Another field permissions option to hide/lock fields by user group and individual user

Got something cool to share with AppGini users? Feel free to post it here!
Post Reply
User avatar
landinialejandro
AppGini Super Hero
AppGini Super Hero
Posts: 126
Joined: 2016-03-06 00:59
Location: Argentina
Contact:

Another field permissions option to hide/lock fields by user group and individual user

Post by landinialejandro » 2022-03-09 02:03

Hello again.
I want to leave you this time with some classes that will allow you to configure permissions by field in the details view.
It can be configured by User Group and by individual user.
If a group is blocked and the user is within the group, the user's permission does not matter since it is blocked by the group.

The class has two parts:

The first class is used to configure the DV on the client side, the field that cannot be edited is blocked and can also be hidden, the function returns an html code and goes inside the tablename_dv function inside the tablename.php in the hooks folder .

The other class is to check on the server side if the user somehow forces the sending of information. This function returns true or false and is placed in the tablename_before_update and tablename_before_insert functions inside tablename.php in the hooks folder.

The code is very simple to implement, it would be enough to copy and paste the same code within the indicated functions and that's it.

The configuration is also quite simple, you just have to fill in an array. The array is inside the same class and can be configured there, or with a bit of knowledge it can be placed in a part file and uploaded when needed.

Please always remember to make backup copies and do rigorous tests before uploading any code to production.
This is made with love for you. If you want, you can invite me for a coffee, it wouldn't hurt me.

script.php

Code: Select all

<?php
//Field Permissions hide / lock fields by usergroup and user
class FieldsPermissions
{
    public static $permissions = [
        "products" => [
            "name" => [
                "groups_disabled" => ["users"],
                "users_disabled" => ["Ale"],
                "hidden" => true
            ],
            "due" => [
                "groups_disabled" => ["Admins"],
                "hidden" => true
            ],
        ],
        "contacto" => [
            "name" => [
                "groups_disabled" => ["Admins", "users"],
            ],
            "user" => [
                "groups_disabled" => ["users", "Admins"],
                "hidden" => false
            ]
        ],
        "todos"=>[
            "tarea" => [
                "groups_disabled" => ["users"],
                "users_disabled" => ["admin"],
                "hidden" => false
            ],
            "product"=>[
                "groups_disabled" => ["users"],
                "users_disabled" => ["admin"]
            ]
        ]
    ];

    // format
    // static $permissions = [
    //     "tablename" => [
    //         "fieldname" => [
    //             "groups_disabled" => ["usergroup",...],
    //             "users_disabled" => ["usernamer",...]
    //         ],
    //         "other fieldname" => [
    //             "groups_disabled" => ["usergroup",...],
    //             "hidden" => true
    //         ]
    //     ]
    // ];

    //this function returns a js code to block the client side fields
    //used in tablename_dv function
    public static function dv_field_permissions($tn = false, $memberInfo)
    {
        if (is_null(self::$permissions[$tn])) return true;
        $fields_table = get_table_fields($tn); //AppGini internal function
        foreach ($fields_table as $fn => $val) {
            if (array_key_exists($fn,  self::$permissions[$tn])) {
                if (self::check_permissions(self::$permissions[$tn][$fn], $memberInfo)) {
                    $bloqued[] = "#{$fn}";
                    self::$permissions[$tn][$fn]['hidden'] && $hidden[] = ".form-group.{$tn}-{$fn}";
                    $select2[]="#s2id_{$fn}-container";
                }
            }
        }
        ob_start();
        ?>
        <script>
            $j(function() {
                $j('<?php echo implode(", ", $bloqued); ?>').attr('readonly', 'true');
                $j('<?php echo implode(", ", $hidden); ?>').hide();
                setTimeout(() => { $j('<?php echo implode(", ", $select2); ?>').select2("enable", false)}, 1100);

            })
        </script>
        <?php
        return ob_get_clean();
    }
    //this function checks that the user does not try to force the value of the field. 
    //used in tablename_before_update function and tablename_before_insert 
    public static function update_fields_permission($tn = false, $memberInfo, $data)
    {
        if (is_null(self::$permissions[$tn])) return true;
        $notChanges = true;
        $fields_table = get_table_fields($tn); //AppGini internal function
        //iterate through the fields of the table
        foreach ($fields_table as $fn => $val) {
            //check if one of the fields is in the configuration array
            if (array_key_exists($fn,  self::$permissions[$tn])) {
                //search in blocked groups/users 
                if (self::check_permissions(self::$permissions[$tn][$fn], $memberInfo)) {
                    $where = self::where_construct($tn, $data['selectedID']); // generate the where id depending on the ID field
                    // get the database current value
                    $current_val = sqlValue("SELECT {$fn} FROM {$tn} WHERE  {$where} "); //AppGini internal function
                    // compare the current value with the found field if they are different terminate and cancel UPDATE/INSERT
                    $notChanges = $current_val == $data[$fn];
                    if (!$notChanges) break;
                }
            }
        }
        return  $notChanges;
    }

    private function check_permissions($data, $memberInfo)
    {
        return in_array($memberInfo["group"], $data['groups_disabled']) || in_array($memberInfo["username"], $data['users_disabled']);
    }

    private function where_construct($tn, $id)
    {
        $key = getPKFieldName($tn); //AppGini internal function
        return $key ? "`{$key}`='{$id}'" : $key;
    }
}

example in hooks\tablename.php

Code: Select all

function tablename_before_update(&$data, $memberInfo, &$args)
{

	include_once('field_permission/script.php');
	$notChanges = FieldsPermissions::update_fields_permission(pathinfo(__FILE__, PATHINFO_FILENAME), $memberInfo, $data);
	return  $notChanges;
	//return  TRUE;
}

Code: Select all

function tablename_dv($selectedID, $memberInfo, &$html, &$args)
{
	include_once('field_permission/script.php');
	$html .= FieldsPermissions::dv_field_permissions(pathinfo(__FILE__, PATHINFO_FILENAME), $memberInfo, $selectedID);
}
Saludos Alejandro.
Alejandro.
AppGini 5.98 - Linux OpenSuse Tumblewweed.

Some of my posts that may interest you:
:arrow: Landini Admin Template: Template for Appgini like AdminLTE
:arrow: Profile image plugin: add and changue image user profile
:arrow: Field editor in table view: Configurable fast edit fields in TV
:idea: my personal page

Alisson
Veteran Member
Posts: 81
Joined: 2017-02-25 20:32

Re: Another field permissions option to hide/lock fields by user group and individual user

Post by Alisson » 2022-04-02 23:35

Great job Alejandro, I tried it and it worked! Amazing.
Thanks for sharing.

User avatar
landinialejandro
AppGini Super Hero
AppGini Super Hero
Posts: 126
Joined: 2016-03-06 00:59
Location: Argentina
Contact:

Re: Another field permissions option to hide/lock fields by user group and individual user

Post by landinialejandro » 2022-04-05 12:48

thanks to you. :D
Alejandro.
AppGini 5.98 - Linux OpenSuse Tumblewweed.

Some of my posts that may interest you:
:arrow: Landini Admin Template: Template for Appgini like AdminLTE
:arrow: Profile image plugin: add and changue image user profile
:arrow: Field editor in table view: Configurable fast edit fields in TV
:idea: my personal page

Post Reply