diff options
Diffstat (limited to 'modules-available/permissionmanager/page.inc.php')
-rw-r--r-- | modules-available/permissionmanager/page.inc.php | 218 |
1 files changed, 145 insertions, 73 deletions
diff --git a/modules-available/permissionmanager/page.inc.php b/modules-available/permissionmanager/page.inc.php index 13d81c6a..462d3163 100644 --- a/modules-available/permissionmanager/page.inc.php +++ b/modules-available/permissionmanager/page.inc.php @@ -17,22 +17,38 @@ class Page_PermissionManager extends Page $action = Request::any('action', 'show', 'string'); if ($action === 'addRoleToUser') { + User::assertPermission('users.edit-roles'); $users = Request::post('users', ''); $roles = Request::post('roles', ''); PermissionDbUpdate::addRoleToUser($users, $roles); } elseif ($action === 'removeRoleFromUser') { + User::assertPermission('users.edit-roles'); $users = Request::post('users', ''); $roles = Request::post('roles', ''); PermissionDbUpdate::removeRoleFromUser($users, $roles); } elseif ($action === 'deleteRole') { - $id = Request::post('deleteId', false, 'string'); + User::assertPermission('roles.edit'); + $id = Request::post('deleteId', false, 'int'); PermissionDbUpdate::deleteRole($id); } elseif ($action === 'saveRole') { - $roleID = Request::post("roleid", false); - $rolename = Request::post("rolename"); - $locations = self::processLocations(Request::post("locations")); + User::assertPermission('roles.edit'); + $roleID = Request::post("roleid", false, 'int'); + if ($roleID === false) { + Message::addError('main.parameter-missing', 'roleid'); + Util::redirect('?do=permissionmanager'); + } + $roleName = Request::post("rolename", '', 'string'); + if (empty($roleName)) { + Message::addError('main.parameter-empty', 'rolename'); + Util::redirect('?do=permissionmanager'); + } + $roleDescription = Request::post('roledescription', '', 'string'); + $locations = self::processLocations(Request::post("locations", [], 'array')); $permissions = self::processPermissions(Request::post("permissions")); - PermissionDbUpdate::saveRole($rolename, $locations, $permissions, $roleID); + PermissionDbUpdate::saveRole($roleName, $roleDescription, $locations, $permissions, $roleID); + } + if (Request::isPost()) { + Util::redirect('?do=permissionmanager&show=' . Request::get("show", "roles")); } } @@ -41,47 +57,76 @@ class Page_PermissionManager extends Page */ protected function doRender() { - $show = Request::get("show", "roles"); + $show = Request::get("show", false, 'string'); + + // "Public" page -- nice "permission denied" message + if ($show === 'denied') { + Render::addTemplate('page-permission-denied', [ + 'name' => User::getName(), + 'permission' => Request::get('permission', false, 'string'), + ]); + return; + } + + if ($show === false) { + foreach (['roles', 'users', 'locations'] as $show) { + if (User::hasPermission($show . '.*')) + break; + } + } // switch between tables, but always show menu to switch tables - if ( $show === 'roles' || $show === 'users' || $show === 'locations' ) { - // get menu button colors - $buttonColors = array(); - $buttonColors['rolesButtonClass'] = $show === 'roles' ? 'active' : ''; - $buttonColors['usersButtonClass'] = $show === 'users' ? 'active' : ''; - $buttonColors['locationsButtonClass'] = $show === 'locations' ? 'active' : ''; - - Render::addtemplate('_page', $buttonColors); - - if ($show === "roles") { - $data = array("roles" => GetPermissionData::getRoles()); - Render::addTemplate('rolestable', $data); - } elseif ($show === "users") { - $data = array("user" => GetPermissionData::getUserData(), "roles" => GetPermissionData::getRoles()); - Render::addTemplate('userstable', $data); - } elseif ($show === "locations") { - $data = array("location" => GetPermissionData::getLocationData(), "allroles" => GetPermissionData::getRoles()); - Render::addTemplate('locationstable', $data); + // get menu button colors + $data = array(); + if ($show === "roleEditor") { + $data['groupClass'] = 'btn-group-muted'; + $data['rolesButtonClass'] = 'active'; + } else { + $data[$show . 'ButtonClass'] = 'active'; + } + Permission::addGlobalTags($data['perms'], null, ['roles.*', 'users.*', 'locations.*']); + + Render::addtemplate('header-menu', $data); + + if ($show === "roles") { + User::assertPermission('roles.