CoreLibs/development
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Various fixes for ACL Login methods with deprecated calls

Browse Source 
make all calls that go through primary keys as deprecated
create CUID calls for all of them
Update phpunit tests with new cuid tests, keep old deprecated tests
This commit is contained in:
Clemens Schwaighofer
2024-12-06 18:07:06 +09:00
parent b044999772
commit a84ab86e31
4 changed files with 278 additions and 111 deletions
Download Patch File Download Diff File Expand all files Collapse all files

105
4dev/tests/ACL/CoreLibsACLLoginTest.php
View File

@@ -22,8 +22,12 @@ Not yet covered tests:
*/ */
final class CoreLibsACLLoginTest extends TestCase final class CoreLibsACLLoginTest extends TestCase
{ {
private static $db; private static \CoreLibs\DB\IO $db;
private static $log; private static \CoreLibs\Logging\Logging $log;
private static string $edit_access_cuid;
private static string $edit_user_cuid;
private static string $edit_user_cuuid;
/** /**
* start DB conneciton, setup DB, etc * start DB conneciton, setup DB, etc
@@ -108,14 +112,40 @@ final class CoreLibsACLLoginTest extends TestCase
self::$db->dbSetMaxQueryCall(-1); self::$db->dbSetMaxQueryCall(-1);
// insert additional content for testing (locked user, etc) // insert additional content for testing (locked user, etc)
$queries = [ $queries = [
"INSERT INTO edit_access_data " <<<SQL
. "(edit_access_id, name, value, enabled) VALUES " INSERT INTO edit_access_data (
. "((SELECT edit_access_id FROM edit_access WHERE uid = 'AdminAccess'), " edit_access_id, name, value, enabled
. "'test', 'value', 1)" ) VALUES (
(SELECT edit_access_id FROM edit_access WHERE uid = 'AdminAccess'),
'test', 'value', 1
)
SQL
]; ];
foreach ($queries as $query) { foreach ($queries as $query) {
self::$db->dbExec($query); self::$db->dbExec($query);
} }
// read edit access cuid, edit user cuid and edit user cuuid
$row = self::$db->dbReturnRowParams(
"SELECT cuid FROM edit_access WHERE uid = $1",
["AdminAccess"]
);
self::$edit_access_cuid = $row['cuid'] ?? '';
if (empty(self::$edit_access_cuid)) {
self::markTestIncomplete(
'Cannot read edit access cuid for "AdminAccess".'
);
}
$row = self::$db->dbReturnRowParams(
"SELECT cuid, cuuid FROM edit_user WHERE username = $1",
["admin"]
);
self::$edit_user_cuid = $row['cuid'] ?? '';
self::$edit_user_cuuid = $row['cuuid'] ?? '';
if (empty(self::$edit_user_cuid) || empty(self::$edit_user_cuuid)) {
self::markTestIncomplete(
'Cannot read edit user cuid or cuuid for "admin".'
);
}
// define mandatory constant // define mandatory constant
// must set // must set
@@ -253,6 +283,7 @@ final class CoreLibsACLLoginTest extends TestCase
[ [
'page_name' => 'edit_users.php', 'page_name' => 'edit_users.php',
'edit_access_id' => 1, 'edit_access_id' => 1,
'edit_access_cuid' => 'SET_EDIT_ACCESS_CUID_IN_TEST',
'edit_access_uid' => 'AdminAccess', 'edit_access_uid' => 'AdminAccess',
'edit_access_data' => 'test', 'edit_access_data' => 'test',
'base_access' => 'list', 'base_access' => 'list',
@@ -273,10 +304,11 @@ final class CoreLibsACLLoginTest extends TestCase
'USER_ADDITIONAL_ACL' => [], 'USER_ADDITIONAL_ACL' => [],
'GROUP_ADDITIONAL_ACL' => [], 'GROUP_ADDITIONAL_ACL' => [],
'UNIT_UID' => [ 'UNIT_UID' => [
'AdminAccess' => 1, 'AdminAccess' => '123456789012',
], ],
'UNIT' => [ 'UNIT' => [
1 => [ '123456789012' => [
'id' => 1,
'acl_level' => 80, 'acl_level' => 80,
'name' => 'Admin Access', 'name' => 'Admin Access',
'uid' => 'AdminAccess', 'uid' => 'AdminAccess',
@@ -297,6 +329,7 @@ final class CoreLibsACLLoginTest extends TestCase
'admin_flag' => true, 'admin_flag' => true,
'check_access' => true, 'check_access' => true,
'check_access_id' => 1, 'check_access_id' => 1,
'check_access_cuid' => 'SET_EDIT_ACCESS_CUID_IN_TEST',
'check_access_data' => 'value', 'check_access_data' => 'value',
'base_access' => true, 'base_access' => true,
'page_access' => true, 'page_access' => true,
@@ -416,6 +449,7 @@ final class CoreLibsACLLoginTest extends TestCase
[ [
'page_name' => 'edit_users.php', 'page_name' => 'edit_users.php',
'edit_access_id' => 1, 'edit_access_id' => 1,
'edit_access_cuid' => 'SET_EDIT_ACCESS_CUID_IN_TEST',
'base_access' => 'list', 'base_access' => 'list',
'page_access' => 'list', 'page_access' => 'list',
'test_deleted' => true 'test_deleted' => true
@@ -441,6 +475,7 @@ final class CoreLibsACLLoginTest extends TestCase
[ [
'page_name' => 'edit_users.php', 'page_name' => 'edit_users.php',
'edit_access_id' => 1, 'edit_access_id' => 1,
'edit_access_cuid' => 'SET_EDIT_ACCESS_CUID_IN_TEST',
'base_access' => 'list', 'base_access' => 'list',
'page_access' => 'list', 'page_access' => 'list',
'test_enabled' => true 'test_enabled' => true
