From 2d0732c2188dafd6aa7cfc12f263db3f3efa6aad Mon Sep 17 00:00:00 2001 From: imnavajas Date: Tue, 18 Jun 2024 22:33:07 +0200 Subject: [PATCH 1/4] =?UTF-8?q?A=C3=B1adidas=20tarifas=20extras,=20trabaja?= =?UTF-8?q?ndo=20en=20permisos=20de=20tarifas?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ci4/app/Config/RBAC/permissionMatrix.php | 4 ++ ci4/app/Config/RBAC/permissionMatrix.php.old | 28 ------------- ci4/app/Config/RBAC/permissions.php | 4 ++ ci4/app/Config/RBAC/permissions.php.old | 11 ----- ci4/app/Config/RBAC/roles.json | 22 ---------- ci4/app/Config/RBAC/roles.php.old | 23 ----------- ci4/app/Controllers/Home.php | 2 +- .../Tarifas/Tarifapreimpresion.php | 8 ++++ ci4/app/Language/es/RolesPermisos.php | 1 + .../Views/themes/vuexy/form/home/viewHome.php | 41 +++++++++++++++++++ .../vuexy/main/menus/configuracion_menu.php | 2 +- .../themes/vuexy/main/menus/tarifas_menu.php | 7 ++++ 12 files changed, 67 insertions(+), 86 deletions(-) delete mode 100644 ci4/app/Config/RBAC/permissionMatrix.php.old delete mode 100644 ci4/app/Config/RBAC/permissions.php.old delete mode 100644 ci4/app/Config/RBAC/roles.json delete mode 100644 ci4/app/Config/RBAC/roles.php.old create mode 100644 ci4/app/Views/themes/vuexy/form/home/viewHome.php diff --git a/ci4/app/Config/RBAC/permissionMatrix.php b/ci4/app/Config/RBAC/permissionMatrix.php index 34d9b554..0eea467b 100644 --- a/ci4/app/Config/RBAC/permissionMatrix.php +++ b/ci4/app/Config/RBAC/permissionMatrix.php @@ -41,6 +41,10 @@ const SK_PERMISSION_MATRIX = [ "tarifa-envio.edit", "tarifa-envio.delete", "tarifa-envio.menu", + "tarifa-extra.create", + "tarifa-extra.edit", + "tarifa-extra.delete", + "tarifa-extra.menu", "proveedores.create", "proveedores.edit", "proveedores.delete", diff --git a/ci4/app/Config/RBAC/permissionMatrix.php.old b/ci4/app/Config/RBAC/permissionMatrix.php.old deleted file mode 100644 index 204d15f2..00000000 --- a/ci4/app/Config/RBAC/permissionMatrix.php.old +++ /dev/null @@ -1,28 +0,0 @@ - [ - "admin.*", - "users.*", - "beta.*" - ], - "admin"=> [ - "admin.access", - "users.create", - "users.edit", - "users.delete", - "beta.access" - ], - "developer"=> [ - "admin.access", - "admin.settings", - "users.create", - "users.edit", - "beta.access" - ], - "user"=> [ - "users.list" - ], - "beta"=> [ - "beta.access" - ] -]; \ No newline at end of file diff --git a/ci4/app/Config/RBAC/permissions.php b/ci4/app/Config/RBAC/permissions.php index eb5f7f39..f1f4f727 100644 --- a/ci4/app/Config/RBAC/permissions.php +++ b/ci4/app/Config/RBAC/permissions.php @@ -41,6 +41,10 @@ const SK_PERMISSIONS = [ 'tarifa-envio.edit' => 'Can edit', 'tarifa-envio.delete' => 'Can delete', 'tarifa-envio.menu' => 'Menu shall be visualize', + 'tarifa-extra.create' => 'Can create', + 'tarifa-extra.edit' => 'Can edit', + 'tarifa-extra.delete' => 'Can delete', + 'tarifa-extra.menu' => 'Menu shall be visualize', 'proveedores.create' => 'Can create', 'proveedores.edit' => 'Can edit', 'proveedores.delete' => 'Can delete', diff --git a/ci4/app/Config/RBAC/permissions.php.old b/ci4/app/Config/RBAC/permissions.php.old deleted file mode 100644 index 7981a017..00000000 --- a/ci4/app/Config/RBAC/permissions.php.old +++ /dev/null @@ -1,11 +0,0 @@ - 'Can access the sites admin area', - 'admin.settings' => 'Can access the main site settings', - 'users.manage-admins' => 'Can manage other admins', - 'users.list' => 'Can list user stuff', - 'users.create' => 'Can create new non-admin users', - 'users.edit' => 'Can edit existing non-admin users', - 'users.delete' => 'Can delete existing non-admin users', - 'beta.access' => 'Can access beta-level features', -]; \ No newline at end of file diff --git a/ci4/app/Config/RBAC/roles.json b/ci4/app/Config/RBAC/roles.json deleted file mode 100644 index a95d9582..00000000 --- a/ci4/app/Config/RBAC/roles.json +++ /dev/null @@ -1,22 +0,0 @@ -{ - "superadmin": { - "title": "Super Admin", - "description": "Complete control of the site." - }, - "admin": { - "title": "Admin", - "description": "Day to day administrators of the site." - }, - "developer": { - "title": "Developer", - "description": "Site programmers." - }, - "user": { - "title": "User", - "description": "General users of the site. Often customers." - }, - "beta": { - "title": "Beta User", - "description": "Has access to beta-level features." - } -} \ No newline at end of file diff --git a/ci4/app/Config/RBAC/roles.php.old b/ci4/app/Config/RBAC/roles.php.old deleted file mode 100644 index 37505ff7..00000000 --- a/ci4/app/Config/RBAC/roles.php.old +++ /dev/null @@ -1,23 +0,0 @@ - [ - 'title' => 'Super Admin', - 'description' => 'Complete control of the site.', - ], - 'admin' => [ - 'title' => 'Admin', - 'description' => 'Day to day administrators of the site.', - ], - 'developer' => [ - 'title' => 'Developer', - 'description' => 'Site programmers.', - ], - 'user' => [ - 'title' => 'User', - 'description' => 'General users of the site. Often customers.', - ], - 'beta' => [ - 'title' => 'Beta User', - 'description' => 'Has access to beta-level features.', - ], -]; \ No newline at end of file diff --git a/ci4/app/Controllers/Home.php b/ci4/app/Controllers/Home.php index 081ceba4..2da1bfc2 100755 --- a/ci4/app/Controllers/Home.php +++ b/ci4/app/Controllers/Home.php @@ -17,7 +17,7 @@ class Home extends BaseController public function index() { - echo view(getenv('theme.path') . 