From 3e4c27599f920e6f630f048f494f5d196fc81b8e Mon Sep 17 00:00:00 2001
From: Udo Walter
Date: Tue, 25 Apr 2017 14:50:37 +0200
Subject: [permissionmanager] added possibility to get a list of allowed
 locations for a given permission + bugfixes

---
 inc/user.inc.php                                   | 17 +++-
 modules-available/locations/inc/location.inc.php   |  2 +-
 .../permissionmanager/clientscript.js              | 95 ++++++++++++----------
 modules-available/permissionmanager/config.json    |  2 +-
 .../permissionmanager/inc/permissionutil.inc.php   | 56 +++++++++----
 modules-available/permissionmanager/page.inc.php   |  4 +-
 modules-available/permissionmanager/style.css      |  6 +-
 .../permissionmanager/templates/roleeditor.html    | 16 ++--
 8 files changed, 121 insertions(+), 77 deletions(-)

diff --git a/inc/user.inc.php b/inc/user.inc.php
index 3606f025..13e56cd3 100644
--- a/inc/user.inc.php
+++ b/inc/user.inc.php
@@ -30,15 +30,24 @@ class User
 	{
 		if (!self::isLoggedIn())
 			return false;
-		if (Module::get("permissionmanager")) {
-			require_once "modules/permissionmanager/inc/permissionutil.inc.php";
-			$module = Request::get("do", false);
-			$permission = $module ? $module.".".$permission : $permission;
+		if (Module::isAvailable("permissionmanager")) {
+			$module = Page::getModule();
+			$permission = $module ? $module->getIdentifier().".".$permission : $permission;
 			return PermissionUtil::userHasPermission(self::$user['userid'], $permission, $locationid);
 		}
 		return (self::$user['permissions'] & (Permission::get($permission) | Permission::get('superadmin'))) != 0;
 	}
 
+	public static function getAllowedLocations($permission)
+	{
+		if (Module::isAvailable("permissionmanager")) {
+			$module = Page::getModule();
+			$permission = $module ? $module->getIdentifier().".".$permission : $permission;
+			return PermissionUtil::getAllowedLocations(self::$user['userid'], $permission);
+		}
+		return array();
+	}
+
 	public static function load()
 	{
 		if (self::isLoggedIn())
diff --git a/modules-available/locations/inc/location.inc.php b/modules-available/locations/inc/location.inc.php
index 73080094..3c9775ef 100644
--- a/modules-available/locations/inc/location.inc.php
+++ b/modules-available/locations/inc/location.inc.php
@@ -8,7 +8,7 @@ class Location
 	private static $treeCache = false;
 	private static $subnetMapCache = false;
 
-	private static function getTree()
+	public static function getTree()
 	{
 		if (self::$treeCache === false) {
 			self::$treeCache = self::queryLocations();
diff --git a/modules-available/permissionmanager/clientscript.js b/modules-available/permissionmanager/clientscript.js
index edbd3eb9..927d2afa 100644
--- a/modules-available/permissionmanager/clientscript.js
+++ b/modules-available/permissionmanager/clientscript.js
@@ -1,54 +1,59 @@
 document.addEventListener("DOMContentLoaded", function() {
-	var table = $("table").stupidtable();
-
-	// to show the sort-arrow next to the table header
-	table.on("aftertablesort", function (event, data) {
-		var th = $(this).find("th");
-		th.find(".arrow").remove();
-		var dir = $.fn.stupidtable.dir;
-		var arrow = data.direction === dir.ASC ? "down" : "up";
-		th.eq(data.column).append(' <span class="arrow glyphicon glyphicon-chevron-'+arrow+'"></span>');
-	});
+	var table = $("table");
+	if (table.length) {
+		table = table.stupidtable();
+		// to show the sort-arrow next to the table header
+		table.on("aftertablesort", function (event, data) {
+			var th = $(this).find("th");
+			th.find(".arrow").remove();
+			var dir = $.fn.stupidtable.dir;
+			var arrow = data.direction === dir.ASC ? "down" : "up";
+			th.eq(data.column).append(' <span class="arrow glyphicon glyphicon-chevron-'+arrow+'"></span>');
+		});
+	}
 
-	var selectize = $('#select-role').selectize({
-		allowEmptyOption: false,
-		maxItems: null,
-		highlight: false,
-		hideSelected: true,
-		create: false,
-		plugins: [ "remove_button" ]
-	})[0].selectize;
+	var selectize = $('#select-role');
+	if (selectize.length) {
+		selectize = selectize.selectize({
+			allowEmptyOption: false,
+			maxItems: null,
+			highlight: false,
+			hideSelected: true,
+			create: false,
+			plugins: ["remove_button"]
+		})[0].selectize;
 
-	// If Site gets refreshed, all data-selectizeCounts will be reset to 0, so delete the filters from the selectize
-	selectize.clear();
+		// If Site gets refreshed, all data-selectizeCounts will be reset to 0, so delete the filters from the selectize
+		selectize.clear();
 
