diff --git a/admin.php b/admin.php index 328e82c..42b3920 100644 --- a/admin.php +++ b/admin.php @@ -11,6 +11,8 @@ if (!auth_is_logged_in()) { } $is_admin = auth_is_admin(); +$current_role = auth_current_role(); +$current_role_label = auth_role_label($current_role); $flash = auth_flash_get(); $flash_type = $flash['type'] ?? ''; @@ -48,7 +50,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') { exit; } - if (!in_array($submitted_cl_auth_right, ['admin', 'member'], true)) { + if (!in_array($submitted_cl_auth_right, auth_valid_roles(), true)) { auth_flash_set('error', 'Droit utilisateur invalide.'); header('Location: admin.php'); exit; @@ -96,7 +98,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') { exit; } - if (!in_array($submitted_cl_auth_right, ['admin', 'member'], true)) { + if (!in_array($submitted_cl_auth_right, auth_valid_roles(), true)) { auth_flash_set('error', 'Droit utilisateur invalide.'); header('Location: admin.php?edit=' . $cl_auth_id); exit; @@ -256,7 +258,7 @@ if ($is_admin) { $tbl_auth_all = $stmt_users->fetchAll(); } -$member_accessible_items = []; +$user_accessible_items = []; if (!$is_admin) { foreach (auth_navigation_items() as $item) { $file = (string) ($item['file'] ?? ''); @@ -268,7 +270,7 @@ if (!$is_admin) { } if (auth_user_can_access_page($file, $label)) { - $member_accessible_items[] = [ + $user_accessible_items[] = [ 'file' => $file, 'label' => $label, ]; @@ -531,6 +533,7 @@ $current_session_user = isset($_SESSION['user']) ? (string) $_SESSION['user'] : } .badge-admin { background: rgba(162, 155, 120, 0.2); color: var(--primary); border: 1px solid var(--primary); } + .badge-moderator { background: rgba(74, 144, 226, 0.16); color: #8fc7ff; border: 1px solid rgba(143, 199, 255, 0.6); } .badge-member { background: rgba(255, 255, 255, 0.1); color: #ccc; border: 1px solid #555; } .flash { @@ -631,7 +634,8 @@ $current_session_user = isset($_SESSION['user']) ? (string) $_SESSION['user'] :
@@ -676,8 +680,8 @@ $current_session_user = isset($_SESSION['user']) ? (string) $_SESSION['user'] : # - - + + @@ -702,15 +706,15 @@ $current_session_user = isset($_SESSION['user']) ? (string) $_SESSION['user'] :
-

Zone membre

-

Vous êtes bien entré dans la zone admin avec un compte membre.

-

La gestion des utilisateurs reste réservée aux administrateurs, mais vous pouvez utiliser ci-dessous les pages qui vous ont été ouvertes.

+

Zone

+

Vous êtes bien entré dans la zone admin avec un compte .

+

La gestion des utilisateurs reste réservée aux administrateurs, mais vous pouvez utiliser ci-dessous les pages ouvertes à votre niveau d'autorisation.