'main/defaultlayout'); + echo view(getenv('theme.path') . 'form/home/viewHome'); } diff --git a/ci4/app/Controllers/Tarifas/Tarifapreimpresion.php b/ci4/app/Controllers/Tarifas/Tarifapreimpresion.php index 429bcc19..9dc5c083 100755 --- a/ci4/app/Controllers/Tarifas/Tarifapreimpresion.php +++ b/ci4/app/Controllers/Tarifas/Tarifapreimpresion.php @@ -40,6 +40,10 @@ class Tarifapreimpresion extends \App\Controllers\GoBaseController public function index() { + if(!auth()->user()->can('tarifa-preimpresion.menu')){ + $message = "No tiene permisos de acceso"; + return redirect()->to(route_to('home'))->with('errorMessage', $message); + } $this->viewData['usingClientSideDataTable'] = true; @@ -51,6 +55,10 @@ class Tarifapreimpresion extends \App\Controllers\GoBaseController public function add() { + if(!auth()->user()->can('tarifa-preimpresion.create')){ + $message = "No tiene permisos de acceso"; + return redirect()->to(route_to($this->indexRoute))->with('errorMessage', $message); + } diff --git a/ci4/app/Language/es/RolesPermisos.php b/ci4/app/Language/es/RolesPermisos.php index 9bb17931..d09ccf35 100644 --- a/ci4/app/Language/es/RolesPermisos.php +++ b/ci4/app/Language/es/RolesPermisos.php @@ -34,6 +34,7 @@ return [ 'tarifaAcabadoSection' => 'Tarifas de acabado', 'tarifaEncuadernacionSection' => 'Tarifas de encuadernación', 'tarifaEnvioSection' => 'Tarifas de envio', + 'tarifaExtraSection' => 'Tarifas extra', 'proveedoresSection' => 'Proveedores', 'paisesSection' => 'Países', 'maquinasSection' => 'Máquinas', diff --git a/ci4/app/Views/themes/vuexy/form/home/viewHome.php b/ci4/app/Views/themes/vuexy/form/home/viewHome.php new file mode 100644 index 00000000..bbae5840 --- /dev/null +++ b/ci4/app/Views/themes/vuexy/form/home/viewHome.php @@ -0,0 +1,41 @@ +include('themes/_commonPartialsBs/_confirm2delete') ?> +extend('themes/vuexy/main/defaultlayout') ?> + +section('content'); ?> + +
+
+ +
+
+

Inicio

+
+
+ + +
+
+ +
+
+
+
+ + +endSection() ?> + + +section('additionalInlineJs') ?> + +endSection() ?> + + +section('css') ?> + +endSection() ?> + + +section('additionalExternalJs') ?> + +endSection() ?> + diff --git a/ci4/app/Views/themes/vuexy/main/menus/configuracion_menu.php b/ci4/app/Views/themes/vuexy/main/menus/configuracion_menu.php index 83ca3f39..c061363c 100644 --- a/ci4/app/Views/themes/vuexy/main/menus/configuracion_menu.php +++ b/ci4/app/Views/themes/vuexy/main/menus/configuracion_menu.php @@ -77,7 +77,7 @@ if ( user()->can('series-facturas.menu')) { ?>
  • " class="menu-link"> - +
    • diff --git a/ci4/app/Views/themes/vuexy/main/menus/tarifas_menu.php b/ci4/app/Views/themes/vuexy/main/menus/tarifas_menu.php index d3f01f87..6bf1eb26 100644 --- a/ci4/app/Views/themes/vuexy/main/menus/tarifas_menu.php +++ b/ci4/app/Views/themes/vuexy/main/menus/tarifas_menu.php @@ -52,6 +52,13 @@ if ( + user()->can('tarifa-extra.menu')) { ?> +
  • + " class="menu-link"> + + +
    • + \ No newline at end of file From 108899c79607493ce8ae8c97c279428fda2a056c Mon Sep 17 00:00:00 2001 From: imnavajas Date: Tue, 2 Jul 2024 01:01:42 +0200 Subject: [PATCH 2/4] Actualizacion automatica: 2024-07-02 01:01:40 --- ci4/app/Config/RBAC/permissionMatrix.php | 4 - ci4/app/Config/RBAC/roles.json | 22 +++++ .../Controllers/BaseResourceController.php | 96 ++++++++++++------- .../Controllers/Tarifas/Tarifaimpresion.php | 35 ------- .../Tarifas/Tarifasencuadernacion.php | 12 ++- ci4/app/Controllers/Tarifas/Tarifasenvios.php | 15 ++- .../Controllers/Tarifas/Tarifasmanipulado.php | 2 + 7 files changed, 104 insertions(+), 82 deletions(-) create mode 100644 ci4/app/Config/RBAC/roles.json delete mode 100755 ci4/app/Controllers/Tarifas/Tarifaimpresion.php diff --git a/ci4/app/Config/RBAC/permissionMatrix.php b/ci4/app/Config/RBAC/permissionMatrix.php index 0eea467b..7199995c 100644 --- a/ci4/app/Config/RBAC/permissionMatrix.php +++ b/ci4/app/Config/RBAC/permissionMatrix.php @@ -21,10 +21,6 @@ const SK_PERMISSION_MATRIX = [ "presupuesto-cliente.edit", "presupuesto-cliente.delete", "presupuesto-cliente.menu", - "tarifa-preimpresion.create", - "tarifa-preimpresion.edit", - "tarifa-preimpresion.delete", - "tarifa-preimpresion.menu", "tarifa-manipulado.create", "tarifa-manipulado.edit", "tarifa-manipulado.delete", diff --git a/ci4/app/Config/RBAC/roles.json b/ci4/app/Config/RBAC/roles.json new file mode 100644 index 00000000..a95d9582 --- /dev/null +++ b/ci4/app/Config/RBAC/roles.json @@ -0,0 +1,22 @@ +{ + "superadmin": { + "title": "Super Admin", + "description": "Complete control of the site." + }, + "admin": { + "title": "Admin", + "description": "Day to day administrators of the site." + }, + "developer": { + "title": "Developer", + "description": "Site