diff --git a/Admin/Install/Navigation.install.json b/Admin/Install/Navigation.install.json index 5395382..a4d0e1e 100755 --- a/Admin/Install/Navigation.install.json +++ b/Admin/Install/Navigation.install.json @@ -10,7 +10,7 @@ "icon": "fa fa-lock", "order": 1, "from": "Admin", - "permission": { "permission": 2, "type": null, "element": null }, + "permission": { "permission": 2, "category": null, "element": null }, "parent": 0, "children": [ { @@ -24,7 +24,7 @@ "icon": null, "order": 2, "from": "Admin", - "permission": { "permission": 2, "type": null, "element": null }, + "permission": { "permission": 2, "category": null, "element": null }, "parent": 1000101001, "children": [ { @@ -38,7 +38,7 @@ "icon": null, "order": 1, "from": "Admin", - "permission": { "permission": 2, "type": null, "element": null }, + "permission": { "permission": 2, "category": null, "element": null }, "parent": 1000103001, "children": [] }, @@ -53,7 +53,7 @@ "icon": null, "order": 5, "from": "Admin", - "permission": { "permission": 4, "type": null, "element": null }, + "permission": { "permission": 4, "category": null, "element": null }, "parent": 1000103001, "children": [] } @@ -70,7 +70,7 @@ "icon": null, "order": 4, "from": "Admin", - "permission": { "permission": 2, "type": null, "element": null }, + "permission": { "permission": 2, "category": null, "element": null }, "parent": 1000101001, "children": [ { @@ -84,7 +84,7 @@ "icon": null, "order": 1, "from": "Admin", - "permission": { "permission": 2, "type": null, "element": null }, + "permission": { "permission": 2, "category": null, "element": null }, "parent": 1000104001, "children": [] }, @@ -99,7 +99,7 @@ "icon": null, "order": 5, "from": "Admin", - "permission": { "permission": 4, "type": null, "element": null }, + "permission": { "permission": 4, "category": null, "element": null }, "parent": 1000104001, "children": [] } @@ -116,7 +116,7 @@ "icon": null, "order": 5, "from": "Admin", - "permission": { "permission": 2, "type": null, "element": null }, + "permission": { "permission": 2, "category": null, "element": null }, "parent": 1000101001, "children": [ { @@ -130,7 +130,7 @@ "icon": null, "order": 1, "from": "Admin", - "permission": { "permission": 2, "type": null, "element": null }, + "permission": { "permission": 2, "category": null, "element": null }, "parent": 1000105001, "children": [] }, @@ -145,7 +145,7 @@ "icon": null, "order": 5, "from": "Admin", - "permission": { "permission": 2, "type": null, "element": null }, + "permission": { "permission": 2, "category": null, "element": null }, "parent": 1000105001, "children": [] }, @@ -160,7 +160,7 @@ "icon": null, "order": 15, "from": "Admin", - "permission": { "permission": 2, "type": null, "element": null }, + "permission": { "permission": 2, "category": null, "element": null }, "parent": 1000105001, "children": [] }, @@ -175,7 +175,7 @@ "icon": null, "order": 15, "from": "Admin", - "permission": { "permission": 2, "type": null, "element": null }, + "permission": { "permission": 2, "category": null, "element": null }, "parent": 1000105001, "children": [] }, @@ -190,7 +190,7 @@ "icon": null, "order": 20, "from": "Admin", - "permission": { "permission": 2, "type": null, "element": null }, + "permission": { "permission": 2, "category": null, "element": null }, "parent": 1000105001, "children": [] } diff --git a/Admin/Installer.php b/Admin/Installer.php index c04a373..8ebba00 100755 --- a/Admin/Installer.php +++ b/Admin/Installer.php @@ -101,18 +101,19 @@ final class Installer extends InstallerAbstract SettingMapper::create()->execute(new Setting(0, SettingsEnum::MAIL_SERVER_KEYPASS, '', module: 'Admin')); SettingMapper::create()->execute(new Setting(0, SettingsEnum::MAIL_SERVER_TLS, (string) false, module: 'Admin')); + $cmdResult = \shell_exec( + (OperatingSystem::getSystem() === SystemType::WIN + ? 'php.exe' + : 'php' + ) .' cli.php -v' + ); + $cmdResult = $cmdResult === null || $cmdResult === false ? '' : $cmdResult; + SettingMapper::create()->execute( new Setting( 0, SettingsEnum::CLI_ACTIVE, - (string) ( - \stripos(\shell_exec( - (OperatingSystem::getSystem() === SystemType::WIN - ? 'php.exe' - : 'php' - ) .' cli.php -v' - ), 'Version:') !== false - ) + (string) (\stripos($cmdResult, 'Version:') !== false) ) ); diff --git a/Controller/ApiController.php b/Controller/ApiController.php index ea0f244..3de3898 100755 --- a/Controller/ApiController.php +++ b/Controller/ApiController.php @@ -1978,7 +1978,7 @@ final class ApiController extends Controller /** * Api method to make a call to the cli app * - * @param mixed $data Generic data + * @param mixed ...$data Generic data * * @return void * @@ -1993,13 +1993,23 @@ final class ApiController extends Controller if ($cliEventHandling) { $count = \count($data); + $cliPath = \realpath(__DIR__ . '/../../../cli.php'); + if ($cliPath === false) { + return; + } + + $jsonData = \json_encode($data); + if ($jsonData === false) { + $jsonData = '{}'; + } + SystemUtils::runProc( OperatingSystem::getSystem() === SystemType::WIN ? 