From d033483d3ed9e05f1109a3713ec6a3df883a1dae Mon Sep 17 00:00:00 2001
From: Udo Walter
Date: Fri, 7 Apr 2017 15:49:54 +0200
Subject: [permission-manager] renamed some files, moved html generation to
 templates, using bind variables in mysql code, changed order of modules in
 role editor

---
 .../permissionmanager/inc/dbupdate.inc.php         | 54 ------------
 .../permissionmanager/inc/getdata.inc.php          | 97 ----------------------
 .../inc/getpermissiondata.inc.php                  | 97 ++++++++++++++++++++++
 .../inc/permissiondbupdate.inc.php                 | 57 +++++++++++++
 .../permissionmanager/inc/permissionutil.inc.php   | 10 ++-
 5 files changed, 163 insertions(+), 152 deletions(-)
 delete mode 100644 modules-available/permissionmanager/inc/dbupdate.inc.php
 delete mode 100644 modules-available/permissionmanager/inc/getdata.inc.php
 create mode 100644 modules-available/permissionmanager/inc/getpermissiondata.inc.php
 create mode 100644 modules-available/permissionmanager/inc/permissiondbupdate.inc.php

(limited to 'modules-available/permissionmanager/inc')

diff --git a/modules-available/permissionmanager/inc/dbupdate.inc.php b/modules-available/permissionmanager/inc/dbupdate.inc.php
deleted file mode 100644
index 1101e4f7..00000000
--- a/modules-available/permissionmanager/inc/dbupdate.inc.php
+++ /dev/null
@@ -1,54 +0,0 @@
-<?php
-
-class DbUpdate {
-
-	// insert new userXrole to database. "ignore" to ignore duplicate entry try
-	public static function addRoleToUser($users, $roles) {
-		foreach($users AS $user) {
-			foreach ($roles AS $role) {
-				$query = "INSERT IGNORE INTO userXrole (userid, roleid) VALUES ($user, $role)";
-				Database::exec($query);
-			}
-		}
-	}
-
-	// remove userXrole entry from database
-	public static function removeRoleFromUser($users, $roles) {
-		foreach($users AS $user) {
-			foreach ($roles AS $role) {
-				$query = "DELETE FROM userXrole WHERE userid = $user AND roleid = $role";
-				Database::exec($query);
-			}
-		}
-	}
-
-	// delete role, delete userXrole relationships, delete roleXlocation relationships, delete roleXpermission relationships
-	public static function deleteRole($id) {
-		$query = "DELETE FROM role WHERE id = $id";
-		Database::exec($query);
-		$query = "DELETE FROM userXrole WHERE roleid = $id";
-		Database::exec($query);
-		$query = "DELETE FROM roleXlocation WHERE roleid = $id";
-		Database::exec($query);
-		$query = "DELETE FROM roleXpermission WHERE roleid = $id";
-		Database::exec($query);
-	}
-
-	public static function saveRole($roleName, $locations, $permissions, $role = NULL) {
-		if ($role) {
-			Database::exec("UPDATE role SET name = '$roleName' WHERE id = $role");
-			Database::exec("DELETE FROM roleXlocation WHERE roleid = $role");
-			Database::exec("DELETE FROM roleXpermission WHERE roleid = $role");
-		} else {
-			Database::exec("INSERT INTO role (name) VALUES ('$roleName')");
-			$role = Database::lastInsertId();
-		}
-		foreach ($locations as $locID) {
-			Database::exec("INSERT INTO roleXlocation (roleid, locid) VALUES ($role, $locID)");
-		}
-		foreach ($permissions as $permission) {
-			Database::exec("INSERT INTO roleXpermission (roleid, permissionid) VALUES ($role, '$permission')");
-		}
-	}
-
-}
diff --git a/modules-available/permissionmanager/inc/getdata.inc.php b/modules-available/permissionmanager/inc/getdata.inc.php
deleted file mode 100644
index caa50215..00000000
--- a/modules-available/permissionmanager/inc/getdata.inc.php
+++ /dev/null
@@ -1,97 +0,0 @@
-<?php
-
-class GetData {
