diff --git a/controllers/internals/Command.php b/controllers/internals/Command.php index b228604..e82e33e 100755 --- a/controllers/internals/Command.php +++ b/controllers/internals/Command.php @@ -109,7 +109,7 @@ namespace controllers\internals; return false; } - $this->internal_event->create('COMMAND_ADD', 'Ajout commande : '.$name.' => '.$script); + $this->internal_event->create($_SESSION['user']['id'], 'COMMAND_ADD', 'Ajout commande : '.$name.' => '.$script); return $result; } diff --git a/controllers/internals/Contact.php b/controllers/internals/Contact.php index 5711c7d..05119b3 100755 --- a/controllers/internals/Contact.php +++ b/controllers/internals/Contact.php @@ -26,30 +26,37 @@ namespace controllers\internals; } /** - * Cette fonction retourne une liste des contactes sous forme d'un tableau. - * - * @param mixed(int|bool) $nb_entry : Le nombre d'entrées à retourner par page - * @param mixed(int|bool) $page : Le numéro de page en cours - * - * @return array : La liste des contactes + * List contacts for a user + * @param int $id_user : user id + * @param mixed(int|bool) $nb_entry : Number of entry to return + * @param mixed(int|bool) $page : Pagination, will offset $nb_entry * $page results + * @return array */ - public function list($nb_entry = null, $page = null) + public function list($id_user, $nb_entry = null, $page = null) { - //Recupération des contactes - return $this->model_contact->list($nb_entry, $nb_entry * $page); + return $this->model_contact->list_for_user($id_user, $nb_entry, $nb_entry * $page); + } + + /** + * Return a contact + * @param $id : contact id + * @return array + */ + public function get($id) + { + return $this->model_contact->get($id); } /** * Cette fonction retourne une liste des contactes sous forme d'un tableau. - * + * @param int $id_user : user id * @param array int $ids : Les ids des entrées à retourner - * * @return array : La liste des contactes */ - public function gets($ids) + public function gets_for_user($id_user, $ids) { //Recupération des contactes - return $this->model_contact->gets($ids); + return $this->model_contact->gets_for_user($id_user, $ids); } /** @@ -116,15 +123,16 @@ namespace controllers\internals; /** * Cette fonction insert une nouvelle contacte. * - * @param array $contact : Un tableau représentant la contacte à insérer + * @param int $id_user : user id * @param mixed $number * @param mixed $name * * @return mixed bool|int : false si echec, sinon l'id de la nouvelle contacte insérée */ - public function create($number, $name) + public function create($id_user, $number, $name) { $contact = [ + 'id_user' => $id_user, 'number' => $number, 'name' => $name, ]; @@ -135,7 +143,7 @@ namespace controllers\internals; return $result; } - $this->internal_event->create('CONTACT_ADD', 'Ajout contact : '.$name.' ('.\controllers\internals\Tool::phone_format($number).')'); + $this->internal_event->create($id_user, 'CONTACT_ADD', 'Ajout contact : '.$name.' ('.\controllers\internals\Tool::phone_format($number).')'); return $result; } @@ -144,14 +152,16 @@ namespace controllers\internals; * Cette fonction met à jour une série de contactes. * * @param mixed $id + * @param int $id_user : user id * @param mixed $number * @param mixed $name * * @return int : le nombre de ligne modifiées */ - public function update($id, $number, $name) + public function update($id, $id_user, $number, $name) { $contact = [ + 'id_user' => $id_user, 'number' => $number, 'name' => $name, ]; diff --git a/controllers/internals/Event.php b/controllers/internals/Event.php index d802cd5..7ef3a10 100755 --- a/controllers/internals/Event.php +++ b/controllers/internals/Event.php @@ -65,16 +65,16 @@ namespace controllers\internals; /** * Cette fonction insert un nouvel event. - * - * @param array $event : Un tableau représentant l'event à insérer + * @param int $id_user : user id * @param mixed $type * @param mixed $text * * @return mixed bool|int : false si echec, sinon l'id du nouvel event inséré */ - public function create($type, $text) + public function create($id_user, $type, $text) { $event = [ + 'id_user' => $id_user, 'type' => $type, 'text' => $text, ]; diff --git a/controllers/internals/Group.php b/controllers/internals/Group.php index 199bc09..a17fd36 100755 --- a/controllers/internals/Group.php +++ b/controllers/internals/Group.php @@ -112,7 +112,7 @@ namespace controllers\internals; $this->model_group->insert_group_contact($id_group, $contact_id); } - $this->internal_event->create('GROUP_ADD', 'Ajout group : '.$name); + $this->internal_event->create($_SESSION['user']['id'], 'GROUP_ADD', 'Ajout group : '.$name); return $id_group; } diff --git a/controllers/internals/Phone.php b/controllers/internals/Phone.php index 4e058bb..0b99d2e 100755 --- a/controllers/internals/Phone.php +++ b/controllers/internals/Phone.php @@ -30,9 +30,9 @@ namespace controllers\internals; * * @return array|bool : List of user or false */ - public function list(int $id_user, ?int $nb_entry = null, ?int $page = null) + public function list_for_user(int $id_user, ?int $nb_entry = null, ?int $page = null) { - return $this->model_phone->list($id_user, $nb_entry, $page * $nb_entry); + return $this->model_phone->list_for_user($id_user, $nb_entry, $page * $nb_entry); } /** @@ -46,26 +46,15 @@ namespace controllers\internals; } - /** - * Return a phone by is number - * @param string $number : phone number - * @return array - */ - public function get_by_number (string $number) - { - return $this->model_phone->get_by_number($number); - } - - /** * Return a phone by his number and user - * @param string $number : phone number * @param int $id_user : user id + * @param string $number : phone number * @return array */ - public function get_by_number_and_user (string $number, int $id_user) + public function get_by_number_for_user (int $id_user, string $number) { - return $this->model_phone->get_by_number_and_user($number, $id_user); + return $this->model_phone->get_by_number_for_user($id_user, $number); } @@ -78,16 +67,6 @@ namespace controllers\internals; { return $this->model_phone->gets_for_user($id_user); } - - - /** - * Return all phones - * @return array - */ - public function get_all () - { - return $this->model_phone->get_all(); - } /** @@ -95,9 +74,9 @@ namespace controllers\internals; * @param int $id : Phone id * @return bool */ - public function delete (int $id) : bool + public function delete_for_user (int $id_user, int $id) : bool { - return (bool) $this->model_phone->delete($id); + return (bool) $this->model_phone->delete_for_user($id_user, $id); } @@ -131,7 +110,7 @@ namespace controllers\internals; * @param array $adapter_datas : An array of the datas of the adapter (for example credentials for an api) * @return bool : false on error, true on success */ - public function update (int $id, int $id_user, string $number, string $adapter, array $adapter_datas) : bool + public function update_for_user (int $id, int $id_user, string $number, string $adapter, array $adapter_datas) : bool { $phone = [ 'id_user' => $id_user, @@ -140,7 +119,7 @@ namespace controllers\internals; 'adapter_datas' => json_encode($adapter_datas), ]; - return (bool) $this->model_phone->update($id, $phone); + return (bool) $this->model_phone->update_for_user($id, $phone); } } diff --git a/controllers/internals/Scheduled.php b/controllers/internals/Scheduled.php index 692ac2e..8d1d6ff 100755 --- a/controllers/internals/Scheduled.php +++ b/controllers/internals/Scheduled.php @@ -128,7 +128,7 @@ namespace controllers\internals; if (!$id_scheduled = $this->model_scheduled->insert($scheduled)) { $date = date('Y-m-d H:i:s'); - $this->internal_event->create('SCHEDULED_ADD', 'Ajout d\'un Sms pour le '.