diff options
| author | Christian Hofmaier | 2017-10-27 16:49:13 +0200 |
|---|---|---|
| committer | Christian Hofmaier | 2017-10-27 16:49:13 +0200 |
| commit | f8778f213cb9f916fa56279c9e1cf6deb067b35c (patch) | |
| tree | 4d951d85dab1a015ef120f189a229ed734f1ce32 /modules-available/dozmod | |
| parent | [internetaccess] user is now checked if he's logged in before he can access t... (diff) | |
| download | slx-admin-f8778f213cb9f916fa56279c9e1cf6deb067b35c.tar.gz slx-admin-f8778f213cb9f916fa56279c9e1cf6deb067b35c.tar.xz slx-admin-f8778f213cb9f916fa56279c9e1cf6deb067b35c.zip | |
[dozmod] implemented new permission system to module for: deleting expired vm versions, sending testmails and saving mailconfig, resetting templates or saving them, saving runtimeconfig, giving users rights (when no permission, it will show another animation). Also fixed a design issue (dialog instead of modal).
Diffstat (limited to 'modules-available/dozmod')
| -rw-r--r-- | modules-available/dozmod/inc/pagedozmodusers.inc.php | 15 | ||||
| -rw-r--r-- | modules-available/dozmod/inc/pagemailtemplates.inc.php | 16 | ||||
| -rw-r--r-- | modules-available/dozmod/page.inc.php | 44 | ||||
| -rw-r--r-- | modules-available/dozmod/permissions/permissions.json | 12 | ||||
| -rw-r--r-- | modules-available/dozmod/templates/templates.html | 25 | ||||
| -rw-r--r-- | modules-available/dozmod/templates/userlist.html | 14 |
6 files changed, 108 insertions, 18 deletions
diff --git a/modules-available/dozmod/inc/pagedozmodusers.inc.php b/modules-available/dozmod/inc/pagedozmodusers.inc.php index 8da07923..621f7d34 100644 --- a/modules-available/dozmod/inc/pagedozmodusers.inc.php +++ b/modules-available/dozmod/inc/pagedozmodusers.inc.php @@ -16,11 +16,22 @@ class Page_dozmod_users extends Page protected function doAjax() { + User::load(); + $action = Request::post('action', '', 'string'); if ($action === 'setmail' || $action === 'setsu' || $action == 'setlogin') { - $this->setUserOption($action); + if (User::hasPermission("users.".$action)) { + $this->setUserOption($action); + } else { + die("No permission."); + } + } elseif ($action === 'setorglogin') { - $this->setOrgOption($action); + if (User::hasPermission("users.orglogin")) { + $this->setOrgOption($action); + } else { + die("No permission."); + } } else { die('No such action'); } diff --git a/modules-available/dozmod/inc/pagemailtemplates.inc.php b/modules-available/dozmod/inc/pagemailtemplates.inc.php index dc41d8c6..90734a50 100644 --- a/modules-available/dozmod/inc/pagemailtemplates.inc.php +++ b/modules-available/dozmod/inc/pagemailtemplates.inc.php @@ -7,13 +7,25 @@ class Page_mail_templates extends Page protected function doPreprocess() { + User::load(); + $action = Request::post('action', 'show', 'string'); if ($action === 'show') { $this->fetchTemplates(); } elseif ($action === 'save') { - $this->handleSave(); + if (User::hasPermission("templates.save")) { + $this->handleSave(); + } else { + Message::addError('main.no-permission'); + Util::redirect('?do=dozmod§ion=templates'); + } } elseif ($action === 'reset') { - $this->handleReset(); + if(User::hasPermission("templates.reset")) { + $this->handleReset(); + } else { + Message::addError('main.no-permission'); + Util::redirect('?do=dozmod§ion=templates'); + } } else { Message::addError('main.invalid-action', $action); Util::redirect('?do=dozmod§ion=templates'); diff --git a/modules-available/dozmod/page.inc.php b/modules-available/dozmod/page.inc.php index 24ad00d8..19c05555 100644 --- a/modules-available/dozmod/page.inc.php +++ b/modules-available/dozmod/page.inc.php @@ -27,7 +27,7 @@ class Page_DozMod extends Page { User::load(); - if (!User::hasPermission('superadmin')) { + if (!User::isLoggedIn()) { Message::addError('main.no-permission'); Util::redirect('?do=Main'); } @@ -50,15 +50,30 @@ class Page_DozMod extends Page $action = Request::post('action', false, 'string'); if ($action === 'mail') { - $this->mailHandler(); + if (User::hasPermission("mail.save")) { + $this->mailHandler(); + } else { + Message::addError('main.no-permission'); + Util::redirect('?do=dozmod§ion=mailconfig'); + } } elseif ($action === 'runtime') { - $this->runtimeHandler(); + if (User::hasPermission("runtimeconfig.save")) { + $this->runtimeHandler(); + } else { + Message::addError('main.no-permission'); + Util::redirect('?do=dozmod§ion=runtimeconfig'); + } } elseif ($action === 'delimages') { - $result = $this->handleDeleteImages(); - if (!empty($result)) { - Message::addInfo('delete-images', $result); + if (User::hasPermission("images.delete")) { + $result = $this->handleDeleteImages(); + if (!empty($result)) { + Message::addInfo('delete-images', $result); + } + Util::redirect('?do=DozMod'); + } else { + Message::addError('main.no-permission'); + Util::redirect('?do=dozmod'); } - Util::redirect('?do=DozMod'); } elseif ($action !