From 02d4fc65209fcdf6f501f0ba62b433adf9a35293 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Wed, 14 Feb 2018 13:47:28 +0100 Subject: [permissionmanager] Speed up queries for saving roles and assignments --- .../inc/permissiondbupdate.inc.php | 30 +++++++++++++--------- 1 file changed, 18 insertions(+), 12 deletions(-) (limited to 'modules-available/permissionmanager/inc/permissiondbupdate.inc.php') diff --git a/modules-available/permissionmanager/inc/permissiondbupdate.inc.php b/modules-available/permissionmanager/inc/permissiondbupdate.inc.php index ffe5fac0..0f37a053 100644 --- a/modules-available/permissionmanager/inc/permissiondbupdate.inc.php +++ b/modules-available/permissionmanager/inc/permissiondbupdate.inc.php @@ -9,12 +9,14 @@ class PermissionDbUpdate { * @param array $roles roleids */ public static function addRoleToUser($users, $roles) { - $query = "INSERT IGNORE INTO user_x_role (userid, roleid) VALUES (:userid, :roleid)"; + $arg = array(); foreach($users AS $userid) { foreach ($roles AS $roleid) { - Database::exec($query, array("userid" => $userid, "roleid" => $roleid)); + $arg[] = compact('userid', 'roleid'); } } + Database::exec("INSERT IGNORE INTO user_x_role (userid, roleid) VALUES :arg", + ['arg' => $arg]); } /** @@ -49,20 +51,24 @@ class PermissionDbUpdate { if ($roleid) { Database::exec("UPDATE role SET rolename = :rolename WHERE roleid = :roleid", array("rolename" => $rolename, "roleid" => $roleid)); - Database::exec("DELETE FROM role_x_location WHERE roleid = :roleid", array("roleid" => $roleid)); - Database::exec("DELETE FROM role_x_permission WHERE roleid = :roleid", array("roleid" => $roleid)); + Database::exec("DELETE FROM role_x_location + WHERE roleid = :roleid AND locationid NOT IN (:locations)", array("roleid" => $roleid, 'locations' => $locations)); + Database::exec("DELETE FROM role_x_permission + WHERE roleid = :roleid AND permissionid NOT IN (:permissions)", array("roleid" => $roleid, 'permissions' => $permissions)); } else { Database::exec("INSERT INTO role (rolename) VALUES (:rolename)", array("rolename" => $rolename)); $roleid = Database::lastInsertId(); } - foreach ($locations as $locationid) { - Database::exec("INSERT INTO role_x_location (roleid, locationid) VALUES (:roleid, :locationid)", - array("roleid" => $roleid, "locationid" => $locationid)); - } - foreach ($permissions as $permissionid) { - Database::exec("INSERT INTO role_x_permission (roleid, permissionid) VALUES (:roleid, :permissionid)", - array("roleid" => $roleid, "permissionid" => $permissionid)); - } + $arg = array_map(function($loc) use ($roleid) { + return compact('roleid', 'loc'); + }, $locations); + Database::exec("INSERT IGNORE INTO role_x_location (roleid, locationid) VALUES :arg", + ['arg' => $arg]); + $arg = array_map(function($perm) use ($roleid) { + return compact('roleid', 'perm'); + }, $permissions); + Database::exec("INSERT IGNORE INTO role_x_permission (roleid, permissionid) VALUES :arg", + ['arg' => $arg]); } } -- cgit v1.2.3-55-g7522 From e39bc13cee5db3d4905498e0fe3ac89fd3ccbfe7 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Wed, 14 Feb 2018 13:54:45 +0100 Subject: [permissionmanager] Apply formatting --- modules-available/permissionmanager/api.inc.php | 7 --- .../inc/permissiondbupdate.inc.php | 37 +++++++++------- .../permissionmanager/inc/permissionutil.inc.php | 17 +++++--- modules-available/permissionmanager/page.inc.php | 51 ++++++++++++---------- 4 files changed, 60 insertions(+), 52 deletions(-) delete mode 100644 modules-available/permissionmanager/api.inc.php (limited to 'modules-available/permissionmanager/inc/permissiondbupdate.inc.php') diff --git