$date.'.'); + $this->internal_event->create($id_user, 'SCHEDULED_ADD', 'Ajout d\'un Sms pour le '.$date.'.'); return false; } diff --git a/controllers/internals/User.php b/controllers/internals/User.php index 9551609..3f32f85 100755 --- a/controllers/internals/User.php +++ b/controllers/internals/User.php @@ -185,7 +185,7 @@ namespace controllers\internals; return false; } - $this->internal_event->create('CONTACT_ADD', 'Ajout de l\'utilisateur : '.$email.'.'); + $this->internal_event->create($_SESSION['user']['id'], 'CONTACT_ADD', 'Ajout de l\'utilisateur : '.$email.'.'); return $result; } diff --git a/controllers/publics/Contact.php b/controllers/publics/Contact.php index 2a1d0a5..999c6a6 100755 --- a/controllers/publics/Contact.php +++ b/controllers/publics/Contact.php @@ -43,7 +43,7 @@ namespace controllers\publics; public function list($page = 0) { $page = (int) $page; - $contacts = $this->internal_contact->list(25, $page); + $contacts = $this->internal_contact->list($_SESSION['user']['id'], 25, $page); return $this->render('contact/list', ['contacts' => $contacts]); } @@ -68,6 +68,17 @@ namespace controllers\publics; $ids = $_GET['ids'] ?? []; foreach ($ids as $id) { + $contact = $this->internal_contact->get($id); + if (!$contact) + { + continue; + } + + if ($contact['id_user'] !== $_SESSION['user']['id']) + { + continue; + } + $this->internal_contact->delete($id); } @@ -91,7 +102,7 @@ namespace controllers\publics; { $ids = $_GET['ids'] ?? []; - $contacts = $this->internal_contact->gets($ids); + $contacts = $this->internal_contact->gets_for_user($ids, $id_user); $this->render('contact/edit', [ 'contacts' => $contacts, @@ -116,6 +127,7 @@ namespace controllers\publics; $name = $_POST['name'] ?? false; $number = $_POST['number'] ?? false; + $id_user = $_SESSION['user']['id']; if (!$name || !$number) { @@ -132,7 +144,7 @@ namespace controllers\publics; return $this->redirect(\descartes\Router::url('Contact', 'add')); } - if (!$this->internal_contact->create($number, $name)) + if (!$this->internal_contact->create($id_user, $number, $name)) { \FlashMessage\FlashMessage::push('danger', 'Impossible de créer ce contact.'); @@ -165,7 +177,18 @@ namespace controllers\publics; foreach ($_POST['contacts'] as $contact) { - $nb_contacts_update += $this->internal_contact->update($contact['id'], $contact['number'], $contact['name']); + $contact = $this->internal_contact->get($contact['id']); + if (!$contact) + { + continue; + } + + if ($contact['id_user'] !== $_SESSION['user']['id']) + { + continue; + } + + $nb_contacts_update += $this->internal_contact->update($contact['id'], $_SESSION['user']['id'], $contact['number'], $contact['name']); } if ($nb_contacts_update !== \count($_POST['contacts'])) @@ -186,6 +209,6 @@ namespace controllers\publics; public function json_list() { header('Content-Type: application/json'); - echo json_encode($this->internal_contact->list()); + echo json_encode($this->internal_contact->list($_SESSION['user']['id'])); } } diff --git a/controllers/publics/Scheduled.php b/controllers/publics/Scheduled.php index a95f9fd..8bab24c 100755 --- a/controllers/publics/Scheduled.php +++ b/controllers/publics/Scheduled.php @@ -213,7 +213,7 @@ namespace controllers\publics; } - if ($origin && !$this->internal_phone->get_by_number_and_user($origin, $_SESSION['user']['id'])) + if ($origin && !$this->internal_phone->get_by_number_for_user($id_user, $origin)) { \FlashMessage\FlashMessage::push('danger', 'Ce numéro n\'existe pas ou vous n\'en êtes pas propriétaire.'); return $this->redirect(\descartes\Router::url('Scheduled', 'add')); @@ -307,7 +307,7 @@ namespace controllers\publics; } - if ($origin && !$this->internal_phone->get_by_number_and_user($origin, $_SESSION['user']['id'])) + if ($origin && !