summaryrefslogtreecommitdiffstats
path: root/modules-available
diff options
context:
space:
mode:
authorSimon Rettberg2020-01-14 16:50:47 +0100
committerSimon Rettberg2020-01-14 16:50:47 +0100
commitf97ac52934278ef611520c1f3972d8d226af8f73 (patch)
treeab98cfaed0322ec25c91ee6b59030f5fef112d94 /modules-available
parent[dnbd3] Always add DNBD3 servers to config (for stage4) (diff)
downloadslx-admin-f97ac52934278ef611520c1f3972d8d226af8f73.tar.gz
slx-admin-f97ac52934278ef611520c1f3972d8d226af8f73.tar.xz
slx-admin-f97ac52934278ef611520c1f3972d8d226af8f73.zip
[permissionmanager] Also disallow deleting builtin roles
Diffstat (limited to 'modules-available')
-rw-r--r--modules-available/permissionmanager/page.inc.php28
-rw-r--r--modules-available/permissionmanager/templates/rolestable.html2
2 files changed, 19 insertions, 11 deletions
diff --git a/modules-available/permissionmanager/page.inc.php b/modules-available/permissionmanager/page.inc.php
index 63cbcb59..b431d9c9 100644
--- a/modules-available/permissionmanager/page.inc.php
+++ b/modules-available/permissionmanager/page.inc.php
@@ -29,21 +29,12 @@ class Page_PermissionManager extends Page
} elseif ($action === 'deleteRole') {
User::assertPermission('roles.edit');
$id = Request::post('deleteId', false, 'int');
+ $this->denyActionIfBuiltin($id);
PermissionDbUpdate::deleteRole($id);
} elseif ($action === 'saveRole') {
User::assertPermission('roles.edit');
$roleID = Request::post("roleid", Request::REQUIRED_EMPTY, 'int');
- if ($roleID) {
- $existing = GetPermissionData::getRole($roleID);
- if ($existing === false) {
- Message::addError('invalid-role-id', $roleID);
- Util::redirect('?do=permissionmanager');
- }
- if ($existing['builtin']) {
- Message::addError('builtin-role', $existing['rolename']);
- Util::redirect('?do=permissionmanager');
- }
- }
+ $this->denyActionIfBuiltin($roleID);
$roleName = Request::post("rolename", '', 'string');
if (empty($roleName)) {
Message::addError('main.parameter-empty', 'rolename');
@@ -315,4 +306,19 @@ class Page_PermissionManager extends Page
return $result;
}
+ private function denyActionIfBuiltin($roleID)
+ {
+ if ($roleID) {
+ $existing = GetPermissionData::getRole($roleID);
+ if ($existing === false) {
+ Message::addError('invalid-role-id', $roleID);
+ Util::redirect('?do=permissionmanager');
+ }
+ if ($existing['builtin']) {
+ Message::addError('builtin-role', $existing['rolename']);
+ Util::redirect('?do=permissionmanager');
+ }
+ }
+ }
+
}
diff --git a/modules-available/permissionmanager/templates/rolestable.html b/modules-available/permissionmanager/templates/rolestable.html
index f3521964..170dde88 100644
--- a/modules-available/permissionmanager/templates/rolestable.html
+++ b/modules-available/permissionmanager/templates/rolestable.html
@@ -41,6 +41,7 @@
</a>
</td>
<td class="text-center">
+ {{^builtin}}
<button type="submit" name="deleteId" value="{{roleid}}" class="btn btn-xs btn-danger" {{perms.roles.edit.disabled}}
data-confirm="#confirm-role-{{roleid}}" data-title="{{rolename}}">
<span class="glyphicon glyphicon-trash"></span>
@@ -49,6 +50,7 @@
<p>{{lang_roleDeleteConfirm}}</p>
{{lang_numAssignedUsers}}: {{users}}
</div>
+ {{/builtin}}
</td>
</tr>
{{/roles}}