*'); + $data = array("roles" => GetPermissionData::getRoles(GetPermissionData::WITH_USER_COUNT)); + Permission::addGlobalTags($data['perms'], null, ['roles.edit']); + Render::addTemplate('rolestable', $data); + } elseif ($show === "users") { + User::assertPermission('users.*'); + $data = array("user" => GetPermissionData::getUserData()); + if (User::hasPermission('users.edit-roles')) { + $data['allroles'] = GetPermissionData::getRoles(); } + Permission::addGlobalTags($data['perms'], null, ['users.edit-roles']); + Render::addTemplate('role-filter-selectize', $data); + Render::addTemplate('userstable', $data); + } elseif ($show === "locations") { + User::assertPermission('locations.*'); + $data = array("location" => GetPermissionData::getLocationData(), "allroles" => GetPermissionData::getRoles()); + Render::addTemplate('role-filter-selectize', $data); + Render::addTemplate('locationstable', $data); } elseif ($show === "roleEditor") { - $data = array("cancelShow" => Request::get("cancel", "roles")); + User::assertPermission('roles.*'); + $data = array("cancelShow" => Request::get("cancel", "roles", 'string')); + Permission::addGlobalTags($data['perms'], null, ['roles.edit']); $selectedPermissions = array(); $selectedLocations = array(); - $roleid = Request::get("roleid", false); - if ($roleid) { - $roleData = GetPermissionData::getRoleData($roleid); - $data["roleid"] = $roleid; - $data["rolename"] = $roleData["rolename"]; - $selectedPermissions = $roleData["permissions"]; - $selectedLocations = $roleData["locations"]; + $roleid = Request::get("roleid", false, 'int'); + if ($roleid !== false) { + $data += GetPermissionData::getRoleData($roleid); + $selectedPermissions = $data["permissions"]; + $selectedLocations = $data["locations"]; } - $data["permissionHTML"] = self::generatePermissionHTML(PermissionUtil::getPermissions(), $selectedPermissions); - $data["locationHTML"] = self::generateLocationHTML(Location::getTree(), $selectedLocations); + $data["permissionHTML"] = self::generatePermissionHTML(PermissionUtil::getPermissions(), $selectedPermissions, + false, '', ['perms' => $data['perms']]); + $data["locationHTML"] = self::generateLocationHTML(Location::getTree(), $selectedLocations, + $roleid === false, true, ['perms' => $data['perms']]); Render::addTemplate('roleeditor', $data); - } } @@ -90,36 +135,57 @@ class Page_PermissionManager extends Page * * @param array $permissions the permission tree * @param array $selectedPermissions permissions that should be preselected - * @param array $selectAll true if all pemrissions should be preselected, false if only those in $selectedPermissions - * @param array $permString the prefix permission string with which all permissions in the permission tree should start + * @param bool $selectAll true if all permissions should be preselected, false if only those in $selectedPermissions + * @param string $permString the prefix permission string with which all permissions in the permission tree should start * @return string generated html code */ - private static function generatePermissionHTML($permissions, $selectedPermissions = array(), $selectAll = false, $permString = "") + private static function generatePermissionHTML($permissions, $selectedPermissions = array(), $selectAll = false, $permString = "", $tags = []) { $res = ""; $toplevel = $permString == ""; - if ($toplevel && in_array("*", $selectedPermissions)) $selectAll = true; + if ($toplevel && in_array("*", $selectedPermissions)) { + $selectAll = true; + } foreach ($permissions as $k => $v) { - $leaf = !is_array($v); - $nextPermString = $permString ? $permString.".".$k : $k; - $id = $leaf ? $nextPermString : $nextPermString.".*"; - $selected = $selectAll || in_array($id, $selectedPermissions); - $res .= Render::parse("treenode", - array("id" => $id, - "name" => $toplevel ? Module::get($k)->getDisplayName() : $k, - "toplevel" => $toplevel, - "checkboxname" => "permissions", - "selected" => $selected, - "HTML" => $leaf ? "" : self::generatePermissionHTML($v, $selectedPermissions, $selected, $nextPermString), - "description" => $leaf ? $v : "")); + $selected = $selectAll; + $nextPermString = $permString ? $permString . "." . $k : $k; + if ($toplevel) { + $displayName = Module::get($k)->getDisplayName(); + } else { + $displayName = $k; + } + do { + $leaf = isset($v['isLeaf']) && $v['isLeaf']; + $id = $leaf ? $nextPermString : $nextPermString . ".