From 98fb8535917989633249bf9d3856f8ebf82ea71a Mon Sep 17 00:00:00 2001 From: Ibnu Maksum Date: Fri, 16 Feb 2024 14:52:49 +0700 Subject: [PATCH] set Permission --- install/phpnuxbill.sql | 1 + system/controllers/customers.php | 14 +++++++--- system/controllers/prepaid.php | 22 ++++++++++++--- system/controllers/reports.php | 4 --- system/lan/english.json | 6 +++- system/updates.json | 21 ++++++++------ ui/ui/sections/header.tpl | 47 +++++++++++++++----------------- 7 files changed, 68 insertions(+), 47 deletions(-) diff --git a/install/phpnuxbill.sql b/install/phpnuxbill.sql index b598b2b5..98ae076e 100644 --- a/install/phpnuxbill.sql +++ b/install/phpnuxbill.sql @@ -193,6 +193,7 @@ ALTER TABLE `tbl_users` ADD `root` INT NOT NULL DEFAULT '0' COMMENT 'for sub acc ALTER TABLE `tbl_users` CHANGE `user_type` `user_type` ENUM('SuperAdmin','Admin','Report','Agent','Sales') CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL; ALTER TABLE `tbl_users` CHANGE `password` `password` VARCHAR(64) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL; ALTER TABLE `tbl_users` ADD `phone` VARCHAR(32) NOT NULL DEFAULT '' AFTER `password`, ADD `email` VARCHAR(128) NOT NULL DEFAULT '' AFTER `phone`, ADD `city` VARCHAR(64) NOT NULL DEFAULT '' COMMENT 'kota' AFTER `email`, ADD `subdistrict` VARCHAR(64) NOT NULL DEFAULT '' COMMENT 'kecamatan' AFTER `city`, ADD `ward` VARCHAR(64) NOT NULL DEFAULT '' COMMENT 'kelurahan' AFTER `subdistrict`; +ALTER TABLE `tbl_customers` ADD `created_by` INT NOT NULL DEFAULT '0' AFTER `auto_renewal`; ALTER TABLE `tbl_appconfig` ADD PRIMARY KEY (`id`); diff --git a/system/controllers/customers.php b/system/controllers/customers.php index 330a4693..9cf7daad 100644 --- a/system/controllers/customers.php +++ b/system/controllers/customers.php @@ -14,10 +14,6 @@ $admin = Admin::_info(); $ui->assign('_admin', $admin); -if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) { - r2(U . "dashboard", 'e', Lang::T('You do not have permission to access this page')); -} - switch ($action) { case 'list': $search = _post('search'); @@ -49,6 +45,9 @@ switch ($action) { break; case 'csv': + if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) { + r2(U . "dashboard", 'e', Lang::T('You do not have permission to access this page')); + } $cs = ORM::for_table('tbl_customers') ->select('tbl_customers.id', 'id') ->select('tbl_customers.username', 'username') @@ -100,6 +99,9 @@ switch ($action) { } r2(U . 'customers/view/' . $id_customer, 'e', 'Cannot find active plan'); case 'deactivate': + if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) { + r2(U . "dashboard", 'e', Lang::T('You do not have permission to access this page')); + } $id_customer = $routes['2']; $b = ORM::for_table('tbl_user_recharges')->where('customer_id', $id_customer)->find_one(); if ($b) { @@ -209,6 +211,9 @@ switch ($action) { break; case 'delete': + if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) { + r2(U . "dashboard", 'e', Lang::T('You do not have permission to access this page')); + } $id = $routes['2']; run_hook('delete_customer'); #HOOK $d = ORM::for_table('tbl_customers')->find_one($id); @@ -290,6 +295,7 @@ switch ($action) { $d->email = $email; $d->fullname = $fullname; $d->address = $address; + $d->created_by = $admin['id']; $d->phonenumber = Lang::phoneFormat($phonenumber); $d->service_type = $service_type; $d->save(); diff --git a/system/controllers/prepaid.php b/system/controllers/prepaid.php index