-
-	// get UserIDs, User Login Names, User Roles
-	public static function getUserData() {
-		$res = self::queryUserData();
-		$data = array();
-		while ($row = $res->fetch(PDO::FETCH_ASSOC)) {
-			$data[] = array(
-				'userid' => $row['userid'],
-				'name' => $row['login'],
-				'role' => explode(",",$row['role'])
-			);
-		}
-		return $data;
-	}
-
-	// get LocationIDs, Location Names, Roles of each Location
-	public static function getLocationData() {
-		$res = self::queryLocationData();
-		$data = array();
-		while ($row = $res->fetch(PDO::FETCH_ASSOC)) {
-			$data[] = array(
-				'locid' => $row['locid'],
-				'name' => $row['locname'],
-				'role' => explode(",",$row['role'])
-			);
-		}
-		return $data;
-	}
-
-	// get all roles from database (id and name)
-	public static function getRoles() {
-		$res = Database::simpleQuery("SELECT id, name FROM role ORDER BY name ASC");
-		$data = array();
-		while ($row = $res->fetch(PDO::FETCH_ASSOC)) {
-			$data[] = array(
-				'roleId' => $row['id'],
-				'roleName' => $row['name']
-			);
-		}
-		return $data;
-	}
-
-	public static function getLocations($selected) {
-		$res = Database::simplequery("SELECT locationid, locationname FROM location");
-		$data = array();
-		while ($row = $res->fetch(PDO::FETCH_ASSOC)) {
-			$data[] = array('locid' => $row['locationid'], 'locName' => $row['locationname'],
-				'selected' => in_array($row['locationid'], $selected) ? "selected" : "");
-		}
-		return $data;
-	}
-
-	public static function getRoleData($roleID) {
-		$query = "SELECT id, name FROM role WHERE id = $roleID";
-		$data = Database::queryFirst($query);
-		$query = "SELECT roleid, locid FROM roleXlocation WHERE roleid = $roleID";
-		$res = Database::simpleQuery($query);
-		$data["locations"] = array();
-		while ($row = $res->fetch(PDO::FETCH_ASSOC)) {
-			$data["locations"][] = $row['locid'];
-		}
-		$query = "SELECT roleid, permissionid FROM roleXpermission WHERE roleid = $roleID";
-		$res = Database::simpleQuery($query);
-		$data["permissions"] = array();
-		while ($row = $res->fetch(PDO::FETCH_ASSOC)) {
-			$data["permissions"][] = $row['permissionid'];
-		}
-		return $data;
-	}
-
-	// UserID, User Login Name, Roles of each User
-	private static function queryUserData() {
-		$res = Database::simpleQuery("SELECT user.userid AS userid, user.login AS login, GROUP_CONCAT(role.name ORDER BY role.name ASC) AS role
-												FROM user
-													LEFT JOIN userXrole ON user.userid = userXrole.userid
-													LEFT JOIN role ON userXrole.roleid = role.id
-												GROUP BY user.userid
-												");
-		return $res;
-	}
-
-	// LocationID, Location Name, Roles of each Location
-	private static function queryLocationData() {
-		$res = Database::simpleQuery("SELECT location.locationid AS locid, location.locationname AS locname, GROUP_CONCAT(role.name ORDER BY role.name ASC) AS role
-												FROM location
-													LEFT JOIN roleXlocation ON location.locationid = roleXlocation.locid
-													LEFT JOIN role ON roleXlocation.roleid = role.id
-												GROUP BY location.locationid
-												ORDER BY location.locationname
-												");
-		return $res;
-	}
-
-}
\ No newline at end of file
diff --git a/modules-available/permissionmanager/inc/getpermissiondata.inc.php b/modules-available/permissionmanager/inc/getpermissiondata.inc.php
new file mode 100644
index 00000000..be7ddb1c
--- /dev/null
+++ b/modules-available/permissionmanager/inc/getpermissiondata.inc.php
@@ -0,0 +1,97 @@
+<?php
+
+class GetPermissionData {
