diff options
Diffstat (limited to 'modules-available/statistics_reporting/page.inc.php')
-rw-r--r-- | modules-available/statistics_reporting/page.inc.php | 78 |
1 files changed, 55 insertions, 23 deletions
diff --git a/modules-available/statistics_reporting/page.inc.php b/modules-available/statistics_reporting/page.inc.php index 52accaea..5d586b6c 100644 --- a/modules-available/statistics_reporting/page.inc.php +++ b/modules-available/statistics_reporting/page.inc.php @@ -52,16 +52,20 @@ class Page_Statistics_Reporting extends Page // Export - handle in doPreprocess so we don't render the menu etc. if ($this->action === 'export') { - $this->doExport(); - // Does not return + if (User::hasPermission("table.export") && User::hasPermission("table.view.$this->type")) { + $this->doExport(); + // Does not return + } } // Get report - fetch data exactly the way it would automatically be reported // so the user can know what is going on if ($this->action === 'getreport') { - $report = RemoteReport::generateReport(time()); - Header('Content-Disposition: attachment; filename=remote-report.json'); - Header('Content-Type: application/json; charset=utf-8'); - die(json_encode($report)); + if(User::hasPermission("reporting.download")) { + $report = RemoteReport::generateReport(time()); + Header('Content-Disposition: attachment; filename=remote-report.json'); + Header('Content-Type: application/json; charset=utf-8'); + die(json_encode($report)); + } } } @@ -100,6 +104,7 @@ class Page_Statistics_Reporting extends Page $data['tables'][] = array( 'name' => Dictionary::translate('table_' . $table, true), 'value' => $table, + 'allowed' => User::hasPermission("table.view.$table"), 'selected' => ($this->type === $table) ? 'selected' : '', ); } @@ -121,10 +126,17 @@ class Page_Statistics_Reporting extends Page $data['settingsButtonClass'] = 'danger'; } + $data['allowedExport'] = User::hasPermission("table.export") && User::hasPermission("table.view.$this->type"); + $data['allowedDownload'] = User::hasPermission("reporting.download"); + $data['allowedReportChange'] = User::hasPermission("reporting.change"); + Render::addTemplate('columnChooser', $data); $data['data'] = $this->fetchData(GETDATA_PRINTABLE); - Render::addTemplate('table-' . $this->type, $data); + + if (User::hasPermission("table.view.$this->type")) { + Render::addTemplate('table-' . $this->type, $data); + } } } @@ -132,23 +144,24 @@ class Page_Statistics_Reporting extends Page { $this->action = Request::any('action', false, 'string'); if ($this->action === 'setReporting') { - if (!User::isLoggedIn()) { - die("No."); - } - $state = Request::post('reporting', false, 'string'); - if ($state === false) { - die('Missing setting value.'); - } - RemoteReport::setReportingEnabled($state); - $data = array(); - if (RemoteReport::isReportingEnabled()) { - $data['class'] = 'default'; - $data['checked'] = true; + if (User::hasPermission("reporting.change")) { + $state = Request::post('reporting', false, 'string'); + if ($state === false) { + die('Missing setting value.'); + } + RemoteReport::setReportingEnabled($state); + $data = array(); + if (RemoteReport::isReportingEnabled()) { + $data['class'] = 'default'; + $data['checked'] = true; + } else { + $data['class'] = 'danger'; + } + Header('Content-Type: application/json; charset=utf-8'); + die(json_encode($data)); } else { - $data['class'] = 'danger'; + die('No permission.'); } - Header('Content-Type: application/json; charset=utf-8'); - die(json_encode($data)); } else { echo 'Invalid action.'; } @@ -266,9 +279,28 @@ class Page_Statistics_Reporting extends Page } } } + // only show locations which you have permission for + $filterLocs = User::getAllowedLocations("table.view.location"); + foreach ($data as $key => $row) { + if (!in_array($row['locationId'], $filterLocs)) { + unset($data[$key]); + } + } + // correct indexing of array after deletions + $data = array_values($data); return $data; case 'client': - return GetData::perClient($flags); + $data = GetData::perClient($flags); + // only show clients from locations which you have permission for + $filterLocs = User::getAllowedLocations("table.view.location"); + foreach ($data as $key => $row) { + if (!in_array($row['locationId'], $filterLocs)) { + unset($data[$key]); + } + } + // correct indexing of array after deletions + $data = array_values($data); + return $data; case 'user': return GetData::perUser($flags); case 'vm': |