diff options
author | Christian Hofmaier | 2018-01-09 17:38:21 +0100 |
---|---|---|
committer | Christian Hofmaier | 2018-01-09 17:38:21 +0100 |
commit | 4c9aba92942c4b9341c46a50aeaa31bea24a8b60 (patch) | |
tree | 5f0fa5b714a475a7c0ab7b8a900d24114a63ea7d /modules-available/rebootcontrol | |
parent | [exams] reworked permission system from "click and you get error" to "button ... (diff) | |
download | slx-admin-4c9aba92942c4b9341c46a50aeaa31bea24a8b60.tar.gz slx-admin-4c9aba92942c4b9341c46a50aeaa31bea24a8b60.tar.xz slx-admin-4c9aba92942c4b9341c46a50aeaa31bea24a8b60.zip |
[exams] implemented permission system
Diffstat (limited to 'modules-available/rebootcontrol')
5 files changed, 117 insertions, 54 deletions
diff --git a/modules-available/rebootcontrol/lang/de/permissions.json b/modules-available/rebootcontrol/lang/de/permissions.json new file mode 100644 index 00000000..92eeb37e --- /dev/null +++ b/modules-available/rebootcontrol/lang/de/permissions.json @@ -0,0 +1,5 @@ +{ + "shutdown": "Client herunterfahren.", + "reboot": "Client neustarten.", + "newkeypair": "Neues Schlüsselpaar generieren." +}
\ No newline at end of file diff --git a/modules-available/rebootcontrol/lang/en/permissions.json b/modules-available/rebootcontrol/lang/en/permissions.json new file mode 100644 index 00000000..077890fb --- /dev/null +++ b/modules-available/rebootcontrol/lang/en/permissions.json @@ -0,0 +1,5 @@ +{ + "shutdown": "Shutdown Client.", + "reboot": "Reboot Client.", + "newkeypair": "Generate new Keypair." +}
\ No newline at end of file diff --git a/modules-available/rebootcontrol/page.inc.php b/modules-available/rebootcontrol/page.inc.php index fc3ded8f..fa34a05a 100644 --- a/modules-available/rebootcontrol/page.inc.php +++ b/modules-available/rebootcontrol/page.inc.php @@ -4,6 +4,9 @@ class Page_RebootControl extends Page { private $action = false; + private $allowedShutdownLocs = []; + private $allowedRebootLocs = []; + private $allowedLocs = []; /** * Called before any page rendering happens - early hook to check parameters etc. @@ -17,21 +20,40 @@ class Page_RebootControl extends Page Util::redirect('?do=Main'); // does not return } + $this->allowedShutdownLocs = User::getAllowedLocations("shutdown"); + $this->allowedRebootLocs = User::getAllowedLocations("reboot"); + $this->allowedLocs = array_unique(array_merge($this->allowedShutdownLocs, $this->allowedRebootLocs)); + $this->action = Request::any('action', 'show', 'string'); if ($this->action === 'startReboot' || $this->action === 'startShutdown') { - $clients = Request::post('clients'); - if (!is_array($clients) || empty($clients)) { - Message::addError('no-clients-selected'); - Util::redirect(); - } + $locationId = Request::post('locationId', false, 'int'); if ($locationId === false) { Message::addError('locations.invalid-location-id', $locationId); Util::redirect(); } + $shutdown = $this->action === "startShutdown"; + // Check user permission (if user has no permission, the getAllowed-list will be empty and the check will fail) + if ($shutdown) { + if (!in_array($locationId, $this->allowedShutdownLocs)) { + Message::addError('main.no-permission'); + Util::redirect(); + } + } else { + if (!in_array($locationId, $this->allowedRebootLocs)) { + Message::addError('main.no-permission'); + Util::redirect(); + } + } + + $clients = Request::post('clients'); + if (!is_array($clients) || empty($clients)) { + Message::addError('no-clients-selected'); + Util::redirect(); + } $minutes = Request::post('minutes', 0, 'int'); $list = RebootQueries::getMachinesByUuid($clients); @@ -72,12 +94,34 @@ class Page_RebootControl extends Page //location you want to see, default are "not assigned" clients $requestedLocation = Request::get('location', 0, 'int'); - $data['data'] = RebootQueries::getMachineTable($requestedLocation); - $data['locations'] = Location::getLocations($requestedLocation, 0, true); + // only fill table if user has at least one permission for the location + if (in_array($requestedLocation, $this->allowedLocs)) { + $data['data'] = RebootQueries::getMachineTable($requestedLocation); + $data['allowedToSelect'] = True; + } + $data['locations'] = Location::getLocations($requestedLocation, 