a9ba3b70..83759307 100644 --- a/system/controllers/prepaid.php +++ b/system/controllers/prepaid.php @@ -13,10 +13,6 @@ $action = $routes['1']; $admin = Admin::_info(); $ui->assign('_admin', $admin); -if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin', 'Sales'])) { - r2(U . "dashboard", 'e', Lang::T('You do not have permission to access this page')); -} - $select2_customer = << document.addEventListener("DOMContentLoaded", function(event) { @@ -38,6 +34,9 @@ EOT; switch ($action) { case 'sync': + if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) { + r2(U . "dashboard", 'e', Lang::T('You do not have permission to access this page')); + } set_time_limit(-1); $plans = ORM::for_table('tbl_user_recharges')->where('status', 'on')->find_many(); $log = ''; @@ -167,6 +166,9 @@ switch ($action) { break; case 'edit': + if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin', 'Agent'])) { + r2(U . "dashboard", 'e', Lang::T('You do not have permission to access this page')); + } $id = $routes['2']; $d = ORM::for_table('tbl_user_recharges')->find_one($id); if ($d) { @@ -182,6 +184,9 @@ switch ($action) { break; case 'delete': + if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) { + r2(U . "dashboard", 'e', Lang::T('You do not have permission to access this page')); + } $id = $routes['2']; $d = ORM::for_table('tbl_user_recharges')->find_one($id); if ($d) { @@ -208,6 +213,9 @@ switch ($action) { break; case 'edit-post': + if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) { + r2(U . "dashboard", 'e', Lang::T('You do not have permission to access this page')); + } $username = _post('username'); $id_plan = _post('id_plan'); $recharged_on = _post('recharged_on'); @@ -295,6 +303,9 @@ switch ($action) { break; case 'remove-voucher': + if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) { + r2(U . "dashboard", 'e', Lang::T('You do not have permission to access this page')); + } $d = ORM::for_table('tbl_voucher')->where_equal('status', '1')->findMany(); if ($d) { $jml = 0; @@ -463,6 +474,9 @@ switch ($action) { break; case 'voucher-delete': + if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin'])) { + r2(U . "dashboard", 'e', Lang::T('You do not have permission to access this page')); + } $id = $routes['2']; run_hook('delete_voucher'); #HOOK $d = ORM::for_table('tbl_voucher')->find_one($id); diff --git a/system/controllers/reports.php b/system/controllers/reports.php index dd4c8192..86b81481 100644 --- a/system/controllers/reports.php +++ b/system/controllers/reports.php @@ -13,10 +13,6 @@ $action = $routes['1']; $admin = Admin::_info(); $ui->assign('_admin', $admin); -if (!in_array($admin['user_type'], ['SuperAdmin', 'Admin', 'Sales'])) { - r2(U . "dashboard", 'e', Lang::T('You do not have permission to access this page')); -} - $mdate = date('Y-m-d'); $mtime = date('H:i:s'); $tdate = date('Y-m-d', strtotime('today - 30 days')); diff --git a/system/lan/english.json b/system/lan/english.json index 528239f5..b976ab02 100644 --- a/system/lan/english.json +++ b/system/lan/english.json @@ -404,5 +404,9 @@ "Add User": "Add User", "Username should be between 3 to 45 characters": "Username should be between 3 to 45 characters", "Password should be minimum 6 characters": "Password should be minimum 6 characters", - "Login": "Login" + "Login": "Login", + "SuperAdmin": "SuperAdmin", + "Admin": "Admin", + "Report": "Report", + "Agent": "Agent" } \ No newline at end of file diff --git a/system/updates.json