*"; + $selected = $selected || in_array($id, $selectedPermissions); + if ($leaf || count($v) !== 1) + break; + reset($v); + $k = key($v); + $v = $v[$k]; + $nextPermString .= '.' . $k; + $displayName .= '.' . $k; + } while (true); + $data = array( + "id" => $id, + "name" => $displayName, + "toplevel" => $toplevel, + "checkboxname" => "permissions", + "selected" => $selected, + "HTML" => $leaf ? "" : self::generatePermissionHTML($v, $selectedPermissions, $selected, $nextPermString, $tags), + ); + if ($leaf) { + $data += $v; + } + $res .= Render::parse("treenode", $data + $tags); } if ($toplevel) { $res = Render::parse("treepanel", array("id" => "*", - "name" => Dictionary::translateFile("template-tags", "lang_permissions"), - "checkboxname" => "permissions", - "selected" => $selectAll, - "HTML" => $res)); + "name" => Dictionary::translateFile("template-tags", "lang_permissions"), + "checkboxname" => "permissions", + "selected" => $selectAll, + "HTML" => $res) + $tags); } return $res; } @@ -133,28 +199,31 @@ class Page_PermissionManager extends Page * @param array $toplevel true if the location tree are the children of the root location, false if not * @return string generated html code */ - private static function generateLocationHTML($locations, $selectedLocations = array(), $selectAll = false, $toplevel = true) + private static function generateLocationHTML($locations, $selectedLocations = array(), $selectAll = false, $toplevel = true, $tags = []) { $res = ""; - if ($toplevel && in_array(0, $selectedLocations)) $selectAll = true; + if ($toplevel && in_array(0, $selectedLocations)) { + $selectAll = true; + } foreach ($locations as $location) { $selected = $selectAll || in_array($location["locationid"], $selectedLocations); $res .= Render::parse("treenode", - array("id" => $location["locationid"], - "name" => $location["locationname"], - "toplevel" => $toplevel, - "checkboxname" => "locations", - "selected" => $selected, - "HTML" => array_key_exists("children", $location) ? - self::generateLocationHTML($location["children"], $selectedLocations, $selected, false) : "")); + array("id" => $location["locationid"], + "name" => $location["locationname"], + "toplevel" => $toplevel, + "checkboxname" => "locations", + "selected" => $selected, + "HTML" => array_key_exists("children", $location) ? + self::generateLocationHTML($location["children"], $selectedLocations, $selected, false, $tags) : "") + + $tags); } if ($toplevel) { $res = Render::parse("treepanel", array("id" => 0, - "name" => Dictionary::translateFile("template-tags", "lang_locations"), - "checkboxname" => "locations", - "selected" => $selectAll, - "HTML" => $res)); + "name" => Dictionary::translateFile("template-tags", "lang_locations"), + "checkboxname" => "locations", + "selected" => $selectAll, + "HTML" => $res) + $tags); } return $res; } @@ -167,12 +236,14 @@ class Page_PermissionManager extends Page */ private static function processLocations($locations) { - if (in_array(0, $locations)) return array(NULL); + if (in_array(0, $locations)) + return array(null); $result = array(); foreach ($locations as $location) { $rootchain = array_reverse(Location::getLocationRootChain($location)); foreach ($rootchain as $l) { - if (in_array($l, $result)) break; + if (in_array($l, $result)) + break; if (in_array($l, $locations)) { $result[] = $l; break; @@ -190,7 +261,8 @@ class Page_PermissionManager extends Page */ private static function processPermissions($permissions) { - if (in_array("*", $permissions)) return array("*"); + if (in_array("*", $permissions)) + return array("*"); $result = array(); foreach ($permissions as $permission) { $x =& $result; @@ -213,10 +285,10 @@ class Page_PermissionManager extends Page foreach ($permissions as $permission => $a) { if (is_array($a)) { if (array_key_exists("*", $a)) { - $result[] = $permission.".*"; + $result[] = $permission . ".*"; } else { foreach (self::extractPermissions($a) as $subPermission) { - $result[] = $permission.".".$subPermission; + $result[] = $permission . "." . $subPermission; } } } else { |