$this->internal_phone->get_by_number_for_user($id_user, $origin)) { \FlashMessage\FlashMessage::push('danger', 'Ce numéro n\'existe pas ou vous n\'en êtes pas propriétaire.'); return $this->redirect(\descartes\Router::url('Scheduled', 'add')); diff --git a/createDatabase.sql b/createDatabase.sql index 824e14f..bb9d2da 100755 --- a/createDatabase.sql +++ b/createDatabase.sql @@ -69,7 +69,7 @@ CREATE TABLE IF NOT EXISTS contact number VARCHAR(20) NOT NULL, PRIMARY KEY (id), FOREIGN KEY (id_user) REFERENCES user (id) ON DELETE CASCADE ON UPDATE CASCADE, - UNIQUE (name) + UNIQUE (id_user, name) ); CREATE TABLE IF NOT EXISTS `group` @@ -79,7 +79,7 @@ CREATE TABLE IF NOT EXISTS `group` name VARCHAR(100) NOT NULL, PRIMARY KEY (id), FOREIGN KEY (id_user) REFERENCES user (id) ON DELETE CASCADE ON UPDATE CASCADE, - UNIQUE (name) + UNIQUE (id_user, name) ); CREATE TABLE IF NOT EXISTS group_contact @@ -130,7 +130,7 @@ CREATE TABLE IF NOT EXISTS command admin BOOLEAN NOT NULL, PRIMARY KEY (id), FOREIGN KEY (id_user) REFERENCES user (id) ON DELETE CASCADE ON UPDATE CASCADE, - UNIQUE (name) + UNIQUE (id_user, name) ); CREATE TABLE IF NOT EXISTS event @@ -183,7 +183,7 @@ CREATE TABLE IF NOT EXISTS smsstop number VARCHAR(20) NOT NULL, PRIMARY KEY (id), FOREIGN KEY (id_user) REFERENCES user (id) ON DELETE CASCADE ON UPDATE CASCADE, - UNIQUE (number) + UNIQUE (id_user, number) ); CREATE TABLE IF NOT EXISTS webhook diff --git a/models/Command.php b/models/Command.php index a99218d..f0c7c94 100755 --- a/models/Command.php +++ b/models/Command.php @@ -17,57 +17,47 @@ namespace models; class Command extends \descartes\Model { /** - * Get all commands. - * + * Return a command by his id + * @param int $id : command id * @return array */ - public function get_all() - { - return $this->_select('command'); - } - - /** - * Retourne une entrée par son id. - * - * @param int $id : L'id de l'entrée - * - * @return array : L'entrée - */ public function get($id) { - $commands = $this->_select('command', ['id' => $id]); - - return isset($commands[0]) ? $commands[0] : false; + return $this->_select_one('command', ['id' => $id]); } + /** - * Retourne une liste de commandes sous forme d'un tableau. - * - * @param int $limit : Nombre de résultat maximum à retourner - * @param int $offset : Nombre de résultat à ingnorer + * Return a list of commands for a user + * @param int $id_user : user id + * @param int $limit : Number of command to return + * @param int $offset : Number of command to ignore + * @return array */ - public function list($limit, $offset) + public function list_for_user (int $id_user, $limit, $offset) { - return $this->_select('command', [], null, false, $limit, $offset); + return $this->_select('command', ['id_user' => $id_user], null, false, $limit, $offset); } /** - * Retourne une liste de commandes sous forme d'un tableau. - * + * Return a list of commands in a group of ids and for a user + * @param int $id_user : user id * @param array $ids : un ou plusieurs id d'entrées à récupérer * * @return array : La liste des entrées */ - public function gets($ids) + public function gets_in_for_user($id_user, $ids) { $query = ' SELECT * FROM command - WHERE id '; + WHERE id_user = :id_user + AND id '; //On génère la clause IN et les paramètres adaptés depuis le tableau des id $generated_in = $this->_generate_in_from_array($ids); $query .