App creation completed
This commit is contained in:
Flatlogic Bot
parent
53eb27812c
commit
5f68d7fe5b
@ -1,27 +1,40 @@
|
||||
<?php
|
||||
require_once 'auth-check.php';
|
||||
require_once 'db/config.php';
|
||||
require_once 'auth-check.php';
|
||||
require_once 'auth-helpers.php';
|
||||
|
||||
if (!can($_SESSION['user_role'], 'asset', 'create')) {
|
||||
header('Location: index.php?error=access_denied');
|
||||
exit;
|
||||
}
|
||||
|
||||
$allowed_fields_str = can($_SESSION['user_role'], 'asset', 'create');
|
||||
$allowed_fields = ($allowed_fields_str === '*') ? ['name', 'asset_tag', 'status', 'location', 'manufacturer', 'model', 'purchase_date'] : explode(',', $allowed_fields_str);
|
||||
|
||||
$success_message = '';
|
||||
$error_message = '';
|
||||
|
||||
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
||||
$name = $_POST['name'] ?? '';
|
||||
$asset_tag = $_POST['asset_tag'] ?? '';
|
||||
$status = $_POST['status'] ?? 'In Service';
|
||||
$location = $_POST['location'] ?? '';
|
||||
$manufacturer = $_POST['manufacturer'] ?? '';
|
||||
$model = $_POST['model'] ?? '';
|
||||
$purchase_date = $_POST['purchase_date'] ?? '';
|
||||
$data = [];
|
||||
$placeholders = [];
|
||||
$columns = [];
|
||||
|
||||
if (empty($name) || empty($asset_tag) || empty($purchase_date)) {
|
||||
$error_message = 'Please fill in all required fields: Name, Asset Tag, and Purchase Date.';
|
||||
foreach ($allowed_fields as $field) {
|
||||
if (isset($_POST[$field])) {
|
||||
$data[] = $_POST[$field];
|
||||
$columns[] = $field;
|
||||
$placeholders[] = '?';
|
||||
}
|
||||
}
|
||||
|
||||
if (empty($data)) {
|
||||
$error_message = 'No data submitted.';
|
||||
} else {
|
||||
try {
|
||||
$pdo = db();
|
||||
$sql = "INSERT INTO assets (name, asset_tag, status, location, manufacturer, model, purchase_date) VALUES (?, ?, ?, ?, ?, ?, ?)";
|
||||
$sql = sprintf("INSERT INTO assets (%s) VALUES (%s)", implode(', ', $columns), implode(', ', $placeholders));
|
||||
$stmt = $pdo->prepare($sql);
|
||||
$stmt->execute([$name, $asset_tag, $status, $location, $manufacturer, $model, $purchase_date]);
|
||||
$stmt->execute($data);
|
||||
|
||||
header("Location: index.php?success=asset_added");
|
||||
exit;
|
||||
@ -49,48 +62,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
||||
<body>
|
||||
|
||||
<div class="wrapper">
|
||||
<nav id="sidebar" class="d-flex flex-column flex-shrink-0 p-3">
|
||||
<a href="/" class="d-flex align-items-center mb-3 mb-md-0 me-md-auto text-decoration-none">
|
||||
<span class="fs-4">IC-Inventory</span>
|
||||
</a>
|
||||
<hr>
|
||||
<ul class="nav nav-pills flex-column mb-auto">
|
||||
<li class="nav-item">
|
||||
<a href="index.php" class="nav-link" aria-current="page">
|
||||
<i data-feather="home" class="me-2"></i>
|
||||
Dashboard
|
||||
</a>
|
||||
</li>
|
||||
<li>
|
||||
<a href="index.php" class="nav-link active">
|
||||
<i data-feather="box" class="me-2"></i>
|
||||
Assets
|
||||
</a>
|
||||
</li>
|
||||
<?php if ($_SESSION['user_role'] === 'Admin'): ?>
|
||||
<li>
|
||||
<a href="users.php" class="nav-link">
|
||||
<i data-feather="users" class="me-2"></i>
|
||||
Users
|
||||
</a>
|
||||
</li>
|
||||
<?php endif; ?>
|
||||
<li>
|
||||
<a href="#" class="nav-link">
|
||||
<i data-feather="settings" class="me-2"></i>
|
||||
Settings
|
||||
</a>
|
||||
</li>
|
||||
</ul>
|
||||
<hr>
|
||||
<div>
|
||||
<span class="d-flex align-items-center text-decoration-none"><strong><?php echo htmlspecialchars($_SESSION['user_name']); ?></strong></span>
|
||||
<a href="logout.php" class="d-flex align-items-center text-decoration-none">
|
||||
<i data-feather="log-out" class="me-2"></i>
|
||||
<strong>Logout</strong>
|
||||
</a>
|
||||
</div>
|
||||
</nav>
|
||||
<?php require_once 'templates/sidebar.php'; ?>
|
||||
|
||||
<main id="content">
|
||||
<div class="header">
|
||||
@ -107,16 +79,21 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
||||
|
||||
<form action="add-asset.php" method="post">
|
||||
<div class="row">
|
||||
<?php if (in_array('name', $allowed_fields)): ?>
|
||||
<div class="col-md-6 mb-3">
|
||||
<label for="name" class="form-label">Asset Name*</label>
|
||||
<input type="text" class="form-control" id="name" name="name" required>
|
||||
</div>
|
||||
<?php endif; ?>
|
||||
<?php if (in_array('asset_tag', $allowed_fields)): ?>
|
||||
<div class="col-md-6 mb-3">
|
||||
<label for="asset_tag" class="form-label">Asset Tag*</label>
|
||||
<input type="text" class="form-control" id="asset_tag" name="asset_tag" required>
|
||||
</div>
|
||||
<?php endif; ?>
|
||||
</div>
|
||||
<div class="row">
|
||||
<?php if (in_array('status', $allowed_fields)): ?>
|
||||
<div class="col-md-6 mb-3">
|
||||
<label for="status" class="form-label">Status</label>
|
||||
<select class="form-select" id="status" name="status">
|
||||
@ -125,25 +102,34 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
||||
<option>Retired</option>
|
||||
</select>
|
||||
</div>
|
||||
<?php endif; ?>
|
||||
<?php if (in_array('location', $allowed_fields)): ?>
|
||||
<div class="col-md-6 mb-3">
|
||||
<label for="location" class="form-label">Location</label>
|
||||
<input type="text" class="form-control" id="location" name="location">
|
||||
</div>
|
||||
<?php endif; ?>
|
||||
</div>
|
||||
<div class="row">
|
||||
<?php if (in_array('manufacturer', $allowed_fields)): ?>
|
||||
<div class="col-md-6 mb-3">
|
||||
<label for="manufacturer" class="form-label">Manufacturer</label>
|
||||
<input type="text" class="form-control" id="manufacturer" name="manufacturer">
|
||||
</div>
|
||||
<?php endif; ?>
|
||||
<?php if (in_array('model', $allowed_fields)): ?>
|
||||
<div class="col-md-6 mb-3">
|
||||
<label for="model" class="form-label">Model</label>
|
||||
<input type="text" class="form-control" id="model" name="model">
|
||||
</div>
|
||||
<?php endif; ?>
|
||||
</div>
|
||||
<?php if (in_array('purchase_date', $allowed_fields)): ?>
|
||||
<div class="mb-3">
|
||||
<label for="purchase_date" class="form-label">Purchase Date*</label>
|
||||
<input type="date" class="form-control" id="purchase_date" name="purchase_date" required>
|
||||
</div>
|
||||
<?php endif; ?>
|
||||
|
||||
<button type="submit" class="btn btn-primary">Add Asset</button>
|
||||
<a href="index.php" class="btn btn-secondary">Cancel</a>
|
||||
@ -158,4 +144,4 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
||||
feather.replace();
|
||||
</script>
|
||||
</body>
|
||||
</html>
|
||||
</html>
|
||||
89
add-user.php
89
add-user.php
@ -1,10 +1,12 @@
|
||||
<?php
|
||||
require_once 'db/config.php';
|
||||
require_once 'auth-check.php';
|
||||
if ($_SESSION['user_role'] !== 'Admin') {
|
||||
header("Location: index.php?error=access_denied");
|
||||
require_once 'auth-helpers.php';
|
||||
|
||||
if (!can($_SESSION['user_role'], 'user', 'create')) {
|
||||
header('Location: index.php?error=access_denied');
|
||||
exit;
|
||||
}
|
||||
require_once 'db/config.php';
|
||||
|
||||
$error_message = '';
|
||||
|
||||
@ -23,13 +25,12 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
||||
$pdo = db();
|
||||
