summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSimon Rettberg2018-04-13 12:30:43 +0200
committerSimon Rettberg2018-04-13 12:30:43 +0200
commit5014f09a5aa30b1c3aa1e35e67a183086a212052 (patch)
treec06f085e76de9a7a33fa16ae3252e38fa8b31863
parent[permissionmanager] Preselect all locations when adding new role (diff)
downloadslx-admin-5014f09a5aa30b1c3aa1e35e67a183086a212052.tar.gz
slx-admin-5014f09a5aa30b1c3aa1e35e67a183086a212052.tar.xz
slx-admin-5014f09a5aa30b1c3aa1e35e67a183086a212052.zip
[permissionmanager] Add role description field; install some default rules
Closes #3356
Diffstat
-rw-r--r--modules-available/permissionmanager/inc/getpermissiondata.inc.php4
-rw-r--r--modules-available/permissionmanager/inc/permissiondbupdate.inc.php31
-rw-r--r--modules-available/permissionmanager/install.inc.php103
-rw-r--r--modules-available/permissionmanager/lang/de/template-tags.json5
-rw-r--r--modules-available/permissionmanager/lang/en/template-tags.json5
-rw-r--r--modules-available/permissionmanager/page.inc.php29
-rw-r--r--modules-available/permissionmanager/templates/roleeditor.html8
-rw-r--r--modules-available/permissionmanager/templates/rolestable.html6
8 files changed, 156 insertions, 35 deletions
diff --git a/modules-available/permissionmanager/inc/getpermissiondata.inc.php b/modules-available/permissionmanager/inc/getpermissiondata.inc.php
index fc18de99..660c94ae 100644
--- a/modules-available/permissionmanager/inc/getpermissiondata.inc.php
+++ b/modules-available/permissionmanager/inc/getpermissiondata.inc.php
@@ -84,7 +84,7 @@ class GetPermissionData
if (!empty($joins)) {
$joins .= ' GROUP BY r.roleid';
}
- return Database::queryAll("SELECT r.roleid, r.rolename $cols FROM role r
+ return Database::queryAll("SELECT r.roleid, r.rolename, r.roledescription $cols FROM role r
$joins
ORDER BY rolename ASC");
}
@@ -97,7 +97,7 @@ class GetPermissionData
*/
public static function getRoleData($roleid)
{
- $query = "SELECT roleid, rolename FROM role WHERE roleid = :roleid";
+ $query = "SELECT roleid, rolename, roledescription FROM role WHERE roleid = :roleid";
$data = Database::queryFirst($query, array("roleid" => $roleid));
$query = "SELECT roleid, locationid FROM role_x_location WHERE roleid = :roleid";
$res = Database::simpleQuery($query, array("roleid" => $roleid));
diff --git a/modules-available/permissionmanager/inc/permissiondbupdate.inc.php b/modules-available/permissionmanager/inc/permissiondbupdate.inc.php
index 1d6367af..0cd89b3a 100644
--- a/modules-available/permissionmanager/inc/permissiondbupdate.inc.php
+++ b/modules-available/permissionmanager/inc/permissiondbupdate.inc.php
@@ -54,7 +54,7 @@ class PermissionDbUpdate
/**
* Delete role from the role table.
*
- * @param string $roleid roleid
+ * @param int $roleid roleid
*/
public static function deleteRole($roleid)
{
@@ -64,41 +64,42 @@ class PermissionDbUpdate
/**
* Save changes to a role or create a new one.