programmers." + }, + "user": { + "title": "User", + "description": "General users of the site. Often customers." + }, + "beta": { + "title": "Beta User", + "description": "Has access to beta-level features." + } +} \ No newline at end of file diff --git a/ci4/app/Controllers/BaseResourceController.php b/ci4/app/Controllers/BaseResourceController.php index f20fc524..68c0d9d3 100644 --- a/ci4/app/Controllers/BaseResourceController.php +++ b/ci4/app/Controllers/BaseResourceController.php @@ -43,23 +43,23 @@ abstract class BaseResourceController extends \CodeIgniter\RESTful\ResourceContr */ protected static $pluralObjectName; - /** + /** * Path for the views directory for the extending view controller - * - * @var string + * + * @var string */ protected static $viewPath; - + /** * JJO: Variable para indicar si el controlador hace soft_delete o no - * + * * @var bool */ public $soft_delete = false; /** * JJO: Variable quién puede ver los registros borrados - * + * * 0 -> Not Deleted * 1 -> Soft Deleted, shows up in lists of deleted items for management users * 2 -> Soft Deleted, does not show up for any user except admin users @@ -123,13 +123,36 @@ abstract class BaseResourceController extends \CodeIgniter\RESTful\ResourceContr $this->viewData['usingSweetAlert'] = true; $this->viewData['viewPath'] = static::$viewPath; - + $this->viewData['currentLocale'] = $this->request->getLocale(); /* IMN */ $this->viewData['alertStyle'] = $this->alertStyle; } + protected function checkPermission($sectionPermission, $redirectRoute = NULL) + { + // TODO ojo, con no redirigir al indexRoute, que se crea bucle!!! + if (!auth()->user()->can($sectionPermission)) { + $this->session->setFlashdata('errorMessage', "No tiene permisos de acceso"); + if (is_null($redirectRoute)) { + return $this->response->redirect(route_to('home')); + } else { + return $this->response->redirect(route_to($redirectRoute)); + } + } + } + + protected function checkPermissionAJAX($sectionPermission) + { + + if (!auth()->user()->can($sectionPermission)) { + return $this->fail('Error'); + } + + } + + /** * Convenience method to display the form of a module * @param $forMethod @@ -159,7 +182,7 @@ abstract class BaseResourceController extends \CodeIgniter\RESTful\ResourceContr } if (!isset($this->viewData['formAction'])) { - $this->viewData['formAction'] = base_url(strtolower($this->viewData['currentModule']) . '/' . $formActionSuffix . '/' . $action ); + $this->viewData['formAction'] = base_url(strtolower($this->viewData['currentModule']) . '/' . $formActionSuffix . '/' . $action); } if ((!isset($this->viewData['boxTitle']) || empty($this->viewData['boxTitle'])) && isset(static::$singularObjectName) && !empty(static::$singularObjectName)) { @@ -223,29 +246,28 @@ abstract class BaseResourceController extends \CodeIgniter\RESTful\ResourceContr public function delete($id = null) { if (!empty(static::$pluralObjectNameCc) && !empty(static::$singularObjectNameCc)) { - $objName = mb_strtolower(lang(ucfirst(static::$pluralObjectNameCc).'.'.static::$singularObjectNameCc)); + $objName = mb_strtolower(lang(ucfirst(static::$pluralObjectNameCc) . '.' . static::$singularObjectNameCc)); } else { $objName = lang('Basic.global.record'); } - - if (!$this->soft_delete){ + + if (!$this->soft_delete) { if (!$this->model->delete($id)) { return $this->failNotFound(lang('Basic.global.deleteError', [$objName])); } - } - else{ + } else { $datetime = (new \CodeIgniter\I18n\Time("now")); - $rawResult = $this->model->where('id',$id) - ->set(['deleted_at' => $datetime->format('Y-m-d H:i:s'), - 'is_deleted' => $this->delete_flag]) + $rawResult = $this->model->where('id', $id) + ->set(['deleted_at' => $datetime->format('Y-m-d H:i:s'), + 'is_deleted' => $this->delete_flag]) ->update(); if (!$rawResult) { return $this->failNotFound(lang('Basic.global.deleteError', [$objName])); } } - + // $message = lang('Basic.global.deleteSuccess', [$objName]); IMN commented $message = lang('Basic.global.deleteSuccess', [lang('Basic.global.record')]); $response = $this->respondDeleted(['id' => $id, 'msg' => $message]); @@ -261,20 +283,18 @@ abstract class BaseResourceController extends \CodeIgniter\RESTful\ResourceContr protected function canValidate($customValidationRules = null, $customValidationMessages = null) { - if($customValidationRules == null){ + if ($customValidationRules == null) { $validationRules = $this->model->validationRules ?? $this->formValidationRules ?? null; - } - else{ + } else { $validationRules = $customValidationRules; } if ($validationRules == null) { return true; } - if($customValidationMessages == null){ - $validationErrorMessages = $this->model->validationMessages ?? $this->formValidationErrorMessagess ?? null;; - } - else{ + if ($customValidationMessages == null) { + $validationErrorMessages = $this->model->validationMessages ?? $this->formValidationErrorMessagess ?? null;; + } else { $validationErrorMessages = $customValidationMessages; } @@ -283,7 +303,7 @@ abstract class