summaryrefslogtreecommitdiffstats
path: root/modules-available/permissionmanager/install.inc.php
diff options
context:
space:
mode:
Diffstat (limited to 'modules-available/permissionmanager/install.inc.php')
-rw-r--r--modules-available/permissionmanager/install.inc.php33
1 files changed, 23 insertions, 10 deletions
diff --git a/modules-available/permissionmanager/install.inc.php b/modules-available/permissionmanager/install.inc.php
index 292a5f52..ae6c9b03 100644
--- a/modules-available/permissionmanager/install.inc.php
+++ b/modules-available/permissionmanager/install.inc.php
@@ -31,7 +31,7 @@ $res[] = tableCreate('role_x_location', "
$res[] = tableCreate('role_x_permission', "
roleid int(10) unsigned NOT NULL,
- permissionid varchar(200) NOT NULL,
+ permissionid varchar(100) NOT NULL,
PRIMARY KEY (roleid, permissionid)
");
@@ -109,14 +109,20 @@ if (!tableHasColumn('role', 'builtin')) {
$res[] = UPDATE_DONE;
}
+// 2022-07-06 permissionid too long for older mariadb versions
+if (stripos(tableColumnType('role_x_permission', 'permissionid'), 'varchar(200)') !== false) {
+ $alter = Database::exec("ALTER TABLE role_x_permission MODIFY permissionid varchar(100) NOT NULL");
+ if ($alter === false)
+ finalResponse(UPDATE_FAILED, 'Cannot shorten permissionid to 100: ' . Database::lastError());
+ $res[] = UPDATE_DONE;
+}
+
if (Database::exec("INSERT INTO `role` (roleid, rolename, builtin, roledescription) VALUES
(1,'Super-Admin', 1, 'Hat keinerlei Zugriffsbeschränkungen'),
(2,'Admin', 1, 'Alles bis auf Rechte-/Nutzerverwaltung'),
(3,'Prüfungsadmin', 1, 'Kann E-Prüfungen verwalten, Prüfungsmodus einschalten, etc.'),
(4,'Lesezugriff', 1, 'Kann auf die meisten Seiten zugreifen, jedoch keine Änderungen vornehmen')
ON DUPLICATE KEY UPDATE rolename = VALUES(rolename), builtin = 1, roledescription = VALUES(roledescription)") !== false) {
- // Old ruleset accidentally gave write permissions to the read-only role
- Database::exec("DELETE FROM role_x_permission WHERE roleid = 4 AND permissionid = 'news.*'");
// Assign roles to location (all)
Database::exec("DELETE FROM role_x_location WHERE roleid IN (1,2,3,4)");
Database::exec("INSERT INTO `role_x_location` VALUES (1,NULL),(2,NULL),(3,NULL),(4,NULL)");
@@ -124,24 +130,26 @@ if (Database::exec("INSERT INTO `role` (roleid, rolename, builtin, roledescripti
Database::exec("DELETE FROM role_x_permission WHERE roleid IN (1,2,3,4)");
// Assign permissions to roles
Database::exec("INSERT IGNORE INTO `role_x_permission` VALUES
+ -- Exams Admin
(3,'exams.exams.*'),
+ (3,'locations.location.view'),
(3,'rebootcontrol.action.*'),
(3,'statistics.hardware.projectors.view'),
+ (3,'statistics.hints'),
(3,'statistics.machine.note.*'),
(3,'statistics.machine.view-details'),
(3,'statistics.view.*'),
(3,'syslog.view'),
-
+ -- Super Admin
(1,'*'),
-
+ -- Read only
(4,'adduser.user.view-list'),
- (4,'backup.create'),
(4,'baseconfig.view'),
(4,'dnbd3.access-page'),
- (4,'dnbd3.refresh'),
(4,'dnbd3.view.details'),
(4,'dozmod.actionlog.view'),
(4,'dozmod.users.view'),
+ (4,'eventlog.filter.rules.view'),
(4,'eventlog.view'),
(4,'exams.exams.view'),
(4,'locationinfo.backend.check'),
@@ -149,13 +157,16 @@ if (Database::exec("INSERT INTO `role` (roleid, rolename, builtin, roledescripti
(4,'locations.location.view'),
(4,'minilinux.view'),
(4,'news.access-page'),
+ (4,'passthrough.view'),
(4,'permissionmanager.locations.view'),
(4,'permissionmanager.roles.view'),
(4,'permissionmanager.users.view'),
+ (4,'remoteaccess.view'),
(4,'runmode.list-all'),
(4,'serversetup.access-page'),
(4,'serversetup.download'),
(4,'statistics.hardware.projectors.view'),
+ (4,'statistics.hints'),
(4,'statistics.machine.note.view'),
(4,'statistics.machine.view-details'),
(4,'statistics.view.*'),
@@ -171,22 +182,24 @@ if (Database::exec("INSERT INTO `role` (roleid, rolename, builtin, roledescripti
(4,'webinterface.access-page'),
(4,'rebootcontrol.subnet.view'),
(4,'rebootcontrol.jumphost.view'),
-
+ -- Admin
(2,'adduser.user.view-list'),
(2,'backup.*'),
(2,'baseconfig.*'),
(2,'dnbd3.*'),
(2,'dozmod.*'),
- (2,'eventlog.view'),
+ (2,'eventlog.*'),
(2,'exams.exams.*'),
(2,'locationinfo.*'),
(2,'locations.*'),
(2,'minilinux.*'),
(2,'news.*'),
+ (4,'passthrough.*'),
(2,'permissionmanager.locations.view'),
(2,'permissionmanager.roles.view'),
(2,'permissionmanager.users.view'),
(2,'rebootcontrol.*'),
+ (2,'remoteaccess.*'),
(2,'roomplanner.edit'),
(2,'runmode.list-all'),
(2,'serversetup.*'),
@@ -195,7 +208,7 @@ if (Database::exec("INSERT INTO `role` (roleid, rolename, builtin, roledescripti
(2,'sysconfig.*'),
(2,'syslog.*'),
(2,'systemstatus.*'),
- (2,'vmstore.edit'),
+ (2,'vmstore.*'),
(2,'webinterface.*')");
Database::exec("OPTIMIZE TABLE role_x_permission");
// Assign the first user to the superadmin role (if one exists)
generated by cgit v1.2.3-55-g7522 (git 2.39.0) at 2024-04-27 22:50:56 +0200