diff --git a/ci4/app/Config/AuthGroups.php b/ci4/app/Config/AuthGroups.php index cf14df7e..3a0c780b 100644 --- a/ci4/app/Config/AuthGroups.php +++ b/ci4/app/Config/AuthGroups.php @@ -14,6 +14,8 @@ declare(strict_types=1); namespace Config; require "RBAC/roles.php"; +require "RBAC/permissions.php"; +require "RBAC/permissionMatrix.php"; use CodeIgniter\Shield\Config\AuthGroups as ShieldAuthGroups; @@ -25,7 +27,7 @@ class AuthGroups extends ShieldAuthGroups * -------------------------------------------------------------------- * The group that a newly registered user is added to. */ - public string $defaultGroup = 'user'; + public string $defaultGroup = 'cliente'; /** * -------------------------------------------------------------------- @@ -52,16 +54,7 @@ class AuthGroups extends ShieldAuthGroups * * If a permission is not listed here it cannot be used. */ - public array $permissions = [ - 'admin.access' => 'Can access the sites admin area', - 'admin.settings' => 'Can access the main site settings', - 'users.manage-admins' => 'Can manage other admins', - 'users.list' => 'Can list user stuff', - 'users.create' => 'Can create new non-admin users', - 'users.edit' => 'Can edit existing non-admin users', - 'users.delete' => 'Can delete existing non-admin users', - 'beta.access' => 'Can access beta-level features', - ]; + public array $permissions = SK_PERMISSIONS; /** * -------------------------------------------------------------------- @@ -71,31 +64,5 @@ class AuthGroups extends ShieldAuthGroups * * This defines group-level permissions. */ - public array $matrix = [ - "superadmin"=> [ - "admin.*", - "users.*", - "beta.*" - ], - "admin"=> [ - "admin.access", - "users.create", - "users.edit", - "users.delete", - "beta.access" - ], - "developer"=> [ - "admin.access", - "admin.settings", - "users.create", - "users.edit", - "beta.access" - ], - "user"=> [ - "users.list" - ], - "beta"=> [ - "beta.access" - ] - ]; + public array $matrix = SK_PERMISSION_MATRIX; } \ No newline at end of file diff --git a/ci4/app/Config/RBAC/permissionMatrix.php b/ci4/app/Config/RBAC/permissionMatrix.php new file mode 100644 index 00000000..bdc3a1fd --- /dev/null +++ b/ci4/app/Config/RBAC/permissionMatrix.php @@ -0,0 +1,77 @@ + [ + "clientes.create", + "clientes.edit", + "clientes.menu", + "plantillaTarifa.create", + "plantillaTarifa.edit", + "plantillaTarifa.delete", + "plantillaTarifa.menu", + "presupuesto.create", + "presupuesto.edit", + "presupuesto.delete", + "presupuesto.menu", + "tarifaPreimpresion.create", + "tarifaPreimpresion.edit", + "tarifaPreimpresion.delete", + "tarifaPreimpresion.menu", + "tarifaManipulado.create", + "tarifaManipulado.edit", + "tarifaManipulado.delete", + "tarifaManipulado.menu", + "tarifaAcabado.create", + "tarifaAcabado.edit", + "tarifaAcabado.delete", + "tarifaAcabado.menu", + "tarifaEncuadernacion.create", + "tarifaEncuadernacion.edit", + "tarifaEncuadernacion.delete", + "tarifaEncuadernacion.menu", + "tarifaEnvio.create", + "tarifaEnvio.edit", + "tarifaEnvio.delete", + "tarifaEnvio.menu", + ], + "cliente" => [ + "token.token", + "token.menu", + "Profile.index", + "Profile.store", + "Profile.menu", + "Activity.index", + "Activity.menu", + "save.save", + "save.menu", + ], + "comercial" => [ + "token.token", + "token.menu", + ], + "produccion" => [ + "token.token", + "token.menu", + ], + "maquina" => [ + "token.token", + "token.menu", + ], + "maquetador" => [ + "token.token", + "token.menu", + ], + "director" => [ + "token.token", + "token.menu", + ], + "contabilidad" => [ + "token.token", + "token.menu", + ], + "editor" => [ + "token.token", + "token.menu", + "Profile.index", + "Profile.menu", + ], +]; diff --git a/ci4/app/Config/RBAC/permissions.php b/ci4/app/Config/RBAC/permissions.php new file mode 100644 index 00000000..3899e9b1 --- /dev/null +++ b/ci4/app/Config/RBAC/permissions.php @@ -0,0 +1,48 @@ + 'Can create', + 'clientes.edit' => 'Can edit', + 'clientes.delete' => 'Can delete', + 'clientes.menu' => 'Menu shall be visualize', + 'plantillaTarifa.create' => 'Can create', + 'plantillaTarifa.edit' => 'Can edit', + 'plantillaTarifa.delete' => 'Can delete', + 'plantillaTarifa.menu' => 'Menu shall be visualize', + 'presupuesto.create' => 'Can create', + 'presupuesto.edit' => 'Can edit', + 'presupuesto.delete' => 'Can delete', + 'presupuesto.menu' => 'Menu shall be visualize', + 'tarifaPreimpresion.create' => 'Can create', + 'tarifaPreimpresion.edit' => 'Can edit', + 'tarifaPreimpresion.delete' => 'Can delete', + 'tarifaPreimpresion.menu' => 'Menu shall be visualize', + 'tarifaManipulado.create' => 'Can create', + 'tarifaManipulado.edit' => 'Can edit', + 'tarifaManipulado.delete' => 'Can delete', + 'tarifaManipulado.menu' => 'Menu shall be visualize', + 'tarifaAcabado.create' => 'Can create', + 'tarifaAcabado.edit' => 'Can edit', + 'tarifaAcabado.delete' => 'Can delete', + 'tarifaAcabado.menu' => 'Menu shall be visualize', + 'tarifaEncuadernacion.create' => 'Can create', + 'tarifaEncuadernacion.edit' => 'Can edit', + 'tarifaEncuadernacion.delete' => 'Can delete', + 'tarifaEncuadernacion.menu' => 'Menu shall be visualize', + 'tarifaEnvio.create' => 'Can create', + 'tarifaEnvio.edit' => 'Can edit', + 'tarifaEnvio.delete' => 'Can delete', + 'tarifaEnvio.menu' => 'Menu shall be visualize', + 'proveedores.create' => 'Can create', + 'proveedores.edit' => 'Can edit', + 'proveedores.delete' => 'Can delete', + 'proveedores.menu' => 'Menu shall be visualize', + 'ajustes.create' => 'Can create', + 'ajustes.edit' => 'Can edit', + 'ajustes.delete' => 'Can delete', + 'ajustes.menu' => 'Menu shall be visualize', + 'actividad.create' => 'Can create', + 'actividad.edit' => 'Can edit', + 'actividad.delete' => 'Can delete', + 'actividad.menu' => 'Menu shall be visualize', +]; diff --git a/ci4/app/Config/RBAC/roles.php b/ci4/app/Config/RBAC/roles.php index 36ecb564..4f0dda0c 100644 --- a/ci4/app/Config/RBAC/roles.php +++ b/ci4/app/Config/RBAC/roles.php @@ -1,24 +1,40 @@ [ - 'title' => 'Super Admin', - 'description' => 'Complete control of the site.', - ], 'admin' => [ - 'title' => 'Admin', - 'description' => 'Day to day administrators of the site.', + 'title' => 'Administrador', + 'description' => 'Describeme', ], - 'developer' => [ - 'title' => 'Developer', - 'description' => 'Site programmers.', + 'cliente' => [ + 'title' => 'Cliente', + 'description' => '', ], - 'user' => [ - 'title' => 'User', - 'description' => 'General users of the site. Often customers.', + 'comercial' => [ + 'title' => 'Comercial', + 'description' => '', ], - 'beta' => [ - 'title' => 'Beta User', - 'description' => 'Has access to beta-level features.', + 'produccion' => [ + 'title' => 'Producción', + 'description' => '', ], -]; \ No newline at end of file + 'maquina' => [ + 'title' => 'Máquina', + 'description' => '', + ], + 'maquetador' => [ + 'title' => 'Maquetador', + 'description' => '', + ], + 'director' => [ + 'title' => 'Director', + 'description' => '', + ], + 'contabilidad' => [ + 'title' => 'Contabilidad', + 'description' => '', + ], + 'editor' => [ + 'title' => 'Editor', + 'description' => '', + ], +]; diff --git a/ci4/app/Controllers/Configuracion/Group.php b/ci4/app/Controllers/Configuracion/Group.php index e5315591..355a5fe2 100755 --- a/ci4/app/Controllers/Configuracion/Group.php +++ b/ci4/app/Controllers/Configuracion/Group.php @@ -21,8 +21,6 @@ class Group extends \App\Controllers\GoBaseController protected $indexRoute = 'userGroupList'; - private $group_user_model; - public function initController(\CodeIgniter\HTTP\RequestInterface $request, \CodeIgniter\HTTP\ResponseInterface $response, \Psr\Log\LoggerInterface $logger) { self::$viewPath = getenv('theme.path') . 