Browse Source

allow Root Auth for Admins from SE

Piotr Labudda 4 years ago
parent
commit
fe2e7af3b1
4 changed files with 58 additions and 7 deletions
  1. 6 0
      auth.php
  2. 6 4
      theme/panel_biall_net.php
  3. 45 2
      tools/ChangeUser.php
  4. 1 1
      tools/ViewFV.php

+ 6 - 0
auth.php

@@ -78,6 +78,12 @@ class Theme_Auth_panel_biall_net { // TODO: implements AuthBaseInterface {
 		return $userInfo;
 	}
 
+	static function getUserID() { // User::getID() => Theme_Auth_panel_biall_net::getUserID()
+		if (User::isAdmin() && !empty($_SESSION['PANEL_BN_USER_SELECTED']) && !empty($_SESSION['PANEL_BN_USERS'])) {
+			return $_SESSION['PANEL_BN_USER_SELECTED'];
+		} else return User::getID();
+	}
+
 	// after auth set additional session variables
 	static function authorizedTrigger($login, $pass = '') {
 		$fetchAllUsers = self::fetchActiveUsers($login);

+ 6 - 4
theme/panel_biall_net.php

@@ -2,6 +2,8 @@
 
 Lib::loadClass('Router');
 
+require_once dirname(__FILE__) . '/../auth.php'; // Theme_Auth_panel_biall_net
+
 class Theme_panel_biall_net extends ThemeDefault {
 
 	// function head() { // echo 'html tag inside <head>'
@@ -77,7 +79,7 @@ class Theme_panel_biall_net extends ThemeDefault {
 
 		Lib::loadClass('Windykacja_StatsModel');
 		Lib::loadClass('Windykacja_FunkcjeL1');
-		$billDocs = Windykacja_StatsModel::getBillDocsByDate(User::getID());
+		$billDocs = Windykacja_StatsModel::getBillDocsByDate(Theme_Auth_panel_biall_net::getUserID());
 		$billDocs->sort_docs();
 		$billDocs->set_saldo_for_all_docs();
 		$billDocs->set_paid_status_for_all(); // Windykacja_BillingDoc._paid_status: 1 (Opłacona) | 0 (Nieopłacona)
@@ -113,12 +115,12 @@ class Theme_panel_biall_net extends ThemeDefault {
 		// DBG::nicePrint($billDocs, '$billDocs');
 		// DBG::nicePrint($listBillDocs, '$listBillDocs');
 		// DBG::nicePrint($fvList, '$fvList');
-		$company = Windykacja_StatsModel::getOwnerCompany(User::getID());
+		$company = Windykacja_StatsModel::getOwnerCompany(Theme_Auth_panel_biall_net::getUserID());
 		$saldo = $billDocs->get_saldo();
-		$nr_konta = Windykacja_FunkcjeL1::bankowy_make_nrach($company['NR_RACH_MASS_PAY'], User::getID(), 0);
+		$nr_konta = Windykacja_FunkcjeL1::bankowy_make_nrach($company['NR_RACH_MASS_PAY'], Theme_Auth_panel_biall_net::getUserID(), 0);
 
 		if (!empty($_SESSION['PANEL_BN_USERS'])) {
-			$idUser = User::getID();
+			$idUser = Theme_Auth_panel_biall_net::getUserID();
 			// echo UI::h('pre', [], var_export($_SESSION['PANEL_BN_USERS'], true));
 			echo UI::h('form', [ 'method' => "POST" ], [
 				UI::h('div', [ 'class' => "row" ], [

