From e8fd35d558a0ec64be13cb6971b7e4dfac92e808 Mon Sep 17 00:00:00 2001 From: Banana Date: Thu, 7 Jan 2021 13:02:58 +0100 Subject: [PATCH] improvements in rights. Not finished yet but looks good --- upgrade/from-version-1.0.txt | 6 +++- webclient/config/config.php.default | 1 - webclient/lib/manageentry.class.php | 4 +-- webclient/lib/trite.class.php | 36 +++++++++++++++++-- .../view/default/manageentry/manageentry.php | 24 ++++++------- .../view/default/managetags/managetags.php | 8 +++-- 6 files changed, 59 insertions(+), 20 deletions(-) diff --git a/upgrade/from-version-1.0.txt b/upgrade/from-version-1.0.txt index 76ccad7..c3d96be 100644 --- a/upgrade/from-version-1.0.txt +++ b/upgrade/from-version-1.0.txt @@ -2,7 +2,11 @@ Please copy the new config/config.php.default to config/config.php and adapt the settings which you have on the old config files. After that you can delete config/database|path|system files. -# DB changes. Run each line against your bibliotheca DB +# Deletion of config definition +The definition of USER_DEFAULT_RIGHTS_STRING can be removed from config file. + +# DB changes. Run each line against your bibliotheca DB. UPDATE `bib_menu` SET `rights` = 'rw-rw----' WHERE `bib_menu`.`id` = 10; UPDATE `bib_menu` SET `group` = '2' WHERE `bib_menu`.`id` = 10; INSERT INTO `bib_menu` (`id`, `text`, `action`, `icon`, `owner`, `group`, `rights`, `position`, `category`) VALUES (NULL, 'Profile', 'profile', 'user', '1', '2', 'rw-rw----', '5', 'manage'); +DELETE FROM `bib_menu` WHERE `bib_menu`.`id` = 13; diff --git a/webclient/config/config.php.default b/webclient/config/config.php.default index 8ed6cf6..e6ef303 100644 --- a/webclient/config/config.php.default +++ b/webclient/config/config.php.default @@ -47,7 +47,6 @@ define('SESSION_NAME', "bibliotheca-session"); define('SESSION_SAVE_PATH', PATH_SYSTEMOUT.'/session'); # usersettings -define('USER_DEFAULT_RIGHTS_STRING','rwxrwx---'); define('ADMIN_GROUP_ID','1'); define('ANON_USER_ID','2'); define('ANON_GROUP_ID','3'); diff --git a/webclient/lib/manageentry.class.php b/webclient/lib/manageentry.class.php index ee08692..d713d8e 100644 --- a/webclient/lib/manageentry.class.php +++ b/webclient/lib/manageentry.class.php @@ -66,7 +66,7 @@ class Manageentry { /** * Set the collection to manage entries from * - * @param sring $collectionId Number + * @param string $collectionId Number */ public function setCollection($collectionId) { if(!empty($collectionId)) { @@ -319,7 +319,7 @@ class Manageentry { $queryStr = "SELECT `id` FROM `".DB_PREFIX."_collection_entry_".$this->_collectionId."` WHERE `id` = '".$this->_DB->real_escape_string($entryId)."' - AND " . $this->_User->getSQLRightsString("write") . ""; + AND ".$this->_User->getSQLRightsString("write").""; if(QUERY_DEBUG) error_log("[QUERY] ".__METHOD__." query: ".var_export($queryStr,true)); try { $query = $this->_DB->query($queryStr); diff --git a/webclient/lib/trite.class.php b/webclient/lib/trite.class.php index 59c35ca..211142a 100644 --- a/webclient/lib/trite.class.php +++ b/webclient/lib/trite.class.php @@ -156,14 +156,14 @@ class Trite { * * @return array */ - public function getCollections() { + public function getCollections($rightsMode="read") { $ret = array(); $queryStr = "SELECT `c`.`id`, `c`.`name`, `c`.`description` FROM `".DB_PREFIX."_collection` AS c LEFT JOIN `".DB_PREFIX."_user` AS u ON `c`.`owner` = `u`.`id` LEFT JOIN `".DB_PREFIX."_group` AS g ON `c`.`group` = `g`.`id` - WHERE ".$this->_User->getSQLRightsString("read", "c")." + WHERE ".$this->_User->getSQLRightsString($rightsMode, "c")." ORDER BY `c`.`name`"; if(QUERY_DEBUG) error_log("[QUERY] ".__METHOD__." query: ".var_export($queryStr,true)); try { @@ -185,6 +185,8 @@ class Trite { /** * Fields for the loaded collection. * + * Works only if collection is already loaded and thus rights are validated + * * @return array */ public function getCollectionFields() { @@ -215,6 +217,8 @@ class Trite { * Possible optimization can be done here: Do not load everything at once, but per field * Needs also change in frontend to separate those calls * + * Works only if collection is already loaded and thus rights are validated + * * @param string $search String value to search value against * @return array */ @@ -257,6 +261,34 @@ class Trite { return $ret; } + /** + * Load the tools configured for the current loaded collection + * + * @return array + */ + public function getAvailableTools() { + $ret = array(); + + $queryStr = "SELECT `t`.`id`, `t`.`name`, `t`.`description`, `t`.`action`, `t`.`target` + FROM `".DB_PREFIX."