diff options
Diffstat (limited to 'modules-available/permissionmanager/page.inc.php')
-rw-r--r-- | modules-available/permissionmanager/page.inc.php | 59 |
1 files changed, 42 insertions, 17 deletions
diff --git a/modules-available/permissionmanager/page.inc.php b/modules-available/permissionmanager/page.inc.php index 462d3163..7e9f17e4 100644 --- a/modules-available/permissionmanager/page.inc.php +++ b/modules-available/permissionmanager/page.inc.php @@ -18,25 +18,23 @@ class Page_PermissionManager extends Page $action = Request::any('action', 'show', 'string'); if ($action === 'addRoleToUser') { User::assertPermission('users.edit-roles'); - $users = Request::post('users', ''); - $roles = Request::post('roles', ''); + $users = Request::post('users', [], 'array'); + $roles = Request::post('roles', [], 'array'); PermissionDbUpdate::addRoleToUser($users, $roles); } elseif ($action === 'removeRoleFromUser') { User::assertPermission('users.edit-roles'); - $users = Request::post('users', ''); - $roles = Request::post('roles', ''); + $users = Request::post('users', [], 'array'); + $roles = Request::post('roles', [], 'array'); PermissionDbUpdate::removeRoleFromUser($users, $roles); } elseif ($action === 'deleteRole') { User::assertPermission('roles.edit'); $id = Request::post('deleteId', false, 'int'); + $this->denyActionIfBuiltin($id); PermissionDbUpdate::deleteRole($id); } elseif ($action === 'saveRole') { User::assertPermission('roles.edit'); - $roleID = Request::post("roleid", false, 'int'); - if ($roleID === false) { - Message::addError('main.parameter-missing', 'roleid'); - Util::redirect('?do=permissionmanager'); - } + $roleID = Request::post("roleid", Request::REQUIRED_EMPTY, 'int'); + $this->denyActionIfBuiltin($roleID); $roleName = Request::post("rolename", '', 'string'); if (empty($roleName)) { Message::addError('main.parameter-empty', 'rolename'); @@ -116,7 +114,17 @@ class Page_PermissionManager extends Page $selectedLocations = array(); $roleid = Request::get("roleid", false, 'int'); if ($roleid !== false) { - $data += GetPermissionData::getRoleData($roleid); + $role = GetPermissionData::getRoleData($roleid); + if ($role === null) { + Message::addError('invalid-role-id', $roleid); + Util::redirect('?do=permissionmanager'); + } + if ($role['builtin']) { + // Copy the role, as it's builtin + $role['roleid'] = ''; + $role['rolename'] .= ' (2)'; + } + $data += $role; $selectedPermissions = $data["permissions"]; $selectedLocations = $data["locations"]; } @@ -139,7 +147,8 @@ class Page_PermissionManager extends Page * @param string $permString the prefix permission string with which all permissions in the permission tree should start * @return string generated html code */ - private static function generatePermissionHTML($permissions, $selectedPermissions = array(), $selectAll = false, $permString = "", $tags = []) + private static function generatePermissionHTML(array $permissions, array $selectedPermissions = [], + bool $selectAll = false, string $permString = "", array $tags = []): string { $res = ""; $toplevel = $permString == ""; @@ -195,11 +204,12 @@ class Page_PermissionManager extends Page * * @param array $locations the location tree * @param array $selectedLocations locations that should be preselected - * @param array $selectAll true if all locations should be preselected, false if only those in $selectedLocations - * @param array $toplevel true if the location tree are the children of the root location, false if not + * @param bool $selectAll true if all locations should be preselected, false if only those in $selectedLocations + * @param bool $toplevel true if the location tree are the children of the root location, false if not * @return string generated html code */ - private static function generateLocationHTML($locations, $selectedLocations = array(), $selectAll = false, $toplevel = true, $tags = []) + private static function generateLocationHTML(array $locations, array $selectedLocations = [], + bool $selectAll = false, bool $toplevel = true, array $tags = []): string { $res = ""; if ($toplevel && in_array(0, $selectedLocations)) { @@ -234,7 +244,7 @@ class Page_PermissionManager extends Page * @param array $locations the locationid array * @return array the locationid array without redundant locationids */ - private static function processLocations($locations) + private static function processLocations(array $locations): array { if (in_array(0, $locations)) return array(null); @@ -259,7 +269,7 @@ class Page_PermissionManager extends Page * @param array $permissions the permissionid array * @return array the permissionid array without redundant permissionids */ - private static function processPermissions($permissions) + private static function processPermissions(array $permissions): array { if (in_array("*", $permissions)) return array("*"); @@ -279,7 +289,7 @@ class Page_PermissionManager extends Page * @param array $permissions multidimensional array of permissionids * @return array flat array of permissionids */ - private static function extractPermissions($permissions) + private static function extractPermissions(array $permissions): array { $result = array(); foreach ($permissions as $permission => $a) { @@ -298,4 +308,19 @@ class Page_PermissionManager extends Page return $result; } + private function denyActionIfBuiltin(string $roleID): void + { + if ($roleID) { + $existing = GetPermissionData::getRole($roleID); + if ($existing === false) { + Message::addError('invalid-role-id', $roleID); + Util::redirect('?do=permissionmanager'); + } + if ($existing['builtin']) { + Message::addError('builtin-role', $existing['rolename']); + Util::redirect('?do=permissionmanager'); + } + } + } + } |