0, true); + // Always show public key (it's public, isn't it?) $data['pubKey'] = SSHKey::getPublicKey(); + // disable each location user has no permission for + foreach ($data['locations'] as &$loc) { + if (!in_array($loc["locationid"], $this->allowedLocs)) { + $loc["disabled"] = "disabled"; + } + } + + // Only enable shutdown/reboot-button if user has permission for the location + if (in_array($requestedLocation, $this->allowedShutdownLocs)) { + $data['allowedToShutdown'] = True; + } + if (in_array($requestedLocation, $this->allowedRebootLocs)) { + $data['allowedToReboot'] = True; + } + $data['allowedToGenerateKey'] = User::hasPermission("newkeypair"); + Render::addTemplate('_page', $data); + } } } @@ -86,8 +130,12 @@ class Page_RebootControl extends Page { $this->action = Request::post('action', false, 'string'); if ($this->action === 'generateNewKeypair') { - Property::set("rebootcontrol-private-key", false); - echo SSHKey::getPublicKey(); + if (User::hasPermission("newkeypair")) { + Property::set("rebootcontrol-private-key", false); + echo SSHKey::getPublicKey(); + } else { + echo 'No permission.'; + } } else { echo 'Invalid action.'; } diff --git a/modules-available/rebootcontrol/permissions/permissions.json b/modules-available/rebootcontrol/permissions/permissions.json new file mode 100644 index 00000000..5230c9bd --- /dev/null +++ b/modules-available/rebootcontrol/permissions/permissions.json @@ -0,0 +1,5 @@ +[ + "shutdown", + "reboot", + "newkeypair" +]
\ No newline at end of file diff --git a/modules-available/rebootcontrol/templates/_page.html b/modules-available/rebootcontrol/templates/_page.html index 1bef8dd4..9b470943 100644 --- a/modules-available/rebootcontrol/templates/_page.html +++ b/modules-available/rebootcontrol/templates/_page.html @@ -8,15 +8,15 @@ <input type="hidden" name="token" value="{{token}}"> <div class="row"> <div class="col-md-12"> - <label>{{lang_location}}: - <select id="locationDropdown" name="locationId" class="form-control" onchange="selectLocation()"> - {{#locations}} - <option value="{{locationid}}" {{#selected}}selected{{/selected}}>{{locationpad}} {{locationname}}</option> - {{/locations}} - </select> - </label> - <button type="button" id="selectAllButton" class="btn btn-primary pull-right" onclick="selectAllRows()"><span class="glyphicon glyphicon-check"></span> {{lang_selectall}}</button> - <button type="button" id="unselectAllButton" class="btn btn-default pull-right" onclick="unselectAllRows()" style="display: none;"><span class="glyphicon glyphicon-unchecked"></span> {{lang_unselectall}}</button> + <label>{{lang_location}}: + <select id="locationDropdown" name="locationId" class="form-control" onchange="selectLocation()"> + {{#locations}} + <option value="{{locationid}}" {{disabled}} {{#selected}}selected{{/selected}}>{{locationpad}} {{locationname}}</option> + {{/locations}} + </select> + </label> + <button type="button" id="selectAllButton" {{^allowedToSelect}}disabled{{/allowedToSelect}} class="btn btn-primary pull-right" onclick="selectAllRows()"><span class="glyphicon glyphicon-check"></span> {{lang_selectall}}</button> + <button type="button" id="unselectAllButton" {{^allowedToSelect}}disabled{{/allowedToSelect}} class="btn btn-default pull-right" onclick="unselectAllRows()" style="display: none;"><span class="glyphicon glyphicon-unchecked"></span> {{lang_unselectall}}</button> <button type="button" id="rebootButton" class="btn btn-warning pull-right" data-toggle="modal" data-target="#rebootModal" disabled><span class="glyphicon glyphicon-repeat"></span> {{lang_rebootButton}}</button> <button type="button" id="shutdownButton" class="btn btn-danger pull-right" data-toggle="modal" data-target="#shutdownModal" disabled><span class="glyphicon glyphicon-off"></span> {{lang_shutdownButton}}</button> </div> @@ -25,41 +25,41 @@ <div class="col-md-12"> <table class="table table-condensed table-hover stupidtable" id="dataTable"> <thead> - <tr> - <th data-sort="string">{{lang_client}}</th> - <th data-sort="ipv4">{{lang_ip}}</th> - <th