|
||||
// Check if email already exists
|
||||
$stmt = $pdo->prepare("SELECT id FROM users WHERE email = ?");
|
||||
$stmt = $pdo->prepare('SELECT id FROM users WHERE email = ?');
|
||||
$stmt->execute([$email]);
|
||||
if ($stmt->fetch()) {
|
||||
$error_message = 'Email already exists.';
|
||||
$error_message = 'A user with this email address already exists.';
|
||||
} else {
|
||||
$hashed_password = password_hash($password, PASSWORD_DEFAULT);
|
||||
|
||||
$sql = "INSERT INTO users (name, email, password, role) VALUES (?, ?, ?, ?)";
|
||||
$stmt = $pdo->prepare($sql);
|
||||
$stmt->execute([$name, $email, $hashed_password, $role]);
|
||||
@ -49,6 +50,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
||||
<meta charset="UTF-8">
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||
<title>Add New User - IC-Inventory</title>
|
||||
<meta name="description" content="Add a new user.">
|
||||
<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/css/bootstrap.min.css" rel="stylesheet">
|
||||
<link rel="stylesheet" href="assets/css/custom.css?v=<?php echo time(); ?>">
|
||||
<link rel="preconnect" href="https://fonts.googleapis.com">
|
||||
@ -59,33 +61,14 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
||||
<body>
|
||||
|
||||
<div class="wrapper">
|
||||
<nav id="sidebar" class="d-flex flex-column flex-shrink-0 p-3">
|
||||
<a href="/" class="d-flex align-items-center mb-3 mb-md-0 me-md-auto text-decoration-none">
|
||||
<span class="fs-4">IC-Inventory</span>
|
||||
</a>
|
||||
<hr>
|
||||
<ul class="nav nav-pills flex-column mb-auto">
|
||||
<li class="nav-item"><a href="index.php" class="nav-link">Dashboard</a></li>
|
||||
<li><a href="index.php" class="nav-link">Assets</a></li>
|
||||
<?php if ($_SESSION['user_role'] === 'Admin'): ?>
|
||||
<li><a href="users.php" class="nav-link active">Users</a></li>
|
||||
<?php endif; ?>
|
||||
<li><a href="#" class="nav-link">Settings</a></li>
|
||||
</ul>
|
||||
<hr>
|
||||
<div>
|
||||
<span class="d-flex align-items-center text-decoration-none"><strong><?php echo htmlspecialchars($_SESSION['user_name']); ?></strong></span>
|
||||
<a href="logout.php" class="d-flex align-items-center text-decoration-none">
|
||||
<i data-feather="log-out" class="me-2"></i>
|
||||
<strong>Logout</strong>
|
||||
</a>
|
||||
</div>
|
||||
</nav>
|
||||
<?php require_once 'templates/sidebar.php'; ?>
|
||||
|
||||
<main id="content">
|
||||
<div class="header">
|
||||
<h1>Add New User</h1>
|
||||
<div class="theme-switcher" id="theme-switcher"><i data-feather="moon"></i></div>
|
||||
<div class="theme-switcher" id="theme-switcher">
|
||||
<i data-feather="moon"></i>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="surface p-4">
|
||||
@ -94,26 +77,30 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
||||
<?php endif; ?>
|
||||
|
||||
<form action="add-user.php" method="post">
|
||||
<div class="mb-3">
|
||||
<label for="name" class="form-label">Name*</label>
|
||||
<input type="text" class="form-control" id="name" name="name" required>
|
||||
<div class="row">
|
||||
<div class="col-md-6 mb-3">
|
||||
<label for="name" class="form-label">Full Name*</label>
|
||||
<input type="text" class="form-control" id="name" name="name" required>
|
||||
</div>
|
||||
<div class="col-md-6 mb-3">
|
||||
<label for="email" class="form-label">Email Address*</label>
|
||||
<input type="email" class="form-control" id="email" name="email" required>
|
||||
</div>
|
||||
</div>
|
||||
<div class="mb-3">
|
||||
<label for="email" class="form-label">Email*</label>
|
||||
<input type="email" class="form-control" id="email" name="email" required>
|
||||
</div>
|
||||
<div class="mb-3">
|
||||
<label for="password" class="form-label">Password*</label>
|
||||
<input type="password" class="form-control" id="password" name="password" required>
|
||||
</div>
|
||||
<div class="mb-3">
|
||||
<label for="role" class="form-label">Role</label>
|
||||
<select class="form-select" id="role" name="role">
|
||||
<option>Employee</option>
|
||||
<option>Asset Manager</option>
|
||||
<option>IT Technician</option>
|
||||
<option>Admin</option>
|
||||
</select>
|
||||
<div class="row">
|
||||
<div class="col-md-6 mb-3">
|
||||
<label for="password" class="form-label">Password*</label>
|
||||
<input type="password" class="form-control" id="password" name="password" required>
|
||||
</div>
|
||||
<div class="col-md-6 mb-3">
|
||||
<label for="role" class="form-label">Role</label>
|
||||
<select class="form-select" id="role" name="role">
|
||||
<option>Employee</option>
|
||||
<option>IT Technician</option>
|
||||
<option>Asset Manager</option>
|
||||
<option>Admin</option>
|
||||
</select>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<button type="submit" class="btn btn-primary">Add User</button>
|
||||
@ -125,6 +112,8 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
||||
|
||||
<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/js/bootstrap.bundle.min.js"></script>
|
||||
<script src="assets/js/main.js?v=<?php echo time(); ?>"></script>
|
||||
<script>feather.replace();</script>
|
||||
<script>
|
||||
feather.replace();
|
||||
</script>
|
||||
</body>
|
||||
</html>
|
||||
</html>
|
||||
30
auth-helpers.php
Normal file
30
auth-helpers.php
Normal file
@ -0,0 +1,30 @@
|
||||
<?php
|
||||
require_once 'db/config.php';
|
||||
|
||||
function can($role, $resource, $action) {
|
||||
static $permissions = null;
|
||||
|
||||
if ($permissions === null) {
|
||||
try {
|
||||
$pdo = db();
|
||||
$stmt = $pdo->query('SELECT * FROM role_permissions');
|
||||
$all_permissions = $stmt->fetchAll(PDO::FETCH_ASSOC);
|
||||
$permissions = [];
|
||||
foreach ($all_permissions as $p) {
|
||||
$permissions[$p['role']][$p['resource']][$p['action']] = $p['fields'] ?? '*';
|
||||
}
|
||||
} catch (PDOException $e) {
|
||||
// Handle database errors, maybe return false or log the error
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
if (isset($permissions[$role][$resource][$action])) {
|
||||
if (in_array($action, ['read', 'update'])) {
|
||||
return $permissions[$role][$resource][$action];
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
@ -6,12 +6,39 @@ define('DB_USER', 'app_31009');
|
||||
define('DB_PASS', '2c66b530-2a65-423a-a106-6760b49ad1a2');
|
||||
|
||||
function db() {
|
||||
static $pdo;
|
||||
if (!$pdo) {
|
||||
$pdo = new PDO('mysql:host='.DB_HOST.';dbname='.DB_NAME.';charset=utf8mb4', DB_USER, DB_PASS, [
|
||||
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
|
||||
PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
|
||||
]);
|
||||
}
|
||||
return $pdo;
|
||||
static $pdo;
|
||||
if ($pdo) {
|
||||
return $pdo;
|
||||
}
|
||||
|
||||
try {
|
||||
$pdo = new PDO('mysql:host='.DB_HOST.';dbname='.DB_NAME.';charset=utf8mb4', DB_USER, DB_PASS, [
|
||||
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
|
||||
PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
|
||||
]);
|
||||
} catch (PDOException $e) {
|
||||
// If the database doesn't exist, we can't run migrations.
|
||||
// The error will be caught and displayed on the page.
