summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSimon Rettberg2018-02-16 12:20:25 +0100
committerSimon Rettberg2018-02-16 12:20:25 +0100
commit7bde027d280e3e08758d95213559677099cd3819 (patch)
tree0a887d3b976e567a6d677e76e7425a769f84d2fe
parent[systemstatus] Use new permission helpers; disable non-accessible tabs (diff)
downloadslx-admin-7bde027d280e3e08758d95213559677099cd3819.tar.gz
slx-admin-7bde027d280e3e08758d95213559677099cd3819.tar.xz
slx-admin-7bde027d280e3e08758d95213559677099cd3819.zip
[permissionmanager] Force lowercase permissions, handle locId 0 properly
-rw-r--r--modules-available/permissionmanager/inc/permissiondbupdate.inc.php4
-rw-r--r--modules-available/permissionmanager/inc/permissionutil.inc.php13
2 files changed, 14 insertions, 3 deletions
diff --git a/modules-available/permissionmanager/inc/permissiondbupdate.inc.php b/modules-available/permissionmanager/inc/permissiondbupdate.inc.php
index f2e7a366..8a67bf24 100644
--- a/modules-available/permissionmanager/inc/permissiondbupdate.inc.php
+++ b/modules-available/permissionmanager/inc/permissiondbupdate.inc.php
@@ -53,6 +53,10 @@ class PermissionDbUpdate
*/
public static function saveRole($rolename, $locations, $permissions, $roleid = null)
{
+ foreach ($permissions as &$permission) {
+ $permission = strtolower($permission);
+ }
+ unset($permission);
if ($roleid) {
Database::exec("UPDATE role SET rolename = :rolename WHERE roleid = :roleid",
array("rolename" => $rolename, "roleid" => $roleid));
diff --git a/modules-available/permissionmanager/inc/permissionutil.inc.php b/modules-available/permissionmanager/inc/permissionutil.inc.php
index f1385bc2..b4d54055 100644
--- a/modules-available/permissionmanager/inc/permissionutil.inc.php
+++ b/modules-available/permissionmanager/inc/permissionutil.inc.php
@@ -50,6 +50,7 @@ class PermissionUtil
*/
public static function userHasPermission($userid, $permissionid, $locationid)
{
+ $permissionid = strtolower($permissionid);
self::validatePermission($permissionid);
$parts = explode('.', $permissionid);
// Limit query to first part of permissionid, which is always the module id
@@ -60,9 +61,14 @@ class PermissionUtil
WHERE user_x_role.userid = :userid AND (permissionid LIKE :prefix OR permissionid LIKE '*')",
compact('userid', 'prefix'));
} else {
- $locations = Location::getLocationRootChain($locationid);
- if (count($locations) == 0)
- return false;
+ if ($locationid === 0) {
+ $locations = [0];
+ } else {
+ $locations = Location::getLocationRootChain($locationid);
+ if (empty($locations)) { // Non-existent location, still continue as user might have global perms
+ $locations = [0];
+ }
+ }
$res = Database::simpleQuery("SELECT permissionid FROM role_x_permission
INNER JOIN user_x_role USING (roleid)
INNER JOIN role_x_location USING (roleid)
@@ -94,6 +100,7 @@ class PermissionUtil
*/
public static function getAllowedLocations($userid, $permissionid)
{
+ $permissionid = strtolower($permissionid);
self::validatePermission($permissionid);
$parts = explode('.', $permissionid);
// Limit query to first part of permissionid, which is always the module id