admin/35512-vm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
35512-vm/settings.php
Flatlogic Bot eca44a4bc7 gestione ruoli e permessi
2025-11-08 20:43:02 +00:00

179 lines
7.9 KiB
PHP
Raw Blame History

<?php
session_start();
require_once 'db/config.php';
require_once 'auth-check.php';
require_once 'auth-helpers.php';
if (!can($_SESSION['user_role_id'], 'permission', 'update')) {
header('Location: index.php?error=access_denied');
exit;
}
$success_message = '';
$error_message = '';
try {
$pdo = db();
$roles_stmt = $pdo->query('SELECT * FROM roles ORDER BY name');
$roles = $roles_stmt->fetchAll(PDO::FETCH_ASSOC);
} catch (PDOException $e) {
$error_message = "Database error fetching roles: " . $e->getMessage();
$roles = [];
}
$resources = ['asset', 'user', 'category', 'location', 'role', 'permission'];
$actions = ['create', 'read', 'update', 'delete'];
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
try {
$pdo = db();
$pdo->beginTransaction();
// Clear existing permissions, but not for the super admin
$pdo->exec('DELETE FROM role_permissions WHERE role_id != 1');
$stmt = $pdo->prepare('INSERT INTO role_permissions (role_id, resource, action, fields) VALUES (?, ?, ?, ?)');
$permissions = $_POST['permissions'] ?? [];
foreach ($roles as $role) {
if ($role['id'] == 1) continue; // Skip Admin role, its permissions are immutable
foreach ($resources as $resource) {
foreach ($actions as $action) {
if (isset($permissions[$role['id']][$resource][$action]['enabled']) && $permissions[$role['id']][$resource][$action]['enabled'] == '1') {
$fields = null;
if (in_array($action, ['read', 'update', 'create'])) {
$fields = $permissions[$role['id']][$resource][$action]['fields'] ?? '*';
if (empty($fields)) {
$fields = '*';
}
}
$stmt->execute([$role['id'], $resource, $action, $fields]);
}
}
}
}
$pdo->commit();
$success_message = 'Permissions updated successfully!';
} catch (PDOException $e) {
if ($pdo->inTransaction()) {
$pdo->rollBack();
}
$error_message = 'Database error: ' . $e->getMessage();
}
}
function get_permissions() {
try {
$pdo = db();
$stmt = $pdo->query('SELECT * FROM role_permissions ORDER BY role_id, resource, action');
return $stmt->fetchAll(PDO::FETCH_ASSOC);
} catch (PDOException $e) {
return ['error' => 'Database error: ' . $e->getMessage()];
}
}
$permissions_from_db = get_permissions();
// Group permissions by role and resource for easier display
$grouped_permissions = [];
foreach ($permissions_from_db as $p) {
$grouped_permissions[$p['role_id']][$p['resource']][$p['action']] = $p['fields'];
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Settings - Role Permissions - IC-Inventory</title>
<meta name="description" content="Manage role permissions.">
<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/css/bootstrap.min.css" rel="stylesheet">
<link rel="stylesheet" href="assets/css/custom.css?v=<?php echo time(); ?>">
<link rel="preconnect" href="https://fonts.googleapis.com">
<link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
<link href="https://fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700&display=swap" rel="stylesheet">
<script src="https://unpkg.com/feather-icons"></script>
</head>
<body>
<div class="wrapper">
<?php require_once 'templates/sidebar.php'; ?>
<main id="content">
<div class="header">
<h1>Settings - Role Permissions</h1>
</div>
<div class="surface p-4">
<?php if ($success_message): ?>
<div class="alert alert-success"><?php echo htmlspecialchars($success_message); ?></div>
<?php endif; ?>
<?php if ($error_message): ?>
<div class="alert alert-danger"><?php echo htmlspecialchars($error_message); ?></div>
<?php endif; ?>
<form action="settings.php" method="post">
<div class="table-responsive">
<table class="table table-bordered permission-table">
<thead>
<tr>
<th>Role</th>
<th>Resource</th>
<th>Create</th>
<th>Read (Fields)</th>
<th>Update (Fields)</th>
<th>Delete</th>
</tr>
</thead>
<tbody>
<?php foreach ($roles as $role): ?>
<?php foreach ($resources as $resource_idx => $resource): ?>
<tr>
<?php if ($resource_idx === 0): ?>
<td rowspan="<?php echo count($resources); ?>" class="align-middle">
<strong><?php echo htmlspecialchars($role['name']); ?></strong>
<?php if ($role['id'] == 1): ?>
<span class="badge bg-primary">Super Admin</span>
<?php endif; ?>
</td>
<?php endif; ?>
<td class="align-middle"><?php echo ucfirst($resource); ?></td>
<?php foreach ($actions as $action):
$is_disabled = ($role['id'] == 1); // Disable all checkboxes for Super Admin
$is_checked = isset($grouped_permissions[$role['id']][$resource]) && array_key_exists($action, $grouped_permissions[$role['id']][$resource]);
?>
<td class="align-middle">
<div class="form-check">
<input class="form-check-input" type="checkbox" name="permissions[<?php echo $role['id']; ?>][<?php echo $resource; ?>][<?php echo $action; ?>][enabled]" value="1" <?php echo $is_checked ? 'checked' : ''; ?> <?php echo $is_disabled ? 'disabled' : ''; ?>>
</div>
<?php if (in_array($action, ['read', 'update', 'create'])): ?>
<input type="text" class="form-control form-control-sm mt-1" name="permissions[<?php echo $role['id']; ?>][<?php echo $resource; ?>][<?php echo $action; ?>][fields]" placeholder="* for all" value="<?php echo htmlspecialchars($grouped_permissions[$role['id']][$resource][$action] ?? '*'); ?>" <?php echo $is_disabled ? 'disabled' : ''; ?>>
<?php endif; ?>
</td>
<?php endforeach; ?>
</tr>
<?php endforeach; ?>
<?php endforeach; ?>
</tbody>
</table>
</div>
<button type="submit" class="btn btn-primary">Save Changes</button>
</form>
</div>
</main>
</div>
<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/js/bootstrap.bundle.min.js"></script>
<script src="assets/js/main.js?v=<?php echo time(); ?>"></script>
<script>
feather.replace();
</script>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink