progression multi user

class/User.class.php

@@ -81,11 +81,19 @@ class User extends Entity
         return array_merge(array('rights','ranks','firms','preferences','meta'),array_keys($this->toArray()));
     }
 
-    public function can($section,$right){
+    public function can($section,$right,$permissionRight = null){
         if($this->superadmin == 1) return true;
         global $myFirm;
         $firm = is_object($myFirm) && $myFirm->id !=0 ? $myFirm->id : 0;
 
+        if(isset($permissionRight)){
+
+            if(!isset($this->rights['permission'][$section]) || !isset($this->rights['permission'][$section][$right])) return false;
+            if(isset($this->rights['permission'][$section][$right][$permissionRight]) && $this->rights['permission'][$section][$right][$permissionRight] ) return true;
+            return  false;
+           
+        }
+
         if(isset($this->rights[$section][$firm][$right])){
             return $this->rights[$section][$firm][$right]==1;
         }
@@ -178,6 +186,31 @@ class User extends Entity
             if($right->delete) $this->rights[$right->section][$right->firm]['delete'] = true;
             if($right->configure) $this->rights[$right->section][$right->firm]['configure'] = true;
         endforeach;
+
+
+        $permissions = Permission::staticQuery('SELECT * FROM {{table}} WHERE (targetEntity="user" AND targetUid=?) OR (targetEntity="rank" AND targetUid IN('.implode(',',$ranksId).'))',array($this->login),true);
+       $this->rights['permission'] = array();
+       foreach ($permissions as $permission) {
+
+            if(!isset($this->rights['permission'][$permission->entity])) $this->rights['permission'][$permission->entity] = array();
+            
+            if(!isset($this->rights['permission'][$permission->entity][$permission->uid])){
+
+                $this->rights['permission'][$permission->entity][$permission->uid] = array(
+                    'read' => false,
+                    'edit' => false,
+                    'delete' => false,
+                    'recursive' => false,
+                    'configure' => false
+                );
+            }
+
+            if($permission->read) $this->rights['permission'][$permission->entity][$permission->uid]['read'] = true;
+            if($permission->edit) $this->rights['permission'][$permission->entity][$permission->uid]['edit'] = true;
+            if($permission->delete) $this->rights['permission'][$permission->entity][$permission->uid]['delete'] = true;
+            if($permission->recursive) $this->rights['permission'][$permission->entity][$permission->uid]['recursive'] = true;
+            if($permission->configure) $this->rights['permission'][$permission->entity][$permission->uid]['configure'] = true;
+        }
     }
 
     public function getFirms(){

function.php

@@ -27,7 +27,7 @@ function unhandledException($ex){
 	    
 	    default:
 	        echo '<div id="message" class="alert alert-danger"><strong>Erreur : </strong><span>'.$ex->getMessage();
-	        if($myUser->superadmin) echo '  -  <small style="opacity:0.5;">'.$ex->getFile().' L'.$ex->getLine().'</small>';
+	        if(is_object($myUser) && $myUser->superadmin) echo '  -  <small style="opacity:0.5;">'.$ex->getFile().' L'.$ex->getLine().'</small>';
 	        echo '</span></div>';
 	    break;
 	}

plugin/hackpoint/action.php

@@ -35,7 +35,7 @@ switch($_['action']){
 			
 			foreach($sketchs as $sketch){
 
-				if(!$sketch->state &&  $sketch->creator != $myUser->login) continue;
+				if(!$sketch->state &&  $sketch->creator != $myUser->login && !$myUser->can('hackpoint',$sketch->id,'read') ) continue;
 
 				$row = $sketch->toArray();
 				$row['comment'] = truncate($row['comment'],65);
@@ -196,21 +196,7 @@ switch($_['action']){
 	break;
 
 	
-	//Sauvegarde des configurations de hackpoint
-	case 'hackpoint_setting_save':
-		Action::write(function(&$response){
-			global $myUser,$_,$conf;
-			if(!$myUser->can('hackpoint','configure')) throw new Exception("Permissions insuffisantes",403);
-			foreach(Configuration::setting('hackpoint') as $key=>$value){
-				if(!is_array($value)) continue;
-				$allowed[] = $key;
-			}
-			foreach ($_['fields'] as $key => $value) {
-				if(in_array($key, $allowed))
-					$conf->put($key,$value);
-			}
-		});
-	break;
+
 	
 	/** RESOURCE **/
 	//Récuperation d'une liste de resource
@@ -221,7 +207,7 @@ switch($_['action']){
 			require_once(__DIR__.SLASH.'Sketch.class.php');
 			require_once(__DIR__.SLASH.'Resource.class.php');
 			$sketch = Sketch::provide('sketch');
-			if(!$sketch->state &&  $sketch->creator != $myUser->login) throw new Exception("Sketch privé", 403);
+			if(!$sketch->state &&  $sketch->creator != $myUser->login && !$myUser->can('hackpoint',$sketch->id,'read') ) throw new Exception("Sketch privé", 403);
 			
 			foreach(Resource::loadAll(array('sketch'=>$_['sketch']),array('sort')) as $resource){
 				$row = $resource->toArray();
@@ -240,7 +226,7 @@ switch($_['action']){
 			require_once(__DIR__.SLASH.'Resource.class.php');
 			$item = Resource::provide('id',1);
 			$sketch = $item->join('sketch');
-			if(!$sketch->state &&  $sketch->creator != $myUser->login) throw new Exception("Sketch privé", 403);
+			if(!$sketch->state &&  $sketch->creator != $myUser->login && !$myUser->can('hackpoint',$sketch->id,'read') ) throw new Exception("Sketch privé", 403);
 
