Added in configuration items for RequireDefinedUser, APIUserID, and A…

…PIKey.

Added a very basic, ugly looking unauthorized.php screen to tell the user to go away.

Updated the db update file for the new keys.

Added in the basic power panel changes for #553
Reference #537

Fixed #554

configuration.php

@@ -1319,6 +1319,14 @@ function removedca(row,lookup){
 					<div><label for="UserLookupURL">',__("User Lookup URL"),'</label></div>
 					<div><input type="text" defaultvalue="',$config->defaults["UserLookupURL"],'" name="UserLookupURL" value="',$config->ParameterArray["UserLookupURL"],'"></div>
 				</div>
+				<div>
+					<div><label for="RequireDefinedUser">',__("Block Undefined Users"),'</label></div>
+					<div><select id="RequireDefinedUser" name="RequireDefinedUser" defaultvalue="',$config->defaults["RequireDefinedUser"],'" data="',$config->ParameterArray["RequireDefinedUser"],'">
+							<option value="disabled">',__("Disabled"),'</option>
+							<option value="enabled">',__("Enabled"),'</option>
+						</select>
+					</div>
+				</div>
 			</div> <!-- end table -->
 			<h3>',__("Rack Usage"),'</h3>
 			<div class="table" id="rackusage">
@@ -1429,6 +1437,14 @@ function removedca(row,lookup){
 						</select>
 					</div>
 				</div>
+				<div>
+					<div><label for="APIUserID">',__("API UserID"),'</label></div>
+					<div><input type="text" defaultvalue="',$config->defaults["APIUserID"],'" name="APIUserID" value="',$config->ParameterArray["APIUserID"],'"></div>
+				</div>
+				<div>
+					<div><label for="APIKey">',__("API Key"),'</label></div>
+					<div><input type="text" defaultvalue="',$config->defaults["APIKey"],'" name="APIKey" value="',$config->ParameterArray["APIKey"],'"></div>
+				</div>
 			</div>
 		</div>
 		<div id="style">

customers.inc.php

@@ -308,6 +308,9 @@ function GetUserRights() {
 				$this->$prop=false;
 			}
 		}
+
+		// The default for no user in DB
+		$this->Disabled = true;
 
 		$sql="SELECT * FROM fac_People WHERE UserID=\"$this->UserID\";";
 

db-3.3-to-4.0.sql

@@ -184,3 +184,21 @@ UPDATE fac_Manufacturer SET GlobalID=0;
 --- Increase size of PanelLabel field
 ---
 ALTER TABLE fac_PowerPanel MODIFY PanelLabel varchar(80);
+
+---
+--- Add new fields for the subpanel support
+---
+ALTER TABLE fac_PowerPanel ADD COLUMN ParentPanelID NOT NULL;
+ALTER TABLE fac_PowerPanel ADD COLUMN ParentBreakerID NOT NULL;
+
+---
+--- Repo API Key Configuration Fields
+---
+INSERT INTO fac_Config set Parameter="APIUserID", Value="", UnitOfMeasure="Email", ValType="string", DefaultVal="";
+INSERT INTO fac_Config set Parameter="APIKey", Value="", UnitOfMeasure="Key", ValType="string", DefaultVal="";
+
+---
+--- Configuration item for RequireDefinedUser to see anything at all (Default is Disabled so that behavior doesn't change from prior versions)
+---
+
+INSERT INTO fac_Config set Parameter="RequireDefinedUser", Value="Disabled", UnitOfMeasure="Enabled/Disabled", ValType="string", DefaultVal="Disabled";

misc.inc.php

@@ -760,6 +760,7 @@ function buildnavmenu($ma,&$tl){
 
 $plist = $p->GetUserList();
 if ( sizeof( $plist ) == 0 ) {
+	error_log( "Converting fac_User and fac_Contact table to fac_People." );
 	// We've got an empty fac_People table, so merge the user and contact tables to create it
 	$clist = $c->GetContactList();
 	foreach( $clist as $tmpc ) {
@@ -816,6 +817,11 @@ function buildnavmenu($ma,&$tl){
 
 /* This is used on every page so we might as well just init it once */
 $person=People::Current();
+error_log( print_r( $person, true ));
+if (( $person->Disabled || $person->PersonID == 0 ) && $config->ParameterArray["RequireDefinedUser"] == "enabled" ) {
+	header( "Location: unauthorized.php" );
+	exit;
+}
 
 /* 
  * This is an attempt to be sane about the rights management and the menu.

