From e820ffec6b1205a7b9275de7c8b62fe863065fc0 Mon Sep 17 00:00:00 2001
From: Marcus Hill <bcf8c9f2@opayq.com>
Date: Sun, 26 May 2024 18:37:37 +0100
Subject: [PATCH] User roles

Move the default user roles into the database to make way for custom roles & permissions
---
 admin_user_add_modal.php  | 12 +++++++++---
 admin_user_edit_modal.php | 23 ++++++++++-------------
 admin_users.php           | 11 +++--------
 database_updates.php      | 19 +++++++++++++++----
 database_version.php      |  2 +-
 db.sql                    | 17 +++++++++++++++++
 setup.php                 |  5 +++++
 7 files changed, 60 insertions(+), 29 deletions(-)

diff --git a/admin_user_add_modal.php b/admin_user_add_modal.php
index be5cf3a2..fe41a21f 100644
--- a/admin_user_add_modal.php
+++ b/admin_user_add_modal.php
@@ -55,9 +55,15 @@
                             </div>
                             <select class="form-control select2" name="role" required>
                                 <option value="">- Role -</option>
-                                <option value="3">Administrator</option>
-                                <option value="2">Technician</option>
-                                <option value="1">Accountant</option>
+                                <?php
+                                    $sql_user_roles = mysqli_query($mysqli, "SELECT * FROM user_roles WHERE user_role_archived_at IS NULL");
+                                    while ($row = mysqli_fetch_array($sql_user_roles)) {
+                                        $user_role_id = intval($row['user_role_id']);
+                                        $user_role_name = nullable_htmlentities($row['user_role_name']);
+
+                                    ?>
+                                    <option value="<?php echo $user_role_id; ?>"><?php echo $user_role_name; ?></option>
+                                <?php } ?>
                             </select>
                         </div>
                     </div>
diff --git a/admin_user_edit_modal.php b/admin_user_edit_modal.php
index 90ef2372..188d4974 100644
--- a/admin_user_edit_modal.php
+++ b/admin_user_edit_modal.php
@@ -67,19 +67,16 @@
                                 <span class="input-group-text"><i class="fa fa-fw fa-user-shield"></i></span>
                             </div>
                             <select class="form-control select2" name="role" required>
-                                <option value="">- Role -</option>
-                                <option <?php if ($user_role == 3) {
-                                    echo "selected";
-                                } ?> value="3">Administrator
-                                </option>
-                                <option <?php if ($user_role == 2) {
-                                    echo "selected";
-                                } ?> value="2">Technician
-                                </option>
-                                <option <?php if ($user_role == 1) {
-                                    echo "selected";
-                                } ?> value="1">Accountant
-                                </option>
+                                <?php
+                                $sql_user_roles = mysqli_query($mysqli, "SELECT * FROM user_roles WHERE user_role_archived_at IS NULL");
+                                while ($row = mysqli_fetch_array($sql_user_roles)) {
+                                    $user_role_id = intval($row['user_role_id']);
+                                    $user_role_name = nullable_htmlentities($row['user_role_name']);
+
+                                    ?>
+                                    <option <?php if ($user_role == $user_role_id) {echo "selected";} ?> value="<?php echo $user_role_id; ?>"><?php echo $user_role_name; ?></option>
+                                <?php } ?>
+
                             </select>
                         </div>
                     </div>
diff --git a/admin_users.php b/admin_users.php
index 83464a28..78392192 100644
--- a/admin_users.php
+++ b/admin_users.php
@@ -12,8 +12,9 @@ $url_query_strings_sort = http_build_query($get_copy);
 
 $sql = mysqli_query(
     $mysqli,
-    "SELECT SQL_CALC_FOUND_ROWS * FROM users, user_settings
+    "SELECT SQL_CALC_FOUND_ROWS * FROM users, user_settings, user_roles
     WHERE users.user_id = user_settings.user_id
+    AND user_settings.user_role = user_roles.user_role_id
     AND (user_name LIKE '%$q%' OR user_email LIKE '%$q%')
     AND user_archived_at IS NULL
     ORDER BY $sort $order LIMIT $record_from, $record_to"
@@ -98,13 +99,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
                     }
                     $user_config_force_mfa = intval($row['user_config_force_mfa']);
                     $user_role = $row['user_role'];
-                    if ($user_role == 3) {
-                        $user_role_display = "Administrator";
-                    } elseif ($user_role == 2) {
-                        $user_role_display = "Technician";
-                    } else {
-                        $user_role_display = "Accountant";
-                    }
+                    $user_role_display = nullable_htmlentities($row['user_role_name']);
                     $user_initials = nullable_htmlentities(initials($user_name));
 