+
+	// get UserIDs, User Login Names, User Roles
+	public static function getUserData() {
+		$res = self::queryUserData();
+		$data = array();
+		while ($row = $res->fetch(PDO::FETCH_ASSOC)) {
+			$data[] = array(
+				'userid' => $row['userid'],
+				'name' => $row['login'],
+				'role' => explode(",",$row['role'])
+			);
+		}
+		return $data;
+	}
+
+	// get LocationIDs, Location Names, Roles of each Location
+	public static function getLocationData() {
+		$res = self::queryLocationData();
+		$data = array();
+		while ($row = $res->fetch(PDO::FETCH_ASSOC)) {
+			$data[] = array(
+				'locid' => $row['locid'],
+				'name' => $row['locname'],
+				'role' => explode(",",$row['role'])
+			);
+		}
+		return $data;
+	}
+
+	// get all roles from database (id and name)
+	public static function getRoles() {
+		$res = Database::simpleQuery("SELECT id, name FROM role ORDER BY name ASC");
+		$data = array();
+		while ($row = $res->fetch(PDO::FETCH_ASSOC)) {
+			$data[] = array(
+				'roleId' => $row['id'],
+				'roleName' => $row['name']
+			);
+		}
+		return $data;
+	}
+
+	public static function getLocations($selected) {
+		$res = Database::simplequery("SELECT locationid, locationname FROM location");
+		$data = array();
+		while ($row = $res->fetch(PDO::FETCH_ASSOC)) {
+			$data[] = array('locid' => $row['locationid'], 'locName' => $row['locationname'],
+				'selected' => in_array($row['locationid'], $selected) ? "selected" : "");
+		}
+		return $data;
+	}
+
+	public static function getRoleData($roleId) {
+		$query = "SELECT id, name FROM role WHERE id = :roleId";
+		$data = Database::queryFirst($query, array("roleId" => $roleId));
+		$query = "SELECT roleid, locid FROM role_x_location WHERE roleid = :roleId";
+		$res = Database::simpleQuery($query, array("roleId" => $roleId));
+		$data["locations"] = array();
+		while ($row = $res->fetch(PDO::FETCH_ASSOC)) {
+			$data["locations"][] = $row['locid'];
+		}
+		$query = "SELECT roleid, permissionid FROM role_x_permission WHERE roleid = :roleId";
+		$res = Database::simpleQuery($query, array("roleId" => $roleId));
+		$data["permissions"] = array();
+		while ($row = $res->fetch(PDO::FETCH_ASSOC)) {
+			$data["permissions"][] = $row['permissionid'];
+		}
+		return $data;
+	}
+
+	// UserID, User Login Name, Roles of each User
+	private static function queryUserData() {
+		$res = Database::simpleQuery("SELECT user.userid AS userid, user.login AS login, GROUP_CONCAT(role.name ORDER BY role.name ASC) AS role
+												FROM user
+													LEFT JOIN user_x_role ON user.userid = user_x_role.userid
+													LEFT JOIN role ON user_x_role.roleid = role.id
+												GROUP BY user.userid
+												");
+		return $res;
+	}
+
+	// LocationID, Location Name, Roles of each Location
+	private static function queryLocationData() {
+		$res = Database::simpleQuery("SELECT location.locationid AS locid, location.locationname AS locname, GROUP_CONCAT(role.name ORDER BY role.name ASC) AS role
+												FROM location
+													LEFT JOIN role_x_location ON location.locationid = role_x_location.locid
+													LEFT JOIN role ON role_x_location.roleid = role.id
+												GROUP BY location.locationid
+												ORDER BY location.locationname
+												");
+		return $res;
+	}
+
+}
\ No newline at end of file
diff --git a/modules-available/permissionmanager/inc/permissiondbupdate.inc.php b/modules-available/permissionmanager/inc/permissiondbupdate.inc.php
new file mode 100644
index 00000000..87c989fa
--- /dev/null
