Commit 4fcf4e05 authored by Gerd Schachtschneider's avatar Gerd Schachtschneider
Browse files

change autorisation table

parent ff65cbb9
......@@ -31,7 +31,6 @@
<ul id="table_selection_tabs">
<li class="nav tab_02"><a href="/bio_inv" title="Tabelle Geraete, Anlagen, Material"> Inventar </a></li>
<li class="nav tab_02"><a href="/bio_chem" title="Tabelle Chemiestoffe"> Chemiestoffe </a></li>
<li class="nav tab_02"><a href="/bio_eln" title="Elektronisches Laborbuch"> Laborbuch </a></li>
</ul>
<div id="contentActionsWrapper" class="dataface-view-section rel_02" style="padding: 4px;">
<h3> BIO </h3></div>
......
......@@ -23,7 +23,7 @@ class tables_list_reiter {
$auth =& Dataface_AuthenticationTool::getInstance();
$user =& $auth->getLoggedInUser();
if ( !isset($user) ) return Dataface_PermissionsTool::NO_ACCESS();
$role = $user->val('role'); // get Role from mpi_users
$role = $user->val('role'); // get Role from sys_user
if ( $role == 'MANAGER' or $role == 'ADMIN') return;
return Dataface_PermissionsTool::getRolePermissions('READ ONLY');
}
......
......@@ -16,7 +16,7 @@ INSERT INTO `list_reiter` (`autoID`, `reiter`, `kategorie`, `favorit`, `history`
(000002, 'tab_tabelle2', 'Haupttabelle', 1, 1, 'Haupttabelle 2'),
(000003, 'list_katReiter', 'Liste', 0, 0, 'Zugehoerigkeit DB-Tabellen'),
(000004, 'list_reiter', 'Liste', 0, 0, 'Sammelcontainer fuer Tabbutton "mehr .."'),
(000005, 'mpi_users', 'Autorisierung', 1, 0, 'Autorisierung und Berechtigung Benutzer'),
(000005, 'sys_user', 'Autorisierung', 1, 0, 'Autorisierung und Berechtigung Benutzer'),
(000006, 'view_user', 'View', 0, 0, 'Auswahl Benutzer aus DB user'),
(000007, 'view_favorit', 'Programmierung', 0, 0, 'Für den schnelleren Zugriff unter dem Menüpunkt ''Favorit'),
(000008, 'view_reiter', 'Programmierung', 0, 0, 'Hole alle Tabellen von Datenbank von mysql');
......
......@@ -7,7 +7,7 @@ class tables_list_role {
$auth =& Dataface_AuthenticationTool::getInstance();
$user =& $auth->getLoggedInUser();
if ( !isset($user) ) return Dataface_PermissionsTool::NO_ACCESS();
$role = $user->val('role'); // get Role from mpi_users
$role = $user->val('role'); // get Role from sys_user
if ( $role == 'MANAGER' or $role == 'ADMIN') return;
return Dataface_PermissionsTool::getRolePermissions('READ ONLY');
}
......
......@@ -18,14 +18,15 @@ vocabulary = user
;validators:lettersonly:message = "Username: Only letter here allowed"
widget:label = "Login"
column:legend = "User [Ext.]"
widget:description = "Daten von User-DB (view_user oder fields.ini ggf. anpassen)"
widget:description = "Daten von User-DB (view_user). Ggfs. in sys_user/fields.ini anpassen."
order = 20
;[password]
;encryption = "sha1"
;widget:description = "Is empty, the last saved password will not be overwritten"
;validators:regex = "/^.{8,31}$/"
;validators:regex:message = "Password: Must be between 8 and 31 characters long"
;nur fuer lokale Anmeldung wichtig
[password]
encryption = "sha1"
widget:description = "Is empty, the last saved password will not be overwritten"
validators:regex = "/^.{8,31}$/"
validators:regex:message = "Password: Must be between 8 and 31 characters long"
order = 30
[email]
......
......@@ -4,9 +4,8 @@
# schachi 2018-07-30
#
# Requirements:
# - old exists and new not yet
# - cursor stand on database root (where conf.ini exists)
# - old mpi_users exists and new sys_user not yet
# - parameter path show root of database (where conf.ini exists)
help="Execute:\t'$0 <path-to-db>' OR direct in root folder of database"
......@@ -25,6 +24,9 @@
conf="conf.ini"
auth="sys_user"
role="list_role"
colo="custom.css"
view="view_user"
if [[ ! -w $conf ]]; then
echo -e "ERROR:\t'$conf' not found or not writable. Not a root folder of database."
......@@ -39,35 +41,74 @@
if [[ -z $ok ]]; then ok="n"; fi
if [[ $ok != "y" ]]; then exit 0; fi
# step conf.ini
echo -e " STEP[1]:\tChange parameter in section [_auth] in '$conf'"
echo -e "\tBEFORE:\t$(egrep '^users_table' $conf) ; $(egrep '^username_column' $conf)"
# step - check if view_user used as vocabulary
echo -e " STEP[1]:\tCheck if old view '$view' used in program codes"
if [[ $(grep -rv '^;' tables | grep view_user | grep localID) ]]; then
echo -e "\tBEFORE:"
echo "$(grep -rv '^;' tables | grep -B1 view_user | grep -B1 localID)"
echo -e "\tWARNING:\tOld view '$view' use in program code. Please fix manuell as first like this 'SELECT login, sort FROM view_user'"
echo -en " Ignore ? (y/[n]) : "
read ok
if [[ -z $ok ]]; then ok="n"; fi
if [[ $ok != "y" ]]; then exit 0; fi
else
echo -e "\tINFO:\t\told view '$view' not use in program code"
fi
# step - conf.ini
echo -e " STEP[2]:\tChange parameter in section [_auth] in '$conf'"
echo -e "\tBEFORE1:\t$(egrep '^users_table' $conf)"
echo -e "\tBEFORE2:\t$(egrep '^username_column' $conf)"
sed -i 's/^users_table = "mpi_users"/users_table = "sys_user"/' $conf
sed -i 's/^username_column = "username"/username_column = "login"/' $conf
echo -e "\tAFTER:\t$(egrep '^users_table' $conf) ; $(egrep '^username_column' $conf)"
echo -e "\tAFTER1:\t\t$(egrep '^users_table' $conf)"
echo -e "\tAFTER2:\t\t$(egrep '^username_column' $conf)"
# step link sys_user
echo -e " STEP[2]:\tChange link in tables for auth"
# step - link sys_user
echo -e " STEP[3]:\tChange link in tables for auth"
if [[ ! -L tables/mpi_users ]]; then
echo -e "\tWARNING:\tOld auth link no more exists"
else
echo -e " BEFORE[$step]:"
ls -l tables/mpi_users
rm tables/mpi_users
echo -e "\t$(ls -l tables/mpi_users)"
echo -e "\t$(rm -v tables/mpi_users)"
fi
if [[ -L tables/sys_user ]]; then
echo -e "\tWARNING:\tNew auth link already exists"
else
echo -e "\tAFTER:"
ln -s ../../master/tables/$auth tables/
ls -l tables/$auth
echo -e "\t$(ln -s ../../master/tables/$auth tables/)"
echo -e "\t$(ls -l tables/$auth)"
fi
# step - link list_role
echo -e " STEP[4]:\tCreate link for $role in tables for roles"
if [[ -L tables/$role ]]; then
echo -e "\tWARNING:\tNew role link already exists"
else
echo -e "\t$(ln -s ../../master/tables/$role tables/)"
echo -e "\t$(ls -l tables/$role)"
fi
# step create table sys_user and copy old entries
echo -e " STEP[3]:\tExcecute '$auth.sql' in database 'mpidb_$db'"
# step - set color viol
echo -e " STEP[5]:\tSet color viol for used roles in $colo"
if [[ ! -w $colo ]]; then
echo -e "WARNING:\t'$colo' not found or not writable"
else
if [[ ! $(grep 'viol' $colo | grep '#ccf') ]]; then
echo "tr.listing.odd.viol td.row-actions-cell," >> $colo
echo "tr.listing.even.viol td.row-actions-cell { background-color: #ccf; }" >> $colo
echo -e "\tAFTER1:\t\t$(grep 'tr.listing.odd.viol' $colo)"
echo -e "\tAFTER2:\t\t$(grep 'tr.listing.even.viol' $colo)"
else
echo -e "\tINFO:\t\tColor is already set"
fi
fi
# step - create table sys_user and copy old entries
echo -e " STEP[6]:\tExcecute '$auth.sql' in database 'mpidb_$db'"
if [[ ! -r tables/$auth/$auth.sql ]]; then
echo -e "ERROR:\t'tables/$auth/$auth.sql' not found or not readable."