-	selectize.on('item_add', function(value, $item) {
-		// When first item gets added the filter isn't empty anymore, so hide all rows
-		if (selectize.items.length === 1) {
-			$('.dataTable tbody').find('tr').hide();
-		}
-		// Find all rows which shall be shown and increase their counter by 1
-		$(".roleId-"+value).closest("tr").each(function() {
-			$(this).data("selectizeCount", $(this).data("selectizeCount") + 1);
-			$(this).show();
+		selectize.on('item_add', function (value, $item) {
+			// When first item gets added the filter isn't empty anymore, so hide all rows
+			if (selectize.items.length === 1) {
+				$('.dataTable tbody').find('tr').hide();
+			}
+			// Find all rows which shall be shown and increase their counter by 1
+			$(".roleId-" + value).closest("tr").each(function () {
+				$(this).data("selectizeCount", $(this).data("selectizeCount") + 1);
+				$(this).show();
+			});
 		});
-	});
 
-	selectize.on('item_remove', function(value, $item) {
-		// When no items in the filter, show all rows again
-		if (selectize.items.length === 0) {
-			$('.dataTable tbody').find('tr').show();
-		} else {
-			// Find all rows which have the delete role, decrease their counter by 1
-			$(".roleId-"+value).closest("tr").each(function() {
-				$(this).data("selectizeCount", $(this).data("selectizeCount") - 1);
-				// If counter is 0, hide the row (no filter given to show the row anymore)
-				if ($(this).data("selectizeCount") === 0) {
-					$(this).closest("tr").hide();
-				}
-			});
-		}
-	});
+		selectize.on('item_remove', function (value, $item) {
+			// When no items in the filter, show all rows again
+			if (selectize.items.length === 0) {
+				$('.dataTable tbody').find('tr').show();
+			} else {
+				// Find all rows which have the delete role, decrease their counter by 1
+				$(".roleId-" + value).closest("tr").each(function () {
+					$(this).data("selectizeCount", $(this).data("selectizeCount") - 1);
+					// If counter is 0, hide the row (no filter given to show the row anymore)
+					if ($(this).data("selectizeCount") === 0) {
+						$(this).closest("tr").hide();
+					}
+				});
+			}
+		});
+	}
 
 	$("form input").keydown(function(e) {
 		if (e.keyCode === 13) e.preventDefault();
diff --git a/modules-available/permissionmanager/config.json b/modules-available/permissionmanager/config.json
index 5089bdc9..c92e917a 100644
--- a/modules-available/permissionmanager/config.json
+++ b/modules-available/permissionmanager/config.json
@@ -1,4 +1,4 @@
 {
 	"category":"main.content",
-	"dependencies": [ "js_stupidtable", "bootstrap_switch", "js_selectize" ]
+	"dependencies": [ "locations", "js_stupidtable", "bootstrap_switch", "js_selectize" ]
 }
diff --git a/modules-available/permissionmanager/inc/permissionutil.inc.php b/modules-available/permissionmanager/inc/permissionutil.inc.php
index 8442f288..fe16f7ab 100644
--- a/modules-available/permissionmanager/inc/permissionutil.inc.php
+++ b/modules-available/permissionmanager/inc/permissionutil.inc.php
@@ -3,14 +3,28 @@
 class PermissionUtil
 {
 	public static function userHasPermission($userid, $permissionid, $locationid) {
-		$locations = array();
-		if (!is_null($locationid)) {
-			$res = Database::simpleQuery("SELECT locationid, parentlocationid FROM location");
-			while ($row = $res->fetch(PDO::FETCH_ASSOC)) {
-				$locations[$row["locationid"]] = $row["parentlocationid"];
+		$locations = Location::getLocationRootChain($locationid);
+		if (count($locations) == 0) return false;
+		else $locations[] = 0;
+
+		$res = Database::simpleQuery("SELECT role_x_permission.permissionid as 'permissionid',
+													role_x_location.locid as 'locationid'
+												FROM user_x_role
+												INNER JOIN role_x_permission ON user_x_role.roleid = role_x_permission.roleid
+												LEFT JOIN role_x_location ON role_x_permission.roleid = role_x_location.roleid
+												WHERE user_x_role.userid = :userid", array("userid" => $userid));
+
+		while ($row = $res->fetch(PDO::FETCH_ASSOC)) {
+			$userPermission = trim($row["permissionid"], "*");
+			if (substr($permissionid, 0, strlen($userPermission)) === $userPermission
+					&& (is_null($locationid) || in_array($row["locationid"], $locations))) {
+				return true;
 			}
-			if (!array_key_exists($locationid, $locations)) return false;
 		}
+		return false;
+	}
+
+	public static function getAllowedLocations($userid, $permissionid) {
 
 		$res = Database::simpleQuery("SELECT role_x_permission.permissionid as 'permissionid',
 													role_x_location.locid as 'locationid'
@@ -19,24 +33,36 @@ class PermissionUtil
 												LEFT JOIN role_x_location ON role_x_permission.roleid = role_x_location.roleid
 												WHERE user_x_role.userid = :userid", array("userid" => $userid));
 