BaseResourceController extends \CodeIgniter\RESTful\ResourceContr } else { $valid = $this->validate($validationRules); } - + $this->validationErrors = $valid ? '' : $this->validator->getErrors(); /* @@ -303,7 +323,8 @@ abstract class BaseResourceController extends \CodeIgniter\RESTful\ResourceContr * @param array|null $postData * @return array */ - protected function sanitized(array $postData = null, bool $nullIfEmpty = false) { + protected function sanitized(array $postData = null, bool $nullIfEmpty = false) + { if ($postData == null) { $postData = $this->request->getPost(); } @@ -317,7 +338,7 @@ abstract class BaseResourceController extends \CodeIgniter\RESTful\ResourceContr } return $sanitizedData; } - + /** * Custom fail method needed when CSRF token regeneration is on in security settings * @param string|array $messages @@ -326,15 +347,15 @@ abstract class BaseResourceController extends \CodeIgniter\RESTful\ResourceContr * @param string $customMessage * @return mixed */ - protected function failWithNewToken($messages, int $status = 400, string $code = null, string $customMessage = '') { + protected function failWithNewToken($messages, int $status = 400, string $code = null, string $customMessage = '') + { - if (! is_array($messages)) - { + if (!is_array($messages)) { $messages = ['error' => $messages]; } $response = [ - 'status' => $status, - 'error' => $status, + 'status' => $status, + 'error' => $status, 'messages' => $messages, csrf_token() => csrf_hash() ]; @@ -360,7 +381,8 @@ abstract class BaseResourceController extends \CodeIgniter\RESTful\ResourceContr * Convenience method for common exception handling * @param \Exception $e */ - protected function dealWithException(\Exception $e) { + protected function dealWithException(\Exception $e) + { // using another try / catch block to prevent to avoid CodeIgniter bug throwing trivial exceptions for querying DB errors try { $query = $this->model->db->getLastQuery(); @@ -368,16 +390,16 @@ abstract class BaseResourceController extends \CodeIgniter\RESTful\ResourceContr $dbError = $this->model->db->error(); $userFriendlyErrMsg = lang('Basic.global.persistErr1', [static::$singularObjectNameCc]); if (isset($dbError['code']) && $dbError['code'] == 1062) : - $userFriendlyErrMsg .= PHP_EOL.lang('Basic.global.persistDuplErr', [static::$singularObjectNameCc]); + $userFriendlyErrMsg .= PHP_EOL . lang('Basic.global.persistDuplErr', [static::$singularObjectNameCc]); endif; // $userFriendlyErrMsg = str_replace("'", "\'", $userFriendlyErrMsg); // Uncomment if experiencing unescaped single quote errors - log_message('error', $userFriendlyErrMsg.PHP_EOL.$e->getMessage().PHP_EOL.$queryStr); + log_message('error', $userFriendlyErrMsg . PHP_EOL . $e->getMessage() . PHP_EOL . $queryStr); if (isset($dbError['message']) && !empty($dbError['message'])) : - log_message('error', $dbError['code'].' : '.$dbError['message']); + log_message('error', $dbError['code'] . ' : ' . $dbError['message']); endif; $this->viewData['errorMessage'] = $userFriendlyErrMsg; } catch (\Exception $e2) { - log_message('debug', 'You can probably safely ignore this: In attempt to check DB errors, CodeIgniter threw: '.PHP_EOL.$e2->getMessage()); + log_message('debug', 'You can probably safely ignore this: In attempt to check DB errors, CodeIgniter threw: ' . PHP_EOL . $e2->getMessage()); } } } \ No newline at end of file diff --git a/ci4/app/Controllers/Tarifas/Tarifaimpresion.php b/ci4/app/Controllers/Tarifas/Tarifaimpresion.php deleted file mode 100755 index 4423b12e..00000000 --- a/ci4/app/Controllers/Tarifas/Tarifaimpresion.php +++ /dev/null @@ -1,35 +0,0 @@ - static::$controllerSlug, @@ -73,8 +75,7 @@ class Tarifasencuadernacion extends \App\Controllers\BaseResourceController public function add() { - - + parent::checkPermission('tarifa-encuadernacion.create', $this->indexRoute); if ($this->request->getPost()) : @@ -157,6 +158,7 @@ class Tarifasencuadernacion extends \App\Controllers\BaseResourceController public function edit($requestedId = null) { + parent::checkPermission('tarifa-encuadernacion.create', $this->indexRoute); if ($requestedId == null) : return $this->redirect2listView(); @@ -248,6 +250,12 @@ class Tarifasencuadernacion extends \App\Controllers\BaseResourceController return $this->displayForm(__METHOD__, $id); } // end function edit(...) + /*public function delete($id =null){ + if (!auth()->user()->can('tarifa-encuadernacion.delete')) { + return $this->fail('No tiene permisos'); + } + parent::delete($id); + }*/ public function datatable() { diff --git a/ci4/app/Controllers/Tarifas/Tarifasenvios.php b/ci4/app/Controllers/Tarifas/Tarifasenvios.php index 9bbb02a1..1d239b40 100755 --- a/ci4/app/Controllers/Tarifas/Tarifasenvios.php +++ b/ci4/app/Controllers/Tarifas/Tarifasenvios.php @@ -55,7 +55,10 @@ class Tarifasenvios extends \App\Controllers\BaseResourceController { public function index() { - + + // Check if the user is allowed to list items + parent::checkPermission('tarifa-envio.menu'); + $viewData = [ 