b/system/updates.json index 8161740f..bdf00988 100644 --- a/system/updates.json +++ b/system/updates.json @@ -11,35 +11,35 @@ "ALTER TABLE `tbl_transactions` CHANGE `type` `type` ENUM('Hotspot','PPPOE','Balance') CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL;", "ALTER TABLE `tbl_customers` ADD `auto_renewal` tinyint(1) NOT NULL DEFAULT 1 COMMENT 'Auto renewall using balance' AFTER `balance`;" ], - "2023.8.23" : [ + "2023.8.23": [ "ALTER TABLE `tbl_customers` CHANGE `pppoe_password` `pppoe_password` VARCHAR(45) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL DEFAULT '0' COMMENT 'For PPPOE Login';" ], - "2023.8.28" : [ + "2023.8.28": [ "ALTER TABLE `tbl_user_recharges` ADD `recharged_time` time NOT NULL DEFAULT '00:00:00' AFTER `recharged_on`;", "ALTER TABLE `tbl_transactions` ADD `recharged_time` time NOT NULL DEFAULT '00:00:00' AFTER `recharged_on`;" ], - "2023.9.5" : [ + "2023.9.5": [ "DROP TABLE `tbl_language`;", "ALTER TABLE `tbl_plans` ADD `pool_expired` varchar(40) NOT NULL DEFAULT '' AFTER `pool`;" ], - "2023.9.27" : [ + "2023.9.27": [ "ALTER TABLE `tbl_plans` CHANGE `type` `type` ENUM('Hotspot','PPPOE','Balance','Radius') CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL;", "ALTER TABLE `tbl_transactions` CHANGE `type` `type` ENUM('Hotspot','PPPOE','Balance','Radius') CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL;" ], - "2023.9.28" : [ + "2023.9.28": [ "ALTER TABLE `tbl_plans` CHANGE `type` `type` ENUM('Hotspot','PPPOE','Balance') CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL;", "ALTER TABLE `tbl_transactions` CHANGE `type` `type` ENUM('Hotspot','PPPOE','Balance') CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL;" ], - "2023.10.1" : [ + "2023.10.1": [ "ALTER TABLE `tbl_plans` ADD `is_radius` TINYINT(1) NOT NULL DEFAULT '0' COMMENT '1 is radius' AFTER `routers`; " ], - "2023.10.24" : [ + "2023.10.24": [ "ALTER TABLE `nas` ADD `routers` VARCHAR(32) NOT NULL DEFAULT '' AFTER `description`;" ], "2023.12.15": [ "ALTER TABLE `tbl_customers` ADD `service_type` ENUM('Hotspot','PPPoE','Others') DEFAULT 'Others' COMMENT 'For selecting user type' AFTER `balance`;" ], - "2024.1.11": [ + "2024.1.11": [ "ALTER TABLE `tbl_plans` ADD `allow_purchase` ENUM('yes','no') DEFAULT 'yes' COMMENT 'allow to show package in buy package page' AFTER `enabled`;" ], "2024.2.7": [ @@ -49,8 +49,11 @@ "2024.2.12": [ "ALTER TABLE `tbl_users` CHANGE `user_type` `user_type` ENUM('SuperAdmin','Admin','Report','Agent','Sales') CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL;" ], - "2024.2.15":[ + "2024.2.15": [ "ALTER TABLE `tbl_users` CHANGE `password` `password` VARCHAR(64) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL;", "ALTER TABLE `tbl_users` ADD `phone` VARCHAR(32) NOT NULL DEFAULT '' AFTER `password`, ADD `email` VARCHAR(128) NOT NULL DEFAULT '' AFTER `phone`, ADD `city` VARCHAR(64) NOT NULL DEFAULT '' COMMENT 'kota' AFTER `email`, ADD `subdistrict` VARCHAR(64) NOT NULL DEFAULT '' COMMENT 'kecamatan' AFTER `city`, ADD `ward` VARCHAR(64) NOT NULL DEFAULT '' COMMENT 'kelurahan' AFTER `subdistrict`;" + ], + "2024.2.16": [ + "ALTER TABLE `tbl_customers` ADD `created_by` INT NOT NULL DEFAULT '0' AFTER `auto_renewal`;" ] } \ No newline at end of file diff --git a/ui/ui/sections/header.tpl b/ui/ui/sections/header.tpl index 3c5d8208..5ee3842a 100644 --- a/ui/ui/sections/header.tpl +++ b/ui/ui/sections/header.tpl @@ -67,7 +67,6 @@ Toggle navigation
-
-