mirror/opensourcepos
1
0
Fork 0
mirror of https://github.com/opensourcepos/opensourcepos.git synced 2026-04-05 07:34:49 -04:00
Code Issues Packages Projects Releases Wiki Activity

Add ospos_grants table

Browse Source 
Refactor permission and module system
This commit is contained in:
jekkos-t520
2014-10-07 00:47:30 +02:00
parent 97ff190ba5
commit aee5f3d27e
12 changed files with 170 additions and 109 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
application/controllers/employees.php
View File

@@ -47,6 +47,8 @@ class Employees extends Person_controller
{
$data['person_info']=$this->Employee->get_info($employee_id);
$data['all_modules']=$this->Module->get_all_modules();
$data['all_subpermissions']=$this->Module->get_all_subpermissions();
var_dump($this->db->last_query());
$this->load->view("employees/form",$data);
}
@@ -68,7 +70,7 @@ class Employees extends Person_controller
'country'=>$this->input->post('country'),
'comments'=>$this->input->post('comments')
);
$permission_data = $this->input->post("permissions")!=false ? $this->input->post("permissions"):array();
$grants_data = $this->input->post("grants")!=false ? $this->input->post("grants"):array();
//Password has been changed OR first time password set
if($this->input->post('password')!='')
@@ -83,7 +85,7 @@ class Employees extends Person_controller
$employee_data=array('username'=>$this->input->post('username'));
}
if($this->Employee->save($person_data,$employee_data,$permission_data,$employee_id))
if($this->Employee->save($person_data,$employee_data,$grants_data,$employee_id))
{
//New employee
if($employee_id==-1)

4
application/controllers/reports.php
View File

@@ -15,10 +15,10 @@ class Reports extends Secure_area
$submodule_id = preg_match("/([^_.]*)(?:_graph)?$/", $method_name, $matches);
$employee_id=$this->Employee->get_logged_in_employee_info()->person_id;
// check access to report submodule
/* if (sizeof($exploder) > 1 && !$this->Employee->has_permission('reports_'.$matches[1],$employee_id))
if (sizeof($exploder) > 1 && !$this->Employee->has_permission('reports_'.$matches[1],$employee_id))
{
redirect('no_access/'.$submodule_id);
} */
}
$this->load->helper('report');
}

3
application/controllers/secure_area.php
View File

@@ -15,7 +15,7 @@ class Secure_area extends CI_Controller
}
$submodule_id = empty($submodule_id) ? $module_id : $submodule_id;
$employee_id=$this->Employee->get_logged_in_employee_info()->person_id;
if(!$this->Employee->has_permission($module_id,$employee_id) || !$this->Employee->has_subpermission($submodule_id,$employee_id))
if(!$this->Employee->has_module_permission($module_id,$employee_id))
{
redirect('no_access/'.$module_id);
}
@@ -23,6 +23,7 @@ class Secure_area extends CI_Controller
//load up global data
$logged_in_employee_info=$this->Employee->get_logged_in_employee_info();
$data['allowed_modules']=$this->Module->get_allowed_modules($logged_in_employee_info->person_id);
$data['grants']=$this->Module->get_employee_grants($logged_in_employee_info->person_id);
$data['user_info']=$logged_in_employee_info;
$this->load->vars($data);
}

6
application/helpers/report_helper.php
View File

@@ -86,7 +86,7 @@ function random_color()
return $c;
}
function show_report_if_allowed($allowed_modules, $report_prefix, $report_name, $permission='')
function show_report_if_allowed($grants, $report_prefix, $report_name, $permission='')
{
$CI =& get_instance();
$lang_line = 'reports_' .$report_name;
@@ -96,9 +96,9 @@ function show_report_if_allowed($allowed_modules, $report_prefix, $report_name,
// no summary nor detailed reports for receivings
if (!empty($report_label) && !(preg_match('/.*summary_?$/', $report_prefix) && $report_name === "receivings"))
{
foreach($allowed_modules->result() as $module)
foreach($grants->result() as $grant)
{
if ($module->module_id == 'reports_'. $permission)
if ($grant->permission_id == 'reports_'. $permission)
{
?>
<li><a href="<?php echo site_url('reports/' . $report_prefix . $report_name);?>"><?php echo $report_label; ?></a></li>