|
||||
throw $e;
|
||||
}
|
||||
|
||||
|
||||
// Migration logic
|
||||
$pdo->exec('CREATE TABLE IF NOT EXISTS migrations (migration VARCHAR(255) PRIMARY KEY)');
|
||||
$ran_migrations = $pdo->query('SELECT migration FROM migrations')->fetchAll(PDO::FETCH_COLUMN);
|
||||
|
||||
$migration_files = glob(__DIR__ . '/migrations/*.sql');
|
||||
sort($migration_files);
|
||||
|
||||
foreach ($migration_files as $file) {
|
||||
$migration_name = basename($file);
|
||||
if (!in_array($migration_name, $ran_migrations)) {
|
||||
$sql = file_get_contents($file);
|
||||
$pdo->exec($sql);
|
||||
$stmt = $pdo->prepare('INSERT INTO migrations (migration) VALUES (?)');
|
||||
$stmt->execute([$migration_name]);
|
||||
}
|
||||
}
|
||||
|
||||
return $pdo;
|
||||
}
|
||||
|
||||
40
db/migrations/003_create_permissions_table.sql
Normal file
40
db/migrations/003_create_permissions_table.sql
Normal file
@ -0,0 +1,40 @@
|
||||
CREATE TABLE IF NOT EXISTS `role_permissions` (
|
||||
`id` int(11) NOT NULL AUTO_INCREMENT,
|
||||
`role` varchar(255) NOT NULL,
|
||||
`resource` varchar(255) NOT NULL,
|
||||
`action` varchar(255) NOT NULL,
|
||||
`fields` text DEFAULT NULL,
|
||||
PRIMARY KEY (`id`),
|
||||
UNIQUE KEY `role_resource_action` (`role`,`resource`,`action`)
|
||||
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
|
||||
|
||||
-- Default Permissions
|
||||
|
||||
-- Admin: Can do everything
|
||||
INSERT INTO `role_permissions` (`role`, `resource`, `action`, `fields`) VALUES
|
||||
('Admin', 'asset', 'create', '*'),
|
||||
('Admin', 'asset', 'read', '*'),
|
||||
('Admin', 'asset', 'update', '*'),
|
||||
('Admin', 'asset', 'delete', '*'),
|
||||
('Admin', 'user', 'create', '*'),
|
||||
('Admin', 'user', 'read', '*'),
|
||||
('Admin', 'user', 'update', '*'),
|
||||
('Admin', 'user', 'delete', '*');
|
||||
|
||||
-- Asset Manager: Can manage assets
|
||||
INSERT INTO `role_permissions` (`role`, `resource`, `action`, `fields`) VALUES
|
||||
('Asset Manager', 'asset', 'create', '*'),
|
||||
('Asset Manager', 'asset', 'read', '*'),
|
||||
('Asset Manager', 'asset', 'update', '*'),
|
||||
('Asset Manager', 'asset', 'delete', '*');
|
||||
|
||||
-- IT Technician: Can manage assets
|
||||
INSERT INTO `role_permissions` (`role`, `resource`, `action`, `fields`) VALUES
|
||||
('IT Technician', 'asset', 'create', '*'),
|
||||
('IT Technician', 'asset', 'read', '*'),
|
||||
('IT Technician', 'asset', 'update', '*'),
|
||||
('IT Technician', 'asset', 'delete', '*');
|
||||
|
||||
-- Employee: Can only read some asset fields
|
||||
INSERT INTO `role_permissions` (`role`, `resource`, `action`, `fields`) VALUES
|
||||
('Employee', 'asset', 'read', 'name,asset_tag,status,location,manufacturer,model');
|
||||
@ -1,10 +1,6 @@
|
||||
<?php
|
||||
require_once 'auth-check.php';
|
||||
if (!in_array($_SESSION['user_role'], ['Admin', 'Asset Manager', 'IT Technician'])) {
|
||||
header("Location: index.php?error=access_denied");
|
||||
exit;
|
||||
}
|
||||
require_once 'db/config.php';
|
||||
require_once 'auth-check.php';
|
||||
|
||||
if (!isset($_GET['id']) || !is_numeric($_GET['id'])) {
|
||||
header("Location: index.php");
|
||||
|
||||
@ -1,34 +1,36 @@
|
||||
<?php
|
||||
require_once 'auth-check.php';
|
||||
if ($_SESSION['user_role'] !== 'Admin') {
|
||||
header("Location: index.php?error=access_denied");
|
||||
exit;
|
||||
}
|
||||
require_once 'db/config.php';
|
||||
require_once 'auth-check.php';
|
||||
|
||||
if (!isset($_GET['id']) || !is_numeric($_GET['id'])) {
|
||||
header("Location: users.php");
|
||||
// Only Admins can access this page
|
||||
if ($_SESSION['user_role'] !== 'Admin') {
|
||||
header('Location: index.php?error=access_denied');
|
||||
exit;
|
||||
}
|
||||
|
||||
$user_id = $_GET['id'];
|
||||
$user_id = $_GET['id'] ?? null;
|
||||
|
||||
// Prevent deleting the default admin user (ID = 1)
|
||||
if ($user_id == 1) {
|
||||
header("Location: users.php?error=cannot_delete_admin");
|
||||
if (!$user_id) {
|
||||
header('Location: users.php');
|
||||
exit;
|
||||
}
|
||||
|
||||
// Prevent user from deleting themselves
|
||||
if ($user_id == $_SESSION['user_id']) {
|
||||
header('Location: users.php?error=self_delete');
|
||||
exit;
|
||||
}
|
||||
|
||||
try {
|
||||
$pdo = db();
|
||||
$stmt = $pdo->prepare("DELETE FROM users WHERE id = ?");
|
||||
$stmt = $pdo->prepare('DELETE FROM users WHERE id = ?');
|
||||
$stmt->execute([$user_id]);
|
||||
|
||||
header("Location: users.php?success=user_deleted");
|
||||
exit;
|
||||
|
||||
} catch (PDOException $e) {
|
||||
// In a real app, log this error.
|
||||
header("Location: users.php?error=db_error");
|
||||
exit;
|
||||
}
|
||||
?>
|
||||
}
|
||||
@ -1,6 +1,15 @@
|
||||
<?php
|
||||
require_once 'auth-check.php';
|
||||
require_once 'db/config.php';
|
||||
require_once 'auth-check.php';
|
||||
require_once 'auth-helpers.php';
|
||||
|
||||
if (!can($_SESSION['user_role'], 'asset', 'update')) {
|
||||
header('Location: index.php?error=access_denied');
|
||||
exit;
|
||||
}
|
||||
|
||||
$allowed_fields_str = can($_SESSION['user_role'], 'asset', 'update');
|
||||
$allowed_fields = ($allowed_fields_str === '*') ? ['name', 'asset_tag', 'status', 'location', 'manufacturer', 'model', 'purchase_date'] : explode(',', $allowed_fields_str);
|
||||
|
||||
$success_message = '';
|
||||
$error_message = '';
|
||||
@ -28,22 +37,25 @@ try {
|
||||
}
|
||||
|
||||
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
||||
$name = $_POST['name'] ?? '';
|
||||
$asset_tag = $_POST['asset_tag'] ?? '';
|
||||
$status = $_POST['status'] ?? 'In Service';
|
||||
$location = $_POST['location'] ?? '';
|
||||
$manufacturer = $_POST['manufacturer'] ?? '';
|
||||
$model = $_POST['model'] ?? '';
|
||||
$purchase_date = $_POST['purchase_date'] ?? '';
|
||||
$data = [];
|
||||
$set_parts = [];
|
||||
|
||||
if (empty($name) || empty($asset_tag) || empty($purchase_date)) {
|
||||
$error_message = 'Please fill in all required fields: Name, Asset Tag, and Purchase Date.';
|
||||
foreach ($allowed_fields as $field) {
|
||||
if (isset($_POST[$field])) {
|
||||
$data[] = $_POST[$field];
|
||||
$set_parts[] = "$field = ?";
|
||||
}
|
||||
}
|
||||
$data[] = $asset_id;
|
||||
|
||||
if (empty($set_parts)) {
|
||||
$error_message = 'No data submitted.';
|
||||
} else {
|
||||
try {
|
||||
$pdo = db();
|
||||
$sql = "UPDATE assets SET name = ?, asset_tag = ?, status = ?, location = ?, manufacturer = ?, model = ?, purchase_date = ? WHERE id = ?";
|
||||
$sql = sprintf("UPDATE assets SET %s WHERE id = ?", implode(', ', $set_parts));
|
||||
$stmt = $pdo->prepare($sql);
|
||||
$stmt->execute([$name, $asset_tag, $status, $location, $manufacturer, $model, $purchase_date, $asset_id]);
|
||||
$stmt->execute($data);
|
||||
|
||||
header("Location: index.php?success=asset_updated");
|
||||
exit;
|
||||
@ -71,48 +83,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
||||
<body>
|
||||
|
||||
<div class="wrapper">
|
||||
<nav id="sidebar" class="d-flex flex-column flex-shrink-0 p-3">
|
||||
<a href="/" class="d-flex align-items-center mb-3 mb-md-0 me-md-auto text-decoration-none">
|
||||
<span class="fs-4">IC-Inventory</span>
|
||||
</a>
|
||||
<hr>
|
||||
<ul class="nav nav-pills flex-column mb-auto">
|
||||
<li class="nav-item">
|
||||
<a href="index.php" class="nav-link" aria-current="page">
|
||||
<i data-feather="home" class="me-2"></i>
|
||||
Dashboard
|
||||
</a>
|
||||
</li>
|
||||
<li>
|
||||