                     $sql_last_login = mysqli_query(
diff --git a/database_updates.php b/database_updates.php
index f9fbdbdc..d5cbcd69 100644
--- a/database_updates.php
+++ b/database_updates.php
@@ -1889,14 +1889,25 @@ if (LATEST_DATABASE_VERSION > CURRENT_DATABASE_VERSION) {
     if (CURRENT_DATABASE_VERSION == '1.2.9') {
 
         mysqli_query($mysqli, "CREATE TABLE `user_permissions` (`user_id` int(11) NOT NULL,`client_id` int(11) NOT NULL, PRIMARY KEY (`user_id`,`client_id`))");
-        
+
         mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '1.3.0'");
     }
 
-    // if (CURRENT_DATABASE_VERSION == '1.3.0') {
-    //     // Insert queries here required to update to DB version 1.3.0
+     if (CURRENT_DATABASE_VERSION == '1.3.0') {
+
+         mysqli_query($mysqli, "CREATE TABLE `itflow`.`user_roles` (`user_role_id` INT(11) NOT NULL AUTO_INCREMENT , `user_role_name` VARCHAR(200) NOT NULL , `user_role_description` VARCHAR(200) NULL DEFAULT NULL , `user_role_created_at` DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP , `user_role_updated_at` DATETIME on update CURRENT_TIMESTAMP NULL , `user_role_archived_at` DATETIME NULL , PRIMARY KEY (`user_role_id`)) ENGINE = InnoDB");
+
+         mysqli_query($mysqli, "INSERT INTO `user_roles` SET user_role_id = 1, user_role_name = 'Accountant', user_role_description = 'Built-in - Limited access to financial-focused modules'");
+         mysqli_query($mysqli, "INSERT INTO `user_roles` SET user_role_id = 2, user_role_name = 'Technician', user_role_description = 'Built-in - Limited access to technical-focused modules'");
+         mysqli_query($mysqli, "INSERT INTO `user_roles` SET user_role_id = 3, user_role_name = 'Administrator', user_role_description = 'Built-in - Full administrative access to all modules (including user management)'");
+
+         mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '1.3.1'");
+     }
+
+    // if (CURRENT_DATABASE_VERSION == '1.3.1') {
+    //     // Insert queries here required to update to DB version 1.3.1
     //     // Then, update the database to the next sequential version
-    //     mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '1.3.1");
+    //     mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '1.3.2'");
     // }
 
 } else {
diff --git a/database_version.php b/database_version.php
index 91fe0b03..e55dd88e 100644
--- a/database_version.php
+++ b/database_version.php
@@ -5,4 +5,4 @@
  * It is used in conjunction with database_updates.php
  */
 
-DEFINE("LATEST_DATABASE_VERSION", "1.3.0");
+DEFINE("LATEST_DATABASE_VERSION", "1.3.1");
diff --git a/db.sql b/db.sql
index 0bd7cf94..4059d711 100644
--- a/db.sql
+++ b/db.sql
@@ -1791,6 +1791,23 @@ CREATE TABLE `user_permissions` (
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
 /*!40101 SET character_set_client = @saved_cs_client */;
 
+
+--
+-- Table structure for table `user_roles`
+--
+
+DROP TABLE IF EXISTS `user_roles`;
+CREATE TABLE IF NOT EXISTS `user_roles` (
+  `user_role_id` int(11) NOT NULL AUTO_INCREMENT,
+  `user_role_name` varchar(200) NOT NULL,
+  `user_role_description` varchar(200) DEFAULT NULL,
+  `user_role_created_at` datetime NOT NULL DEFAULT current_timestamp(),
+  `user_role_updated_at` datetime DEFAULT NULL ON UPDATE current_timestamp(),
+  `user_role_archived_at` datetime DEFAULT NULL,
+  PRIMARY KEY (`user_role_id`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_bin;
+/*!40101 SET character_set_client = @saved_cs_client */;
+
 --
 -- Table structure for table `user_settings`
 --
diff --git a/setup.php b/setup.php
index 3dbbdc8f..dc78d4fe 100644
--- a/setup.php
+++ b/setup.php
@@ -302,6 +302,11 @@ if (isset($_POST['add_company_settings'])) {
     mysqli_query($mysqli, "INSERT INTO ticket_statuses SET ticket_status_name = 'Auto Close', ticket_status_color = '#343a40'"); // 4
     mysqli_query($mysqli, "INSERT INTO ticket_statuses SET ticket_status_name = 'Closed', ticket_status_color = '#343a40'"); // 5
 
+    // Add default roles
+    mysqli_query($mysqli, "INSERT INTO `user_roles` SET user_role_id = 1, user_role_name = 'Accountant', user_role_description = 'Built-in - Limited access to financial-focused modules'");
+    mysqli_query($mysqli, "INSERT INTO `user_roles` SET user_role_id = 2, user_role_name = 'Technician', user_role_description = 'Built-in - Limited access to technical-focused modules'");
+    mysqli_query($mysqli, "INSERT INTO `user_roles` SET user_role_id = 3, user_role_name = 'Administrator', user_role_description = 'Built-in - Full administrative access to all modules (including user management)'");
+
 
     $_SESSION['alert_message'] = "Company <strong>$name</strong> created!";