53
application/models/employee.php
View File

@@ -82,7 +82,7 @@ class Employee extends Person
/*
Inserts or updates an employee
*/
function save(&$person_data, &$employee_data,&$permission_data,$employee_id=false)
function save(&$person_data, &$employee_data,&$grants_data,$employee_id=false)
{
$success=false;
@@ -105,17 +105,17 @@ class Employee extends Person
//We have either inserted or updated a new employee, now lets set permissions.
if($success)
{
//First lets clear out any permissions the employee currently has.
$success=$this->db->delete('permissions', array('person_id' => $employee_id));
//First lets clear out any grants the employee currently has.
$success=$this->db->delete('grants', array('person_id' => $employee_id));
//Now insert the new permissions
//Now insert the new grants
if($success)
{
foreach($permission_data as $allowed_module)
foreach($grants_data as $permission_id)
{
$success = $this->db->insert('permissions',
$success = $this->db->insert('grants',
array(
'module_id'=>$allowed_module,
'permission_id'=>$permission_id,
'person_id'=>$employee_id));
}
}
@@ -142,7 +142,7 @@ class Employee extends Person
$this->db->trans_start();
//Delete permissions
if($this->db->delete('permissions', array('person_id' => $employee_id)))
if($this->db->delete('grants', array('person_id' => $employee_id)))
{
$this->db->where('person_id', $employee_id);
$success = $this->db->update('employees', array('deleted' => 1));
@@ -167,7 +167,7 @@ class Employee extends Person
$this->db->where_in('person_id',$employee_ids);
//Delete permissions
if ($this->db->delete('permissions'))
if ($this->db->delete('grants'))
{
//delete from employee table
$this->db->where_in('person_id',$employee_ids);
@@ -306,35 +306,40 @@ class Employee extends Person
/*
* Determines whether the employee has access to at least one submodule
*/
function has_subpermission($submodule_id,$person_id)
function has_module_permission($submodule_id,$person_id)
{
$this->db->from('modules');
$this->db->where('module_id like "' . $submodule_id . '_%"');
// has no submodules
$this->db->from('grants');
$this->db->where('permission_id like "' . $submodule_id . '%"');
$this->db->where('person_id',$person_id);
$result = $this->db->get();
if ($result->num_rows() > 0)
$result_count = $result->num_rows();
if ($result_count != 1)
{
$this->db->from('permissions');
$this->db->where('permissions.module_id like "' . $submodule_id . '_%"');
$this->db->where("permissions.person_id",$person_id);
$result = $this->db->get();
return $result->num_rows() > 0;
return $result_count != 0;
}
return true;
return $this->has_submodules($submodule_id);
}
function has_submodules($submodule_id)
{
$this->db->from('permissions');
$this->db->where('permission_id like "' . $submodule_id . '_%"');
$result = $this->db->get();
return $result->num_rows() == 0;
}
/*
Determins whether the employee specified employee has access the specific module.
Determines whether the employee specified employee has access the specific module.
*/
function has_permission($module_id,$person_id)
function has_permission($permission_id,$person_id)
{
//if no module_id is null, allow access
if($module_id==null)
if($permission_id==null)
{
return true;
}
$query = $this->db->get_where('permissions', array('person_id' => $person_id,'module_id'=>$module_id), 1);
$query = $this->db->get_where('grants', array('person_id'=>$person_id,'permission_id'=>$permission_id), 1);
return ($query->num_rows() == 1);
}

2
application/models/item_quantities.php
View File

@@ -13,7 +13,7 @@ class Item_quantities extends CI_Model
function save($location_detail, $item_id, $location_id)
{
if (!($item_id && $location_id) or !$this->exists($item_id,$location_id))
if (!$this->exists($item_id,$location_id))
{
if($this->db->insert('item_quantities',$location_detail))
{

