summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorChristian Hofmaier2017-12-07 18:20:06 +0100
committerChristian Hofmaier2017-12-07 18:20:06 +0100
commit0ba49ba63e81bf2f4b68f83c035bf0bef37bb3be (patch)
treefccf8e5b4db5c6a07286f936f23249966bedee84
parent[sysconfig] Overview: Make mouseover highlighting work in the other direction... (diff)
downloadslx-admin-0ba49ba63e81bf2f4b68f83c035bf0bef37bb3be.tar.gz
slx-admin-0ba49ba63e81bf2f4b68f83c035bf0bef37bb3be.tar.xz
slx-admin-0ba49ba63e81bf2f4b68f83c035bf0bef37bb3be.zip
[dozmod] reworked permission system from "click and you get error" to "button is disabled due to lack of permission" + in log as there is no button, the links to the user/target are disabled (not clickable).
-rw-r--r--modules-available/dozmod/inc/pagedozmodlog.inc.php11
-rw-r--r--modules-available/dozmod/inc/pagedozmodusers.inc.php5
-rw-r--r--modules-available/dozmod/inc/pagemailtemplates.inc.php8
-rw-r--r--modules-available/dozmod/page.inc.php18
-rw-r--r--modules-available/dozmod/permissions/permissions.json4
-rw-r--r--modules-available/dozmod/templates/actionlog-log.html4
-rw-r--r--modules-available/dozmod/templates/images-delete.html2
-rw-r--r--modules-available/dozmod/templates/mailconfig.html4
-rw-r--r--modules-available/dozmod/templates/orglist.html14
-rw-r--r--modules-available/dozmod/templates/runtimeconfig.html2
-rw-r--r--modules-available/dozmod/templates/templates.html4
11 files changed, 39 insertions, 37 deletions
diff --git a/modules-available/dozmod/inc/pagedozmodlog.inc.php b/modules-available/dozmod/inc/pagedozmodlog.inc.php
index f31edf5b..957abd2f 100644
--- a/modules-available/dozmod/inc/pagedozmodlog.inc.php
+++ b/modules-available/dozmod/inc/pagedozmodlog.inc.php
@@ -29,9 +29,13 @@ class Page_dozmod_log extends Page
. " LEFT JOIN sat.lecture l ON (l.lectureid = targetid)"
. " ORDER BY al.dateline DESC LIMIT 500", array(), true, true);
} elseif ($this->action === 'showuser') {
- $this->listUser();
+ if (User::hasPermission("log.showuser")) {
+ $this->listUser();
+ }
} else {
- $this->listTarget();
+ if (User::hasPermission("log.showtarget")) {
+ $this->listTarget();
+ }
}
}
@@ -150,6 +154,9 @@ class Page_dozmod_log extends Page
if ($showTarget) {
$data['showTarget'] = true;
}
+
+ $data['allowedShowUser'] = User::hasPermission("log.showuser");
+ $data['allowedShowTarget'] = User::hasPermission("log.showtarget");
Render::addTemplate('actionlog-log', $data);
}
diff --git a/modules-available/dozmod/inc/pagedozmodusers.inc.php b/modules-available/dozmod/inc/pagedozmodusers.inc.php
index 621f7d34..f4ac852b 100644
--- a/modules-available/dozmod/inc/pagedozmodusers.inc.php
+++ b/modules-available/dozmod/inc/pagedozmodusers.inc.php
@@ -22,15 +22,10 @@ class Page_dozmod_users extends Page
if ($action === 'setmail' || $action === 'setsu' || $action == 'setlogin') {
if (User::hasPermission("users.".$action)) {
$this->setUserOption($action);
- } else {
- die("No permission.");
}
-
} elseif ($action === 'setorglogin') {
if (User::hasPermission("users.orglogin")) {
$this->setOrgOption($action);
- } else {
- die("No permission.");
}
} else {
die('No such action');
diff --git a/modules-available/dozmod/inc/pagemailtemplates.inc.php b/modules-available/dozmod/inc/pagemailtemplates.inc.php
index 90734a50..b7b5a8d4 100644
--- a/modules-available/dozmod/inc/pagemailtemplates.inc.php
+++ b/modules-available/dozmod/inc/pagemailtemplates.inc.php
@@ -15,16 +15,10 @@ class Page_mail_templates extends Page
} elseif ($action === 'save') {
if (User::hasPermission("templates.save")) {
$this->handleSave();
- } else {
