[MRBS-general] Re: Area admin
Brought to you by:
jberanek
From: Roubeyrie L. <lro...@li...> - 2003-07-25 09:59:49
|
Hi, I tried to make some changes in the source code for having a admin by area, then I give you it if someone is interested. It uses the mrbs_userpass table I created for my auth_sql.inc plugin, with a additional field for the id of the user's area. Like this, I can give administration rights on one area at many users : id (PK) int(11) user varchar(25) pass varchar(25) area_id int(11) In mrbs_auth.inc, I put these two functions : #---------------------------------------------------- /* getAreaId($user) * * Returns the area id of the user * * $user - The user name * Returns: * -1 - The user has no area * >=0 - The id of the area */ function getAreaId($user) { $req = sql_query("SELECT area_id FROM mrbs_userpass WHERE user='$user'"); if (! $req) return -1; else { $row = sql_row($req, 0); return $row[0]; } } /* isAreaAdmin($user, $room_id) * * Check if the user is the admin of the room * * $user - The user name *$room_id -The id of the room * Returns: * 0 - The user is not the admin * 1 - The user is the admin */ function isAreaAdmin($user, $room_id) { $area_id = getAreaId($user); $req = sql_query("SELECT area_id from mrbs_room where id=$room_id"); if (! $req) return 0; else { $row = sql_row($req, 0); $area_id2 = $row[0]; if ($area_id == $area_id2) return 1; else return 0; } } #---------------------------------------------------- In admin.php, I replaced : #---------------------------------------------------- if(!getAuthorised(getUserName(), getUserPassword(), 2)) { showAccessDenied($day, $month, $year, $area); exit(); } #---------------------------------------------------- by : #---------------------------------------------------- $level=0; if(!getAuthorised(getUserName(), getUserPassword(), 2)) { if(getAuthorised(getUserName(), getUserPassword(), 1)) { $area_id = getAreaId(getUserName()); $sql_areas = "select id, area_name from mrbs_area where id=$area_id"; $level = 1; } } else { $sql_areas = "select id, area_name from mrbs_area order by area_name"; $level = 2; } if ($level == 0) { showAccessDenied($day, $month, $year, $area); exit(); } #---------------------------------------------------- and the lines : #---------------------------------------------------- # This cell has the areas $res = sql_query("select id, area_name from mrbs_area order by area_name"); #---------------------------------------------------- by : #---------------------------------------------------- # This cell has the areas $res = sql_query($sql_areas); #---------------------------------------------------- Now, or we change the admin level at 1 in the "if(!getAuthorised(getUserName(), getUserPassword(), 2))" in the files add.php, del.php and edit_area_room, either we control the access user by user. I prefer the second case because in the first, if an user is already loggin in, he can delete a room where he doesn't have rights by changing the url. Then, in edit_area_room.php, add.php and del.php, I replace : #---------------------------------------------------- if(!getAuthorised(getUserName(), getUserPassword(), 2)) { showAccessDenied($day, $month, $year, $area); exit(); } #---------------------------------------------------- by : in edit_area_room.php and del.php : #---------------------------------------------------- $level = 0; if(!getAuthorised(getUserName(), getUserPassword(), 2)) { if(getAuthorised(getUserName(), getUserPassword(), 1)) { if (!empty($room)) { if(isAreaAdmin(getUserName(), $room)) { $level = 1; } } } } else { $level = 2; } if ($level == 0) { showAccessDenied($day, $month, $year, $area); exit(); } #---------------------------------------------------- in add.php : #---------------------------------------------------- $level=0; if(!getAuthorised(getUserName(), getUserPassword(), 2)) { if(getAuthorised(getUserName(), getUserPassword(), 1)) { $area_id = getAreaId(getUserName()); if (($type == "room") and ($area == $area_id)) { $level = 1; } } } else { $level = 2; } if ($level == 0) { showAccessDenied($day, $month, $year, $area); exit(); } #---------------------------------------------------- All comments are welcomed ! -- Lionel Roubeyrie - lro...@li... http://www.limair.asso.fr |