*
- * @param string $rolename rolename
+ * @param string $roleName rolename
* @param int[] $locations array of locations
* @param string[] $permissions array of permissions
- * @param string|null $roleid roleid or null if the role does not exist yet
+ * @param int|null $roleId roleid or null if the role does not exist yet
*/
- public static function saveRole($rolename, $locations, $permissions, $roleid = null)
+ public static function saveRole($roleName, $roleDescription, $locations, $permissions, $roleId = null)
{
foreach ($permissions as &$permission) {
$permission = strtolower($permission);
}
unset($permission);
- if ($roleid) {
- Database::exec("UPDATE role SET rolename = :rolename WHERE roleid = :roleid",
- array("rolename" => $rolename, "roleid" => $roleid));
+ if ($roleId) {
+ Database::exec("UPDATE role SET rolename = :rolename, roledescription = :roledescription WHERE roleid = :roleid",
+ array("rolename" => $roleName, "roledescription" => $roleDescription, "roleid" => $roleId));
Database::exec("DELETE FROM role_x_location
WHERE roleid = :roleid AND (locationid NOT IN (:locations) OR locationid IS NULL)",
- array("roleid" => $roleid, 'locations' => $locations));
+ array("roleid" => $roleId, 'locations' => $locations));
Database::exec("DELETE FROM role_x_permission
WHERE roleid = :roleid AND permissionid NOT IN (:permissions)",
- array("roleid" => $roleid, 'permissions' => $permissions));
+ array("roleid" => $roleId, 'permissions' => $permissions));
} else {
- Database::exec("INSERT INTO role (rolename) VALUES (:rolename)", array("rolename" => $rolename));
- $roleid = Database::lastInsertId();
+ Database::exec("INSERT INTO role (rolename, roledescription) VALUES (:rolename, :roledescription)",
+ array("rolename" => $roleName, "roledescription" => $roleDescription));
+ $roleId = Database::lastInsertId();
}
if (!empty($locations)) {
- $arg = array_map(function ($loc) use ($roleid) {
- return compact('roleid', 'loc');
+ $arg = array_map(function ($loc) use ($roleId) {
+ return compact('roleId', 'loc');
}, $locations);
Database::exec("INSERT IGNORE INTO role_x_location (roleid, locationid) VALUES :arg", ['arg' => $arg]);
}
if (!empty($permissions)) {
- $arg = array_map(function ($perm) use ($roleid) {
- return compact('roleid', 'perm');
+ $arg = array_map(function ($perm) use ($roleId) {
+ return compact('roleId', 'perm');
}, $permissions);
Database::exec("INSERT IGNORE INTO role_x_permission (roleid, permissionid) VALUES :arg", ['arg' => $arg]);
}
diff --git a/modules-available/permissionmanager/install.inc.php b/modules-available/permissionmanager/install.inc.php
index afa5dd7e..480460db 100644
--- a/modules-available/permissionmanager/install.inc.php
+++ b/modules-available/permissionmanager/install.inc.php
@@ -5,6 +5,7 @@ $res = array();
$res[] = tableCreate('role', "
roleid int(10) unsigned NOT NULL AUTO_INCREMENT,
rolename varchar(200) NOT NULL,
+ roledescription TEXT,
PRIMARY KEY (roleid)
");
@@ -100,6 +101,108 @@ if (!tableExists('user') || !tableExists('location')) {
$res[] = UPDATE_DONE;
}
}
+
+// 2018-04-13 role description field; add a couple default roles
+if (!tableHasColumn('role', 'roledescription')) {
+ $alter = Database::exec("ALTER TABLE role ADD roledescription TEXT");
+ if ($alter === false)
+ finalResponse(UPDATE_FAILED, 'Cannot add roledescription field to table role: ' . Database::lastError());
+ $res[] = UPDATE_DONE;
+}
+
+if (!tableHasColumn('role', 'roledescription')) {
+ finalResponse(UPDATE_RETRY, 'Try again later');
+}
+
+if (Database::exec("INSERT INTO `role` VALUES
+ (1,'Super-Admin', 'Hat keinerlei Zugriffsbeschränkungen'),
+ (2,'Admin', 'Alles bis auf Rechte-/Nutzerverwaltung'),