else
mysql -p -u root mpidb_$db < tables/$auth/$auth.sql
if [[ $? -eq 0 ]]; then
......
......@@ -10,10 +10,10 @@ BEGIN
BEGIN
ROLLBACK;
END;
DECLARE exit handler for sqlwarning
BEGIN
ROLLBACK;
END;
-- DECLARE exit handler for sqlwarning
-- BEGIN
-- ROLLBACK;
-- END;
START TRANSACTION;
-- create table list_role
......@@ -60,13 +60,6 @@ BEGIN
-- Constraint
ALTER TABLE `sys_user` ADD CONSTRAINT `sysUser_listRole` FOREIGN KEY IF NOT EXISTS (`role`) REFERENCES `list_role` (`role`);
-- copy inserts from old mpi_users
INSERT INTO sys_user (login, role, email, bearbeiter, zeitstempel) SELECT username, role, email, 'import', zeitstempel FROM mpi_users;
-- new insert (for new db's)
-- INSERT INTO `sys_user` (`logID`, `login`, `role`, `email`) VALUES
-- (000001, 'obiwan', 'MANAGER', 'initial', 'obiwan@mpi-magdeburg.mpg.de'),
-- (000002, 'pengo', 'ADMIN', 'initial', 'pengo@mpi-magdeburg.mpg.de');
-- set permissions for user 'it_user' for read and write roles
GRANT SELECT, INSERT, UPDATE, DELETE ON `sys_user` TO 'it_user'@'localhost';
GRANT SELECT ON `list_role` TO 'it_user'@'localhost';
......@@ -79,16 +72,48 @@ BEGIN
ORDER BY sort
;
-- create if not exist list_reiter
CREATE TABLE IF NOT EXISTS `list_reiter` (
`autoID` smallint(6) unsigned zerofill NOT NULL AUTO_INCREMENT,
`reiter` varchar(30) COLLATE utf8_unicode_ci NOT NULL,
`kategorie` varchar(30) COLLATE utf8_unicode_ci NOT NULL,
`favorit` tinyint(1) NOT NULL DEFAULT '0',
`history` tinyint(1) NOT NULL DEFAULT '0',
`bedeutung` varchar(100) COLLATE utf8_unicode_ci DEFAULT NULL,
PRIMARY KEY (`autoID`),
UNIQUE KEY `reiter` (`reiter`),
KEY `kategorie` (`kategorie`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci COMMENT='Reiterlinks fuer Xataface' AUTO_INCREMENT=9 ;
-- create if not exist list_katReiter
CREATE TABLE IF NOT EXISTS `list_katReiter` (
`autoID` smallint(6) unsigned NOT NULL AUTO_INCREMENT,
`kategorie` varchar(30) COLLATE utf8_unicode_ci NOT NULL,
PRIMARY KEY (`autoID`),
UNIQUE KEY `kategorie` (`kategorie`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci AUTO_INCREMENT=10 ;
-- add entries in list_katReiter
UPDATE list_katReiter SET kategorie = 'Autorisierung' WHERE kategorie = 'Authorisierung';
INSERT IGNORE INTO `list_katReiter` (`kategorie`) VALUES ('Autorisierung');
-- add entries in list_reiter
INSERT IGNORE INTO `list_reiter` (`reiter`, `kategorie`, `favorit`, `history`, `bedeutung`) VALUES
('sys_user', 'Authorisierung', 1, 1, 'Authorisierung und Berechtigung Benutzer'),
('list_role', 'Authorisierung', 1, 0, 'Liste aller Berechtigungen (Rollen)');
('sys_user', 'Autorisierung', 1, 1, 'Autorisierung und Berechtigung Benutzer'),
