From 18f378c9bd232822577258fe68afe78df3f7e7f4 Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Thu, 29 Mar 2018 18:41:37 +0200
Subject: [permissionmanager] Introduce dedicated "permission denied" page
Closes #3350
---
inc/user.inc.php | 17 +++++++++++++----
.../permissionmanager/lang/de/template-tags.json | 5 ++++-
.../permissionmanager/lang/en/template-tags.json | 5 ++++-
modules-available/permissionmanager/page.inc.php | 9 +++++++++
modules-available/permissionmanager/style.css | 7 ++++++-
.../templates/page-permission-denied.html | 21 +++++++++++++++++++++
6 files changed, 57 insertions(+), 7 deletions(-)
create mode 100644 modules-available/permissionmanager/templates/page-permission-denied.html
diff --git a/inc/user.inc.php b/inc/user.inc.php
index 27a907c3..f12cc39f 100644
--- a/inc/user.inc.php
+++ b/inc/user.inc.php
@@ -55,15 +55,24 @@ class User
{
if (User::hasPermission($permission, $locationid))
return;
- Message::addError('main.no-permission');
if (AJAX) {
Message::renderList();
exit;
}
- if (is_null($redirect)) {
- Util::redirect('?do=main');
- } else {
+ if (!is_null($redirect)) {
+ Message::addError('main.no-permission');
Util::redirect($redirect);
+ } elseif (Module::isAvailable('permissionmanager')) {
+ if ($permission{0} !== '.') {
+ $module = Page::getModule();
+ if ($module !== false) {
+ $permission = '.' . $module->getIdentifier() . '.' . $permission;
+ }
+ }
+ Util::redirect('?do=permissionmanager&show=denied&permission=' . urlencode($permission));
+ } else {
+ Message::addError('main.no-permission');
+ Util::redirect('?do=main');
}
}
diff --git a/modules-available/permissionmanager/lang/de/template-tags.json b/modules-available/permissionmanager/lang/de/template-tags.json
index 52073dee..a4fc990b 100644
--- a/modules-available/permissionmanager/lang/de/template-tags.json
+++ b/modules-available/permissionmanager/lang/de/template-tags.json
@@ -8,6 +8,9 @@
"lang_name": "Name",
"lang_newRole": "Rolle anlegen",
"lang_numAssignedUsers": "Benutzer mit dieser Rolle",
+ "lang_permissionDeniedBody": "Ihnen fehlt eine oder mehrere Berechtigungen, um auf diese Seite oder Funktion zuzugreifen.",
+ "lang_permissionDeniedHeader": "Zugriff verweigert",
+ "lang_permission": "Berechtigung",
"lang_permissions": "Rechte",
"lang_removeRole": "Rollen entziehen",
"lang_roleDeleteConfirm": "Sind Sie sich sicher, dass Sie diese Rolle l\u00f6schen m\u00f6chten? Benutzer, denen diese Rolle zugewiesen ist, werden die entsprechenden Berechtigungen verlieren.",
@@ -17,4 +20,4 @@
"lang_selectizePlaceholder": "Nach Rollen filtern...",
"lang_users": "Nutzer",
"lang_view": "Anzeigen"
-}
\ No newline at end of file
+}
diff --git a/modules-available/permissionmanager/lang/en/template-tags.json b/modules-available/permissionmanager/lang/en/template-tags.json
index b7a1d77a..92c3ac26 100644
--- a/modules-available/permissionmanager/lang/en/template-tags.json
+++ b/modules-available/permissionmanager/lang/en/template-tags.json
@@ -8,6 +8,9 @@
"lang_name": "Name",
"lang_newRole": "New Role",
"lang_numAssignedUsers": "Users with this role",
+ "lang_permissionDeniedBody": "You are missing one or more permissions to access this page or functionality.",
+ "lang_permissionDeniedHeader": "Access denied",
+ "lang_permission": "Permission",
"lang_permissions": "Permissions",
"lang_removeRole": "Revoke Roles",
"lang_roleDeleteConfirm": "Are you sure you want to delete this role? Users currently assigned to this role will lose the according permissions.",
@@ -17,4 +20,4 @@
"lang_selectizePlaceholder": "Filter for roles...",
"lang_users": "Users",
"lang_view": "View"
-}
\ No newline at end of file
+}
diff --git a/modules-available/permissionmanager/page.inc.php b/modules-available/permissionmanager/page.inc.php
index d326bb94..828891ab 100644
--- a/modules-available/permissionmanager/page.inc.php
+++ b/modules-available/permissionmanager/page.inc.php
@@ -50,6 +50,15 @@ class Page_PermissionManager extends Page
{
$show = Request::get("show", false, 'string');
+ // "Public" page -- nice "permission denied" message
+ if ($show === 'denied') {
+ Render::addTemplate('page-permission-denied', [
+ 'name' => User::getName(),
+ 'permission' => Request::get('permission', false, 'string'),
+ ]);
+ return;
+ }
+
if ($show === false) {
foreach (['roles', 'users', 'locations'] as $show) {
if (User::hasPermission($show . '.*'))
diff --git a/modules-available/permissionmanager/style.css b/modules-available/permissionmanager/style.css
index 6169b26f..dca38eeb 100644
--- a/modules-available/permissionmanager/style.css
+++ b/modules-available/permissionmanager/style.css
@@ -58,4 +58,9 @@ td > .label {
.btn-group-muted > button {
color: #aaa;
-}
\ No newline at end of file
+}
+
+h1 span.glyphicon {
+ top: 9px;
+}
+
diff --git a/modules-available/permissionmanager/templates/page-permission-denied.html b/modules-available/permissionmanager/templates/page-permission-denied.html
new file mode 100644
index 00000000..cc357a0b
--- /dev/null
+++ b/modules-available/permissionmanager/templates/page-permission-denied.html
@@ -0,0 +1,21 @@
+
+
+ {{lang_permissionDeniedBody}} +
+ {{#permission}} +