summaryrefslogtreecommitdiffstats
path: root/modules-available/permissionmanager/page.inc.php
diff options
context:
space:
mode:
Diffstat (limited to 'modules-available/permissionmanager/page.inc.php')
-rw-r--r--modules-available/permissionmanager/page.inc.php218
1 files changed, 145 insertions, 73 deletions
diff --git a/modules-available/permissionmanager/page.inc.php b/modules-available/permissionmanager/page.inc.php
index 13d81c6a..462d3163 100644
--- a/modules-available/permissionmanager/page.inc.php
+++ b/modules-available/permissionmanager/page.inc.php
@@ -17,22 +17,38 @@ class Page_PermissionManager extends Page
$action = Request::any('action', 'show', 'string');
if ($action === 'addRoleToUser') {
+ User::assertPermission('users.edit-roles');
$users = Request::post('users', '');
$roles = Request::post('roles', '');
PermissionDbUpdate::addRoleToUser($users, $roles);
} elseif ($action === 'removeRoleFromUser') {
+ User::assertPermission('users.edit-roles');
$users = Request::post('users', '');
$roles = Request::post('roles', '');
PermissionDbUpdate::removeRoleFromUser($users, $roles);
} elseif ($action === 'deleteRole') {
- $id = Request::post('deleteId', false, 'string');
+ User::assertPermission('roles.edit');
+ $id = Request::post('deleteId', false, 'int');
PermissionDbUpdate::deleteRole($id);
} elseif ($action === 'saveRole') {
- $roleID = Request::post("roleid", false);
- $rolename = Request::post("rolename");
- $locations = self::processLocations(Request::post("locations"));
+ User::assertPermission('roles.edit');
+ $roleID = Request::post("roleid", false, 'int');
+ if ($roleID === false) {
+ Message::addError('main.parameter-missing', 'roleid');
+ Util::redirect('?do=permissionmanager');
+ }
+ $roleName = Request::post("rolename", '', 'string');
+ if (empty($roleName)) {
+ Message::addError('main.parameter-empty', 'rolename');
+ Util::redirect('?do=permissionmanager');
+ }
+ $roleDescription = Request::post('roledescription', '', 'string');
+ $locations = self::processLocations(Request::post("locations", [], 'array'));
$permissions = self::processPermissions(Request::post("permissions"));
- PermissionDbUpdate::saveRole($rolename, $locations, $permissions, $roleID);
+ PermissionDbUpdate::saveRole($roleName, $roleDescription, $locations, $permissions, $roleID);
+ }
+ if (Request::isPost()) {
+ Util::redirect('?do=permissionmanager&show=' . Request::get("show", "roles"));
}
}
@@ -41,47 +57,76 @@ class Page_PermissionManager extends Page
*/
protected function doRender()
{
- $show = Request::get("show", "roles");
+ $show = Request::get("show", false, 'string');
+
+ // "Public" page -- nice "permission denied" message
+ if ($show === 'denied') {
+ Render::addTemplate('page-permission-denied', [
+ 'name' => User::getName(),
+ 'permission' => Request::get('permission', false, 'string'),
+ ]);
+ return;
+ }
+
+ if ($show === false) {
+ foreach (['roles', 'users', 'locations'] as $show) {
+ if (User::hasPermission($show . '.*'))
+ break;
+ }
+ }
// switch between tables, but always show menu to switch tables
- if ( $show === 'roles' || $show === 'users' || $show === 'locations' ) {
- // get menu button colors
- $buttonColors = array();
- $buttonColors['rolesButtonClass'] = $show === 'roles' ? 'active' : '';
- $buttonColors['usersButtonClass'] = $show === 'users' ? 'active' : '';
- $buttonColors['locationsButtonClass'] = $show === 'locations' ? 'active' : '';
-
- Render::addtemplate('_page', $buttonColors);
-
- if ($show === "roles") {
- $data = array("roles" => GetPermissionData::getRoles());
- Render::addTemplate('rolestable', $data);
- } elseif ($show === "users") {
- $data = array("user" => GetPermissionData::getUserData(), "roles" => GetPermissionData::getRoles());
- Render::addTemplate('userstable', $data);
- } elseif ($show === "locations") {
- $data = array("location" => GetPermissionData::getLocationData(), "allroles" => GetPermissionData::getRoles());
- Render::addTemplate('locationstable', $data);
+ // get menu button colors
+ $data = array();
+ if ($show === "roleEditor") {
+ $data['groupClass'] = 'btn-group-muted';
+ $data['rolesButtonClass'] = 'active';
+ } else {
+ $data[$show . 'ButtonClass'] = 'active';
+ }
+ Permission::addGlobalTags($data['perms'], null, ['roles.*', 'users.*', 'locations.*']);
+