+ (3,'Prüfungsadmin', 'Kann E-Prüfungen verwalten, Prüfungsmodus einschalten, etc.'),
+ (4,'Lesezugriff', 'Kann auf die meisten Seiten zugreifen, jedoch keine Änderungen vornehmen')") !== false) {
+ // Success, there probably were no roles before, keep going
+ // Assign roles to location (all)
+ Database::exec("INSERT INTO `role_x_location` VALUES (1,NULL),(2,NULL),(3,NULL),(4,NULL)");
+ // Assign permissions to roles
+ Database::exec("INSERT INTO `role_x_permission` VALUES
+ (3,'exams.exams.*'),
+ (3,'rebootcontrol.action.*'),
+ (3,'statistics.hardware.projectors.view'),
+ (3,'statistics.machine.note.*'),
+ (3,'statistics.machine.view-details'),
+ (3,'statistics.view.*'),
+ (3,'syslog.view'),
+
+ (1,'*'),
+
+ (4,'adduser.user.view-list'),
+ (4,'backup.create'),
+ (4,'baseconfig.view'),
+ (4,'dnbd3.access-page'),
+ (4,'dnbd3.refresh'),
+ (4,'dnbd3.view.details'),
+ (4,'dozmod.actionlog.view'),
+ (4,'dozmod.users.view'),
+ (4,'eventlog.view'),
+ (4,'exams.exams.view'),
+ (4,'locationinfo.backend.check'),
+ (4,'locationinfo.panel.list'),
+ (4,'locations.location.view'),
+ (4,'minilinux.view'),
+ (4,'news.*'),
+ (4,'permissionmanager.locations.view'),
+ (4,'permissionmanager.roles.view'),
+ (4,'permissionmanager.users.view'),
+ (4,'runmode.list-all'),
+ (4,'serversetup.access-page'),
+ (4,'serversetup.download'),
+ (4,'statistics.hardware.projectors.view'),
+ (4,'statistics.machine.note.view'),
+ (4,'statistics.machine.view-details'),
+ (4,'statistics.view.*'),
+ (4,'statistics_reporting.reporting.download'),
+ (4,'statistics_reporting.table.export'),
+ (4,'statistics_reporting.table.view.*'),
+ (4,'sysconfig.config.view-list'),
+ (4,'sysconfig.module.download'),
+ (4,'sysconfig.module.view-list'),
+ (4,'syslog.view'),
+ (4,'systemstatus.show.overview.*'),
+ (4,'systemstatus.tab.*'),
+ (4,'webinterface.access-page'),
+
+ (2,'adduser.user.view-list'),
+ (2,'backup.*'),
+ (2,'baseconfig.*'),
+ (2,'dnbd3.*'),
+ (2,'dozmod.*'),
+ (2,'eventlog.view'),
+ (2,'exams.exams.*'),
+ (2,'locationinfo.*'),
+ (2,'locations.*'),
+ (2,'minilinux.*'),
+ (2,'news.*'),
+ (2,'permissionmanager.locations.view'),
+ (2,'permissionmanager.roles.view'),
+ (2,'permissionmanager.users.view'),
+ (2,'rebootcontrol.*'),
+ (2,'roomplanner.edit'),
+ (2,'runmode.list-all'),
+ (2,'serversetup.*'),
+ (2,'statistics.*'),
+ (2,'statistics_reporting.*'),
+ (2,'sysconfig.*'),
+ (2,'syslog.*'),
+ (2,'systemstatus.*'),
+ (2,'vmstore.edit'),
+ (2,'webinterface.*')");
+ // Asign the first user to the superadmin role
+ Database::exec("INSERT INTO `role_x_user` VALUES (1,1)");
+ $res[] = UPDATE_DONE;
+}
+
+//
+//
+
if (in_array(UPDATE_DONE, $res)) {
finalResponse(UPDATE_DONE, 'Tables created successfully');
}
diff --git a/modules-available/permissionmanager/lang/de/template-tags.json b/modules-available/permissionmanager/lang/de/template-tags.json
index a4fc990b..504ef6d2 100644
--- a/modules-available/permissionmanager/lang/de/template-tags.json
+++ b/modules-available/permissionmanager/lang/de/template-tags.json
@@ -1,6 +1,7 @@
{
"lang_addRole": "Rollen erteilen",
"lang_addRoleHeading": "Neue Rolle hinzuf\u00fcgen",
+ "lang_description": "Beschreibung",
"lang_editRoleHeading": "Rolle bearbeiten",
"lang_locationAwareDesc": "Berechtigungen mit diesem Symbol k\u00f6nnen auf bestimmte R\u00e4ume\/Orte beschr\u00e4nkt werden. Alle anderen Berechtigungen sind unabh\u00e4ngig von den f\u00fcr diese Rolle ausgew\u00e4hlten Orten.",
"lang_locations": "R\u00e4ume",
@@ -8,9 +9,9 @@
"lang_name": "Name",
"lang_newRole": "Rolle anlegen",
"lang_numAssignedUsers": "Benutzer mit dieser Rolle",
+ "lang_permission": "Berechtigung",
"lang_permissionDeniedBody": "Ihnen fehlt eine oder mehrere Berechtigungen, um auf diese Seite oder Funktion zuzugreifen.",
"lang_permissionDeniedHeader": "Zugriff verweigert",
- "lang_permission": "Berechtigung",
"lang_permissions": "Rechte",
"lang_removeRole": "Rollen entziehen",
"lang_roleDeleteConfirm": "Sind Sie sich sicher, dass Sie diese Rolle l\u00f6schen m\u00f6chten? Benutzer, denen diese Rolle zugewiesen ist, werden die entsprechenden Berechtigungen verlieren.",
@@ -20,4 +21,4 @@
"lang_selectizePlaceholder": "Nach Rollen filtern...",
"lang_users": "Nutzer",
"lang_view": "Anzeigen"
-}
+} \ No newline at end of file
diff --git a/modules-available/permissionmanager/lang/en/template-tags.json b/modules-available/permissionmanager/lang/en/template-tags.json
index 92c3ac26..6f1fa614 100644
--- a/modules-available/permissionmanager/lang/en/template-tags.json
+++ b/modules-available/permissionmanager/lang/en/template-tags.json
@@ -1,6 +1,7 @@
{
"lang_addRole": "Grant Roles",
"lang_addRoleHeading": "Add new role",
+ "lang_description": "Description",
"lang_editRoleHeading": "Edit role",
"lang_locationAwareDesc": "Permissions with this symbol can be restricted to certain locations. All other permissions are independent of the locations selected for this role.",
"lang_locations": "Locations",
@@ -8,9 +9,9 @@
"lang_name": "Name",
"lang_newRole": "New Role",
"lang_numAssignedUsers": "Users with this role",
+ "lang_permission": "Permission",
"lang_permissionDeniedBody": "You are missing one or more permissions to access this page or functionality.",
"lang_permissionDeniedHeader": "Access denied",
- "lang_permission": "Permission",
"lang_permissions": "Permissions",
"lang_removeRole": "Revoke Roles",
"lang_roleDeleteConfirm": "Are you sure you want to delete this role? Users currently assigned to this role will lose the according permissions.",
@@ -20,4 +21,4 @@
"lang_selectizePlaceholder": "Filter for roles...",
"lang_users": "Users",
"lang_view": "View"
-}
+} \ No newline at end of file
diff --git a/modules-available/permissionmanager/page.inc.php b/modules-available/permissionmanager/page.inc.php
index 11b5b028..462d3163 100644
--- a/modules-available/permissionmanager/page.inc.php
+++ b/modules-available/permissionmanager/page.inc.php
@@ -28,15 +28,24 @@ class Page_PermissionManager extends Page
PermissionDbUpdate::removeRoleFromUser($users, $roles);
} elseif ($action === 'deleteRole') {
User::assertPermission('roles.edit');
- $id = Request::post('deleteId', false, 'string');
+ $id = Request::post('deleteId', false, 'int');
PermissionDbUpdate::deleteRole($id);
} elseif ($action === 'saveRole') {
User::assertPermission('roles.edit');
- $roleID = Request::post("roleid", false);
- $rolename = Request::post("rolename");
- $locations = self::processLocations(Request::post("locations"));
+ $roleID = Request::post("roleid", false, 'int');
+ if ($roleID === false) {
+ Message::addError('main.parameter-missing', 'roleid');
+ Util::redirect('?do=permissionmanager');
+ }
+ $roleName = Request::post("rolename", '', 'string');
+ if (empty($roleName)) {
+ Message::addError('main.parameter-empty', 'rolename');
+ Util::redirect('?do=permissionmanager');
+ }
+ $roleDescription = Request::post('roledescription', '', 'string');
+ $locations = self::processLocations(Request::post("locations", [], 'array'));
$permissions = self::processPermissions(Request::post("permissions"));
- PermissionDbUpdate::saveRole($rolename, $locations, $permissions, $roleID);
+ PermissionDbUpdate::saveRole($roleName, $roleDescription, $locations, $permissions, $roleID);
}
if (Request::isPost()) {
Util::redirect('?do=permissionmanager&show=' . Request::get("show", "roles"));
