[Aristotle App] Access Control List, Magic Numbers and various fixes

in utopian-io •  6 years ago  (edited)

Repository

https://github.com/dimitrisp2/AristotleApp

About Aristotle App

Aristotle App will help the translation teams of @utopian-io have a more uniformed and centralised method to keep track of their progress and tasks. Most of the teams are using spreadsheets to manage their work, but if such spreadsheets are not properly managed, they can become a burden instead of a help (I know as I'm part of the Greek Translations Team).

It was originally created to help the Greek Team's activities in the Translation category, as well as managing the community account @aristotle.team.


Overview

Not a lot happened in the previous week, I decided to take some days off and rest a little bit. However I got to finish some of the things both @codingdefined and @amosbastian suggested in their previous reviews. I also got to implement one of the most needed "security" features: Access Control List. Let's have a quick look...


Access Control List

Up until now, everyone would have access to each and every page on Aristotle App. In one of the previous contributions, I made the links not show up, but if the user had a direct link, they could visit a page, no matter what role they have.

I designed a simple ACL, to allow/deny access to certain pages for Translators and Staff (CM) members. Proofreaders will be the only ones who will have complete access to everything in the app.

Everything happens in this function:

function CheckPageAccess() {
    $acl = $GLOBALS['currentacl'];
    $hasaccess = $GLOBALS['hasaccess'];

    $showerror = FALSE;

    if (($acl != FOR_TRANSLATORS && $acl != FOR_ALL) && $hasaccess == IS_TRANSLATOR) {
        $showerror = TRUE;
    } else if (($acl != FOR_STAFF_AND_LM && $acl != FOR_ALL) && $hasaccess == IS_STAFF) {
        $showerror = TRUE;
    } else if ($hasaccess == NO_ACCESS) {
        $showerror = TRUE;
    }

    
    if ($showerror) {
        echo "You have no access";
        header("Location: error.php?i=-4");
        die();
    }
    
}

Constants FOR_TRANSLATORS, FOR_ALL, IS_TRANSLATOR etc, are already defined in the functions.php file. I know this function could be redesigned in a better way. I went for better readability for now, as I'll probably be changing the access levels.

If someone tries to access a page and their request is denied, they will be greeted with the following, ugly, error page:

Related commit: [1674791]


Error Page Fix

There was an error with the error page (oh, the irony), that caused the menu's if/else generating statement not to work correctly, and it was showing errors instead. I've rectified this.

Basically, I commented out the include("functions.php"); statement while trying to fix another problem and I never got to do it, until now.

Related commit: [b7d0e90]


Magic Numbers

As @amosbastian stated in his review, there were a few magic numbers in my code. For the non-programmers, magic numbers are unique values with unexplained meaning or multiple occurrences which could (preferably) be replaced with named constants. I've replaced the magic numbers with constants. And just before posting this, I remembered there are magic numbers in the error file too, so I replaced those as well.

Related commits: [f8e14b5], [e337644]


Rework on IF/ELSEs and removal of obsolete codelines

The IF/ELSE suggestion was made by @codingdefined in a review, that I got to implement now. I had an IF/ELSE statement with code only in the "ELSE" statement, while "IF" was empty (that was a debugging leftover). I've fixed this one and I also got to remove some obsolete & duplicate checks (CheckUserAccess() would run up to 3 times on each pageload for no apparent reason).

Related commit: [8a96175]


Previous updates/reports:

  1. An app to supplement the Utopian Translation Teamwork [2018-10-15]
  2. Dynamic NavBar, Contributions List, Project View page, and more... [2018-10-22]
  3. Add Contribution, Weekly LM Reports and more... [2018-10-29]

Want to help?

If you want to talk about this project, you can message me on Discord (my tag is dimitrisp#4810). You can also find me on Utopian's discord. Pull requests will be accepted if they fix issues and/or implement extra functionality.


GitHub Account

https://github.com/dimitrisp2

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  

Thank you for your contribution. It's good to see you are taking suggestions seriously, kudos to that. A decent contribution with lot of improvements in the code.


Your contribution has been evaluated according to Utopian policies and guidelines, as well as a predefined set of questions pertaining to the category.

To view those questions and the relevant answers related to your post, click here.


Need help? Write a ticket on https://support.utopian.io/.
Chat with us on Discord.
[utopian-moderator]

Thank you for your review, @codingdefined! Keep up the good work!

Hello! Your post has been resteemed and upvoted by @ilovecoding because we love coding! Keep up good work! Consider upvoting this comment to support the @ilovecoding and increase your future rewards! ^_^ Steem On!

Reply !stop to disable the comment. Thanks!

Keep 'em coming! You are rocking this app!

Thank you my liege!

Hi @dimitrisp!

Your post was upvoted by @steem-ua, new Steem dApp, using UserAuthority for algorithmic post curation!
Your post is eligible for our upvote, thanks to our collaboration with @utopian-io!
Feel free to join our @steem-ua Discord server

Hi, @dimitrisp!

You just got a 5.29% upvote from SteemPlus!
To get higher upvotes, earn more SteemPlus Points (SPP). On your Steemit wallet, check your SPP balance and click on "How to earn SPP?" to find out all the ways to earn.
If you're not using SteemPlus yet, please check our last posts in here to see the many ways in which SteemPlus can improve your Steem experience on Steemit and Busy.

Hey, @dimitrisp!

Thanks for contributing on Utopian.
We’re already looking forward to your next contribution!

Get higher incentives and support Utopian.io!
Simply set @utopian.pay as a 5% (or higher) payout beneficiary on your contribution post (via SteemPlus or Steeditor).

Want to chat? Join us on Discord https://discord.gg/h52nFrV.

Vote for Utopian Witness!