'currentModule' => static::$controllerSlug, 'pageSubTitle' => lang('Basic.global.ManageAllRecords', [lang('TarifasEnvios.tarifaEnvio')]), @@ -71,9 +74,8 @@ class Tarifasenvios extends \App\Controllers\BaseResourceController { public function add() { - - + parent::checkPermission('tarifa-envio.create', $this->indexRoute); if ($this->request->getPost()) : @@ -142,6 +144,8 @@ class Tarifasenvios extends \App\Controllers\BaseResourceController { public function edit($requestedId = null) { + parent::checkPermission('tarifa-envio.edit', $this->indexRoute); + if ($requestedId == null) : return $this->redirect2listView(); @@ -227,6 +231,10 @@ class Tarifasenvios extends \App\Controllers\BaseResourceController { // JJO public function delete($id = null) { + if (!auth()->user()->can('tarifa-envio.delete')) { + return $this->fail('Error'); + } + if (!empty(static::$pluralObjectNameCc) && !empty(static::$singularObjectNameCc)) { $objName = mb_strtolower(lang(ucfirst(static::$pluralObjectNameCc).'.'.static::$singularObjectNameCc)); } else { @@ -242,7 +250,6 @@ class Tarifasenvios extends \App\Controllers\BaseResourceController { else{ $datetime = (new \CodeIgniter\I18n\Time("now")); - $zonaModel = new TarifaEnvioZonaModel(); $zonaResult = $zonaModel->removeAllZonasLineas($id, $datetime, $this->delete_flag); diff --git a/ci4/app/Controllers/Tarifas/Tarifasmanipulado.php b/ci4/app/Controllers/Tarifas/Tarifasmanipulado.php index 7528ebf4..f590a476 100755 --- a/ci4/app/Controllers/Tarifas/Tarifasmanipulado.php +++ b/ci4/app/Controllers/Tarifas/Tarifasmanipulado.php @@ -51,6 +51,8 @@ class Tarifasmanipulado extends \App\Controllers\BaseResourceController public function index() { + // Check if the user is allowed to list items + parent::checkPermission('tarifa-manipulado.menu'); $viewData = [ 'currentModule' => static::$controllerSlug, From c8e3dfd8732911a0f29de8a81218bd8908632dee Mon Sep 17 00:00:00 2001 From: imnavajas Date: Tue, 2 Jul 2024 10:40:17 +0200 Subject: [PATCH 3/4] =?UTF-8?q?A=C3=B1adidos=20permisos=20a=20tarifas,=20s?= =?UTF-8?q?alvo=20metodo=20delete?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ci4/app/Controllers/BaseController.php | 2 +- .../Controllers/BaseResourceController.php | 25 +------------ ci4/app/Controllers/GoBaseController.php | 2 +- .../Tarifas/Acabados/TarifaAcabados.php | 8 ++++- ci4/app/Controllers/Tarifas/Tarifaextra.php | 12 +++---- .../Controllers/Tarifas/Tarifapapelcompra.php | 35 ------------------- .../Tarifas/Tarifapapeldefecto.php | 35 ------------------- .../Tarifas/Tarifapreimpresion.php | 15 ++------ .../Tarifas/Tarifasencuadernacion.php | 6 ++-- ci4/app/Controllers/Tarifas/Tarifasenvios.php | 10 +++--- .../Controllers/Tarifas/Tarifasmanipulado.php | 11 +++--- ci4/app/Helpers/rbac_helper.php | 26 ++++++++++++++ ci4/app/Language/es/App.php | 1 + .../main/menus/presupuesto_cliente_menu.php | 14 ++++++-- .../themes/vuexy/main/menus/tarifas_menu.php | 3 +- 15 files changed, 69 insertions(+), 136 deletions(-) delete mode 100755 ci4/app/Controllers/Tarifas/Tarifapapelcompra.php delete mode 100755 ci4/app/Controllers/Tarifas/Tarifapapeldefecto.php diff --git a/ci4/app/Controllers/BaseController.php b/ci4/app/Controllers/BaseController.php index f27cea44..de8b1e4c 100755 --- a/ci4/app/Controllers/BaseController.php +++ b/ci4/app/Controllers/BaseController.php @@ -37,7 +37,7 @@ class BaseController extends Controller * * @var array */ - protected $helpers = ['general', 'go_common']; + protected $helpers = ['general', 'go_common', 'rbac']; /** * Constructor. diff --git a/ci4/app/Controllers/BaseResourceController.php b/ci4/app/Controllers/BaseResourceController.php index 68c0d9d3..ce3d7952 100644 --- a/ci4/app/Controllers/BaseResourceController.php +++ b/ci4/app/Controllers/BaseResourceController.php @@ -85,7 +85,7 @@ abstract class BaseResourceController extends \CodeIgniter\RESTful\ResourceContr * * @var array */ - protected $helpers = ['session', 'go_common', 'form', 'text', 'general']; //JJO + protected $helpers = ['session', 'go_common', 'form', 'text', 'general', 'rbac']; //JJO /** * Initializer method. @@ -130,29 +130,6 @@ abstract class BaseResourceController extends \CodeIgniter\RESTful\ResourceContr $this->viewData['alertStyle'] = $this->alertStyle; } - protected function checkPermission($sectionPermission, $redirectRoute = NULL) - { - // TODO ojo, con no redirigir al indexRoute, que se crea bucle!!! - if (!auth()->user()->can($sectionPermission)) { - $this->session->setFlashdata('errorMessage', "No tiene permisos de acceso"); - if (is_null($redirectRoute)) { - return $this->response->redirect(route_to('home')); - } else { - return $this->response->redirect(route_to($redirectRoute)); - } - } - } - - protected function checkPermissionAJAX($sectionPermission) - { - - if (!auth()->user()->can($sectionPermission)) { - return $this->fail('Error'); - } - - } - - /** * Convenience method to display the form of a module * @param $forMethod diff --git a/ci4/app/Controllers/GoBaseController.php