From e04a2b0614666b4937c72a5c69ebf7a6c05cf24a Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Sat, 24 Feb 2018 13:48:24 +0100
Subject: [baseconfig] Add permissions
---
modules-available/baseconfig/page.inc.php | 42 ++++++++++++++--------
.../baseconfig/permissions/permissions.json | 8 +++++
modules-available/baseconfig/templates/_page.html | 11 +++---
modules-available/locations/page.inc.php | 10 ++++++
4 files changed, 53 insertions(+), 18 deletions(-)
create mode 100644 modules-available/baseconfig/permissions/permissions.json
diff --git a/modules-available/baseconfig/page.inc.php b/modules-available/baseconfig/page.inc.php
index 426d3fdd..97fb6072 100644
--- a/modules-available/baseconfig/page.inc.php
+++ b/modules-available/baseconfig/page.inc.php
@@ -13,19 +13,25 @@ class Page_BaseConfig extends Page
protected function doPreprocess()
{
User::load();
+ if (!User::isLoggedIn()) {
+ Message::addError('main.no-permission');
+ Util::redirect('?do=Main');
+ }
// Determine if we're setting global or module specific
$this->getModuleSpecific();
$newValues = Request::post('setting');
if (is_array($newValues)) {
- if (!User::hasPermission('superadmin')) {
- Message::addError('main.no-permission');
- Util::redirect('?do=baseconfig');
+ if ($this->targetModule === 'locations') {
+ User::assertPermission('edit', $this->qry_extra['field_value']);
+ } else {
+ User::assertPermission('edit', 0);
}
// Build variables for specific sub-settings
if ($this->targetModule === false) {
- // We're editing global settings - use the 'enabled' field
+ // We're editing global settings
+ // use the 'enabled' field
$qry_insert = ', enabled';
$qry_values = ', :enabled';
$qry_update = ', enabled = :enabled';
@@ -115,10 +121,6 @@ class Page_BaseConfig extends Page
protected function doRender()
{
- if (!User::hasPermission('superadmin')) {
- Message::addError('main.no-permission');
- Util::redirect('?do=Main');
- }
// Check if valid submodule mode, store name if any
if ($this->targetModule !== false) {
$this->qry_extra['subheading'] = $this->getCurrentModuleName();
@@ -127,6 +129,13 @@ class Page_BaseConfig extends Page
Util::redirect('?do=BaseConfig');
}
}
+ if ($this->targetModule === 'locations') {
+ User::assertPermission('view', $this->qry_extra['field_value']);
+ $editForbidden = !User::hasPermission('edit', $this->qry_extra['field_value']);
+ } else {
+ User::assertPermission('view', 0);
+ $editForbidden = !User::hasPermission('edit', 0);
+ }
// Get stuff that's set in DB already
if ($this->targetModule === false) {
$fields = ', enabled';
@@ -183,15 +192,13 @@ class Page_BaseConfig extends Page
if (!isset($settings[$var['catid']]['settings'][$key]['shadows'])) {
$settings[$var['catid']]['settings'][$key]['shadows'] = isset($var['shadows']) ? $var['shadows'] : null;
}
- //echo "";
- //var_dump($settings[$var['catid']]['settings'][$key]);
- //echo "
";
$settings[$var['catid']]['settings'][$key] += array(
'item' => $this->makeInput(
$var['validator'],
$key,
$settings[$var['catid']]['settings'][$key]['displayvalue'],
- $settings[$var['catid']]['settings'][$key]['shadows']
+ $settings[$var['catid']]['settings'][$key]['shadows'],
+ $editForbidden
),
'description' => Util::markup(Dictionary::translateFileModule($var['module'], 'config-variables', $key)),
'setting' => $key,
@@ -218,6 +225,7 @@ class Page_BaseConfig extends Page
'override' => $this->targetModule !== false,
'categories' => array_values($settings),
'target_module' => $this->targetModule,
+ 'edit_disabled' => $editForbidden ? 'disabled' : '',
) + $this->qry_extra);
Module::isAvailable('bootstrap_switch');
}
@@ -296,13 +304,16 @@ class Page_BaseConfig extends Page
* @param string $validator
* @return boolean
*/
- private function makeInput($validator, $setting, $current, $shadows)
+ private function makeInput($validator, $setting, $current, $shadows, $disabled)
{
/* for the html snippet we need: */
$args = array('class' => 'form-control', 'name' => "setting[$setting]", 'id' => $setting);
if (!empty($shadows)) {
$args['data-shadows'] = json_encode($shadows);
}
+ if ($disabled) {
+ $args['disabled'] = true;
+ }
$inner = "";
/* -- */
@@ -360,10 +371,13 @@ class Page_BaseConfig extends Page
$output = "<$tag ";
foreach ($args as $key => $val) {
+ if ($val === true) {
+ $output .= $key . ' ';
+ }
$output .= "$key=\"" . htmlspecialchars($val) . '" ';
}
if (empty($inner)) {
- $output .= '/>';
+ $output .= '>';
} else {
$output .= '>' . $inner . "";
}
diff --git a/modules-available/baseconfig/permissions/permissions.json b/modules-available/baseconfig/permissions/permissions.json
new file mode 100644
index 00000000..9edefdfb
--- /dev/null
+++ b/modules-available/baseconfig/permissions/permissions.json
@@ -0,0 +1,8 @@
+{
+ "view": {
+ "location-aware": true
+ },
+ "edit": {
+ "location-aware": true
+ }
+}
\ No newline at end of file
diff --git a/modules-available/baseconfig/templates/_page.html b/modules-available/baseconfig/templates/_page.html
index 89caf9f2..110ee5ec 100644
--- a/modules-available/baseconfig/templates/_page.html
+++ b/modules-available/baseconfig/templates/_page.html
@@ -29,7 +29,7 @@
{{#defaultvalue}}{{lang_defaultValue}}:{{/defaultvalue}}
{{defaultvalue}}
-
+