('list_role', 'Autorisierung', 1, 0, 'Liste aller Berechtigungen (Rollen)');
UPDATE `list_reiter` SET `bedeutung` = 'Auswahlliste fuer aktive und nicht abgelaufene Benutzer' WHERE `reiter` = 'view_user';
-- copy inserts from old mpi_users
INSERT IGNORE INTO sys_user (login, role, email, bearbeiter, zeitstempel) SELECT username, role, email, 'import', zeitstempel FROM mpi_users;
-- new insert (for new db's)
-- INSERT INTO `sys_user` (`logID`, `login`, `role`, `email`) VALUES
-- (000001, 'obiwan', 'MANAGER', 'initial', 'obiwan@mpi-magdeburg.mpg.de'),
-- (000002, 'pengo', 'ADMIN', 'initial', 'pengo@mpi-magdeburg.mpg.de');
-- del old table mpi_users (if all done and work)
SELECT count(*) INTO cnt FROM sys_user;
IF cnt > 0 THEN
DROP TABLE IF EXISTS `mpi_users`;
DROP TABLE IF EXISTS `mpi_users__history`;
DELETE FROM `list_reiter` WHERE `reiter` = 'mpi_users';
END IF;
......
......@@ -12,104 +12,24 @@ CREATE OR REPLACE VIEW view_user AS
sort
;
-- mpi-dcts own version aus user-db
-- mpg-version ohne externe DB (licman,inv,gfk,chem,user) - Auslieferzustand
-- ggf. benoetigte User fuer Auswahl hier eintragen oder in mpi_user\fields.ini Feld widget:type mit ';' deaktvieren
CREATE OR REPLACE VIEW view_user AS
SELECT
localID, last_name, first_name
FROM
mpidb_user.mpi_user
WHERE
active = 1
ORDER BY
localID
SELECT
'000001' AS userID, 'mpg_local' AS login, 'MPG, version (mpg_local)' AS sort
;
-- mpg-version aus user-db
CREATE OR REPLACE VIEW view_user AS
SELECT
localID, last_name, first_name
employee_id AS userID,
localID AS login,
CONCAT(last_name, ', ', first_name, ' (', IFNULL(localID,'--'), ')') AS sort
FROM
mpidb_mpg_user.mpi_user
WHERE
active = 1
ORDER BY
localID
;
-- mpg-version ohne externe DB (licman) - Auslieferzustand
-- ggf. benoetigte User fuer Auswahl hier eintragen oder in mpi_user\fields.ini Feld widget:type mit ';' deaktvieren
CREATE OR REPLACE VIEW mpidb_mpg_licman.view_user AS
SELECT
'local' AS localID, 'version' AS last_name, 'mpg' AS first_name
ORDER BY
localID
;
-- mpg-version mit externe DB (licman)
CREATE OR REPLACE VIEW mpidb_mpg_licman.view_user AS
SELECT
localID, last_name, first_name
FROM
mpidb_mpg_user.mpi_user
WHERE
active = 1
ORDER BY
localID
;
-- mpg-version ohne externe DB (inv) - Auslieferzustand
-- ggf. benoetigte User fuer Auswahl hier eintragen oder in mpi_user\fields.ini Feld widget:type mit ';' deaktvieren
CREATE OR REPLACE VIEW mpidb_mpg_inv.view_user AS
SELECT
'local' AS localID, 'version' AS last_name, 'mpg' AS first_name
ORDER BY
localID
;
-- mpg-version mit externe DB (inv)
CREATE OR REPLACE VIEW mpidb_mpg_inv.view_user AS