<a href="index.php" class="nav-link active">
|
||||
<i data-feather="box" class="me-2"></i>
|
||||
Assets
|
||||
</a>
|
||||
</li>
|
||||
<?php if ($_SESSION['user_role'] === 'Admin'): ?>
|
||||
<li>
|
||||
<a href="users.php" class="nav-link">
|
||||
<i data-feather="users" class="me-2"></i>
|
||||
Users
|
||||
</a>
|
||||
</li>
|
||||
<?php endif; ?>
|
||||
<li>
|
||||
<a href="#" class="nav-link">
|
||||
<i data-feather="settings" class="me-2"></i>
|
||||
Settings
|
||||
</a>
|
||||
</li>
|
||||
</ul>
|
||||
<hr>
|
||||
<div>
|
||||
<span class="d-flex align-items-center text-decoration-none"><strong><?php echo htmlspecialchars($_SESSION['user_name']); ?></strong></span>
|
||||
<a href="logout.php" class="d-flex align-items-center text-decoration-none">
|
||||
<i data-feather="log-out" class="me-2"></i>
|
||||
<strong>Logout</strong>
|
||||
</a>
|
||||
</div>
|
||||
</nav>
|
||||
<?php require_once 'templates/sidebar.php'; ?>
|
||||
|
||||
<main id="content">
|
||||
<div class="header">
|
||||
@ -130,16 +101,21 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
||||
<?php if ($asset): ?>
|
||||
<form action="edit-asset.php?id=<?php echo $asset_id; ?>" method="post">
|
||||
<div class="row">
|
||||
<?php if (in_array('name', $allowed_fields)): ?>
|
||||
<div class="col-md-6 mb-3">
|
||||
<label for="name" class="form-label">Asset Name*</label>
|
||||
<input type="text" class="form-control" id="name" name="name" value="<?php echo htmlspecialchars($asset['name']); ?>" required>
|
||||
</div>
|
||||
<?php endif; ?>
|
||||
<?php if (in_array('asset_tag', $allowed_fields)): ?>
|
||||
<div class="col-md-6 mb-3">
|
||||
<label for="asset_tag" class="form-label">Asset Tag*</label>
|
||||
<input type="text" class="form-control" id="asset_tag" name="asset_tag" value="<?php echo htmlspecialchars($asset['asset_tag']); ?>" required>
|
||||
</div>
|
||||
<?php endif; ?>
|
||||
</div>
|
||||
<div class="row">
|
||||
<?php if (in_array('status', $allowed_fields)): ?>
|
||||
<div class="col-md-6 mb-3">
|
||||
<label for="status" class="form-label">Status</label>
|
||||
<select class="form-select" id="status" name="status">
|
||||
@ -148,25 +124,34 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
||||
<option <?php if ($asset['status'] === 'Retired') echo 'selected'; ?>>Retired</option>
|
||||
</select>
|
||||
</div>
|
||||
<?php endif; ?>
|
||||
<?php if (in_array('location', $allowed_fields)): ?>
|
||||
<div class="col-md-6 mb-3">
|
||||
<label for="location" class="form-label">Location</label>
|
||||
<input type="text" class="form-control" id="location" name="location" value="<?php echo htmlspecialchars($asset['location']); ?>">
|
||||
</div>
|
||||
<?php endif; ?>
|
||||
</div>
|
||||
<div class="row">
|
||||
<?php if (in_array('manufacturer', $allowed_fields)): ?>
|
||||
<div class="col-md-6 mb-3">
|
||||
<label for="manufacturer" class="form-label">Manufacturer</label>
|
||||
<input type="text" class="form-control" id="manufacturer" name="manufacturer" value="<?php echo htmlspecialchars($asset['manufacturer']); ?>">
|
||||
</div>
|
||||
<?php endif; ?>
|
||||
<?php if (in_array('model', $allowed_fields)): ?>
|
||||
<div class="col-md-6 mb-3">
|
||||
<label for="model" class="form-label">Model</label>
|
||||
<input type="text" class="form-control" id="model" name="model" value="<?php echo htmlspecialchars($asset['model']); ?>">
|
||||
</div>
|
||||
<?php endif; ?>
|
||||
</div>
|
||||
<?php if (in_array('purchase_date', $allowed_fields)): ?>
|
||||
<div class="mb-3">
|
||||
<label for="purchase_date" class="form-label">Purchase Date*</label>
|
||||
<input type="date" class="form-control" id="purchase_date" name="purchase_date" value="<?php echo htmlspecialchars($asset['purchase_date']); ?>" required>
|
||||
</div>
|
||||
<?php endif; ?>
|
||||
|
||||
<button type="submit" class="btn btn-primary">Update Asset</button>
|
||||
<a href="index.php" class="btn btn-secondary">Cancel</a>
|
||||
@ -182,4 +167,4 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
||||
feather.replace();
|
||||
</script>
|
||||
</body>
|
||||
</html>
|
||||
</html>
|
||||
153
edit-user.php
153
edit-user.php
@ -1,29 +1,32 @@
|
||||
<?php
|
||||
require_once 'db/config.php';
|
||||
require_once 'auth-check.php';
|
||||
if ($_SESSION['user_role'] !== 'Admin') {
|
||||
header("Location: index.php?error=access_denied");
|
||||
require_once 'auth-helpers.php';
|
||||
|
||||
if (!can($_SESSION['user_role'], 'user', 'update')) {
|
||||
header('Location: index.php?error=access_denied');
|
||||
exit;
|
||||
}
|
||||
require_once 'db/config.php';
|
||||
|
||||
$allowed_fields_str = can($_SESSION['user_role'], 'user', 'update');
|
||||
$allowed_fields = ($allowed_fields_str === '*') ? ['name', 'email', 'role'] : explode(',', $allowed_fields_str);
|
||||
|
||||
$error_message = '';
|
||||
$user = null;
|
||||
$user_id = $_GET['id'] ?? null;
|
||||
|
||||
if (!isset($_GET['id']) || !is_numeric($_GET['id'])) {
|
||||
header("Location: users.php");
|
||||
if (!$user_id) {
|
||||
header('Location: users.php');
|
||||
exit;
|
||||
}
|
||||
|
||||
$user_id = $_GET['id'];
|
||||
|
||||
try {
|
||||
$pdo = db();
|
||||
$stmt = $pdo->prepare("SELECT id, name, email, role FROM users WHERE id = ?");
|
||||
$stmt = $pdo->prepare('SELECT id, name, email, role FROM users WHERE id = ?');
|
||||
$stmt->execute([$user_id]);
|
||||
$user = $stmt->fetch(PDO::FETCH_ASSOC);
|
||||
$user = $stmt->fetch();
|
||||
|
||||
if (!$user) {
|
||||
header("Location: users.php?error=not_found");
|
||||
header('Location: users.php');
|
||||
exit;
|
||||
}
|
||||
} catch (PDOException $e) {
|
||||
@ -31,35 +34,36 @@ try {
|
||||
}
|
||||
|
||||
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
||||
$name = $_POST['name'] ?? '';
|
||||
$email = $_POST['email'] ?? '';
|
||||
$role = $_POST['role'] ?? 'Employee';
|
||||
$password = $_POST['password'] ?? '';
|
||||
$data = [];
|
||||
$set_parts = [];
|
||||
|
||||
if (empty($name) || empty($email)) {
|
||||
$error_message = 'Name and Email are required.';
|
||||
} elseif (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
|
||||
$error_message = 'Invalid email format.';
|
||||
foreach ($allowed_fields as $field) {
|
||||
if (isset($_POST[$field])) {
|
||||
$data[] = $_POST[$field];
|
||||
$set_parts[] = "$field = ?";
|
||||
}
|
||||
}
|
||||
$data[] = $user_id;
|
||||
|
||||
if (empty($set_parts)) {
|
||||
$error_message = 'No data submitted.';
|
||||
} else {
|
||||
try {
|
||||
$pdo = db();
|
||||
|
||||
|
||||
// Check if email already exists for another user
|
||||
$stmt = $pdo->prepare("SELECT id FROM users WHERE email = ? AND id != ?");
|
||||
$stmt->execute([$email, $user_id]);
|
||||
if ($stmt->fetch()) {
|
||||
$error_message = 'Email already exists for another user.';
|
||||
} else {
|
||||
if (!empty($password)) {
|
||||
$hashed_password = password_hash($password, PASSWORD_DEFAULT);
|
||||
$sql = "UPDATE users SET name = ?, email = ?, role = ?, password = ? WHERE id = ?";
|
||||
$stmt = $pdo->prepare($sql);
|
||||
$stmt->execute([$name, $email, $role, $hashed_password, $user_id]);
|
||||
} else {
|
||||
$sql = "UPDATE users SET name = ?, email = ?, role = ? WHERE id = ?";
|
||||
$stmt = $pdo->prepare($sql);
|
||||
$stmt->execute([$name, $email, $role, $user_id]);
|
||||
if (in_array('email', $allowed_fields)) {
|
||||
$stmt = $pdo->prepare('SELECT id FROM users WHERE email = ? AND id != ?');
|
||||
$stmt->execute([$_POST['email'], $user_id]);
