Skip to content

Commit

Permalink
member edit auth_class and mod fixes
Browse files Browse the repository at this point in the history
  • Loading branch information
@flathat
flathat committed May 17, 2013
1 parent fd8a328 commit 34cec0d
Show file tree
Hide file tree
Showing 4 changed files with 17 additions and 22 deletions.
7 changes: 7 additions & 0 deletions fannie/mem/MemberEditor.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,13 @@ class MemberEditor extends FanniePage {

private $msgs = '';

public function __construct(){
global $FANNIE_COOP_ID;
parent::__construct();
if ( isset($FANNIE_COOP_ID) && $FANNIE_COOP_ID == 'WEFC_Toronto' )
$this->auth_classes = array('editmembers');
}

function preprocess(){
global $FANNIE_COUNTRY, $FANNIE_MEMBER_MODULES, $FANNIE_OP_DB;

Expand Down
10 changes: 8 additions & 2 deletions fannie/mem/MemberSearchPage.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,15 +30,21 @@

class MemberSearchPage extends FanniePage {
protected $title = "Fannie :: Find Member";
// 5Dec12 EL Howto note in header.
protected $header = "Find Members
<p style='font-family:arial; font-size:0.7em; margin:0.0em 0em 0em 1.5em;'>
Enter criteria to find one member or a list members from which to choose.</p>";

private $mode = 'search';
private $country;
private $results = array();


public function __construct(){
global $FANNIE_COOP_ID;
parent::__construct();
if ( isset($FANNIE_COOP_ID) && $FANNIE_COOP_ID == 'WEFC_Toronto' )
$this->auth_classes = array('editmembers');
}

function preprocess(){
global $FANNIE_COUNTRY,$FANNIE_MEMBER_MODULES,$FANNIE_OP_DB;
$this->country = (isset($FANNIE_COUNTRY)&&!empty($FANNIE_COUNTRY))?$FANNIE_COUNTRY:"US";
Expand Down
2 changes: 1 addition & 1 deletion fannie/mem/modules/MemCard.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -85,7 +85,7 @@ function SaveFormData($memNum){
$form_upc = sprintf("{$prefix}%0{$clen}d", $form_upc);
}

if (MemberCardsController::update($memNum, $form_upc))
if (!MemberCardsController::update($memNum, $form_upc))
return 'Error: problem saving Member Card<br />';
else
return '';
Expand Down
20 changes: 1 addition & 19 deletions fannie/mem/modules/Notes.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,14 +23,6 @@

class Notes extends MemberModule {

/* 15Aug12 flathat Formerly populated the input with the last note. History link not coded.
* When the Save function added the populated note was re-added each time.
* Old code commented.
* Now: Populates a table, initially hidden, of historical notes under the input,
* which is left empty.
* History button is displayed iff history and un-hides the list of notes.
* NoHistory button re-hides the list of notes.
*/
function ShowEditForm($memNum, $country="US"){
global $FANNIE_URL;

Expand All @@ -42,13 +34,6 @@ function ShowEditForm($memNum, $country="US"){

$note = "";
$date = "";
/*
if ($dbc->num_rows($infoR) > 0){
$infoW = $dbc->fetch_row($infoR);
$note = str_replace("<br />","\n",$infoW['note']);
$date = $infoW['stamp'];
}
*/

$ret = "<fieldset><legend>Notes</legend>";

Expand Down Expand Up @@ -92,9 +77,6 @@ function ShowEditForm($memNum, $country="US"){
return $ret;
}

/* 15Aug12 EL Did not previously exist.
* Value for username is dummy as currently no login.
*/
function SaveFormData($memNum){

$note = FormLib::get_form_value('Notes_text');
Expand All @@ -106,7 +88,7 @@ function SaveFormData($memNum){

$insertNote = $dbc->prepare_statement("INSERT into memberNotes
(cardno, note, stamp, username)
VALUES (%d, %s, ".$dbc->now().", 'Admin')");
VALUES (?, ?, ".$dbc->now().", 'Admin')");

$test1 = $dbc->exec_statement($insertNote,array($memNum,$note));

Expand Down

5 comments on commit 34cec0d

@gohanman
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

RE: member permissions:

I currently have three levels:

  1. can see member info but cannot change anything
  2. partial editing access for contact info but not account type/status
  3. full editing access
    End User Manual - Data Stewards / DBA / IT CORE-POS/IS4C#2 might be my own personal quirk, but I could End User Manual - Cashier CORE-POS/IS4C#1 and Developer Documentation CORE-POS/IS4C#3 being useful in the standard set of permissions.

