API updated: list of observers now depends on the user role

ba80497e · Reto Da Forno · 25a2648c · ba80497e · ba80497e · ba80497e
Commit ba80497e authored Sep 03, 2019 by Reto Da Forno
3 changed files
--- a/server/webserver/user/api.php
+++ b/server/webserver/user/api.php
 <?php include_once('include/presets.php');?>
 <?php
  if (isset($_POST['q'])) {
+    $status = array('online');
+    $userrole = get_user_role($_POST['username']);
+    if ($userrole == 'internal') {
+      $status[] = 'internal';
+    }
+    if ($userrole == 'admin') {
+      $status[] = 'develop';
+      $status[] = 'internal';
+    }
+    $status = "('" .join("', '", $status) ."')";
+
    if ($_POST['q'] == 'obs') {
      // return a list of the currently available observers
      $db = db_connect();
@@ -17,7 +28,7 @@
              LEFT JOIN `flocklab`.`tbl_serv_tg_adapt_types` AS slot3 ON c.tg_adapt_types_fk = slot3.serv_tg_adapt_types_key
              LEFT JOIN `flocklab`.`tbl_serv_tg_adapt_list` AS d ON obs.slot_4_tg_adapt_list_fk = d.serv_tg_adapt_list_key
              LEFT JOIN `flocklab`.`tbl_serv_tg_adapt_types` AS slot4 ON d.tg_adapt_types_fk = slot4.serv_tg_adapt_types_key
-              WHERE obs.status='online'
+              WHERE obs.status IN $status
              ORDER BY obs.observer_id;";
      $res = mysqli_query($db, $sql);
      if (!$res) {
@@ -51,7 +62,7 @@
              LEFT JOIN `flocklab`.`tbl_serv_tg_adapt_types` AS slot3 ON c.tg_adapt_types_fk = slot3.serv_tg_adapt_types_key
              LEFT JOIN `flocklab`.`tbl_serv_tg_adapt_list` AS d ON obs.slot_4_tg_adapt_list_fk = d.serv_tg_adapt_list_key
              LEFT JOIN `flocklab`.`tbl_serv_tg_adapt_types` AS slot4 ON d.tg_adapt_types_fk = slot4.serv_tg_adapt_types_key
-              WHERE obs.status='online'
+              WHERE obs.status IN $status
              ORDER BY obs.observer_id;";
      $res = mysqli_query($db, $sql);
      if (!$res) {

--- a/server/webserver/user/include/libflocklab.php
+++ b/server/webserver/user/include/libflocklab.php
@@ -223,6 +223,26 @@ function get_admin_emails() {
 	return $admins;
 }

+/*
+##############################################################################
+#
+# get_user_role
+# 
+# Get the role (access rights) of a user
+#
+##############################################################################
+*/
+function get_user_role($username) {
+	$db = db_connect();
+	$sql = "SELECT role FROM tbl_serv_users WHERE username = '" . mysqli_real_escape_string($db, $username) . "'";
+	$rs = mysqli_query($db, $sql) or flocklab_die('Cannot authenticate because: ' . mysqli_error($db));
+	$rows = mysqli_fetch_array($rs);
+	if ($rows) {
+		return $rows['role'];
+	}
+	return 'user'; /* default */
+}
+
 /*
 ##############################################################################
 #

--- a/server/webserver/user/xml/flocklab.xsd
+++ b/server/webserver/user/xml/flocklab.xsd
@@ -333,7 +333,7 @@

 <xs:simpleType name="obsIdType">
  <xs:restriction base="xs:integer">
-    <xs:pattern value="001|002|003|004|006|007|008|010|011|013|014|015|016|017|018|019|020|022|023|024|025|026|027|028|029|031|032|033|300|301|302|303"/>
+    <xs:pattern value="1|2|3|4|6|7|8|10|11|13|14|15|16|17|18|19|20|22|23|24|25|26|27|28|29|31|32|33|001|002|003|004|006|007|008|010|011|013|014|015|016|017|018|019|020|022|023|024|025|026|027|028|029|031|032|033|300|301|302|303"/>
  </xs:restriction>
 </xs:simpleType>