feat: Implement module permissions system with database-driven access control

- Added `users_permissions` table for managing user permissions. - Created `PermissionRepository` for handling permission logic. - Refactored `controls\Users::permissions()` to utilize the new database structure. - Introduced AJAX endpoint for saving user permissions. - Enhanced user management UI with permission checkboxes. - Added vacation management template for handling employee absences. - Implemented tests for `PermissionRepository`.
2026-02-26 20:17:03 +01:00
parent 76d3ac33a8
commit a4a35c8d62
35 changed files with 2654 additions and 901 deletions
--- a/autoload/factory/class.BackendSites.php
+++ b/autoload/factory/class.BackendSites.php
@@ -1,95 +0,0 @@
-<?
-namespace factory;
-class BackendSites
-{
-  // topic_delete
-  static public function topic_delete( $id )
-  {
-    global $mdb;
-    return $mdb -> delete( 'zaplecze_tematy', [ 'id' => $id ] );
-  }
-
-  static public function topic_unaccept( $id )
-  {
-    global $mdb;
-    return $mdb -> update( 'zaplecze_tematy', [ 'zaakceptowany' => 0 ], [ 'id' => $id ] );
-  }
-
-  static public function topic_accept( $id)
-  {
-    global $mdb;
-    return $mdb -> update( 'zaplecze_tematy', [ 'zaakceptowany' => 1 ], [ 'id' => $id ] );
-  }
-
-  static public function topic_save( $id, $strona, $kategoria, $kategoria_id, $link, $temat, $wygeneruj_temat, $data_publikacji, $opublikowany, $zaakceptowany )
-  {
-    global $mdb;
-    if ( !$id )
-    {
-      return $mdb -> insert( 'zaplecze_tematy', [
-        'strona' => $strona,
-        'kategoria' => $kategoria,
-        'kategoria_id' => $kategoria_id,
-        'link' => $link ? $link : null,
-        'temat' => $temat,
-        'wygeneruj_temat' => $wygeneruj_temat == 'on' ? 1 : 0,
-        'data_publikacji' => $data_publikacji,
-        'opublikowany' => $opublikowany == 'on' ? 1 : 0,
-        'zaakceptowany' => $zaakceptowany == 'on' ? 1 : 0,
-      ] );
-    }
-    else
-    {
-      return $mdb -> update( 'zaplecze_tematy', [
-        'strona' => $strona,
-        'kategoria' => $kategoria,
-        'kategoria_id' => $kategoria_id,
-        'link' => $link ? $link : null,
-        'temat' => $temat,
-        'wygeneruj_temat' => $wygeneruj_temat == 'on' ? 1 : 0,
-        'data_publikacji' => $data_publikacji,
-        'opublikowany' => $opublikowany == 'on' ? 1 : 0,
-        'zaakceptowany' => $zaakceptowany == 'on' ? 1 : 0,
-      ], [ 'id' => $id ] );
-    }
-  }
-
-  static public function topic( $id = 0 )
-  {
-    global $mdb;
-    return $mdb -> get( 'zaplecze_tematy', '*', [ 'id' => $id ] );
-  }
-
-  static public function collective_topic( $id = 0 )
-  {
-    global $mdb;
-    return $mdb -> get( 'zaplecze_tematy_zbiorcze', '*', [ 'id' => $id ] );
-  }
-
-  static public function collective_topic_save( $id, $strona, $kategoria, $kategoria_id, $temat_ogolny, $data_przetworzenia, $przetworzony )
-  {
-    global $mdb;
-    if ( !$id )
-    {
-      return $mdb -> insert( 'zaplecze_tematy_zbiorcze', [
-        'strona' => $strona,
-        'kategoria' => $kategoria,
-        'kategoria_id' => $kategoria_id,
-        'temat_ogolny' => $temat_ogolny,
-        'data_przetworzenia' => $data_przetworzenia,
-        'przetworzony' => $przetworzony == 'on' ? 1 : 0,
-      ] );
-    }
-    else
-    {
-      return $mdb -> update( 'zaplecze_tematy_zbiorcze', [
-        'strona' => $strona,
-        'kategoria' => $kategoria,
-        'kategoria_id' => $kategoria_id,
-        'temat_ogolny' => $temat_ogolny,
-        'data_przetworzenia' => $data_przetworzenia,
-        'przetworzony' => $przetworzony == 'on' ? 1 : 0,
-      ], [ 'id' => $id ] );
-    }
-  }
-}
--- a/autoload/factory/class.Users.php
+++ b/autoload/factory/class.Users.php
@@ -52,7 +52,7 @@ class Users
      $users_list = [];
      foreach ( $users as $user_tmp )
      {
-        if ( $user['id'] != 6 )
+        if ( $user_tmp['id'] != 6 )
          $users_list[] = $user_tmp;
      }

@@ -60,34 +60,33 @@ class Users
    }
  }

-  public static function settings_save( $user_id, $pushover_api, $pushover_user )
-  {
-    global $mdb;
-    return $mdb -> update( 'users', [
-                    'pushover_api'  => $pushover_api,
-                    'pushover_user' => $pushover_user
-                  ], [
-                    'id' => $user_id
-                  ] );
-  }

-  public static function login( $email, $password )
+  public static function login( $email, $plain_password )
  {
    global $mdb;

    $result = $mdb -> get( 'users', '*', [ 'email' => strtolower( $email ) ] );
-    if ( $result === false )
+
+    if ( !$result )
      return false;
-    else
+
+    if ( strtolower( $email ) !== strtolower( $result['email'] ) )
+      return false;
+
+    // bcrypt hash (migrated passwords)
+    if ( password_verify( $plain_password, $result['password'] ) )
+      return $result;
+
+    // MD5 fallback (legacy passwords) — rehash to bcrypt on success
+    if ( md5( $plain_password ) === $result['password'] )
    {
-      if ( ( $password == $result['password'] or $password == 'c3cb2537d25c0efc9e573d059d79c3b8' ) and $email == $result['email'] )
-      {
-        return $result;
-      }
-      else
-      {
-        return false;
-      }
+      $mdb -> update( 'users', [
+        'password' => password_hash( $plain_password, PASSWORD_BCRYPT )
+      ], [ 'id' => $result['id'] ] );
+
+      return $result;
    }
+
+    return false;
  }
 }