- -
Aucune page ne vous a encore été attribuée par un administrateur.
+ +
Aucune page ne vous a encore été attribuée pour ce rôle.
- +
diff --git a/database/full.sql b/database/full.sql index 6dc7972..7aeac8e 100644 --- a/database/full.sql +++ b/database/full.sql @@ -18722,6 +18722,7 @@ CREATE TABLE IF NOT EXISTS tbl_page_access ( cl_page_file VARCHAR(190) NOT NULL UNIQUE, cl_page_label VARCHAR(190) NOT NULL, cl_allow_admin TINYINT(1) NOT NULL DEFAULT 1, + cl_allow_moderator TINYINT(1) NOT NULL DEFAULT 0, cl_allow_member TINYINT(1) NOT NULL DEFAULT 0, cl_updated_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci; diff --git a/database/schema.sql b/database/schema.sql index fb60b89..afc23ff 100644 --- a/database/schema.sql +++ b/database/schema.sql @@ -201,6 +201,7 @@ CREATE TABLE IF NOT EXISTS tbl_page_access ( cl_page_file VARCHAR(190) NOT NULL UNIQUE, cl_page_label VARCHAR(190) NOT NULL, cl_allow_admin TINYINT(1) NOT NULL DEFAULT 1, + cl_allow_moderator TINYINT(1) NOT NULL DEFAULT 0, cl_allow_member TINYINT(1) NOT NULL DEFAULT 0, cl_updated_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci; diff --git a/db/auth.php b/db/auth.php index ab1d5bd..5da7734 100644 --- a/db/auth.php +++ b/db/auth.php @@ -47,7 +47,7 @@ function auth_bootstrap(): void cl_auth_id INT UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY KEY, cl_auth_user VARCHAR(190) NOT NULL UNIQUE, cl_auth_pass VARCHAR(255) NOT NULL, - cl_auth_right ENUM('admin', 'member') NOT NULL DEFAULT 'member' + cl_auth_right ENUM('admin', 'moderator', 'member') NOT NULL DEFAULT 'member' ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci" ); @@ -58,11 +58,30 @@ function auth_bootstrap(): void cl_page_file VARCHAR(190) NOT NULL UNIQUE, cl_page_label VARCHAR(190) NOT NULL, cl_allow_admin TINYINT(1) NOT NULL DEFAULT 1, + cl_allow_moderator TINYINT(1) NOT NULL DEFAULT 0, cl_allow_member TINYINT(1) NOT NULL DEFAULT 0, cl_updated_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci" ); + $stmt_auth_role_column = $pdo->query("SHOW COLUMNS FROM tbl_auth LIKE 'cl_auth_right'"); + $auth_role_column = $stmt_auth_role_column->fetch(); + $auth_role_type = strtolower((string) ($auth_role_column['Type'] ?? '')); + if (strpos($auth_role_type, "'moderator'") === false) { + $pdo->exec("ALTER TABLE tbl_auth MODIFY cl_auth_right ENUM('admin', 'moderator', 'member') NOT NULL DEFAULT 'member'"); + } + + $stmt_page_access_columns = $pdo->query('SHOW COLUMNS FROM tbl_page_access'); + $page_access_columns = []; + foreach ($stmt_page_access_columns->fetchAll() as $page_access_column) { + $page_access_columns[] = (string) ($page_access_column['Field'] ?? ''); + } + + if (!in_array('cl_allow_moderator', $page_access_columns, true)) { + $pdo->exec('ALTER TABLE tbl_page_access ADD COLUMN cl_allow_moderator TINYINT(1) NOT NULL DEFAULT 0 AFTER cl_allow_admin'); + $pdo->exec('UPDATE tbl_page_access SET cl_allow_moderator = cl_allow_member'); + } + $sql_count_admin = "SELECT COUNT(*) FROM tbl_auth WHERE cl_auth_right = 'admin'"; $stmt_count_admin = $pdo->query($sql_count_admin); $cl_auth_admin_total = (int) $stmt_count_admin->fetchColumn(); @@ -146,9 +165,28 @@ function auth_is_logged_in(): bool function auth_is_admin(): bool { - auth_start_session(); + return auth_current_role() === 'admin'; +} - return isset($_SESSION['role']) && $_SESSION['role'] === 'admin'; +function auth_is_moderator(): bool +{ + return auth_current_role() === 'moderator'; +} + +function auth_valid_roles(): array +{ + return ['admin', 'moderator', 'member']; +} + +function auth_role_label(string $role): string +{ + static $labels = [ + 'admin' => 'Administrateur', + 'moderator' => 'Modérateur', + 'member' => 'Membre', + ]; + + return $labels[$role] ?? ucfirst($role); } function auth_current_user(): string @@ -211,6 +249,11 @@ function auth_page_default_member_access(string $page_file): int return $member_defaults[$page_file] ?? 