== false) { Util::traceError('Invalid action: ' . $action); } @@ -204,8 +219,6 @@ class Page_DozMod extends Page protected function doAjax() { User::load(); - if (!User::hasPermission('superadmin')) - return; $this->setupSubPage(); if ($this->subPage !== false) { @@ -214,10 +227,19 @@ class Page_DozMod extends Page } $action = Request::post('action'); + if ($action === 'mail') { - $this->handleTestMail(); + if (User::hasPermission("mail.testmail")) { + $this->handleTestMail(); + } else { + die('No permission'); + } } elseif ($action === 'delimages') { - die($this->handleDeleteImages()); + if (User::hasPermission("images.delete")) { + die($this->handleDeleteImages()); + } else { + die('No permission'); + } } elseif ($action === 'getblockinfo') { $this->ajaxGetBlockInfo(); } diff --git a/modules-available/dozmod/permissions/permissions.json b/modules-available/dozmod/permissions/permissions.json new file mode 100644 index 00000000..8295d0f0 --- /dev/null +++ b/modules-available/dozmod/permissions/permissions.json @@ -0,0 +1,12 @@ +{ + "images.delete": "Delete images marked for deletion.", + "mail.save": "Save SMTP configuration for sending mails.", + "mail.testmail": "Send a testmail.", + "runtimeconfig.save": "Save limits and defaults of a runtime configuration.", + "templates.save": "Save email templates", + "templates.reset": "Reset email templates", + "users.setmail": "Enable/Disable Email Notification", + "users.setlogin": "Enable/Disable Login", + "users.setsu": "Set User to superuser", + "users.orglogin": "Enalbe/Disable Login for Users from certain organisations." +}
\ No newline at end of file diff --git a/modules-available/dozmod/templates/templates.html b/modules-available/dozmod/templates/templates.html index 62b250a9..4764c0e9 100644 --- a/modules-available/dozmod/templates/templates.html +++ b/modules-available/dozmod/templates/templates.html @@ -84,15 +84,36 @@ </form> <form method="POST" action="?do=dozmod&section=templates"> <input type="hidden" name="token" value="{{token}}"> - <input type="hidden" name="action" value="reset"> <div> - <button type="submit" onclick="return confirm('{{lang_reallyResetTemplates}}')" class="btn btn-danger">{{lang_loadDefaults}}</button> + <button type="button" data-toggle="modal" data-target="#resetTemplatesModal" class="btn btn-danger">{{lang_loadDefaults}}</button> </div> + + <div id="resetTemplatesModal" class="modal fade" role="dialog"> + <div class="modal-dialog"> + <div class="modal-content"> + <div class="modal-header"> + <button type="button" class="close" data-dismiss="modal">×</button> + <h4 class="modal-title"></h4> + </div> + <div class="modal-body"> + <p>{{lang_reallyResetTemplates}}</p> + </div> + <div class="modal-footer"> + <button type="button" class="btn btn-default" data-dismiss="modal">{{lang_cancel}}</button> + <button type="submit" name="action" value ="reset" class="btn btn-primary">{{lang_reset}}</button> + </div> + </div> + + </div> + </div> + </form> <div class="clearfix"></div> </div> </div> + + <script type="application/javascript"><!-- diff --git a/modules-available/dozmod/templates/userlist.html b/modules-available/dozmod/templates/userlist.html index 8bba4ef8..378a2be1 100644 --- a/modules-available/dozmod/templates/userlist.html +++ b/modules-available/dozmod/templates/userlist.html @@ -64,7 +64,19 @@ function setu(action, el, uid) { if (data !== '1' && data !== '0') { el.checked = !old; - box.parent().css('background-color', 'red !important'); + box.parent().css('background-color', ''); + /* show success notification */ + $notification = $('<span></span>') + .addClass('glyphicon glyphicon-remove') + .css('color', 'red') + .css('width', '0px') + .css('position', 'relative') + .css('right', '20px') + .hide(); + box.before($notification); + $notification.fadeIn('fast', function () { + $notification.fadeOut('slow', function () { $notification.remove() }); + }); } else { el.checked = (data == 1); box.parent().css('background-color', ''); |