= $generated_in['QUERY']; $params = $generated_in['PARAMS']; + $params['id_user'] = $id_user; return $this->_run_query($query, $params); } diff --git a/models/Contact.php b/models/Contact.php index 7476121..f5a930d 100755 --- a/models/Contact.php +++ b/models/Contact.php @@ -82,33 +82,35 @@ namespace models; } /** - * Retourne une liste de contactes sous forme d'un tableau. - * - * @param int $limit : Nombre de résultat maximum à retourner - * @param int $offset : Nombre de résultat à ingnorer + * List contacts for a user + * @param int $id_user : user id + * @param mixed(int|bool) $nb_entry : Number of entry to return + * @param mixed(int|bool) $page : Pagination, will offset $nb_entry * $page results + * @return array */ - public function list($limit, $offset) + public function list_for_user($id_user, $limit, $offset) { - return $this->_select('contact', [], null, false, $limit, $offset); + return $this->_select('contact', ['id_user' => $id_user], null, false, $limit, $offset); } /** * Retourne une liste de contactes sous forme d'un tableau. - * + * @param int $id_user : user id * @param array $ids : un ou plusieurs id d'entrées à récupérer - * * @return array : La liste des entrées */ - public function gets($ids) + public function gets_for_user($id_user, $ids) { $query = ' SELECT * FROM contact - WHERE id '; + WHERE id_user = :id_user + AND '; //On génère la clause IN et les paramètres adaptés depuis le tableau des id $generated_in = $this->_generate_in_from_array($ids); $query .= $generated_in['QUERY']; $params = $generated_in['PARAMS']; + $params['id_user'] = $id_user; return $this->_run_query($query, $params); } diff --git a/models/Phone.php b/models/Phone.php index 48a48d8..c2e3b8f 100755 --- a/models/Phone.php +++ b/models/Phone.php @@ -16,18 +16,6 @@ namespace models; */ class Phone extends \descartes\Model { - /** - * Return list of phones. - * @param int $id_user : User id - * @param int $limit : Number of user to return - * @param int $offset : Number of user to skip - */ - public function list($id_user, $limit, $offset) - { - return $this->_select('phone', ['id_user' => $id_user], null, false, $limit, $offset); - } - - /** * Return a phone by his id * @param int $id : Phone id @@ -37,24 +25,27 @@ namespace models; { return $this->_select_one('phone', ['id' => $id]); } - + + /** - * Return a phone by his number - * @param string $number : phone number - * @return array + * Return list of phones. + * @param int $id_user : User id + * @param int $limit : Number of user to return + * @param int $offset : Number of user to skip */ - public function get_by_number (string $number) + public function list_for_user($id_user, $limit, $offset) { - return $this->_select_one('phone', ['number' => $number]); + return $this->_select('phone', ['id_user' => $id_user], null, false, $limit, $offset); } + /** * Return a phone by his number and user * @param string $number : phone number * @param int $id_user : user id * @return array */ - public function get_by_number_and_user (string $number, int $id_user) + public function get_by_number_for_user (string $number, int $id_user) { return $this->_select_one('phone', ['number' => $number, 'id_user' => $id_user]); } @@ -71,23 +62,14 @@ namespace models; } - /** - * Find all phones - * @return array - */ - public function get_all () - { - return $this->_select('phone'); - } - /** * Delete a phone * @param int $id : phone id * @return array */ - public function delete ($id) + public function delete_for_user ($id_user, $id) { - return $this->_delete('phone', ['id' => $id]); + return $this->_delete('phone', ['id_user' => $id_user, 'id' => $id]); } @@ -109,13 +91,11 @@ namespace models; * Update a phone * @param int $id : Id of the phone * @param int $id_user : User to insert phone for - * @param string $number : The number of the phone - * @param string $adapter : The adapter to use the phone - * @param string JSON $adapter_datas : A json string representing the datas of the adapter (for exemple credentials of an api) + * @param array $phone : updated datas * @return mixed bool : false on error, true on success */ - public function update ($id, $phone) + public function update_for_user ($id_user, $id, $phone) { - return (bool) $this->_update('phone', $phone, ['id' => $id]); + return (bool) $this->_update('phone', $phone, ['id_user' => $id_user, 'id' => $id]); } }