+ Render::addtemplate('header-menu', $data);
+
+ if ($show === "roles") {
+ User::assertPermission('roles.*');
+ $data = array("roles" => GetPermissionData::getRoles(GetPermissionData::WITH_USER_COUNT));
+ Permission::addGlobalTags($data['perms'], null, ['roles.edit']);
+ Render::addTemplate('rolestable', $data);
+ } elseif ($show === "users") {
+ User::assertPermission('users.*');
+ $data = array("user" => GetPermissionData::getUserData());
+ if (User::hasPermission('users.edit-roles')) {
+ $data['allroles'] = GetPermissionData::getRoles();
}
+ Permission::addGlobalTags($data['perms'], null, ['users.edit-roles']);
+ Render::addTemplate('role-filter-selectize', $data);
+ Render::addTemplate('userstable', $data);
+ } elseif ($show === "locations") {
+ User::assertPermission('locations.*');
+ $data = array("location" => GetPermissionData::getLocationData(), "allroles" => GetPermissionData::getRoles());
+ Render::addTemplate('role-filter-selectize', $data);
+ Render::addTemplate('locationstable', $data);
} elseif ($show === "roleEditor") {
- $data = array("cancelShow" => Request::get("cancel", "roles"));
+ User::assertPermission('roles.*');
+ $data = array("cancelShow" => Request::get("cancel", "roles", 'string'));
+ Permission::addGlobalTags($data['perms'], null, ['roles.edit']);
$selectedPermissions = array();
$selectedLocations = array();
- $roleid = Request::get("roleid", false);
- if ($roleid) {
- $roleData = GetPermissionData::getRoleData($roleid);
- $data["roleid"] = $roleid;
- $data["rolename"] = $roleData["rolename"];
- $selectedPermissions = $roleData["permissions"];
- $selectedLocations = $roleData["locations"];
+ $roleid = Request::get("roleid", false, 'int');
+ if ($roleid !== false) {
+ $data += GetPermissionData::getRoleData($roleid);
+ $selectedPermissions = $data["permissions"];
+ $selectedLocations = $data["locations"];
}
- $data["permissionHTML"] = self::generatePermissionHTML(PermissionUtil::getPermissions(), $selectedPermissions);
- $data["locationHTML"] = self::generateLocationHTML(Location::getTree(), $selectedLocations);
+ $data["permissionHTML"] = self::generatePermissionHTML(PermissionUtil::getPermissions(), $selectedPermissions,
+ false, '', ['perms' => $data['perms']]);
+ $data["locationHTML"] = self::generateLocationHTML(Location::getTree(), $selectedLocations,
+ $roleid === false, true, ['perms' => $data['perms']]);
Render::addTemplate('roleeditor', $data);
-
}
}
@@ -90,36 +135,57 @@ class Page_PermissionManager extends Page
*
* @param array $permissions the permission tree
* @param array $selectedPermissions permissions that should be preselected
- * @param array $selectAll true if all pemrissions should be preselected, false if only those in $selectedPermissions
- * @param array $permString the prefix permission string with which all permissions in the permission tree should start
+ * @param bool $selectAll true if all permissions should be preselected, false if only those in $selectedPermissions
+ * @param string $permString the prefix permission string with which all permissions in the permission tree should start
* @return string generated html code
*/
- private static function generatePermissionHTML($permissions, $selectedPermissions = array(), $selectAll = false, $permString = "")
+ private static function generatePermissionHTML($permissions, $selectedPermissions = array(), $selectAll = false, $permString = "", $tags = [])
{
$res = "";
$toplevel = $permString == "";
- if ($toplevel && in_array("*", $selectedPermissions)) $selectAll = true;
+ if ($toplevel && in_array("*", $selectedPermissions)) {
+ $selectAll = true;
+ }
foreach ($permissions as $k => $v) {
- $leaf = !is_array($v);
- $nextPermString = $permString ? $permString.".".$k : $k;
- $id = $leaf ? $nextPermString : $nextPermString.".*";
- $selected = $selectAll || in_array($id, $selectedPermissions);
- $res .= Render::parse("treenode",
- array("id" => $id,
- "name" => $toplevel ? Module::get($k)->getDisplayName() : $k,
- "toplevel" => $toplevel,
- "checkboxname" => "permissions",
- "selected" => $selected,
- "HTML" => $leaf ? "" : self::generatePermissionHTML($v, $selectedPermissions, $selected, $nextPermString),
- "description" => $leaf ? $v : ""));
+ $selected = $selectAll;
+ $nextPermString = $permString ? $permString . "." . $k : $k;