'php.exe' : 'php', - \escapeshellarg(\realpath(__DIR__ . '/../../../cli.php')) . ' ' - . 'post:/admin/event' . ' ' - . '-g ' . \escapeshellarg($data[$count - 2]) . ' ' - . '-i ' . \escapeshellarg($data[$count - 1]) . ' ' - . '-d ' . \escapeshellarg(\json_encode($data)), + \escapeshellarg($cliPath) + . ' post:/admin/event ' + . '-g ' . \escapeshellarg($data[$count - 2] ?? '') . ' ' + . '-i ' . \escapeshellarg($data[$count - 1] ?? '') . ' ' + . '-d ' . \escapeshellarg($jsonData), true ); } else { diff --git a/Controller/BackendController.php b/Controller/BackendController.php index 02ac033..57774c6 100755 --- a/Controller/BackendController.php +++ b/Controller/BackendController.php @@ -423,7 +423,11 @@ final class BackendController extends Controller $appPath = __DIR__ . '/../../../Web'; $activeRoutes = []; - $apps = \scandir($appPath); + + $apps = \scandir($appPath); + if ($apps === false) { + $apps = []; + } foreach ($apps as $app) { if (!\is_file(__DIR__ . '/../../../Web/' . $app . '/Routes.php')) { diff --git a/Models/AccountPermission.php b/Models/AccountPermission.php index 1eee494..158d784 100755 --- a/Models/AccountPermission.php +++ b/Models/AccountPermission.php @@ -45,7 +45,7 @@ class AccountPermission extends PermissionAbstract * @param null|string $app App App to check (null if all are acceptable) * @param null|string $module Module to check (null if all are acceptable) * @param null|string $from Module providing this permission - * @param null|int $category Category (e.g. customer) (null if all are acceptable) + * @param null|int $category Category (e.g. customer) (null if all are acceptable) * @param null|int $element (e.g. customer id) (null if all are acceptable) * @param null|int $component (e.g. address) (null if all are acceptable) * @param int $permission Permission to check diff --git a/Models/GroupPermission.php b/Models/GroupPermission.php index 7f77b76..c301c62 100755 --- a/Models/GroupPermission.php +++ b/Models/GroupPermission.php @@ -45,7 +45,7 @@ class GroupPermission extends PermissionAbstract * @param null|string $app App App to check (null if all are acceptable) * @param null|string $module Module to check (null if all are acceptable) * @param null|string $from Module providing this permission - * @param null|int $category Category (e.g. customer) (null if all are acceptable) + * @param null|int $category Category (e.g. customer) (null if all are acceptable) * @param null|int $element (e.g. customer id) (null if all are acceptable) * @param null|int $component (e.g. address) (null if all are acceptable) * @param int $permission Permission to check diff --git a/Models/PermissionAbstractMapper.php b/Models/PermissionAbstractMapper.php index 7a50c6a..5b291aa 100644 --- a/Models/PermissionAbstractMapper.php +++ b/Models/PermissionAbstractMapper.php @@ -29,7 +29,6 @@ final class PermissionAbstractMapper extends DataMapperFactory { public static function helper(ConnectionAbstract $connection) : PermissionQueryBuilder { - return new PermissionQueryBuilder($connection); } } diff --git a/Models/PermissionQueryBuilder.php b/Models/PermissionQueryBuilder.php index ec35c3b..4eb774b 100644 --- a/Models/PermissionQueryBuilder.php +++ b/Models/PermissionQueryBuilder.php @@ -14,12 +14,13 @@ declare(strict_types=1); namespace Modules\Admin\Models; +use phpOMS\Account\PermissionType; use phpOMS\DataStorage\Database\Connection\ConnectionAbstract; use phpOMS\DataStorage\Database\Query\Builder; use phpOMS\DataStorage\Database\Query\Where; /** - * Mapper class. + * Query builder for selects which immediately check if a user/group has the appropriate permissions * * @package Modules\Admin\Models * @license OMS License 1.0 @@ -28,27 +29,90 @@ use phpOMS\DataStorage\Database\Query\Where; */ final class PermissionQueryBuilder { + /** + * Database connection + * + * @var ConnectionAbstract + * @since 1.0.0 + */ private ConnectionAbstract $connection; + /** + * Group ids. + * + * @var array + * @since 1.0.0 + */ private array $groups = []; + /** + * Account id. + * + * @var int + */ private int $account = 0; + /** + * Unit ids. + * + * @var array + * @since 1.0.0 + */ private array $units = [null]; + /** + * Ap ids. + * + * @var array + * @since 1.0.0 + */ private array $apps = [null]; + /** + * Module names. + * + * @var array + * @since 1.0.0 + */ private array $modules = [null]; + /** + * Category ids. + * + * @var array + * @since 1.0.0 + */ private array $categories = [null]; + /** + * Permission flag + * + * @var int + * @since 1.0.0 + */ private int $permission = 0; + /** + * Constructor. + * + * @param ConnectionAbstract $connection Database connection + * + * @since 1.0.0 + */ public function __construct(ConnectionAbstract $connection) { $this->connection = $connection; } + /** + * Set group ids + * + * @param array $groups Group ids + * + * @return self + * + * @since 1.0.0 + */ public function groups(array $groups) : self { @@ -57,6 +121,15 @@ final class PermissionQueryBuilder return $this; } + /** + * Set account id + * + * @param int $account Account id + * + * @return self + * + * @since 1.0.0 + */ public function account(int $account) : self { $this->account = $account; @@ -64,6 +137,15 @@ final class PermissionQueryBuilder return $this; } + /** + * Set unit ids + * + * @param array $units Unit ids + * + * @return self + * + * @since 1.0.0 + */ public function units(array $units) : self { $this->units = $units; @@ -71,6 +153,15 @@ final class PermissionQueryBuilder return $this; } + /** + * Set app ids + * + * @param array $apps App ids + * + * @return self + * + * @since 1.0.0 + */ public function apps(array $apps) : self { $this->apps = $apps; @@ -78,6 +169,15 @@ final class PermissionQueryBuilder return $this; } + /** + * Set category ids + * + * @param array $categories Category ids + * + * @return self + * + * @since 1.0.0 + */ public function categories(array $categories) : self { $this->categories = $categories; @@ -85,6 +185,15 @@ final class PermissionQueryBuilder return $this; } + /** + * Set module ids + * + * @param array $modules Module ids + * + * @return self + * + * @since 1.0.0 + */ public function modules(array $modules) : self { $this->modules = $modules; @@ -92,6 +201,16 @@ final class PermissionQueryBuilder return $this; } + /** + * Set permission flags + * + * + * @param int $permission Permission flags + * + * @return self + * + * @since 1.0.0 + */ public function permission(int $permission) : self { $this->permission = $permission; @@ -99,10 +218,29 @@ final class PermissionQueryBuilder return $this; } + /** + * Create permission sub query for + * + * The sub query checks permissons only for specific models/db entries. + * More general permissions for an entier module etc. are handled differently. + * The reason individual models/db entries are handled this way is because this process is very slow and therefore the general check should be done first and only if that doesn't give results this very specifc solution should be used. + * + * @param string $idField Table column which contains the primary id (this is the field the permission is associated with) + * + * @return Builder + * + * @since 1.0.0 + */ public function query(string $idField) : Builder { $where = new Where($this->connection); + $hasRead = ($this->permission & PermissionType::READ) === PermissionType::READ; + $hasCreate = ($this->permission & PermissionType::CREATE) === PermissionType::CREATE; + $hasModify = ($this->permission & PermissionType::MODIFY) === PermissionType::MODIFY; + $hasDelete = ($this->permission & PermissionType::DELETE) === PermissionType::DELETE; + $hasPermission = ($this->permission & PermissionType::PERMISSION) === PermissionType::PERMISSION; + // Handle account permissions if (!empty($this->account)) { $accountPermission = new Builder($this->connection); @@ -127,7 +265,7 @@ final class PermissionQueryBuilder $subWhere = new Where($this->connection); foreach ($this->modules as $module) { $subWhere->orWhere('account_permission_module', '=', $module); - } + } $accountPermission->where($subWhere); @@ -138,7 +276,26 @@ final class PermissionQueryBuilder $accountPermission->where($subWhere); - $accountPermission->where('account_permission_permission', '>', $this->permission); + if ($hasRead) { + $accountPermission->where('account_permission_hasread', '=', $hasRead); + } + + if ($hasCreate) { + $accountPermission->where('account_permission_hascreate', '=', $hasCreate); + } + + if ($hasModify) { + $accountPermission->where('account_permission_hasmodify', '=', $hasModify); + } + + if ($hasDelete) { + $accountPermission->where('account_permission_hasdelete', '=', $hasDelete); + } + + if ($hasPermission) { + $accountPermission->where('account_permission_haspermission', '=', $hasPermission); + } + $where->where($idField, 'in', $accountPermission); } @@ -177,7 +334,26 @@ final class PermissionQueryBuilder $groupPermission->where($subWhere); - $groupPermission->where('group_permission_permission', '>', $this->permission); + if ($hasRead) { + $groupPermission->where('group_permission_hasread', '=', $hasRead); + } + + if ($hasCreate) { + $groupPermission->where('group_permission_hascreate', '=', $hasCreate); + } + + if ($hasModify) { + $groupPermission->where('group_permission_hasmodify', '=', $hasModify); + } + + if ($hasDelete) { + $groupPermission->where('group_permission_hasdelete', '=', $hasDelete); + } + + if ($hasPermission) { + $groupPermission->where('group_permission_haspermission', '=', $hasPermission); + } + $where->orWhere($idField, 'in', $groupPermission); }