+++ b/modules-available/permissionmanager/inc/permissiondbupdate.inc.php
@@ -0,0 +1,57 @@
+<?php
+
+class PermissionDbUpdate {
+
+	// insert new user_x_role to database. "ignore" to ignore duplicate entry try
+	public static function addRoleToUser($users, $roles) {
+		foreach($users AS $user) {
+			foreach ($roles AS $role) {
+				$query = "INSERT IGNORE INTO user_x_role (userid, roleid) VALUES (:user, :role)";
+				Database::exec($query, array("user" => $user, "role" => $role));
+			}
+		}
+	}
+
+	// remove user_x_role entry from database
+	public static function removeRoleFromUser($users, $roles) {
+		foreach($users AS $user) {
+			foreach ($roles AS $role) {
+				$query = "DELETE FROM user_x_role WHERE userid = :user AND roleid = :role";
+				Database::exec($query, array("user" => $user, "role" => $role));
+			}
+		}
+	}
+
+	// delete role, delete user_x_role relationships, delete role_x_location relationships, delete role_x_permission relationships
+	public static function deleteRole($id) {
+		$query = "DELETE FROM role WHERE id = :id";
+		Database::exec($query, array("id" => $id));
+		$query = "DELETE FROM user_x_role WHERE roleid = :id";
+		Database::exec($query, array("id" => $id));
+		$query = "DELETE FROM role_x_location WHERE roleid = :id";
+		Database::exec($query, array("id" => $id));
+		$query = "DELETE FROM role_x_permission WHERE roleid = :id";
+		Database::exec($query, array("id" => $id));
+	}
+
+	public static function saveRole($roleName, $locations, $permissions, $role = NULL) {
+		if ($role) {
+			Database::exec("UPDATE role SET name = :roleName WHERE id = :role",
+									array("roleName" => $roleName, "role" => $role));
+			Database::exec("DELETE FROM role_x_location WHERE roleid = :role", array("role" => $role));
+			Database::exec("DELETE FROM role_x_permission WHERE roleid = :role", array("role" => $role));
+		} else {
+			Database::exec("INSERT INTO role (name) VALUES (:roleName)", array("roleName" => $roleName));
+			$role = Database::lastInsertId();
+		}
+		foreach ($locations as $locID) {
+			Database::exec("INSERT INTO role_x_location (roleid, locid) VALUES (:role, :locid)",
+									array("role" => $role, "locid" => $locID));
+		}
+		foreach ($permissions as $permission) {
+			Database::exec("INSERT INTO role_x_permission (roleid, permissionid) VALUES (:role, :permission)",
+											array("role" => $role, "permission" => $permission));
+		}
+	}
+
+}
diff --git a/modules-available/permissionmanager/inc/permissionutil.inc.php b/modules-available/permissionmanager/inc/permissionutil.inc.php
index 10f2a61a..d6adf2bf 100644
--- a/modules-available/permissionmanager/inc/permissionutil.inc.php
+++ b/modules-available/permissionmanager/inc/permissionutil.inc.php
@@ -16,10 +16,18 @@ class PermissionUtil
 				$permissions = self::putInPermissionTree($out[1].".".$k, $v, $permissions);
 			}
 		}
+		ksort($permissions);
+		global $MENU_CAT_OVERRIDE;
+		$sortingOrder = $MENU_CAT_OVERRIDE;
+		foreach ($permissions as $module => $v) $sortingOrder[Module::get($module)->getCategory()][] = $module;
+		$permissions = array_replace(array_flip(call_user_func_array('array_merge', $sortingOrder)), $permissions);
+		foreach ($permissions as $module => $v) if (is_int($v)) unset($permissions[$module]);
+
+
 		return $permissions;
 	}
 
-	private function putInPermissionTree($permission, $description, $tree)
+	private static function putInPermissionTree($permission, $description, $tree)
 	{
 		$subPermissions = explode('.', $permission);
 		$original =& $tree;
-- 
cgit v1.2.3-55-g7522