a/modules-available/permissionmanager/api.inc.php b/modules-available/permissionmanager/api.inc.php deleted file mode 100644 index 0d84ebce..00000000 --- a/modules-available/permissionmanager/api.inc.php +++ /dev/null @@ -1,7 +0,0 @@ - 'value', - 'number' => 123, - 'list' => array(1,2,3,4,5,6,'foo') -)); diff --git a/modules-available/permissionmanager/inc/permissiondbupdate.inc.php b/modules-available/permissionmanager/inc/permissiondbupdate.inc.php index 0f37a053..f2e7a366 100644 --- a/modules-available/permissionmanager/inc/permissiondbupdate.inc.php +++ b/modules-available/permissionmanager/inc/permissiondbupdate.inc.php @@ -1,6 +1,7 @@ $users, "roles" => $roles)); } @@ -35,7 +38,8 @@ class PermissionDbUpdate { * * @param string $roleid roleid */ - public static function deleteRole($roleid) { + public static function deleteRole($roleid) + { Database::exec("DELETE FROM role WHERE roleid = :roleid", array("roleid" => $roleid)); } @@ -47,28 +51,31 @@ class PermissionDbUpdate { * @param array $permissions array of permissions * @param string|null $roleid roleid or null if the role does not exist yet */ - public static function saveRole($rolename, $locations, $permissions, $roleid = NULL) { + public static function saveRole($rolename, $locations, $permissions, $roleid = null) + { if ($roleid) { Database::exec("UPDATE role SET rolename = :rolename WHERE roleid = :roleid", - array("rolename" => $rolename, "roleid" => $roleid)); + array("rolename" => $rolename, "roleid" => $roleid)); Database::exec("DELETE FROM role_x_location - WHERE roleid = :roleid AND locationid NOT IN (:locations)", array("roleid" => $roleid, 'locations' => $locations)); + WHERE roleid = :roleid AND locationid NOT IN (:locations)", + array("roleid" => $roleid, 'locations' => $locations)); Database::exec("DELETE FROM role_x_permission - WHERE roleid = :roleid AND permissionid NOT IN (:permissions)", array("roleid" => $roleid, 'permissions' => $permissions)); + WHERE roleid = :roleid AND permissionid NOT IN (:permissions)", + array("roleid" => $roleid, 'permissions' => $permissions)); } else { Database::exec("INSERT INTO role (rolename) VALUES (:rolename)", array("rolename" => $rolename)); $roleid = Database::lastInsertId(); } - $arg = array_map(function($loc) use ($roleid) { + + $arg = array_map(function ($loc) use ($roleid) { return compact('roleid', 'loc'); }, $locations); - Database::exec("INSERT IGNORE INTO role_x_location (roleid, locationid) VALUES :arg", - ['arg' => $arg]); - $arg = array_map(function($perm) use ($roleid) { + Database::exec("INSERT IGNORE INTO role_x_location (roleid, locationid) VALUES :arg", ['arg' => $arg]); + + $arg = array_map(function ($perm) use ($roleid) { return compact('roleid', 'perm'); }, $permissions); - Database::exec("INSERT IGNORE INTO role_x_permission (roleid, permissionid) VALUES :arg", - ['arg' => $arg]); + Database::exec("INSERT IGNORE INTO role_x_permission (roleid, permissionid) VALUES :arg", ['arg' => $arg]); } } diff --git a/modules-available/permissionmanager/inc/permissionutil.inc.php b/modules-available/permissionmanager/inc/permissionutil.inc.php index 6d83ef92..d3948ebd 100644 --- a/modules-available/permissionmanager/inc/permissionutil.inc.php +++ b/modules-available/permissionmanager/inc/permissionutil.inc.php @@ -25,15 +25,15 @@ class PermissionUtil $compare[] = $permission[0]; } for ($i = 1; $i < $partCount; ++$i) { - $compare[$i-1] .= '.*'; + $compare[$i - 1] .= '.*'; for ($j = $i; $j < $partCount; ++$j) { $compare[$j] .