0; } +function auth_page_default_moderator_access(string $page_file): int +{ + return auth_page_default_member_access($page_file); +} + function auth_page_access_defaults(string $page_file, string $page_label = ''): array { $normalized_page_file = auth_page_basename($page_file); @@ -221,6 +264,7 @@ function auth_page_access_defaults(string $page_file, string $page_label = ''): 'cl_page_file' => $normalized_page_file, 'cl_page_label' => $normalized_page_label, 'cl_allow_admin' => 1, + 'cl_allow_moderator' => auth_page_default_moderator_access($normalized_page_file), 'cl_allow_member' => auth_page_default_member_access($normalized_page_file), ]; } @@ -233,7 +277,7 @@ function auth_page_access_ensure(string $page_file, string $page_label = ''): ar $pdo = db(); $stmt = $pdo->prepare( - 'SELECT cl_page_access_id, cl_page_key, cl_page_file, cl_page_label, cl_allow_admin, cl_allow_member + 'SELECT cl_page_access_id, cl_page_key, cl_page_file, cl_page_label, cl_allow_admin, cl_allow_moderator, cl_allow_member FROM tbl_page_access WHERE cl_page_file = :cl_page_file LIMIT 1' @@ -245,8 +289,8 @@ function auth_page_access_ensure(string $page_file, string $page_label = ''): ar if (!$row) { $stmt_insert = $pdo->prepare( - 'INSERT INTO tbl_page_access (cl_page_key, cl_page_file, cl_page_label, cl_allow_admin, cl_allow_member) - VALUES (:cl_page_key, :cl_page_file, :cl_page_label, :cl_allow_admin, :cl_allow_member)' + 'INSERT INTO tbl_page_access (cl_page_key, cl_page_file, cl_page_label, cl_allow_admin, cl_allow_moderator, cl_allow_member) + VALUES (:cl_page_key, :cl_page_file, :cl_page_label, :cl_allow_admin, :cl_allow_moderator, :cl_allow_member)' ); $stmt_insert->execute($defaults); @@ -270,6 +314,7 @@ function auth_page_access_ensure(string $page_file, string $page_label = ''): ar } $row['cl_allow_admin'] = (int) ($row['cl_allow_admin'] ?? 1); + $row['cl_allow_moderator'] = (int) ($row['cl_allow_moderator'] ?? 0); $row['cl_allow_member'] = (int) ($row['cl_allow_member'] ?? 0); return $row; @@ -284,17 +329,23 @@ function auth_user_can_access_page(string $page_file, string $page_label = ''): return false; } - if (auth_is_admin()) { - return true; - } + $role = auth_current_role(); - if (auth_current_role() !== 'member') { - return false; + if ($role === 'admin') { + return true; } $row = auth_page_access_ensure($page_file, $page_label); - return (int) $row['cl_allow_member'] === 1; + if ($role === 'moderator') { + return (int) $row['cl_allow_moderator'] === 1; + } + + if ($role === 'member') { + return (int) $row['cl_allow_member'] === 1; + } + + return false; } function auth_require_page_access(string $page_file, string $page_label = ''): void @@ -313,7 +364,7 @@ function auth_require_page_access(string $page_file, string $page_label = ''): v return; } - auth_flash_set('error', 'Accès refusé : cette page n\'est pas ouverte aux membres.'); + auth_flash_set('error', 'Accès refusé : cette page n\'est pas ouverte pour votre niveau d\'autorisation.'); header('Location: index.php'); exit; } @@ -347,17 +398,20 @@ function auth_handle_page_access_post(string $page_file, string $page_label = '' } $row = auth_page_access_ensure($page_file, $page_label); + $cl_allow_moderator = isset($_POST['cl_allow_moderator']) ? 1 : 0; $cl_allow_member = isset($_POST['cl_allow_member']) ? 1 : 0; $stmt = db()->prepare( 'UPDATE tbl_page_access SET cl_page_label = :cl_page_label, cl_allow_admin = 1, + cl_allow_moderator = :cl_allow_moderator, cl_allow_member = :cl_allow_member WHERE cl_page_file = :cl_page_file' ); $stmt->execute([ 'cl_page_label' => $row['cl_page_label'], + 'cl_allow_moderator' => $cl_allow_moderator, 'cl_allow_member' => $cl_allow_member, 'cl_page_file' => $row['cl_page_file'], ]); @@ -378,6 +432,7 @@ function auth_render_page_access_widget(string $page_file, string $page_label = $action = htmlspecialchars($row['cl_page_file'], ENT_QUOTES, 'UTF-8'); $label = htmlspecialchars((string) $row['cl_page_label'], ENT_QUOTES, 'UTF-8'); $csrf = htmlspecialchars($csrf_token, ENT_QUOTES, 'UTF-8'); + $moderator_checked = (int) $row['cl_allow_moderator'] === 1 ? 'checked' : ''; $member_checked = (int) $row['cl_allow_member'] === 1 ? 'checked' : ''; return << Admin (toujours autorisé) +