From 34e1bf9ffab63196bc473f47cd5f37382b79bd5a Mon Sep 17 00:00:00 2001
From: Nate <github@najo.com>
Date: Sat, 19 Oct 2019 16:59:17 -0600
Subject: [PATCH] Access Controls: List view updates.

---
 app/access_controls/access_control_edit.php   |   3 +-
 .../access_control_node_edit.php              |   3 +-
 app/access_controls/access_controls.php       | 156 ++++++++++++-----
 .../resources/classes/access_controls.php     | 161 ++++++++++++++++++
 4 files changed, 275 insertions(+), 48 deletions(-)
 create mode 100644 app/access_controls/resources/classes/access_controls.php

diff --git a/app/access_controls/access_control_edit.php b/app/access_controls/access_control_edit.php
index e2369f2c08..ba4959f44c 100644
--- a/app/access_controls/access_control_edit.php
+++ b/app/access_controls/access_control_edit.php
@@ -175,12 +175,11 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) {
 	echo "</tr>\n";
 
 	echo "<tr>\n";
-	echo "<td class='vncellreq' valign='top' align='left' nowrap='nowrap'>\n";
+	echo "<td class='vncell' valign='top' align='left' nowrap='nowrap'>\n";
 	echo "	".$text['label-access_control_default']."\n";
 	echo "</td>\n";
 	echo "<td class='vtable' align='left'>\n";
 	echo "	<select class='formfld' name='access_control_default'>\n";
-	echo "	<option value=''></option>\n";
 	if ($access_control_default == "allow") {
 		echo "	<option value='allow' selected='selected'>".$text['label-allow']."</option>\n";
 	}
diff --git a/app/access_controls/access_control_node_edit.php b/app/access_controls/access_control_node_edit.php
index 150f0c45f4..95ea81d377 100644
--- a/app/access_controls/access_control_node_edit.php
+++ b/app/access_controls/access_control_node_edit.php
@@ -202,12 +202,11 @@ if (count($_POST) > 0 && strlen($_POST["persistformvar"]) == 0) {
 	echo "</tr>\n";
 
 	echo "<tr>\n";
-	echo "<td class='vncellreq' valign='top' align='left' nowrap='nowrap'>\n";
+	echo "<td class='vncell' valign='top' align='left' nowrap='nowrap'>\n";
 	echo "	".$text['label-node_type']."\n";
 	echo "</td>\n";
 	echo "<td class='vtable' align='left'>\n";
 	echo "	<select class='formfld' name='node_type'>\n";
-	echo "	<option value=''></option>\n";
 	if ($node_type == "allow") {
 		echo "	<option value='allow' selected='selected'>".$text['label-allow']."</option>\n";
 	}
diff --git a/app/access_controls/access_controls.php b/app/access_controls/access_controls.php
index fc66111294..9d568b442b 100644
--- a/app/access_controls/access_controls.php
+++ b/app/access_controls/access_controls.php
@@ -28,6 +28,7 @@
 	require_once "root.php";
 	require_once "resources/require.php";
 	require_once "resources/check_auth.php";
+	require_once "resources/paging.php";
 
 //check permissions
 	if (!permission_exists('access_control_view')) {
@@ -38,18 +39,60 @@
 	$language = new text;
 	$text = $language->get();
 
+//get posted data
+	if (is_array($_POST['access_controls'])) {
+		$action = $_POST['action'];
+		$search = $_POST['search'];
+		$access_controls = $_POST['access_controls'];
+	}
+
+//copy the access controls
+	if (permission_exists('access_control_add')) {
+		if ($action == 'copy' && is_array($access_controls) && @sizeof($access_controls) != 0) {
+			//copy
+				$obj = new access_controls;
+				$obj->copy($access_controls);
+			//redirect
+				header('Location: access_controls.php'.($search != '' ? '?search='.urlencode($search) : null));
+				exit;
+		}
+	}
+
+//delete the access controls
+	if (permission_exists('access_control_delete')) {
+		if ($action == 'delete' && is_array($access_controls) && @sizeof($access_controls) != 0) {
+			//delete
+				$obj = new access_controls;
+				$obj->delete($access_controls);
+			//redirect
+				header('Location: access_controls.php'.($search != '' ? '?search='.urlencode($search) : null));
+				exit;
+		}
+	}
+
 //get variables used to control the order
 	$order_by = $_GET["order_by"];
 	$order = $_GET["order"];
 
