From c6744aac063482c4c48ed3a98d5cd8857e1261e6 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Sun, 4 Mar 2018 16:41:50 +0100 Subject: [sysconfig] Add permissions --- modules-available/sysconfig/page.inc.php | 38 ++++++++++++++++++---- .../sysconfig/permissions/permissions.json | 20 ++++++++++++ .../sysconfig/templates/list-configs.html | 21 +++++++++--- .../sysconfig/templates/list-modules.html | 24 +++++++++++--- 4 files changed, 86 insertions(+), 17 deletions(-) create mode 100644 modules-available/sysconfig/permissions/permissions.json diff --git a/modules-available/sysconfig/page.inc.php b/modules-available/sysconfig/page.inc.php index 30271514..7bb3e599 100644 --- a/modules-available/sysconfig/page.inc.php +++ b/modules-available/sysconfig/page.inc.php @@ -59,7 +59,7 @@ class Page_SysConfig extends Page { User::load(); - if (!User::hasPermission('superadmin')) { + if (!User::isLoggedIn()) { Message::addError('main.no-permission'); Util::redirect('?do=Main'); } @@ -90,6 +90,7 @@ class Page_SysConfig extends Page // Action: "addmodule" (upload new module) if ($action === 'addmodule') { + User::assertPermission('module.edit'); $this->initAddModule(); AddModule_Base::preprocess(); } @@ -97,18 +98,22 @@ class Page_SysConfig extends Page if ($action === 'module') { // Action: "delmodule" (delete module) if (Request::post('del', 'no') !== 'no') { + User::assertPermission('module.edit'); $this->delModule(); } if (Request::post('download', 'no') !== 'no') { + User::assertPermission('module.download'); $this->downloadModule(); } if (Request::post('rebuild', 'no') !== 'no') { + User::assertPermission('module.edit'); $this->rebuildModule(); } } // Action: "addconfig" (compose config from one or more modules) if ($action === 'addconfig') { + User::assertPermission('config.edit'); $this->initAddConfig(); AddConfig_Base::preprocess(); } @@ -116,14 +121,17 @@ class Page_SysConfig extends Page if ($action === 'config') { // Action: "delconfig" (delete config) if (Request::post('del', 'no') !== 'no') { + User::assertPermission('config.edit'); $this->delConfig(); } // Action "activate" (set sysconfig as active) if (Request::post('activate', 'no') !== 'no') { + User::assertPermission('config.assign', $this->currentLoc); $this->activateConfig(); } // Action "rebuild" (rebuild config.tgz from its modules) if (Request::post('rebuild', 'no') !== 'no') { + User::assertPermission('config.edit'); $this->rebuildConfig(); } } @@ -141,15 +149,24 @@ class Page_SysConfig extends Page $action = Request::any('action', 'list'); switch ($action) { case 'addmodule': + User::assertPermission('module.edit'); AddModule_Base::render(); return; case 'addconfig': + User::assertPermission('config.edit'); AddConfig_Base::render(); return; case 'list': + $pMods = User::hasPermission('module.view-list'); + $pConfs = User::hasPermission('config.view-list'); + if (!($pMods || $pConfs)) { + Message::addError('main.no-permission'); + } Render::openTag('div', array('class' => 'row')); - $this->listConfigs(); - if ($this->currentLoc === 0) { + if ($pConfs) { + $this->listConfigs(); + } + if ($this->currentLoc === 0 && $pMods) { $this->listModules(); } Render::closeTag('div'); @@ -159,6 +176,7 @@ class Page_SysConfig extends Page Render::addTemplate('js'); // Make this js snippet a template so i18n works return; case 'module': + User::assertPermission('module.view-list'); $listid = Request::post('list'); if ($listid !== false) { $this->listModuleContents($listid); @@ -166,6 +184,7 @@ class Page_SysConfig extends Page } break; case 'config': + User::assertPermission('config.view-list'); $listid = Request::post('list'); if ($listid !== false) { $this->listConfigContents($listid); @@ -238,13 +257,16 @@ class Page_SysConfig extends Page 'needrebuild' => ($row['status'] !== 'OK') ); } - Render::addTemplate('list-configs', array( + $data = array( 'locationid' => $this->currentLoc, 'locationname' => $locationName, 'havelocations' => Module::isAvailable('locations'), 'configs' => $configs, 'inheritConfig' => !$hasDefault, - )); + ); + Permission::addGlobalTags($data['perms'], null, ['config.edit']); + Permission::addGlobalTags($data['perms'], $this->currentLoc, ['config.assign']); + Render::addTemplate('list-configs', $data); } private function listModules() @@ -254,10 +276,12 @@ class Page_SysConfig extends Page $types = array_map(function ($mod) { return $mod->moduleType(); }, $modules); $titles = array_map(function ($mod) { return $mod->title(); }, $modules); array_multisort($types, SORT_ASC, $titles, SORT_ASC, $modules); - Render::addTemplate('list-modules', array( + $data = array( 'modules' => $modules, 'havemodules' => (count($modules) > 0) - )); + ); + Permission::addGlobalTags($data['perms'], null, ['module.edit', 'module.download']); + Render::addTemplate('list-modules', $data); } private function listModuleContents($moduleid) diff --git a/modules-available/sysconfig/permissions/permissions.json b/modules-available/sysconfig/permissions/permissions.json new file mode 100644 index 00000000..08321c50 --- /dev/null +++ b/modules-available/sysconfig/permissions/permissions.json @@ -0,0 +1,20 @@ +{ + "config.view-list": { + "location-aware": false + }, + "config.assign": { + "location-aware": true + }, + "config.edit": { + "location-aware": false + }, + "module.view-list": { + "location-aware": false + }, + "module.edit": { + "location-aware": false + }, + "module.download": { + "location-aware": false + } +} \ No newline at end of file diff --git a/modules-available/sysconfig/templates/list-configs.html b/modules-available/sysconfig/templates/list-configs.html index 205317b8..4db7b9b2 100644 --- a/modules-available/sysconfig/templates/list-configs.html +++ b/modules-available/sysconfig/templates/list-configs.html @@ -26,7 +26,7 @@ {{^current}} - @@ -54,13 +54,22 @@ {{^needrebuild}} class="refconf btn btn-default btn-xs" {{/needrebuild}} - name="rebuild" value="{{configid}}" title="{{lang_rebuild}}"> + name="rebuild" value="{{configid}}" title="{{lang_rebuild}}" + {{perms.config.edit.disabled}}> + + {{/locationid}} {{^locationid}} - - + + + + {{/locationid}} @@ -101,7 +110,9 @@ {{^locationid}}
- {{lang_newConfiguration}} + + {{lang_newConfiguration}} +
{{/locationid}} diff --git a/modules-available/sysconfig/templates/list-modules.html b/modules-available/sysconfig/templates/list-modules.html index a55253ec..b91ce106 100644 --- a/modules-available/sysconfig/templates/list-modules.html +++ b/modules-available/sysconfig/templates/list-modules.html @@ -16,7 +16,10 @@ {{#allowDownload}} - + {{/allowDownload}} @@ -27,9 +30,18 @@ {{^needRebuild}} class="refmod btn btn-default btn-xs" {{/needRebuild}} - name="rebuild" value="{{id}}" title="{{lang_rebuild}}"> - - + name="rebuild" value="{{id}}" title="{{lang_rebuild}}" {{perms.module.edit.disabled}}> + + + + + + {{/modules}} @@ -40,7 +52,9 @@
- {{lang_newModule}} + + {{lang_newModule}} +
-- cgit v1.2.3-55-g7522