1 files changed, 103 insertions, 27 deletions
diff --git a/modules-available/rebootcontrol/page.inc.php b/modules-available/rebootcontrol/page.inc.php
index fc3ded8f..3a438504 100644
--- a/modules-available/rebootcontrol/page.inc.php
+++ b/modules-available/rebootcontrol/page.inc.php
@@ -20,33 +20,57 @@ class Page_RebootControl extends Page
 		$this->action = Request::any('action', 'show', 'string');
 
 
-		if ($this->action === 'startReboot' || $this->action === 'startShutdown') {
-			$clients = Request::post('clients');
-			if (!is_array($clients) || empty($clients)) {
+		if ($this->action === 'reboot' || $this->action === 'shutdown') {
+
+			$requestedClients = Request::post('clients', false, 'array');
+			if (!is_array($requestedClients) || empty($requestedClients)) {
 				Message::addError('no-clients-selected');
 				Util::redirect();
 			}
-			$locationId = Request::post('locationId', false, 'int');
-			if ($locationId === false) {
-				Message::addError('locations.invalid-location-id', $locationId);
-				Util::redirect();
-			}
-			$shutdown = $this->action === "startShutdown";
-			$minutes = Request::post('minutes', 0, 'int');
 
-			$list = RebootQueries::getMachinesByUuid($clients);
-			if (count($list) !== count($clients)) {
+			$actualClients = RebootQueries::getMachinesByUuid($requestedClients);
+			if (count($actualClients) !== count($requestedClients)) {
 				// We could go ahead an see which ones were not found in DB but this should not happen anyways unless the
 				// user manipulated the request
 				Message::addWarning('some-machine-not-found');
 			}
-			// TODO: Iterate over list and check if a locationid is not in permissions
-			// TODO: we could also check if the locationid is equal or a sublocation of the $locationId from above
-			// (this would be more of a sanity check though, or does the UI allow selecting machines from different locations)
-
-			$task = RebootControl::execute($list, $shutdown, $minutes, $locationId);
-
-			Util::redirect("?do=rebootcontrol&taskid=".$task["id"]);
+			// Filter ones with no permission
+			foreach (array_keys($actualClients) as $idx) {
+				if (!User::hasPermission('action.' . $this->action, $actualClients[$idx]['locationid'])) {
+					Message::addWarning('locations.no-permission-location', $actualClients[$idx]['locationid']);
+					unset($actualClients[$idx]);
+				} else {
+					$locationId = $actualClients[$idx]['locationid'];
+				}
+			}
+			// See if anything is left
+			if (!is_array($actualClients) || empty($actualClients)) {
+				Message::addError('no-clients-selected');
+				Util::redirect();
+			}
+			usort($actualClients, function($a, $b) {
+				$a = ($a['state'] === 'IDLE' || $a['state'] === 'OCCUPIED');
+				$b = ($b['state'] === 'IDLE' || $b['state'] === 'OCCUPIED');
+				if ($a === $b)
+					return 0;
+				return $a ? -1 : 1;
+			});
+			if ($this->action === 'shutdown') {
+				$mode = 'SHUTDOWN';
+				$minutes = Request::post('s-minutes', 0, 'int');
+			} elseif (Request::any('quick', false, 'string') === 'on') {
+				$mode = 'KEXEC_REBOOT';
+				$minutes = Request::post('r-minutes', 0, 'int');
+			} else {
+				$mode = 'REBOOT';
+				$minutes = Request::post('r-minutes', 0, 'int');
+			}
+			$task = RebootControl::execute($actualClients, $mode, $minutes, $locationId);
+			if (Taskmanager::isTask($task)) {
+				Util::redirect("?do=rebootcontrol&taskid=" . $task["id"]);
+			} else {
+				Util::redirect("?do=rebootcontrol");
+			}
 		}
 
 	}
@@ -59,25 +83,76 @@ class Page_RebootControl extends Page
 	{
 		if ($this->action === 'show') {
 
-			$taskId = Request::get("taskid");
+			$data = [];
+			$task = Request::get("taskid", false, 'string');
+			if ($task !== false) {
+				$task = Taskmanager::status($task);
+			}
 
-			if ($taskId && Taskmanager::isTask($taskId)) {
-				$task = Taskmanager::status($taskId);
-				$data['taskId'] = $taskId;
+			if (Taskmanager::isTask($task)) {
+
+				$data['taskId'] = $task['id'];
 				$data['locationId'] = $task['data']['locationId'];
 				$data['locationName'] = Location::getName($task['data']['locationId']);
-				$data['clients'] = $task['data']['clients'];
+				$uuids = array_map(function($entry) {
+					return $entry['machineuuid'];
+				}, $task['data']['clients']);
+				$data['clients'] = RebootQueries::getMachinesByUuid($uuids);
 				Render::addTemplate('status', $data);
+
 			} else {
+
 				//location you want to see, default are "not  assigned" clients
-				$requestedLocation = Request::get('location', 0, 'int');
+				$requestedLocation = Request::get('location', false, 'int');
+				$allowedLocs = User::getAllowedLocations("action.*");
+				if (empty($allowedLocs)) {
+					User::assertPermission('action.*');
+				}
+
+				if ($requestedLocation === false) {
+					if (in_array(0, $allowedLocs)) {
+						$requestedLocation = 0;
+					} else {
+						$requestedLocation = reset($allowedLocs);
+					}
+				}
 
-				$data['data'] = RebootQueries::getMachineTable($requestedLocation);
 				$data['locations'] = Location::getLocations($requestedLocation, 0, true);
 
+				// disable each location user has no permission for
+				foreach ($data['locations'] as &$loc) {
+					if (!in_array($loc["locationid"], $allowedLocs)) {
+						$loc["disabled"] = "disabled";
+					} elseif ($loc["locationid"] == $requestedLocation) {
+						$data['location'] = $loc['locationname'];
+					}
+				}
+				// Always show public key (it's public, isn't it?)
 				$data['pubKey'] = SSHKey::getPublicKey();
 
-				Render::addTemplate('_page', $data);
+				// Only enable shutdown/reboot-button if user has permission for the location
+				Permission::addGlobalTags($data['perms'], $requestedLocation, ['newkeypair', 'action.shutdown', 'action.reboot']);
+
+				Render::addTemplate('header', $data);
+
+				// only fill table if user has at least one permission for the location
+				if (!in_array($requestedLocation, $allowedLocs)) {
+					Message::addError('locations.no-permission-location', $requestedLocation);
+				} else {
+					$data['data'] = RebootQueries::getMachineTable($requestedLocation);
+					Render::addTemplate('_page', $data);
+				}
+
+				// Append list of active reboot/shutdown tasks
+				$active = RebootControl::getActiveTasks($allowedLocs);
+				if (!empty($active)) {
+					foreach ($active as &$entry) {
+						$entry['locationName'] = Location::getName($entry['locationId']);
+					}
+					unset($entry);
+					Render::addTemplate('task-list', ['list' => $active]);
+				}
+
 			}
 		}
 	}
@@ -86,6 +161,7 @@ class Page_RebootControl extends Page
 	{
 		$this->action = Request::post('action', false, 'string');
 		if ($this->action === 'generateNewKeypair') {
+			User::assertPermission("newkeypair");
 			Property::set("rebootcontrol-private-key", false);
 			echo SSHKey::getPublicKey();
 		} else {