-//additional includes
-	require_once "resources/header.php";
-	require_once "resources/paging.php";
+//add the search term
+	$search = strtolower($_GET["search"]);
+	if (strlen($search) > 0) {
+		$sql_search = " (";
+		$sql_search .= "	lower(access_control_name) like :search ";
+		$sql_search .= "	or lower(access_control_default) like :search ";
+		$sql_search .= "	or lower(access_control_description) like :search ";
+		$sql_search .= ") ";
+
+		$parameters['search'] = '%'.$search.'%';
+	}
 
 //prepare to page the results
 	$sql = "select count(*) from v_access_controls ";
+	if (isset($sql_search)) {
+		$sql .= "where ".$sql_search;
+	}
 	$database = new database;
-	$num_rows = $database->select($sql, null, 'column');
+	$num_rows = $database->select($sql, $parameters, 'column');
 
 //prepare to page the results
 	$rows_per_page = ($_SESSION['domain']['paging']['numeric'] != '') ? $_SESSION['domain']['paging']['numeric'] : 50;
@@ -57,74 +100,99 @@
 	$page = $_GET['page'];
 	if (strlen($page) == 0) { $page = 0; $_GET['page'] = 0; }
 	list($paging_controls, $rows_per_page, $var3) = paging($num_rows, $param, $rows_per_page);
+	list($paging_controls_mini, $rows_per_page, $var_3) = paging($num_rows, $param, $rows_per_page, true);
 	$offset = $rows_per_page * $page;
 
 //get the list
-	$sql = "select * from v_access_controls ";
+	$sql = str_replace('count(*)', '*', $sql);
 	$sql .= order_by($order_by, $order);
 	$sql .= limit_offset($rows_per_page, $offset);
 	$database = new database;
-	$access_controls = $database->select($sql, null, 'all');
+	$access_controls = $database->select($sql, $parameters, 'all');
+	unset($sql, $parameters);
 
-//alternate the row style
-	$c = 0;
-	$row_style["0"] = "row_style0";
-	$row_style["1"] = "row_style1";
+//create token
+	$object = new token;
+	$token = $object->create($_SERVER['PHP_SELF']);
+
+//include the header
+	require_once "resources/header.php";
 
 //show the content
-	echo "<b>".$text['title-access_controls']."</b>\n";
-	echo "<br /><br />\n";
+	echo "<div class='action_bar' id='action_bar'>\n";
+	echo "	<b style='float: left;'>".$text['title-access_controls']." (".$num_rows.")</b>\n";
+	if (permission_exists('access_control_add')) {
+		echo button::create(['type'=>'button','label'=>$text['button-add'],'icon'=>$_SESSION['theme']['button_icon_add'],'link'=>'access_control_edit.php']);
+	}
+	if (permission_exists('access_control_add')) {
+		echo button::create(['type'=>'button','label'=>$text['button-copy'],'icon'=>$_SESSION['theme']['button_icon_copy'],'onclick'=>"if (confirm('".$text['confirm-copy']."')) { list_action_set('copy'); list_form_submit('form_list'); } else { this.blur(); return false; }"]);
+	}
+	if (permission_exists('access_control_delete')) {
+		echo button::create(['type'=>'button','label'=>$text['button-delete'],'icon'=>$_SESSION['theme']['button_icon_delete'],'onclick'=>"if (confirm('".$text['confirm-delete']."')) { list_action_set('delete'); list_form_submit('form_list'); } else { this.blur(); return false; }"]);
+	}
+	echo "<form id='form_search' class='inline' method='get'>\n";
+	echo "<input type='text' class='txt list-search' name='search' id='search' value=\"".escape($search)."\" placeholder=\"".$text['label-search']."\" onkeydown='list_search_reset();'>";
+	echo button::create(['label'=>$text['button-search'],'icon'=>$_SESSION['theme']['button_icon_search'],'type'=>'submit','id'=>'btn_search','style'=>($search != '' ? 'display: none;' : null)]);
+	echo button::create(['label'=>$text['button-reset'],'icon'=>$_SESSION['theme']['button_icon_reset'],'type'=>'button','id'=>'btn_reset','link'=>'access_controls.php','style'=>($search == '' ? 'display: none;' : null)]);
+	if ($paging_controls_mini != '') {
+		echo "<span style='margin-left: 15px;'>".$paging_controls_mini."</span>";
+	}
+	echo "</form>\n";
+	echo "</div>\n";
+
 	echo $text['description-access_control']."\n";
 	echo "<br /><br />\n";
 
-	echo "<table class='tr_hover' width='100%' border='0' cellpadding='0' cellspacing='0'>\n";
-	echo "<tr>\n";
+	echo "<form id='form_list' method='post'>\n";
+	echo "<input type='hidden' id='action' name='action' value=''>\n";
+	echo "<input type='hidden' name='search' value=\"".escape($search)."\">\n";
+
+	echo "<table class='list'>\n";
+	echo "<tr class='list-header'>\n";
+	echo "	<th class='checkbox'>\n";
+	echo "		<input type='checkbox' id='checkbox_all' name='checkbox_all' value='' onclick='list_all_toggle();'>\n";
+	echo "	</th>\n";
 	echo th_order_by('access_control_name', $text['label-access_control_name'], $order_by, $order);
 	echo th_order_by('access_control_default', $text['label-access_control_default'], $order_by, $order);
 	echo th_order_by('access_control_description', $text['label-access_control_description'], $order_by, $order);
-	echo "<td class='list_control_icons'>";
-	if (permission_exists('access_control_add')) {
-		echo "<a href='access_control_edit.php' alt='".$text['button-add']."'>$v_link_label_add</a>";
+	if (permission_exists('access_control_edit') && $_SESSION['theme']['list_row_edit_button']['boolean'] == 'true') {
+		echo "	<td class='action-button'>&nbsp;</td>\n";
 	}
-	else {
-		echo "&nbsp;\n";
-	}
-	echo "</td>\n";
-	echo "<tr>\n";
+	echo "</tr>\n";
 
 	if (is_array($access_controls)) {
 		foreach($access_controls as $row) {
 			if (permission_exists('access_control_edit')) {
-				$tr_link = "href='access_control_edit.php?id=".escape($row['access_control_uuid'])."'";
-			}
-			echo "<tr ".$tr_link.">\n";
-			echo "	<td valign='top' class='".$row_style[$c]."'><a ".$tr_link.">".escape($row['access_control_name'])."</a></td>\n";
-			echo "	<td valign='top' class='".$row_style[$c]."'>".escape($row['access_control_default'])."&nbsp;</td>\n";
-			echo "	<td valign='top' class='".$row_style[$c]."'>".escape($row['access_control_description'])."&nbsp;</td>\n";
-			echo "	<td class='list_control_icons'>";
-			if (permission_exists('access_control_edit')) {
-				echo "<a href='access_control_edit.php?id=".escape($row['access_control_uuid'])."' alt='".$text['button-edit']."'>$v_link_label_edit</a>";
-			}
-			if (permission_exists('access_control_delete')) {
-				echo "<a href='access_control_delete.php?id=".escape($row['access_control_uuid'])."' alt='".$text['button-delete']."' onclick=\"return confirm('".$text['confirm-delete']."')\">$v_link_label_delete</a>";
+				$list_row_url = "access_control_edit.php?id=".escape($row['access_control_uuid']);
 			}
+			echo "<tr class='list-row' href='".$list_row_url."'>\n";
+			echo "	<td class='checkbox'>\n";
+			echo "		<input type='checkbox' name='access_controls[$x][checked]' id='checkbox_".$x."' value='true' onclick=\"if (!this.checked) { document.getElementById('checkbox_all').checked = false; }\">\n";
+			echo "		<input type='hidden' name='access_controls[$x][access_control_uuid]' value='".escape($row['access_control_uuid'])."' />\n";
 			echo "	</td>\n";
+			echo "	<td><a href='".$list_row_url."'>".escape($row['access_control_name'])."</a></td>\n";
+			echo "	<td>".escape($row['access_control_default'])."</td>\n";
+			echo "	<td class='description overflow'>".escape($row['access_control_description'])."</td>\n";
+			if (permission_exists('access_control_edit') && $_SESSION['theme']['list_row_edit_button']['boolean'] == 'true') {
+				echo "	<td class='action-button'>";
+				echo button::create(['type'=>'button','title'=>$text['button-edit'],'icon'=>$_SESSION['theme']['button_icon_edit'],'link'=>$list_row_url]);
+				echo "	</td>\n";
+			}
 			echo "</tr>\n";
-			$c = $c == 1 ? 0 : 1;
-		} //end foreach
-		unset($sql, $access_controls);
-	} //end if results
+			$x++;
+		}
+		unset($access_controls);
+	}
 
 	echo "</table>\n";
-	if (permission_exists('access_control_add')) {
-		echo "<div style='float: right;'>\n";
-		echo "	<a href='access_control_edit.php' alt=\"".$text['button-add']."\">".$v_link_label_add."</a>";
-		echo "</div>\n";
-	}
 	echo "<br />\n";
 	echo "<div align='center'>".$paging_controls."</div>\n";
 
+	echo "<input type='hidden' name='".$token['name']."' value='".$token['hash']."'>\n";
+
+	echo "</form>\n";
+
 //include the footer
 	require_once "resources/footer.php";
 
-?>
+?>
\ No newline at end of file
diff --git a/app/access_controls/resources/classes/access_controls.php b/app/access_controls/resources/classes/access_controls.php
new file mode 100644
index 0000000000..cc8143c8f8
--- /dev/null
+++ b/app/access_controls/resources/classes/access_controls.php
@@ -0,0 +1,161 @@
+<?php
+
+/**
+ * access controls class
+ *
+ * @method null download
+ */
+if (!class_exists('access_controls')) {
+	class access_controls {
+
+		/**
+		 * Called when the object is created
+		 */
+		public function __construct() {
+
+		}
+
+		/**
+		 * Called when there are no references to a particular object
+		 * unset the variables used in the class
+		 */
+		public function __destruct() {
+			foreach ($this as $key => $value) {
+				unset($this->$key);
+			}
+		}
+
+		/**
+		 * delete access controls
+		 */
+		public function delete($access_controls) {
+			if (permission_exists('access_control_delete') && permission_exists('access_control_node_delete')) {
+
+				//add multi-lingual support
+					$language = new text;
+					$text = $language->get();
+
+				//validate the token
+					$token = new token;
+					if (!$token->validate($_SERVER['PHP_SELF'])) {
+						message::add($text['message-invalid_token'],'negative');
+						header('Location: access_controls.php');
+						exit;
+					}
+
+				//delete multiple access controls
+					if (is_array($access_controls) && @sizeof($access_controls) != 0) {
+						//build the delete array
+							foreach($access_controls as $x => $row) {
+								if ($row['checked'] == 'true' && is_uuid($row['access_control_uuid'])) {
+									$array['access_controls'][$x]['access_control_uuid'] = $row['access_control_uuid'];
+									$array['access_control_nodes'][$x]['access_control_uuid'] = $row['access_control_uuid'];
+								}
+							}
+						//delete the checked rows
+							if (is_array($array) && @sizeof($array) != 0) {
+								//execute delete
+									$database = new database;
+									$database->app_name = 'access_controls';
+									$database->app_uuid = '1416a250-f6e1-4edc-91a6-5c9b883638fd';
+									$database->delete($array);
+									unset($array);
+								//set message
+									message::add($text['message-delete']);
+							}
+							unset($access_controls);
+					}
+			}
+		}
+
+		/**
+		 * copy access controls
+		 */
+		public function copy($access_controls) {
+			if (permission_exists('access_control_add') && permission_exists('access_control_node_add')) {
+
+				//add multi-lingual support
+					$language = new text;
+					$text = $language->get();
+
+				//validate the token
+					$token = new token;
+					if (!$token->validate($_SERVER['PHP_SELF'])) {
+						message::add($text['message-invalid_token'],'negative');
+						header('Location: access_controls.php');
+						exit;
+					}
+
+				//copy the checked access controls
+					if (is_array($access_controls) && @sizeof($access_controls) != 0) {
+
+						//get checked access controls
+							foreach($access_controls as $x => $row) {
+								if ($row['checked'] == 'true' && is_uuid($row['access_control_uuid'])) {
+									$access_control_uuids[] = "access_control_uuid = '".$row['access_control_uuid']."'";
+								}
+							}
+						//create insert array from existing data
+							if (is_array($access_control_uuids) && @sizeof($access_control_uuids) != 0) {
+								$sql = "select * from v_access_controls ";
+								$sql .= "where ".implode(' or ', $access_control_uuids)." ";
+								$database = new database;
+								$rows = $database->select($sql, $parameters, 'all');
+								if (is_array($rows) && @sizeof($rows) != 0) {
+									$y = 0;
+									foreach ($rows as $x => $row) {
+										//access control
+											$access_control_uuid = uuid();
+											$array['access_controls'][$x]['access_control_uuid'] = $access_control_uuid;
+											$array['access_controls'][$x]['access_control_name'] = $row['access_control_name'];
+											$array['access_controls'][$x]['access_control_default'] = $row['access_control_default'];
+											$array['access_controls'][$x]['access_control_description'] = trim($row['access_control_description'].' ('.$text['label-copy'].')');
+										//access control nodes
+											$sql_2 = "select * from v_access_control_nodes where access_control_uuid = :access_control_uuid";
+											$parameters_2['access_control_uuid'] = $row['access_control_uuid'];
+											$database = new database;
+											$rows_2 = $database->select($sql_2, $parameters_2, 'all');
+											if (is_array($rows_2) && @sizeof($rows_2) != 0) {
+												foreach ($rows_2 as $row_2) {
+													$access_control_node_uuid = uuid();
+													$array['access_control_nodes'][$y]['access_control_node_uuid'] = $access_control_node_uuid;
+													$array['access_control_nodes'][$y]['access_control_uuid'] = $access_control_uuid;
+													$array['access_control_nodes'][$y]['node_type'] = $row_2['node_type'];
+													$array['access_control_nodes'][$y]['node_cidr'] = $row_2['node_cidr'];
+													$array['access_control_nodes'][$y]['node_domain'] = $row_2['node_domain'];
+													$array['access_control_nodes'][$y]['node_description'] = $row_2['node_description'];
+													$y++;
+												}
+											}
+											unset($sql_2, $parameters_2, $rows_2, $row_2);
+									}
+								}
+								unset($sql, $parameters, $rows, $row);
+							}
+						//save the changes and set the message
+							if (is_array($array) && @sizeof($array) != 0) {
+								//save the array
+									$database = new database;
+									$database->app_name = 'access_controls';
+									$database->app_uuid = '1416a250-f6e1-4edc-91a6-5c9b883638fd';
+									$database->save($array);
+									unset($array);
+
+								//set message
+									message::add($text['message-copy']);
+							}
+							unset($access_controls);
+					}
+
+			}
+		}
+
+	}
+}
+
+/*
+$obj = new access_controls;
+$obj->delete();
+*/
+
+?>
\ No newline at end of file