data-sort="string">{{lang_status}}</th> - <th data-sort="string">{{lang_session}}</th> - <th data-sort="string">{{lang_user}}</th> - <th data-sort="int" data-sort-default="desc">{{lang_selected}}</th> - </tr> + <tr> + <th data-sort="string">{{lang_client}}</th> + <th data-sort="ipv4">{{lang_ip}}</th> + <th data-sort="string">{{lang_status}}</th> + <th data-sort="string">{{lang_session}}</th> + <th data-sort="string">{{lang_user}}</th> + <th data-sort="int" data-sort-default="desc">{{lang_selected}}</th> + </tr> </thead> <tbody> {{#data}} - <tr> - <td> - {{hostname}} - {{^hostname}}{{clientip}}{{/hostname}} - </td> - <td>{{clientip}}</td> - <td class="statusColumn"> - {{#status}} - <span class="text-success">{{lang_on}}</span> - {{/status}} - {{^status}} - <span class="text-danger">{{lang_off}}</span> - {{/status}} - </td> - <td>{{#status}}{{currentsession}}{{/status}}</td> - <td>{{#status}}{{currentuser}}{{/status}}</td> - <td data-sort-value="0" class="checkboxColumn"> - <div class="checkbox"> - <input id="m-{{machineuuid}}" type="checkbox" name="clients[]" value='{{machineuuid}}'> - <label for="m-{{machineuuid}}"></label> - </div> - </td> - </tr> + <tr> + <td> + {{hostname}} + {{^hostname}}{{clientip}}{{/hostname}} + </td> + <td>{{clientip}}</td> + <td class="statusColumn"> + {{#status}} + <span class="text-success">{{lang_on}}</span> + {{/status}} + {{^status}} + <span class="text-danger">{{lang_off}}</span> + {{/status}} + </td> + <td>{{#status}}{{currentsession}}{{/status}}</td> + <td>{{#status}}{{currentuser}}{{/status}}</td> + <td data-sort-value="0" class="checkboxColumn"> + <div class="checkbox"> + <input id="m-{{machineuuid}}" type="checkbox" name="clients[]" value='{{machineuuid}}'> + <label for="m-{{machineuuid}}"></label> + </div> + </td> + </tr> {{/data}} </tbody> </table> @@ -79,7 +79,7 @@ </div> <div class="modal-body"> <span id="pubKeyTitle">{{lang_pubKey}}</span> - <button class="btn btn-s btn-warning pull-right" onclick="generateNewKeypair()" type="button"><span class="glyphicon glyphicon-refresh"></span> {{lang_genNew}}</button> + <button {{^allowedToGenerateKey}}disabled{{/allowedToGenerateKey}} class="btn btn-s btn-warning pull-right" onclick="generateNewKeypair()" type="button"><span class="glyphicon glyphicon-refresh"></span> {{lang_genNew}}</button> <pre id="pubKey">{{pubKey}}</pre> </div> <div class="modal-footer"> @@ -100,7 +100,7 @@ </div> <div class="modal-footer"> <button type="button" class="btn btn-default" data-dismiss="modal">{{lang_cancel}}</button> - <button type="submit" name="action" value="startReboot" class="btn btn-warning"><span class="glyphicon glyphicon-repeat"></span> {{lang_reboot}}</button> + <button type="submit" {{^allowedToReboot}}disabled{{/allowedToReboot}} name="action" value="startReboot" class="btn btn-warning"><span class="glyphicon glyphicon-repeat"></span> {{lang_reboot}}</button> </div> </div> </div> @@ -115,11 +115,11 @@ </div> <div class="modal-body"> {{lang_shutdownCheck}} - {{lang_shutdownIn}} <input id="shutdownTimer" name="minutes" title="{{lang_shutdownIn}}" type="number" value="0" min="0" onkeypress="return isNumberKey(event)"> {{lang_minutes}} + {{lang_shutdownIn}} <input id="shutdownTimer" name="minutes" title="{{lang_shutdownIn}}" type="number" value="0" min="0" onkeypress="return isNumberKey(event)"> {{lang_minutes}} </div> <div class="modal-footer"> <button type="button" class="btn btn-default" data-dismiss="modal">{{lang_cancel}}</button> - <button type="submit" name="action" value="startShutdown" class="btn btn-danger"><span class="glyphicon glyphicon-off"></span> {{lang_shutdownButton}}</button> + <button type="submit" {{^allowedToShutdown}}disabled{{/allowedToShutdown}} name="action" value="startShutdown" class="btn btn-danger"><span class="glyphicon glyphicon-off"></span> {{lang_shutdownButton}}</button> </div> </div> </div> @@ -162,7 +162,7 @@ $('#rebootButton').prop('disabled', false); $('#shutdownButton').prop('disabled', false); } - }); + }); $('.checkboxColumn').click(function(e) { if (e.target === this) { $(this).find('input[type="checkbox"]').click(); |