 			$response = $item->toHtml();
 			$response['resourceType'] = $item->type;
@@ -256,7 +242,7 @@ switch($_['action']){
 			$item = Resource::provide('id',1);
 			$sketch = $item->join('sketch');
 		
-			if($sketch->creator != $myUser->login) throw new Exception("Permissions insuffisantes",403);
+			if($sketch->creator != $myUser->login && !$myUser->can('hackpoint',$sketch->id,'edit')) throw new Exception("Permissions insuffisantes",403);
 			$item->content = $_['content'];
 			$item->save();
 		});
@@ -275,7 +261,7 @@ switch($_['action']){
 			if( !is_object($sketch) || $sketch->id==0){
 				$sketch = Sketch::getById($_['sketch']);
 			}
-			if($sketch->creator != $myUser->login) throw new Exception("Permissions insuffisantes",403);
+			if($sketch->creator != $myUser->login && !$myUser->can('hackpoint',$sketch->id,'edit')) throw new Exception("Permissions insuffisantes",403);
 
 			if(!isset($_['type']) && $item->id!=0) $_['type'] = $item->type;
 			$type = ResourceType::types($_['type']);
@@ -325,30 +311,12 @@ switch($_['action']){
 	
 			$item = Resource::getById($_['id'],1);
 			$sketch = $item->join('sketch');
-			if($sketch->creator != $myUser->login) throw new Exception("Permissions insuffisantes",403);
+			if($sketch->creator != $myUser->login && !$myUser->can('hackpoint',$sketch->id,'delete')) throw new Exception("Permissions insuffisantes",403);
 			Resource::deleteById($_['id']);
 			
 		});
 	break;
 
-	
-	//Sauvegarde des configurations de hackpoint
-	case 'hackpoint_setting_save':
-		Action::write(function(&$response){
-			global $myUser,$_,$conf;
-			if(!$myUser->can('hackpoint','configure')) throw new Exception("Permissions insuffisantes",403);
-			foreach(Configuration::setting('hackpoint') as $key=>$value){
-				if(!is_array($value)) continue;
-				$allowed[] = $key;
-			}
-			foreach ($_['fields'] as $key => $value) {
-				if(in_array($key, $allowed))
-					$conf->put($key,$value);
-			}
-		});
-	break;
-	
-
 
 	//Suppression document
 	case 'resource_delete_document':
@@ -393,11 +361,6 @@ switch($_['action']){
 	break;
 
 
-
-
-
-
-
 	//Download d'un fichier
 	case 'hackpoint_download_file':
 		Action::write(function(&$response){

plugin/hackpoint/css/main.css

@@ -474,6 +474,7 @@ div.hackpoint-type-image[data-type="dropzone"] > ul > li > i.pointer{
 /* readonly mode */
 	.hackpoint.readonly #resources-toolbar .btn-add-resource,
 	.hackpoint.readonly .btn-delete-sketch,
+	.hackpoint.readonly .btn-permission-sketch,
 	.hackpoint.readonly #resources .delete-resource,
 	.hackpoint.readonly .resource-image .fas.fa-times,
 	.hackpoint.readonly .hackpoint-type-image > div,

plugin/hackpoint/page.sheet.sketch.php

@@ -4,9 +4,13 @@ require_once(__DIR__.SLASH.'Sketch.class.php');
 require_once(__DIR__.SLASH.'ResourceType.class.php');
 $sketch = Sketch::provide();
 if(!$sketch) throw new Exception("Sketch supprimé ou inexistant");
-if(!$sketch->state &&  $sketch->creator != $myUser->login) throw new Exception("Sketch privé");
+if(!$sketch->state &&  $sketch->creator != $myUser->login &&  !$myUser->can('hackpoint',$sketch->id,'read') ) throw new Exception("Sketch privé");
 
-$sketchClasses = $sketch->creator != $myUser->login ? "readonly":"editable";
+
+
+
+$sketchClasses =  "readonly";
+if( $sketch->creator == $myUser->login || $myUser->can('hackpoint',$sketch->id,'edit') ) $sketchClasses = "editable";
 
 
 if(isset($_['sidebar']) && $_['sidebar'] == 0) $sketchClasses .= ' no-sidebar';
@@ -73,7 +77,7 @@ if(isset($_['sidebar']) && $_['sidebar'] == 0) $sketchClasses .= ' no-sidebar';
 									<div onclick="" class="btn btn-success" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false"><i class="fas fa-cogs"></i></div>
 									<div class="dropdown-menu" aria-labelledby="dropdownMenuButton">
 									    <div class="dropdown-item pointer" onclick="hackpoint_sketch_share();"><i class="fas fa-share-alt"></i> Partager</div>
-									    <div class="dropdown-item pointer" onclick="hackpoint_sketch_permission();"><i class="fas fa-users-cog"></i> Droits</div>
+									    <div class="dropdown-item  btn-permission-sketch pointer" onclick="hackpoint_sketch_permission();"><i class="fas fa-users-cog"></i> Droits</div>
 									    <div class="dropdown-item pointer" onclick="hackpoint_sketch_download();"><i class="far fa-file-archive"></i> Télécharger</div>
 									    <div class="btn btn-delete-sketch dropdown-item" title="Supprimer" onclick="hackpoint_sketch_delete(this);"><i class="far fa-trash-alt"></i> Supprimer</div> 
 									</div>