+ if ($toplevel) {
+ $displayName = Module::get($k)->getDisplayName();
+ } else {
+ $displayName = $k;
+ }
+ do {
+ $leaf = isset($v['isLeaf']) && $v['isLeaf'];
+ $id = $leaf ? $nextPermString : $nextPermString . ".*";
+ $selected = $selected || in_array($id, $selectedPermissions);
+ if ($leaf || count($v) !== 1)
+ break;
+ reset($v);
+ $k = key($v);
+ $v = $v[$k];
+ $nextPermString .= '.' . $k;
+ $displayName .= '.' . $k;
+ } while (true);
+ $data = array(
+ "id" => $id,
+ "name" => $displayName,
+ "toplevel" => $toplevel,
+ "checkboxname" => "permissions",
+ "selected" => $selected,
+ "HTML" => $leaf ? "" : self::generatePermissionHTML($v, $selectedPermissions, $selected, $nextPermString, $tags),
+ );
+ if ($leaf) {
+ $data += $v;
+ }
+ $res .= Render::parse("treenode", $data + $tags);
}
if ($toplevel) {
$res = Render::parse("treepanel",
array("id" => "*",
- "name" => Dictionary::translateFile("template-tags", "lang_permissions"),
- "checkboxname" => "permissions",
- "selected" => $selectAll,
- "HTML" => $res));
+ "name" => Dictionary::translateFile("template-tags", "lang_permissions"),
+ "checkboxname" => "permissions",
+ "selected" => $selectAll,
+ "HTML" => $res) + $tags);
}
return $res;
}
@@ -133,28 +199,31 @@ class Page_PermissionManager extends Page
* @param array $toplevel true if the location tree are the children of the root location, false if not
* @return string generated html code
*/
- private static function generateLocationHTML($locations, $selectedLocations = array(), $selectAll = false, $toplevel = true)
+ private static function generateLocationHTML($locations, $selectedLocations = array(), $selectAll = false, $toplevel = true, $tags = [])
{
$res = "";
- if ($toplevel && in_array(0, $selectedLocations)) $selectAll = true;
+ if ($toplevel && in_array(0, $selectedLocations)) {
+ $selectAll = true;
+ }
foreach ($locations as $location) {
$selected = $selectAll || in_array($location["locationid"], $selectedLocations);
$res .= Render::parse("treenode",
- array("id" => $location["locationid"],
- "name" => $location["locationname"],
- "toplevel" => $toplevel,
- "checkboxname" => "locations",
- "selected" => $selected,
- "HTML" => array_key_exists("children", $location) ?
- self::generateLocationHTML($location["children"], $selectedLocations, $selected, false) : ""));
+ array("id" => $location["locationid"],
+ "name" => $location["locationname"],
+ "toplevel" => $toplevel,
+ "checkboxname" => "locations",
+ "selected" => $selected,
+ "HTML" => array_key_exists("children", $location) ?
+ self::generateLocationHTML($location["children"], $selectedLocations, $selected, false, $tags) : "")
+ + $tags);
}
if ($toplevel) {
$res = Render::parse("treepanel",
array("id" => 0,
- "name" => Dictionary::translateFile("template-tags", "lang_locations"),
- "checkboxname" => "locations",
- "selected" => $selectAll,
- "HTML" => $res));
+ "name" => Dictionary::translateFile("template-tags", "lang_locations"),
+ "checkboxname" => "locations",
+ "selected" => $selectAll,
+ "HTML" => $res) + $tags);
}
return $res;
}
@@ -167,12 +236,14 @@ class Page_PermissionManager extends Page
*/
private static function processLocations($locations)
{
- if (in_array(0, $locations)) return array(NULL);
+ if (in_array(0, $locations))
+ return array(null);
$result = array();
foreach ($locations as $location) {
$rootchain = array_reverse(Location::getLocationRootChain($location));
foreach ($rootchain as $l) {
- if (in_array($l, $result)) break;
+ if (in_array($l, $result))
+ break;
if (in_array($l, $locations)) {
$result[] = $l;
break;
@@ -190,7 +261,8 @@ class Page_PermissionManager extends Page
*/
private static function processPermissions($permissions)
{
- if (in_array("*", $permissions)) return array("*");
+ if (in_array("*", $permissions))
+ return array("*");
$result = array();
foreach ($permissions as $permission) {
$x =& $result;
@@ -213,10 +285,10 @@ class Page_PermissionManager extends Page
foreach ($permissions as $permission => $a) {
if (is_array($a)) {
if (array_key_exists("*", $a)) {
- $result[] = $permission.".*";
+ $result[] = $permission . ".*";
} else {
foreach (self::extractPermissions($a) as $subPermission) {
- $result[] = $permission.".".$subPermission;
+ $result[] = $permission . "." . $subPermission;
}
}
} else {