s.probst/OpenXE
1
0
Fork 0
mirror of https://github.com/OpenXE-org/OpenXE.git synced 2024-11-14 20:17:14 +01:00
Code Issues Projects Releases Wiki Activity

Implemented: user rights cannot be removed as soon as user template grants this right.

Browse Source
This commit is contained in:
Xenomporio 2022-06-20 16:27:51 +02:00
parent af3efdc0c4
commit 06143f98b1
2 changed files with 32 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
www/pages/benutzer.php
View File

@ -524,7 +524,7 @@ class Benutzer
if($data[0]['type']=="admin"){ if($data[0]['type']=="admin"){
$this->app->Tpl->Set('HINWEISADMIN',"<div class=\"info\">Dieser Benutzer ist vom Typ Administrator. Administratoren haben immer Vollzugriff - daher können diesem keine Rechte genommen werden.</div>"); $this->app->Tpl->Set('HINWEISADMIN',"<div class=\"info\">Dieser Benutzer ist vom Typ Administrator. Administratoren haben immer Vollzugriff - daher können diesem keine Rechte genommen werden.</div>");
} else { } else {
$this->app->Tpl->Add("HINWEISADMIN","<br><i>Hinweis: Blau = erlaubt, Grau = gesperrt</i>"); $this->app->Tpl->Add("HINWEISADMIN","<br><i>Hinweis: Blau = erlaubt, Grau = gesperrt, Sobald eine Vorlage eingetragen ist k&ouml;nnen Rechte der Vorlage dem Benutzer nicht mehr entzogen werden.</i>");
} }
$this->SetInput($data[0]); $this->SetInput($data[0]);
$this->UserRights(); $this->UserRights();
@ -944,19 +944,41 @@ class Benutzer
{ {
$this->app->DB->Update("UPDATE userrights SET permission='$value' WHERE id='$id' LIMIT 1"); $this->app->DB->Update("UPDATE userrights SET permission='$value' WHERE id='$id' LIMIT 1");
} }
else else
$this->app->DB->Delete("DELETE FROM userrights WHERE user='$user' AND module='$module' AND action='$action'"); {
}
//$this->app->DB->Update("UPDATE userrights SET permission='$value' WHERE id='$id' LIMIT 1");
else
$this->app->DB->Insert("INSERT INTO userrights (user, module, action, permission) VALUES ('$user', '$module', '$action', '$value')");
$sql = "
SELECT
permission
FROM
`uservorlagerights`
INNER JOIN `uservorlage` INNER JOIN `user` ON `uservorlagerights`.`vorlage` = `uservorlage`.`id` AND `user`.`vorlage` = `uservorlage`.`bezeichnung`
WHERE
`user`.`id` = '$user' AND `uservorlagerights`.`module` = '$module' AND `uservorlagerights`.`action` = '$action' LIMIT 1";
$uservorlageright = $this->app->DB->Select($sql);
$fromtemplate = false;
if (!empty($uservorlageright)) {
if ($uservorlageright[0] == '1') {
$fromtemplate = true;
}
}
if (!$fromtemplate) {
$this->app->DB->Delete("DELETE FROM userrights WHERE user='$user' AND module='$module' AND action='$action'");
}
}
}
else {
$this->app->DB->Insert("INSERT INTO userrights (user, module, action, permission) VALUES ('$user', '$module', '$action', '$value')");
}
$this->permissionLog($this->app->User->GetID(),$user,$module,$action,$value); $this->permissionLog($this->app->User->GetID(),$user,$module,$action,$value);
} }
echo $this->app->DB->Select("SELECT permission FROM userrights WHERE user='$user' AND module='$module' AND action='$action' LIMIT 1"); echo $this->app->DB->Select("SELECT permission FROM userrights WHERE user='$user' AND module='$module' AND action='$action' LIMIT 1");
exit; exit;
} }

4
www/pages/uservorlage.php
View File

@ -219,8 +219,6 @@ class Uservorlage
); );
$this->app->Tpl->Set('MESSAGE', "<div class=\"success\">Die Einstellungen wurden erfolgreich &uuml;bernommen.</div>"); $this->app->Tpl->Set('MESSAGE', "<div class=\"success\">Die Einstellungen wurden erfolgreich &uuml;bernommen.</div>");
$this->app->erp->AbgleichBenutzerVorlagen($id);
} }
} // END Input Get } // END Input Get
@ -338,6 +336,8 @@ class Uservorlage
} }
echo $this->app->DB->Select("SELECT permission FROM uservorlagerights WHERE vorlage='$vorlage' AND module='$module' AND action='$action' LIMIT 1"); echo $this->app->DB->Select("SELECT permission FROM uservorlagerights WHERE vorlage='$vorlage' AND module='$module' AND action='$action' LIMIT 1");
$this->app->erp->AbgleichBenutzerVorlagen(null, $id, $module, $action); // Update permissions for all users
exit; exit;
} }