- Message::addError('main.no-permission');
- Util::redirect('?do=dozmod&section=templates');
}
} elseif ($action === 'reset') {
if(User::hasPermission("templates.reset")) {
$this->handleReset();
- } else {
- Message::addError('main.no-permission');
- Util::redirect('?do=dozmod&section=templates');
}
} else {
Message::addError('main.invalid-action', $action);
@@ -70,6 +64,8 @@ class Page_mail_templates extends Page
protected function doRender()
{
$this->enrichHtml();
+ $this->templates['allowedReset'] = User::hasPermission("templates.reset");
+ $this->templates['allowedSave'] = User::hasPermission("templates.save");
Render::addTemplate('templates', ['templates' => $this->templates]);
}
diff --git a/modules-available/dozmod/page.inc.php b/modules-available/dozmod/page.inc.php
index ffb38663..7a5ddf23 100644
--- a/modules-available/dozmod/page.inc.php
+++ b/modules-available/dozmod/page.inc.php
@@ -52,16 +52,10 @@ class Page_DozMod extends Page
if ($action === 'mail') {
if (User::hasPermission("mail.save")) {
$this->mailHandler();
- } else {
- Message::addError('main.no-permission');
- Util::redirect('?do=dozmod&section=mailconfig');
}
} elseif ($action === 'runtime') {
if (User::hasPermission("runtimeconfig.save")) {
$this->runtimeHandler();
- } else {
- Message::addError('main.no-permission');
- Util::redirect('?do=dozmod&section=runtimeconfig');
}
} elseif ($action === 'delimages') {
if (User::hasPermission("images.delete")) {
@@ -70,9 +64,6 @@ class Page_DozMod extends Page
Message::addInfo('delete-images', $result);
}
Util::redirect('?do=DozMod');
- } else {
- Message::addError('main.no-permission');
- Util::redirect('?do=dozmod');
}
} elseif ($action !== false) {
Util::traceError('Invalid action: ' . $action);
@@ -102,7 +93,7 @@ class Page_DozMod extends Page
if (empty($expiredImages)) {
Message::addSuccess('no-expired-images');
} else {
- Render::addTemplate('images-delete', array('images' => $expiredImages));
+ Render::addTemplate('images-delete', array('images' => $expiredImages, 'allowedDelete' => User::hasPermission("images.delete")));
}
}
if ($section === 'mailconfig') {
@@ -114,6 +105,8 @@ class Page_DozMod extends Page
$mailConf['set_' . $mailConf['ssl']] = 'selected="selected"';
}
}
+ $mailConf['allowedSave'] = User::hasPermission('mail.save');
+ $mailConf['allowedTest'] = User::hasPermission('mail.testmail');
Render::addTemplate('mailconfig', $mailConf);
}
if ($section === 'runtimeconfig') {
@@ -146,6 +139,7 @@ class Page_DozMod extends Page
$runtimeConf['allowLoginByDefault'] = 'checked';
}
}
+ $runtimeConf['allowedSave'] = User::hasPermission("runtimeconfig.save");
Render::addTemplate('runtimeconfig', $runtimeConf);
}
if ($section === 'blockstats') {
@@ -231,14 +225,10 @@ class Page_DozMod extends Page
if ($action === 'mail') {
if (User::hasPermission("mail.testmail")) {
$this->handleTestMail();
- } else {
- die('No permission');
}
} elseif ($action === 'delimages') {
if (User::hasPermission("images.delete")) {
die($this->handleDeleteImages());
- } else {
- die('No permission');
}
} elseif ($action === 'getblockinfo') {
$this->ajaxGetBlockInfo();
diff --git a/modules-available/dozmod/permissions/permissions.json b/modules-available/dozmod/permissions/permissions.json
index 8295d0f0..294bd774 100644
--- a/modules-available/dozmod/permissions/permissions.json
+++ b/modules-available/dozmod/permissions/permissions.json
@@ -8,5 +8,7 @@
"users.setmail": "Enable/Disable Email Notification",
"users.setlogin": "Enable/Disable Login",
"users.setsu": "Set User to superuser",
- "users.orglogin": "Enalbe/Disable Login for Users from certain organisations."
