From 289aaeaa9f815e7c24703dc55acfc9e1ccc5647c Mon Sep 17 00:00:00 2001 From: Skylar Ittner Date: Fri, 1 Mar 2019 23:37:06 -0700 Subject: [PATCH 1/3] Minor text changes --- action.php | 9 ++++----- static/js/app.js | 3 +-- static/js/form.js | 2 +- 3 files changed, 6 insertions(+), 8 deletions(-) diff --git a/action.php b/action.php index 67b230b..d8b691d 100644 --- a/action.php +++ b/action.php @@ -7,7 +7,6 @@ /** * Make things happen when buttons are pressed and forms submitted. */ - require_once __DIR__ . "/required.php"; if ($VARS['action'] !== "signout") { @@ -22,11 +21,11 @@ if ($VARS['action'] !== "signout") { */ function returnToSender($msg, $arg = "") { global $VARS; - if ($arg == "") { - header("Location: app.php?page=" . urlencode($VARS['source']) . "&msg=" . $msg); - } else { - header("Location: app.php?page=" . urlencode($VARS['source']) . "&msg=$msg&arg=$arg"); + $header = "Location: app.php?page=" . urlencode($VARS['source']) . "&msg=$msg"; + if ($arg != "") { + $header .= "&arg=$arg"; } + header($header); die(); } diff --git a/static/js/app.js b/static/js/app.js index 14b7c2a..8481e43 100644 --- a/static/js/app.js +++ b/static/js/app.js @@ -13,7 +13,7 @@ $(document).ready(function () { var gone = 20; var msgticker = setInterval(function () { - if ($('#msg-alert-box .alert:hover').length) { + if ($("#msg-alert-box .alert:hover").length) { msginteractiontick = 0; } else { msginteractiontick++; @@ -55,7 +55,6 @@ $(document).ready(function () { $("#msg-alert-box").on("mouseenter", function () { $("#msg-alert-box").css("opacity", "1"); msginteractiontick = 0; - console.log("👈😎👈 zoop"); }); $("#msg-alert-box").on("click", ".close", function (e) { $("#msg-alert-box").fadeOut("slow"); diff --git a/static/js/form.js b/static/js/form.js index 21c9f53..265c133 100644 --- a/static/js/form.js +++ b/static/js/form.js @@ -12,5 +12,5 @@ $("#savebtn").click(function (event) { event.preventDefault(); event.stopPropagation(); } - form.addClass('was-validated'); + form.addClass("was-validated"); }); \ No newline at end of file From 26a662c399230acfcb5d1b46fe15780c0f7ba4da Mon Sep 17 00:00:00 2001 From: Skylar Ittner Date: Fri, 1 Mar 2019 23:37:36 -0700 Subject: [PATCH 2/3] Add `addTextInput` and `addSelect` methods that are simpler than `addInput` --- lib/FormBuilder.lib.php | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/lib/FormBuilder.lib.php b/lib/FormBuilder.lib.php index 13567cc..c9d0932 100644 --- a/lib/FormBuilder.lib.php +++ b/lib/FormBuilder.lib.php @@ -116,6 +116,41 @@ class FormBuilder { $this->items[] = $item; } + /** + * Add a text input. + * + * @param string $name Element name + * @param string $value Element value + * @param bool $required If the element is required for form submission. + * @param string $id Element ID + * @param string $label Text label to display near the input + * @param string $icon FontAwesome icon (example: "fas fa-toilet-paper") + * @param int $width Bootstrap column width for the input, out of 12. + * @param int $minlength Minimum number of characters for the input. + * @param int $maxlength Maximum number of characters for the input. + * @param string $pattern Regex pattern for custom client-side validation. + * @param string $error Message to show if the input doesn't validate. + */ + public function addTextInput(string $name, string $value = "", bool $required = true, string $id = "", string $label = "", string $icon = "", int $width = 4, int $minlength = 1, int $maxlength = 100, string $pattern = "", string $error = "") { + $this->addInput($name, $value, "text", $required, $id, null, $label, $icon, $width, $minlength, $maxlength, $pattern, $error); + } + + /** + * Add a select dropdown. + * + * @param string $name Element name + * @param string $value Element value + * @param bool $required If the element is required for form submission. + * @param string $id Element ID + * @param array $options Array of [value => text] pairs for a select element + * @param string $label Text label to display near the input + * @param string $icon FontAwesome icon (example: "fas fa-toilet-paper") + * @param int $width Bootstrap column width for the input, out of 12. + */ + public function addSelect(string $name, string $value = "", bool $required = true, string $id = null, array $options = null, string $label = "", string $icon = "", int $width = 4) { + $this->addInput($name, $value, "select", $required, $id, $options, $label, $icon, $width); + } + /** * Add a button to the form. * From c97e058786aed0be4cc2ff15bce78daf9ab24c84 Mon Sep 17 00:00:00 2001 From: Skylar Ittner Date: Fri, 1 Mar 2019 23:41:10 -0700 Subject: [PATCH 3/3] API: Check for user permission --- api/functions.php | 9 ++++++++- settings.template.php | 4 ++++ 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/api/functions.php b/api/functions.php index 1f41d85..9357a53 100644 --- a/api/functions.php +++ b/api/functions.php @@ -52,7 +52,7 @@ function getCensoredKey() { * @return bool true if the request should continue, false if the request is bad */ function authenticate(): bool { - global $VARS; + global $VARS, $SETTINGS; // HTTP basic auth if (!empty($_SERVER['PHP_AUTH_USER']) && !empty($_SERVER['PHP_AUTH_PW'])) { $username = $_SERVER['PHP_AUTH_USER']; @@ -68,6 +68,13 @@ function authenticate(): bool { return false; } if ($user->checkPassword($password, true)) { + // Check that the user has permission to access the app + $perms = is_array($SETTINGS['api_permissions']) ? $SETTINGS['api_permissions'] : $SETTINGS['permissions']; + foreach ($perms as $perm) { + if (!$user->hasPermission($perm)) { + return false; + } + } return true; } return false; diff --git a/settings.template.php b/settings.template.php index 94686c0..1ef4b35 100644 --- a/settings.template.php +++ b/settings.template.php @@ -39,6 +39,10 @@ $SETTINGS = [ // List of required user permissions to access this app. "permissions" => [ ], + // List of permissions required for API access. Remove to use the value of + // "permissions" instead. + "api_permissions" => [ + ], // For supported values, see http://php.net/manual/en/timezones.php "timezone" => "America/Denver", // Language to use for localization. See langs folder to add a language.