b/ci4/app/Controllers/GoBaseController.php index 61dc5e64..669b0368 100755 --- a/ci4/app/Controllers/GoBaseController.php +++ b/ci4/app/Controllers/GoBaseController.php @@ -139,7 +139,7 @@ abstract class GoBaseController extends Controller { * * @var array */ - protected $helpers = ['session', 'go_common', 'text', 'general','jwt']; //JJO + protected $helpers = ['session', 'go_common', 'text', 'general','jwt', 'rbac']; //JJO public static $queries = []; diff --git a/ci4/app/Controllers/Tarifas/Acabados/TarifaAcabados.php b/ci4/app/Controllers/Tarifas/Acabados/TarifaAcabados.php index 04bd3460..3c1c7236 100644 --- a/ci4/app/Controllers/Tarifas/Acabados/TarifaAcabados.php +++ b/ci4/app/Controllers/Tarifas/Acabados/TarifaAcabados.php @@ -48,6 +48,8 @@ class TarifaAcabados extends BaseResourceController public function index() { + checkPermission('tarifa-acabado.menu'); + $viewData = [ 'currentModule' => static::$controllerSlug, 'pageSubTitle' => lang('Basic.global.ManageAllRecords', [lang('Tarifaacabado.tarifaacabado')]), @@ -64,6 +66,8 @@ class TarifaAcabados extends BaseResourceController public function add() { + checkPermission('tarifa-acabado.create', $this->indexRoute); + if ($this->request->getPost()) : $nullIfEmpty = true; // !(phpversion() >= '8.1'); @@ -133,8 +137,10 @@ class TarifaAcabados extends BaseResourceController return $this->displayForm(__METHOD__); } // end function add() - public function edit($requestedId = null) { + public function edit($requestedId = null) + { + checkPermission('tarifa-acabado.edit', $this->indexRoute); if ($requestedId == null) : return $this->redirect2listView(); diff --git a/ci4/app/Controllers/Tarifas/Tarifaextra.php b/ci4/app/Controllers/Tarifas/Tarifaextra.php index 9dd27d9c..1b5591a4 100755 --- a/ci4/app/Controllers/Tarifas/Tarifaextra.php +++ b/ci4/app/Controllers/Tarifas/Tarifaextra.php @@ -40,6 +40,7 @@ class Tarifaextra extends \App\Controllers\GoBaseController public function index() { + checkPermission('tarifa-extra.menu'); $this->viewData['usingClientSideDataTable'] = true; @@ -51,8 +52,7 @@ class Tarifaextra extends \App\Controllers\GoBaseController public function add() { - - + checkPermission('tarifa-extra.create', $this->indexRoute); if ($this->request->getPost()) : @@ -117,6 +117,7 @@ class Tarifaextra extends \App\Controllers\GoBaseController public function edit($requestedId = null) { + checkPermission('tarifa-extra.edit', $this->indexRoute); if ($requestedId == null) : return $this->redirect2listView(); @@ -129,14 +130,10 @@ class Tarifaextra extends \App\Controllers\GoBaseController return $this->redirect2listView('errorMessage', $message); endif; - - if ($this->request->getPost()) : - $nullIfEmpty = true; // !(phpversion() >= '8.1'); - $postData = $this->request->getPost(); - $sanitizedData = $this->sanitized($postData, $nullIfEmpty); + $sanitizedData = $this->sanitized($postData, true); // JJO if (isset($this->model->user_updated_id)) { @@ -192,7 +189,6 @@ class Tarifaextra extends \App\Controllers\GoBaseController return $this->displayForm(__METHOD__, $id); } // end function edit(...) - public function allItemsSelect() { if ($this->request->isAJAX()) { diff --git a/ci4/app/Controllers/Tarifas/Tarifapapelcompra.php b/ci4/app/Controllers/Tarifas/Tarifapapelcompra.php deleted file mode 100755 index f69c8fd5..00000000 --- a/ci4/app/Controllers/Tarifas/Tarifapapelcompra.php +++ /dev/null @@ -1,35 +0,0 @@ -user()->can('tarifa-preimpresion.menu')){ - $message = "No tiene permisos de acceso"; - return redirect()->to(route_to('home'))->with('errorMessage', $message); - } + checkPermission('tarifa-preimpresion.menu'); $this->viewData['usingClientSideDataTable'] = true; $this->viewData['pageSubTitle'] = lang('Basic.global.ManageAllRecords', [lang('Tarifapreimpresion.tarifapreimpresion')]); parent::index(); - } public function add() { - - if(!auth()->user()->can('tarifa-preimpresion.create')){ - $message = "No tiene permisos de acceso"; - return redirect()->to(route_to($this->indexRoute))->with('errorMessage', $message); - } - - + checkPermission('tarifa-preimpresion.create', $this->indexRoute); if ($this->request->getPost()) : @@ -125,6 +115,7 @@ class Tarifapreimpresion extends \App\Controllers\GoBaseController public function edit($requestedId = null) { + checkPermission('tarifa-preimpresion.edit', $this->indexRoute); if ($requestedId == null) : return $this->redirect2listView(); diff --git a/ci4/app/Controllers/Tarifas/Tarifasencuadernacion.php b/ci4/app/Controllers/Tarifas/Tarifasencuadernacion.php index da6ebf94..12e77c70 100755 --- a/ci4/app/Controllers/Tarifas/Tarifasencuadernacion.php +++ b/ci4/app/Controllers/Tarifas/Tarifasencuadernacion.php @@ -56,7 +56,7 @@ class Tarifasencuadernacion extends \App\Controllers\BaseResourceController public function index() { // Check if the user is allowed to list items - parent::checkPermission('tarifa-encuadernacion.menu'); + checkPermission('tarifa-encuadernacion.menu'); $viewData = [ 'currentModule' => static::$controllerSlug, @@ -75,7 +75,7 @@ class Tarifasencuadernacion extends \App\Controllers\BaseResourceController public function add() { - parent::checkPermission('tarifa-encuadernacion.create', $this->indexRoute); + checkPermission('tarifa-encuadernacion.create', $this->indexRoute); if ($this->request->getPost()) : @@ -158,7 +158,7 @@ class Tarifasencuadernacion extends \App\Controllers\BaseResourceController public function edit($requestedId = null) { - parent::checkPermission('tarifa-encuadernacion.create', $this->indexRoute); + checkPermission('tarifa-encuadernacion.edit', $this->indexRoute); if ($requestedId == null) : return $this->redirect2listView(); diff --git a/ci4/app/Controllers/Tarifas/Tarifasenvios.php b/ci4/app/Controllers/Tarifas/Tarifasenvios.php index 1d239b40..452545a9 100755 --- a/ci4/app/Controllers/Tarifas/Tarifasenvios.php +++ b/ci4/app/Controllers/Tarifas/Tarifasenvios.php @@ -57,7 +57,7 @@ class Tarifasenvios extends \App\Controllers\BaseResourceController { public function index() { // Check if the user is allowed to list items - parent::checkPermission('tarifa-envio.menu'); + checkPermission('tarifa-envio.menu'); $viewData = [ 'currentModule' => static::$controllerSlug, @@ -75,7 +75,7 @@ class Tarifasenvios extends \App\Controllers\BaseResourceController { public function add() { - parent::checkPermission('tarifa-envio.create', $this->indexRoute); + checkPermission('tarifa-envio.create', $this->indexRoute); if ($this->request->getPost()) : @@ -144,7 +144,7 @@ class Tarifasenvios extends \App\Controllers\BaseResourceController { public function edit($requestedId = null) { - parent::checkPermission('tarifa-envio.edit', $this->indexRoute); + checkPermission('tarifa-envio.edit', $this->indexRoute); if ($requestedId == null) : @@ -231,9 +231,9 @@ class Tarifasenvios extends \App\Controllers\BaseResourceController { // JJO public function delete($id = null) { - if (!auth()->user()->can('tarifa-envio.delete')) { + /*if (!auth()->user()->can('tarifa-envio.delete')) { return $this->fail('Error'); - } + }*/ if (!empty(static::$pluralObjectNameCc) && !empty(static::$singularObjectNameCc)) { $objName = mb_strtolower(lang(ucfirst(static::$pluralObjectNameCc).'.'.static::$singularObjectNameCc)); diff --git a/ci4/app/Controllers/Tarifas/Tarifasmanipulado.php b/ci4/app/Controllers/Tarifas/Tarifasmanipulado.php index f590a476..29833e50 100755 --- a/ci4/app/Controllers/Tarifas/Tarifasmanipulado.php +++ b/ci4/app/Controllers/Tarifas/Tarifasmanipulado.php @@ -52,7 +52,7 @@ class Tarifasmanipulado extends \App\Controllers\BaseResourceController public function index() { // Check if the user is allowed to list items - parent::checkPermission('tarifa-manipulado.menu'); + checkPermission('tarifa-manipulado.menu'); $viewData = [ 'currentModule' => static::$controllerSlug, @@ -71,8 +71,7 @@ class Tarifasmanipulado extends \App\Controllers\BaseResourceController public function add() { - - + checkPermission('tarifa-manipulado.create', $this->indexRoute); if ($this->request->getPost()) : @@ -142,6 +141,7 @@ class Tarifasmanipulado extends \App\Controllers\BaseResourceController public function edit($requestedId = null) { + checkPermission('tarifa-manipulado.edit', $this->indexRoute); if ($requestedId == null) : return $this->redirect2listView(); @@ -153,16 +153,13 @@ class Tarifasmanipulado extends \App\Controllers\BaseResourceController $message = lang('Basic.global.notFoundWithIdErr', [mb_strtolower(lang('Tarifamanipulado.tarifamanipulado')), $id]); return $this->redirect2listView('sweet-error', $message); endif; - if ($this->request->getPost()) : - $nullIfEmpty = true; // !(phpversion() >= '8.1'); - $postData = $this->request->getPost(); - $sanitizedData = $this->sanitized($postData, $nullIfEmpty); + $sanitizedData = $this->sanitized($postData, true); // JJO if (isset($this->model->user_updated_id)) { diff --git a/ci4/app/Helpers/rbac_helper.php b/ci4/app/Helpers/rbac_helper.php index 04d8f403..6eb65e33 100644 --- a/ci4/app/Helpers/rbac_helper.php +++ b/ci4/app/Helpers/rbac_helper.php @@ -2,6 +2,7 @@ use App\Models\Usuarios\GroupModel; use App\Models\Usuarios\PermisosModel; +use CodeIgniter\HTTP\RedirectResponse; if (!function_exists('generate_php_roles_constant')) { function generate_php_roles_constant() @@ -94,3 +95,28 @@ if (!function_exists('generate_php_permissions_matrix_constant')) { + +if (!function_exists('checkPermission')) { + /** + * Checks if the user has the required permission and redirects accordingly. + * + * @param string $sectionPermission The permission to check. + * @param string|null $redirectRoute The route to redirect to if the permission is not granted. + * @return RedirectResponse|null Redirect response if the user does not have permission, null otherwise. + */ + function checkPermission(string $sectionPermission, string $redirectRoute = null) + { + $session = \Config\Services::session(); + $response = \Config\Services::response(); + + if (!auth()->user()->can($sectionPermission)) { + $session->setFlashdata('errorMessage', "No tiene permisos de acceso"); + + $route = $redirectRoute ?? 