|
||||
if ($stmt->fetch()) {
|
||||
$error_message = 'A user with this email address already exists.';
|
||||
}
|
||||
}
|
||||
|
||||
if (!$error_message) {
|
||||
$sql = sprintf("UPDATE users SET %s WHERE id = ?", implode(', ', $set_parts));
|
||||
$stmt = $pdo->prepare($sql);
|
||||
$stmt->execute($data);
|
||||
|
||||
header("Location: users.php?success=user_updated");
|
||||
exit;
|
||||
@ -76,6 +80,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
||||
<meta charset="UTF-8">
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||
<title>Edit User - IC-Inventory</title>
|
||||
<meta name="description" content="Edit an existing user.">
|
||||
<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/css/bootstrap.min.css" rel="stylesheet">
|
||||
<link rel="stylesheet" href="assets/css/custom.css?v=<?php echo time(); ?>">
|
||||
<link rel="preconnect" href="https://fonts.googleapis.com">
|
||||
@ -86,33 +91,14 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
||||
<body>
|
||||
|
||||
<div class="wrapper">
|
||||
<nav id="sidebar" class="d-flex flex-column flex-shrink-0 p-3">
|
||||
<a href="/" class="d-flex align-items-center mb-3 mb-md-0 me-md-auto text-decoration-none">
|
||||
<span class="fs-4">IC-Inventory</span>
|
||||
</a>
|
||||
<hr>
|
||||
<ul class="nav nav-pills flex-column mb-auto">
|
||||
<li class="nav-item"><a href="index.php" class="nav-link">Dashboard</a></li>
|
||||
<li><a href="index.php" class="nav-link">Assets</a></li>
|
||||
<?php if ($_SESSION['user_role'] === 'Admin'): ?>
|
||||
<li><a href="users.php" class="nav-link active">Users</a></li>
|
||||
<?php endif; ?>
|
||||
<li><a href="#" class="nav-link">Settings</a></li>
|
||||
</ul>
|
||||
<hr>
|
||||
<div>
|
||||
<span class="d-flex align-items-center text-decoration-none"><strong><?php echo htmlspecialchars($_SESSION['user_name']); ?></strong></span>
|
||||
<a href="logout.php" class="d-flex align-items-center text-decoration-none">
|
||||
<i data-feather="log-out" class="me-2"></i>
|
||||
<strong>Logout</strong>
|
||||
</a>
|
||||
</div>
|
||||
</nav>
|
||||
<?php require_once 'templates/sidebar.php'; ?>
|
||||
|
||||
<main id="content">
|
||||
<div class="header">
|
||||
<h1>Edit User</h1>
|
||||
<div class="theme-switcher" id="theme-switcher"><i data-feather="moon"></i></div>
|
||||
<div class="theme-switcher" id="theme-switcher">
|
||||
<i data-feather="moon"></i>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="surface p-4">
|
||||
@ -121,28 +107,33 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
||||
<?php endif; ?>
|
||||
|
||||
<?php if ($user): ?>
|
||||
<form action="edit-user.php?id=<?php echo $user_id; ?>" method="post">
|
||||
<div class="mb-3">
|
||||
<label for="name" class="form-label">Name*</label>
|
||||
<input type="text" class="form-control" id="name" name="name" value="<?php echo htmlspecialchars($user['name']); ?>" required>
|
||||
<form action="edit-user.php?id=<?php echo $user['id']; ?>" method="post">
|
||||
<div class="row">
|
||||
<?php if (in_array('name', $allowed_fields)): ?>
|
||||
<div class="col-md-6 mb-3">
|
||||
<label for="name" class="form-label">Full Name*</label>
|
||||
<input type="text" class="form-control" id="name" name="name" value="<?php echo htmlspecialchars($user['name']); ?>" required>
|
||||
</div>
|
||||
<?php endif; ?>
|
||||
<?php if (in_array('email', $allowed_fields)): ?>
|
||||
<div class="col-md-6 mb-3">
|
||||
<label for="email" class="form-label">Email Address*</label>
|
||||
<input type="email" class="form-control" id="email" name="email" value="<?php echo htmlspecialchars($user['email']); ?>" required>
|
||||
</div>
|
||||
<?php endif; ?>
|
||||
</div>
|
||||
<div class="mb-3">
|
||||
<label for="email" class="form-label">Email*</label>
|
||||
<input type="email" class="form-control" id="email" name="email" value="<?php echo htmlspecialchars($user['email']); ?>" required>
|
||||
</div>
|
||||
<div class="mb-3">
|
||||
<label for="password" class="form-label">New Password</label>
|
||||
<input type="password" class="form-control" id="password" name="password">
|
||||
<div class="form-text">Leave blank to keep the current password.</div>
|
||||
</div>
|
||||
<div class="mb-3">
|
||||
<label for="role" class="form-label">Role</label>
|
||||
<select class="form-select" id="role" name="role">
|
||||
<option <?php if ($user['role'] === 'Employee') echo 'selected'; ?>>Employee</option>
|
||||
<option <?php if ($user['role'] === 'Asset Manager') echo 'selected'; ?>>Asset Manager</option>
|
||||
<option <?php if ($user['role'] === 'IT Technician') echo 'selected'; ?>>IT Technician</option>
|
||||
<option <?php if ($user['role'] === 'Admin') echo 'selected'; ?>>Admin</option>
|
||||
</select>
|
||||
<div class="row">
|
||||
<?php if (in_array('role', $allowed_fields)): ?>
|
||||
<div class="col-md-6 mb-3">
|
||||
<label for="role" class="form-label">Role</label>
|
||||
<select class="form-select" id="role" name="role">
|
||||
<option <?php echo ($user['role'] === 'Employee') ? 'selected' : ''; ?>>Employee</option>
|
||||
<option <?php echo ($user['role'] === 'IT Technician') ? 'selected' : ''; ?>>IT Technician</option>
|
||||
<option <?php echo ($user['role'] === 'Asset Manager') ? 'selected' : ''; ?>>Asset Manager</option>
|
||||
<option <?php echo ($user['role'] === 'Admin') ? 'selected' : ''; ?>>Admin</option>
|
||||
</select>
|
||||
</div>
|
||||
<?php endif; ?>
|
||||
</div>
|
||||
|
||||
<button type="submit" class="btn btn-primary">Update User</button>
|
||||
@ -155,6 +146,8 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
||||
|
||||
<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/js/bootstrap.bundle.min.js"></script>
|
||||
<script src="assets/js/main.js?v=<?php echo time(); ?>"></script>
|
||||
<script>feather.replace();</script>
|
||||
<script>
|
||||
feather.replace();
|
||||
</script>
|
||||
</body>
|
||||
</html>
|
||||
</html>
|
||||
126
index.php
126
index.php
@ -1,28 +1,34 @@
|
||||
<?php
|
||||
require_once 'auth-check.php';
|
||||
require_once 'db/config.php';
|
||||
require_once 'auth-check.php';
|
||||
require_once 'auth-helpers.php';
|
||||
|
||||
// Get allowed fields for the current user
|
||||
$allowed_fields_str = can($_SESSION['user_role'], 'asset', 'read');
|
||||
$allowed_fields = $allowed_fields_str ? explode(',', $allowed_fields_str) : [];
|
||||
|
||||
// Function to execute query and return results
|
||||
function get_assets() {
|
||||
function get_assets($fields) {
|
||||
if (empty($fields)) {
|
||||
return []; // No read permission
|
||||
}
|
||||
// Always include id for edit/delete links
|
||||
if (!in_array('id', $fields)) {
|
||||
$fields[] = 'id';
|
||||
}
|
||||
|
||||
$select_fields = implode(', ', $fields);
|
||||
|
||||
try {
|
||||
$pdo = db();
|
||||
// Check if table exists, if not, run migration
|
||||
$result = $pdo->query("SHOW TABLES LIKE 'assets'");
|
||||
if ($result->rowCount() == 0) {
|
||||
$sql = file_get_contents('db/migrations/001_create_assets_table.sql');
|
||||
$pdo->exec($sql);
|
||||
}
|
||||
|
||||
$stmt = $pdo->query('SELECT * FROM assets ORDER BY created_at DESC');
|
||||
$stmt = $pdo->query("SELECT $select_fields FROM assets ORDER BY created_at DESC");
|
||||
return $stmt->fetchAll(PDO::FETCH_ASSOC);
|
||||
} catch (PDOException $e) {
|
||||
// In a real app, you'd log this error and show a user-friendly message.
|
||||
// For this initial setup, we'll just display the error.
