Permissions system

5 files changed, 117 insertions, 1 deletions

diff --git a/admin/private/header.api.php b/admin/private/header.api.php
index 132e75f..a8fdee8 100644
--- a/admin/private/header.api.php
+++ b/admin/private/header.api.php
@@ -8,4 +8,18 @@ if (!isset($_COOKIE["ADMIN_TOKEN"])) {
 } else {

     header("Location: https://jetbrains.minteck.ro.lt:1024/hub/hub/api/rest/oauth2/auth?client_id=36245ba5-ee9f-44c1-a149-ab2006fcb226&response_type=code&redirect_uri=https://minteck.ro.lt/admin/callback&scope=hub&request_credentials=default&access_type=offline");

     die();

+}

+

+$_PERMSFORAPI = true;

+require_once $_SERVER['DOCUMENT_ROOT'] . "/admin/private/permissions.php";

+

+function l($en, $fr = null) {

+    global $lang;

+

+    if ((($lang === "fr" && isset($fr)) || (isset($_GET['fr']) && isset($fr) || isset($_COOKIE['fr']))) && !isset($_GET['en']) && !isset($_COOKIE['en']) && isset($fr)) {

+        setlocale(LC_TIME, array('fr_FR.UTF-8','fr_FR@euro','fr_FR','french'));

+        return $fr;

+    } else {

+        return $en;

+    }

 }
\ No newline at end of file
diff --git a/admin/private/header.php b/admin/private/header.php
index ddbee58..454fa7d 100644
--- a/admin/private/header.php
+++ b/admin/private/header.php
@@ -10,13 +10,31 @@ if (!isset($_COOKIE["ADMIN_TOKEN"])) {
     die();

 }

 

+$_PERMSFORAPI = false;

+require_once $_SERVER['DOCUMENT_ROOT'] . "/admin/private/permissions.php";

+

+if (!function_exists("l")) {

+    function l($en, $fr = null) {

+        global $lang;

+

+        if ((($lang === "fr" && isset($fr)) || (isset($_GET['fr']) && isset($fr) || isset($_COOKIE['fr']))) && !isset($_GET['en']) && !isset($_COOKIE['en']) && isset($fr)) {

+            setlocale(LC_TIME, array('fr_FR.UTF-8','fr_FR@euro','fr_FR','french'));

+            return $fr;

+        } else {

+            return $en;

+        }

+    }

+}

+

+ob_start();

+

 ?>

 

 <!DOCTYPE html>

 <html lang="en" style="height:100%;">

 <head>

     <meta charset="UTF-8">

-    <title>Minteck Admin</title>

+    <title>Minteck Cloud Admin Console</title>

     <meta name="viewport" content="width=device-width, initial-scale=1">

     <link rel="icon" href="/logo.svg">

     <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/4.5.2/css/bootstrap.min.css">

diff --git a/admin/private/header.sso.php b/admin/private/header.sso.php
new file mode 100644
index 0000000..5911f62
--- /dev/null
+++ b/admin/private/header.sso.php
@@ -0,0 +1,25 @@
+<?php

+

+if (!isset($_COOKIE["ADMIN_TOKEN"])) {

+    header("Location: https://jetbrains.minteck.ro.lt:1024/hub/hub/api/rest/oauth2/auth?client_id=36245ba5-ee9f-44c1-a149-ab2006fcb226&response_type=code&redirect_uri=https://minteck.ro.lt/admin/callback&scope=hub&request_credentials=default&access_type=offline");

+    die();

+} else if (ctype_xdigit($_COOKIE["ADMIN_TOKEN"]) && file_exists($_SERVER['DOCUMENT_ROOT'] . "/admin/private/tokens/" . $_COOKIE['ADMIN_TOKEN'])) {

+    $_DATA = json_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/admin/private/tokens/" . $_COOKIE['ADMIN_TOKEN']), true);

+} else {

+    header("Location: https://jetbrains.minteck.ro.lt:1024/hub/hub/api/rest/oauth2/auth?client_id=36245ba5-ee9f-44c1-a149-ab2006fcb226&response_type=code&redirect_uri=https://minteck.ro.lt/admin/callback&scope=hub&request_credentials=default&access_type=offline");

+    die();

+}

+

+$_PERMSFORSSO = true;

+require_once $_SERVER['DOCUMENT_ROOT'] . "/admin/private/permissions.php";

+

+function l($en, $fr = null) {

+    global $lang;

+

+    if ((($lang === "fr" && isset($fr)) || (isset($_GET['fr']) && isset($fr) || isset($_COOKIE['fr']))) && !isset($_GET['en']) && !isset($_COOKIE['en']) && isset($fr)) {

+        setlocale(LC_TIME, array('fr_FR.UTF-8','fr_FR@euro','fr_FR','french'));

+        return $fr;

+    } else {

+        return $en;

+    }

+}
\ No newline at end of file
diff --git a/admin/private/permissions.json b/admin/private/permissions.json
new file mode 100644
index 0000000..32be506
--- /dev/null
+++ b/admin/private/permissions.json
@@ -0,0 +1,22 @@
+{
+    "74bca7d2-4694-477c-8bc1-9003315abbee": [
+        "login",
+        "home",
+        "serverTemp",
+        "index",
+        "audit",
+        "getIpLocation",
+        "uptime",
+        "serverTime",
+        "serverLogSummary",
+        "version",
+        "getUbuntuUpgrades",
+        "getUpdates",
+        "refreshUpdates",
+        "unchained",
+        "telemetry",
+        "quotas",
+        "getQuota",
+        "neutroning"
+    ]
+}
\ No newline at end of file
diff --git a/admin/private/permissions.php b/admin/private/permissions.php
new file mode 100644
index 0000000..6ad7057
--- /dev/null
+++ b/admin/private/permissions.php
@@ -0,0 +1,37 @@
+<?php
+
+$perms = json_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/admin/private/permissions.json"), true);
+
+if (isset($_OVERRIDEPERMISSION)) {
+    $requested = $_OVERRIDEPERMISSION;
+} else {
+    $requested = substr(explode("/", $_SERVER["PHP_SELF"])[count(explode("/", $_SERVER["PHP_SELF"])) - 1], 0, -4);
+}
+
+$permsOkay = false;
+foreach ($perms as $user => $uperms) {
+    if ($user === $_DATA['id']) {
+        if (in_array($requested, $uperms)) {
+            $permsOkay = true;
+        }
+    }
+}
+
+if (!$permsOkay && $requested !== "denied") {
+    if (isset($_PERMSFORAPI) && $_PERMSFORAPI) {
+        $_GET['_'] = "api." . $requested;
+        ob_end_clean();
+        require_once $_SERVER['DOCUMENT_ROOT'] . "/admin/panes/denied.php";
+        die();
+    } else if (isset($_PERMSFORSSO) && $_PERMSFORSSO) {
+        $_GET['_'] = "sso." . $requested;
+        ob_end_clean();
+        require_once $_SERVER['DOCUMENT_ROOT'] . "/admin/panes/denied.php";
+        die();
+    } else {
+        $_GET['_'] = "dom." . $requested;
+        ob_end_clean();
+        require_once $_SERVER['DOCUMENT_ROOT'] . "/admin/panes/denied.php";
+        die();
+    }
+}
\ No newline at end of file