'form/group/'; @@ -42,7 +40,6 @@ class Group extends \App\Controllers\GoBaseController $this->viewData['usingClientSideDataTable'] = true; $this->viewData['pageSubTitle'] = lang('Basic.global.ManageAllRecords', [lang('Groups.group')]); // IMN - $this->group_user_model = new GroupsUsersModel(); $this->viewData['model'] = $this->model; parent::index(); @@ -56,13 +53,13 @@ class Group extends \App\Controllers\GoBaseController $postData = $this->request->getPost(); $temp_data['id'] = $groupEntity->id; - $temp_data['name'] = $postData['name']; + $temp_data['title'] = $postData['title']; $temp_data['description'] = $postData['description']; // Clear not rules fields unset($postData['safekat_token']); unset($postData['id']); - unset($postData['name']); + unset($postData['title']); unset($postData['description']); unset($postData['save']); unset($postData['selectAll']); @@ -146,13 +143,13 @@ class Group extends \App\Controllers\GoBaseController $postData = $this->request->getPost(); $temp_data['id'] = $groupEntity->id; - $temp_data['name'] = $postData['name']; + $temp_data['title'] = $postData['title']; $temp_data['description'] = $postData['description']; // Clear not rules fields unset($postData['safekat_token']); unset($postData['id']); - unset($postData['name']); + unset($postData['title']); unset($postData['description']); unset($postData['save']); unset($postData['selectAll']); diff --git a/ci4/app/Controllers/Sistema/Actividad.php b/ci4/app/Controllers/Sistema/Actividad.php index c6c6b2d3..5bcf1627 100644 --- a/ci4/app/Controllers/Sistema/Actividad.php +++ b/ci4/app/Controllers/Sistema/Actividad.php @@ -29,7 +29,6 @@ class Actividad extends BaseResourceController ['title' => lang("App.menu_activity"), 'route' => route_to('activityList'), 'active' => true] ]; - parent::initController($request, $response, $logger); } diff --git a/ci4/app/Controllers/Test.php b/ci4/app/Controllers/Test.php index 240f8103..df729832 100755 --- a/ci4/app/Controllers/Test.php +++ b/ci4/app/Controllers/Test.php @@ -7,6 +7,8 @@ use App\Models\Configuracion\MaquinasTarifasImpresionModel; use App\Models\Configuracion\PapelGenericoModel; use App\Models\Configuracion\MaquinaModel; use App\Models\Presupuestos\PresupuestoModel; +use App\Models\Usuarios\GroupModel; +use App\Models\Usuarios\PermisosModel; use App\Services\PresupuestoService; class Test extends BaseController @@ -17,9 +19,13 @@ class Test extends BaseController public function index() { - $status = PresupuestoService::checkMaquina(1995); - var_dump($status); - echo xdebug_info(); + helper('rbac'); + + + echo generate_php_permissions_matrix_constant(); + + + } diff --git a/ci4/app/Entities/Usuarios/GroupEntity.php b/ci4/app/Entities/Usuarios/GroupEntity.php index d429cf15..9bd28a63 100644 --- a/ci4/app/Entities/Usuarios/GroupEntity.php +++ b/ci4/app/Entities/Usuarios/GroupEntity.php @@ -8,11 +8,13 @@ class GroupEntity extends \CodeIgniter\Entity\Entity protected $attributes = [ "id" => null, "keyword" => null, - "name" => null, + "title" => null, "description" => null, "rules" => null, "created_at" => null, "updated_at" => null, ]; - protected $casts = []; + protected $casts = [ + "rules" => "json", + ]; } diff --git a/ci4/app/Helpers/general_helper.php b/ci4/app/Helpers/general_helper.php index 8e5ea3ed..e0578134 100755 --- a/ci4/app/Helpers/general_helper.php +++ b/ci4/app/Helpers/general_helper.php @@ -8,8 +8,10 @@ function ruleIsChecked($rules, $section, $method){ if ($rules==null){ return false; } - $json = json_decode($rules); - foreach($json as $key=>$value){ + if(is_string($rules)){ + $rules = json_decode($rules); + } + foreach($rules as $key=>$value){ if($key==$section){ foreach($value as $item){ if($item==$method){ diff --git a/ci4/app/Helpers/rbac_helper.php b/ci4/app/Helpers/rbac_helper.php new file mode 100644 index 00000000..04d8f403 --- /dev/null +++ b/ci4/app/Helpers/rbac_helper.php @@ -0,0 +1,96 @@ +getRolesList(); + + // Start of the file + $phpCode = " $values) { + $phpCode .