summaryrefslogtreecommitdiffstats
path: root/modules-available/runmode/page.inc.php
diff options
context:
space:
mode:
authorSimon Rettberg2018-02-27 13:05:21 +0100
committerSimon Rettberg2018-02-27 13:05:21 +0100
commit47d1e28478a78eb8d275553cb44693a61b597307 (patch)
tree447bbbd333f19db716e6f0a1b773f21d01d72301 /modules-available/runmode/page.inc.php
parent[dnbd3] Add permissions (diff)
downloadslx-admin-47d1e28478a78eb8d275553cb44693a61b597307.tar.gz
slx-admin-47d1e28478a78eb8d275553cb44693a61b597307.tar.xz
slx-admin-47d1e28478a78eb8d275553cb44693a61b597307.zip
[runmode] Support permissions supplied by module; fix handling of deleteUrl modules
Diffstat (limited to 'modules-available/runmode/page.inc.php')
-rw-r--r--modules-available/runmode/page.inc.php282
1 files changed, 201 insertions, 81 deletions
diff --git a/modules-available/runmode/page.inc.php b/modules-available/runmode/page.inc.php
index 8feb097e..9f2c2f44 100644
--- a/modules-available/runmode/page.inc.php
+++ b/modules-available/runmode/page.inc.php
@@ -14,79 +14,142 @@ class Page_RunMode extends Page
Util::redirect('?do=main');
}
$action = Request::post('action', false, 'string');
- if ($action !== false) {
- $this->handleAction($action);
+ if ($action === 'save-mode') {
+ $this->handleSaveMode();
+ } elseif ($action === 'delete-machine') {
+ $this->handleDeleteMachine();
+ }
+ if (Request::isPost()) {
Util::redirect('?do=runmode');
}
}
- private function handleAction($action)
+ private function handleSaveMode()
{
- if ($action === 'save-mode') {
- $machines = array_filter(Request::post('machines', [], 'array'), 'is_string');
- $module = Request::post('module', false, 'string');
- $modeId = Request::post('modeid', false, 'string');
- $modConfig = RunMode::getModuleConfig($module);
- if ($modConfig === false) {
- Message::addError('runmode.module-hasnt-runmode', $module);
- return;
- }
- if (!$modConfig->allowGenericEditor) {
- Message::addError('runmode.cannot-edit-module', $module);
- return;
- }
- $test = RunMode::getModeName($module, $modeId);
- if ($test === false) {
- Message::addError('runmode.invalid-modeid', $module, $modeId);
- return;
- }
- $active = 0;
- foreach ($machines as $machine) {
- $oldMode = RunMode::getRunMode($machine, 0);
- if ($oldMode !== false) {
- $oldModule = RunMode::getModuleConfig($oldMode['module']);
- if ($oldModule !== false && (!$oldModule->allowGenericEditor || $oldModule->deleteUrlSnippet !== false)) {
- Message::addError('runmode.machine-still-assigned', $machine, $oldMode['module']);
- continue;
- }
+ $machines = array_unique(array_filter(Request::post('machines', [], 'array'), 'is_string'));
+ $module = Request::post('module', false, 'string');
+ $modeId = Request::post('modeid', false, 'string');
+ $modConfig = RunMode::getModuleConfig($module);
+ if ($modConfig === false) {
+ Message::addError('runmode.module-hasnt-runmode', $module);
+ return;
+ }
+ if (!$modConfig->allowGenericEditor) {
+ Message::addError('runmode.cannot-edit-module', $module);
+ return;
+ }
+ $test = RunMode::getModeName($module, $modeId);
+ if ($test === false) {
+ Message::addError('runmode.invalid-modeid', $module, $modeId);
+ return;
+ }
+ // Query existing entries first (for delete - see below)
+ $existing = [];
+ if ($modConfig->permission !== false) {
+ $existing = RunMode::getForMode($module, $modeId, true, true);
+ }
+ // Before doing anything, check if the user has the proper permission for any location - if not, nothing to do
+ if (!$modConfig->userHasPermission(null)) {
+ Message::addError('main.no-permission');
+ Util::redirect('?do=runmode');
+ }
+ $active = 0;
+ foreach ($machines as $machine) {
+ if (isset($existing[$machine])) {
+ if (!$modConfig->userHasPermission($existing[$machine]['locationid'])) {
+ // Machine was already assigned to this runmode, and user has no permission for its location
+ unset($existing[$machine]);
+ continue; // So keep it as-is and skip
}
- $ret = RunMode::setRunMode($machine, $module, $modeId, null, null);
- if ($ret) {
- $active++;
+ // User has permission to add this existing machine, keep going so meta data could be updated
+ unset($existing[$machine]);
+ } else {
+ // Not existing yet in this module/mode combo, but check if it is assigned to some other run mode
+ $machineLocation = false;
+ $oldMachineMode = RunMode::getRunMode($machine, RunMode::DATA_MACHINE_DATA | RunMode::DATA_DETAILED);