@@ -466,6 +501,7 @@ final class CoreLibsACLLoginTest extends TestCase
[ [
'page_name' => 'edit_users.php', 'page_name' => 'edit_users.php',
'edit_access_id' => 1, 'edit_access_id' => 1,
'edit_access_cuid' => 'SET_EDIT_ACCESS_CUID_IN_TEST',
'base_access' => 'list', 'base_access' => 'list',
'page_access' => 'list', 'page_access' => 'list',
'test_locked' => true 'test_locked' => true
@@ -491,6 +527,7 @@ final class CoreLibsACLLoginTest extends TestCase
[ [
'page_name' => 'edit_users.php', 'page_name' => 'edit_users.php',
'edit_access_id' => 1, 'edit_access_id' => 1,
'edit_access_cuid' => 'SET_EDIT_ACCESS_CUID_IN_TEST',
'base_access' => 'list', 'base_access' => 'list',
'page_access' => 'list', 'page_access' => 'list',
'test_get_locked' => true, 'test_get_locked' => true,
@@ -515,6 +552,7 @@ final class CoreLibsACLLoginTest extends TestCase
[ [
'page_name' => 'edit_users.php', 'page_name' => 'edit_users.php',
'edit_access_id' => 1, 'edit_access_id' => 1,
'edit_access_cuid' => 'SET_EDIT_ACCESS_CUID_IN_TEST',
'base_access' => 'list', 'base_access' => 'list',
'page_access' => 'list', 'page_access' => 'list',
'test_locked_period_until' => 'on' 'test_locked_period_until' => 'on'
@@ -540,6 +578,7 @@ final class CoreLibsACLLoginTest extends TestCase
[ [
'page_name' => 'edit_users.php', 'page_name' => 'edit_users.php',
'edit_access_id' => 1, 'edit_access_id' => 1,
'edit_access_cuid' => 'SET_EDIT_ACCESS_CUID_IN_TEST',
'edit_access_uid' => 'AdminAccess', 'edit_access_uid' => 'AdminAccess',
'edit_access_data' => 'test', 'edit_access_data' => 'test',
'base_access' => 'list', 'base_access' => 'list',
@@ -559,6 +598,7 @@ final class CoreLibsACLLoginTest extends TestCase
'admin_flag' => true, 'admin_flag' => true,
'check_access' => true, 'check_access' => true,
'check_access_id' => 1, 'check_access_id' => 1,
'check_access_cuid' => 'SET_EDIT_ACCESS_CUID_IN_TEST',
'check_access_data' => 'value', 'check_access_data' => 'value',
'base_access' => true, 'base_access' => true,
'page_access' => true, 'page_access' => true,
@@ -569,6 +609,7 @@ final class CoreLibsACLLoginTest extends TestCase
[ [
'page_name' => 'edit_users.php', 'page_name' => 'edit_users.php',
'edit_access_id' => 1, 'edit_access_id' => 1,
'edit_access_cuid' => 'SET_EDIT_ACCESS_CUID_IN_TEST',
'base_access' => 'list', 'base_access' => 'list',
'page_access' => 'list', 'page_access' => 'list',
'test_locked_period_after' => 'on' 'test_locked_period_after' => 'on'
@@ -594,6 +635,7 @@ final class CoreLibsACLLoginTest extends TestCase
[ [
'page_name' => 'edit_users.php', 'page_name' => 'edit_users.php',
'edit_access_id' => 1, 'edit_access_id' => 1,
'edit_access_cuid' => 'SET_EDIT_ACCESS_CUID_IN_TEST',
'base_access' => 'list', 'base_access' => 'list',
'page_access' => 'list', 'page_access' => 'list',
'test_locked_period_until' => 'on', 'test_locked_period_until' => 'on',
@@ -620,6 +662,7 @@ final class CoreLibsACLLoginTest extends TestCase
[ [
'page_name' => 'edit_users.php', 'page_name' => 'edit_users.php',
'edit_access_id' => 1, 'edit_access_id' => 1,
'edit_access_cuid' => 'SET_EDIT_ACCESS_CUID_IN_TEST',
'base_access' => 'list', 'base_access' => 'list',
'page_access' => 'list', 'page_access' => 'list',
'test_login_user_id_locked' => true 'test_login_user_id_locked' => true
@@ -645,6 +688,7 @@ final class CoreLibsACLLoginTest extends TestCase
[ [
'page_name' => 'edit_users.php', 'page_name' => 'edit_users.php',
'edit_access_id' => 1, 'edit_access_id' => 1,
'edit_access_cuid' => 'SET_EDIT_ACCESS_CUID_IN_TEST',
'edit_access_uid' => 'AdminAccess', 'edit_access_uid' => 'AdminAccess',
'edit_access_data' => 'test', 'edit_access_data' => 'test',
'base_access' => 'list', 'base_access' => 'list',
@@ -663,6 +707,7 @@ final class CoreLibsACLLoginTest extends TestCase
'admin_flag' => true, 'admin_flag' => true,
'check_access' => true, 'check_access' => true,
'check_access_id' => 1, 'check_access_id' => 1,
'check_access_cuid' => 'SET_EDIT_ACCESS_CUID_IN_TEST',
'check_access_data' => 'value', 'check_access_data' => 'value',
'base_access' => true, 'base_access' => true,
'page_access' => true, 'page_access' => true,
@@ -673,6 +718,7 @@ final class CoreLibsACLLoginTest extends TestCase
[ [
'page_name' => 'edit_users.php', 'page_name' => 'edit_users.php',
'edit_access_id' => 1, 'edit_access_id' => 1,
'edit_access_cuid' => 'SET_EDIT_ACCESS_CUID_IN_TEST',
'edit_access_uid' => 'AdminAccess', 'edit_access_uid' => 'AdminAccess',
'edit_access_data' => 'test', 'edit_access_data' => 'test',
'base_access' => 'list', 'base_access' => 'list',
@@ -692,6 +738,7 @@ final class CoreLibsACLLoginTest extends TestCase
'admin_flag' => true, 'admin_flag' => true,
'check_access' => true, 'check_access' => true,
'check_access_id' => 1, 'check_access_id' => 1,
