Commit dc992c08 authored by Reto Da Forno's avatar Reto Da Forno
Browse files

access rights adjusted

parent 4ce8ae00
...@@ -113,7 +113,7 @@ ...@@ -113,7 +113,7 @@
$sql = "SELECT title, description, test_status as status, UNIX_TIMESTAMP(time_start_wish) AS start_planned, UNIX_TIMESTAMP(time_start_act) AS start_act, UNIX_TIMESTAMP(time_end_wish) AS end_planned, UNIX_TIMESTAMP(time_end_act) AS end_act $sql = "SELECT title, description, test_status as status, UNIX_TIMESTAMP(time_start_wish) AS start_planned, UNIX_TIMESTAMP(time_start_act) AS start_act, UNIX_TIMESTAMP(time_end_wish) AS end_planned, UNIX_TIMESTAMP(time_end_act) AS end_act
FROM `flocklab`.`tbl_serv_tests` FROM `flocklab`.`tbl_serv_tests`
WHERE serv_tests_key=".intval($_POST['id']); WHERE serv_tests_key=".intval($_POST['id']);
if ($userrole != 'admin') { if ($userrole != 'admin' && $userrole != 'internal') {
$sql .= " AND owner_fk=$_SESSION[serv_users_key]"; $sql .= " AND owner_fk=$_SESSION[serv_users_key]";
} }
$res = mysqli_query($db, $sql); $res = mysqli_query($db, $sql);
......
...@@ -105,8 +105,8 @@ ...@@ -105,8 +105,8 @@
'color' => 'orange', 'color' => 'orange',
); );
} }
} elseif ($_SESSION['is_admin'] == true) { } elseif ($_SESSION['is_admin'] == true || $_SESSION['is_internal'] == true) {
// The user is admin and can thus see all tests: // The user is admin/internal and can thus see all tests:
$event = array( $event = array(
'id' => $row['serv_tests_key'], 'id' => $row['serv_tests_key'],
'title' => $row['username'] . ' (' . $row['firstname'] . ' ' . $row['lastname'] . ')', 'title' => $row['username'] . ' (' . $row['firstname'] . ' ' . $row['lastname'] . ')',
...@@ -150,12 +150,12 @@ ...@@ -150,12 +150,12 @@
(`time_start` BETWEEN "' . $mysqlstart . '" AND "' . $mysqlend . '" OR (`time_start` BETWEEN "' . $mysqlstart . '" AND "' . $mysqlend . '" OR
`time_end` BETWEEN "' . $mysqlstart . '" AND "' . $mysqlend . '") `time_end` BETWEEN "' . $mysqlstart . '" AND "' . $mysqlend . '")
GROUP BY serv_reservation_key GROUP BY serv_reservation_key
'. ($_SESSION['is_admin'] == true?'':'HAVING `reservation_match` is NULL OR `reservation_match` <> 1'); '. (($_SESSION['is_admin'] == true || $_SESSION['is_internal'] == true) ? '' : 'HAVING `reservation_match` is NULL OR `reservation_match` <> 1');
$rs = mysqli_query($db, $sql) or flocklab_die('Cannot get calendar data from database because: ' . mysqli_error($db)); $rs = mysqli_query($db, $sql) or flocklab_die('Cannot get calendar data from database because: ' . mysqli_error($db));
while ($row = mysqli_fetch_array($rs)) { while ($row = mysqli_fetch_array($rs)) {
$event = array( $event = array(
'id' => $row['serv_reservation_key'], 'id' => $row['serv_reservation_key'],
'title' => ($_SESSION['is_admin'] == true?'Reservation for group '.$row['group_id_fk']:'Occupied'), 'title' => (($_SESSION['is_admin'] == true || $_SESSION['is_internal'] == true) ? 'Reservation for group '.$row['group_id_fk'] : 'Occupied'),
'description' => $mini?'':'Another user is running a test.', 'description' => $mini?'':'Another user is running a test.',
'allDay' => false, 'allDay' => false,
); );
......
...@@ -145,7 +145,8 @@ function do_login($username, $password) { ...@@ -145,7 +145,8 @@ function do_login($username, $password) {
$_SESSION['firstname'] = $rows['firstname']; $_SESSION['firstname'] = $rows['firstname'];
$_SESSION['lastname'] = $rows['lastname']; $_SESSION['lastname'] = $rows['lastname'];
$_SESSION['email'] = $rows['email']; $_SESSION['email'] = $rows['email'];
$_SESSION['is_admin'] = ($rows['role'] == 'admin') ? true : false; $_SESSION['is_admin'] = ($rows['role'] == 'admin') ? true : false;
$_SESSION['is_internal'] = ($rows['role'] == 'internal') ? true : false;
$_SESSION['expires'] = $_SERVER['REQUEST_TIME'] + $CONFIG['webserver']['sessionexpiretime']; $_SESSION['expires'] = $_SERVER['REQUEST_TIME'] + $CONFIG['webserver']['sessionexpiretime'];
return true; return true;
} }
......
...@@ -34,7 +34,7 @@ ...@@ -34,7 +34,7 @@
<?php include_once('include/presets.php');?> <?php include_once('include/presets.php');?>
<?php <?php
// provide archive // provide archive
if (isset($_POST['testid']) && is_numeric($_POST['testid']) && (check_testid($_POST['testid'],$_SESSION['serv_users_key']) || $_SESSION['is_admin'])) { if (isset($_POST['testid']) && is_numeric($_POST['testid']) && (check_testid($_POST['testid'],$_SESSION['serv_users_key']) || $_SESSION['is_admin'] || $_SESSION['is_internal'])) {
$testid = $_POST['testid']; $testid = $_POST['testid'];
// check file // check file
$archivepath = $CONFIG['testmanagementserver']['archivedir']; $archivepath = $CONFIG['testmanagementserver']['archivedir'];
......
...@@ -34,7 +34,7 @@ ...@@ -34,7 +34,7 @@
<?php include_once('include/presets.php');?> <?php include_once('include/presets.php');?>
<?php <?php
if ($_SESSION['logged_in']) { if ($_SESSION['logged_in']) {
if (isset($_GET['t']) && is_numeric($_GET['t']) && (check_testid($_GET['t'], $_SESSION['serv_users_key']) || $_SESSION['is_admin'])) { if (isset($_GET['t']) && is_numeric($_GET['t']) && (check_testid($_GET['t'], $_SESSION['serv_users_key']) || $_SESSION['is_admin'] || $_SESSION['is_internal'])) {
// user is logged in and test belongs to the user // user is logged in and test belongs to the user
$plot = $CONFIG['viz']['dir'].'/flocklab_plot_'.$_GET['t'].'.html'; $plot = $CONFIG['viz']['dir'].'/flocklab_plot_'.$_GET['t'].'.html';
$fs = filesize($plot); $fs = filesize($plot);
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment