Custom Roles & Permissions

Initial enforcement of custom roles & permissions - only on some pages via GET for now.

accounts.php

@@ -6,6 +6,9 @@
 
 require_once "inc_all.php";
 
+// Perms
+enforceUserPermission('module_financial');
+
 //Rebuild URL
 $url_query_strings_sort = http_build_query($get_copy);
 

admin_roles.php

@@ -21,7 +21,7 @@
 $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
 
 ?>
-    <div class="alert alert-danger"><strong>Roles are not yet active/enforced - do not use.</strong><hr></div>
+    <div class="alert alert-warning"><strong>Roles are still in development. Permissions may not be fully be enforced.</strong><hr></div>
 
     <div class="card card-dark">
         <div class="card-header py-2">

admin_side_nav.php

@@ -22,6 +22,12 @@
                         <p>Users</p>
                     </a>
                 </li>
+                <li class="nav-item">
+                    <a href="admin_roles.php" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "admin_roles.php") {echo "active";} ?>">
+                        <i class="nav-icon fas fa-user-shield"></i>
+                        <p>Roles</p>
+                    </a>
+                </li>
                 <li class="nav-item">
                     <a href="admin_api.php" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "admin_api.php") {echo "active";} ?>">
                         <i class="nav-icon fas fa-key"></i>

budget.php

@@ -2,6 +2,9 @@
 
 require_once "inc_all.php";
 
+// Perms
+enforceUserPermission('module_financial');
+
 // Fetch categories
 $query = "SELECT category_id, category_name FROM categories WHERE category_type ='Expense' AND category_archived_at IS NULL";
 $result = mysqli_query($mysqli, $query);

check_login.php

@@ -38,20 +38,20 @@
 
 $session_user_id = intval($_SESSION['user_id']);
 
-$sql = mysqli_query($mysqli, "SELECT * FROM users, user_settings WHERE users.user_id = user_settings.user_id AND users.user_id = $session_user_id");
+$sql = mysqli_query(
+    $mysqli,
+    "SELECT * FROM USERS
+    LEFT JOIN user_settings ON users.user_id = user_settings.user_id
+    LEFT JOIN user_roles ON user_settings.user_role = user_roles.user_role_id
+    WHERE users.user_id = $session_user_id"
+);
 $row = mysqli_fetch_array($sql);
 $session_name = sanitizeInput($row['user_name']);
 $session_email = $row['user_email'];
 $session_avatar = $row['user_avatar'];
 $session_token = $row['user_token'];
 $session_user_role = intval($row['user_role']);
-if ($session_user_role == 3) {
-    $session_user_role_display = "Administrator";
-} elseif ($session_user_role == 2) {
-    $session_user_role_display = "Technician";
-} else {
-    $session_user_role_display = "Accountant";
-}
+$session_user_role_display = sanitizeInput($row['user_role_name']);
 if (isset($row['user_role_is_admin']) && $row['user_role_is_admin'] == 1) {
     $session_is_admin = true;
 }

client_assets.php

@@ -6,6 +6,9 @@
 
 require_once "inc_all_client.php";
 
+// Perms
+enforceUserPermission('module_support');
+
 //Asset Type from GET
 if (isset($_GET['type']) && ($_GET['type']) == 'workstation') {
     $type_query = "asset_type = 'desktop' OR asset_type = 'laptop'";

client_certificates.php

@@ -6,6 +6,8 @@
 
 require_once "inc_all_client.php";
 
+// Perms
+enforceUserPermission('module_support');
 
 //Rebuild URL
 $url_query_strings_sort = http_build_query($get_copy);

client_documents.php

@@ -6,6 +6,8 @@
 
 require_once "inc_all_client.php";
 
+// Perms
+enforceUserPermission('module_support');
 
 // Folder
 if (!empty($_GET['folder_id'])) {

client_domains.php

@@ -6,6 +6,8 @@
 
 require_once "inc_all_client.php";
 
+// Perms
+enforceUserPermission('module_support');
 
 //Rebuild URL
 $url_query_strings_sort = http_build_query($get_copy);

client_invoices.php

@@ -6,6 +6,8 @@
 
 require_once "inc_all_client.php";
 
+// Perms
+enforceUserPermission('module_sales');
 
 //Rebuild URL
 $url_query_strings_sort = http_build_query($get_copy);

client_logins.php

@@ -6,6 +6,9 @@
 
 require_once "inc_all_client.php";
 
+// Perms
+enforceUserPermission('module_credential');
+
 // Log when users load the Credentials/Logins page
 mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Credential', log_action = 'View', log_description = '$session_name viewed the Credentials page for client', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id");
 

client_networks.php

@@ -6,6 +6,8 @@
 
 require_once "inc_all_client.php";
 
+// Perms
+enforceUserPermission('module_support');
 
 //Rebuild URL
 $url_query_strings_sb = http_build_query(array_merge($_GET, array('sort' => $sort, 'order' => $order)));

client_payments.php

@@ -6,6 +6,8 @@
 
 require_once "inc_all_client.php";
 
+// Perms
+enforceUserPermission('module_financial');
 
 //Rebuild URL
 $url_query_strings_sort = http_build_query($get_copy);

client_quotes.php

@@ -6,6 +6,8 @@
 
 require_once "inc_all_client.php";
 
+// Perms
+enforceUserPermission('module_sales');
 
 //Rebuild URL
 $url_query_strings_sort = http_build_query($get_copy);

client_racks.php

@@ -6,6 +6,9 @@
 
 require_once "inc_all_client.php";
 
+// Perms
+enforceUserPermission('module_support');
+
 // Rebuild URL
 $url_query_strings_sort = http_build_query($get_copy);
 

client_recurring_invoices.php

@@ -6,6 +6,8 @@
 
 require_once "inc_all_client.php";
 
+// Perms
+enforceUserPermission('module_sales');
 
 //Rebuild URL
 $url_query_strings_sort = http_build_query($get_copy);

client_recurring_tickets.php

@@ -6,6 +6,8 @@
 
 require_once "inc_all_client.php";
 
+// Perms
+enforceUserPermission('module_support');
 
 //Rebuild URL
 $url_query_strings_sort = http_build_query($get_copy);

client_services.php

@@ -6,6 +6,8 @@
 
 require_once "inc_all_client.php";
 
+// Perms
+enforceUserPermission('module_support');
 
 //Rebuild URL
 $url_query_strings_sort = http_build_query($get_copy);