'check_access_cuid' => 'SET_EDIT_ACCESS_CUID_IN_TEST',
'check_access_data' => 'value', 'check_access_data' => 'value',
'base_access' => true, 'base_access' => true,
'page_access' => true, 'page_access' => true,
@@ -702,6 +749,7 @@ final class CoreLibsACLLoginTest extends TestCase
[ [
'page_name' => 'edit_users.php', 'page_name' => 'edit_users.php',
'edit_access_id' => 1, 'edit_access_id' => 1,
'edit_access_cuid' => 'SET_EDIT_ACCESS_CUID_IN_TEST',
'edit_access_uid' => 'AdminAccess', 'edit_access_uid' => 'AdminAccess',
'edit_access_data' => 'test', 'edit_access_data' => 'test',
'base_access' => 'list', 'base_access' => 'list',
@@ -721,6 +769,7 @@ final class CoreLibsACLLoginTest extends TestCase
'admin_flag' => true, 'admin_flag' => true,
'check_access' => true, 'check_access' => true,
'check_access_id' => 1, 'check_access_id' => 1,
'check_access_cuid' => 'SET_EDIT_ACCESS_CUID_IN_TEST',
'check_access_data' => 'value', 'check_access_data' => 'value',
'base_access' => true, 'base_access' => true,
'page_access' => true, 'page_access' => true,
@@ -731,6 +780,7 @@ final class CoreLibsACLLoginTest extends TestCase
[ [
'page_name' => 'edit_users.php', 'page_name' => 'edit_users.php',
'edit_access_id' => 1, 'edit_access_id' => 1,
'edit_access_cuid' => 'SET_EDIT_ACCESS_CUID_IN_TEST',
'edit_access_uid' => 'AdminAccess', 'edit_access_uid' => 'AdminAccess',
'edit_access_data' => 'test', 'edit_access_data' => 'test',
'base_access' => 'list', 'base_access' => 'list',
@@ -750,6 +800,7 @@ final class CoreLibsACLLoginTest extends TestCase
'admin_flag' => true, 'admin_flag' => true,
'check_access' => true, 'check_access' => true,
'check_access_id' => 1, 'check_access_id' => 1,
'check_access_cuid' => 'SET_EDIT_ACCESS_CUID_IN_TEST',
'check_access_data' => 'value', 'check_access_data' => 'value',
'base_access' => true, 'base_access' => true,
'page_access' => true, 'page_access' => true,
@@ -781,6 +832,7 @@ final class CoreLibsACLLoginTest extends TestCase
[ [
'page_name' => 'edit_users.php', 'page_name' => 'edit_users.php',
'edit_access_id' => 1, 'edit_access_id' => 1,
'edit_access_cuid' => 'SET_EDIT_ACCESS_CUID_IN_TEST',
'edit_access_uid' => 'AdminAccess', 'edit_access_uid' => 'AdminAccess',
'edit_access_data' => 'test', 'edit_access_data' => 'test',
'base_access' => 'list', 'base_access' => 'list',
@@ -804,6 +856,7 @@ final class CoreLibsACLLoginTest extends TestCase
'admin_flag' => true, 'admin_flag' => true,
'check_access' => true, 'check_access' => true,
'check_access_id' => 1, 'check_access_id' => 1,
'check_access_cuid' => 'SET_EDIT_ACCESS_CUID_IN_TEST',
'check_access_data' => 'value', 'check_access_data' => 'value',
'base_access' => true, 'base_access' => true,
'page_access' => true, 'page_access' => true,
@@ -814,6 +867,7 @@ final class CoreLibsACLLoginTest extends TestCase
[ [
'page_name' => 'edit_users.php', 'page_name' => 'edit_users.php',
'edit_access_id' => 1, 'edit_access_id' => 1,
'edit_access_cuid' => 'SET_EDIT_ACCESS_CUID_IN_TEST',
'edit_access_uid' => 'AdminAccess', 'edit_access_uid' => 'AdminAccess',
'edit_access_data' => 'test', 'edit_access_data' => 'test',
'base_access' => 'list', 'base_access' => 'list',
@@ -837,6 +891,7 @@ final class CoreLibsACLLoginTest extends TestCase
'admin_flag' => true, 'admin_flag' => true,
'check_access' => true, 'check_access' => true,
'check_access_id' => 1, 'check_access_id' => 1,
'check_access_cuid' => 'SET_EDIT_ACCESS_CUID_IN_TEST',
'check_access_data' => 'value', 'check_access_data' => 'value',
'base_access' => true, 'base_access' => true,
'page_access' => true, 'page_access' => true,
@@ -847,6 +902,7 @@ final class CoreLibsACLLoginTest extends TestCase
[ [
'page_name' => 'edit_users.php', 'page_name' => 'edit_users.php',
'edit_access_id' => 1, 'edit_access_id' => 1,
'edit_access_cuid' => 'SET_EDIT_ACCESS_CUID_IN_TEST',
'base_access' => 'list', 'base_access' => 'list',
'page_access' => 'list', 'page_access' => 'list',
'test_login_user_id_revalidate_after' => 'on', 'test_login_user_id_revalidate_after' => 'on',
@@ -873,6 +929,7 @@ final class CoreLibsACLLoginTest extends TestCase
[ [
'page_name' => 'edit_users.php', 'page_name' => 'edit_users.php',
'edit_access_id' => 1, 'edit_access_id' => 1,
'edit_access_cuid' => 'SET_EDIT_ACCESS_CUID_IN_TEST',
'edit_access_uid' => 'AdminAccess', 'edit_access_uid' => 'AdminAccess',
'edit_access_data' => 'test', 'edit_access_data' => 'test',
'base_access' => 'list', 'base_access' => 'list',
@@ -893,6 +950,7 @@ final class CoreLibsACLLoginTest extends TestCase
'admin_flag' => true, 'admin_flag' => true,
'check_access' => true, 'check_access' => true,
'check_access_id' => 1, 'check_access_id' => 1,
'check_access_cuid' => 'SET_EDIT_ACCESS_CUID_IN_TEST',
'check_access_data' => 'value', 'check_access_data' => 'value',
