summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--modules-available/remoteaccess/lang/de/messages.json2
-rw-r--r--modules-available/remoteaccess/lang/de/permissions.json7
-rw-r--r--modules-available/remoteaccess/lang/de/template-tags.json5
-rw-r--r--modules-available/remoteaccess/page.inc.php84
-rw-r--r--modules-available/remoteaccess/permissions/permissions.json17
-rw-r--r--modules-available/remoteaccess/templates/edit-group.html13
-rw-r--r--modules-available/remoteaccess/templates/edit-settings.html34
7 files changed, 132 insertions, 30 deletions
diff --git a/modules-available/remoteaccess/lang/de/messages.json b/modules-available/remoteaccess/lang/de/messages.json
index fbdefd8f..a7b26240 100644
--- a/modules-available/remoteaccess/lang/de/messages.json
+++ b/modules-available/remoteaccess/lang/de/messages.json
@@ -1,6 +1,8 @@
{
"group-added": "Gruppe hinzugef\u00fcgt",
+ "group-deleted": "Gruppe {{0}} gel\u00f6scht",
"group-not-found": "Gruppe {{0}} existiert nicht",
"group-updated": "Gruppe {{0}} wurde aktualisiert",
+ "locations-not-allowed": "Gruppe {{0}} hat Orte zugewiesen, f\u00fcr die Sie keine Berechtigung haben",
"settings-saved": "Einstellungen gespeichert"
} \ No newline at end of file
diff --git a/modules-available/remoteaccess/lang/de/permissions.json b/modules-available/remoteaccess/lang/de/permissions.json
new file mode 100644
index 00000000..ef402eed
--- /dev/null
+++ b/modules-available/remoteaccess/lang/de/permissions.json
@@ -0,0 +1,7 @@
+{
+ "group.add": "Neue Gruppe anlegen",
+ "group.edit": "Einstellungen einer Gruppe bearbeiten, Gruppe l\u00f6schen",
+ "group.locations": "Zugewiesene R\u00e4ume einer Gruppe \u00e4ndern",
+ "set-proxy-ip": "F\u00fcr Zugriff freigegebene IP-Adresse\/Bereich \u00e4ndern",
+ "view": "Seite sehen"
+} \ No newline at end of file
diff --git a/modules-available/remoteaccess/lang/de/template-tags.json b/modules-available/remoteaccess/lang/de/template-tags.json
index b44849d6..a5d9ef07 100644
--- a/modules-available/remoteaccess/lang/de/template-tags.json
+++ b/modules-available/remoteaccess/lang/de/template-tags.json
@@ -3,13 +3,14 @@
"lang_allowAccessText": "IP-Adresse oder Netz in CIDR Notation, welches auf den VNC-Port des Clients zugreifen darf. (I.d.R. nur der Guacamole-Server)",
"lang_allowedAccessToVncPort": "Erlaubte Quelle f\u00fcr VNC-Zugriff",
"lang_assignLocations": "R\u00e4ume zuweisen",
+ "lang_general": "Allgemein",
"lang_group": "Gruppe",
"lang_groupListText": "Liste verf\u00fcgbarer Gruppen (\"virtuelle R\u00e4ume\")",
+ "lang_groups": "Gruppen",
"lang_keepAvailableWol": "WoL#",
"lang_locationSelectionText": "Ausgew\u00e4hlte Orte werden in den Remote-Modus geschaltet (beim n\u00e4chsten Boot des Clients) und sind damit im Pool f\u00fcr den Fernzugriff.",
"lang_numLocs": "R\u00e4ume",
- "lang_numberOfAvailableClients": "Anzahl bereit zu haltender Rechner",
- "lang_numberOfAvailableText": "Wir hier eine Zahl > 0 angegeben, wird versucht mittels WOL mindestens diese Anzahl an Rechnern am Loginbildschirm bereit zu halten, um sofortigen Zugriff zu gew\u00e4hrleisten. Diese Einstellung deaktiviert keine eventuell gesetzten Reboot\/Shutdown Timeouts oder Zeitpl\u00e4ne, diese sollten also ggf. f\u00fcr die unten ausgew\u00e4hlten R\u00e4ume angepasst werden.",
+ "lang_reallyDelete": "Wirklich l\u00f6schen?",
"lang_remoteAccessSettings": "Einstellungen f\u00fcr den Fernzugriff",
"lang_tryVirtualizerHandover": "Versuche, VNC-Server des Virtualisierers zu verwenden",
"lang_tryVirtualizerText": "Wenn aktiviert wird versucht, nach dem Start einer VM die Verbindung auf den VNC-Server des Virtualisierers umzubuchen. Zumindest f\u00fcr VMware haben wir hier allerdings eher eine Verschlechterung der Performance beobachten k\u00f6nnen; au\u00dferdem bricht die Verbindung beim Handover manchmal ab -> Nur experimentell!"
