access rights

db/Structure.sql

@@ -513,44 +513,51 @@ CREATE TABLE IF NOT EXISTS `recovery_tokens` (
 -- Дамп данных таблицы `user_roles`
 --
 
+-- 1 - common
+-- 2 - student
+-- 4 - teacher
+-- 8 - admin
+-- 16 - deans
 INSERT INTO `user_roles` (`ID`, `Type`, `RoleName`, `Mark`) VALUES
-(1, 'student', 'Студент', 1),
-(2, 'teacher', 'Преподаватель', 2),
-(3, 'teacher', 'Преподаватель-Администратор', 4);
+(1, 'student', 'Студент', 3),
+(2, 'teacher', 'Преподаватель', 5),
+(3, 'teacher', 'Преподаватель-Администратор', 13),
+(4, 'teacher', 'Работник деканата', 21)//
 
 --
 -- Дамп данных таблицы `user_roles`
 --
 
+
+
 INSERT INTO `page_access` (`ID`, `Pagename`, `Bitmask`) VALUES
-(1, 'common:index', 7),
-(2, 'common:settings', 7),
-(3, 'common:profile', 7),
-(4, 'teacher:index', 6),
-(5, 'teacher:settings', 6),
-(6, 'teacher:map:create', 6),
-(7, 'teacher:map:edit', 6),
-(8, 'teacher:rating', 6),
-(9, 'teacher:profile', 6),
-(10, 'admin:common', 4),
-(11, 'student:index', 1),
-(12, 'student:settings', 1),
-(13, 'student:subject', 1),
-(14, 'teacher:map:discipline', 6),
-(15, 'teacher:map:structure', 6),
-(16, 'teacher:map:groups', 6),
-(17, 'teacher:map:students', 6),
-(18, 'teacher:map:teachers', 6),
-(19, 'handler:AdmAccounts', 4),
-(20, 'handler:AdmStudents', 4),
-(21, 'handler:AdmTeachers', 4),
-(22, 'handler:GetHelp', 7),
-(23, 'handler:Map', 6),
-(24, 'handler:Rating', 6),
-(25, 'handler:Settings', 7),
-(26, 'teacher:exam', 6),
-(27, 'dean_office:index', 7); 
--- TODO: restrict dean's
+(1, 'common:index', 1),
+(2, 'common:settings', 1),
+(3, 'common:profile', 1),
+(4, 'teacher:index', 4),
+(5, 'teacher:settings', 4),
+(6, 'teacher:map:create', 4),
+(7, 'teacher:map:edit', 4),
+(8, 'teacher:rating', 4),
+(9, 'teacher:profile', 4),
+(10, 'admin:common', 8),
+(11, 'student:index', 2),
+(12, 'student:settings', 2),
+(13, 'student:subject', 2),
+(14, 'teacher:map:discipline', 4),
+(15, 'teacher:map:structure', 4),
+(16, 'teacher:map:groups', 4),
+(17, 'teacher:map:students', 4),
+(18, 'teacher:map:teachers', 4),
+(19, 'handler:AdmAccounts', 8),
+(20, 'handler:AdmStudents', 8),
+(21, 'handler:AdmTeachers', 8),
+(22, 'handler:GetHelp', 1),
+(23, 'handler:Map', 2),
+(24, 'handler:Rating', 2),
+(25, 'handler:Settings', 1),
+(26, 'teacher:exam', 2),
+(27, 'dean_office:index', 24)//
 