+ 45 - 2
tools/ChangeUser.php

@@ -12,6 +12,9 @@ require_once dirname(__FILE__) . '/../auth.php'; // Theme_Auth_panel_biall_net
 class RouteTool_ChangeUser extends RouteToolBase {
 
 	function handleAuth() {
+		$idAdmin = V::get('id_admin', '', $_GET);
+		if ($idAdmin && User::isAdmin()) return $this->handleRootAuth($idAdmin);
+
 		$id = V::get('id', '', $_POST);
 		$authIds = (!empty($_SESSION['PANEL_BN_USERS'])) ? array_map(V::makePick('ID'), $_SESSION['PANEL_BN_USERS']) : [];
 		// trigger_error(date("Y-m-d H:i:s") . "\t" . "panel_bn/RouteTool_ChangeUser to({$id}) ids:[".implode(",", $authIds)."]", E_USER_NOTICE);
@@ -33,8 +36,48 @@ class RouteTool_ChangeUser extends RouteToolBase {
 			// trigger_error(date("Y-m-d H:i:s") . "\t" . "panel_bn/RouteTool_ChangeUser ses: { ID: {$_SESSION['ID']}, ADM_NAME: {$_SESSION['ADM_NAME']} }", E_USER_NOTICE);
 		}
 
-		Response::sendRedirect( "index.php" );
-		exit;
+		return Response::sendRedirect( "index.php" );
+	}
+
+	function handleRootAuth($idAdmin) {
+		if (!User::isAdmin()) {
+			return Response::sendRedirect( "index.php" );
+		}
+		// trigger_error(date("Y-m-d H:i:s") . "\t" . "panel_bn/RouteTool_ChangeUser root: { ID: {$_SESSION['ID']}, ADM_NAME: {$_SESSION['ADM_NAME']} }", E_USER_NOTICE);
+		$_SESSION['PANEL_BN_USERS'] = [];
+		$_SESSION['PANEL_BN_USERS'][] = [
+			'ID' => User::getID(),
+			'LOGIN' => User::getLogin(),
+			'P_NAME' => User::getName(),
+			'P_NAME_SECOND' => '',
+			'BILLING_OWNER' => '3', // BN
+		];
+		$userInfo = DB::getPDO()->fetchFirst("
+			select
+				c.ID as `ID`
+				, c.user_mail_contact as `LOGIN`
+				, c.P_NAME as `P_NAME`
+				, c.P_NAME_SECOND as `P_NAME_SECOND`
+				, c.BILLING_OWNER as `BILLING_OWNER`
+			from COMPANIES as c
+			where c.ID = :id
+		", [
+			':id' => $idAdmin,
+		]);
+		$_SESSION['PANEL_BN_USERS'][] = $userInfo;
+
+		// trigger_error(date("Y-m-d H:i:s") . "\t" . "panel_bn/RouteTool_ChangeUser root ses bn users: " . json_encode($_SESSION['PANEL_BN_USERS']), E_USER_NOTICE);
+		$_SESSION['PANEL_BN_USER_SELECTED'] = $idAdmin;
+
+		// $_SESSION['ADM_ID'] = $userInfo['ID'];
+		// // 'ADM_ACCOUNT' => $userInfo['LOGIN'], // AUTHORIZE_USER, ADM_ACCOUNT
+		// $_SESSION['ADM_NAME'] = implode(" ", [ $userInfo['P_NAME'], $userInfo['P_NAME_SECOND'] ]); // ADM_NAME
+		// $_SESSION['ADM_COMPANY'] = $userInfo['BILLING_OWNER']; // ADM_COMPANY
+		session_write_close();
+		// trigger_error(date("Y-m-d H:i:s") . "\t" . "panel_bn/RouteTool_ChangeUser root/ses: { ID: {$_SESSION['ID']}, ADM_NAME: {$_SESSION['ADM_NAME']} }", E_USER_NOTICE);
+		sleep(1);
+
+		return Response::sendRedirect( "index.php" );
 	}
 
 	function defaultAction() {

+ 1 - 1
tools/ViewFV.php

@@ -14,7 +14,7 @@ class RouteTool_ViewFV extends RouteToolBase {
 		try {
 			$nr = V::get('nr', 0, $_GET, 'int'); // ID_BILLING_NUMBERS
 			if (empty($nr)) throw new Exception("Brak nr faktury");
-			$idUser = User::getID();
+			$idUser = Theme_Auth_panel_biall_net::getUserID();
 			$body = DB::getPDO(931)->fetchValue("
 				select BODY_HTML
 				from HIST_CONTACTS