27
application/models/module.php
View File

@@ -31,6 +31,21 @@ class Module extends CI_Model
return $this->lang->line('error_unknown');
}
function get_all_permissions()
{
$this->db->from('permissions');
return $this->db->get();
}
function get_all_subpermissions()
{
$this->db->from('permissions');
$this->db->join('modules', 'modules.module_id=permissions.module_id');
// can't quote the parameters correctly when using different operators..
$this->db->where($this->db->dbprefix('modules').'.module_id!=', 'permission_id', FALSE);
return $this->db->get();
}
function get_all_modules()
{
$this->db->from('modules');
@@ -41,11 +56,19 @@ class Module extends CI_Model
function get_allowed_modules($person_id)
{
$this->db->from('modules');
$this->db->join('permissions','permissions.module_id=modules.module_id');
$this->db->where("permissions.person_id",$person_id);
$this->db->join('permissions','permissions.permission_id=modules.module_id');
$this->db->join('grants','permissions.permission_id=grants.permission_id');
$this->db->where("person_id",$person_id);
$this->db->order_by("sort", "asc");
return $this->db->get();
}
function get_employee_grants($person_id)
{
$this->db->from('grants');
$this->db->where('person_id',$person_id);
return $this->db->get();
}
}
?>

35
application/models/stock_locations.php
View File

@@ -13,9 +13,7 @@ class Stock_locations extends CI_Model
function get_all($limit=10000, $offset=0)
{
$this->db->from('stock_locations');
$this->db->join('modules', 'modules.module_id=concat(\'items_stock\', location_id)');
$this->db->join('permissions', 'permissions.module_id=modules.module_id');
$this->db->where('person_id', $this->session->userdata('person_id'));
$this->db->where('deleted', 0);
$this->db->limit($limit);
$this->db->offset($offset);
return $this->db->get();
@@ -25,8 +23,8 @@ class Stock_locations extends CI_Model
{
$this->db->select('location_name');
$this->db->from('stock_locations');
$this->db->join('modules', 'modules.module_id=concat(\'items_stock\', location_id)');
$this->db->join('permissions', 'permissions.module_id=modules.module_id');
$this->db->join('permissions','permissions.location_id=stock_locations.location_id');
$this->db->join('grants','grants.permission_id=permissions.permission_id');;
$this->db->where('person_id', $this->session->userdata('person_id'));
$this->db->where('deleted', 0);
return $this->db->get();
@@ -43,8 +41,8 @@ class Stock_locations extends CI_Model
function get_undeleted_all()
{
$this->db->from('stock_locations');
$this->db->join('modules', 'modules.module_id=concat(\'items_stock\', location_id)');
$this->db->join('permissions', 'permissions.module_id=modules.module_id');
$this->db->join('permissions','permissions.location_id=stock_locations.location_id');
$this->db->join('grants','grants.permission_id=permissions.permission_id');
$this->db->where('person_id', $this->session->userdata('person_id'));
$this->db->where('deleted',0);
return $this->db->get();
@@ -64,9 +62,8 @@ class Stock_locations extends CI_Model
function get_default_location_id()
{
$this->db->from('stock_locations');
// TODO replace with extra join on ospos_grants
$this->db->join('modules', 'modules.module_id=concat(\'items_stock\', location_id)');
$this->db->join('permissions', 'permissions.module_id=modules.module_id');
$this->db->join('permissions','permissions.location_id=stock_locations.location_id');
$this->db->join('grants','grants.permission_id=permissions.permission_id');
$this->db->where('person_id', $this->session->userdata('person_id'));
$this->db->where('deleted',0);
$this->db->limit(1);
@@ -123,19 +120,21 @@ class Stock_locations extends CI_Model
{
$location_data = array('location_name'=>$location,'deleted'=>0);
$this->db->insert('stock_locations',$location_data);
// insert new module for stock location
$location_id = $this->db->insert_id();
$module_id = 'items_stock'.$location_id;
$module_name = 'module_'.$module_id;
$module_data = array('name_lang_key' => $module_name, 'desc_lang_key' => $module_name.'_desc', 'module_id' => $module_id);
$this->db->insert('modules', $module_data);
// insert permissions for stock location
// insert new permission for stock location
$permission_id = 'items_'.$location;
$permission_data = array('permission_id'=>$permission_id,'module_id'=>'items','location_id' => $location_id);
$this->db->insert('permissions', $permission_data);
// insert grants for new permission
$employees = $this->Employee->get_all();
foreach ($employees->result_array() as $employee)
{
$permission_data = array('module_id' => $module_id, 'person_id' => $employee['person_id']);
$this->db->insert('permissions', $permission_data);
$grants_data = array('permission_id' => $permission_id, 'person_id' => $employee['person_id']);
$this->db->insert('grants', $grants_data);
}
// insert quantities for existing items
$items = $this->Item->get_all();
foreach ($items->result_array() as $item)

33
application/views/employees/form.php
View File

@@ -54,30 +54,27 @@ $password_label_attributes = $person_info->person_id == "" ? array('class'=>'req
<?php
foreach($all_modules->result() as $module)
{
if (sizeof(explode('_', $module->module_id)) == 1)
{
?>
<li>
<?php echo form_checkbox("permissions[]",$module->module_id,$this->Employee->has_permission($module->module_id,$person_info->person_id)); ?>
<?php echo form_checkbox("grants[]",$module->module_id,$this->Employee->has_permission($module->module_id,$person_info->person_id)); ?>
<span class="medium"><?php echo $this->lang->line('module_'.$module->module_id);?>:</span>
<span class="small"><?php echo $this->lang->line('module_'.$module->module_id.'_desc');?></span>
<?php
foreach($all_modules->result() as $submodule)
foreach($all_subpermissions->result() as $permission)
{
$exploded_permission = explode('_', $permission->permission_id);
if ($permission->module_id == $module->module_id)
{
$exploded_submodule_id = explode('_', $submodule->module_id);
if (sizeof($exploded_submodule_id) > 1 && $exploded_submodule_id[0] == $module->module_id)
{
$lang_line = $this->lang->line('reports_'.$exploded_submodule_id[1]);
$lang_line = empty($lang_line) ? $this->Stock_locations->get_location_name(substr($exploded_submodule_id[1], -1)) : $lang_line;
?>
<ul>
<li>
<?php echo form_checkbox("permissions[]",$submodule->module_id,$this->Employee->has_permission($submodule->module_id,$person_info->person_id)); ?>
<span class="medium"><?php echo $lang_line ?></span>
</li>
</ul>
<?php
}
$lang_line = $this->lang->line('reports_'.$exploded_permission[1]);
$lang_line = empty($lang_line) ? $exploded_permission[1] : $lang_line;
?>
<ul>
<li>
<?php echo form_checkbox("grants[]",$permission->permission_id,$this->Employee->has_permission($permission->permission_id,$person_info->person_id)); ?>
<span class="medium"><?php echo $lang_line ?></span>
</li>
</ul>
<?php
}
}
}

7
application/views/partial/header.php
View File

@@ -44,16 +44,13 @@ html {
<?php
foreach($allowed_modules->result() as $module)
{
if (sizeof(explode('_', $module->module_id)) == 1)
{
?>
?>
<div class="menu_item">
<a href="<?php echo site_url("$module->module_id");?>">
<img src="<?php echo base_url().'images/menubar/'.$module->module_id.'.png';?>" border="0" alt="Menubar Image" /></a><br />
<a href="<?php echo site_url("$module->module_id");?>"><?php echo $this->lang->line("module_".$module->module_id) ?></a>
</div>
<?php
}
<?php
}
?>
</div>

