1 files changed, 130 insertions, 7 deletions
diff --git a/modules-available/permissionmanager/install.inc.php b/modules-available/permissionmanager/install.inc.php
index 71ee7a1e..7f9c80ef 100644
--- a/modules-available/permissionmanager/install.inc.php
+++ b/modules-available/permissionmanager/install.inc.php
@@ -5,20 +5,27 @@ $res = array();
 $res[] = tableCreate('role', "
 	roleid int(10) unsigned NOT NULL AUTO_INCREMENT,
 	rolename varchar(200) NOT NULL,
+	roledescription TEXT,
 	PRIMARY KEY (roleid)
 ");
 
-$res[] = tableCreate('user_x_role', "
+if (tableExists('user_x_role')) {
+	if (tableExists('role_x_user')) {
+		Database::exec('DROP TABLE user_x_role');
+	} else {
+		$res[] = tableRename('user_x_role', 'role_x_user');
+	}
+}
+$res[] = tableCreate('role_x_user', "
 	userid int(10) unsigned NOT NULL,
 	roleid int(10) unsigned NOT NULL,
 	PRIMARY KEY (userid, roleid)
 ");
 
 $res[] = tableCreate('role_x_location', "
-	id int(10) unsigned NOT NULL AUTO_INCREMENT,
 	roleid int(10) unsigned NOT NULL,
 	locationid int(11),
-	PRIMARY KEY (id)
+	CONSTRAINT role_loc UNIQUE (roleid, locationid) 
 ");
 
 $res[] = tableCreate('role_x_permission', "
@@ -27,24 +34,38 @@ $res[] = tableCreate('role_x_permission', "
 	PRIMARY KEY (roleid, permissionid)
 ");
 
+if (tableHasColumn('role_x_location', 'id')) {
+	$cnt = Database::exec('DELETE a FROM role_x_location a, role_x_location b
+			WHERE a.roleid = b.roleid AND (a.locationid = b.locationid OR (a.locationid IS NULL AND b.locationid IS NULL))
+			AND a.id > b.id');
+	$ret = Database::exec('ALTER TABLE role_x_location DROP COLUMN id,
+			ADD CONSTRAINT role_loc UNIQUE (roleid, locationid)');
+	if ($ret === false) {
+		$res[] = UPDATE_NOOP;
+	} else {
+		$res[] = UPDATE_DONE;
+	}
+
+}
+
 if (!tableExists('user') || !tableExists('location')) {
 	finalResponse(UPDATE_RETRY, 'Cannot add constraint yet. Please retry.');
 } else {
-	$c = tableGetContraints('user_x_role', 'userid', 'user', 'userid');
+	$c = tableGetContraints('role_x_user', 'userid', 'user', 'userid');
 	if ($c === false)
 		finalResponse(UPDATE_FAILED, 'Cannot get constraints of user table: ' . Database::lastError());
 	if (empty($c)) {
-		$alter = Database::exec('ALTER TABLE user_x_role ADD FOREIGN KEY (userid) REFERENCES user (userid) ON DELETE CASCADE ON UPDATE CASCADE');
+		$alter = Database::exec('ALTER TABLE role_x_user ADD FOREIGN KEY (userid) REFERENCES user (userid) ON DELETE CASCADE ON UPDATE CASCADE');
 		if ($alter === false)
 			finalResponse(UPDATE_FAILED, 'Cannot add userid constraint referencing user table: ' . Database::lastError());
 		$res[] = UPDATE_DONE;
 	}
 