diff --git a/modules-available/remoteaccess/page.inc.php b/modules-available/remoteaccess/page.inc.php
index 2877fc9d..27b7ca6b 100644
--- a/modules-available/remoteaccess/page.inc.php
+++ b/modules-available/remoteaccess/page.inc.php
@@ -16,15 +16,20 @@ class Page_RemoteAccess extends Page
Message::addError('main.no-permission');
Util::redirect('?do=Main');
}
+ User::assertPermission('view');
$action = Request::post('action', false, 'string');
// Add group adds a DB row and then falls through to regular saving
if ($action === 'add-group') {
+ User::assertPermission('group.add');
Database::exec("INSERT INTO remoteaccess_group (groupname, wolcount, passwd, active)
VALUES ('.new', 0, '', 0)");
- $action = 'save-settings';
Message::addSuccess('group-added');
+ if (User::hasPermission('group.edit')) {
+ $action = 'save-groups';
+ }
}
- if ($action === 'save-settings') {
+ if ($action === 'save-groups') {
+ User::assertPermission('group.edit');
$groups = Request::post('group', [], 'array');
foreach ($groups as $id => $group) {
Database::exec("UPDATE remoteaccess_group SET groupname = :name, wolcount = :wol,
@@ -36,18 +41,30 @@ class Page_RemoteAccess extends Page
'active' => isset($group['active']) && $group['active'] ? 1 : 0,
]);
}
+ Message::addSuccess('settings-saved');
+ } elseif ($action === 'save-settings') {
+ User::assertPermission('set-proxy-ip');
Property::set(RemoteAccess::PROP_ALLOWED_VNC_NET, Request::post('allowed-source', '', 'string'));
Property::set(RemoteAccess::PROP_TRY_VIRT_HANDOVER, Request::post('virt-handover', false, 'int'));
Message::addSuccess('settings-saved');
- } elseif ($action === 'set-locations') {
+ } elseif ($action === 'delete-group') {
+ User::assertPermission('group.edit');
$groupid = Request::post('groupid', Request::REQUIRED, 'int');
- $group = Database::queryFirst("SELECT groupname FROM remoteaccess_group WHERE groupid = :id",
- ['id' => $groupid]);
- if ($group === false) {
- Message::addError('group-not-found', $groupid);
- Util::redirect('?do=remoteaccess');
+ $group = $this->groupNameOrFail($groupid);
+ if (!$this->checkGroupLocations($groupid)) {
+ Message::addError('locations-not-allowed', $group);
+ } else {
+ Database::exec("DELETE FROM remoteaccess_group WHERE groupid = :id", ['id' => $groupid]);
+ Message::addSuccess('group-deleted', $group);
}
+ } elseif ($action === 'set-locations') {
+ User::assertPermission('group.locations');
+ $groupid = Request::post('groupid', Request::REQUIRED, 'int');
+ $group = $this->groupNameOrFail($groupid);
$locations = array_values(Request::post('location', [], 'array'));
+ // Merge what's already set where we don't have permission
+ $locations = Permission::mergeWithDisallowed($locations, 'group.locations',
+ "SELECT locationid FROM remoteaccess_x_location WHERE groupid = :id", ['id' => $groupid]);
if (empty($locations)) {
Database::exec("DELETE FROM remoteaccess_x_location WHERE groupid = :id", ['id' => $groupid]);
} else {
@@ -56,13 +73,24 @@ class Page_RemoteAccess extends Page
Database::exec("DELETE FROM remoteaccess_x_location WHERE groupid = :id AND locationid NOT IN (:locations)",
['id' => $groupid, 'locations' => $locations]);
}
- Message::addSuccess('group-updated', $group['groupname']);
+ Message::addSuccess('group-updated', $group);
}
if (Request::isPost()) {
Util::redirect('?do=remoteaccess');
}
}
+ private function groupNameOrFail($groupid)
+ {
+ $group = Database::queryFirst("SELECT groupname FROM remoteaccess_group WHERE groupid = :id",
+ ['id' => $groupid]);
+ if ($group === false) {
+ Message::addError('group-not-found', $groupid);
+ Util::redirect('?do=remoteaccess');
+ }
+ return $group['groupname'];
+ }
+
protected function doRender()
{
$groupid = Request::get('groupid', false, 'int');
@@ -78,24 +106,48 @@ class Page_RemoteAccess extends Page