'home'; + return $response->redirect(route_to($route)); + } + + return null; + } +} + diff --git a/ci4/app/Language/es/App.php b/ci4/app/Language/es/App.php index 15882bbe..5e607b58 100755 --- a/ci4/app/Language/es/App.php +++ b/ci4/app/Language/es/App.php @@ -742,6 +742,7 @@ return [ "menu_pedidos_todos" => "Todos", "menu_presupuestos" => "Presupuestos", + "menu_presupuestos_clientes" => "Presupuestos (Clientes)", "menu_presupuesto" => "Libros", "menu_presupuesto_buscador" => "Buscador", "menu_libros" => "Libros", diff --git a/ci4/app/Views/themes/vuexy/main/menus/presupuesto_cliente_menu.php b/ci4/app/Views/themes/vuexy/main/menus/presupuesto_cliente_menu.php index b0873ed2..46359e42 100644 --- a/ci4/app/Views/themes/vuexy/main/menus/presupuesto_cliente_menu.php +++ b/ci4/app/Views/themes/vuexy/main/menus/presupuesto_cliente_menu.php @@ -3,14 +3,22 @@ * MENU PRESUPUESTOS VISTA CLIENTES */ if (auth()->user()->inGroup('cliente-admin') - || auth()->user()->inGroup('cliente-editor')) { + || auth()->user()->inGroup('cliente-editor') + || auth()->user()->inGroup('admin') +) { - if (auth()->user()->can('presupuesto-cliente.menu')) { + if (auth()->user()->can('presupuesto-cliente.menu') || auth()->user()->inGroup('admin')) { ?>
  • - + user()->inGroup('admin') ? + lang("App.menu_presupuestos_clientes") : + lang("App.menu_presupuestos") + ); + ?>
    • diff --git a/ci4/app/Views/themes/vuexy/main/menus/tarifas_menu.php b/ci4/app/Views/themes/vuexy/main/menus/tarifas_menu.php index 6bf1eb26..5705c3e4 100644 --- a/ci4/app/Views/themes/vuexy/main/menus/tarifas_menu.php +++ b/ci4/app/Views/themes/vuexy/main/menus/tarifas_menu.php @@ -7,7 +7,8 @@ if ( auth()->user()->can('tarifa-manipulado.menu') || auth()->user()->can('tarifa-acabado.menu') || auth()->user()->can('tarifa-encuadernacion.menu') || - auth()->user()->can('tarifa-envio.menu') + auth()->user()->can('tarifa-envio.menu') || + auth()->user()->can('tarifa-extra.menu') ) { ?> From d1495534e0ebdf015d782a8e4a5fa73fad2034f9 Mon Sep 17 00:00:00 2001 From: imnavajas Date: Tue, 2 Jul 2024 14:07:01 +0200 Subject: [PATCH 4/4] Instalada libreria de PHP para Excel y hecho primer ejemplo de creacion de excel. Esta hecho el excel de giros de SK (encabezados + dummy data --- ci4/app/Config/Routes.php | 8 +++ ci4/app/Controllers/Excel/PrintGiros.php | 82 ++++++++++++++++++++++++ 2 files changed, 90 insertions(+) create mode 100644 ci4/app/Controllers/Excel/PrintGiros.php diff --git a/ci4/app/Config/Routes.php b/ci4/app/Config/Routes.php index 9b02775c..5b9bd98c 100644 --- a/ci4/app/Config/Routes.php +++ b/ci4/app/Config/Routes.php @@ -667,6 +667,14 @@ $routes->group( } ); +$routes->group( + 'export-giros', + ['namespace' => 'App\Controllers\Excel'], + function ($routes) { + $routes->get('generar/(:num)', 'PrintGiros::generateExcel/$1', ['as' => 'girosToExcel']); + } +); + $routes->group( 'buscadorpresupuestos', ['namespace' => 'App\Controllers\Presupuestos'], diff --git a/ci4/app/Controllers/Excel/PrintGiros.php b/ci4/app/Controllers/Excel/PrintGiros.php new file mode 100644 index 00000000..faa34f14 --- /dev/null +++ b/ci4/app/Controllers/Excel/PrintGiros.php @@ -0,0 +1,82 @@ +getActiveSheet(); + + // Especificar encabezados + $headers = [ + 'BIC (SWIFT)*', + 'FECHA FIRMA MANDATO*', + 'IBAN*', + 'IMPORTE*', + 'NOMBRE*', + 'PAIS*', + 'REFERENCIA DEL ADEUDO (REFADEUDO)*', + 'REFERENCIA*', + 'REFERENCIA DEL MANDATO (REMANDATO)*', + 'RESIDENTE*', + 'TIPO DE ADEUDO*', + 'FECHA DE COBRO*', + 'DIAS*' + ]; + + // Establecer los encabezados en la primera fila + $column = 'A'; + foreach ($headers as $header) { + $sheet->setCellValue($column . '1', $header); + $column++; + } + + // Generar datos dummy + $dummyData = [ + ['ABCDEF12', '2024-01-01', 'ES1234567890123456789012', 100.50, 'John Doe', 'Spain', 'REF001', '12345', 'MAND001', 'Yes', 'Type1', '2024-02-01', 30], + ['GHIJKL34', '2024-02-01', 'ES9876543210987654321098', 200.75, 'Jane Smith', 'France', 'REF002', '67890', 'MAND002', 'No', 'Type2', '2024-03-01', 60], + // Añade más datos dummy según sea necesario + ]; + + // Rellenar las filas con datos dummy + $rowNumber = 2; // Empezar en la segunda fila + foreach ($dummyData as $row) { + $column = 'A'; + foreach ($row as $cell) { + $sheet->setCellValue($column . $rowNumber, $cell); + $column++; + } + $rowNumber++; + } + + // Ajustar automáticamente el tamaño de las columnas + foreach (range('A', $column) as $col) { + $sheet->getColumnDimension($col)->setAutoSize(true); + } + + // Crear un escritor para guardar el archivo + $writer = new Xlsx($spreadsheet); + + // Configurar la respuesta para descarga + $fileName = 'giros_reporte.xlsx'; + header('Content-Type: application/vnd.openxmlformats-officedocument.spreadsheetml.sheet'); + header('Content-Disposition: attachment;filename="' . $fileName . '"'); + header('Cache-Control: max-age=0'); + + // Escribir el archivo a la salida + $writer->save('php://output'); + exit; + + } + +} \ No newline at end of file