diff options
| author | Simon Rettberg | 2021-06-28 15:04:35 +0200 |
|---|---|---|
| committer | Simon Rettberg | 2021-06-28 15:04:35 +0200 |
| commit | 44742851b22f225294a693f54161ad8e43a7dfda (patch) | |
| tree | 41121b084e77f53601df1e831cff3a298dda104d /modules-available/eventlog/pages | |
| parent | [inc/User] Make sure user has a token (diff) | |
| download | slx-admin-44742851b22f225294a693f54161ad8e43a7dfda.tar.gz slx-admin-44742851b22f225294a693f54161ad8e43a7dfda.tar.xz slx-admin-44742851b22f225294a693f54161ad8e43a7dfda.zip | |
[eventlog] Check permissions; add synamic suggestions for keys
Diffstat (limited to 'modules-available/eventlog/pages')
| -rw-r--r-- | modules-available/eventlog/pages/mailconfigs.inc.php | 3 | ||||
| -rw-r--r-- | modules-available/eventlog/pages/rules.inc.php | 3 | ||||
| -rw-r--r-- | modules-available/eventlog/pages/transports.inc.php | 3 |
3 files changed, 9 insertions, 0 deletions
diff --git a/modules-available/eventlog/pages/mailconfigs.inc.php b/modules-available/eventlog/pages/mailconfigs.inc.php index 6d5d20b6..141bf6e2 100644 --- a/modules-available/eventlog/pages/mailconfigs.inc.php +++ b/modules-available/eventlog/pages/mailconfigs.inc.php @@ -8,6 +8,7 @@ class SubPage public static function doPreprocess() { if (Request::isPost()) { + User::assertPermission('filter.mailconfigs.edit'); $action = Request::post('action'); if ($action === 'save-mailconfig') { self::saveMailconfig(); @@ -61,6 +62,7 @@ class SubPage public static function doRender() { + User::assertPermission('filter.mailconfigs.view'); $id = Request::get('id', null, 'int'); if ($id !== null) { self::showMailconfigEditor($id); @@ -79,6 +81,7 @@ class SubPage */ private static function showMailconfigEditor(int $id) { + User::assertPermission('filter.mailconfigs.edit'); if ($id !== 0) { // EDIT $data = Database::queryFirst('SELECT configid, host, port, `ssl`, senderaddress, replyto, diff --git a/modules-available/eventlog/pages/rules.inc.php b/modules-available/eventlog/pages/rules.inc.php index 131c4eb6..b00dcf08 100644 --- a/modules-available/eventlog/pages/rules.inc.php +++ b/modules-available/eventlog/pages/rules.inc.php @@ -8,6 +8,7 @@ class SubPage public static function doPreprocess() { if (Request::isPost()) { + User::assertPermission('filter.rule.edit'); $action = Request::post('action'); if ($action === 'save-filter') { self::saveRule(); @@ -87,6 +88,7 @@ class SubPage public static function doRender() { + User::assertPermission('filter.rule.view'); $id = Request::get('id', null, 'int'); if ($id !== null) { self::showRuleEditor($id); @@ -109,6 +111,7 @@ class SubPage private static function showRuleEditor(int $id) { // EDIT + User::assertPermission('filter.rule.edit'); $index = 0; $existing = []; if ($id !== 0) { diff --git a/modules-available/eventlog/pages/transports.inc.php b/modules-available/eventlog/pages/transports.inc.php index b72f36f9..c5d3713c 100644 --- a/modules-available/eventlog/pages/transports.inc.php +++ b/modules-available/eventlog/pages/transports.inc.php @@ -6,6 +6,7 @@ class SubPage public static function doPreprocess() { if (Request::isPost()) { + User::assertPermission('filter.transport.edit'); $action = Request::post('action'); if ($action === 'save-transport') { self::saveTransport(); @@ -107,6 +108,7 @@ class SubPage public static function doRender() { + User::assertPermission('filter.transport.view'); $id = Request::get('id', null, 'int'); if ($id !== null) { self::showTransportEditor($id); @@ -134,6 +136,7 @@ class SubPage */ private static function showTransportEditor(int $id) { + User::assertPermission('filter.transport.edit'); if ($id !== 0) { $entry = Database::queryFirst('SELECT transportid, title, description, data FROM notification_backend |