From 5370ddccb058035a8627765d17a3692a517bb7b0 Mon Sep 17 00:00:00 2001
From: Nicolas Boisselier <nicolas.boisselier@gmail.com>
Date: Thu, 14 Dec 2017 19:40:06 +0000
Subject: [PATCH] www/dbq/dbq.php

---
 lib/php/db/table.php |  8 +++++---
 lib/php/out.php      | 14 +-------------
 www/dbq/dbq.php      | 38 ++++++++++++++++++++++++++------------
 3 files changed, 32 insertions(+), 28 deletions(-)

diff --git a/lib/php/db/table.php b/lib/php/db/table.php
index f9538d1a..6f067d9a 100644
--- a/lib/php/db/table.php
+++ b/lib/php/db/table.php
@@ -37,7 +37,8 @@ Class Table extends nb {
   public $field_preff = '';
 
   public $fields = [];
-  public $indexes;
+  public $fields_only = [];
+  public $indexes = [];
 
   public $idtemplate;
 
@@ -342,6 +343,7 @@ Class Table extends nb {
   }
 
   public function field($name) { return $this->fields($name); }
+# NB 14.12.17   public function field_del($name) { unset($this->fields[$name]); }
 
   /*
    * Function db.fields
@@ -1026,8 +1028,8 @@ Class Table extends nb {
     #
     $fields = $this->fields();
     $fields_filter = [];
-    if ($this->p('rows_fields')) {
-      $fields_filter = preg_split('/[^\w_]/',$this->p('rows_fields'));
+    if ($this->fields_only) {
+      $fields_filter = $this->fields_only;
       $new_fields = [];
       foreach ($fields_filter as $k) {
         $new_fields[$k] = $fields[$k];
diff --git a/lib/php/out.php b/lib/php/out.php
index 35ae70f9..8db8702a 100644
--- a/lib/php/out.php
+++ b/lib/php/out.php
@@ -12,20 +12,8 @@ Class Out extends Nb {
   public static function init() {
 
     self::$header = (bool)self::p('header',self::$header);
-
-    self::$types = [
-
-
-#<?php
-#if (!class_exists('out')) return;
-#<?php
-#return [
-
-
-
-    ];
+    self::$types = [ ];
 		foreach ((array)glob(dirname(__FILE__).'/'.basename(__FILE__,'.php').'/*.php') as $file) {
-			#debug($file);
 			self::$types[basename($file,'.php')] = require($file);
 		}
 
diff --git a/www/dbq/dbq.php b/www/dbq/dbq.php
index cf063485..53b533da 100644
--- a/www/dbq/dbq.php
+++ b/www/dbq/dbq.php
@@ -264,7 +264,7 @@ class DbQ extends nb {
 		// Connect
 		if (!empty($connect)) {
 
-			if (!$this->params['db']) $this->not_implemented('Params db missing');
+			if (!$this->params['db']) $this->notImplemented('Params db missing');
 			if (!isset($this->db)) $this->db = $this->db();
 
 			# From conf
@@ -627,7 +627,15 @@ class DbQ extends nb {
 		exit;
 	}
 
-	public function not_implemented($admin_msg='') {
+	public function deniedUnless($bool,$msg='Unauthorized') {
+		if ($bool) return;
+		header('Content-type: text/plain');
+		header('HTTP/1.1 401 Unauthorized');
+		echo $msg;
+		exit;
+	}
+
+	public function notImplemented($admin_msg='') {
 		header('Content-type: text/plain');
 		$msg = '501 Not Implemented';
 		if (empty($_SERVER['SERVER_PROTOCOL'])) $_SERVER['SERVER_PROTOCOL'] = 'HTTP/1.0';
@@ -1122,7 +1130,10 @@ EOF;
 				.'"');
 			});
 
-		} elseif ($action == 'ls' and $this->perm >= self::READ) {
+		} elseif ($action == 'ls') {
+ 			$this->deniedUnless($this->perm >= self::READ);
+			$fields_only = [];
+			if (!strpos($this->params['args'],'=')) $this->table->fields_only = explode(',',$this->params['args']);
 			$this->page($this,'table_rows');
 
 		} elseif ($action == 'fields') {
@@ -1131,37 +1142,40 @@ EOF;
 		} elseif ($action == 'status') {
 			$this->page($this->table->status()+$this->table->status(['fields']));
 
-		} elseif ($action == 'vi' and $this->perm >= self::READ) {
+		} elseif ($action == 'vi') {
+ 			$this->deniedUnless($this->perm >= self::READ);
 			$this->page($this,'vi');
 
-		} elseif ($action == 'add' and $this->perm >= self::WRITE) {
+		} elseif ($action == 'add') {
+ 			$this->deniedUnless($this->perm >= self::WRITE);
 			$this->page($this,'add');
 
-		} elseif ($action == 'insert' and $this->perm >= self::WRITE) {
+		} elseif ($action == 'insert') {
+ 			$this->deniedUnless($this->perm >= self::WRITE);
 			if (!$this->table->insert($_POST,$info)) $this->error('insert: '.print_r($info,true));
 			header('Location: '.$this->table->base.'/');
 			$this->page($info);
 
-		} elseif ($action == 'update' and $this->perm >= self::WRITE) {
+		} elseif ($action == 'update') {
+ 			$this->deniedUnless($this->perm >= self::WRITE);
 			if (!$this->table->update($_POST,$info)) $this->error('update: '.print_r($info,true));
 			$this->redirect_if_no_referer($this->table->base.'/');
 			$this->page($info);
 
-		} elseif ($action == 'replace' and $this->perm >= self::WRITE) {
+		} elseif ($action == 'replace') {
+ 			$this->deniedUnless($this->perm >= self::WRITE);
 			if (!$this->table->replace($_POST,$info)) $this->error('replace: '.print_r($info,true));
-# NB 13.12.17 			header('Location: '.$this->table->base.'/');
 			$this->redirect_if_no_referer($this->table->base.'/');
 			$this->page($info);
 
 		} elseif ($action == 'rm' and $this->perm >= self::DELETE) {
 			if (!$this->table->delete($_POST,$info)) $this->error('rm: '.print_r($info,true));
-			#header('Location: '.$this->table->base.'/');
 			$this->redirect_if_no_referer($this->table->base.'/');
 			$this->page($info);
 
 
 		} else {
-			$this->not_implemented('Unknown table action'." `$action`");
+			$this->notImplemented('Unknown table action'." `$action`");
 
 		}
 	}
@@ -1195,7 +1209,7 @@ EOF;
 		$this->run_table();
 
 		#$this->error("Page error");
-		$this->not_implemented('Nothing here!');
+		$this->notImplemented('Nothing here!');
 		return true;
 	}
 
-- 
2.47.3