= '.' . $permission[$i]; } } $compare[] = '*'; - if ($permission[$partCount-1] === '*') { - $wildcard = substr($compare[$partCount-1], 0, -1); + if ($permission[$partCount - 1] === '*') { + $wildcard = substr($compare[$partCount - 1], 0, -1); $wclen = strlen($wildcard); } else { $wclen = $wildcard = false; @@ -48,7 +48,8 @@ class PermissionUtil * @param int|null $locationid locationid to check or null if the location should be disregarded * @return bool true if user has permission, false if not */ - public static function userHasPermission($userid, $permissionid, $locationid) { + public static function userHasPermission($userid, $permissionid, $locationid) + { self::validatePermission($permissionid); $parts = explode('.', $permissionid); // Limit query to first part of permissionid, which is always the module id @@ -91,7 +92,8 @@ class PermissionUtil * @param string $permissionid permissionid to check * @return array array of locationids where the user has the given permission */ - public static function getAllowedLocations($userid, $permissionid) { + public static function getAllowedLocations($userid, $permissionid) + { self::validatePermission($permissionid); $parts = explode('.', $permissionid); // Limit query to first part of permissionid, which is always the module id @@ -130,7 +132,8 @@ class PermissionUtil * @param array $allowedLocations the array of locationids to extend * @return array extended array of locationids */ - public static function getSublocations($tree, $allowedLocations) { + public static function getSublocations($tree, $allowedLocations) + { $result = $allowedLocations; foreach ($tree as $location) { if (array_key_exists("children", $location)) { @@ -189,7 +192,7 @@ class PermissionUtil $moduleId = $out[1]; if (Module::get($moduleId) === false) continue; - foreach($data as $perm => $permissionFlags) { + foreach ($data as $perm => $permissionFlags) { $description = Dictionary::translateFileModule($moduleId, "permissions", $perm); self::putInPermissionTree($moduleId . "." . $perm, $permissionFlags['location-aware'], $description, $permissions); } diff --git a/modules-available/permissionmanager/page.inc.php b/modules-available/permissionmanager/page.inc.php index 89c72842..1c2d56bf 100644 --- a/modules-available/permissionmanager/page.inc.php +++ b/modules-available/permissionmanager/page.inc.php @@ -95,8 +95,8 @@ class Page_PermissionManager extends Page * * @param array $permissions the permission tree * @param array $selectedPermissions permissions that should be preselected - * @param array $selectAll true if all pemrissions should be preselected, false if only those in $selectedPermissions - * @param array $permString the prefix permission string with which all permissions in the permission tree should start + * @param bool $selectAll true if all permissions should be preselected, false if only those in $selectedPermissions + * @param string $permString the prefix permission string with which all permissions in the permission tree should start * @return string generated html code */ private static function generatePermissionHTML($permissions, $selectedPermissions = array(), $selectAll = false, $permString = "") @@ -142,10 +142,10 @@ class Page_PermissionManager extends Page if ($toplevel) { $res = Render::parse("treepanel", array("id" => "*", - "name" => Dictionary::translateFile("template-tags", "lang_permissions"), - "checkboxname" => "permissions", - "selected" => $selectAll, - "HTML" => $res)); + "name" => Dictionary::translateFile("template-tags", "lang_permissions"), + "checkboxname" => "permissions", + "selected" => $selectAll, + "HTML" => $res)); } return $res; } @@ -162,25 +162,27 @@ class Page_PermissionManager extends Page private static function generateLocationHTML($locations, $selectedLocations = array(), $selectAll = false, $toplevel = true) { $res = ""; - if ($toplevel && in_array(0, $selectedLocations)) $selectAll = true; + if ($toplevel && in_array(0, $selectedLocations)) { + $selectAll = true; + } foreach ($locations as $location) { $selected = $selectAll || in_array($location["locationid"], $selectedLocations); $res .