From: konrad <konrad@6e3c4bff-ac9f-4ac1-96c5-d2ea494d3e33>
Date: Sat, 15 Sep 2007 11:48:50 +0000 (+0000)
Subject: extended scheme to contain all necessary data
X-Git-Url: http://git.silmor.de/gitweb/?a=commitdiff_plain;h=01a1df3995f1af6100e5609b45b59b2be7eadf63;p=web%2Fkonrad%2Fsmoke.git

extended scheme to contain all necessary data
added getmyroles


git-svn-id: https://silmor.de/svn/softmagic/smoke/trunk@26 6e3c4bff-ac9f-4ac1-96c5-d2ea494d3e33
---

diff --git a/doc/prog_protocol.html b/doc/prog_protocol.html
index 1504870..aebeeff 100644
--- a/doc/prog_protocol.html
+++ b/doc/prog_protocol.html
@@ -32,6 +32,7 @@ Possible status codes are:
 <tr><td>Error</td><td>Some unspecified error occured. The response body might contain some detailed human readable information.</td></tr>
 <tr><td>NonPost</td><td>The HTTP method was not POST. The body is a simple HTML page explaining to the user that browsers are not meant to use this page.</td></tr>
 <tr><td>Unauthenticated</td><td>The session ID does not exist, authentication failed or the session expired.</td></tr>
+<tr><td>NotAllowed</td><td>The user does not have the right to execute this transaction.</td></tr>
 <tr><td>InvalidRequest</td><td>The request was not understood. There was probably a mismatch in client and server version.</td></tr>
 <tr><td>SyntaxError</td><td>There was a syntactical error in the request data. Some details might follow in the response body.</td></tr>
 </table>
@@ -109,4 +110,13 @@ This is done with a <tt>sessionclose</tt> request. Neither request nor response
 
 This request always yields an "Ok" status response regardless of whether the session ID was still valid or not.
 
-<h2>Basic Requests</h2>
\ No newline at end of file
+<h2>Basic Requests</h2>
+
+<h3>Getting ACL info</h3>
+
+The <tt>getmyroles</tt> transaction requests all roles from the server. A role is a transaction that needs permission to be executed (ie. all transactions except serverinfo, startsession, sessionauth, closesession, and getmyroles) or a special right. The response is a list of roles with one role per line.<p>
+
+Special rights are:<br>
+<table frame="1" border="1">
+<tr><td>_admin</td><td>The user is an administrator and can automatically execute everything.</td></tr>
+</table>
diff --git a/draft/anforderungen.txt b/draft/anforderungen.txt
index 7466dee..3014748 100644
--- a/draft/anforderungen.txt
+++ b/draft/anforderungen.txt
@@ -31,7 +31,7 @@ Preise:
 
 Rechnung:
  -> per Template (HTML?)
- -> errechnen/tracken: Summe, Versandtgebühr, etc.pp.
+ -> errechnen/tracken: Summe, Versandgebühr, etc.pp.
  -> Rechnungsnummer tracken (z.B. für Überweisungen)
    ->> Prefix f. Rechnungsnummer (damit es von anderen Rechn. unterscheidbar wird)
  -> untersch. Rechnungs- und Liefer-Adresse möglich
diff --git a/www/inc/db_scheme.php b/www/inc/db_scheme.php
index 73c3011..ea5b3fa 100644
--- a/www/inc/db_scheme.php
+++ b/www/inc/db_scheme.php
@@ -7,7 +7,7 @@ class DbScheme {
 		//configuration
 		$this->scheme["config"]=array(
 			"ckey"=>array("string:32","primarykey"),
-			"cval"=>array("string:32")
+			"cval"=>array("string")
 		);
 		//clients
 		$this->scheme["host"]=array(
@@ -15,10 +15,12 @@ class DbScheme {
 			//if hostkey is NULL it is a special host (_any, _anon, _online)
 			"hostkey"=>array("string")
 		);
-		//users
+		//client users (ticket sellers, admins, etc.; for customers and web logins see below)
 		$this->scheme["users"]=array(
 			"uname" => array("string:64","primarykey"),
-			"passwd" => array("string","notnull")
+			"passwd" => array("string","notnull"),
+			//more detailed data that can be displayed to customers
+			"description" => array("text")
 		);
 		$this->scheme["userrole"]=array(
 			"uname" =>array("string:64","notnull","foreignkey:users:uname","index"),
@@ -40,6 +42,87 @@ class DbScheme {
 			// this needs to change to 64-bit int in 2038
 			"timeout"=>array("int32","notnull")
 		);
+		
+		//rooms
+		$this->scheme["room"]=array(
+			"roomid" => array("string:64","primarykey"),
+			"capacity" => array("int32","notnull"),
+			"description" => array("text")
+		);
+		//event
+		$this->scheme["event"]=array(
+			"eventid" => array("int32","primarykey"),
+			//display data
+			"title" => array("string","notnull"),
+			"artist" => array("string","notnull"),
+			"description" => array("text"),
+			//timing and location
+			"starttime" => array("int32","notnull"),
+			"endtime" => array("int32","notnull"),
+			"roomid" => array("string:64","foreignkey:room:roomid"),
+			//initially a copy from room, can be adjusted
+			"capacity" => array("int32","notnull"),
+			//default pricing in cents
+			"defaultprice" => array("int32","notnull"),
+			//if not null/empty: event has been cancelled
+			"cancelreason" => array("string")
+		);
+		//customer
+		$this->scheme["customer"]=array(
+			"customerid" => array("int32","primarykey"),
+			//contact data
+			"name" => array("string",notnull),
+			"address" => array("string"),
+			"contact" => array("string"),//phone or something
+			"comments" => array("text"),
+			//online login data
+			"email" => array("string"),
+			"passwd" => array("string:64"),//salted SHA-1 hash of passwd
+		);
+		//orders by customers
+		$this->scheme["order"]=array(
+			"orderid" => array("int32","primarykey"),
+			//customer
+			"customerid" => array("int32","foreignkey:customer:customerid"),
+			//seller (_online for web forms)
+			"soldby" => array("string:64","foreignkey:users:uname"),
+			//if not null/empty: this address for delivery, customer address for invoice
+			"deliveryaddress" => array("string"),
+			//if not null/empty: lodge/deposit the tickets at a seller with _deposit flag
+			"depositat" => array("string:64","foreignkey:users:uname"),
+			//status, see ORDER_* constants
+			"status" => array("int32","notnull"),
+			"ordertime" => array("int32","notnull"),
+			"senttime" => array("int32"),
+			//comments made on web form (eg. "urgently needed for dads birthday")
+			"comments" => array("text")
+		);
+		//tickets
+		$this->scheme["ticket"]=array(
+			"ticketid" => array("int64","primarykey"),
+			"eventid" => array("int32","foreignkey:event:eventid"),
+			//initially a copy from event, can be adjusted by seller
+			"price" => array("int32","notnull"),
+			//status of ticket (see TICKET_* constants)
+			"status" => array("int32","notnull"),
+			//if status is reserved, this contains the reserving seller
+			"reservedby" => array("string:64","foreignkey:users:uname"),
+			"reservetimeout" => array("int32"),
+			//sold to someone (may be NULL for direct sales or reserves)
+			"oderid" => array("int32","foreignkey:orders:orderid")
+		);
+		//vouchers and re-imbursments
+		$this->scheme["voucher"]=array(
+			//a 16char code (code39: case-insensitive letters+digits) for the voucher)
+			"voucherid" => array("string:16","primarykey"),
+			//if ordered: order-info
+			"price" => array("int32","notnull"),
+			"oderid" => array("int32","foreignkey:orders:orderid"),
+			//unix-timestamp of original sales date/time
+			"salestime" => array("int32","notnull"),
+			//remaining value in cents
+			"value" => array("int32","notnull")
+		);
 	}
 	