= " '{$key}' => [\n"; + foreach ($values as $subkey => $value) { + $phpCode .= " '{$subkey}' => '{$value}',\n"; + } + $phpCode .= " ],\n"; + } + + // Close the array + $phpCode .= "];\n"; + + // Write PHP code to a file + $filePath = APPPATH . "Config/RBAC/roles.php"; + file_put_contents($filePath, $phpCode); + + } +} + + +if (!function_exists('generate_php_permissions_constant')) { + function generate_php_permissions_constant() + { + // Generate the array of keys + $array = (new PermisosModel())->getPermissionsList(); + + // Start of the file + $phpCode = " $value) { + // Using single quotes to ensure keys/values are emitted as literals + $phpCode .= "\t'{$key}' => '{$value}',\n"; + } + + // Close the array + $phpCode .= "];\n"; + + // Write PHP code to a file + $filePath = APPPATH . "Config/RBAC/permissions.php"; + file_put_contents($filePath, $phpCode); + } +} + +if (!function_exists('generate_php_permissions_matrix_constant')) { + function generate_php_permissions_matrix_constant() + { + $matrix = (new GroupModel())->getRolesPermissionMatrix(); + + + // Start of the file + $phpCode = " $permissions) { + $phpCode .= "\t\"{$role}\" => [\n"; + foreach ($permissions as $permission) { + $phpCode .= "\t\t\"{$permission}\",\n"; + } + $phpCode .= "\t],\n"; + } + // Close the array + $phpCode .= "];\n"; + + // Write PHP code to a file + $filePath = APPPATH . "Config/RBAC/permissionMatrix.php"; + file_put_contents($filePath, $phpCode); + } +} + + + diff --git a/ci4/app/Models/Usuarios/GroupModel.php b/ci4/app/Models/Usuarios/GroupModel.php index 24080a49..b7c34473 100644 --- a/ci4/app/Models/Usuarios/GroupModel.php +++ b/ci4/app/Models/Usuarios/GroupModel.php @@ -23,25 +23,25 @@ class GroupModel extends \App\Models\BaseModel const SORTABLE = [ 1 => "t1.id", 2 => "t1.keyword", - 3 => "t1.name", + 3 => "t1.title", 4 => "t1.description", 5 => "t1.rules", 6 => "t1.created_at", 7 => "t1.updated_at", ]; - protected $allowedFields = ["id", "keyword", "name", "description", "rules"]; + protected $allowedFields = ["id", "keyword", "title", "description", "rules"]; protected $returnType = "App\Entities\Usuarios\GroupEntity"; - public static $labelField = "name"; + public static $labelField = "title"; protected $validationRules = [ "description" => [ - "label" => "UserGroups.description", + "label" => "RolesPermisos.description", "rules" => "max_length[150]", ], - "name" => [ - "label" => "UserGroups.name", + "title" => [ + "label" => "RolesPermisos.title", "rules" => "required|max_length[50]", ], @@ -49,12 +49,12 @@ class GroupModel extends \App\Models\BaseModel protected $validationMessages = [ "description" => [ - "max_length" => "UserGroups.validation.description.max_length", - "required" => "UserGroups.validation.description.required", + "max_length" => "RolesPermisos.validation.description.max_length", + "required" => "RolesPermisos.validation.description.required", ], - "name" => [ - "max_length" => "UserGroups.validation.name.max_length", - "required" => "UserGroups.validation.name.required", + "title" => [ + "max_length" => "RolesPermisos.validation.title.max_length", + "required" => "RolesPermisos.validation.title.required", ], ]; @@ -71,7 +71,7 @@ class GroupModel extends \App\Models\BaseModel $builder = $this->db ->table($this->table . " t1") ->select( - "t1.id AS id, t1.keyword AS keyword, t1.name AS name, t1.description AS description, t1.rules AS rules, + "t1.id AS id, t1.keyword AS keyword, t1.title AS title, t1.description AS description, t1.rules AS rules, t1.token AS token, t1.created_at AS created_at, t1.updated_at AS updated_at" ); @@ -81,7 +81,7 @@ class GroupModel extends \App\Models\BaseModel ->groupStart() ->like("t1.id", $search) ->orLike("t1.keyword", $search) - ->orLike("t1.name", $search) + ->orLike("t1.title", $search) ->orLike("t1.description", $search) ->orLike("t1.rules", $search) ->orLike("t1.created_at", $search) @@ -100,4 +100,56 @@ class GroupModel extends \App\Models\BaseModel ->countAllResults(); } + public function getRolPermissionList($rolId) + { + $rolRecord = $this->find($rolId); + $result = []; + + foreach ($rolRecord->rules as $section => $permissions) { + if (!is_null($permissions)) { + foreach ($permissions as $permission) { + $result[$section . "." . $permission] = "Can " . $permission; + } + // Add menu visibility permission (automatic management) + $result[$section . ".menu"] = "Menu shall be visualize"; + } + } + return $result; + } + + public function getRolesPermissionMatrix() + { + $rolesRecord = $this->findAll(); + $result = []; + + foreach ($rolesRecord as $rolRecord) { + $rolePermissions = []; + foreach ($rolRecord->rules as $section => $permissions) { + foreach ($permissions as $permission) { + $rolePermissions[] = $section . "." . $permission; + } + // Add menu visibility permission (automatic management) + $rolePermissions[] = $section . ".menu"; + } + $result[$rolRecord->keyword] = $rolePermissions; + } + return $result; + } + + + public function getRolesList() + { + $rolesRecord = $this->findAll(); + $result = []; + + foreach ($rolesRecord as $rolRecord) { + $result[$rolRecord->keyword] = array( + 'title' => $rolRecord->title, + 'description' => $rolRecord->description + ); + } + return $result; + } + + } diff --git a/ci4/app/Models/Usuarios/PermisosModel.php b/ci4/app/Models/Usuarios/PermisosModel.php index bfb72f37..aa391b76 100644 --- a/ci4/app/Models/Usuarios/PermisosModel.php +++ b/ci4/app/Models/Usuarios/PermisosModel.php @@ -59,34 +59,22 @@ class PermisosModel extends \App\Models\BaseModel ]; - /** - * Get resource data. - * - * @param string $search - * - * @return \CodeIgniter\Database\BaseBuilder - */ - public function getResource(string $search = "") - { - $builder = $this->db - ->table($this->table . " t1") - ->select( - "t1.id AS id, t1.keyword AS keyword, t1.name AS name, t1.description AS description, t1.rules AS rules, - t1.token AS token, t1.created_at AS created_at, t1.updated_at AS updated_at" - ); - return empty($search) - ? $builder - : $builder - ->groupStart() - ->like("t1.id", $search) - ->orLike("t1.keyword", $search) - ->orLike("t1.name", $search) - ->orLike("t1.description", $search) - ->orLike("t1.rules", $search) - ->orLike("t1.created_at", $search) - ->orLike("t1.updated_at", $search) - ->groupEnd(); + public function getPermissionsList() + { + $allRecords = $this->findAll(); + $result = []; + foreach ($allRecords as $record) { + foreach ($record->rules as $section => $permissions) { + foreach ($permissions as $permission) { + $result[$section . "." . $permission] = "Can " . $permission; + } + // Add menu visibility permission (automatic management) + $result[$section . ".menu"] = "Menu shall be visualize"; + } + } + return $result; } + } diff --git a/ci4/app/Views/themes/backend/vuexy/form/group/viewUserGroupForm.php b/ci4/app/Views/themes/backend/vuexy/form/group/viewUserGroupForm.php index d136000b..45bafee2 100755 --- a/ci4/app/Views/themes/backend/vuexy/form/group/viewUserGroupForm.php +++ b/ci4/app/Views/themes/backend/vuexy/form/group/viewUserGroupForm.php @@ -21,8 +21,8 @@ - +
-

name) ?>

+

title) ?>

diff --git a/ci4/app/Views/themes/backend/vuexy/main/menu_impresion.php b/ci4/app/Views/themes/backend/vuexy/main/menu_impresion.php index 1667cd7c..f83b8e3c 100755 --- a/ci4/app/Views/themes/backend/vuexy/main/menu_impresion.php +++ b/ci4/app/Views/themes/backend/vuexy/main/menu_impresion.php @@ -482,11 +482,7 @@
">
-
  • - " class="menu-link"> -
    ">
    -     -
    • +
  • ">