+ if ($oldMachineMode !== false) {
+ $machineLocation = $oldMachineMode['locationid'];
+ $oldModule = RunMode::getModuleConfig($oldMachineMode['module']);
+ if ($oldModule !== false) {
+ if ($oldMachineMode['module'] !== $module || $oldMachineMode['modeid'] !== $modeId) {
+ if (!$oldModule->allowGenericEditor || $oldModule->deleteUrlSnippet !== false) {
+ Message::addError('runmode.machine-still-assigned', $machine, $oldMachineMode['module']);
+ continue;
+ }
+ }
+ // Permissions for old runmode
+ if (!$oldModule->userHasPermission($oldMachineMode['locationid'])) {
+ // Show same error message as above - might help the user figure out they have no perm to remove it
+ Message::addError('runmode.machine-still-assigned', $machine, $oldMachineMode['module']);
+ continue;
+ }
+ }
} else {
- Message::addError('runmode.machine-not-found', $machine);
+ // Not existing, no old mode - query machine to get location, so we can do a perm-check for new loc
+ $m = Statistics::getMachine($machine, Machine::NO_DATA);
+ if ($m !== false) {
+ $machineLocation = $m->locationid;
+ }
+ }
+ if ($machineLocation !== false && !$modConfig->userHasPermission($machineLocation)) {
+ Message::addError('runmode.machine-no-permission', $machine);
+ continue;
}
}
+ $ret = RunMode::setRunMode($machine, $module, $modeId, null, null);
+ if ($ret) {
+ $active++;
+ } else {
+ Message::addError('runmode.machine-not-found', $machine);
+ }
+ }
+ // Make sure inaccessible machines (no permission for location) are preserved on delete
+ // Add existing but inaccessible to list
+ foreach ($existing as $e) {
+ if (!$modConfig->userHasPermission($e['locationid'])) {
+ $machines[] = $e['machineuuid'];
+ }
+ }
+ if ($modConfig->deleteUrlSnippet === false) {
$deleted = Database::exec('DELETE FROM runmode
WHERE module = :module AND modeid = :modeId AND machineuuid NOT IN (:machines)',
compact('module', 'modeId', 'machines'));
- Message::addSuccess('runmode.enabled-removed-save', $active, $deleted);
- Util::redirect('?do=runmode&module=' . $module . '&modeid=' . $modeId, true);
- } elseif ($action === 'delete-machine') {
- $machineuuid = Request::post('machineuuid', false, 'string');
- if ($machineuuid === false) {
- Message::addError('main.parameter-missing', 'machineuuid');
- return;
- }
- $mode = RunMode::getRunMode($machineuuid);
- if ($mode === false) {
- Message::addError('runmode.machine-not-found', $machineuuid);
- return;
- }
- $modConfig = RunMode::getModuleConfig($mode['module']);
- if ($modConfig === false) {
- Message::addError('module-hasnt-runmode', $mode['moduleName']);
- return;
- }
- if (!$modConfig->allowGenericEditor) {
- Message::addError('runmode.cannot-edit-module', $mode['moduleName']);
- return;
- }
- if (RunMode::setRunMode($machineuuid, null, null)) {
- Message::addSuccess('machine-removed', $machineuuid);
- } else {
- Message::addWarning('machine-not-runmode', $machineuuid);
- }
+ } else {
+ $deleted = 0;
+ }
+ Message::addSuccess('runmode.enabled-removed-save', $active, $deleted);
+ Util::redirect('?do=runmode&module=' . $module . '&modeid=' . $modeId, true);
+ }
+
+ private function handleDeleteMachine()
+ {
+ $machineuuid = Request::post('machineuuid', false, 'string');
+ if ($machineuuid === false) {
+ Message::addError('main.parameter-missing', 'machineuuid');
+ return;
+ }
+ $mode = RunMode::getRunMode($machineuuid, RunMode::DATA_MACHINE_DATA | RunMode::DATA_DETAILED);
+ if ($mode === false) {
+ Message::addError('runmode.machine-not-found', $machineuuid);
+ return;
+ }
+ $modConfig = RunMode::getModuleConfig($mode['module']);
+ if ($modConfig === false) {
+ Message::addError('module-hasnt-runmode', $mode['moduleName']);
+ return;
+ }
+ if (!$modConfig->allowGenericEditor || $modConfig->deleteUrlSnippet !== false) {
+ Message::addError('runmode.cannot-edit-module', $mode['moduleName']);
+ return;
+ }
+ if (!$modConfig->userHasPermission($mode['locationid'])) {
+ Message::addError('runmode.machine-no-permission', $machineuuid);
+ return;
+ }
+ if (RunMode::setRunMode($machineuuid, null, null)) {
+ Message::addSuccess('machine-removed', $machineuuid);
+ } else {
+ Message::addWarning('machine-not-runmode', $machineuuid);
}
}
@@ -117,7 +180,13 @@ class Page_RunMode extends Page
$modeId = Request::get('modeid', false, 'string');
if ($modeId !== false) {
// Show edit page for specific module-mode combo
- $this->renderModuleMode($module, $modeId);
+ $this->renderModuleMode($module, $modeId, $config);
