Sindbad~EG File Manager

Current Path : /home/copmadinaarea/thecopmadinaarea.org/portal/sql/
Upload File :
Current File : /home/copmadinaarea/thecopmadinaarea.org/portal/sql/module_access_control.sql

-- ====================================================================
-- MODULE ACCESS CONTROL SYSTEM
-- Allows superusers to control which access levels can see each module
-- ====================================================================

-- Create table to track module access permissions per access level
CREATE TABLE IF NOT EXISTS module_access_levels (
    id INT AUTO_INCREMENT PRIMARY KEY,
    module_id INT NOT NULL,
    access_level ENUM('assembly', 'district', 'area', 'superuser') NOT NULL,
    is_enabled BOOLEAN DEFAULT TRUE,
    enabled_by INT,
    enabled_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
    updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
    FOREIGN KEY (module_id) REFERENCES module_management(id) ON DELETE CASCADE,
    FOREIGN KEY (enabled_by) REFERENCES users(id) ON DELETE SET NULL,
    UNIQUE KEY unique_module_access (module_id, access_level),
    INDEX idx_module_id (module_id),
    INDEX idx_access_level (access_level),
    INDEX idx_enabled (is_enabled)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;

-- Migrate existing data from module_management.required_role
-- Migrate existing modules to new access control system
-- Enable ALL modules by default for ALL access levels
-- Admins can disable specific modules for specific levels as needed

-- For assembly level - ALL ENABLED by default
INSERT INTO module_access_levels (module_id, access_level, is_enabled, enabled_by)
SELECT 
    id,
    'assembly',
    TRUE,
    1
FROM module_management
ON DUPLICATE KEY UPDATE is_enabled = TRUE;

-- For district level - ALL ENABLED by default
INSERT INTO module_access_levels (module_id, access_level, is_enabled, enabled_by)
SELECT 
    id,
    'district',
    TRUE,
    1
FROM module_management
ON DUPLICATE KEY UPDATE is_enabled = TRUE;

-- For area level - ALL ENABLED by default
INSERT INTO module_access_levels (module_id, access_level, is_enabled, enabled_by)
SELECT 
    id,
    'area',
    TRUE,
    1
FROM module_management
ON DUPLICATE KEY UPDATE is_enabled = TRUE;

-- For superuser level - ALL ENABLED (always)
INSERT INTO module_access_levels (module_id, access_level, is_enabled, enabled_by)
SELECT 
    id,
    'superuser',
    TRUE,
    1
FROM module_management
ON DUPLICATE KEY UPDATE is_enabled = TRUE;

-- Add audit log table for module access changes
CREATE TABLE IF NOT EXISTS module_access_audit (
    id INT AUTO_INCREMENT PRIMARY KEY,
    module_id INT NOT NULL,
    access_level ENUM('assembly', 'district', 'area', 'superuser') NOT NULL,
    action ENUM('enabled', 'disabled') NOT NULL,
    performed_by INT NOT NULL,
    reason TEXT,
    performed_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
    FOREIGN KEY (module_id) REFERENCES module_management(id) ON DELETE CASCADE,
    FOREIGN KEY (performed_by) REFERENCES users(id) ON DELETE CASCADE,
    INDEX idx_module_id (module_id),
    INDEX idx_performed_by (performed_by),
    INDEX idx_performed_at (performed_at)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;

-- Add a column to module_management to track if it's system critical
ALTER TABLE module_management 
ADD COLUMN IF NOT EXISTS is_system_critical BOOLEAN DEFAULT FALSE AFTER is_active,
ADD COLUMN IF NOT EXISTS category VARCHAR(50) DEFAULT 'General' AFTER module_description;

-- Mark certain modules as system critical (cannot be disabled)
UPDATE module_management 
SET is_system_critical = TRUE 
WHERE module_name IN ('Dashboard', 'Settings', 'Notifications', 'Users');

-- Update module categories
UPDATE module_management SET category = 'Core Management' WHERE module_name IN ('Membership', 'Events', 'Programs', 'Ministries');
UPDATE module_management SET category = 'Event Management' WHERE module_name IN ('Event Attendance', 'Event Forms', 'Event Reports');
UPDATE module_management SET category = 'User Management' WHERE module_name IN ('Users', 'Member Accounts', 'Member Codes');
UPDATE module_management SET category = 'System' WHERE module_name IN ('Settings', 'Email Management', 'Module Management');
UPDATE module_management SET category = 'Reports' WHERE module_name IN ('Notifications', 'Audit Logs', 'Reports');

-- Remove any existing Module Management entries first to prevent duplicates
DELETE FROM module_access_levels WHERE module_id IN (
    SELECT id FROM module_management WHERE module_name = 'Module Management'
);
DELETE FROM module_management WHERE module_name = 'Module Management';

-- Insert Module Management module itself
INSERT INTO module_management (
    module_name, 
    module_description, 
    module_icon, 
    module_url, 
    display_order, 
    required_role, 
    is_active,
    is_system_critical,
    category
) VALUES (
    'Module Management',
    'Control module access for different admin levels',
    'sliders-h',
    'modules/module-management/index.php',
    99,
    'superuser',
    1,
    1,
    'System'
);

-- Grant superusers access to Module Management
INSERT INTO module_access_levels (module_id, access_level, is_enabled, enabled_by)
SELECT id, 'superuser', TRUE, 1
FROM module_management
WHERE module_name = 'Module Management'
ON DUPLICATE KEY UPDATE is_enabled = TRUE;

-- Verify the setup
SELECT 
    m.id,
    m.module_name,
    m.category,
    GROUP_CONCAT(
        CONCAT(mal.access_level, ':', IF(mal.is_enabled, 'ON', 'OFF'))
        ORDER BY FIELD(mal.access_level, 'assembly', 'district', 'area', 'superuser')
        SEPARATOR ', '
    ) as access_levels
FROM module_management m
LEFT JOIN module_access_levels mal ON m.id = mal.module_id
GROUP BY m.id, m.module_name, m.category
ORDER BY m.display_order;

-- ====================================================================

Sindbad File Manager Version 1.0, Coded By Sindbad EG ~ The Terrorists