= Render::parse("treenode", - array("id" => $location["locationid"], - "name" => $location["locationname"], - "toplevel" => $toplevel, - "checkboxname" => "locations", - "selected" => $selected, - "HTML" => array_key_exists("children", $location) ? - self::generateLocationHTML($location["children"], $selectedLocations, $selected, false) : "")); + array("id" => $location["locationid"], + "name" => $location["locationname"], + "toplevel" => $toplevel, + "checkboxname" => "locations", + "selected" => $selected, + "HTML" => array_key_exists("children", $location) ? + self::generateLocationHTML($location["children"], $selectedLocations, $selected, false) : "")); } if ($toplevel) { $res = Render::parse("treepanel", array("id" => 0, - "name" => Dictionary::translateFile("template-tags", "lang_locations"), - "checkboxname" => "locations", - "selected" => $selectAll, - "HTML" => $res)); + "name" => Dictionary::translateFile("template-tags", "lang_locations"), + "checkboxname" => "locations", + "selected" => $selectAll, + "HTML" => $res)); } return $res; } @@ -193,12 +195,14 @@ class Page_PermissionManager extends Page */ private static function processLocations($locations) { - if (in_array(0, $locations)) return array(NULL); + if (in_array(0, $locations)) + return array(null); $result = array(); foreach ($locations as $location) { $rootchain = array_reverse(Location::getLocationRootChain($location)); foreach ($rootchain as $l) { - if (in_array($l, $result)) break; + if (in_array($l, $result)) + break; if (in_array($l, $locations)) { $result[] = $l; break; @@ -216,7 +220,8 @@ class Page_PermissionManager extends Page */ private static function processPermissions($permissions) { - if (in_array("*", $permissions)) return array("*"); + if (in_array("*", $permissions)) + return array("*"); $result = array(); foreach ($permissions as $permission) { $x =& $result; @@ -239,10 +244,10 @@ class Page_PermissionManager extends Page foreach ($permissions as $permission => $a) { if (is_array($a)) { if (array_key_exists("*", $a)) { - $result[] = $permission.".*"; + $result[] = $permission . ".*"; } else { foreach (self::extractPermissions($a) as $subPermission) { - $result[] = $permission.".".$subPermission; + $result[] = $permission . "." . $subPermission; } } } else { -- cgit v1.2.3-55-g7522 From 7bde027d280e3e08758d95213559677099cd3819 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Fri, 16 Feb 2018 12:20:25 +0100 Subject: [permissionmanager] Force lowercase permissions, handle locId 0 properly --- .../permissionmanager/inc/permissiondbupdate.inc.php | 4 ++++ .../permissionmanager/inc/permissionutil.inc.php | 13 ++++++++++--- 2 files changed, 14 insertions(+), 3 deletions(-) (limited to 'modules-available/permissionmanager/inc/permissiondbupdate.inc.php') diff --git a/modules-available/permissionmanager/inc/permissiondbupdate.inc.php b/modules-available/permissionmanager/inc/permissiondbupdate.inc.php index f2e7a366..8a67bf24 100644 --- a/modules-available/permissionmanager/inc/permissiondbupdate.inc.php +++ b/modules-available/permissionmanager/inc/permissiondbupdate.inc.php @@ -53,6 +53,10 @@ class PermissionDbUpdate */ public static function saveRole($rolename, $locations, $permissions, $roleid = null) { + foreach ($permissions as &$permission) { + $permission = strtolower($permission); + } + unset($permission); if ($roleid) { Database::exec("UPDATE