'base_access' => true, 'base_access' => true,
'page_access' => true, 'page_access' => true,
@@ -903,6 +961,7 @@ final class CoreLibsACLLoginTest extends TestCase
[ [
'page_name' => 'edit_users.php', 'page_name' => 'edit_users.php',
'edit_access_id' => 1, 'edit_access_id' => 1,
'edit_access_cuid' => 'SET_EDIT_ACCESS_CUID_IN_TEST',
'base_access' => 'list', 'base_access' => 'list',
'page_access' => 'list', 'page_access' => 'list',
'test_login_user_id_valid_from' => 'on', 'test_login_user_id_valid_from' => 'on',
@@ -929,6 +988,7 @@ final class CoreLibsACLLoginTest extends TestCase
[ [
'page_name' => 'edit_users.php', 'page_name' => 'edit_users.php',
'edit_access_id' => 1, 'edit_access_id' => 1,
'edit_access_cuid' => 'SET_EDIT_ACCESS_CUID_IN_TEST',
'edit_access_uid' => 'AdminAccess', 'edit_access_uid' => 'AdminAccess',
'edit_access_data' => 'test', 'edit_access_data' => 'test',
'base_access' => 'list', 'base_access' => 'list',
@@ -949,6 +1009,7 @@ final class CoreLibsACLLoginTest extends TestCase
'admin_flag' => true, 'admin_flag' => true,
'check_access' => true, 'check_access' => true,
'check_access_id' => 1, 'check_access_id' => 1,
'check_access_cuid' => 'SET_EDIT_ACCESS_CUID_IN_TEST',
'check_access_data' => 'value', 'check_access_data' => 'value',
'base_access' => true, 'base_access' => true,
'page_access' => true, 'page_access' => true,
@@ -959,6 +1020,7 @@ final class CoreLibsACLLoginTest extends TestCase
[ [
'page_name' => 'edit_users.php', 'page_name' => 'edit_users.php',
'edit_access_id' => 1, 'edit_access_id' => 1,
'edit_access_cuid' => 'SET_EDIT_ACCESS_CUID_IN_TEST',
'base_access' => 'list', 'base_access' => 'list',
'page_access' => 'list', 'page_access' => 'list',
'test_login_user_id_valid_until' => 'on', 'test_login_user_id_valid_until' => 'on',
@@ -985,6 +1047,7 @@ final class CoreLibsACLLoginTest extends TestCase
[ [
'page_name' => 'edit_users.php', 'page_name' => 'edit_users.php',
'edit_access_id' => 1, 'edit_access_id' => 1,
'edit_access_cuid' => 'SET_EDIT_ACCESS_CUID_IN_TEST',
'base_access' => 'list', 'base_access' => 'list',
'page_access' => 'list', 'page_access' => 'list',
'test_login_user_id_valid_from' => 'on', 'test_login_user_id_valid_from' => 'on',
@@ -1012,6 +1075,7 @@ final class CoreLibsACLLoginTest extends TestCase
[ [
'page_name' => 'edit_users.php', 'page_name' => 'edit_users.php',
'edit_access_id' => 1, 'edit_access_id' => 1,
'edit_access_cuid' => 'SET_EDIT_ACCESS_CUID_IN_TEST',
'edit_access_uid' => 'AdminAccess', 'edit_access_uid' => 'AdminAccess',
'edit_access_data' => 'test', 'edit_access_data' => 'test',
'base_access' => 'list', 'base_access' => 'list',
@@ -1042,6 +1106,7 @@ final class CoreLibsACLLoginTest extends TestCase
'admin_flag' => true, 'admin_flag' => true,
'check_access' => true, 'check_access' => true,
'check_access_id' => 1, 'check_access_id' => 1,
'check_access_cuid' => 'SET_EDIT_ACCESS_CUID_IN_TEST',
'check_access_data' => 'value', 'check_access_data' => 'value',
'base_access' => true, 'base_access' => true,
'page_access' => true, 'page_access' => true,
@@ -1369,6 +1434,9 @@ final class CoreLibsACLLoginTest extends TestCase
// run test // run test
try { try {
// preset, we cannot set that in the provider
$expected['check_access_cuid'] = self::$edit_access_cuid;
$mock_settings['edit_access_cuid'] = self::$edit_access_cuid;
// if ajax call // if ajax call
// check if parameter, or globals (old type) // check if parameter, or globals (old type)
// else normal call // else normal call
@@ -1427,6 +1495,25 @@ final class CoreLibsACLLoginTest extends TestCase
$login_mock->loginCheckAccessPage($mock_settings['page_access']), $login_mock->loginCheckAccessPage($mock_settings['page_access']),
'Assert page access' 'Assert page access'
); );
// - loginCheckEditAccessCuid
$this->assertEquals(
$expected['check_access'],
$login_mock->loginCheckEditAccessCuid($mock_settings['edit_access_cuid']),
'Assert check access'
);
// - loginCheckEditAccessValidCuid
$this->assertEquals(
$expected['check_access_cuid'],
$login_mock->loginCheckEditAccessValidCuid($mock_settings['edit_access_cuid']),
'Assert check access cuid valid'
);
// - loginGetEditAccessCuidFromUid
$this->assertEquals(
$expected['check_access_cuid'],
$login_mock->loginGetEditAccessCuidFromUid($mock_settings['edit_access_uid']),
'Assert check access uid to cuid valid'
);
// Deprecated
// - loginCheckEditAccess // - loginCheckEditAccess
$this->assertEquals( $this->assertEquals(
$expected['check_access'], $expected['check_access'],
@@ -1449,7 +1536,7 @@ final class CoreLibsACLLoginTest extends TestCase
$this->assertEquals( $this->assertEquals(
$expected['check_access_data'], $expected['check_access_data'],
$login_mock->loginGetEditAccessData( $login_mock->loginGetEditAccessData(
$mock_settings['edit_access_id'], $mock_settings['edit_access_uid'],
$mock_settings['edit_access_data'] $mock_settings['edit_access_data']
), ),
'Assert check access id data value valid' 'Assert check access id data value valid'

76
www/admin/class_test.login.php
View File

@@ -17,6 +17,9 @@ require 'config.php';
// define log file id // define log file id
$LOG_FILE_ID = 'classTest-login'; $LOG_FILE_ID = 'classTest-login';
$SET_SESSION_NAME = EDIT_SESSION_NAME; $SET_SESSION_NAME = EDIT_SESSION_NAME;
use CoreLibs\Debug\Support;
// init login & backend class // init login & backend class
$session = new CoreLibs\Create\Session($SET_SESSION_NAME); $session = new CoreLibs\Create\Session($SET_SESSION_NAME);
$log = new CoreLibs\Logging\Logging([ $log = new CoreLibs\Logging\Logging([
@@ -43,24 +46,81 @@ ob_end_flush();
$login->loginMainCall(); $login->loginMainCall();
$PAGE_NAME = 'TEST CLASS: LOGIN'; $PAGE_NAME = 'TEST CLASS: LOGIN';
print "<!DOCTYPE html>"; print str_replace(
print "<html><head><title>" . $PAGE_NAME . "</title></head>"; '{PAGE_NAME}',
print "<body>"; $PAGE_NAME,
print '<div><a href="class_test.php">Class Test Master</a></div>'; <<<HTML
print '<div><h1>' . $PAGE_NAME . '</h1></div>'; <!DOCTYPE html>
<html><head>
<title>{PAGE_NAME}</title>
</head>
<body>
<div><a href="class_test.php">Class Test Master</a></div>
<div><h1>{PAGE_NAME}</h1></div>
HTML
);
// button logout
print <<<HTML
<script language="JavaScript">
function loginLogout()
{
const form = document.createElement('form');
form.method = 'post';
const hiddenField = document.createElement('input');
hiddenField.type = 'hidden';
hiddenField.name = 'login_logout';
hiddenField.value = 'Logout';
form.appendChild(hiddenField);
document.body.appendChild(form);
form.submit();
}
</script>
<div style="margin: 20px 0;">
<button onclick="loginLogout();" type="button">Logout</button>
</div>
HTML;
// string logout
print <<<HTML
<div style="margin: 20px 0;">
<form method="post" name="loginlogout">
<a href="javascript:document.loginlogout.login_logout.value=Logout;document.loginlogout.submit();">Logout</a>
<input type="hidden" name="login_logout" value="">
</form>
</div>
HTML;
echo "CHECK PERMISSION: " . ($login->loginCheckPermissions() ? 'OK' : 'BAD') . "<br>"; echo "CHECK PERMISSION: " . ($login->loginCheckPermissions() ? 'OK' : 'BAD') . "<br>";
echo "IS ADMIN: " . ($login->loginIsAdmin() ? 'OK' : 'BAD') . "<br>"; echo "IS ADMIN: " . ($login->loginIsAdmin() ? 'OK' : 'BAD') . "<br>";
echo "MIN ACCESS BASE: " . ($login->loginCheckAccessBase('admin') ? 'OK' : 'BAD') . "<br>"; echo "MIN ACCESS BASE: " . ($login->loginCheckAccessBase('admin') ? 'OK' : 'BAD') . "<br>";
echo "MIN ACCESS PAGE: " . ($login->loginCheckAccessPage('admin') ? 'OK' : 'BAD') . "<br>"; echo "MIN ACCESS PAGE: " . ($login->loginCheckAccessPage('admin') ? 'OK' : 'BAD') . "<br>";
echo "ACL: " . \CoreLibs\Debug\Support::printAr($login->loginGetAcl()) . "<br>"; echo "ACL: " . Support::printAr($login->loginGetAcl()) . "<br>";
echo "ACL (MIN): " . \CoreLibs\Debug\Support::printAr($login->loginGetAcl()['min'] ?? []) . "<br>"; echo "ACL (MIN): " . Support::printAr($login->loginGetAcl()['min'] ?? []) . "<br>";
echo "LOCALE: " . \CoreLibs\Debug\Support::printAr($login->loginGetLocale()) . "<br>"; echo "LOCALE: " . Support::printAr($login->loginGetLocale()) . "<br>";
echo "ECUID: " . $login->loginGetEcuid() . "<br>"; echo "ECUID: " . $login->loginGetEcuid() . "<br>";
echo "ECUUID: " . $login->loginGetEcuuid() . "<br>"; echo "ECUUID: " . $login->loginGetEcuuid() . "<br>";
echo "<hr>";
// set + check edit access id
$edit_access_cuid = 'buRW8Gu2Lkkf';
if (isset($login->loginGetAcl()['unit'])) {
print "EDIT ACCESS CUID: " . $edit_access_cuid . "<br>";
print "ACL UNIT: " . print_r(array_keys($login->loginGetAcl()['unit']), true) . "<br>";
print "ACCESS CHECK: " . Support::prBl($login->loginCheckEditAccessCuid($edit_access_cuid)) . "<br>";
if ($login->loginCheckEditAccessCuid($edit_access_cuid)) {
print "Set new:" . $edit_access_cuid . "<br>";
} else {
print "Load default unit id: " . $login->loginGetAcl()['unit_id'] . "<br>";
}
} else {
print "Something went wrong with the login<br>";
}
echo "<hr>";
print "SESSION: " . Support::printAr($_SESSION) . "<br>";
$login->writeLog( $login->writeLog(
'TEST LOG', 'TEST LOG',
[ [

51
www/admin/class_test.php
View File

@@ -149,33 +149,20 @@ foreach ($test_files as $file => $name) {
print '<div><a href="' . $file . '">' . $name . '</a></div>'; print '<div><a href="' . $file . '">' . $name . '</a></div>';
} }
print "<br>";
print "ECUID: " . $session->get('ECUID') . "<br>";
print "ECUUID: " . $session->get('ECUUID') . "<br>";
print "<hr>"; print "<hr>";
print "L: " . Support::dumpVar($locale) . "<br>"; print "LOCALE: " . Support::dumpVar($locale) . "<br>";
// print all _ENV vars set // print all _ENV vars set
print "<div>READ _ENV ARRAY:</div>"; print "<div>READ _ENV ARRAY:</div>";
print Support::dumpVar(array_map('htmlentities', $_ENV)); print Support::dumpVar(array_map('htmlentities', $_ENV));
// set + check edit access id
$edit_access_id = 3;
if (isset($login->loginGetAcl()['unit'])) {
print "ACL UNIT: " . print_r(array_keys($login->loginGetAcl()['unit']), true) . "<br>";
print "ACCESS CHECK: " . (string)$login->loginCheckEditAccess($edit_access_id) . "<br>";
if ($login->loginCheckEditAccess($edit_access_id)) {
$backend->edit_access_id = $edit_access_id;
} else {
$backend->edit_access_id = $login->loginGetAcl()['unit_id'];
}
} else {
print "Something went wrong with the login<br>";
}
// $backend->log->debug('SESSION', \CoreLibs\Debug\Support::dumpVar($_SESSION)); // $backend->log->debug('SESSION', \CoreLibs\Debug\Support::dumpVar($_SESSION));
print '<form method="post" name="loginlogout">'; print "<br>";
print '<a href="javascript:document.loginlogout.login_logout.value=\'Logou\';'
. 'document.loginlogout.submit();">Logout</a>';
print '<input type="hidden" name="login_logout" value="">';
print '</form>';
print "Log Level: " . $backend->log->getLoggingLevel()->getName() . "<br>"; print "Log Level: " . $backend->log->getLoggingLevel()->getName() . "<br>";
print "Log ID: " . $backend->log->getLogFileId() . "<br>"; print "Log ID: " . $backend->log->getLogFileId() . "<br>";
print "Log Date: " . $backend->log->getLogDate() . "<br>"; print "Log Date: " . $backend->log->getLogDate() . "<br>";
@@ -197,26 +184,7 @@ foreach (
$log->debug('SOME MARK', 'Some error output'); $log->debug('SOME MARK', 'Some error output');
// INTERNAL SET print "<br>";
print "EDIT ACCESS ID: " . $backend->edit_access_id . "<br>";
// print "ACL: <br>".$backend->print_ar($login->loginGetAcl())."<br>";
// $log->debug('ACL', "ACL: " . \CoreLibs\Debug\Support::dumpVar($login->loginGetAcl()));
// print "DEFAULT ACL: <br>".$backend->print_ar($login->default_acl_list)."<br>";
// print "DEFAULT ACL: <br>".$backend->print_ar($login->default_acl_list)."<br>";
// $result = array_flip(
// array_filter(
// array_flip($login->default_acl_list),
// function ($key) {
// if (is_numeric($key)) {
// return $key;
// }
// }
// )
// );
// print "DEFAULT ACL: <br>".$backend->print_ar($result)."<br>";
// DEPRICATED CALL
// $backend->adbSetACL($login->loginGetAcl());
print "THIS HOST: " . HOST_NAME . ", with PROTOCOL: " . HOST_PROTOCOL . " is running SSL: " . HOST_SSL . "<br>"; print "THIS HOST: " . HOST_NAME . ", with PROTOCOL: " . HOST_PROTOCOL . " is running SSL: " . HOST_SSL . "<br>";
print "DIR: " . DIR . "<br>"; print "DIR: " . DIR . "<br>";
print "BASE: " . BASE . "<br>"; print "BASE: " . BASE . "<br>";
@@ -226,9 +194,6 @@ print "HOST: " . HOST_NAME . " => DB HOST: " . DB_CONFIG_NAME . " => " . Support
print "DS is: " . DIRECTORY_SEPARATOR . "<br>"; print "DS is: " . DIRECTORY_SEPARATOR . "<br>";
print "SERVER HOST: " . $_SERVER['HTTP_HOST'] . "<br>"; print "SERVER HOST: " . $_SERVER['HTTP_HOST'] . "<br>";
print "ECUID: " . $session->get('ECUID') . "<br>";
print "ECUUID: " . $session->get('ECUUID') . "<br>";
print "</body></html>"; print "</body></html>";
# __END__ # __END__

157
www/lib/CoreLibs/ACL/Login.php
View File

@@ -1132,11 +1132,14 @@ class Login
AND eau.enabled = 1 AND edit_user_id = $1 AND eau.enabled = 1 AND edit_user_id = $1
ORDER BY ea.name ORDER BY ea.name
SQL; SQL;
$unit_access = []; $unit_access_cuid = [];
// legacy
$unit_access_eaid = [];
$unit_cuid_lookup = []; $unit_cuid_lookup = [];
$eauid = []; $eaid = [];
$eacuid = [];
$unit_acl = []; $unit_acl = [];
$unit_uid_kookup = []; $unit_uid_lookup = [];
while (is_array($res = $this->db->dbReturnParams($q, [$this->euid]))) { while (is_array($res = $this->db->dbReturnParams($q, [$this->euid]))) {
// read edit access data fields and drop them into the unit access array // read edit access data fields and drop them into the unit access array
$q_sub = <<<SQL $q_sub = <<<SQL
@@ -1148,10 +1151,9 @@ class Login
while (is_array($res_sub = $this->db->dbReturnParams($q_sub, [$res['edit_access_id']]))) { while (is_array($res_sub = $this->db->dbReturnParams($q_sub, [$res['edit_access_id']]))) {
$ea_data[$res_sub['name']] = $res_sub['value']; $ea_data[$res_sub['name']] = $res_sub['value'];
} }
$unit_cuid_lookup[$res['edit_access_id']] = $res['cuid'];
// build master unit array // build master unit array
$unit_access[$res['cuid']] = [ $unit_access_cuid[$res['cuid']] = [
'id' => (int)$res['edit_access_id'], 'id' => (int)$res['edit_access_id'], // DEPRECATED
'acl_level' => $res['level'], 'acl_level' => $res['level'],
