Human-Resource/config.php at main · MrLionOfficial/Human-Resource · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
<?php
// Start the session
session_start();

// Include the database connection file
require_once 'db_connection.php';

// Function to check if user is logged in
function isLoggedIn() {
    return isset($_SESSION['user_id']);
}

// Function to require login
function requireLogin() {
    if (!isLoggedIn()) {
        header("Location: login.php");
        exit();
    }
}

// Function to get current user ID
function getCurrentUserId() {
    return $_SESSION['user_id'] ?? null;
}

// Function to get current user email
function getCurrentUserEmail() {
    return $_SESSION['email'] ?? null;
}

// Function to get current user role
function getCurrentUserRole() {
    return $_SESSION['role'] ?? null;
}

// Function to logout user
function logoutUser() {
    session_unset();
    session_destroy();
    header("Location: login.php");
    exit();
}

// Define access rules
$accessRules = [
    'feedback.php' => ['admin', 'project manager', 'L3', 'L2', 'L1'],
    'dashboard.php' => ['admin', 'project manager', 'L3', 'L2', 'L1'],
    '/clients/client_dashboard.php' => ['admin', 'client'],
    'analytics.php' => ['admin', 'project manager'],
    'task_tracker.php' => ['admin', 'project manager', 'L3'],
    'daily_status.php' => ['admin', 'project manager', 'L3', 'L2', 'L1'],
    'user_management.php' => ['admin', 'L3', 'project manager'],
    'add_user.php' => ['admin'],
    'edit_user.php' => ['admin'],
    'delete_user.php' => ['admin'],
    'add_client.php' => ['admin', 'L3', 'project manager'],
    'add_project.php' => ['admin', 'L3', 'project manager'],
    'edit_client.php' => ['admin', 'L3', 'project manager'],
    'client_management.php' => ['admin', 'project manager', 'L3', 'L2', 'L1'],
    'project_management.php' => ['admin', 'project manager', 'L3', 'L2', 'L1'],
    'web_generate_report.php' => ['admin', 'project manager', 'L3', 'L2', 'L1'],
    'edit_project.php' => ['admin', 'project manager'],
    'vulnerability_management.php' => ['admin', 'project manager', 'L3', 'L2', 'L1'],
    'generate_report.php' => ['admin', 'project manager', 'L3', 'L2', 'L1'],
    'view_project.php' => ['admin', 'project manager', 'L3', 'L2', 'L1'],
    'add_vulnerabilities.php' => ['admin', 'project manager', 'L3', 'L2', 'L1'],
    'edit_vulnerability.php' => ['admin', 'project manager', 'L3', 'L2', 'L1'],
    'view_vulnerability.php' => ['admin', 'project manager', 'L3', 'L2', 'L1'],
    'individual_performance.php' => ['admin', 'project manager', 'L3', 'L2', 'L1'],
    'performance_management.php' => ['admin', 'project manager', 'L3'],
    // Add more pages and their allowed roles here
];

// Function to check if user has access to a specific page
function hasAccess($page, $projectId = null) {
    global $accessRules;
    $userId = getCurrentUserId();
    $userRole = getCurrentUserRole();

    if ($userRole === 'admin') {
        return true; // Admin has access to all pages
    }

    if ($page === 'view_project.php' || $page === 'vulnerability_management.php' || $page === 'edit_project.php') {
        if ($projectId === null) {
            return false; // Project ID not provided
        }

        $pdo = getDBConnection();
        $sql = "SELECT COUNT(*) FROM project_assignments WHERE project_id = ? AND user_id = ?";
        $stmt = $pdo->prepare($sql);
        $stmt->execute([$projectId, $userId]);
        $count = $stmt->fetchColumn();

        if ($count > 0) {
            return true; // User is assigned to the project
        } else {
            return false; // User is not assigned to the project
        }
    }

    // For other pages, use the existing access rules
    if (!isset($accessRules[$page])) {
        return false; // If the page is not in the rules, deny access by default
    }

    return in_array($userRole, $accessRules[$page]);
}

// Function to require specific access for a page
function requireAccess($page, $projectId = null) {
    if (!hasAccess($page, $projectId)) {
        // Redirect to an access denied page or show an error
        header("Location: access_denied.php");
        exit();
    }
}

// Function to add a new access rule
function addAccessRule($page, $allowedRoles) {
    global $accessRules;
    $accessRules[$page] = $allowedRoles;
}

// Example of how to use these functions in your pages:
//
// At the top of each page (e.g., vulnerability_management.php):
//
// require_once 'config.php';
// requireLogin();
// requireAccess(basename(__FILE__), $_GET['project_id']);
//
// $userId = getCurrentUserId();
// $userEmail = getCurrentUserEmail();
// $userRole = getCurrentUserRole();
//
// To logout:
// if (isset($_GET['logout'])) {
//     logoutUser();
// }
//
// To add a new access rule:
// addAccessRule('new_page.php', ['admin', 'project manager']);