Browse code

Erlaube subusers, die nur Zugriff auf bestimmte Module haben

git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@1822 87cf0b9e-d624-0410-a070-f6ee81989793

bernd authored on01/10/2010 10:45:34
Showing5 changed files
... ...
@@ -6,6 +6,18 @@ require_once('inc/debug.php');
6 6
 function config($key)
7 7
 {
8 8
   global $config;
9
+
10
+  if ($key == 'modules' && isset($_SESSION['restrict_modules']))
11
+  {
12
+    $modules = array();
13
+    foreach ($config['modules'] as $mod)
14
+    {
15
+      if (in_array($mod, $_SESSION['restrict_modules']))
16
+        $modules[] = $mod;
17
+    }
18
+    return $modules;
19
+  }
20
+
9 21
   if (array_key_exists($key, $config))
10 22
     return $config[$key];
11 23
   
... ...
@@ -114,7 +114,11 @@ $userinfo = '';
114 114
 $role = $_SESSION['role'];
115 115
 if ($role != ROLE_ANONYMOUS) {
116 116
   $userinfo .= '<p class="userinfo">Angemeldet als:<br />';
117
-  if ($role & ROLE_SYSTEMUSER) {
117
+  if ($role & ROLE_SYSTEMUSER && isset($_SESSION['subuser'])) {
118
+    $userinfo .= '<strong>'.$_SESSION['subuser'].'</strong>';
119
+    $userinfo .= '<br />Mitbenutzer von '.$_SESSION['userinfo']['username'];
120
+  }
121
+  elseif ($role & ROLE_SYSTEMUSER) {
118 122
     $userinfo .= '<strong>'.$_SESSION['userinfo']['username'].'</strong>';
119 123
     $userinfo .= '<br />'.$_SESSION['userinfo']['name'];
120 124
     $userinfo .= '<br />(Benutzer'.(($role & ROLE_CUSTOMER) ? ', Kunde' : '').')';
... ...
@@ -27,6 +27,9 @@ case ROLE_MAILACCOUNT:
27 27
 case ROLE_SYSTEMUSER:
28 28
   $role = "{$_SESSION['userinfo']['name']}, angemeldet als Benutzer";
29 29
   break;
30
+case ROLE_SYSTEMUSER | ROLE_SUBUSER:
31
+  $role = "{$_SESSION['subuser']}, Unternutzer von {$_SESSION['userinfo']['username']}";
32
+  break;
30 33
 case ROLE_CUSTOMER:
31 34
   $role = "{$_SESSION['customerinfo']['name']}, angemeldet als Kunde";
32 35
   break;
... ...
@@ -6,9 +6,9 @@ if ($role == ROLE_ANONYMOUS) {
6 6
   $menu["index_login"] = array("label" => "Login", "file" => "index", "weight" => 0);
7 7
   $menu["certlogin"] = array("label" => "Client-Zertifikat", "file" => "certinfo", "weight" => 10);
8 8
 } else {
9
-  if ($role & ROLE_SYSTEMUSER)
9
+  if ($role & ROLE_SYSTEMUSER && ! ($role & ROLE_SUBUSER))
10 10
     $menu["index_cert"] = array("label" => "Client-Zertifikat", "file" => "cert", "weight" => 10, "submenu" => "index_index");
11
-  if ($role & (ROLE_SYSTEMUSER | ROLE_CUSTOMER)) {
11
+  if ($role & (ROLE_SYSTEMUSER | ROLE_CUSTOMER) && ! $role & ROLE_SUBUSER) {
12 12
     $menu["index_chpass"] = array("label" => "Passwort ändern", "file" => "chpass", "weight" => 98);
13 13
   }
14 14
 
... ...
@@ -12,6 +12,7 @@ define('ROLE_VMAIL_ACCOUNT', 2);
12 12
 define('ROLE_SYSTEMUSER', 4);
13 13
 define('ROLE_CUSTOMER', 8);
14 14
 define('ROLE_SYSADMIN', 16);
15
+define('ROLE_SUBUSER', 32);
15 16
 
16 17
 
17 18
 // Gibt die Rolle aus, wenn das Passwort stimmt
... ...
@@ -92,6 +93,15 @@ function find_role($login, $password, $i_am_admin = False)
92 93
   }
93 94
   
94 95
 
96
+  // Sub-User
97
+
98
+  $result = db_query("SELECT uid FROM system.subusers WHERE username='{$login}' AND password=SHA1('{$password}')");
99
+  if (@mysql_num_rows($result) > 0)
100
+  {
101
+    // FIXME: Admin-Su-Anmeldung geht damit nicht
102
+    return ROLE_SUBUSER;
103
+  }
104
+
95 105
 
96 106
   // Nothing?
97 107
   return NULL;
... ...
@@ -129,6 +139,21 @@ function get_customer_info($customer)
129 139
 }
130 140
 
131 141
 
142
+function get_subuser_info($username)
143
+{
144
+  $result = db_query("SELECT uid, modules FROM system.subusers WHERE username='{$username}'");
145
+  if (mysql_num_rows($result) < 1)
146
+  {
147
+    logger(LOG_ERR, "session/checkuser", "login", "error reading subuser's data: »{$username}«");
148
+    system_failure('Das Auslesen Ihrer Benutzerdaten ist fehlgeschlagen. Bitte melden Sie dies einem Administrator');
149
+  }
150
+  $data = mysql_fetch_assoc($result);
151
+  $userinfo = get_user_info($data['uid']);
152
+  $userinfo['modules'] = $data['modules'];
153
+  return $userinfo;
154
+}
155
+
156
+
132 157
 function get_user_info($username)
133 158
 {
134 159
   $username = mysql_real_escape_string($username);
... ...
@@ -194,6 +219,16 @@ function setup_session($role, $useridentity)
194 219
 {
195 220
   session_regenerate_id();
196 221
   $_SESSION['role'] = $role;
222
+  if ($role & ROLE_SUBUSER)
223
+  {
224
+    DEBUG("We are a sub-user");
225
+    $info = get_subuser_info($useridentity);
226
+    $_SESSION['userinfo'] = $info;
227
+    $_SESSION['subuser'] = $useridentity;
228
+    $_SESSION['role'] = ROLE_SYSTEMUSER | ROLE_SUBUSER;
229
+    $_SESSION['restrict_modules'] = explode(',', $info['modules']);
230
+    logger(LOG_INFO, "session/start", "login", "logged in user »{$info['username']}«");
231
+  }
197 232
   if ($role & ROLE_SYSTEMUSER)
198 233
   {
199 234
     DEBUG("We are system user");