'acl_type' => $res['type'], 'acl_type' => $res['type'],
'name' => $res['name'], 'name' => $res['name'],
@@ -1161,22 +1163,29 @@ class Login
'additional_acl' => Json::jsonConvertToArray($res['additional_acl']), 'additional_acl' => Json::jsonConvertToArray($res['additional_acl']),
'data' => $ea_data 'data' => $ea_data
]; ];
$unit_access_eaid[$res['edit_access_id']] = [
'cuid' => $res['cuid'],
];
// set the default unit // set the default unit
if ($res['edit_default']) { if ($res['edit_default']) {
$this->session->set('UNIT_DEFAULT', (int)$res['edit_access_id']); $this->session->set('UNIT_DEFAULT_EAID', (int)$res['edit_access_id']); // DEPRECATED
$this->session->set('UNIT_DEFAULT_CUID', (int)$res['cuid']); $this->session->set('UNIT_DEFAULT_EACUID', (int)$res['cuid']);
} }
$unit_uid_kookup[$res['uid']] = (int)$res['edit_access_id']; $unit_uid_lookup[$res['uid']] = $res['edit_access_id']; // DEPRECATED
$unit_cuid_lookup[$res['uid']] = $res['cuid'];
// sub arrays for simple access // sub arrays for simple access
array_push($eauid, $res['edit_access_id']); array_push($eaid, $res['edit_access_id']);
$unit_acl[$res['edit_access_id']] = $res['level']; array_push($eacuid, $res['cuid']);
$unit_acl[$res['cuid']] = $res['level'];
} }
$this->session->setMany([ $this->session->setMany([
'UNIT_UID' => $unit_uid_kookup, 'UNIT_UID' => $unit_uid_lookup, // DEPRECATED
'UNIT_CUID' => $unit_cuid_lookup, 'UNIT_CUID' => $unit_cuid_lookup,
'UNIT' => $unit_access, 'UNIT' => $unit_access_cuid,
'UNIT_LEGACY' => $unit_access_eaid, // DEPRECATED
'UNIT_ACL_LEVEL' => $unit_acl, 'UNIT_ACL_LEVEL' => $unit_acl,
'EAID' => $eauid, 'EAID' => $eaid, // DEPRECATED
'EACUID' => $eacuid,
]); ]);
} // user has permission to THIS page } // user has permission to THIS page
} // user was not enabled or other login error } // user was not enabled or other login error
@@ -1308,32 +1317,35 @@ class Login
$this->acl['unit_name'] = null; $this->acl['unit_name'] = null;
$this->acl['unit_uid'] = null; $this->acl['unit_uid'] = null;
$this->acl['unit'] = []; $this->acl['unit'] = [];
$this->acl['unit_legacy'] = [];
$this->acl['unit_detail'] = []; $this->acl['unit_detail'] = [];
// PER ACCOUNT (UNIT/edit access)-> // PER ACCOUNT (UNIT/edit access)->
foreach ($_SESSION['UNIT'] as $ea_id => $unit) { foreach ($_SESSION['UNIT'] as $ea_cuid => $unit) {
// if admin flag is set, all units are set to 100 // if admin flag is set, all units are set to 100
if (!empty($this->acl['admin'])) { if (!empty($this->acl['admin'])) {
$this->acl['unit'][$ea_id] = $this->acl['base']; $this->acl['unit'][$ea_cuid] = $this->acl['base'];
} else { } else {
if ($unit['acl_level'] != -1) { if ($unit['acl_level'] != -1) {
$this->acl['unit'][$ea_id] = $unit['acl_level']; $this->acl['unit'][$ea_cuid] = $unit['acl_level'];
} else { } else {
$this->acl['unit'][$ea_id] = $this->acl['base']; $this->acl['unit'][$ea_cuid] = $this->acl['base'];
} }
} }
// legacy
$this->acl['unit_legacy'][$unit['id']] = $this->acl['unit'][$ea_cuid];
// detail name/level set // detail name/level set
$this->acl['unit_detail'][$ea_id] = [ $this->acl['unit_detail'][$ea_cuid] = [
'name' => $unit['name'], 'name' => $unit['name'],
'uid' => $unit['uid'], 'uid' => $unit['uid'],
'level' => $this->default_acl_list[$this->acl['unit'][$ea_id]]['name'] ?? -1, 'level' => $this->default_acl_list[$this->acl['unit'][$ea_cuid]]['name'] ?? -1,
'default' => $unit['default'], 'default' => $unit['default'],
'data' => $unit['data'], 'data' => $unit['data'],
'additional_acl' => $unit['additional_acl'] 'additional_acl' => $unit['additional_acl']
]; ];
// set default // set default
if (!empty($unit['default'])) { if (!empty($unit['default'])) {
$this->acl['unit_id'] = $unit['id']; $this->acl['unit_cuid'] = $ea_cuid;
$this->acl['unit_name'] = $unit['name']; $this->acl['unit_name'] = $unit['name'];
$this->acl['unit_uid'] = $unit['uid']; $this->acl['unit_uid'] = $unit['uid'];
} }
@@ -2741,18 +2753,60 @@ HTML;
* @param int|null $edit_access_id access id pk to check * @param int|null $edit_access_id access id pk to check
* @return bool true/false: if the edit access is not * @return bool true/false: if the edit access is not
* in the valid list: false * in the valid list: false
* @deprecated Please switch to using edit access cuid check with ->loginCheckEditAccessCuid()
*/ */
public function loginCheckEditAccess(?int $edit_access_id): bool public function loginCheckEditAccess(?int $edit_access_id): bool
{ {
if ($edit_access_id === null) { if ($edit_access_id === null) {
return false; return false;
} }
if (array_key_exists($edit_access_id, $this->acl['unit'])) { if (array_key_exists($edit_access_id, $this->acl['unit_legacy'])) {
return true; return true;
} }
return false; return false;