|
||||
return ['error' => 'Database error: ' . $e->getMessage()];
|
||||
}
|
||||
}
|
||||
|
||||
$assets = get_assets();
|
||||
$assets = get_assets($allowed_fields);
|
||||
|
||||
function getStatusClass($status) {
|
||||
switch (strtolower($status)) {
|
||||
@ -44,13 +50,6 @@ function getStatusClass($status) {
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||
<title>IC-Inventory</title>
|
||||
<meta name="description" content="Built with Flatlogic Generator">
|
||||
<meta name="keywords" content="asset management, inventory control, company assets, IT inventory, asset tracking, equipment management, Built with Flatlogic Generator">
|
||||
<meta property="og:title" content="IC-Inventory">
|
||||
<meta property="og:description" content="Built with Flatlogic Generator">
|
||||
<meta property="og:image" content="">
|
||||
<meta name="twitter:card" content="summary_large_image">
|
||||
<meta name="twitter:image" content="">
|
||||
|
||||
<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/css/bootstrap.min.css" rel="stylesheet">
|
||||
<link rel="stylesheet" href="assets/css/custom.css?v=<?php echo time(); ?>">
|
||||
<link rel="preconnect" href="https://fonts.googleapis.com">
|
||||
@ -61,54 +60,15 @@ function getStatusClass($status) {
|
||||
<body>
|
||||
|
||||
<div class="wrapper">
|
||||
<nav id="sidebar" class="d-flex flex-column flex-shrink-0 p-3">
|
||||
<a href="/" class="d-flex align-items-center mb-3 mb-md-0 me-md-auto text-decoration-none">
|
||||
<span class="fs-4">IC-Inventory</span>
|
||||
</a>
|
||||
<hr>
|
||||
<ul class="nav nav-pills flex-column mb-auto">
|
||||
<li class="nav-item">
|
||||
<a href="#" class="nav-link active" aria-current="page">
|
||||
<i data-feather="home" class="me-2"></i>
|
||||
Dashboard
|
||||
</a>
|
||||
</li>
|
||||
<li>
|
||||
<a href="#" class="nav-link">
|
||||
<i data-feather="box" class="me-2"></i>
|
||||
Assets
|
||||
</a>
|
||||
</li>
|
||||
<?php if ($_SESSION['user_role'] === 'Admin'): ?>
|
||||
<li>
|
||||
<a href="users.php" class="nav-link">
|
||||
<i data-feather="users" class="me-2"></i>
|
||||
Users
|
||||
</a>
|
||||
</li>
|
||||
<?php endif; ?>
|
||||
<li>
|
||||
<a href="#" class="nav-link">
|
||||
<i data-feather="settings" class="me-2"></i>
|
||||
Settings
|
||||
</a>
|
||||
</li>
|
||||
</ul>
|
||||
<hr>
|
||||
<div>
|
||||
<span class="d-flex align-items-center text-decoration-none"><strong><?php echo htmlspecialchars($_SESSION['user_name']); ?></strong></span>
|
||||
<a href="logout.php" class="d-flex align-items-center text-decoration-none">
|
||||
<i data-feather="log-out" class="me-2"></i>
|
||||
<strong>Logout</strong>
|
||||
</a>
|
||||
</div>
|
||||
</nav>
|
||||
<?php require_once 'templates/sidebar.php'; ?>
|
||||
|
||||
<main id="content">
|
||||
<div class="header">
|
||||
<h1>Asset Dashboard</h1>
|
||||
<div>
|
||||
<a href="add-asset.php" class="btn btn-primary">Add New Asset</a>
|
||||
<?php if (can($_SESSION['user_role'], 'asset', 'create')): ?>
|
||||
<a href="add-asset.php" class="btn btn-primary">Add New Asset</a>
|
||||
<?php endif; ?>
|
||||
<div class="theme-switcher" id="theme-switcher">
|
||||
<i data-feather="moon"></i>
|
||||
</div>
|
||||
@ -133,38 +93,40 @@ function getStatusClass($status) {
|
||||
<?php elseif (empty($assets)): ?>
|
||||
<div class="text-center p-5">
|
||||
<h4>No assets found.</h4>
|
||||
<p>Get started by adding your first company asset.</p>
|
||||
<a href="add-asset.php" class="btn btn-primary">Add Asset</a>
|
||||
<?php if (can($_SESSION['user_role'], 'asset', 'create'])): ?>
|
||||
<p>Get started by adding your first company asset.</p>
|
||||
<a href="add-asset.php" class="btn btn-primary">Add Asset</a>
|
||||
<?php endif; ?>
|
||||
</div>
|
||||
<?php else: ?>
|
||||
<div class="table-responsive">
|
||||
<table class="table asset-table">
|
||||
<thead>
|
||||
<tr>
|
||||
<th>Name</th>
|
||||
<th>Asset Tag</th>
|
||||
<th>Status</th>
|
||||
<th>Location</th>
|
||||
<th>Manufacturer</th>
|
||||
<th>Model</th>
|
||||
<th>Purchase Date</th>
|
||||
<?php foreach ($allowed_fields as $field): if($field === 'id') continue; ?>
|
||||
<th><?php echo ucfirst(str_replace('_', ' ', $field)); ?></th>
|
||||
<?php endforeach; ?>
|
||||
<th>Actions</th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
<?php foreach ($assets as $asset): ?>
|
||||
<tr>
|
||||
<td><?php echo htmlspecialchars($asset['name']); ?></td>
|
||||
<td><?php echo htmlspecialchars($asset['asset_tag']); ?></td>
|
||||
<td><span class="status <?php echo getStatusClass($asset['status']); ?>"><?php echo htmlspecialchars($asset['status']); ?></span></td>
|
||||
<td><?php echo htmlspecialchars($asset['location']); ?></td>
|
||||
<td><?php echo htmlspecialchars($asset['manufacturer']); ?></td>
|
||||
<td><?php echo htmlspecialchars($asset['model']); ?></td>
|
||||
<td><?php echo htmlspecialchars($asset['purchase_date']); ?></td>
|
||||
<?php foreach ($allowed_fields as $field): if($field === 'id') continue; ?>
|
||||
<td>
|
||||
<?php if ($field === 'status'): ?>
|
||||
<span class="status <?php echo getStatusClass($asset[$field]); ?>"><?php echo htmlspecialchars($asset[$field]); ?></span>
|
||||
<?php else: ?>
|
||||
<?php echo htmlspecialchars($asset[$field]); ?>
|
||||
<?php endif; ?>
|
||||
</td>
|
||||
<?php endforeach; ?>
|
||||
<td>
|
||||
<a href="edit-asset.php?id=<?php echo $asset['id']; ?>" class="btn btn-sm btn-outline-primary">Edit</a>
|
||||
<?php if (in_array($_SESSION['user_role'], ['Admin', 'Asset Manager', 'IT Technician'])): ?>
|
||||
<a href="delete-asset.php?id=<?php echo $asset['id']; ?>" class="btn btn-sm btn-outline-danger" onclick="return confirm('Are you sure you want to delete this asset?');">Delete</a>
|
||||
<?php if (can($_SESSION['user_role'], 'asset', 'update')): ?>
|
||||
<a href="edit-asset.php?id=<?php echo $asset['id']; ?>" class="btn btn-sm btn-outline-primary">Edit</a>
|
||||
<?php endif; ?>
|
||||
<?php if (can($_SESSION['user_role'], 'asset', 'delete'])): ?>
|
||||
<a href="delete-asset.php?id=<?php echo $asset['id']; ?>" class="btn btn-sm btn-outline-danger" onclick="return confirm('Are you sure you want to delete this asset?');">Delete</a>
|
||||
<?php endif; ?>
|
||||
</td>
|
||||
</tr>
|
||||
|
||||
160
settings.php
Normal file
160
settings.php
Normal file
@ -0,0 +1,160 @@
|
||||
<?php
|
||||
require_once 'db/config.php';
|
||||
require_once 'auth-check.php';
|
||||
|
||||
// Only Admins can access this page
|
||||
if ($_SESSION['user_role'] !== 'Admin') {
|
||||
header('Location: index.php?error=access_denied');
|
||||
exit;
|
||||
}
|
||||
|
||||
$success_message = '';
|
||||
$error_message = '';
|
||||
|
||||
$roles = ['Admin', 'Asset Manager', 'IT Technician', 'Employee'];
|
||||
$resources = ['asset', 'user'];
|
||||
$actions = ['create', 'read', 'update', 'delete'];
|
||||
|
||||
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
||||
try {
|
||||
$pdo = db();
|
||||
$pdo->beginTransaction();
|
||||
|
||||
// Clear existing permissions
|
||||
$pdo->exec('TRUNCATE TABLE role_permissions');
|
||||
|
||||
$stmt = $pdo->prepare('INSERT INTO role_permissions (role, resource, action, fields) VALUES (?, ?, ?, ?)');
|
||||
|
||||
$permissions = $_POST['permissions'] ?? [];
|
||||
|
||||
foreach ($roles as $role) {
|
||||
foreach ($resources as $resource) {
|
||||
foreach ($actions as $action) {
|
||||
if (!empty($permissions[$role][$resource][$action]['enabled'])) {
|
||||
$fields = $permissions[$role][$resource][$action]['fields'] ?? null;
|
||||
if (in_array($action, ['read', 'update']) && empty($fields)) {
|
||||