+ "users.orglogin": "Enalbe/Disable Login for Users from certain organisations.",
+ "log.showuser": "Show User Data in Log",
+ "log.showtarget": "Show Target Data in Log"
} \ No newline at end of file
diff --git a/modules-available/dozmod/templates/actionlog-log.html b/modules-available/dozmod/templates/actionlog-log.html
index 09f3a183..8aa57207 100644
--- a/modules-available/dozmod/templates/actionlog-log.html
+++ b/modules-available/dozmod/templates/actionlog-log.html
@@ -18,7 +18,7 @@
{{#showActor}}
<td style="min-width:140px">
{{#uuserid}}
- <a href="?do=dozmod&amp;section=actionlog&amp;action=showuser&amp;uuid={{uuserid}}">{{ulastname}}, {{ufirstname}}</a>
+ {{#allowedShowUser}}<a href="?do=dozmod&amp;section=actionlog&amp;action=showuser&amp;uuid={{uuserid}}">{{/allowedShowUser}} {{ulastname}}, {{ufirstname}}{{#allowedShowUser}}</a>{{/allowedShowUser}}
{{/uuserid}}
{{^uuserid}}
{{lang_system}}
@@ -28,7 +28,7 @@
{{#showTarget}}
<td style="word-wrap: break-word">
{{#targeturl}}
- <a href="{{targeturl}}">{{targetname}}</a>
+ {{#allowedShowTarget}}<a href="{{targeturl}}">{{/allowedShowTarget}}{{targetname}}{{#allowedShowTarget}}</a>{{/allowedShowTarget}}
{{/targeturl}}
{{^targeturl}}
{{targetname}}
diff --git a/modules-available/dozmod/templates/images-delete.html b/modules-available/dozmod/templates/images-delete.html
index dd4c61bc..ed75a0d2 100644
--- a/modules-available/dozmod/templates/images-delete.html
+++ b/modules-available/dozmod/templates/images-delete.html
@@ -45,7 +45,7 @@
{{/images}}
</tbody>
</table>
- <button style="margin-left: 20px" id="delbtn" class="btn btn-danger pull-right" type="submit" name="button" value="save"><span class="glyphicon glyphicon-trash"></span> {{lang_delButton}}</button>
+ <button {{^allowedDelete}}disabled{{/allowedDelete}} style="margin-left: 20px" id="delbtn" class="btn btn-danger pull-right" type="submit" name="button" value="save"><span class="glyphicon glyphicon-trash"></span> {{lang_delButton}}</button>
</form>
<pre style="display:none" id="deloutput"></pre>
</div>
diff --git a/modules-available/dozmod/templates/mailconfig.html b/modules-available/dozmod/templates/mailconfig.html
index 6edc65ae..d5d4db29 100644
--- a/modules-available/dozmod/templates/mailconfig.html
+++ b/modules-available/dozmod/templates/mailconfig.html
@@ -55,10 +55,10 @@
</div>
<br>
<div class="text-right">
- <button class="btn btn-warning" type="button" id="test-button" name="button" value="test" onclick="slxTestConfig()"><span class="glyphicon glyphicon-envelope"></span> {{lang_test}}</button>
+ <button {{^allowedTest}}disabled{{/allowedTest}} class="btn btn-warning" type="button" id="test-button" name="button" value="test" onclick="slxTestConfig()"><span class="glyphicon glyphicon-envelope"></span> {{lang_test}}</button>
<span id="test-spin" style="display:none"><span class="glyphicon glyphicon-refresh slx-rotation"></span></span>
<pre id="test-output" style="display:none"></pre>
- <button class="btn btn-primary" type="submit" name="button" value="save"><span class="glyphicon glyphicon-floppy-disk"></span> {{lang_save}}</button>
+ <button {{^allowedSave}}disabled{{/allowedSave}} class="btn btn-primary" type="submit" name="button" value="save"><span class="glyphicon glyphicon-floppy-disk"></span> {{lang_save}}</button>
<br>
<input type="hidden" name="token" value="{{token}}">
<input type="hidden" name="action" value="mail">
diff --git a/modules-available/dozmod/templates/orglist.html b/modules-available/dozmod/templates/orglist.html
index 361421c5..5224c962 100644
--- a/modules-available/dozmod/templates/orglist.html
+++ b/modules-available/dozmod/templates/orglist.html
@@ -41,7 +41,19 @@ function seto(action, el, orgid) {
if (data !== '1' && data !== '0') {
el.checked = !old;
- box.parent().css('background-color', 'red !important');
+ box.parent().css('background-color', '');
+ /* show success notification */
+ $notification = $('<span></span>')
+ .addClass('glyphicon glyphicon-remove')
+ .css('color', 'red')
+ .css('width', '0px')
+ .css('position', 'relative')
+ .css('right', '20px')
+ .hide();
+ box.before($notification);
+ $notification.fadeIn('fast', function () {
+ $notification.fadeOut('slow', function () { $notification.remove() });
+ });
} else {
el.checked = (data == 1);
box.parent().css('background-color', '');
diff --git a/modules-available/dozmod/templates/runtimeconfig.html b/modules-available/dozmod/templates/runtimeconfig.html
index cff61441..4d97ade0 100644
--- a/modules-available/dozmod/templates/runtimeconfig.html
+++ b/modules-available/dozmod/templates/runtimeconfig.html
@@ -113,7 +113,7 @@
<input type="hidden" name="token" value="{{token}}">
<input type="hidden" name="action" value="runtime">
<div class="text-right">
- <button class="btn btn-primary" type="submit" name="button" value="save"><span class="glyphicon glyphicon-floppy-disk"></span> {{lang_save}}</button>
+ <button {{^allowedSave}}disabled{{/allowedSave}} class="btn btn-primary" type="submit" name="button" value="save"><span class="glyphicon glyphicon-floppy-disk"></span> {{lang_save}}</button>
</div>
</form>
</div>
diff --git a/modules-available/dozmod/templates/templates.html b/modules-available/dozmod/templates/templates.html
index 4764c0e9..3ee0ccbc 100644
--- a/modules-available/dozmod/templates/templates.html
+++ b/modules-available/dozmod/templates/templates.html
@@ -80,12 +80,12 @@
{{/templates}}
</div>
- <button type="submit" onclick="return validateForm()" class="btn btn-primary pull-right"><span class="glyphicon glyphicon-floppy-disk"></span> {{lang_save}}</button>
+ <button {{^allowedSave}}disabled{{/allowedSave}} type="submit" onclick="return validateForm()" class="btn btn-primary pull-right"><span class="glyphicon glyphicon-floppy-disk"></span> {{lang_save}}</button>
</form>
<form method="POST" action="?do=dozmod&amp;section=templates">
<input type="hidden" name="token" value="{{token}}">
<div>
- <button type="button" data-toggle="modal" data-target="#resetTemplatesModal" class="btn btn-danger">{{lang_loadDefaults}}</button>
+ <button {{^allowedReset}}disabled{{/allowedReset}} type="button" data-toggle="modal" data-target="#resetTemplatesModal" class="btn btn-danger">{{lang_loadDefaults}}</button>
</div>
<div id="resetTemplatesModal" class="modal fade" role="dialog">