-	$c = tableGetContraints('user_x_role', 'roleid', 'role', 'roleid');
+	$c = tableGetContraints('role_x_user', 'roleid', 'role', 'roleid');
 	if ($c === false)
 		finalResponse(UPDATE_FAILED, 'Cannot get constraints of role table: ' . Database::lastError());
 	if (empty($c)) {
-		$alter = Database::exec('ALTER TABLE user_x_role ADD FOREIGN KEY (roleid) REFERENCES role (roleid) ON DELETE CASCADE ON UPDATE CASCADE');
+		$alter = Database::exec('ALTER TABLE role_x_user ADD FOREIGN KEY (roleid) REFERENCES role (roleid) ON DELETE CASCADE ON UPDATE CASCADE');
 		if ($alter === false)
 			finalResponse(UPDATE_FAILED, 'Cannot add roleid constraint referencing role table: ' . Database::lastError());
 		$res[] = UPDATE_DONE;
@@ -80,6 +101,108 @@ if (!tableExists('user') || !tableExists('location')) {
 		$res[] = UPDATE_DONE;
 	}
 }
+
+// 2018-04-13 role description field; add a couple default roles
+if (!tableHasColumn('role', 'roledescription')) {
+	$alter = Database::exec("ALTER TABLE role ADD roledescription TEXT");
+	if ($alter === false)
+		finalResponse(UPDATE_FAILED, 'Cannot add roledescription field to table role: ' . Database::lastError());
+	$res[] = UPDATE_DONE;
+}
+
+if (!tableHasColumn('role', 'roledescription')) {
+	finalResponse(UPDATE_RETRY, 'Try again later');
+}
+
+if (Database::exec("INSERT INTO `role` VALUES
+			(1,'Super-Admin', 'Hat keinerlei Zugriffsbeschränkungen'),
+			(2,'Admin', 'Alles bis auf Rechte-/Nutzerverwaltung'),
+			(3,'Prüfungsadmin', 'Kann E-Prüfungen verwalten, Prüfungsmodus einschalten, etc.'),
+			(4,'Lesezugriff', 'Kann auf die meisten Seiten zugreifen, jedoch keine Änderungen vornehmen')") !== false) {
+	// Success, there probably were no roles before, keep going
+	// Assign roles to location (all)
+	Database::exec("INSERT INTO `role_x_location` VALUES (1,NULL),(2,NULL),(3,NULL),(4,NULL)");
+	// Assign permissions to roles
+	Database::exec("INSERT INTO `role_x_permission` VALUES
+			(3,'exams.exams.*'),
+			(3,'rebootcontrol.action.*'),
+			(3,'statistics.hardware.projectors.view'),
+			(3,'statistics.machine.note.*'),
+			(3,'statistics.machine.view-details'),
+			(3,'statistics.view.*'),
+			(3,'syslog.view'),
+			
+			(1,'*'),
+			
+			(4,'adduser.user.view-list'),
+			(4,'backup.create'),
+			(4,'baseconfig.view'),
+			(4,'dnbd3.access-page'),
+			(4,'dnbd3.refresh'),
+			(4,'dnbd3.view.details'),
+			(4,'dozmod.actionlog.view'),
+			(4,'dozmod.users.view'),
+			(4,'eventlog.view'),
+			(4,'exams.exams.view'),
+			(4,'locationinfo.backend.check'),
+			(4,'locationinfo.panel.list'),
+			(4,'locations.location.view'),
+			(4,'minilinux.view'),
+			(4,'news.*'),
+			(4,'permissionmanager.locations.view'),
+			(4,'permissionmanager.roles.view'),
+			(4,'permissionmanager.users.view'),
+			(4,'runmode.list-all'),
+			(4,'serversetup.access-page'),
+			(4,'serversetup.download'),
+			(4,'statistics.hardware.projectors.view'),
+			(4,'statistics.machine.note.view'),
+			(4,'statistics.machine.view-details'),
+			(4,'statistics.view.*'),
+			(4,'statistics_reporting.reporting.download'),
+			(4,'statistics_reporting.table.export'),
+			(4,'statistics_reporting.table.view.*'),
+			(4,'sysconfig.config.view-list'),
+			(4,'sysconfig.module.download'),
+			(4,'sysconfig.module.view-list'),
+			(4,'syslog.view'),
+			(4,'systemstatus.show.overview.*'),
+			(4,'systemstatus.tab.*'),
+			(4,'webinterface.access-page'),
+			
+			(2,'adduser.user.view-list'),
+			(2,'backup.*'),
+			(2,'baseconfig.*'),
+			(2,'dnbd3.*'),
+			(2,'dozmod.*'),
+			(2,'eventlog.view'),
+			(2,'exams.exams.*'),
+			(2,'locationinfo.*'),
+			(2,'locations.*'),
+			(2,'minilinux.*'),
+			(2,'news.*'),
+			(2,'permissionmanager.locations.view'),
+			(2,'permissionmanager.roles.view'),
+			(2,'permissionmanager.users.view'),
+			(2,'rebootcontrol.*'),
+			(2,'roomplanner.edit'),
+			(2,'runmode.list-all'),
+			(2,'serversetup.*'),
+			(2,'statistics.*'),
+			(2,'statistics_reporting.*'),
+			(2,'sysconfig.*'),
+			(2,'syslog.*'),
+			(2,'systemstatus.*'),
+			(2,'vmstore.edit'),
+			(2,'webinterface.*')");
+	// Asign the first user to the superadmin role (if one exists)
+	Database::exec("INSERT INTO `role_x_user` VALUES (1,1)");
+	$res[] = UPDATE_DONE;
+}
+
+//
+//
+
 if (in_array(UPDATE_DONE, $res)) {
 	finalResponse(UPDATE_DONE, 'Tables created successfully');
 }