160 lines
6.6 KiB
PHP
160 lines
6.6 KiB
PHP
<?php
|
|
require_once 'db/config.php';
|
|
require_once 'auth-check.php';
|
|
|
|
// Only Admins can access this page
|
|
if ($_SESSION['user_role'] !== 'Admin') {
|
|
header('Location: index.php?error=access_denied');
|
|
exit;
|
|
}
|
|
|
|
$success_message = '';
|
|
$error_message = '';
|
|
|
|
$roles = ['Admin', 'Asset Manager', 'IT Technician', 'Employee'];
|
|
$resources = ['asset', 'user'];
|
|
$actions = ['create', 'read', 'update', 'delete'];
|
|
|
|
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
|
try {
|
|
$pdo = db();
|
|
$pdo->beginTransaction();
|
|
|
|
// Clear existing permissions
|
|
$pdo->exec('TRUNCATE TABLE role_permissions');
|
|
|
|
$stmt = $pdo->prepare('INSERT INTO role_permissions (role, resource, action, fields) VALUES (?, ?, ?, ?)');
|
|
|
|
$permissions = $_POST['permissions'] ?? [];
|
|
|
|
foreach ($roles as $role) {
|
|
foreach ($resources as $resource) {
|
|
foreach ($actions as $action) {
|
|
if (!empty($permissions[$role][$resource][$action]['enabled'])) {
|
|
$fields = $permissions[$role][$resource][$action]['fields'] ?? null;
|
|
if (in_array($action, ['read', 'update']) && empty($fields)) {
|
|
$fields = '*'; // Default to all fields if not specified
|
|
}
|
|
$stmt->execute([$role, $resource, $action, $fields]);
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
$pdo->commit();
|
|
$success_message = 'Permissions updated successfully!';
|
|
|
|
} catch (PDOException $e) {
|
|
if ($pdo->inTransaction()) {
|
|
$pdo->rollBack();
|
|
}
|
|
$error_message = 'Database error: ' . $e->getMessage();
|
|
}
|
|
}
|
|
|
|
|
|
function get_permissions() {
|
|
try {
|
|
$pdo = db();
|
|
$stmt = $pdo->query('SELECT * FROM role_permissions ORDER BY role, resource, action');
|
|
return $stmt->fetchAll(PDO::FETCH_ASSOC);
|
|
} catch (PDOException $e) {
|
|
return ['error' => 'Database error: ' . $e->getMessage()];
|
|
}
|
|
}
|
|
|
|
$permissions_from_db = get_permissions();
|
|
|
|
// Group permissions by role and resource for easier display
|
|
$grouped_permissions = [];
|
|
foreach ($permissions_from_db as $p) {
|
|
$grouped_permissions[$p['role']][$p['resource']][$p['action']] = $p['fields'];
|
|
}
|
|
|
|
?>
|
|
<!DOCTYPE html>
|
|
<html lang="en">
|
|
<head>
|
|
<meta charset="UTF-8">
|
|
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
|
<title>Settings - Role Permissions - IC-Inventory</title>
|
|
<meta name="description" content="Manage role permissions.">
|
|
<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/css/bootstrap.min.css" rel="stylesheet">
|
|
<link rel="stylesheet" href="assets/css/custom.css?v=<?php echo time(); ?>">
|
|
<link rel="preconnect" href="https://fonts.googleapis.com">
|
|
<link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
|
|
<link href="https://fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700&display=swap" rel="stylesheet">
|
|
<script src="https://unpkg.com/feather-icons"></script>
|
|
</head>
|
|
<body>
|
|
|
|
<div class="wrapper">
|
|
<?php require_once 'templates/sidebar.php'; ?>
|
|
|
|
<main id="content">
|
|
<div class="header">
|
|
<h1>Settings - Role Permissions</h1>
|
|
<div class="theme-switcher" id="theme-switcher">
|
|
<i data-feather="moon"></i>
|
|
</div>
|
|
</div>
|
|
|
|
<div class="surface p-4">
|
|
<?php if ($success_message): ?>
|
|
<div class="alert alert-success"><?php echo htmlspecialchars($success_message); ?></div>
|
|
<?php endif; ?>
|
|
<?php if ($error_message): ?>
|
|
<div class="alert alert-danger"><?php echo htmlspecialchars($error_message); ?></div>
|
|
<?php endif; ?>
|
|
|
|
<form action="settings.php" method="post">
|
|
<div class="table-responsive">
|
|
<table class="table table-bordered permission-table">
|
|
<thead>
|
|
<tr>
|
|
<th>Role</th>
|
|
<th>Resource</th>
|
|
<th>Create</th>
|
|
<th>Read (Fields)</th>
|
|
<th>Update (Fields)</th>
|
|
<th>Delete</th>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<?php foreach ($roles as $role): ?>
|
|
<?php foreach ($resources as $resource_idx => $resource): ?>
|
|
<tr>
|
|
<?php if ($resource_idx === 0): ?>
|
|
<td rowspan="<?php echo count($resources); ?>" class="align-middle"><strong><?php echo $role; ?></strong></td>
|
|
<?php endif; ?>
|
|
<td class="align-middle"><?php echo ucfirst($resource); ?></td>
|
|
|
|
<?php foreach ($actions as $action): ?>
|
|
<td class="align-middle">
|
|
<div class="form-check">
|
|
<input class="form-check-input" type="checkbox" name="permissions[<?php echo $role; ?>][<?php echo $resource; ?>][<?php echo $action; ?>][enabled]" value="1" <?php echo isset($grouped_permissions[$role][$resource][$action]) ? 'checked' : ''; ?>>
|
|
</div>
|
|
<?php if (in_array($action, ['read', 'update'])): ?>
|
|
<input type="text" class="form-control form-control-sm mt-1" name="permissions[<?php echo $role; ?>][<?php echo $resource; ?>][<?php echo $action; ?>][fields]" placeholder="* for all" value="<?php echo htmlspecialchars($grouped_permissions[$role][$resource][$action] ?? ''); ?>">
|
|
<?php endif; ?>
|
|
</td>
|
|
<?php endforeach; ?>
|
|
</tr>
|
|
<?php endforeach; ?>
|
|
<?php endforeach; ?>
|
|
</tbody>
|
|
</table>
|
|
</div>
|
|
<button type="submit" class="btn btn-primary">Save Changes</button>
|
|
</form>
|
|
</div>
|
|
</main>
|
|
</div>
|
|
|
|
<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/js/bootstrap.bundle.min.js"></script>
|
|
<script src="assets/js/main.js?v=<?php echo time(); ?>"></script>
|
|
<script>
|
|
feather.replace();
|
|
</script>
|
|
</body>
|
|
</html>
|