_tool2collection` AS t2c + LEFT JOIN `".DB_PREFIX."_tool` AS t ON t2c.fk_collection_id = t.id + WHERE t2c.fk_collection_id = '".$this->_DB->real_escape_string($this->_id)."'"; + if(QUERY_DEBUG) error_log("[QUERY] ".__METHOD__." query: ".var_export($queryStr,true)); + try { + $query = $this->_DB->query($queryStr); + if($query !== false && $query->num_rows > 0) { + while(($result = $query->fetch_assoc()) != false) { + $ret[$result['id']] = $result; + } + } + } + catch (Exception $e) { + error_log("[ERROR] ".__METHOD__." mysql catch: ".$e->getMessage()); + } + + return $ret; + } + /** * set some defaults by init of the class * diff --git a/webclient/view/default/manageentry/manageentry.php b/webclient/view/default/manageentry/manageentry.php index 78bd33f..93c38be 100644 --- a/webclient/view/default/manageentry/manageentry.php +++ b/webclient/view/default/manageentry/manageentry.php @@ -16,8 +16,8 @@ * limitations under the License. */ -require_once 'lib/managecollections.class.php'; -$ManangeCollections = new ManageCollections($DB,$Doomguy); +require_once 'lib/trite.class.php'; +$Trite = new Trite($DB,$Doomguy); require_once 'lib/manageentry.class.php'; $ManangeEntry = new Manageentry($DB,$Doomguy); @@ -42,14 +42,13 @@ if(isset($_GET['id']) && !empty($_GET['id'])) { } if(!empty($_collection)) { - $setCollection = $ManangeCollections->getCollection($_collection, "write"); + $TemplateData['loadedCollection'] = $Trite->load($_collection, "write"); - if(!empty($setCollection)) { - $ManangeEntry->setCollection($_collection); - $TemplateData['loadedCollection'] = $setCollection; + if(!empty($TemplateData['loadedCollection'])) { + $ManangeEntry->setCollection($Trite->param('id')); $TemplateData['editFields'] = $ManangeEntry->getEditFields(); - $TemplateData['availableTools'] = $ManangeCollections->getAvailableTools($_collection); + $TemplateData['availableTools'] = $Trite->getAvailableTools(); if(!empty($_id)) { $TemplateData['storagePath'] = PATH_WEB_STORAGE . '/' . $_collection . '/' . $_id; @@ -71,10 +70,10 @@ if(!empty($_collection)) { } $_fieldsToSave = array(); if (!empty($fdata)) { - // @todo there is no setting for individual rights available yet + // @todo there is no setting for individual rights available yet, use the collection rights for now. $_owner = $Doomguy->param('id'); - $_group = $Doomguy->param('baseGroupId'); - $_rights = 'rwxrwxr--'; + $_group = $Trite->param('group'); + $_rights = $Trite->param('rights'); foreach ($TemplateData['editFields'] as $fieldId=>$fieldData) { if(isset($fdata[$fieldData['identifier']])) { @@ -118,7 +117,7 @@ if(!empty($_collection)) { if (!empty($_fieldsToSave) && isset($_fieldsToSave['title'])) { $do = $ManangeEntry->create($_fieldsToSave, $_owner, $_group, $_rights); if (!empty($do)) { - $TemplateData['message']['content'] = "New entry: ".$do.""; + $TemplateData['message']['content'] = "View your new entry"; $TemplateData['message']['status'] = "success"; } else { // use editData to display given data @@ -139,8 +138,9 @@ if(!empty($_collection)) { else { $TemplateData['message']['content'] = "Collection could not be loaded."; $TemplateData['message']['status'] = "error"; + $TemplateData['existingCollections'] = $Trite->getCollections("write"); } } else { - $TemplateData['existingCollections'] = $ManangeCollections->getCollections(); + $TemplateData['existingCollections'] = $Trite->getCollections("write"); } diff --git a/webclient/view/default/managetags/managetags.php b/webclient/view/default/managetags/managetags.php index e7b8116..4560353 100644 --- a/webclient/view/default/managetags/managetags.php +++ b/webclient/view/default/managetags/managetags.php @@ -37,7 +37,7 @@ $TemplateData['loadedCollection'] = array(); $TemplateData['collections'] = array(); if(!empty($_collection)) { - $TemplateData['loadedCollection'] = $Trite->load($_collection); + $TemplateData['loadedCollection'] = $Trite->load($_collection, "write"); if(!empty($TemplateData['loadedCollection'])) { $ManageTags->setCollection($_collection); if(isset($_POST['submitForm'])) { @@ -64,6 +64,10 @@ if(!empty($_collection)) { } else { $TemplateData['tags'] = $Trite->getTags(); + if(empty($TemplateData['tags'])) { + $TemplateData['message']['content'] = "No tags available or something went wrong."; + $TemplateData['message']['status'] = "warning"; + } } } else { @@ -72,5 +76,5 @@ if(!empty($_collection)) { } } else { - $TemplateData['collections'] = $Trite->getCollections(); + $TemplateData['collections'] = $Trite->getCollections("write"); } -- 2.39.5