tp_dhu/tp_servicedesk
1
0
Fork 0
Code Issues 12 Pull Requests Actions Packages Projects 1 Releases Wiki Activity

updated authcontroller to implement admin check - needs further development for roles

Browse Source
This commit is contained in:
tp_dhu 2025-04-27 09:33:53 +01:00
parent 6cc9953a68
commit aa44215eb1
4 changed files with 127 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

70
app/controllers/Admin/TicketOptionsController.php
View File

@ -7,7 +7,7 @@ class TicketOptionsController extends \BaseController
public function listPriorities() public function listPriorities()
{ {
$this->requireLogin(); $this->requireLogin();
// TODO: check admin $this->requireAdmin(); // Added admin check
$model = new \TicketPriority($this->getDB()); $model = new \TicketPriority($this->getDB());
$priorities = $model->findAll(); $priorities = $model->findAll();
@ -20,17 +20,83 @@ class TicketOptionsController extends \BaseController
public function createPriorityForm() public function createPriorityForm()
{ {
$this->requireLogin(); $this->requireLogin();
$this->requireAdmin(); // Added admin check
$this->renderView('/ui/views/admin/priorities/create.html'); $this->renderView('/ui/views/admin/priorities/create.html');
} }
public function createPriority() public function createPriority()
{ {
$this->requireLogin(); $this->requireLogin();
$this->requireAdmin(); // Added admin check
$p = new \TicketPriority($this->getDB()); $p = new \TicketPriority($this->getDB());
$p->name = $this->f3->get('POST.name'); $p->name = $this->f3->get('POST.name');
$p->sort_order = $this->f3->get('POST.sort_order'); $p->sort_order = $this->f3->get('POST.sort_order');
$p->save(); $p->save();
// Redirect after save
$this->f3->reroute('/admin/priorities');
}
public function editPriorityForm($f3, $params)
{
$this->requireLogin();
$this->requireAdmin();
$priorityId = $params['id'];
$model = new \TicketPriority($this->getDB());
$priority = $model->load(['id = ?', $priorityId]);
if (!$priority) {
$f3->error(404, 'Priority not found');
return;
}
$this->renderView('/ui/views/admin/priorities/edit.html', [
'priority' => $priority
]);
}
public function updatePriority($f3, $params)
{
$this->requireLogin();
$this->requireAdmin();
$priorityId = $params['id'];
$model = new \TicketPriority($this->getDB());
$priority = $model->load(['id = ?', $priorityId]);
if (!$priority) {
$f3->error(404, 'Priority not found');
return;
}
$priority->name = $this->f3->get('POST.name');
$priority->sort_order = $this->f3->get('POST.sort_order');
$priority->save();
// Redirect after update
$this->f3->reroute('/admin/priorities');
}
public function deletePriority($f3, $params)
{
$this->requireLogin();
$this->requireAdmin();
$priorityId = $params['id'];
$model = new \TicketPriority($this->getDB());
$priority = $model->load(['id = ?', $priorityId]);
if (!$priority) {
// Optionally show an error message or just redirect
$this->f3->reroute('/admin/priorities');
return;
}
$priority->erase();
// Redirect after delete
$this->f3->reroute('/admin/priorities');
} }
// TODO: editPriorityForm(), updatePriorityForm(), deletePriorityForm()
} }

39
app/controllers/Admin/UserController.php Normal file
View File

@ -0,0 +1,39 @@
<?php
namespace Admin;
class UserController extends \BaseController implements \CRUD
{
public function index($f3)
{
// TODO: Implement index() method.
}
public function createForm($f3)
{
// TODO: Implement createForm() method.
}
public function create($f3)
{
// TODO: Implement create() method.
}
public function view($id)
{
// TODO: Implement view() method.
}
public function editForm($id)
{
// TODO: Implement editForm() method.
}
public function update($id)
{
// TODO: Implement update() method.
}
}

5
app/controllers/AuthController.php
View File

@ -22,7 +22,7 @@ class AuthController {
$db = $f3->get('DB'); $db = $f3->get('DB');
// query for user // query for user
$result = $db->exec( $result = $db->exec(
'SELECT u.id, u.username, u.password, u.role, r.role as role_name 'SELECT u.id, u.username, u.password, u.role, u.is_admin, r.role as role_name
FROM users u FROM users u
LEFT JOIN roles r ON r.id = u.role LEFT JOIN roles r ON r.id = u.role
WHERE username =? WHERE username =?
@ -38,7 +38,8 @@ class AuthController {
'id'=> $user['id'], 'id'=> $user['id'],
'username' => $user['username'], 'username' => $user['username'],
'role' => $user['role'], 'role' => $user['role'],
'role_name' => $user['role_name'] 'role_name' => $user['role_name'],
'is_admin' => $user['is_admin']
]); ]);
if($f3->exists('SESSION.redirect')){ if($f3->exists('SESSION.redirect')){

18
app/controllers/BaseController.php
View File

@ -10,6 +10,7 @@ abstract class BaseController
public function __construct() public function __construct()
{ {
$this->f3 = \Base::instance(); $this->f3 = \Base::instance();
} }
@ -36,6 +37,21 @@ abstract class BaseController
} }
} }
/**
* Enforce that the user is logged in AND is an admin before proceeding.
*/
protected function requireAdmin()
{
$this->requireLogin(); // First, ensure the user is logged in
// Check if the user is an admin (assuming 'is_admin' property in session)
if (!$this->f3->get('SESSION.user.is_admin')) {
// Optionally set an error message
$this->f3->set('SESSION.error', 'Admin access required.');
$this->f3->reroute('/'); // Redirect non-admins to home page
}
}
/** /**
* Set up a main layout template and inject the specified view path * Set up a main layout template and inject the specified view path
* optional $data to pass variables down to template * optional $data to pass variables down to template
@ -45,7 +61,7 @@ abstract class BaseController
foreach($data as $key => $value){ foreach($data as $key => $value){
$this->f3->set($key, $value); $this->f3->set($key, $value);
} }
// set {{content}} // set {{content}}
$this->f3->set('content', $viewPath); $this->f3->set('content', $viewPath);