'virt-handover_checked' => Property::get(RemoteAccess::PROP_TRY_VIRT_HANDOVER) ? 'checked' : '',
'groups' => $groups,
];
+ Permission::addGlobalTags($data['perms'], null, ['group.locations', 'group.add', 'group.edit', 'set-proxy-ip']);
Render::addTemplate('edit-settings', $data);
} else {
// Edit locations for group
- $group = Database::queryFirst("SELECT groupid, groupname FROM remoteaccess_group WHERE groupid = :id",
- ['id' => $groupid]);
- if ($group === false) {
- Message::addError('group-not-found', $groupid);
- return;
- }
+ $group = $this->groupNameOrFail($groupid);
$locationList = Location::getLocationsAssoc();
$enabled = RemoteAccess::getEnabledLocations($groupid);
+ $allowed = User::getAllowedLocations('group.locations');
foreach ($enabled as $lid) {
if (isset($locationList[$lid])) {
$locationList[$lid]['checked'] = 'checked';
}
}
- Render::addTemplate('edit-group', $group + ['locations' => array_values($locationList)]);
+ foreach ($locationList as $lid => &$loc) {
+ if (!in_array($lid, $allowed)) {
+ $loc['disabled'] = 'disabled';
+ }
+ }
+ $data = [
+ 'groupid' => $groupid,
+ 'groupname' => $group,
+ 'locations' => array_values($locationList),
+ 'disabled' => empty($allowed) ? 'disabled' : '',
+ ];
+ Permission::addGlobalTags($data['perms'], null, ['group.locations', 'group.edit']);
+ Render::addTemplate('edit-group', $data);
}
}
+ /**
+ * @param int $groupid group to check
+ * @return bool if we have permission for all the locations assigned to group
+ */
+ private function checkGroupLocations($groupid)
+ {
+ $allowed = User::getAllowedLocations('group.locations');
+ if (in_array(0, $allowed))
+ return true;
+ $hasLocs = Database::queryColumnArray("SELECT locationid FROM remoteaccess_x_location WHERE groupid = :id",
+ ['id' => $groupid]);
+ $diff = array_diff($hasLocs, $allowed);
+ return empty($diff);
+ }
+
}
diff --git a/modules-available/remoteaccess/permissions/permissions.json b/modules-available/remoteaccess/permissions/permissions.json
new file mode 100644
index 00000000..c91ce7ae
--- /dev/null
+++ b/modules-available/remoteaccess/permissions/permissions.json
@@ -0,0 +1,17 @@
+{
+ "view": {
+ "location-aware": false
+ },
+ "group.locations": {
+ "location-aware": true
+ },
+ "group.add": {
+ "location-aware": false
+ },
+ "group.edit": {
+ "location-aware": false
+ },
+ "set-proxy-ip": {
+ "location-aware": false
+ }
+} \ No newline at end of file
diff --git a/modules-available/remoteaccess/templates/edit-group.html b/modules-available/remoteaccess/templates/edit-group.html
index 2c207ca5..0f09f071 100644
--- a/modules-available/remoteaccess/templates/edit-group.html
+++ b/modules-available/remoteaccess/templates/edit-group.html
@@ -6,7 +6,12 @@
<input type="hidden" name="groupid" value="{{groupid}}">
<div class="buttonbar pull-right">
- <button type="submit" class="btn btn-primary" name="action" value="set-locations">
+ <button type="submit" class="btn btn-danger" name="action" value="delete-group" data-confirm="{{lang_reallyDelete}}"
+ {{perms.group.locations.disabled}} {{perms.group.edit.disabled}}>
+ <span class="glyphicon glyphicon-remove"></span>
+ {{lang_delete}}
+ </button>
+ <button type="submit" class="btn btn-primary" name="action" value="set-locations" {{perms.group.locations.disabled}}>
<span class="glyphicon glyphicon-floppy-disk"></span>
{{lang_save}}
</button>
@@ -21,20 +26,20 @@
<td class="slx-smallcol">
<div class="checkbox checkbox-inline">
<input type="checkbox" name="location[]" value="{{locationid}}" id="loc-check-{{locationid}}"
- {{checked}}>
+ {{checked}} {{disabled}}>
<label></label>
</div>
</td>
<td class="text-nowrap">
<div style="display:inline-block;width:{{depth}}em"></div>
- <label for="loc-check-{{locationid}}">{{locationname}}</label>
+ <label for="loc-check-{{locationid}}" class="{{disabled}}">{{locationname}}</label>