 	/**return the tables to be created in order*/
@@ -111,4 +194,28 @@ class DbScheme {
 	}
 };
 $dbScheme=new DbScheme;
+
+/**ticket has been reserved by a seller*/
+define("TICKET_RESERVED",0);
+/**ticket is part of an order or has been sold independently*/
+define("TICKET_SOLD",10);
+/**ticket has been used*/
+define("TICKET_USED",20);
+/**the ticket has been paid, not used, but is to be reimbursed*/
+define("TICKET_REVERSE",30);
+/**ticket has been cancelled*/
+define("TICKET_CANCELLED",40);
+
+/**an order has been placed*/
+define("ORDER_PLACED",0);
+/**the order has been sent out*/
+define("ORDER_SENT",10);
+/**the order has been paid*/
+define("ORDER_PAID",20);
+/**the order is to be reversed (it has been paid, but is to be cancelled)*/
+define("ORDER_REVERSE",30);
+/**the order has been cancelled*/
+define("ORDER_CANCELLED",40);
+
+
 ?>
\ No newline at end of file
diff --git a/www/inc/session.php b/www/inc/session.php
index cf30a77..ecd1263 100644
--- a/www/inc/session.php
+++ b/www/inc/session.php
@@ -77,7 +77,7 @@ class Session
 		return $this->user!="";
 	}
 	
-	/**helber function for authenticate*/
+	/**helper function for authenticate*/
 	protected function xdie($str)
 	{
 		//debug version:
@@ -195,6 +195,26 @@ class Session
 		echo $tout;
 	}
 	
+	/**checks whether user can execute this transaction, returns true on success; it always returns true for admins*/
+	public function canExecute($transaction)
+	{
+		global $db;
+		$res=$db->select("userrole","role","uname=".$db->escapeString($this->user));
+		foreach($res as $rl)
+			if($rl["role"]==$transaction || $rl["role"]=="_admin")
+				return true;
+		return false;
+	}
+	
+	/**called for GetMyRoles transaction*/
+	public function getMyRoles()
+	{
+		global $db;
+		header("X-MagicSmoke-Status: Ok");
+		$res=$db->select("userrole","role","uname=".$db->escapeString($this->user));
+		foreach($res as $rl)
+			print($rl["role"]."\n");
+	}
 };
 
 include("cauth_".$HashLib.".php");
diff --git a/www/machine.php b/www/machine.php
index a248079..491b96c 100644
--- a/www/machine.php
+++ b/www/machine.php
@@ -13,7 +13,7 @@ header("Content-Type: application/x-MagicSmoke");
 $ALLOWEDREQUESTS=array(
 	"serverinfo", //info request
 	"startsession","sessionauth","closesession", //session requests
-	"blah" //...
+	"getmyroles" //role management
 );
 /**contains the low-level request name from the client*/
 $SMOKEREQUEST=strtolower($_SERVER["HTTP_X_MAGICSMOKE_REQUEST"]);
@@ -84,6 +84,19 @@ if(!$session->isAuthenticated()){
 	die("Session not yet authenticated.");
 }
 
+//get roles of myself
+if($SMOKEREQUEST=="getmyroles"){
+	$session->getMyRoles();
+	exit();
+}
+
+//check that we actually are allowed to do this
+if(!$session->canExecute($SMOKEREQUEST)){
+	header("X-MagicSmoke-Status: NotAllowed");
+	die("You do not have the right to execute this transaction.");
+}
+
 //EOF
-die("Internal Error");
+header("X-MagicSmoke-Status: Error");
+die("Internal Error: unknown command, hiccup in code structure.");
 ?>
\ No newline at end of file