Compare commits
3 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
b9d8911c7b | ||
|
|
c51ceb926e | ||
|
|
b4b33d6873 |
@@ -267,6 +267,8 @@ final class CoreLibsACLLoginTest extends TestCase
|
|||||||
'GROUP_ACL_LEVEL' => -1,
|
'GROUP_ACL_LEVEL' => -1,
|
||||||
'PAGES_ACL_LEVEL' => [],
|
'PAGES_ACL_LEVEL' => [],
|
||||||
'USER_ACL_LEVEL' => -1,
|
'USER_ACL_LEVEL' => -1,
|
||||||
|
'USER_ADDITIONAL_ACL' => [],
|
||||||
|
'GROUP_ADDITIONAL_ACL' => [],
|
||||||
'UNIT_UID' => [
|
'UNIT_UID' => [
|
||||||
'AdminAccess' => 1,
|
'AdminAccess' => 1,
|
||||||
],
|
],
|
||||||
@@ -280,6 +282,7 @@ final class CoreLibsACLLoginTest extends TestCase
|
|||||||
'data' => [
|
'data' => [
|
||||||
'test' => 'value',
|
'test' => 'value',
|
||||||
],
|
],
|
||||||
|
'additional_acl' => []
|
||||||
],
|
],
|
||||||
],
|
],
|
||||||
// 'UNIT_DEFAULT' => '',
|
// 'UNIT_DEFAULT' => '',
|
||||||
|
|||||||
@@ -212,11 +212,11 @@ $query = <<<EOM
|
|||||||
INSERT INTO
|
INSERT INTO
|
||||||
test_foo
|
test_foo
|
||||||
(
|
(
|
||||||
test
|
test, string_a
|
||||||
) VALUES (
|
) VALUES (
|
||||||
$1
|
$1, '$2'
|
||||||
)
|
)
|
||||||
RETURNING test
|
RETURNING test, string_a
|
||||||
EOM;
|
EOM;
|
||||||
$db->dbPrepare("ins_test_foo_eom", $query);
|
$db->dbPrepare("ins_test_foo_eom", $query);
|
||||||
$status = $db->dbExecute("ins_test_foo_eom", ['EOM BAR TEST ' . time()]);
|
$status = $db->dbExecute("ins_test_foo_eom", ['EOM BAR TEST ' . time()]);
|
||||||
@@ -413,13 +413,35 @@ if (is_array($s_res = $db->dbReturnRow($q)) && !empty($s_res['test'])) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// UPDATE WITH RETURNING
|
// UPDATE WITH RETURNING
|
||||||
$status = $db->dbExec("UPDATE test_foo SET test = 'SOMETHING DIFFERENT' "
|
$status = $db->dbExec("UPDATE test_foo SET test = 'SOMETHING DIFFERENT', string_a = '" . (string)rand(1, 100) . "' "
|
||||||
. "WHERE test_foo_id = " . (int)$last_insert_pk . " RETURNING test");
|
. "WHERE test_foo_id = " . (int)$last_insert_pk . " RETURNING test_foo.test, string_a");
|
||||||
print "UPDATE WITH PK " . Support::printToString($last_insert_pk)
|
print "UPDATE WITH PK " . Support::printToString($last_insert_pk)
|
||||||
. " RETURN STATUS: " . Support::printToString($status) . " |<br>"
|
. " RETURN STATUS: " . Support::printToString($status) . " |<br>"
|
||||||
. "QUERY: " . $db->dbGetQuery() . " |<br>"
|
. "QUERY: " . $db->dbGetQuery() . " |<br>"
|
||||||
. "RETURNING EXT: " . print_r($db->dbGetReturningExt(), true) . " | "
|
. "RETURNING EXT: " . print_r($db->dbGetReturningExt(), true) . " | "
|
||||||
. "RETURNING ARRAY: " . print_r($db->dbGetReturningArray(), true) . "<br>";
|
. "RETURNING ARRAY: " . print_r($db->dbGetReturningArray(), true) . "<br>";
|
||||||
|
// UPDATE BUT EOM STYLE
|
||||||
|
$status = $db->dbExecParams(
|
||||||
|
<<<EOM
|
||||||
|
UPDATE
|
||||||
|
test_foo
|
||||||
|
SET
|
||||||
|
test = ?,
|
||||||
|
string_a = ?