</td>
</tr>
{{/locations}}
</table>
</div>
<div class="buttonbar pull-right">
- <button type="submit" class="btn btn-primary" name="action" value="set-locations">
+ <button type="submit" class="btn btn-primary" name="action" value="set-locations" {{perms.group.locations.disabled}}>
<span class="glyphicon glyphicon-floppy-disk"></span>
{{lang_save}}
</button>
diff --git a/modules-available/remoteaccess/templates/edit-settings.html b/modules-available/remoteaccess/templates/edit-settings.html
index 2712cf04..3c890b91 100644
--- a/modules-available/remoteaccess/templates/edit-settings.html
+++ b/modules-available/remoteaccess/templates/edit-settings.html
@@ -1,23 +1,38 @@
<h2>{{lang_remoteAccessSettings}}</h2>
+<h3>{{lang_general}}</h3>
+
<form method="post" action="?do=remoteaccess">
<input type="hidden" name="token" value="{{token}}">
<div class="form-group">
<label>
{{lang_allowedAccessToVncPort}}
- <input type="text" class="form-control" name="allowed-source" value="{{allowed-source}}" required>
+ <input type="text" class="form-control" name="allowed-source" value="{{allowed-source}}"
+ required {{perms.set-proxy-ip.disabled}}>
</label>
<p>{{lang_allowAccessText}}</p>
</div>
<div class="form-group">
<div class="checkbox">
<input type="checkbox" name="virt-handover" value="1"
- id="virt-handover" {{virt-handover_checked}}>
+ id="virt-handover" {{virt-handover_checked}} {{perms.set-proxy-ip.disabled}}>
<label for="virt-handover">{{lang_tryVirtualizerHandover}}</label>
</div>
<p>{{lang_tryVirtualizerText}}</p>
</div>
+ <div class="buttonbar pull-right">
+ <button type="submit" class="btn btn-primary" name="action" value="save-settings" {{perms.set-proxy-ip.disabled}}>
+ <span class="glyphicon glyphicon-floppy-disk"></span>
+ {{lang_save}}
+ </button>
+ </div>
+ <div class="clearfix"></div>
+</form>
+
+<h3>{{lang_groups}}</h3>
+<form method="post" action="?do=remoteaccess">
+ <input type="hidden" name="token" value="{{token}}">
<div class="form-group">
<p>{{lang_groupListText}}</p>
<table class="table table-condensed table-hover">
@@ -35,12 +50,13 @@
<td class="slx-smallcol">
<div class="checkbox checkbox-inline">
<input type="checkbox" name="group[{{groupid}}][active]" value="1" id="group-check-{{groupid}}"
- {{checked}}>
+ {{checked}} {{perms.group.edit.disabled}}>
<label for="group-check-{{groupid}}"></label>
</div>
</td>
<td class="text-nowrap">
- <input type="text" class="form-control" name="group[{{groupid}}][groupname]" value="{{groupname}}">
+ <input type="text" class="form-control" name="group[{{groupid}}][groupname]" value="{{groupname}}"
+ {{perms.group.edit.disabled}}>
</td>
<td class="text-right text-nowrap">
<span class="badge">{{locs}}</span>
@@ -49,21 +65,23 @@
</a>
</td>
<td>
- <input type="number" class="form-control" name="group[{{groupid}}][wolcount]" value="{{wolcount}}">
+ <input type="number" class="form-control" name="group[{{groupid}}][wolcount]" value="{{wolcount}}"
+ {{perms.group.edit.disabled}}>
</td>
<td>
- <input type="text" class="form-control" name="group[{{groupid}}][passwd]" value="{{passwd}}">
+ <input type="text" class="form-control" name="group[{{groupid}}][passwd]" value="{{passwd}}"
+ {{perms.group.edit.disabled}}>
</td>
</tr>
{{/groups}}
</table>
</div>
<div class="buttonbar pull-right">
- <button type="submit" class="btn btn-success" name="action" value="add-group">
+ <button type="submit" class="btn btn-success" name="action" value="add-group" {{perms.group.add.disabled}}>
<span class="glyphicon glyphicon-plus"></span>
{{lang_add}}
</button>
- <button type="submit" class="btn btn-primary" name="action" value="save-settings">
+ <button type="submit" class="btn btn-primary" name="action" value="save-groups" {{perms.group.edit.disabled}}>
<span class="glyphicon glyphicon-floppy-disk"></span>
{{lang_save}}
</button>