+ return;
+ }
+ // Permissions
+ if (!$config->userHasPermission(null) && !User::hasPermission('list-all')) {
+ Message::addError('main.no-permission');
+ Util::redirect('?do=runmode');
return;
}
// Show list of machines with assigned mode for this module
@@ -152,6 +221,16 @@ class Page_RunMode extends Page
$modules[$row['module']]['list'][] = $row;
}
foreach ($modules as $moduleId => $rows) {
+ if ($onlyModule === false) {
+ // Permissions - not required if rendering specific module, since it's been already done
+ if ($rows['config']->userHasPermission(null)) {
+ $disabled = '';
+ } elseif (User::hasPermission('list-all')) {
+ $disabled = 'disabled';
+ } else {
+ continue;
+ } // </Permissions>
+ }
$module = Module::get($moduleId);
if ($module === false)
continue;
@@ -161,7 +240,8 @@ class Page_RunMode extends Page
'modulename' => $module->getDisplayName(),
'module' => $moduleId,
'canedit' => $config !== false && $config->allowGenericEditor && $config->deleteUrlSnippet === false,
- 'deleteUrl' => $config->deleteUrlSnippet
+ 'deleteUrl' => $config->deleteUrlSnippet,
+ 'disabled' => $disabled,
));
}
}
@@ -169,8 +249,9 @@ class Page_RunMode extends Page
/**
* @param \Module $module
* @param string $modeId
+ * @param \RunModeModuleConfig $config
*/
- private function renderModuleMode($module, $modeId)
+ private function renderModuleMode($module, $modeId, $config)
{
$moduleId = $module->getIdentifier();
$modeName = RunMode::getModeName($moduleId, $modeId);
@@ -186,39 +267,78 @@ class Page_RunMode extends Page
Message::addError('runmode.cannot-edit-module', $moduleId);
Util::redirect($redirect);
}
+ // Permissions
+ if ($config->userHasPermission(null)) {
+ $disabled = '';
+ } elseif (User::hasPermission('list-all')) {
+ $disabled = 'disabled';
+ } else {
+ Message::addError('main.no-permission');
+ Util::redirect('?do=runmode');
+ return;
+ }
+ $machines = RunMode::getForMode($module, $modeId, true);
+ if ($config->permission !== false) {
+ $allowed = User::getAllowedLocations($config->permission);
+ $machines = array_values(array_filter($machines, function ($item) use ($allowed) {
+ return in_array($item['locationid'], $allowed);
+ }));
+ }
Render::addTemplate('machine-selector', [
'module' => $moduleId,
'modeid' => $modeId,
'moduleName' => $module->getDisplayName(),
'modeName' => $modeName,
- 'machines' => json_encode(RunMode::getForMode($module, $modeId, true)),
+ 'machines' => json_encode($machines),
'redirect' => $redirect,
+ 'disabled' => $disabled,
+ 'add-only' => $config->deleteUrlSnippet !== false,
]);
}
protected function doAjax()
{
$action = Request::any('action', false, 'string');
+ if ($action !== 'getmachines')
+ return;
+ $query = Request::get('query', false, 'string');
+ if (strlen($query) < 2)
+ return;
- if ($action === 'getmachines') {
- $query = Request::get('query', false, 'string');
-
- $result = Database::simpleQuery('SELECT m.machineuuid, m.macaddr, m.clientip, m.hostname, m.locationid, '
- . 'r.module, r.modeid '
- . 'FROM machine m '
- . 'LEFT JOIN runmode r USING (machineuuid) '
- . 'WHERE machineuuid LIKE :query '
- . ' OR macaddr LIKE :query '
- . ' OR clientip LIKE :query '
- . ' OR hostname LIKE :query '
- . ' LIMIT 100', ['query' => "%$query%"]);
+ User::load();
+ $config = RunMode::getModuleConfig(Request::any('module', '', 'string'));
+ $returnObject = ['machines' => []];
- $returnObject = [
- 'machines' => $result->fetchAll(PDO::FETCH_ASSOC)
- ];
+ if ($config !== false) {
+ $params = ['query' => "%$query%"];
+ if ($config->permission === false) {
+ // Global
+ $condition = '1';
+ } else {
+ $params['locations'] = User::getAllowedLocations($config->permission);
+ $condition = 'locationid IN (:locations)';
+ if (in_array(0, $params['locations'])) {
+ $condition .= ' OR locationid IS NULL';
+ }
+ }
+ if ($config->permission === false || !empty($params['locations'])) {
+ $result = Database::simpleQuery("SELECT m.machineuuid, m.macaddr, m.clientip, m.hostname, m.locationid,
+ r.module, r.modeid
+ FROM machine m
+ LEFT JOIN runmode r USING (machineuuid)
+ WHERE ($condition) AND (machineuuid LIKE :query
+ OR macaddr LIKE :query
+ OR clientip LIKE :query
+ OR hostname LIKE :query)
+ LIMIT 100", $params);
- echo json_encode($returnObject);
+ $returnObject = [
+ 'machines' => $result->fetchAll(PDO::FETCH_ASSOC)
+ ];
+ }
}
+ echo json_encode($returnObject);
+
}
} \ No newline at end of file