|
||||||
|
WHERE
|
||||||
|
tset_foo_id = ?
|
||||||
|
RETURNING
|
||||||
|
test_foo.test, string_a
|
||||||
|
EOM,
|
||||||
|
['SOMETHING DIFFERENT EOM', (string)rand(1, 100)]
|
||||||
|
);
|
||||||
|
print "UPDATE EOM WITH PK " . Support::printToString($last_insert_pk)
|
||||||
|
. " RETURN STATUS: " . Support::printToString($status) . " |<br>"
|
||||||
|
. "QUERY: " . $db->dbGetQuery() . " |<br>"
|
||||||
|
. "RETURNING EXT: " . print_r($db->dbGetReturningExt(), true) . " | "
|
||||||
|
. "RETURNING ARRAY: " . print_r($db->dbGetReturningArray(), true) . "<br>";
|
||||||
|
|
||||||
|
// a stand alone insert?
|
||||||
$db->dbExec("INSERT INTO test_foo (test) VALUES ('STAND ALONE')");
|
$db->dbExec("INSERT INTO test_foo (test) VALUES ('STAND ALONE')");
|
||||||
|
|
||||||
// INSERT WITH NO RETURNING
|
// INSERT WITH NO RETURNING
|
||||||
|
|||||||
@@ -69,6 +69,7 @@ declare(strict_types=1);
|
|||||||
namespace CoreLibs\ACL;
|
namespace CoreLibs\ACL;
|
||||||
|
|
||||||
use CoreLibs\Check\Password;
|
use CoreLibs\Check\Password;
|
||||||
|
use CoreLibs\Convert\Json;
|
||||||
|
|
||||||
class Login
|
class Login
|
||||||
{
|
{
|
||||||
@@ -753,7 +754,10 @@ class Login
|
|||||||
// we have to get the themes in here too
|
// we have to get the themes in here too
|
||||||
$q = "SELECT eu.edit_user_id, eu.username, eu.password, "
|
$q = "SELECT eu.edit_user_id, eu.username, eu.password, "
|
||||||
. "eu.edit_group_id, "
|
. "eu.edit_group_id, "
|
||||||
. "eg.name AS edit_group_name, admin, "
|
. "eg.name AS edit_group_name, eu.admin, "
|
||||||
|
// additinal acl lists
|
||||||
|
. "eu.additional_acl AS user_additional_acl, "
|
||||||
|
. "eg.additional_acl AS group_additional_acl, "
|
||||||
// login error + locked
|
// login error + locked
|
||||||
. "eu.login_error_count, eu.login_error_date_last, "
|
. "eu.login_error_count, eu.login_error_date_last, "
|
||||||
. "eu.login_error_date_first, eu.strict, eu.locked, "
|
. "eu.login_error_date_first, eu.strict, eu.locked, "
|
||||||
@@ -901,8 +905,10 @@ class Login
|
|||||||
$_SESSION['GROUP_NAME'] = $res['edit_group_name'];
|
$_SESSION['GROUP_NAME'] = $res['edit_group_name'];
|
||||||
$_SESSION['USER_ACL_LEVEL'] = $res['user_level'];
|
$_SESSION['USER_ACL_LEVEL'] = $res['user_level'];
|
||||||
$_SESSION['USER_ACL_TYPE'] = $res['user_type'];
|
$_SESSION['USER_ACL_TYPE'] = $res['user_type'];
|
||||||
|
$_SESSION['USER_ADDITIONAL_ACL'] = Json::jsonConvertToArray($res['user_additional_acl']);
|
||||||
$_SESSION['GROUP_ACL_LEVEL'] = $res['group_level'];
|
$_SESSION['GROUP_ACL_LEVEL'] = $res['group_level'];
|
||||||
$_SESSION['GROUP_ACL_TYPE'] = $res['group_type'];
|
$_SESSION['GROUP_ACL_TYPE'] = $res['group_type'];
|
||||||
|
$_SESSION['GROUP_ADDITIONAL_ACL'] = Json::jsonConvertToArray($res['group_additional_acl']);
|
||||||
// deprecated TEMPLATE setting
|
// deprecated TEMPLATE setting
|
||||||
$_SESSION['TEMPLATE'] = $res['template'] ? $res['template'] : '';
|
$_SESSION['TEMPLATE'] = $res['template'] ? $res['template'] : '';
|
||||||
$_SESSION['HEADER_COLOR'] = !empty($res['second_header_color']) ?