role SET rolename = :rolename WHERE roleid = :roleid", array("rolename" => $rolename, "roleid" => $roleid)); diff --git a/modules-available/permissionmanager/inc/permissionutil.inc.php b/modules-available/permissionmanager/inc/permissionutil.inc.php index f1385bc2..b4d54055 100644 --- a/modules-available/permissionmanager/inc/permissionutil.inc.php +++ b/modules-available/permissionmanager/inc/permissionutil.inc.php @@ -50,6 +50,7 @@ class PermissionUtil */ public static function userHasPermission($userid, $permissionid, $locationid) { + $permissionid = strtolower($permissionid); self::validatePermission($permissionid); $parts = explode('.', $permissionid); // Limit query to first part of permissionid, which is always the module id @@ -60,9 +61,14 @@ class PermissionUtil WHERE user_x_role.userid = :userid AND (permissionid LIKE :prefix OR permissionid LIKE '*')", compact('userid', 'prefix')); } else { - $locations = Location::getLocationRootChain($locationid); - if (count($locations) == 0) - return false; + if ($locationid === 0) { + $locations = [0]; + } else { + $locations = Location::getLocationRootChain($locationid); + if (empty($locations)) { // Non-existent location, still continue as user might have global perms + $locations = [0]; + } + } $res = Database::simpleQuery("SELECT permissionid FROM role_x_permission INNER JOIN user_x_role USING (roleid) INNER JOIN role_x_location USING (roleid) @@ -94,6 +100,7 @@ class PermissionUtil */ public static function getAllowedLocations($userid, $permissionid) { + $permissionid = strtolower($permissionid); self::validatePermission($permissionid); $parts = explode('.', $permissionid); // Limit query to first part of permissionid, which is always the module id -- cgit v1.2.3-55-g7522 From 7dc7a49e3704b52c4a40909050bf831826b3c41b Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Tue, 20 Feb 2018 15:20:26 +0100 Subject: [permissionmanager] Ensure uniqueness in role_x_location table, consistent table naming, drop unused id field --- .../inc/getpermissiondata.inc.php | 6 ++-- .../inc/permissiondbupdate.inc.php | 22 +++++++------- .../permissionmanager/inc/permissionutil.inc.php | 12 ++++---- .../permissionmanager/install.inc.php | 34 +++++++++++++++++----- 4 files changed, 47 insertions(+), 27 deletions(-) (limited to 'modules-available/permissionmanager/inc/permissiondbupdate.inc.php') diff --git a/modules-available/permissionmanager/inc/getpermissiondata.inc.php b/modules-available/permissionmanager/inc/getpermissiondata.inc.php index 496c8224..fc18de99 100644 --- a/modules-available/permissionmanager/inc/getpermissiondata.inc.php +++ b/modules-available/permissionmanager/inc/getpermissiondata.inc.php @@ -15,8 +15,8 @@ class GetPermissionData { $res = Database::simpleQuery("SELECT user.userid AS userid, user.login AS login, role.rolename AS rolename, role.roleid AS roleid FROM user - LEFT JOIN user_x_role ON user.userid = user_x_role.userid - LEFT JOIN role ON user_x_role.roleid = role.roleid + LEFT JOIN role_x_user ON user.userid = role_x_user.userid + LEFT JOIN role ON role_x_user.roleid = role.roleid "); $userdata = array(); while ($row = $res->fetch(PDO::FETCH_ASSOC)) { @@ -75,7 +75,7 @@ class GetPermissionData $cols = $joins = ''; if ($flags & self::WITH_USER_COUNT) { $cols .= ', Count(DISTINCT rxu.userid) AS users'; - $joins .= ' LEFT JOIN user_x_role rxu ON (r.roleid = rxu.roleid)'; + $joins .= ' LEFT JOIN role_x_user rxu ON (r.roleid = rxu.roleid)'; } if ($flags & self::WITH_LOCATION_COUNT) { $cols .