$fields = '*'; // Default to all fields if not specified
|
||||
}
|
||||
$stmt->execute([$role, $resource, $action, $fields]);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
$pdo->commit();
|
||||
$success_message = 'Permissions updated successfully!';
|
||||
|
||||
} catch (PDOException $e) {
|
||||
if ($pdo->inTransaction()) {
|
||||
$pdo->rollBack();
|
||||
}
|
||||
$error_message = 'Database error: ' . $e->getMessage();
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
function get_permissions() {
|
||||
try {
|
||||
$pdo = db();
|
||||
$stmt = $pdo->query('SELECT * FROM role_permissions ORDER BY role, resource, action');
|
||||
return $stmt->fetchAll(PDO::FETCH_ASSOC);
|
||||
} catch (PDOException $e) {
|
||||
return ['error' => 'Database error: ' . $e->getMessage()];
|
||||
}
|
||||
}
|
||||
|
||||
$permissions_from_db = get_permissions();
|
||||
|
||||
// Group permissions by role and resource for easier display
|
||||
$grouped_permissions = [];
|
||||
foreach ($permissions_from_db as $p) {
|
||||
$grouped_permissions[$p['role']][$p['resource']][$p['action']] = $p['fields'];
|
||||
}
|
||||
|
||||
?>
|
||||
<!DOCTYPE html>
|
||||
<html lang="en">
|
||||
<head>
|
||||
<meta charset="UTF-8">
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||
<title>Settings - Role Permissions - IC-Inventory</title>
|
||||
<meta name="description" content="Manage role permissions.">
|
||||
<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/css/bootstrap.min.css" rel="stylesheet">
|
||||
<link rel="stylesheet" href="assets/css/custom.css?v=<?php echo time(); ?>">
|
||||
<link rel="preconnect" href="https://fonts.googleapis.com">
|
||||
<link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
|
||||
<link href="https://fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700&display=swap" rel="stylesheet">
|
||||
<script src="https://unpkg.com/feather-icons"></script>
|
||||
</head>
|
||||
<body>
|
||||
|
||||
<div class="wrapper">
|
||||
<?php require_once 'templates/sidebar.php'; ?>
|
||||
|
||||
<main id="content">
|
||||
<div class="header">
|
||||
<h1>Settings - Role Permissions</h1>
|
||||
<div class="theme-switcher" id="theme-switcher">
|
||||
<i data-feather="moon"></i>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="surface p-4">
|
||||
<?php if ($success_message): ?>
|
||||
<div class="alert alert-success"><?php echo htmlspecialchars($success_message); ?></div>
|
||||
<?php endif; ?>
|
||||
<?php if ($error_message): ?>
|
||||
<div class="alert alert-danger"><?php echo htmlspecialchars($error_message); ?></div>
|
||||
<?php endif; ?>
|
||||
|
||||
<form action="settings.php" method="post">
|
||||
<div class="table-responsive">
|
||||
<table class="table table-bordered permission-table">
|
||||
<thead>
|
||||
<tr>
|
||||
<th>Role</th>
|
||||
<th>Resource</th>
|
||||
<th>Create</th>
|
||||
<th>Read (Fields)</th>
|
||||
<th>Update (Fields)</th>
|
||||
<th>Delete</th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
<?php foreach ($roles as $role): ?>
|
||||
<?php foreach ($resources as $resource_idx => $resource): ?>
|
||||
<tr>
|
||||
<?php if ($resource_idx === 0): ?>
|
||||
<td rowspan="<?php echo count($resources); ?>" class="align-middle"><strong><?php echo $role; ?></strong></td>
|
||||
<?php endif; ?>
|
||||
<td class="align-middle"><?php echo ucfirst($resource); ?></td>
|
||||
|
||||
<?php foreach ($actions as $action): ?>
|
||||
<td class="align-middle">
|
||||
<div class="form-check">
|
||||
<input class="form-check-input" type="checkbox" name="permissions[<?php echo $role; ?>][<?php echo $resource; ?>][<?php echo $action; ?>][enabled]" value="1" <?php echo isset($grouped_permissions[$role][$resource][$action]) ? 'checked' : ''; ?>>
|
||||
</div>
|
||||
<?php if (in_array($action, ['read', 'update'])): ?>
|
||||
<input type="text" class="form-control form-control-sm mt-1" name="permissions[<?php echo $role; ?>][<?php echo $resource; ?>][<?php echo $action; ?>][fields]" placeholder="* for all" value="<?php echo htmlspecialchars($grouped_permissions[$role][$resource][$action] ?? ''); ?>">
|
||||
<?php endif; ?>
|
||||
</td>
|
||||
<?php endforeach; ?>
|
||||
</tr>
|
||||
<?php endforeach; ?>
|
||||
<?php endforeach; ?>
|
||||
</tbody>
|
||||
</table>
|
||||
</div>
|
||||
<button type="submit" class="btn btn-primary">Save Changes</button>
|
||||
</form>
|
||||
</div>
|
||||
</main>
|
||||
</div>
|
||||
|
||||
<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/js/bootstrap.bundle.min.js"></script>
|
||||
<script src="assets/js/main.js?v=<?php echo time(); ?>"></script>
|
||||
<script>
|
||||
feather.replace();
|
||||
</script>
|
||||
</body>
|
||||
</html>
|
||||
45
templates/sidebar.php
Normal file
45
templates/sidebar.php
Normal file
@ -0,0 +1,45 @@
|
||||
<?php
|
||||
$current_page = basename($_SERVER['PHP_SELF']);
|
||||
?>
|
||||
<nav id="sidebar" class="d-flex flex-column flex-shrink-0 p-3">
|
||||
<a href="/" class="d-flex align-items-center mb-3 mb-md-0 me-md-auto text-decoration-none">
|
||||
<span class="fs-4">IC-Inventory</span>
|
||||
</a>
|
||||
<hr>
|
||||
<ul class="nav nav-pills flex-column mb-auto">
|
||||
<li class="nav-item">
|
||||
<a href="index.php" class="nav-link <?php echo ($current_page === 'index.php') ? 'active' : ''; ?>" aria-current="page">
|
||||
<i data-feather="home" class="me-2"></i>
|
||||
Dashboard
|
||||
</a>
|
||||
</li>
|
||||
<li>
|
||||
<a href="index.php" class="nav-link <?php echo ($current_page === 'add-asset.php' || $current_page === 'edit-asset.php') ? 'active' : ''; ?>">
|
||||
<i data-feather="box" class="me-2"></i>
|
||||
Assets
|
||||
</a>
|
||||
</li>
|
||||
<?php if ($_SESSION['user_role'] === 'Admin'): ?>
|
||||
<li>
|
||||
<a href="users.php" class="nav-link <?php echo ($current_page === 'users.php' || $current_page === 'add-user.php' || $current_page === 'edit-user.php') ? 'active' : ''; ?>">
|
||||
<i data-feather="users" class="me-2"></i>
|
||||
Users
|
||||
</a>
|
||||
</li>
|
||||
<li>
|
||||
<a href="settings.php" class="nav-link <?php echo ($current_page === 'settings.php') ? 'active' : ''; ?>">
|
||||
<i data-feather="settings" class="me-2"></i>
|
||||
Settings
|
||||
</a>
|
||||
</li>
|
||||
<?php endif; ?>
|
||||
</ul>
|
||||
<hr>
|
||||
<div>
|
||||
<span class="d-flex align-items-center text-decoration-none"><strong><?php echo htmlspecialchars($_SESSION['user_name']); ?></strong></span>
|
||||
<a href="logout.php" class="d-flex align-items-center text-decoration-none">
|
||||
<i data-feather="log-out" class="me-2"></i>
|
||||
<strong>Logout</strong>
|
||||
</a>
|
||||
</div>
|
||||
</nav>
|
||||
138
users.php
138
users.php
@ -1,30 +1,40 @@
|
||||
<?php
|
||||
require_once 'db/config.php';
|
||||
require_once 'auth-check.php';
|
||||
if ($_SESSION['user_role'] !== 'Admin') {
|
||||
header("Location: index.php?error=access_denied");
|
||||
require_once 'auth-helpers.php';
|
||||
|
||||
// Only Admins can access this page
|
||||
if (!can($_SESSION['user_role'], 'user', 'read')) {
|
||||
header('Location: index.php?error=access_denied');
|
||||
exit;
|
||||
}
|
||||
require_once 'db/config.php';
|
||||
|
||||
// Function to execute query and return results
|
||||
function get_users() {
|
||||
// Get allowed fields for the current user
|
||||
$allowed_fields_str = can($_SESSION['user_role'], 'user', 'read');
|
||||
$allowed_fields = $allowed_fields_str ? explode(',', $allowed_fields_str) : [];
|
||||
|
||||
function get_users($fields) {
|
||||
if (empty($fields)) {
|
||||
return []; // No read permission
|
||||
}
|
||||
// Always include id for edit/delete links
|
||||
if (!in_array('id', $fields)) {
|
||||
$fields[] = 'id';
|
||||
}
|
||||
|
||||
$select_fields = implode(', ', $fields);
|
||||
|
||||
try {
|
||||
$pdo = db();
|
||||
// Check if table exists, if not, run migration
|
||||
$result = $pdo->query("SHOW TABLES LIKE 'users'");
|
||||
if ($result->rowCount() == 0) {
|
||||
$sql = file_get_contents('db/migrations/002_create_users_table.sql');
|
||||
$pdo->exec($sql);
|
||||
}
|
||||
|
||||
$stmt = $pdo->query('SELECT id, name, email, role, created_at FROM users ORDER BY created_at DESC');
|
||||
$stmt = $pdo->query("SELECT $select_fields FROM users ORDER BY created_at DESC");
|
||||
return $stmt->fetchAll(PDO::FETCH_ASSOC);
|
||||
} catch (PDOException $e) {
|
||||
return ['error' => 'Database error: ' . $e->getMessage()];
|
||||
}
|
||||
}
|
||||
|
||||
$users = get_users();
|
||||
$users = get_users($allowed_fields);
|
||||
|
||||
?>
|
||||
<!DOCTYPE html>
|
||||
<html lang="en">
|
||||
@ -32,7 +42,7 @@ $users = get_users();
|
||||
<meta charset="UTF-8">
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||
<title>User Management - IC-Inventory</title>
|
||||
<meta name="description" content="Manage users of the IC-Inventory system.">
|
||||
<meta name="description" content="User management for IC-Inventory.">
|
||||
<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/css/bootstrap.min.css" rel="stylesheet">
|
||||
<link rel="stylesheet" href="assets/css/custom.css?v=<?php echo time(); ?>">
|
||||
<link rel="preconnect" href="https://fonts.googleapis.com">
|
||||
@ -43,70 +53,32 @@ $users = get_users();
|
||||
<body>
|
||||
|
||||
<div class="wrapper">
|
||||
<nav id="sidebar" class="d-flex flex-column flex-shrink-0 p-3">
|
||||
<a href="/" class="d-flex align-items-center mb-3 mb-md-0 me-md-auto text-decoration-none">
|
||||
<span class="fs-4">IC-Inventory</span>
|
||||
</a>
|
||||
<hr>
|
||||
<ul class="nav nav-pills flex-column mb-auto">
|
||||
<li class="nav-item">
|
||||
<a href="index.php" class="nav-link" aria-current="page">
|
||||
<i data-feather="home" class="me-2"></i>
|
||||
Dashboard
|
||||
</a>
|
||||
</li>
|
||||
<li>
|
||||
<a href="index.php" class="nav-link">
|
||||
<i data-feather="box" class="me-2"></i>
|
||||
Assets
|
||||
</a>
|
||||
</li>
|
||||
<?php if ($_SESSION['user_role'] === 'Admin'): ?>
|
||||
<li>
|
||||
<a href="users.php" class="nav-link active">
|
||||
<i data-feather="users" class="me-2"></i>
|
||||
Users
|
||||
</a>
|
||||
</li>
|
||||
<?php endif; ?>
|
||||
<li>
|
||||
<a href="#" class="nav-link">
|
||||
<i data-feather="settings" class="me-2"></i>
|
||||
Settings
|
||||
</a>
|
||||
</li>
|
||||
</ul>
|
||||
<hr>
|
||||
<div>
|
||||
<span class="d-flex align-items-center text-decoration-none"><strong><?php echo htmlspecialchars($_SESSION['user_name']); ?></strong></span>
|
||||
<a href="logout.php" class="d-flex align-items-center text-decoration-none">
|
||||
<i data-feather="log-out" class="me-2"></i>
|
||||
<strong>Logout</strong>
|
||||
</a>
|
||||
</div>
|
||||
</nav>
|
||||
<?php require_once 'templates/sidebar.php'; ?>
|
||||
|
||||
<main id="content">
|
||||
<div class="header">
|
||||
<h1>User Management</h1>
|
||||
<div>
|
||||
<a href="add-user.php" class="btn btn-primary">Add New User</a>
|
||||
<?php if (can($_SESSION['user_role'], 'user', 'create')): ?>
|
||||
<a href="add-user.php" class="btn btn-primary">Add New User</a>
|
||||
<?php endif; ?>
|
||||
<div class="theme-switcher" id="theme-switcher">
|
||||
<i data-feather="moon"></i>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<?php if (isset($_GET['success']) && $_GET['success'] === 'user_added'): ?>
|
||||
<div class="alert alert-success">User successfully added!</div>
|
||||
<?php elseif (isset($_GET['success']) && $_GET['success'] === 'user_updated'): ?>
|
||||
<div class="alert alert-success">User successfully updated!</div>
|
||||
<?php elseif (isset($_GET['success']) && $_GET['success'] === 'user_deleted'): ?>
|
||||
<div class="alert alert-success">User successfully deleted!</div>
|
||||
<?php elseif (isset($_GET['error']) && $_GET['error'] === 'self_delete'): ?>
|
||||
<div class="alert alert-danger">You cannot delete your own account.</div>
|
||||
<?php endif; ?>
|
||||
|
||||
<div class="surface p-4">
|
||||
<?php if (isset($_GET['success']) && $_GET['success'] === 'user_added'): ?>
|
||||
<div class="alert alert-success">User successfully added!</div>
|
||||
<?php elseif (isset($_GET['success']) && $_GET['success'] === 'user_updated'): ?>
|
||||
<div class="alert alert-success">User successfully updated!</div>
|
||||
<?php elseif (isset($_GET['success']) && $_GET['success'] === 'user_deleted'): ?>
|
||||
<div class="alert alert-success">User successfully deleted!</div>
|
||||
<?php elseif (isset($_GET['error']) && $_GET['error'] === 'cannot_delete_admin'): ?>
|
||||
<div class="alert alert-danger">The default admin user cannot be deleted.</div>
|
||||
<?php endif; ?>
|
||||
<?php if (isset($users['error'])): ?>
|
||||
<div class="alert alert-danger">
|
||||
<?php echo htmlspecialchars($users['error']); ?>
|
||||
@ -114,31 +86,35 @@ $users = get_users();
|
||||
<?php elseif (empty($users)): ?>
|
||||
<div class="text-center p-5">
|
||||
<h4>No users found.</h4>
|
||||
<p>Get started by adding your first user.</p>
|
||||
<a href="add-user.php" class="btn btn-primary">Add User</a>
|
||||
<?php if (can($_SESSION['user_role'], 'user', 'create'])): ?>
|
||||
<p>Get started by adding your first user.</p>
|
||||
<a href="add-user.php" class="btn btn-primary">Add User</a>
|
||||
<?php endif; ?>
|
||||
</div>
|
||||
<?php else: ?>
|
||||
<div class="table-responsive">
|
||||
<table class="table user-table">
|
||||
<table class="table">
|
||||
<thead>
|
||||
<tr>
|
||||
<th>Name</th>
|
||||
<th>Email</th>
|
||||
<th>Role</th>
|
||||
<th>Created At</th>
|
||||
<?php foreach ($allowed_fields as $field): if($field === 'id') continue; ?>
|
||||
<th><?php echo ucfirst(str_replace('_', ' ', $field)); ?></th>
|
||||
<?php endforeach; ?>
|
||||
<th>Actions</th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
<?php foreach ($users as $user): ?>
|
||||
<tr>
|
||||
<td><?php echo htmlspecialchars($user['name']); ?></td>
|
||||
<td><?php echo htmlspecialchars($user['email']); ?></td>
|
||||
<td><?php echo htmlspecialchars($user['role']); ?></td>
|
||||
<td><?php echo htmlspecialchars($user['created_at']); ?></td>
|
||||
<?php foreach ($allowed_fields as $field): if($field === 'id') continue; ?>
|
||||
<td><?php echo htmlspecialchars($user[$field]); ?></td>
|
||||
<?php endforeach; ?>
|
||||
<td>
|
||||
<a href="edit-user.php?id=<?php echo $user['id']; ?>" class="btn btn-sm btn-outline-primary">Edit</a>
|
||||
<a href="delete-user.php?id=<?php echo $user['id']; ?>" class="btn btn-sm btn-outline-danger" onclick="return confirm('Are you sure you want to delete this user?');">Delete</a>
|
||||
<?php if (can($_SESSION['user_role'], 'user', 'update')): ?>
|
||||
<a href="edit-user.php?id=<?php echo $user['id']; ?>" class="btn btn-sm btn-outline-primary">Edit</a>
|
||||
<?php endif; ?>
|
||||
<?php if (can($_SESSION['user_role'], 'user', 'delete'])): ?>
|
||||
<a href="delete-user.php?id=<?php echo $user['id']; ?>" class="btn btn-sm btn-outline-danger" onclick="return confirm('Are you sure you want to delete this user?');">Delete</a>
|
||||
<?php endif; ?>
|
||||
</td>
|
||||
</tr>
|
||||
<?php endforeach; ?>
|
||||
@ -156,4 +132,4 @@ $users = get_users();
|
||||
feather.replace();
|
||||
</script>
|
||||
</body>
|
||||
</html>
|
||||
</html>
|
||||
Loading…
x
Reference in New Issue
Block a user