26
application/views/reports/listing.php
View File

@@ -6,13 +6,13 @@
<li><h3><?php echo $this->lang->line('reports_graphical_reports'); ?></h3>
<ul>
<?php
foreach($allowed_modules->result() as $module)
foreach($grants->result() as $grant)
{
show_report_if_allowed($allowed_modules, 'graphical_summary', $module->module_id);
show_report_if_allowed($grants, 'graphical_summary', $grant->permission_id);
}
foreach(array('categories', 'taxes', 'discounts', 'payments') as $sales_category)
{
show_report_if_allowed($allowed_modules, 'graphical_summary', $sales_category, 'sales');
show_report_if_allowed($grants, 'graphical_summary', $sales_category, 'sales');
}
?>
</ul>
@@ -21,13 +21,13 @@
<li><h3><?php echo $this->lang->line('reports_summary_reports'); ?></h3>
<ul>
<?php
foreach($allowed_modules->result() as $module)
foreach($grants->result() as $grant)
{
show_report_if_allowed($allowed_modules, 'summary', $module->module_id);
show_report_if_allowed($grants, 'summary', $grant->permission_id);
}
foreach(array('categories', 'taxes', 'discounts', 'payments') as $sales_category)
{
show_report_if_allowed($allowed_modules, 'summary', $sales_category, 'sales');
show_report_if_allowed($grants, 'summary', $sales_category, 'sales');
}
?>
</ul>
@@ -36,11 +36,11 @@
<li><h3><?php echo $this->lang->line('reports_detailed_reports'); ?></h3>
<ul>
<?php
show_report_if_allowed($allowed_modules, 'detailed', 'sales');
show_report_if_allowed($allowed_modules, 'detailed', 'receivings');
show_report_if_allowed($allowed_modules, 'specific', 'customer', 'customers');
show_report_if_allowed($allowed_modules, 'specific', 'discount', 'sales');
show_report_if_allowed($allowed_modules, 'specific', 'employee', 'employees');
show_report_if_allowed($grants, 'detailed', 'sales');
show_report_if_allowed($grants, 'detailed', 'receivings');
show_report_if_allowed($grants, 'specific', 'customer', 'customers');
show_report_if_allowed($grants, 'specific', 'discount', 'sales');
show_report_if_allowed($grants, 'specific', 'employee', 'employees');
?>
</ul>
</li>
@@ -51,8 +51,8 @@
<li><h3><?php echo $this->lang->line('reports_inventory_reports'); ?></h3>
<ul>
<?php
show_report_if_allowed($allowed_modules, '', 'inventory_low', 'inventory');
show_report_if_allowed($allowed_modules, '', 'inventory_summary', 'inventory');
show_report_if_allowed($grants, '', 'inventory_low', 'inventory');
show_report_if_allowed($grants, '', 'inventory_summary', 'inventory');
?>
</ul>
</li>

