summaryrefslogtreecommitdiffstats
path: root/modules-available/locationinfo/page.inc.php
diff options
context:
space:
mode:
Diffstat (limited to 'modules-available/locationinfo/page.inc.php')
-rw-r--r--modules-available/locationinfo/page.inc.php166
1 files changed, 136 insertions, 30 deletions
diff --git a/modules-available/locationinfo/page.inc.php b/modules-available/locationinfo/page.inc.php
index 777b84db..7be875d0 100644
--- a/modules-available/locationinfo/page.inc.php
+++ b/modules-available/locationinfo/page.inc.php
@@ -2,16 +2,15 @@
class Page_LocationInfo extends Page
{
-
- private $action;
+ private $show;
/**
* Called before any page rendering happens - early hook to check parameters etc.
*/
protected function doPreprocess()
{
- $show = Request::any('show', '', 'string');
- if ($show === 'panel') {
+ $this->show = Request::any('show', false, 'string');
+ if ($this->show === 'panel') {
$this->showPanel();
exit(0);
}
@@ -20,30 +19,38 @@ class Page_LocationInfo extends Page
Message::addError('main.no-permission');
Util::redirect('?do=Main'); // does not return
}
- $this->action = Request::post('action');
- if ($this->action === 'writePanelConfig') {
+ $action = Request::post('action');
+ if ($action === 'writePanelConfig') {
$this->writePanelConfig();
- } elseif ($this->action === 'writeLocationConfig') {
+ } elseif ($action === 'writeLocationConfig') {
$this->writeLocationConfig();
$show = 'locations';
- } elseif ($this->action === 'deleteServer') {
+ } elseif ($action === 'deleteServer') {
$this->deleteServer();
- } elseif ($this->action === 'deletePanel') {
+ } elseif ($action === 'deletePanel') {
$this->deletePanel();
- } elseif ($this->action === 'checkConnection') {
+ } elseif ($action === 'checkConnection') {
$this->checkConnection(Request::post('serverid', 0, 'int'));
$show = 'backends';
- } elseif ($this->action === 'updateServerSettings') {
+ } elseif ($action === 'updateServerSettings') {
$this->updateServerSettings();
$show = 'backends';
} elseif (Request::isPost()) {
- Message::addWarning('main.invalid-action', $this->action);
+ Message::addWarning('main.invalid-action', $action);
}
- if (Request::isPost()) {
+ if (Request::isPost() || $this->show === false) {
if (!empty($show)) {
- $show = '&show=' . $show;
+ //
+ } elseif (User::hasPermission('panel.list')) {
+ $show = 'panels';
+ } elseif (User::hasPermission('location.*')) {
+ $show = 'locations';
+ } elseif (User::hasPermission('backend.*')) {
+ $show = 'backends';
+ } else {
+ User::assertPermission('panel.list');
}
- Util::redirect('?do=locationinfo' . $show);
+ Util::redirect('?do=locationinfo&show=' . $show);
}
}
@@ -53,10 +60,13 @@ class Page_LocationInfo extends Page
protected function doRender()
{
// Do this here so we always see backend errors
- $backends = $this->loadBackends();
- $show = Request::get('show', '', 'string');
- Render::addTemplate('page-tabs', array('class-' . $show => 'active'));
- switch ($show) {
+ if (User::hasPermission('backend.*')) {
+ $backends = $this->loadBackends();
+ }
+ $data = array('class-' . $this->show => 'active');
+ Permission::addGlobalTags($data['perms'], null, ['backend.*', 'location.*', 'panel.list']);
+ Render::addTemplate('page-tabs', $data);
+ switch ($this->show) {
case 'locations':
$this->showLocationsTable();
break;
@@ -66,7 +76,7 @@ class Page_LocationInfo extends Page
case 'edit-panel':
$this->showPanelConfig();
break;
- case '':
+ case 'panels':
$this->showPanelsTable();
break;
default:
@@ -79,6 +89,7 @@ class Page_LocationInfo extends Page
*/
private function deleteServer()
{
+ User::assertPermission('backend.edit');
$id = Request::post('serverid', false, 'int');
if ($id === false) {
Message::addError('server-id-missing');
@@ -97,10 +108,14 @@ class Page_LocationInfo extends Page
Message::addError('main.parameter-missing', 'uuid');
return;
}
+ $this->assertPanelPermission($id, 'panel.edit');
$res = Database::exec("DELETE FROM `locationinfo_panel` WHERE paneluuid = :id", array('id' => $id));
if ($res !== 1) {
Message::addWarning('invalid-panel-id', $id);
}
+ if (Module::isAvailable('runmode')) {
+ RunMode::deleteMode(Page::getModule(), $id);
+ }
}
private function getTime($str)
@@ -123,6 +138,8 @@ class Page_LocationInfo extends Page
Message::addError('location.invalid-location-id', $locationid);
return false;
}
+ User::assertPermission('location.edit', $locationid);
+
$serverid = Request::post('serverid', 0, 'int');