= ', Count(DISTINCT rxl.locationid) AS locations'; diff --git a/modules-available/permissionmanager/inc/permissiondbupdate.inc.php b/modules-available/permissionmanager/inc/permissiondbupdate.inc.php index 8a67bf24..1f56f4ea 100644 --- a/modules-available/permissionmanager/inc/permissiondbupdate.inc.php +++ b/modules-available/permissionmanager/inc/permissiondbupdate.inc.php @@ -4,10 +4,10 @@ class PermissionDbUpdate { /** - * Insert all user/role combinations into the user_x_role table. + * Insert all user/role combinations into the role_x_user table. * - * @param array $users userids - * @param array $roles roleids + * @param int[] $users userids + * @param string[] $roles roleids */ public static function addRoleToUser($users, $roles) { @@ -17,19 +17,19 @@ class PermissionDbUpdate $arg[] = compact('userid', 'roleid'); } } - Database::exec("INSERT IGNORE INTO user_x_role (userid, roleid) VALUES :arg", + Database::exec("INSERT IGNORE INTO role_x_user (userid, roleid) VALUES :arg", ['arg' => $arg]); } /** - * Remove all user/role combinations from the user_x_role table. + * Remove all user/role combinations from the role_x_user table. * - * @param array $users userids - * @param array $roles roleids + * @param int[] $users userids + * @param string[] $roles roleids */ public static function removeRoleFromUser($users, $roles) { - $query = "DELETE FROM user_x_role WHERE userid IN (:users) AND roleid IN (:roles)"; + $query = "DELETE FROM role_x_user WHERE userid IN (:users) AND roleid IN (:roles)"; Database::exec($query, array("users" => $users, "roles" => $roles)); } @@ -47,8 +47,8 @@ class PermissionDbUpdate * Save changes to a role or create a new one. * * @param string $rolename rolename - * @param array $locations array of locations - * @param array $permissions array of permissions + * @param int[] $locations array of locations + * @param string[] $permissions array of permissions * @param string|null $roleid roleid or null if the role does not exist yet */ public static function saveRole($rolename, $locations, $permissions, $roleid = null) @@ -61,7 +61,7 @@ class PermissionDbUpdate Database::exec("UPDATE role SET rolename = :rolename WHERE roleid = :roleid", array("rolename" => $rolename, "roleid" => $roleid)); Database::exec("DELETE FROM role_x_location - WHERE roleid = :roleid AND locationid NOT IN (:locations)", + WHERE roleid = :roleid AND (locationid NOT IN (:locations) OR locationid IS NULL)", array("roleid" => $roleid, 'locations' => $locations)); Database::exec("DELETE FROM role_x_permission WHERE roleid = :roleid AND permissionid NOT IN (:permissions)", diff --git a/modules-available/permissionmanager/inc/permissionutil.inc.php b/modules-available/permissionmanager/inc/permissionutil.inc.php index bc42c5a0..29663ed9 100644 --- a/modules-available/permissionmanager/inc/permissionutil.inc.php +++ b/modules-available/permissionmanager/inc/permissionutil.inc.php @@ -60,8 +60,8 @@ class PermissionUtil $prefix = $parts[0] . '.%'; if (is_null($locationid)) { $res = Database::simpleQuery("SELECT permissionid FROM role_x_permission - INNER JOIN user_x_role USING (roleid) - WHERE user_x_role.userid = :userid AND (permissionid LIKE :prefix OR permissionid LIKE '*')", + INNER JOIN role_x_user USING (roleid) + WHERE role_x_user.userid = :userid AND (permissionid LIKE :prefix OR permissionid LIKE '*')", compact('userid', 'prefix')); } else { if ($locationid === 0) { @@ -73,9 +73,9 @@ class PermissionUtil } } $res = Database::simpleQuery("SELECT permissionid FROM role_x_permission - INNER JOIN user_x_role USING (roleid) + INNER JOIN role_x_user USING (roleid) INNER JOIN role_x_location USING (roleid) - WHERE user_x_role.userid = :userid AND (permissionid LIKE :prefix OR permissionid LIKE '*') + WHERE role_x_user.userid = :userid AND (permissionid LIKE :prefix OR permissionid LIKE '*') AND (locationid IN (:locations) OR locationid IS NULL)", compact('userid', 'prefix', 'locations')); } @@ -113,9 +113,9 @@ class PermissionUtil // Limit query to first part of permissionid, which is always the module id $prefix = $parts[0] . '.