Repository
https://github.com/dimitrisp2/AristotleApp
About Aristotle App
Aristotle App will help the translation teams of have a more uniformed and centralised method to keep track of their progress and tasks. Most of the teams are using spreadsheets to manage their work, but if such spreadsheets are not properly managed, they can become a burden instead of a help (I know as I'm part of the Greek Translations Team).
It was originally created to help the Greek Team's activities in the Translation category, as well as managing the community account .
Overview
Not a lot happened in the previous week, I decided to take some days off and rest a little bit. However I got to finish some of the things both and
suggested in their previous reviews. I also got to implement one of the most needed "security" features: Access Control List. Let's have a quick look...
Access Control List
Up until now, everyone would have access to each and every page on Aristotle App. In one of the previous contributions, I made the links not show up, but if the user had a direct link, they could visit a page, no matter what role they have.
I designed a simple ACL, to allow/deny access to certain pages for Translators and Staff (CM) members. Proofreaders will be the only ones who will have complete access to everything in the app.
Everything happens in this function:
function CheckPageAccess() {
$acl = $GLOBALS['currentacl'];
$hasaccess = $GLOBALS['hasaccess'];
$showerror = FALSE;
if (($acl != FOR_TRANSLATORS && $acl != FOR_ALL) && $hasaccess == IS_TRANSLATOR) {
$showerror = TRUE;
} else if (($acl != FOR_STAFF_AND_LM && $acl != FOR_ALL) && $hasaccess == IS_STAFF) {
$showerror = TRUE;
} else if ($hasaccess == NO_ACCESS) {
$showerror = TRUE;
}
if ($showerror) {
echo "You have no access";
header("Location: error.php?i=-4");
die();
}
}
Constants FOR_TRANSLATORS, FOR_ALL, IS_TRANSLATOR etc, are already defined in the functions.php file. I know this function could be redesigned in a better way. I went for better readability for now, as I'll probably be changing the access levels.
If someone tries to access a page and their request is denied, they will be greeted with the following, ugly, error page:
Related commit: [1674791]
Error Page Fix
There was an error with the error page (oh, the irony), that caused the menu's if/else generating statement not to work correctly, and it was showing errors instead. I've rectified this.
Basically, I commented out the include("functions.php"); statement while trying to fix another problem and I never got to do it, until now.
Related commit: [b7d0e90]
Magic Numbers
As stated in his review, there were a few magic numbers in my code. For the non-programmers, magic numbers are unique values with unexplained meaning or multiple occurrences which could (preferably) be replaced with named constants. I've replaced the magic numbers with constants. And just before posting this, I remembered there are magic numbers in the error file too, so I replaced those as well.
Related commits: [f8e14b5], [e337644]
Rework on IF/ELSEs and removal of obsolete codelines
The IF/ELSE suggestion was made by in a review, that I got to implement now. I had an IF/ELSE statement with code only in the "ELSE" statement, while "IF" was empty (that was a debugging leftover). I've fixed this one and I also got to remove some obsolete & duplicate checks (CheckUserAccess() would run up to 3 times on each pageload for no apparent reason).
Related commit: [8a96175]
Previous updates/reports:
- An app to supplement the Utopian Translation Teamwork [2018-10-15]
- Dynamic NavBar, Contributions List, Project View page, and more... [2018-10-22]
- Add Contribution, Weekly LM Reports and more... [2018-10-29]
Want to help?
If you want to talk about this project, you can message me on Discord (my tag is dimitrisp#4810). You can also find me on Utopian's discord. Pull requests will be accepted if they fix issues and/or implement extra functionality.