers.html
index 0e4315e..ef01b58 100644
--- a/webclient/view/default/manageusers/manageusers.html
+++ b/webclient/view/default/manageusers/manageusers.html
@@ -59,6 +59,8 @@
 				<div class="uk-form-controls uk-form-controls-text">
 					<label>
 						<input class="uk-checkbox" type="checkbox" name="fdata[doDelete]" value="1">
+						Warning: Content owned by this user will not be deleted and thus only manageable by admin!<br />
+						Better disable the user if there is content.
 					</label>
 				</div>
 			</div>
-- 
2.39.5