power.inc.php

@@ -1293,9 +1293,10 @@ function DeletePDU(){
 
 class PowerPanel {
 	/* PowerPanel:	PowerPanel(s) are the parents of PowerDistribution (power strips) and the children
-					PowerSource(s).  Panels are arranged as either Odd/Even (odd numbers on the left,
+					each other.  Panels are arranged as either Odd/Even (odd numbers on the left,
 					even on the right) or Sequential (1 to N in a single column) numbering for the
-					purpose of building out a panel schedule.
+					purpose of building out a panel schedule.  If a PowerPanel has no ParentPanelID defined
+					then it is considered to be the PowerSource.  In other words, it's a reverse linked list.
 	*/
 
 	var $PanelID;
@@ -1305,6 +1306,8 @@ class PowerPanel {
 	var $MainBreakerSize;
 	var $PanelVoltage;
 	var $NumberScheme;
+	var $ParentPanelID;
+	var $ParentBreakerID;	// For switchgear, this usually won't be numbered, so we're accepting text
 
 	function MakeSafe(){
 		$this->PanelID=intval($this->PanelID);
@@ -1314,10 +1317,13 @@ function MakeSafe(){
 		$this->MainBreakerSize=intval($this->MainBreakerSize);
 		$this->PanelVoltage=intval($this->PanelVoltage);
 		$this->NumberScheme=($this->NumberScheme=='Sequential')?$this->NumberScheme:'Odd/Even';
+		$this->ParentPanelID=intval($this->ParentPanelID);
+		$this->ParentBreakerID=sanitize($this->ParentBreakerID;
 	}
 
 	function MakeDisplay(){
 		$this->PanelLabel=stripslashes($this->PanelLabel);
+		$this->ParentBreakerID=stripslashes($this->ParentBreakerID);
 	}
 
 	static function RowToObject($row){
@@ -1329,12 +1335,19 @@ static function RowToObject($row){
 		$panel->MainBreakerSize=$row["MainBreakerSize"];
 		$panel->PanelVoltage=$row["PanelVoltage"];
 		$panel->NumberScheme=$row["NumberScheme"];
+		$panel->ParentPanelID=$row["ParentPanelID"];
+		$panel->ParentBreakerID=$row["ParentBreakerID"];
 
 		$panel->MakeDisplay();
 
 		return $panel;
 	}
 
+	function prepare( $sql ) {
+		global $dbh;
+		return $dbh->prepare( $sql );
+	}
+
 	function query($sql){
 		global $dbh;
 		return $dbh->query($sql);
@@ -1409,12 +1422,19 @@ function CreatePanel(){
 		global $dbh;
 		$this->MakeSafe();
 
-		$sql="INSERT INTO fac_PowerPanel SET PowerSourceID=$this->PowerSourceID, 
-			PanelLabel=\"$this->PanelLabel\", NumberOfPoles=$this->NumberOfPoles, 
-			MainBreakerSize=$this->MainBreakerSize, PanelVoltage=$this->PanelVoltage, 
-			NumberScheme=\"$this->NumberScheme\";";
-
-		if($dbh->exec($sql)){
+		$st = $this->prepare( "insert into fac_PowerPanel set PowerSourceID=:PowerSourceID,
+			PanelLabel=:PanelLabel, NumberOfPoles=:NumberOfPoles, MainBreakerSize=:MainBreakerSize,
+			PanelVoltage=:PanelVoltage,NumberScheme=:NumberScheme,ParentPanelID=:ParentPanelID,
+			ParentBreakerID=:ParentBreakerID" );
+
+		if($st->exec( array( ":PowerSourceID"=>$this->PowerSourceID,
+			":PanelLabel"=>$this->PanelLabel,
+			":NumberOfPoles"=>$this->NumberOfPoles,
+			":MainBreakerSize"=>$this->MainBreakerSize,
+			":PanelVoltage"=>$this->PanelVoltage,
+			":NumberScheme"=>this->NumberScheme,
+			":ParentPanelID"=>$this->ParentPanelID,
+			":ParentBreakerID"=>$this->ParentBreakerID ))){
 			$this->PanelID=$dbh->lastInsertId();
 
 			(class_exists('LogActions'))?LogActions::LogThis($this):'';

repository_sync.php

@@ -18,7 +18,7 @@
 	curl_setopt( $c, CURLOPT_COOKIEJAR, "/tmp/repocookies.txt" );
 	curl_setopt( $c, CURLOPT_CUSTOMREQUEST, "PUT" );
 	curl_setopt( $c, CURLOPT_FOLLOWLOCATION, 1 );
-	curl_setopt( $c, CURLOPT_HTTPHEADER, array( "UserID: [email protected]", "APIKey: e9afc69c3df5c8d70647150cf1ad9fc0", "Content-Type: application/json" ) );
+	curl_setopt( $c, CURLOPT_HTTPHEADER, array( "UserID: " . $config->ParameterArray["APIUserID"], "APIKey: " . $config->ParameterArray["APIKey"], "Content-Type: application/json" ) );
 
 	foreach ( $tList as $temp ) {
 		if ( $temp->ManufacturerID != $m->ManufacturerID ) {
@@ -81,7 +81,7 @@
 			curl_setopt( $p, CURLOPT_COOKIEFILE, "/tmp/repocookies.txt" );
 			curl_setopt( $p, CURLOPT_COOKIEJAR, "/tmp/repocookies.txt" );
 			curl_setopt( $p, CURLOPT_FOLLOWLOCATION, 1 );
-			curl_setopt( $p, CURLOPT_HTTPHEADER, array( "UserID: [email protected]", "APIKey: e9afc69c3df5c8d70647150cf1ad9fc0" ) );
+			curl_setopt( $c, CURLOPT_HTTPHEADER, array( "UserID: " . $config->ParameterArray["APIUserID"], "APIKey: " . $config->ParameterArray["APIKey"] ) );
 			curl_setopt( $p, CURLOPT_POSTFIELDS, $postData );
 
 			$result = curl_exec( $p );