 
 INSERT INTO `general_settings` (`ID`, `Val`, `ValS`) VALUES

db/fix.sql

-DELIMITER //
+DELETE FROM `page_access`;
+
+UPDATE `user_roles` SET user_roles.Mark = 13 WHERE user_roles.RoleName LIKE 'Преподаватель-Администратор';
+UPDATE `user_roles` SET user_roles.Mark = 21 WHERE user_roles.RoleName LIKE 'Работник деканата';
+UPDATE `user_roles` SET user_roles.Mark = 5 WHERE user_roles.RoleName LIKE 'Преподаватель';
+UPDATE `user_roles` SET user_roles.Mark = 3 WHERE user_roles.RoleName LIKE 'Студент';
+
+
+-- 1 - common
+-- 2 - student
+-- 4 - teacher
+-- 8 - admin
+-- 16 - deans
+INSERT INTO `user_roles` (`ID`, `Type`, `RoleName`, `Mark`) VALUES
+(1, 'student', 'Студент', 3),
+(2, 'teacher', 'Преподаватель', 5),
+(3, 'teacher', 'Преподаватель-Администратор', 13),
+(4, 'teacher', 'Работник деканата', 21)//
 
 INSERT INTO `page_access` (`ID`, `Pagename`, `Bitmask`) VALUES
-(27, 'dean_office:index', 7)//
--- TODO: restrict dean's
+(1, 'common:index', 1),
+(2, 'common:settings', 1),
+(3, 'common:profile', 1),
+(4, 'teacher:index', 4),
+(5, 'teacher:settings', 4),
+(6, 'teacher:map:create', 4),
+(7, 'teacher:map:edit', 4),
+(8, 'teacher:rating', 4),
+(9, 'teacher:profile', 4),
+(10, 'admin:common', 8),
+(11, 'student:index', 2),
+(12, 'student:settings', 2),
+(13, 'student:subject', 2),
+(14, 'teacher:map:discipline', 4),
+(15, 'teacher:map:structure', 4),
+(16, 'teacher:map:groups', 4),
+(17, 'teacher:map:students', 4),
+(18, 'teacher:map:teachers', 4),
+(19, 'handler:AdmAccounts', 8),
+(20, 'handler:AdmStudents', 8),
+(21, 'handler:AdmTeachers', 8),
+(22, 'handler:GetHelp', 1),
+(23, 'handler:Map', 2),
+(24, 'handler:Rating', 2),
+(25, 'handler:Settings', 1),
+(26, 'teacher:exam', 2),
+(27, 'dean_office:index', 24);
 
-DELIMITER ;
\ No newline at end of file

~dev_rating/application/classes/Controller/Handler.php

@@ -32,7 +32,10 @@ class Controller_Handler extends Controller {
         // Получаем имя маршрута 
         $route = Route::name($this->request->route());
         $route .= ':'.$this->request->controller();
-        $userMark = $user->offsetGet('RoleMark');
+        $userMark = (int)$user->offsetGet('RoleMark');
+        if ($userMark == 0) {
+            $userMark = (int)1;
+        }
         // Если запрос не прошел на проверку доступа
         if( !$this->checkAccessLevel() || 
             !$this->checkBitmask($userMark, $route))
@@ -50,7 +53,7 @@ class Controller_Handler extends Controller {
     protected function checkBitmask($userMark, $route)
     {
         $sysModel = new Model_System;
-        $bitmask = $sysModel->getBitmaskForRoute($route);
+        $bitmask = (int)$sysModel->getBitmaskForRoute($route);
         if(!$bitmask)
             return true;
         return ($bitmask & $userMark) != 0;

~dev_rating/application/classes/Controller/UserEnvi.php

@@ -24,7 +24,13 @@ class Controller_UserEnvi extends Controller {
         $route = Route::name($this->request->route());
         $userMark = $user->offsetGet('RoleMark');
         $sysModel = new Model_System;
-        $bitmask = $sysModel->getBitmaskForRoute($route);
+        $bitmask = (int)$sysModel->getBitmaskForRoute($route);
+        if ($bitmask === 0) {
+            $bitmask = (int)1;
+        }
+        if ($userMark === 0) {
+            $userMark = (int)1;
+        }
         if(!($bitmask & $userMark)) {
             throw HTTP_Exception::factory(403, 
             'Не пытайтесь попасть туда, куда попадать не следует.');