summaryrefslogtreecommitdiffstats
path: root/modules-available/statistics_reporting/page.inc.php
diff options
context:
space:
mode:
Diffstat (limited to 'modules-available/statistics_reporting/page.inc.php')
-rw-r--r--modules-available/statistics_reporting/page.inc.php78
1 files changed, 55 insertions, 23 deletions
diff --git a/modules-available/statistics_reporting/page.inc.php b/modules-available/statistics_reporting/page.inc.php
index 52accaea..5d586b6c 100644
--- a/modules-available/statistics_reporting/page.inc.php
+++ b/modules-available/statistics_reporting/page.inc.php
@@ -52,16 +52,20 @@ class Page_Statistics_Reporting extends Page
// Export - handle in doPreprocess so we don't render the menu etc.
if ($this->action === 'export') {
- $this->doExport();
- // Does not return
+ if (User::hasPermission("table.export") && User::hasPermission("table.view.$this->type")) {
+ $this->doExport();
+ // Does not return
+ }
}
// Get report - fetch data exactly the way it would automatically be reported
// so the user can know what is going on
if ($this->action === 'getreport') {
- $report = RemoteReport::generateReport(time());
- Header('Content-Disposition: attachment; filename=remote-report.json');
- Header('Content-Type: application/json; charset=utf-8');
- die(json_encode($report));
+ if(User::hasPermission("reporting.download")) {
+ $report = RemoteReport::generateReport(time());
+ Header('Content-Disposition: attachment; filename=remote-report.json');
+ Header('Content-Type: application/json; charset=utf-8');
+ die(json_encode($report));
+ }
}
}
@@ -100,6 +104,7 @@ class Page_Statistics_Reporting extends Page
$data['tables'][] = array(
'name' => Dictionary::translate('table_' . $table, true),
'value' => $table,
+ 'allowed' => User::hasPermission("table.view.$table"),
'selected' => ($this->type === $table) ? 'selected' : '',
);
}
@@ -121,10 +126,17 @@ class Page_Statistics_Reporting extends Page
$data['settingsButtonClass'] = 'danger';
}
+ $data['allowedExport'] = User::hasPermission("table.export") && User::hasPermission("table.view.$this->type");
+ $data['allowedDownload'] = User::hasPermission("reporting.download");
+ $data['allowedReportChange'] = User::hasPermission("reporting.change");
+
Render::addTemplate('columnChooser', $data);
$data['data'] = $this->fetchData(GETDATA_PRINTABLE);
- Render::addTemplate('table-' . $this->type, $data);
+
+ if (User::hasPermission("table.view.$this->type")) {
+ Render::addTemplate('table-' . $this->type, $data);
+ }
}
}
@@ -132,23 +144,24 @@ class Page_Statistics_Reporting extends Page
{
$this->action = Request::any('action', false, 'string');
if ($this->action === 'setReporting') {
- if (!User::isLoggedIn()) {
- die("No.");
- }
- $state = Request::post('reporting', false, 'string');
- if ($state === false) {
- die('Missing setting value.');
- }
- RemoteReport::setReportingEnabled($state);
- $data = array();
- if (RemoteReport::isReportingEnabled()) {
- $data['class'] = 'default';
- $data['checked'] = true;
+ if (User::hasPermission("reporting.change")) {
+ $state = Request::post('reporting', false, 'string');
+ if ($state === false) {
+ die('Missing setting value.');
+ }
+ RemoteReport::setReportingEnabled($state);
+ $data = array();
+ if (RemoteReport::isReportingEnabled()) {
+ $data['class'] = 'default';
+ $data['checked'] = true;
+ } else {
+ $data['class'] = 'danger';
+ }
+ Header('Content-Type: application/json; charset=utf-8');
+ die(json_encode($data));
} else {
- $data['class'] = 'danger';
+ die('No permission.');
}
- Header('Content-Type: application/json; charset=utf-8');
- die(json_encode($data));
} else {
echo 'Invalid action.';
}
@@ -266,9 +279,28 @@ class Page_Statistics_Reporting extends Page
}
}
}
+ // only show locations which you have permission for
+ $filterLocs = User::getAllowedLocations("table.view.location");
+ foreach ($data as $key => $row) {
+ if (!in_array($row['locationId'], $filterLocs)) {
+ unset($data[$key]);
+ }
+ }
+ // correct indexing of array after deletions
+ $data = array_values($data);
return $data;
case 'client':
- return GetData::perClient($flags);
+ $data = GetData::perClient($flags);
+ // only show clients from locations which you have permission for
+ $filterLocs = User::getAllowedLocations("table.view.location");
+ foreach ($data as $key => $row) {
+ if (!in_array($row['locationId'], $filterLocs)) {
+ unset($data[$key]);
+ }
+ }
+ // correct indexing of array after deletions
+ $data = array_values($data);
+ return $data;
case 'user':
return GetData::perUser($flags);
case 'vm':