[MRBS-general] Re: Area admin
Brought to you by:
jberanek
Menu
▾
▴
[MRBS-general] Re: Area admin
|
From: Roubeyrie L. <lro...@li...> - 2003-07-25 09:59:49
|
Hi,
I tried to make some changes in the source code for having a admin by area,
then I give you it if someone is interested. It uses the mrbs_userpass table
I created for my auth_sql.inc plugin, with a additional field for the id of
the user's area. Like this, I can give administration rights on one area at
many users :
id (PK) int(11)
user varchar(25)
pass varchar(25)
area_id int(11)
In mrbs_auth.inc, I put these two functions :
#----------------------------------------------------
/* getAreaId($user)
*
* Returns the area id of the user
*
* $user - The user name
* Returns:
* -1 - The user has no area
* >=0 - The id of the area
*/
function getAreaId($user)
{
$req = sql_query("SELECT area_id FROM mrbs_userpass WHERE user='$user'");
if (! $req) return -1;
else
{
$row = sql_row($req, 0);
return $row[0];
}
}
/* isAreaAdmin($user, $room_id)
*
* Check if the user is the admin of the room
*
* $user - The user name
*$room_id -The id of the room
* Returns:
* 0 - The user is not the admin
* 1 - The user is the admin
*/
function isAreaAdmin($user, $room_id)
{
$area_id = getAreaId($user);
$req = sql_query("SELECT area_id from mrbs_room where id=$room_id");
if (! $req) return 0;
else
{
$row = sql_row($req, 0);
$area_id2 = $row[0];
if ($area_id == $area_id2) return 1;
else return 0;
}
}
#----------------------------------------------------
In admin.php, I replaced :
#----------------------------------------------------
if(!getAuthorised(getUserName(), getUserPassword(), 2))
{
showAccessDenied($day, $month, $year, $area);
exit();
}
#----------------------------------------------------
by :
#----------------------------------------------------
$level=0;
if(!getAuthorised(getUserName(), getUserPassword(), 2))
{
if(getAuthorised(getUserName(), getUserPassword(), 1))
{
$area_id = getAreaId(getUserName());
$sql_areas = "select id, area_name from mrbs_area where id=$area_id";
$level = 1;
}
}
else
{
$sql_areas = "select id, area_name from mrbs_area order by area_name";
$level = 2;
}
if ($level == 0)
{
showAccessDenied($day, $month, $year, $area);
exit();
}
#----------------------------------------------------
and the lines :
#----------------------------------------------------
# This cell has the areas
$res = sql_query("select id, area_name from mrbs_area order by area_name");
#----------------------------------------------------
by :
#----------------------------------------------------
# This cell has the areas
$res = sql_query($sql_areas);
#----------------------------------------------------
Now, or we change the admin level at 1 in the
"if(!getAuthorised(getUserName(), getUserPassword(), 2))" in the files
add.php, del.php and edit_area_room, either we control the access user by
user. I prefer the second case because in the first, if an user is already
loggin in, he can delete a room where he doesn't have rights by changing the
url. Then, in edit_area_room.php, add.php and del.php, I replace :
#----------------------------------------------------
if(!getAuthorised(getUserName(), getUserPassword(), 2))
{
showAccessDenied($day, $month, $year, $area);
exit();
}
#----------------------------------------------------
by :
in edit_area_room.php and del.php :
#----------------------------------------------------
$level = 0;
if(!getAuthorised(getUserName(), getUserPassword(), 2))
{
if(getAuthorised(getUserName(), getUserPassword(), 1))
{
if (!empty($room))
{
if(isAreaAdmin(getUserName(), $room))
{
$level = 1;
}
}
}
}
else
{
$level = 2;
}
if ($level == 0)
{
showAccessDenied($day, $month, $year, $area);
exit();
}
#----------------------------------------------------
in add.php :
#----------------------------------------------------
$level=0;
if(!getAuthorised(getUserName(), getUserPassword(), 2))
{
if(getAuthorised(getUserName(), getUserPassword(), 1))
{
$area_id = getAreaId(getUserName());
if (($type == "room") and ($area == $area_id))
{
$level = 1;
}
}
}
else
{
$level = 2;
}
if ($level == 0)
{
showAccessDenied($day, $month, $year, $area);
exit();
}
#----------------------------------------------------
All comments are welcomed !
--
Lionel Roubeyrie - lro...@li...
http://www.limair.asso.fr
|