51 lines
1.6 KiB
PHP
51 lines
1.6 KiB
PHP
<?php
|
|
require_once __DIR__ . '/app.php';
|
|
|
|
function require_login() {
|
|
if (empty($_SESSION['user_id'])) {
|
|
header('Location: login.php');
|
|
exit;
|
|
}
|
|
header('Cache-Control: no-store, no-cache, must-revalidate, max-age=0');
|
|
header('Cache-Control: post-check=0, pre-check=0', false);
|
|
header('Pragma: no-cache');
|
|
}
|
|
|
|
function get_logged_in_user() {
|
|
if (empty($_SESSION['user_id'])) return null;
|
|
$stmt = db()->prepare("SELECT * FROM users WHERE id = ?");
|
|
$stmt->execute([$_SESSION['user_id']]);
|
|
return $stmt->fetch(PDO::FETCH_ASSOC) ?: null;
|
|
}
|
|
|
|
function has_permission($page, $action = 'view') {
|
|
$user = get_logged_in_user();
|
|
if (!$user) return false;
|
|
|
|
// Super Admins bypass permissions. Fallback logic.
|
|
if ($user['role'] === 'admin' && empty($user['role_id'])) return true;
|
|
|
|
if (!empty($user['role_id'])) {
|
|
$stmt = db()->prepare("SELECT is_system FROM roles WHERE id = ?");
|
|
$stmt->execute([$user['role_id']]);
|
|
$role = $stmt->fetch(PDO::FETCH_ASSOC);
|
|
if ($role && $role['is_system']) return true; // Super admin
|
|
|
|
$stmt = db()->prepare("SELECT * FROM role_permissions WHERE role_id = ? AND page = ?");
|
|
$stmt->execute([$user['role_id'], $page]);
|
|
$perms = $stmt->fetch(PDO::FETCH_ASSOC);
|
|
|
|
if ($perms) {
|
|
$col = 'can_' . $action;
|
|
return !empty($perms[$col]);
|
|
}
|
|
}
|
|
return false;
|
|
}
|
|
|
|
function require_permission($page, $action = 'view') {
|
|
if (!has_permission($page, $action)) {
|
|
http_response_code(403);
|
|
die("403 Forbidden - You don't have permission to perform this action.");
|
|
}
|
|
} |