} }
/**
* check if this edit access cuid is valid
*
* @param string|null $cuid
* @return bool
*/
public function loginCheckEditAccessCuid(?string $cuid): bool
{
if ($cuid === null) {
return false;
}
if (array_key_exists($cuid, $this->acl['unit'])) {
return true;
}
return false;
}
/**
* checks that the given edit access id is valid for this user
* return null if nothing set, or the edit access id
*
* @param string|null $cuid edit access cuid to check
* @return string|null same edit access cuid if ok
* or the default edit access id
* if given one is not valid
*/
public function loginCheckEditAccessValidCuid(?string $cuid): ?string
{
if (
$cuid !== null &&
is_array($this->session->get('UNIT')) &&
!array_key_exists($cuid, $this->session->get('UNIT'))
) {
$cuid = null;
if (!empty($this->session->get('UNIT_DEFAULT_EACUID'))) {
$cuid = $this->session->get('UNIT_DEFAULT_EACUID');
}
}
return $cuid;
}
/** /**
* checks that the given edit access id is valid for this user * checks that the given edit access id is valid for this user
* return null if nothing set, or the edit access id * return null if nothing set, or the edit access id
@@ -2761,53 +2815,39 @@ HTML;
* @return int|null same edit access id if ok * @return int|null same edit access id if ok
* or the default edit access id * or the default edit access id
* if given one is not valid * if given one is not valid
* @deprecated Please switch to using edit access cuid check with ->loginCheckEditAccessValidCuid()
*/ */
public function loginCheckEditAccessId(?int $edit_access_id): ?int public function loginCheckEditAccessId(?int $edit_access_id): ?int
{ {
if ( if (
$edit_access_id !== null && $edit_access_id !== null &&
is_array($this->session->get('UNIT')) && is_array($this->session->get('UNIT_LEGACY')) &&
!array_key_exists($edit_access_id, $this->session->get('UNIT')) !array_key_exists($edit_access_id, $this->session->get('UNIT_LEGACY'))
) { ) {
$edit_access_id = null; $edit_access_id = null;
if (is_numeric($this->session->get('UNIT_DEFAULT'))) { if (!empty($this->session->get('UNIT_DEFAULT_EAID'))) {
$edit_access_id = (int)$this->session->get('UNIT_DEFAULT'); $edit_access_id = (int)$this->session->get('UNIT_DEFAULT_EAID');
} }
} }
return $edit_access_id; return $edit_access_id;
} }
/** /**
* return a set entry from the UNIT session for an edit access_id * return a set entry from the UNIT session for an edit access cuid
* if not found return false * if not found return false
* *
* @param int $edit_access_id edit access id * @param string $cuid edit access cuid
* @param string|int $data_key key value to search for * @param string|int $data_key key value to search for
* @return bool|string false for not found or string for found data * @return false|string false for not found or string for found data
*/ */
public function loginGetEditAccessData( public function loginGetEditAccessData(
int $edit_access_id, string $cuid,
string|int $data_key string|int $data_key
): bool|string { ): false|string {
if (!isset($_SESSION['UNIT'][$edit_access_id]['data'][$data_key])) { if (!isset($_SESSION['UNIT'][$cuid]['data'][$data_key])) {
return false; return false;
} }
return $_SESSION['UNIT'][$edit_access_id]['data'][$data_key]; return $_SESSION['UNIT'][$cuid]['data'][$data_key];
}
/**
* old name for loginGetEditAccessData
*
* @deprecated Use $login->loginGetEditAccessData()
* @param int $edit_access_id
* @param string|int $data_key
* @return bool|string
*/
public function loginSetEditAccessData(
int $edit_access_id,
string|int $data_key
): bool|string {
return $this->loginGetEditAccessData($edit_access_id, $data_key);
} }
/** /**
@@ -2815,9 +2855,10 @@ HTML;
* false on not found * false on not found
* *
* @param string $uid Edit Access UID to look for * @param string $uid Edit Access UID to look for
* @return int|bool Either primary key in int or false in bool for not found * @return int|false Either primary key in int or false in bool for not found
* @deprecated use loginGetEditAccessCuidFromUid
*/ */
public function loginGetEditAccessIdFromUid(string $uid): int|bool public function loginGetEditAccessIdFromUid(string $uid): int|false
{ {
if (!isset($_SESSION['UNIT_UID'][$uid])) { if (!isset($_SESSION['UNIT_UID'][$uid])) {
return false; return false;
@@ -2825,6 +2866,20 @@ HTML;
return (int)$_SESSION['UNIT_UID'][$uid]; return (int)$_SESSION['UNIT_UID'][$uid];
} }
/**
* Get the edit access UID from the edit access CUID
*
* @param string $uid
* @return int|false
*/
public function loginGetEditAccessCuidFromUid(string $uid): int|false
{
if (!isset($_SESSION['UNIT_CUID'][$uid])) {
return false;
}
return (int)$_SESSION['UNIT_CUID'][$uid];
}
/** /**
* Check if admin flag is set * Check if admin flag is set
* *