@@ -100,18 +109,16 @@ class Page_PermissionManager extends Page
Render::addTemplate('locationstable', $data);
} elseif ($show === "roleEditor") {
User::assertPermission('roles.*');
- $data = array("cancelShow" => Request::get("cancel", "roles"));
+ $data = array("cancelShow" => Request::get("cancel", "roles", 'string'));
Permission::addGlobalTags($data['perms'], null, ['roles.edit']);
$selectedPermissions = array();
$selectedLocations = array();
$roleid = Request::get("roleid", false, 'int');
if ($roleid !== false) {
- $roleData = GetPermissionData::getRoleData($roleid);
- $data["roleid"] = $roleid;
- $data["rolename"] = $roleData["rolename"];
- $selectedPermissions = $roleData["permissions"];
- $selectedLocations = $roleData["locations"];
+ $data += GetPermissionData::getRoleData($roleid);
+ $selectedPermissions = $data["permissions"];
+ $selectedLocations = $data["locations"];
}
$data["permissionHTML"] = self::generatePermissionHTML(PermissionUtil::getPermissions(), $selectedPermissions,
diff --git a/modules-available/permissionmanager/templates/roleeditor.html b/modules-available/permissionmanager/templates/roleeditor.html
index 38493d5d..c464c1fc 100644
--- a/modules-available/permissionmanager/templates/roleeditor.html
+++ b/modules-available/permissionmanager/templates/roleeditor.html
@@ -13,11 +13,17 @@
<input type="hidden" name="roleid" value="{{roleid}}">
<div class="input-group">
- <span class="input-group-addon">
+ <span class="input-group-addon slx-ga">
<label for="rolename">{{lang_name}}</label>
</span>
<input id="rolename" name="rolename" value="{{rolename}}" type="text" class="form-control" required>
</div>
+ <div class="input-group">
+ <span class="input-group-addon slx-ga">
+ <label for="roledescription">{{lang_description}}</label>
+ </span>
+ <input id="roledescription" name="roledescription" value="{{roledescription}}" type="text" class="form-control">
+ </div>
<br>
<div class="pull-right">
diff --git a/modules-available/permissionmanager/templates/rolestable.html b/modules-available/permissionmanager/templates/rolestable.html
index 9ba8d85c..d520db33 100644
--- a/modules-available/permissionmanager/templates/rolestable.html
+++ b/modules-available/permissionmanager/templates/rolestable.html
@@ -11,6 +11,7 @@
<thead>
<tr>
<th data-sort="string">{{lang_roles}}</th>
+ <th data-sort="string">{{lang_description}}</th>
<th class="text-center slx-smallcol">
{{#perms.roles.edit.disabled}}
{{lang_view}}
@@ -27,8 +28,9 @@
{{#roles}}
<tr>
<td class="rolename">{{rolename}}</td>
+ <td class="text-muted"><table class="slx-ellipsis"><tr><td>{{roledescription}}</td></tr></table></td>
<td class="text-center">
- <a class="btn btn-xs btn-primary" href="?do=permissionmanager&show=roleEditor&roleid={{roleid}}"><span class="glyphicon glyphicon-edit"></span></a>
+ <a class="btn btn-xs btn-primary" href="?do=permissionmanager&amp;show=roleEditor&amp;roleid={{roleid}}"><span class="glyphicon glyphicon-edit"></span></a>
</td>
<td class="text-center">
<button type="button" class="btn btn-xs btn-danger" data-toggle="modal" data-target="#deleteModal" onclick="deleteRole('{{roleid}}', '{{users}}')" {{perms.roles.edit.disabled}}>
@@ -66,7 +68,7 @@
</form>
<div class="text-right">
- <a href="?do=permissionmanager&show=roleEditor" class="btn btn-success {{perms.roles.edit.disabled}}"><span class="glyphicon glyphicon-plus"></span> {{lang_newRole}}</a>
+ <a href="?do=permissionmanager&amp;show=roleEditor" class="btn btn-success {{perms.roles.edit.disabled}}"><span class="glyphicon glyphicon-plus"></span> {{lang_newRole}}</a>
</div>
<script>
generated by cgit v1.2.3-55-g7522 (git 2.39.0) at 2024-04-20 15:35:03 +0200