%'; $res = Database::simpleQuery("SELECT permissionid, locationid FROM role_x_permission - INNER JOIN user_x_role USING (roleid) + INNER JOIN role_x_user USING (roleid) INNER JOIN role_x_location USING (roleid) - WHERE user_x_role.userid = :userid AND (permissionid LIKE :prefix OR permissionid LIKE '*')", + WHERE role_x_user.userid = :userid AND (permissionid LIKE :prefix OR permissionid LIKE '*')", compact('userid', 'prefix')); // Gather locationid from relevant rows diff --git a/modules-available/permissionmanager/install.inc.php b/modules-available/permissionmanager/install.inc.php index 71ee7a1e..afa5dd7e 100644 --- a/modules-available/permissionmanager/install.inc.php +++ b/modules-available/permissionmanager/install.inc.php @@ -8,17 +8,23 @@ $res[] = tableCreate('role', " PRIMARY KEY (roleid) "); -$res[] = tableCreate('user_x_role', " +if (tableExists('user_x_role')) { + if (tableExists('role_x_user')) { + Database::exec('DROP TABLE user_x_role'); + } else { + $res[] = tableRename('user_x_role', 'role_x_user'); + } +} +$res[] = tableCreate('role_x_user', " userid int(10) unsigned NOT NULL, roleid int(10) unsigned NOT NULL, PRIMARY KEY (userid, roleid) "); $res[] = tableCreate('role_x_location', " - id int(10) unsigned NOT NULL AUTO_INCREMENT, roleid int(10) unsigned NOT NULL, locationid int(11), - PRIMARY KEY (id) + CONSTRAINT role_loc UNIQUE (roleid, locationid) "); $res[] = tableCreate('role_x_permission', " @@ -27,24 +33,38 @@ $res[] = tableCreate('role_x_permission', " PRIMARY KEY (roleid, permissionid) "); +if (tableHasColumn('role_x_location', 'id')) { + $cnt = Database::exec('DELETE a FROM role_x_location a, role_x_location b + WHERE a.roleid = b.roleid AND (a.locationid = b.locationid OR (a.locationid IS NULL AND b.locationid IS NULL)) + AND a.id > b.id'); + $ret = Database::exec('ALTER TABLE role_x_location DROP COLUMN id, + ADD CONSTRAINT role_loc UNIQUE (roleid, locationid)'); + if ($ret === false) { + $res[] = UPDATE_NOOP; + } else { + $res[] = UPDATE_DONE; + } + +} + if (!tableExists('user') || !tableExists('location')) { finalResponse(UPDATE_RETRY, 'Cannot add constraint yet. Please retry.'); } else { - $c = tableGetContraints('user_x_role', 'userid', 'user', 'userid'); + $c = tableGetContraints('role_x_user', 'userid', 'user', 'userid'); if ($c === false) finalResponse(UPDATE_FAILED, 'Cannot get constraints of user table: ' . Database::lastError()); if (empty($c)) { - $alter = Database::exec('ALTER TABLE user_x_role ADD FOREIGN KEY (userid) REFERENCES user (userid) ON DELETE CASCADE ON UPDATE CASCADE'); + $alter = Database::exec('ALTER TABLE role_x_user ADD FOREIGN KEY (userid) REFERENCES user (userid) ON DELETE CASCADE ON UPDATE CASCADE'); if ($alter === false) finalResponse(UPDATE_FAILED, 'Cannot add userid constraint referencing user table: ' . Database::lastError()); $res[] = UPDATE_DONE; } - $c = tableGetContraints('user_x_role', 'roleid', 'role', 'roleid'); + $c = tableGetContraints('role_x_user', 'roleid', 'role', 'roleid'); if ($c === false) finalResponse(UPDATE_FAILED, 'Cannot get constraints of role table: ' . Database::lastError()); if (empty($c)) { - $alter = Database::exec('ALTER TABLE user_x_role ADD FOREIGN KEY (roleid) REFERENCES role (roleid) ON DELETE CASCADE ON UPDATE CASCADE'); + $alter = Database::exec('ALTER TABLE role_x_user ADD FOREIGN KEY (roleid) REFERENCES role (roleid) ON DELETE CASCADE ON UPDATE CASCADE'); if ($alter === false) finalResponse(UPDATE_FAILED, 'Cannot add roleid constraint referencing role table: ' . Database::lastError()); $res[] = UPDATE_DONE; -- cgit v1.2.3-55-g7522 From 00851bd25e57938a79356d2efb36c2bea1697760 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Fri, 23 Feb 2018 18:41:49 +0100 Subject: [adduser] Support setting user's roles on add/edit --- modules-available/adduser/page.inc.php | 33 ++++++ .../adduser/templates/page-adduser.html | 74 +++++++------ .../adduser/templates/page-edituser.html | 120 ++++++++++----------- .../adduser/templates/user-permissions.html | 24 +++++ .../inc/permissiondbupdate.inc.php | 28 ++++- .../permissionmanager/inc/permissionutil.inc.php | 23 ++++ 6 files changed, 198 insertions(+), 104 deletions(-) create mode 100644 modules-available/adduser/templates/user-permissions.html (limited to 'modules-available/permissionmanager/inc/permissiondbupdate.inc.php') diff --git a/modules-available/adduser/page.inc.php b/modules-available/adduser/page.inc.php index a4edcf59..d1615828 100644 --- a/modules-available/adduser/page.inc.php +++ b/modules-available/adduser/page.inc.php @@ -61,6 +61,7 @@ class Page_AddUser extends Page EventLog::info(User::getName() . ' created user ' . $login); } Message::addInfo('adduser-success'); + $this->saveRoles($id); return; } } @@ -113,6 +114,7 @@ class Page_AddUser extends Page Database::exec('UPDATE user SET passwd = :pass WHERE userid = :userid', $data); Message::addSuccess('password-changed'); } + $this->saveRoles($userid); } } Util::redirect('?do=adduser&show=edituser&userid=' . $userid); @@ -141,6 +143,19 @@ class Page_AddUser extends Page Message::addSuccess('user-deleted', $userid); } + private function saveRoles($userid) + { + if (!Module::isAvailable('permissionmanager')) + return; + if (!User::hasPermission('.permissionmanager.users.edit-roles')) + return; + $roles = Request::post('roles', [], 'array'); + $ret = PermissionDbUpdate::setRolesForUser([$userid], $roles); + if ($ret > 0) { + Message::addSuccess('roles-updated'); + } + } + protected function doRender() { Render::addTemplate('header'); @@ -151,7 +166,12 @@ class Page_AddUser extends Page if ($hasUsers) { User::assertPermission('user.add'); } + Render::openTag('form', ['class' => 'form-adduser', 'action' => '?do=adduser', 'method' => 'post']); Render::addTemplate('page-adduser'); + if ($hasUsers) { + $this->showPermissions(); + } + Render::closeTag('form'); } elseif ($show === 'edituser') { User::assertPermission('user.edit'); $userid = Request::get('userid', false, 'int'); @@ -165,7 +185,10 @@ class Page_AddUser extends Page Message::addError('user-not-found', $userid); } else { // TODO: LDAP -> disallow pw change, maybe other fields too? + Render::openTag('form', ['class' => 'form-adduser', 'action' => '?do=adduser', 'method' => 'post']); Render::addTemplate('page-edituser', $user); + $this->showPermissions($userid); + Render::closeTag('form'); } } elseif ($show === 'list') { User::assertPermission('list.view'); @@ -181,4 +204,14 @@ class Page_AddUser extends Page } } + private function showPermissions($userid = false) + { + if (!Module::isAvailable('permissionmanager')) + return; + if (!User::hasPermission('.permissionmanager.users.edit-roles')) + return; + $data = ['roles' => PermissionUtil::getRoles($userid, false)]; + Render::addTemplate('user-permissions', $data); + } + } diff --git a/modules-available/adduser/templates/page-adduser.html b/modules-available/adduser/templates/page-adduser.html index 58d705f8..bd16dbbf 100644 --- a/modules-available/adduser/templates/page-adduser.html +++ b/modules-available/adduser/templates/page-adduser.html @@ -1,39 +1,37 @@ -