if ($serverid === 0) {
$serverid = null;
@@ -304,6 +321,8 @@ class Page_LocationInfo extends Page
Util::redirect('?do=locationinfo');
}
+ // Permission
+ $this->assertPanelPermission($paneluuid, 'panel.edit', $params['locationids']);
if ($paneluuid === 'new') {
$paneluuid = Util::randomUuid();
@@ -340,6 +359,7 @@ class Page_LocationInfo extends Page
'vertical' => Request::post('vertical', false, 'bool'),
'eco' => Request::post('eco', false, 'bool'),
'prettytime' => Request::post('prettytime', false, 'bool'),
+ 'roomplanner' => Request::post('roomplanner', false, 'bool'),
'scaledaysauto' => Request::post('scaledaysauto', false, 'bool'),
'daystoshow' => Request::post('daystoshow', 7, 'int'),
'rotation' => Request::post('rotation', 0, 'int'),
@@ -369,9 +389,19 @@ class Page_LocationInfo extends Page
private function preparePanelConfigSummary()
{
+ // Build json structure
+ $conf = array(
+ 'language' => Request::post('language', 'en', 'string'),
+ 'eco' => Request::post('eco', false, 'bool'),
+ 'roomplanner' => Request::post('roomplanner', false, 'bool'),
+ 'panelupdate' => Request::post('panelupdate', 30, 'int')
+ );
+ if ($conf['panelupdate'] < 15) {
+ $conf['panelupdate'] = 15;
+ }
// Check locations
$locationids = self::getLocationIdsFromRequest(true);
- return array('locationids' => $locationids);
+ return array('config' => $conf, 'locationids' => $locationids);
}
/**
@@ -379,6 +409,7 @@ class Page_LocationInfo extends Page
*/
private function updateServerSettings()
{
+ User::assertPermission('backend.edit');
$serverid = Request::post('id', -1, 'int');
$servername = Request::post('name', 'unnamed', 'string');
$servertype = Request::post('type', '', 'string');
@@ -423,6 +454,7 @@ class Page_LocationInfo extends Page
if ($serverid === 0) {
Util::traceError('checkConnection called with no server id');
}
+ User::assertPermission('backend.check');
$dbresult = Database::queryFirst("SELECT servertype, credentials
FROM `locationinfo_coursebackend`
@@ -482,14 +514,22 @@ class Page_LocationInfo extends Page
*/
private function showBackendsTable($serverlist)
{
- // Pass the data to the html and render it.
- Render::addTemplate('page-servers', array(
+ User::assertPermission('backend.*');
+ $data = array(
'serverlist' => $serverlist,
- ));
+ );
+ Permission::addGlobalTags($data['perms'], null, ['backend.edit', 'backend.check']);
+ // Pass the data to the html and render it.
+ Render::addTemplate('page-servers', $data);
}
private function showLocationsTable()
{
+ $allowedLocations = User::getAllowedLocations('location.edit');
+ if (empty($allowedLocations)) {
+ Message::addError('main.no-permission');
+ return;
+ }
$locations = Location::getLocations(0, 0, false, true);
// Get hidden state of all locations
@@ -499,7 +539,7 @@ class Page_LocationInfo extends Page
while ($row = $dbquery->fetch(PDO::FETCH_ASSOC)) {
$locid = (int)$row['locationid'];
- if (!isset($locations[$locid]))
+ if (!isset($locations[$locid]) || !in_array($locid, $allowedLocations))
continue;
$glyph = !empty($row['openingtime']) ? 'ok' : '';
$backend = '';
@@ -517,6 +557,7 @@ class Page_LocationInfo extends Page
$stack = array();
$depth = -1;
foreach ($locations as &$location) {
+ $location['allowed'] = in_array($location['locationid'], $allowedLocations);
while ($location['depth'] <= $depth) {
array_pop($stack);
$depth--;
@@ -537,6 +578,13 @@ class Page_LocationInfo extends Page
private function showPanelsTable()
{
+ $visibleLocations = User::getAllowedLocations('panel.list');
+ $editLocations = User::getAllowedLocations('panel.edit');
+ $assignLocations = USer::getAllowedLocations('panel.assign-client');
+ if (empty($visibleLocations)) {
+ Message::addError('main.no-permission');
+ return;
+ }
$res = Database::simpleQuery('SELECT p.paneluuid, p.panelname, p.locationids, p.panelconfig,
p.paneltype FROM locationinfo_panel p
ORDER BY panelname ASC');
@@ -550,16 +598,25 @@ class Page_LocationInfo extends Page
if ($row['paneltype'] === 'URL') {
$url = json_decode($row['panelconfig'], true)['url'];
$row['locations'] = $row['locationurl'] = $url;
+ $row['edit_disabled'] = empty($editLocations) ? 'disabled' : '';
+ $row['runmode_disabled'] = empty($assignLocations) ? 'disabled' : '';
} else {
$lids = explode(',', $row['locationids']);
+ // Permissions
+ if (!empty(array_diff($lids, $visibleLocations))) {
+ continue;
+ }
+ $row['edit_disabled'] = !empty(array_diff($lids, $editLocations)) ? 'disabled' : '';