|
$_SESSION['HEADER_COLOR'] = !empty($res['second_header_color']) ?
|
||||||
@@ -1021,7 +1027,8 @@ class Login
|
|||||||
$_SESSION['PAGES'] = $pages;
|
$_SESSION['PAGES'] = $pages;
|
||||||
$_SESSION['PAGES_ACL_LEVEL'] = $pages_acl;
|
$_SESSION['PAGES_ACL_LEVEL'] = $pages_acl;
|
||||||
// load the edit_access user rights
|
// load the edit_access user rights
|
||||||
$q = "SELECT ea.edit_access_id, level, type, ea.name, ea.color, ea.uid, edit_default "
|
$q = "SELECT ea.edit_access_id, level, type, ea.name, "
|
||||||
|
. "ea.color, ea.uid, edit_default, ea.additional_acl "
|
||||||
. "FROM edit_access_user eau, edit_access_right ear, edit_access ea "
|
. "FROM edit_access_user eau, edit_access_right ear, edit_access ea "
|
||||||
. "WHERE eau.edit_access_id = ea.edit_access_id "
|
. "WHERE eau.edit_access_id = ea.edit_access_id "
|
||||||
. "AND eau.edit_access_right_id = ear.edit_access_right_id "
|
. "AND eau.edit_access_right_id = ear.edit_access_right_id "
|
||||||
@@ -1048,6 +1055,7 @@ class Login
|
|||||||
'uid' => $res['uid'],
|
'uid' => $res['uid'],
|
||||||
'color' => $res['color'],
|
'color' => $res['color'],
|
||||||
'default' => $res['edit_default'],
|
'default' => $res['edit_default'],
|
||||||
|
'additional_acl' => Json::jsonConvertToArray($res['additional_acl']),
|
||||||
'data' => $ea_data
|
'data' => $ea_data
|
||||||
];
|
];
|
||||||
// set the default unit
|
// set the default unit
|
||||||
@@ -1122,6 +1130,11 @@ class Login
|
|||||||
// username (login), group name
|
// username (login), group name
|
||||||
$this->acl['user_name'] = $_SESSION['USER_NAME'];
|
$this->acl['user_name'] = $_SESSION['USER_NAME'];
|
||||||
$this->acl['group_name'] = $_SESSION['GROUP_NAME'];
|
$this->acl['group_name'] = $_SESSION['GROUP_NAME'];
|
||||||
|
// set additional acl
|
||||||
|
$this->acl['additional_acl'] = [
|
||||||
|
'user' => $_SESSION['USER_ADDITIONAL_ACL'],
|
||||||
|
'group' => $_SESSION['GROUP_ADDITIONAL_ACL'],
|
||||||
|
];
|
||||||
// we start with the default acl
|
// we start with the default acl
|
||||||
$this->acl['base'] = $this->default_acl_level;
|
$this->acl['base'] = $this->default_acl_level;
|
||||||
|
|
||||||
@@ -1184,7 +1197,8 @@ class Login
|
|||||||
'uid' => $unit['uid'],
|
'uid' => $unit['uid'],
|
||||||
'level' => $this->default_acl_list[$this->acl['unit'][$ea_id]]['name'] ?? -1,
|
'level' => $this->default_acl_list[$this->acl['unit'][$ea_id]]['name'] ?? -1,
|
||||||
'default' => $unit['default'],
|
'default' => $unit['default'],
|
||||||
'data' => $unit['data']
|
'data' => $unit['data'],
|
||||||
|
'additional_acl' => $unit['additional_acl']
|
||||||
];
|
];
|
||||||
// set default
|
// set default
|
||||||
if (!empty($unit['default'])) {
|
if (!empty($unit['default'])) {
|
||||||
|
|||||||
@@ -279,8 +279,20 @@ class IO
|
|||||||
public const NO_CACHE = 3;
