diff options
Diffstat (limited to 'modules-available/permissionmanager/install.inc.php')
-rw-r--r-- | modules-available/permissionmanager/install.inc.php | 33 |
1 files changed, 23 insertions, 10 deletions
diff --git a/modules-available/permissionmanager/install.inc.php b/modules-available/permissionmanager/install.inc.php index 292a5f52..ae6c9b03 100644 --- a/modules-available/permissionmanager/install.inc.php +++ b/modules-available/permissionmanager/install.inc.php @@ -31,7 +31,7 @@ $res[] = tableCreate('role_x_location', " $res[] = tableCreate('role_x_permission', " roleid int(10) unsigned NOT NULL, - permissionid varchar(200) NOT NULL, + permissionid varchar(100) NOT NULL, PRIMARY KEY (roleid, permissionid) "); @@ -109,14 +109,20 @@ if (!tableHasColumn('role', 'builtin')) { $res[] = UPDATE_DONE; } +// 2022-07-06 permissionid too long for older mariadb versions +if (stripos(tableColumnType('role_x_permission', 'permissionid'), 'varchar(200)') !== false) { + $alter = Database::exec("ALTER TABLE role_x_permission MODIFY permissionid varchar(100) NOT NULL"); + if ($alter === false) + finalResponse(UPDATE_FAILED, 'Cannot shorten permissionid to 100: ' . Database::lastError()); + $res[] = UPDATE_DONE; +} + if (Database::exec("INSERT INTO `role` (roleid, rolename, builtin, roledescription) VALUES (1,'Super-Admin', 1, 'Hat keinerlei Zugriffsbeschränkungen'), (2,'Admin', 1, 'Alles bis auf Rechte-/Nutzerverwaltung'), (3,'Prüfungsadmin', 1, 'Kann E-Prüfungen verwalten, Prüfungsmodus einschalten, etc.'), (4,'Lesezugriff', 1, 'Kann auf die meisten Seiten zugreifen, jedoch keine Änderungen vornehmen') ON DUPLICATE KEY UPDATE rolename = VALUES(rolename), builtin = 1, roledescription = VALUES(roledescription)") !== false) { - // Old ruleset accidentally gave write permissions to the read-only role - Database::exec("DELETE FROM role_x_permission WHERE roleid = 4 AND permissionid = 'news.*'"); // Assign roles to location (all) Database::exec("DELETE FROM role_x_location WHERE roleid IN (1,2,3,4)"); Database::exec("INSERT INTO `role_x_location` VALUES (1,NULL),(2,NULL),(3,NULL),(4,NULL)"); @@ -124,24 +130,26 @@ if (Database::exec("INSERT INTO `role` (roleid, rolename, builtin, roledescripti Database::exec("DELETE FROM role_x_permission WHERE roleid IN (1,2,3,4)"); // Assign permissions to roles Database::exec("INSERT IGNORE INTO `role_x_permission` VALUES + -- Exams Admin (3,'exams.exams.*'), + (3,'locations.location.view'), (3,'rebootcontrol.action.*'), (3,'statistics.hardware.projectors.view'), + (3,'statistics.hints'), (3,'statistics.machine.note.*'), (3,'statistics.machine.view-details'), (3,'statistics.view.*'), (3,'syslog.view'), - + -- Super Admin (1,'*'), - + -- Read only (4,'adduser.user.view-list'), - (4,'backup.create'), (4,'baseconfig.view'), (4,'dnbd3.access-page'), - (4,'dnbd3.refresh'), (4,'dnbd3.view.details'), (4,'dozmod.actionlog.view'), (4,'dozmod.users.view'), + (4,'eventlog.filter.rules.view'), (4,'eventlog.view'), (4,'exams.exams.view'), (4,'locationinfo.backend.check'), @@ -149,13 +157,16 @@ if (Database::exec("INSERT INTO `role` (roleid, rolename, builtin, roledescripti (4,'locations.location.view'), (4,'minilinux.view'), (4,'news.access-page'), + (4,'passthrough.view'), (4,'permissionmanager.locations.view'), (4,'permissionmanager.roles.view'), (4,'permissionmanager.users.view'), + (4,'remoteaccess.view'), (4,'runmode.list-all'), (4,'serversetup.access-page'), (4,'serversetup.download'), (4,'statistics.hardware.projectors.view'), + (4,'statistics.hints'), (4,'statistics.machine.note.view'), (4,'statistics.machine.view-details'), (4,'statistics.view.*'), @@ -171,22 +182,24 @@ if (Database::exec("INSERT INTO `role` (roleid, rolename, builtin, roledescripti (4,'webinterface.access-page'), (4,'rebootcontrol.subnet.view'), (4,'rebootcontrol.jumphost.view'), - + -- Admin (2,'adduser.user.view-list'), (2,'backup.*'), (2,'baseconfig.*'), (2,'dnbd3.*'), (2,'dozmod.*'), - (2,'eventlog.view'), + (2,'eventlog.*'), (2,'exams.exams.*'), (2,'locationinfo.*'), (2,'locations.*'), (2,'minilinux.*'), (2,'news.*'), + (4,'passthrough.*'), (2,'permissionmanager.locations.view'), (2,'permissionmanager.roles.view'), (2,'permissionmanager.users.view'), (2,'rebootcontrol.*'), + (2,'remoteaccess.*'), (2,'roomplanner.edit'), (2,'runmode.list-all'), (2,'serversetup.*'), @@ -195,7 +208,7 @@ if (Database::exec("INSERT INTO `role` (roleid, rolename, builtin, roledescripti (2,'sysconfig.*'), (2,'syslog.*'), (2,'systemstatus.*'), - (2,'vmstore.edit'), + (2,'vmstore.*'), (2,'webinterface.*')"); Database::exec("OPTIMIZE TABLE role_x_permission"); // Assign the first user to the superadmin role (if one exists) |