77
database/database.sql
View File

@@ -37,6 +37,7 @@ INSERT INTO `ospos_app_config` (`key`, `value`) VALUES
('return_policy', 'Test'),
('timezone', 'America/New_York'),
('website', ''),
('recv_invoice_format', ''),
('tax_included', '0');
-- --------------------------------------------------------
@@ -262,17 +263,9 @@ INSERT INTO `ospos_modules` (`name_lang_key`, `desc_lang_key`, `sort`, `module_i
('module_employees', 'module_employees_desc', 80, 'employees'),
('module_giftcards', 'module_giftcards_desc', 90, 'giftcards'),
('module_items', 'module_items_desc', 20, 'items'),
('module_items_stock0', 'module_items_stock0_desc', 20, 'items_stock0'),
('module_item_kits', 'module_item_kits_desc', 30, 'item_kits'),
('module_receivings', 'module_receivings_desc', 60, 'receivings'),
('module_reports', 'module_reports_desc', 50, 'reports'),
('module_reports_sales', 'module_reports_sales_desc', 51, 'reports_sales'),
('module_reports_receivings', 'module_reports_receivings_desc', 52, 'reports_receivings'),
('module_reports_items', 'module_reports_items_desc', 54, 'reports_items'),
('module_reports_inventory', 'module_reports_inventory_desc', 55, 'reports_inventory'),
('module_reports_customers', 'module_reports_customers_desc', 56, 'reports_customers'),
('module_reports_employees', 'module_reports_employees_desc', 57, 'reports_employees'),
('module_reports_suppliers', 'module_reports_suppliers_desc', 57, 'reports_suppliers'),
('module_sales', 'module_sales_desc', 70, 'sales'),
('module_suppliers', 'module_suppliers_desc', 40, 'suppliers');
@@ -296,7 +289,7 @@ CREATE TABLE `ospos_people` (
`comments` text NOT NULL,
`person_id` int(10) NOT NULL AUTO_INCREMENT,
PRIMARY KEY (`person_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 AUTO_INCREMENT=2 ;
) ENGINE=InnoDB DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;
--
-- Dumping data for table `ospos_people`
@@ -312,25 +305,64 @@ INSERT INTO `ospos_people` (`first_name`, `last_name`, `phone_number`, `email`,
--
CREATE TABLE `ospos_permissions` (
`permission_id` varchar(255) NOT NULL,
`module_id` varchar(255) NOT NULL,
`person_id` int(10) NOT NULL,
PRIMARY KEY (`module_id`,`person_id`),
KEY `person_id` (`person_id`)
`location_id` int(10) DEFAULT NULL,
PRIMARY KEY (`permission_id`),
KEY `module_id` (`module_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
--
-- Dumping data for table `ospos_permissions`
--
INSERT INTO `ospos_permissions` (`module_id`, `person_id`) VALUES
INSERT INTO `ospos_permissions` (`permission_id`, `module_id`) VALUES
('reports_customers', 'reports'),
('reports_receivings', 'reports'),
('reports_items', 'reports'),
('reports_inventory', 'reports'),
('reports_employees', 'reports'),
('reports_suppliers', 'reports'),
('reports_sales', 'reports'),
('customers', 'customers'),
('employees', 'employees'),
('giftcards', 'giftcards'),
('items', 'items'),
('item_kits', 'item_kits'),
('receivings', 'receivings'),
('reports', 'reports'),
('sales', 'sales'),
('suppliers', 'suppliers');
INSERT INTO `ospos_permissions` (`permission_id`, `module_id`, `location_id`) VALUES
('items_stock', 'items', 1);
-- --------------------------------------------------------
--
-- Table structure for table `ospos_grants`
--
CREATE TABLE `ospos_grants` (
`permission_id` varchar(255) NOT NULL,
`person_id` int(10) NOT NULL,
PRIMARY KEY (`permission_id`,`person_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
--
-- Dumping data for table `ospos_grants`
--
-- --------------------------------------------------------
INSERT INTO `ospos_grants` (`permission_id`, `person_id`) VALUES
('reports_customers', 1),
('reports_receivings', 1),
('reports_receivings', 1),
('reports_items', 1),
('reports_inventory', 1),
('reports_employees', 1),
('reports_suppliers', 1),
('reports_sales', 1),
('items_stock0', 1),
('reports_sales', 1),
('customers', 1),
('employees', 1),
('giftcards', 1),
@@ -341,8 +373,6 @@ INSERT INTO `ospos_permissions` (`module_id`, `person_id`) VALUES
('sales', 1),
('suppliers', 1);
-- --------------------------------------------------------
--
-- Table structure for table `ospos_receivings`
--
@@ -677,8 +707,15 @@ ALTER TABLE `ospos_item_kit_items`
-- Constraints for table `ospos_permissions`
--
ALTER TABLE `ospos_permissions`
ADD CONSTRAINT `ospos_permissions_ibfk_1` FOREIGN KEY (`person_id`) REFERENCES `ospos_employees` (`person_id`) ON DELETE CASCADE,
ADD CONSTRAINT `ospos_permissions_ibfk_2` FOREIGN KEY (`module_id`) REFERENCES `ospos_modules` (`module_id`) ON DELETE CASCADE;
ADD CONSTRAINT `ospos_permissions_ibfk_1` FOREIGN KEY (`module_id`) REFERENCES `ospos_modules` (`module_id`) ON DELETE CASCADE,
ADD CONSTRAINT `ospos_permissions_ibfk_2` FOREIGN KEY (`location_id`) REFERENCES `ospos_stock_locations` (`location_id`) ON DELETE CASCADE;
--
-- Constraints for table `ospos_grants`
--
ALTER TABLE `ospos_grants`
ADD CONSTRAINT `ospos_grants_ibfk_1` foreign key (`permission_id`) references `ospos_permissions` (`permission_id`),
ADD CONSTRAINT `ospos_grants_ibfk_2` foreign key (`person_id`) references `ospos_employees` (`person_id`);
--
-- Constraints for table `ospos_receivings`