|
public const NO_CACHE = 3;
|
||||||
/** @var string default hash type */
|
/** @var string default hash type */
|
||||||
public const ERROR_HASH_TYPE = 'adler32';
|
public const ERROR_HASH_TYPE = 'adler32';
|
||||||
|
/**
|
||||||
|
* @var string regex for params: only stand alone $number allowed
|
||||||
|
* never allowed to start with '
|
||||||
|
* must be after space/tab, =, (
|
||||||
|
*/
|
||||||
|
public const REGEX_PARAMS = '/[^\'][\s(=](\$[0-9]{1,})/';
|
||||||
/** @var string regex to get returning with matches at position 1 */
|
/** @var string regex to get returning with matches at position 1 */
|
||||||
public const REGEX_RETURNING = '/\s+returning\s+(.+?);?$/i';
|
public const REGEX_RETURNING = '/\s+returning\s+(.+\s*(?:.+\s*)+);?$/i';
|
||||||
|
// REGEX_SELECT
|
||||||
|
// REGEX_UPDATE
|
||||||
|
// REGEX INSERT
|
||||||
|
// REGEX_INSERT_UPDATE_DELETE
|
||||||
|
// REGEX_FROM_TABLE
|
||||||
|
// REGEX_INSERT_UPDATE_DELETE_TABLE
|
||||||
|
|
||||||
// recommend to set private/protected and only allow setting via method
|
// recommend to set private/protected and only allow setting via method
|
||||||
// can bet set from outside
|
// can bet set from outside
|
||||||
@@ -1017,7 +1029,7 @@ class IO
|
|||||||
{
|
{
|
||||||
// search for $1, $2, in the query and push it into the control array
|
// search for $1, $2, in the query and push it into the control array
|
||||||
// skip counts for same eg $1, $1, $2 = 2 and not 3
|
// skip counts for same eg $1, $1, $2 = 2 and not 3
|
||||||
preg_match_all('/(\$[0-9]{1,})/', $query, $match);
|
preg_match_all(self::REGEX_PARAMS, $query, $match);
|
||||||
$placeholder_count = count(array_unique($match[1]));
|
$placeholder_count = count(array_unique($match[1]));
|
||||||
if ($params_count != $placeholder_count) {
|
if ($params_count != $placeholder_count) {
|
||||||
$this->__dbError(
|
$this->__dbError(
|
||||||
@@ -2588,7 +2600,7 @@ class IO
|
|||||||
$match = [];
|
$match = [];
|
||||||
// search for $1, $2, in the query and push it into the control array
|
// search for $1, $2, in the query and push it into the control array
|
||||||
// skip counts for same eg $1, $1, $2 = 2 and not 3
|
// skip counts for same eg $1, $1, $2 = 2 and not 3
|
||||||
preg_match_all('/(\$[0-9]{1,})/', $query, $match);
|
preg_match_all(self::REGEX_PARAMS, $query, $match);
|
||||||
$this->prepare_cursor[$stm_name]['count'] = count(array_unique($match[1]));
|
$this->prepare_cursor[$stm_name]['count'] = count(array_unique($match[1]));
|
||||||
$this->prepare_cursor[$stm_name]['query'] = $query;
|
$this->prepare_cursor[$stm_name]['query'] = $query;
|
||||||
$result = $this->db_functions->__dbPrepare($stm_name, $query);
|
$result = $this->db_functions->__dbPrepare($stm_name, $query);
|
||||||
|
|||||||
Reference in New Issue
Block a user