@flathat
Copy link
Owner Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What I've done so far is add three auth_classes for those levels, with the intent of replacing the current "editmembers" and possibly "memgen":

0 login if $must_authenticate, but no auth_class
1 members_view
2 members_edit_partial
3 members_edit_full

I've assigned $auth_classes at the lowest level the user must have to the pages in fannie/mem/:

0 MemberIndexPage - the menu of Member operations

1 MemberSearchPage - the Search/Find form and the hitlist it displays for >1 hit

1 MemberEditor - Display the record and edit.
But how to keep a user with only level 1 from Saving changes? Should the Save button be suppressed? Should all the inputs be readonly, or rendered as text rather than inputs? A message somewhere "You don't have permission to change?"
And, do you not allow level 2 to edit MemberType? If you don't, what would be the idomatic to prevent that? The MemberModule class does not have access to $auth_classes or the other authentication apparatus of FanniePage.

The separate pages that are linked to from the Active Status, Equity and AR modules are children of FanniePage:
3 MemStatusEditor

For the Equity and AR changes in correction_pages/*.php is level 3 enough, or should it be something like admin?

3? MemberTypeEditor. Is level 3 enough for changing member types?

3? NewMemberTool . Currently has the special "memgen" priv, but level-3 seems enough to me, and retire memgen.

1 numbers/MemberStickerPage. Little harm possible I think

0? import/MemImportIndex - The import sub-menu
3? For the import/*.php themselves, is 3 high enough?

@gohanman
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't grasp the distinction between 0 and 1. Are the inter-related - i.e., level 1 only applies if must_authenticate is in use?

The member modules can certainly call validateUserQuiet() in ShowEditForm or SaveFormData (or both) to change behavior based on the current user's permissions. I think that's the only way to have that level of fine tuning. I think it's present already otherwise auth/login.php can be included.

I agree with your suggested levels for the rest. People with level-3 permissions are presumably fairly trusted and none of the tools can cause any irreparable damage. Any mistake with status or the correction pages can easily be reversed. The worst thing NewMemberTool can do is create a whole bunch of empty memberships. MemberTypeEditor could make a bit of a mess, but unless the structure is ludicrously complicated someone ought to be able to fix it from memory (and in any event the member structure is probably documented in policy somewhere).

@flathat
Copy link
Owner Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

AT>I don't grasp the distinction between 0 and 1. Are the inter-related - i.e., level 1 only applies if must_authenticate is in use?
EL>No,
0 means if must_authenticate but auth_classes =="" then login is still required, but no special privs, any logged-in user can see.
So you can see the menu but probably can't run anything that's on it.
1 means login + members_view

Fine re trustworthinness of 3. A lot of those functions we don't use yet so I wasn't sure about the level of privacy, trust.

Can you comment on my questions under MemberEditor? Maybe MemberModule class should have a Display function that just renders text, not a form. Or maybe I don't understand what you mean about view-only, or I'm over-complicating things. I just don't want to lose a nuance you rely on.

@gohanman
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I was picturing something like this for member modules:

$edit_level = 0;
if (validateUserQuiet('members_edit_full')) $edit_level = 3;
elseif (validateUserQuiet('members_edit_partial')) $edit_level = 2;

Then further down it could draw input boxes or just text based on $edit_level. The zero/one level doesn't fit into this scheme though because the module would have to know about the must_authenticate setting.

Maybe MemberModule::ShowEditForm needs to take an additional argument - i.e., ShowEditForm($memNum, $countryCode, $editLevel) and the MemberEditor class should do all the permission checks. So the above would become something like this:

$edit_level = 0;
// Note: if auth is disabled, validateUserQuiet always returns True
if (validateUserQuiet('members_edit_full')) $edit_level = 3;
elseif (validateUserQuiet('members_edit_partial')) $edit_level = 2;
elseif (validateUserQuiet('members_view')) $edit_level = 1;
elseif (!$this->must_authenticate)) $edit_level = 1;

Please sign in to comment.