+ $row['runmode_disabled'] = !empty(array_diff($lids, $assignLocations)) ? 'disabled' : '';
+ // Locations
$locs = array_map(function ($id) use ($locations) {
return isset($locations[$id]) ? $locations[$id]['locationname'] : $id;
}, $lids);
$row['locations'] = implode(', ', $locs);
}
$len = mb_strlen($row['panelname']);
- if ($len < 5) {
- $row['panelname'] .= str_repeat('…', 5 - $len);
+ if ($len < 3) {
+ $row['panelname'] .= str_repeat(' ', 3 - $len);
}
if ($hasRunmode && isset($runmodes[$row['paneluuid']])) {
$row['assignedMachineCount'] = count($runmodes[$row['paneluuid']]);
@@ -594,6 +651,7 @@ class Page_LocationInfo extends Page
*/
private function ajaxServerSettings($id)
{
+ User::assertPermission('backend.edit');
$oldConfig = Database::queryFirst('SELECT servername, servertype, credentials
FROM `locationinfo_coursebackend` WHERE serverid = :id', array('id' => $id));
@@ -641,6 +699,7 @@ class Page_LocationInfo extends Page
*/
private function ajaxConfigLocation($id)
{
+ User::assertPermission('location.edit', $id);
$locConfig = Database::queryFirst("SELECT serverid, serverlocationid, openingtime FROM `locationinfo_locationconfig` WHERE locationid = :id", array('id' => $id));
if ($locConfig !== false) {
$openingtimes = json_decode($locConfig['openingtime'], true);
@@ -843,8 +902,14 @@ class Page_LocationInfo extends Page
}
$config = json_decode($panel['panelconfig'], true);
+ if (!isset($config['roomplanner'])) {
+ $config['roomplanner'] = false;
+ }
}
+ // Permission
+ $this->assertPanelPermission($panel, 'panel.edit');
+
$def = LocationInfo::defaultPanelConfig($panel['paneltype']);
if (!is_array($config)) {
$config = $def;
@@ -871,6 +936,7 @@ class Page_LocationInfo extends Page
'vertical_checked' => $config['vertical'] ? 'checked' : '',
'eco_checked' => $config['eco'] ? 'checked' : '',
'prettytime_checked' => $config['prettytime'] ? 'checked' : '',
+ 'roomplanner_checked' => $config['roomplanner'] ? 'checked' : '',
'scaledaysauto_checked' => $config['scaledaysauto'] ? 'checked' : '',
'daystoshow' => $config['daystoshow'],
'rotation' => $config['rotation'],
@@ -896,9 +962,11 @@ class Page_LocationInfo extends Page
'uuid' => $id,
'panelname' => $panel['panelname'],
'languages' => $langs,
- 'roomupdate' => $config['roomupdate'],
+ 'panelupdate' => $config['panelupdate'],
+ 'roomplanner_checked' => $config['roomplanner'] ? 'checked' : '',
'locations' => Location::getLocations(),
'locationids' => $panel['locationids'],
+ 'eco_checked' => $config['eco'] ? 'checked' : '',
));
}
}
@@ -934,7 +1002,7 @@ class Page_LocationInfo extends Page
'language' => $config['language'],
);
- die(Render::parse('frontend-default', $data));
+ die(Render::parse('frontend-default', $data, $module = false, $lang = $config['language']));
}
if ($type === 'SUMMARY') {
@@ -946,11 +1014,49 @@ class Page_LocationInfo extends Page
'language' => $config['language'],
);
- die(Render::parse('frontend-summary', $data));
+ die(Render::parse('frontend-summary', $data, $module = false, $lang = $config['language']));
}
http_response_code(500);
die('Unknown panel type ' . $type);
}
+ /**
+ * @param string|array $panelOrUuid UUID of panel, or array with keys paneltype and locationds
+ * @param string $permission
+ * @param null|int[] $additionalLocations
+ */
+ private function assertPanelPermission($panelOrUuid, $permission, $additionalLocations = null)
+ {
+ if (is_array($panelOrUuid)) {
+ $panel = $panelOrUuid;
+ } else {
+ $panel = Database::queryFirst('SELECT paneltype, locationids FROM locationinfo_panel
+ WHERE paneluuid = :uuid', ['uuid' => $panelOrUuid]);
+ }
+ if ($panel === false || $panel['paneltype'] === 'URL' || empty($panel['locationids'])) {
+ if (empty($additionalLocations)) {
+ User::assertPermission($permission, null, '?do=locationinfo');
+ return;
+ }
+ }
+ $allowed = User::getAllowedLocations($permission);
+ if (in_array(0, $allowed))
+ return;
+ if (!empty($allowed)) {
+ if (isset($panel['locationids'])) {
+ $locations = explode(',', $panel['locationids']);
+ } else {
+ $locations = [];
+ }
+ if (!empty($additionalLocations)) {
+ $locations = array_merge($locations, $additionalLocations);
+ }
+ if (empty(array_diff($locations, $allowed)))
+ return;
+ }
+ Message::addError('main.no-permission');
+ Util::redirect('?do=locationinfo');
+ }
+
}
generated by cgit v1.2.3-55-g7522 (git 2.39.0) at 2024-04-20 06:46:13 +0200