+		$allowedLocations = array();
 		while ($row = $res->fetch(PDO::FETCH_ASSOC)) {
 			$userPermission = trim($row["permissionid"], "*");
 			if (substr($permissionid, 0, strlen($userPermission)) === $userPermission) {
-				if (is_null($locationid) || $locationid == $row["locationid"]) {
-					return true;
+				$allowedLocations[] = $row["locationid"];
+			}
+		}
+		$locations = Location::getTree();
+		if (count($allowedLocations) == 1 && $allowedLocations[0] == "0") {
+			$allowedLocations = Location::extractIds($locations);
+		} else {
+			$allowedLocations = self::getSublocations($locations, $allowedLocations);
+		}
+		return $allowedLocations;
+	}
+
+	private static function getSublocations($tree, $locations) {
+		$result = array_flip($locations);
+		foreach ($tree as $location) {
+			if (array_key_exists("children", $location)) {
+				if (in_array($location["locationid"], $locations)) {
+					$result += array_flip(Location::extractIds($location["children"]));
 				} else {
-					$parentlocid = $locationid;
-					while ($parentlocid != 0) {
-						$parentlocid  = $locations[$parentlocid];
-						if ($parentlocid == $row["locationid"]) return true;
-					}
+					$result += array_flip(self::getSublocations($location["children"], $locations));
 				}
 			}
 		}
-		return false;
+		return array_keys($result);
 	}
 
-
 	public static function getPermissions()
 	{
 		$permissions = array();
diff --git a/modules-available/permissionmanager/page.inc.php b/modules-available/permissionmanager/page.inc.php
index 326d5b24..7f288fd9 100644
--- a/modules-available/permissionmanager/page.inc.php
+++ b/modules-available/permissionmanager/page.inc.php
@@ -75,7 +75,7 @@ class Page_PermissionManager extends Page
 				$data["roleName"] = $roleData["name"];
 				if (count($roleData["locations"]) == 1 && $roleData["locations"][0] == 0) {
 					$data["allLocChecked"] = "checked";
-					$data["selectizeClass"] = "disabled";
+					$data["selectizeClass"] = "faded unclickable";
 				} else {
 					$data["allLocChecked"] = "";
 					$data["selectizeClass"] = "";
@@ -83,7 +83,7 @@ class Page_PermissionManager extends Page
 				}
 				if (count($roleData["permissions"]) == 1 && $roleData["permissions"][0] == "*") {
 					$data["allPermChecked"] = "checked";
-					$data["permissionsClass"] = "disabled";
+					$data["permissionsClass"] = "faded unclickable";
 				} else {
 					$data["allPermChecked"] = "";
 					$data["permissionsClass"] = "";
diff --git a/modules-available/permissionmanager/style.css b/modules-available/permissionmanager/style.css
index e1fac370..504df511 100644
--- a/modules-available/permissionmanager/style.css
+++ b/modules-available/permissionmanager/style.css
@@ -46,10 +46,14 @@
     margin: 0;
 }
 
-.disabled {
+.faded {
     opacity: 0.6;
 }
 
+.unclickable {
+    pointer-events: none;
+}
+
 input[type='checkbox']:disabled {
     cursor: inherit;
 }
diff --git a/modules-available/permissionmanager/templates/roleeditor.html b/modules-available/permissionmanager/templates/roleeditor.html
index bfabf4af..d1535332 100644
--- a/modules-available/permissionmanager/templates/roleeditor.html
+++ b/modules-available/permissionmanager/templates/roleeditor.html
@@ -63,9 +63,9 @@
 
 		allLocations.on('switchChange.bootstrapSwitch', function(event, state) {
 			if (state) {
-				$("#selectize-container").addClass("disabled");
+				$("#selectize-container").addClass("faded unclickable");
 			} else {
-				$("#selectize-container").removeClass("disabled");
+				$("#selectize-container").removeClass("faded unclickable");
 			}
 		});
 
@@ -78,9 +78,9 @@
 
 		allPermissions.on('switchChange.bootstrapSwitch', function(event, state) {
 			if (state) {
-				$(".permissions-container").addClass("disabled");
+				$(".permissions-container").addClass("faded unclickable");
 			} else {
-				$(".permissions-container").removeClass("disabled");
+				$(".permissions-container").removeClass("faded unclickable");
 			}
 		});
 
@@ -102,16 +102,16 @@
 			var parent = $(this).parent().parent();
 			if (parent.hasClass("panel-heading")) parent = parent.parent();
 			parent = parent.find("ul:first");
-			parent.find("ul").removeClass("disabled");
+			parent.find("ul").removeClass("faded");
 			var checkboxes = parent.find("input[type=checkbox]");
-			if (parent.hasClass("disabled")) {
+			if (parent.hasClass("faded")) {
 				checkboxes.prop("disabled", false);
 				checkboxes.prop("checked", false);
-				parent.removeClass("disabled");
+				parent.removeClass("faded");
 			} else {
 				checkboxes.prop("disabled", true);
 				checkboxes.prop("checked", true);
-				parent.addClass("disabled");
+				parent.addClass("faded");
 			}
 		});
 		
-- 
cgit v1.2.3-55-g7522