SELECT
localID, last_name, first_name FROM mpidb_mpg_user.mpi_user
WHERE
active = 1
ORDER BY
localID
;
-- mpg-version ohne externe DB (gfk) - Auslieferzustand
-- ggf. benoetigte User fuer Auswahl hier eintragen oder in mpi_user\fields.ini Feld widget:type mit ';' deaktvieren
CREATE OR REPLACE VIEW mpidb_mpg_gfk.view_user AS
SELECT
'local' AS localID, 'version' AS last_name, 'mpg' AS first_name
ORDER BY
localID
;
-- mpg-version mit externe DB (gfk)
CREATE OR REPLACE VIEW mpidb_mpg_gfk.view_user AS
SELECT
localID, last_name, first_name FROM mpidb_mpg_user.mpi_user
WHERE
active = 1
ORDER BY
localID
;
-- mpg-version ohne externe DB (chem) - Auslieferzustand
CREATE OR REPLACE VIEW mpidb_mpg_chem.view_user AS
SELECT
'local' AS localID, 'version' AS last_name, 'mpg' AS first_name
ORDER BY
localID
;
-- mpg-version mit externe DB (chem)
CREATE OR REPLACE VIEW mpidb_mpg_chem.view_user AS
SELECT
localID, last_name, first_name FROM mpidb_mpg_user.mpi_user
WHERE
active = 1
ORDER BY
localID
login
;
......@@ -11,7 +11,7 @@ title = "Template Datenbank"
;debug = 1
default_language = de
;default_browse_action = edit
;default_table = mpi_users
;default_table =
default_limit = 25
;usage_mode = edit
disable_session_ip_check = 1
......@@ -24,8 +24,6 @@ disable_g2 = 1
;[_output_cache]
;enabled = 1
;lifeTime = 3600
; geht nicht
;ignoredTables = "mpi_users"
[_modules]
;modules_g2=modules/g2/g2.php
......@@ -65,8 +63,8 @@ view_favorit = "Favorit"
list_reiter = "mehr .."
[_auth]
users_table = "mpi_users"
username_column = "username"
users_table = "sys_user"
username_column = "login"
session_timeout = 86400
; Autorisierung ueber db
;auth_type = basic
......
......@@ -42,11 +42,12 @@ class conf_ApplicationDelegate {
if ( !@$query['-relationship'] ) {
if ( !$_POST AND !@$query['-sort'] ) {
// Sortierung aendern Common
if ( $table == 'list_reiter' ) $query['-sort'] = 'reiter';
if ( $table == 'mpi_ablage' ) $query['-sort'] = 'zeitstempel DESC';
if ( $table == 'mpi_users' ) $query['-sort'] = 'zeitstempel DESC';
if ( $query['-table'] == 'list_reiter' ) $query['-sort'] = 'reiter';
if ( $query['-table'] == 'mpi_ablage' ) $query['-sort'] = 'zeitstempel DESC';
if ( $query['-table'] == 'sys_user' ) $query['-sort'] = 'login';
if ( $query['-table'] == 'mpi_users' ) $query['-sort'] = 'zeitstempel DESC';
// Sortierung aendern individuell
if ( $table == 'tab_table' ) $query['-sort'] = 'zeitstempel DESC';
if ( $query['-table'] == 'tab_table' ) $query['-sort'] = 'zeitstempel DESC';
}
/*
} else {
......
../../master/tables/mpi_users
\ No newline at end of file
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment