From c23b6957d841d273cf8b0838481ea461a88a8eb4 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Thu, 8 Feb 2018 15:17:30 +0100 Subject: [inc/User] Add locationid 0 to allowed locations in fallback mode --- inc/user.inc.php | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'inc/user.inc.php') diff --git a/inc/user.inc.php b/inc/user.inc.php index 81091e1b..b5a364ee 100644 --- a/inc/user.inc.php +++ b/inc/user.inc.php @@ -47,8 +47,11 @@ class User $permission = $module ? $module->getIdentifier().".".$permission : $permission; return PermissionUtil::getAllowedLocations(self::$user['userid'], $permission); } - if (self::$user['permissions'] & Permission::get('superadmin')) - return array_keys(Location::getLocationsAssoc()); + if (self::$user['permissions'] & Permission::get('superadmin')) { + $a = array_keys(Location::getLocationsAssoc()); + $a[] = 0; + return $a; + } return array(); } -- cgit v1.2.3-55-g7522 From cfa60bc6dc68699efb74342ead37865c074bc66a Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Fri, 9 Feb 2018 16:13:17 +0100 Subject: Permissions: Introduce helper functions for common tasks assertPermission ensures the user has a given permission and halts execution otherwise. addGlobalTags is a helper to fill an array for the rendering process with tags associated with (missing) permissions. --- inc/permission.inc.php | 20 ++++++++++++++++++++ inc/user.inc.php | 29 +++++++++++++++++++++++++++-- 2 files changed, 47 insertions(+), 2 deletions(-) (limited to 'inc/user.inc.php') diff --git a/inc/permission.inc.php b/inc/permission.inc.php index d04e3c3b..defa9f4d 100644 --- a/inc/permission.inc.php +++ b/inc/permission.inc.php @@ -15,5 +15,25 @@ class Permission return self::$permissions[$permission]; } + + public static function addGlobalTags(&$array, $locationid, $disabled) + { + if (!Module::isAvailable('permissionmanager')) + return; + foreach ($disabled as $perm) { + if (User::hasPermission($perm, $locationid)) + continue; + if (strpos($perm, '.') === false) { + $array[$perm]['disabled'] = 'disabled'; + continue; + } + $temp =& $array; + foreach (explode('.', $perm) as $sub) { + $temp =& $temp[$sub]; + } + $temp['disabled'] = 'disabled'; + } + } + } diff --git a/inc/user.inc.php b/inc/user.inc.php index b5a364ee..eee4f883 100644 --- a/inc/user.inc.php +++ b/inc/user.inc.php @@ -31,8 +31,12 @@ class User if (!self::isLoggedIn()) return false; if (Module::isAvailable("permissionmanager")) { - $module = Page::getModule(); - $permission = $module ? $module->getIdentifier().".".$permission : $permission; + if ($permission{0} === '.') { + $permission = substr($permission, 1); + } else { + $module = Page::getModule(); + $permission = $module ? $module->getIdentifier() . "." . $permission : $permission; + } return PermissionUtil::userHasPermission(self::$user['userid'], $permission, $locationid); } if (self::$user['permissions'] & Permission::get('superadmin')) @@ -40,8 +44,29 @@ class User return (self::$user['permissions'] & Permission::get($permission)) != 0; } + /** + * Confirm current user has the given permission, stop execution and show error message + * otherwise. + * @param string $permission Permission to check for + * @param null|int $locationid location this permission has to apply to, NULL if any location is sufficient + * @param null|string $redirect page to redirect to if permission is not given, NULL defaults to main page + */ + public static function assertPermission($permission, $locationid = NULL, $redirect = NULL) + { + if (User::hasPermission($permission, $locationid)) + return; + Message::addError('main.no-permission'); + if (is_null($redirect)) { + Util::redirect('?do=main'); + } else { + Util::redirect($redirect); + } + } + public static function getAllowedLocations($permission) { + if (!self::isLoggedIn()) + return []; if (Module::isAvailable("permissionmanager")) { $module = Page::getModule(); $permission = $module ? $module->getIdentifier().".".$permission : $permission; -- cgit v1.2.3-55-g7522 From 092b99fb7964ba15d7f20119ef7bd51ca1f2675f Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Thu, 15 Feb 2018 13:23:57 +0100 Subject: [inc/User] getAllowedLocations(): Support cross-module checking --- inc/user.inc.php | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'inc/user.inc.php') diff --git a/inc/user.inc.php b/inc/user.inc.php index eee4f883..79facffc 100644 --- a/inc/user.inc.php +++ b/inc/user.inc.php @@ -68,8 +68,12 @@ class User if (!self::isLoggedIn()) return []; if (Module::isAvailable("permissionmanager")) { - $module = Page::getModule(); - $permission = $module ? $module->getIdentifier().".".$permission : $permission; + if ($permission{0} === '.') { + $permission = substr($permission, 1); + } else { + $module = Page::getModule(); + $permission = $module ? $module->getIdentifier() . "." . $permission : $permission; + } return PermissionUtil::getAllowedLocations(self::$user['userid'], $permission); } if (self::$user['permissions'] & Permission::get('superadmin')) { -- cgit v1.2.3-55-g7522 From 276675039e3a596bbf88ff95203e5c1a30723204 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Fri, 16 Feb 2018 13:10:16 +0100 Subject: [inc/User] assertPermission(): Don't redirect if it's an ajax call --- inc/user.inc.php | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'inc/user.inc.php') diff --git a/inc/user.inc.php b/inc/user.inc.php index 79facffc..2ba1bad2 100644 --- a/inc/user.inc.php +++ b/inc/user.inc.php @@ -56,6 +56,10 @@ class User if (User::hasPermission($permission, $locationid)) return; Message::addError('main.no-permission'); + if (AJAX) { + Message::renderList(); + exit; + } if (is_null($redirect)) { Util::redirect('?do=main'); } else { -- cgit v1.2.3-55-g7522 From 24cfbb62c144c1ffecd2be8be3bfb04705d801dd Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Thu, 29 Mar 2018 12:58:01 +0200 Subject: [inc/User] Make userid type int to fix string compares --- inc/user.inc.php | 1 + 1 file changed, 1 insertion(+) (limited to 'inc/user.inc.php') diff --git a/inc/user.inc.php b/inc/user.inc.php index 2ba1bad2..27a907c3 100644 --- a/inc/user.inc.php +++ b/inc/user.inc.php @@ -99,6 +99,7 @@ class User self::$user = Database::queryFirst('SELECT * FROM user WHERE userid = :uid LIMIT 1', array(':uid' => $uid)); if (self::$user === false) self::logout(); + settype(self::$user['userid'], 'int'); return true; } return false; -- cgit v1.2.3-55-g7522 From 18f378c9bd232822577258fe68afe78df3f7e7f4 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Thu, 29 Mar 2018 18:41:37 +0200 Subject: [permissionmanager] Introduce dedicated "permission denied" page Closes #3350 --- inc/user.inc.php | 17 +++++++++++++---- .../permissionmanager/lang/de/template-tags.json | 5 ++++- .../permissionmanager/lang/en/template-tags.json | 5 ++++- modules-available/permissionmanager/page.inc.php | 9 +++++++++ modules-available/permissionmanager/style.css | 7 ++++++- .../templates/page-permission-denied.html | 21 +++++++++++++++++++++ 6 files changed, 57 insertions(+), 7 deletions(-) create mode 100644 modules-available/permissionmanager/templates/page-permission-denied.html (limited to 'inc/user.inc.php') diff --git a/inc/user.inc.php b/inc/user.inc.php index 27a907c3..f12cc39f 100644 --- a/inc/user.inc.php +++ b/inc/user.inc.php @@ -55,15 +55,24 @@ class User { if (User::hasPermission($permission, $locationid)) return; - Message::addError('main.no-permission'); if (AJAX) { Message::renderList(); exit; } - if (is_null($redirect)) { - Util::redirect('?do=main'); - } else { + if (!is_null($redirect)) { + Message::addError('main.no-permission'); Util::redirect($redirect); + } elseif (Module::isAvailable('permissionmanager')) { + if ($permission{0} !== '.') { + $module = Page::getModule(); + if ($module !== false) { + $permission = '.' . $module->getIdentifier() . '.' . $permission; + } + } + Util::redirect('?do=permissionmanager&show=denied&permission=' . urlencode($permission)); + } else { + Message::addError('main.no-permission'); + Util::redirect('?do=main'); } } diff --git a/modules-available/permissionmanager/lang/de/template-tags.json b/modules-available/permissionmanager/lang/de/template-tags.json index 52073dee..a4fc990b 100644 --- a/modules-available/permissionmanager/lang/de/template-tags.json +++ b/modules-available/permissionmanager/lang/de/template-tags.json @@ -8,6 +8,9 @@ "lang_name": "Name", "lang_newRole": "Rolle anlegen", "lang_numAssignedUsers": "Benutzer mit dieser Rolle", + "lang_permissionDeniedBody": "Ihnen fehlt eine oder mehrere Berechtigungen, um auf diese Seite oder Funktion zuzugreifen.", + "lang_permissionDeniedHeader": "Zugriff verweigert", + "lang_permission": "Berechtigung", "lang_permissions": "Rechte", "lang_removeRole": "Rollen entziehen", "lang_roleDeleteConfirm": "Sind Sie sich sicher, dass Sie diese Rolle l\u00f6schen m\u00f6chten? Benutzer, denen diese Rolle zugewiesen ist, werden die entsprechenden Berechtigungen verlieren.", @@ -17,4 +20,4 @@ "lang_selectizePlaceholder": "Nach Rollen filtern...", "lang_users": "Nutzer", "lang_view": "Anzeigen" -} \ No newline at end of file +} diff --git a/modules-available/permissionmanager/lang/en/template-tags.json b/modules-available/permissionmanager/lang/en/template-tags.json index b7a1d77a..92c3ac26 100644 --- a/modules-available/permissionmanager/lang/en/template-tags.json +++ b/modules-available/permissionmanager/lang/en/template-tags.json @@ -8,6 +8,9 @@ "lang_name": "Name", "lang_newRole": "New Role", "lang_numAssignedUsers": "Users with this role", + "lang_permissionDeniedBody": "You are missing one or more permissions to access this page or functionality.", + "lang_permissionDeniedHeader": "Access denied", + "lang_permission": "Permission", "lang_permissions": "Permissions", "lang_removeRole": "Revoke Roles", "lang_roleDeleteConfirm": "Are you sure you want to delete this role? Users currently assigned to this role will lose the according permissions.", @@ -17,4 +20,4 @@ "lang_selectizePlaceholder": "Filter for roles...", "lang_users": "Users", "lang_view": "View" -} \ No newline at end of file +} diff --git a/modules-available/permissionmanager/page.inc.php b/modules-available/permissionmanager/page.inc.php index d326bb94..828891ab 100644 --- a/modules-available/permissionmanager/page.inc.php +++ b/modules-available/permissionmanager/page.inc.php @@ -50,6 +50,15 @@ class Page_PermissionManager extends Page { $show = Request::get("show", false, 'string'); + // "Public" page -- nice "permission denied" message + if ($show === 'denied') { + Render::addTemplate('page-permission-denied', [ + 'name' => User::getName(), + 'permission' => Request::get('permission', false, 'string'), + ]); + return; + } + if ($show === false) { foreach (['roles', 'users', 'locations'] as $show) { if (User::hasPermission($show . '.*')) diff --git a/modules-available/permissionmanager/style.css b/modules-available/permissionmanager/style.css index 6169b26f..dca38eeb 100644 --- a/modules-available/permissionmanager/style.css +++ b/modules-available/permissionmanager/style.css @@ -58,4 +58,9 @@ td > .label { .btn-group-muted > button { color: #aaa; -} \ No newline at end of file +} + +h1 span.glyphicon { + top: 9px; +} + diff --git a/modules-available/permissionmanager/templates/page-permission-denied.html b/modules-available/permissionmanager/templates/page-permission-denied.html new file mode 100644 index 00000000..cc357a0b --- /dev/null +++ b/modules-available/permissionmanager/templates/page-permission-denied.html @@ -0,0 +1,21 @@ +

+
+

+ + + {{lang_permissionDeniedHeader}} + +

+

+

+ {{lang_permissionDeniedBody}} +

+ {{#permission}} +
+ {{lang_permission}}: {{permission}} +
+ {{/permission}} +
+ {{lang_user}}: {{name}} +
+
-- cgit v1.2.3-55-g7522 From b364fcb761be1cbed909422252d32ff842af81be Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Mon, 16 Apr 2018 15:10:55 +0200 Subject: [inc/User] Activate module locations before access --- inc/user.inc.php | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'inc/user.inc.php') diff --git a/inc/user.inc.php b/inc/user.inc.php index f12cc39f..2571c61c 100644 --- a/inc/user.inc.php +++ b/inc/user.inc.php @@ -90,8 +90,12 @@ class User return PermissionUtil::getAllowedLocations(self::$user['userid'], $permission); } if (self::$user['permissions'] & Permission::get('superadmin')) { - $a = array_keys(Location::getLocationsAssoc()); - $a[] = 0; + if (Module::isAvailable('locations')) { + $a = array_keys(Location::getLocationsAssoc()); + $a[] = 0; + } else { + $a = [0]; + } return $a; } return array(); -- cgit v1.2.3-55-g7522 From cd092274b88599449902f480f35291768be6e99e Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Tue, 7 Aug 2018 16:54:01 +0200 Subject: [inc/User] Fix access to Page if class is not loaded --- inc/user.inc.php | 11 ++++- lang/pt/flag.png | Bin 1115 -> 0 bytes lang/pt/name.txt | 1 - modules-available/exams/lang/de/template-tags.json | 2 +- modules-available/exams/lang/en/template-tags.json | 2 +- .../coursebackend/coursebackend_hisinone.inc.php | 48 +++++++++++++-------- .../locationinfo/lang/de/template-tags.json | 2 +- .../locationinfo/lang/en/template-tags.json | 2 +- 8 files changed, 43 insertions(+), 25 deletions(-) delete mode 100644 lang/pt/flag.png delete mode 100644 lang/pt/name.txt (limited to 'inc/user.inc.php') diff --git a/inc/user.inc.php b/inc/user.inc.php index 2571c61c..20e8cd3d 100644 --- a/inc/user.inc.php +++ b/inc/user.inc.php @@ -34,8 +34,15 @@ class User if ($permission{0} === '.') { $permission = substr($permission, 1); } else { - $module = Page::getModule(); - $permission = $module ? $module->getIdentifier() . "." . $permission : $permission; + if (class_exists('Page')) { + $module = Page::getModule(); + if ($module !== false) { + $module = $module->getIdentifier(); + } + } else { + $module = strtolower(Request::any('do')); + } + $permission = $module ? $module . "." . $permission : $permission; } return PermissionUtil::userHasPermission(self::$user['userid'], $permission, $locationid); } diff --git a/lang/pt/flag.png b/lang/pt/flag.png deleted file mode 100644 index 78c57dea..00000000 Binary files a/lang/pt/flag.png and /dev/null differ diff --git a/lang/pt/name.txt b/lang/pt/name.txt deleted file mode 100644 index 811b10b4..00000000 --- a/lang/pt/name.txt +++ /dev/null @@ -1 +0,0 @@ -Português \ No newline at end of file diff --git a/modules-available/exams/lang/de/template-tags.json b/modules-available/exams/lang/de/template-tags.json index 8bf37143..1dd51374 100644 --- a/modules-available/exams/lang/de/template-tags.json +++ b/modules-available/exams/lang/de/template-tags.json @@ -29,7 +29,7 @@ "lang_headingMain": "bwLehrpool Pr\u00fcfungsmodus", "lang_id": "ID", "lang_lectureName": "Veranstaltungsname", - "lang_lectureOutOfRange": "Achtung: Start- bzw. Endzeitpunkt der Veranstaltung liegen au\u00dferhalb des oben angegebenen Zeitraums", + "lang_lectureOutOfRange": "Achtung: Der oben angegebene Zeitraum ist k\u00fcrzer als die Dauer der Veranstaltung", "lang_location": "Raum\/Ort", "lang_locationInfo": "W\u00e4hlen Sie hier die R\u00e4ume und Orte aus, die w\u00e4hrend des unten ausgew\u00e4hlten Zeitraums in den Pr\u00fcfungsmodus versetzt werden. Wenn sie hier keine Auswahl treffen, werden alle R\u00e4ume in den Pr\u00fcfungsmodus versetzt.", "lang_locations": "R\u00e4ume\/Orte", diff --git a/modules-available/exams/lang/en/template-tags.json b/modules-available/exams/lang/en/template-tags.json index af87bb01..23266154 100644 --- a/modules-available/exams/lang/en/template-tags.json +++ b/modules-available/exams/lang/en/template-tags.json @@ -29,7 +29,7 @@ "lang_headingMain": "bwLehrpool Exam Mode", "lang_id": "ID", "lang_lectureName": "Lecture name", - "lang_lectureOutOfRange": "Hint: Start or end date of given lecture lies outside of exam period given above", + "lang_lectureOutOfRange": "Hint: The exam period given above is shorter than the duration of the given lecture", "lang_location": "Room\/Location", "lang_locationInfo": "Select the rooms and locations you want to enable the exam mode in. Selecting nothing at all means that all clients will boot into exam mode during the given time period.", "lang_locations": "Rooms\/Locations", diff --git a/modules-available/locationinfo/inc/coursebackend/coursebackend_hisinone.inc.php b/modules-available/locationinfo/inc/coursebackend/coursebackend_hisinone.inc.php index 558f5cd0..3b26e625 100644 --- a/modules-available/locationinfo/inc/coursebackend/coursebackend_hisinone.inc.php +++ b/modules-available/locationinfo/inc/coursebackend/coursebackend_hisinone.inc.php @@ -274,8 +274,7 @@ class CourseBackend_HisInOne extends CourseBackend foreach ($eventDetails as $event) { foreach (array('/hisdefaulttext', '/hisshorttext', - '/hisshortcomment', - '/hisplanelements/hisplanelement/hisdefaulttext') as $path) { + '/hisshortcomment') as $path) { $name = $this->getArrayPath($event, $path); if (!empty($name) && !empty($name[0])) break; @@ -284,25 +283,38 @@ class CourseBackend_HisInOne extends CourseBackend if ($name === false) { $name = ['???']; } - $unitPlannedDates = $this->getArrayPath($event, - '/hisplanelements/hisplanelement/hisplannedDates/hisplannedDate/hisindividualDates/hisindividualDate'); - if ($unitPlannedDates === false) { - $this->error = 'Cannot find ./hisplanelements/hisplanelement/hisplannedDates/hisplannedDate/hisindividualDates/hisindividualDate'; - error_log('Cannot find ./hisplanelements/hisplanelement/hisplannedDates/hisplannedDate/hisindividualDates/hisindividualDate'); + $planElements = $this->getArrayPath($event, '/hisplanelements/hisplanelement'); + if ($planElements === false) { + $this->error = 'Cannot find ./hisplanelements/hisplanelement'; + error_log('Cannot find ./hisplanelements/hisplanelement'); error_log(print_r($event, true)); continue; } - foreach ($unitPlannedDates as $plannedDate) { - $eventRoomId = $this->getArrayPath($plannedDate, '/hisroomId')[0]; - $eventDate = $this->getArrayPath($plannedDate, '/hisexecutiondate')[0]; - if (in_array($eventRoomId, $requestedRoomIds) && in_array($eventDate, $currentWeek)) { - $startTime = $this->getArrayPath($plannedDate, '/hisstarttime')[0]; - $endTime = $this->getArrayPath($plannedDate, '/hisendtime')[0]; - $tTables[$eventRoomId][] = array( - 'title' => $name[0], - 'start' => $eventDate . "T" . $startTime, - 'end' => $eventDate . "T" . $endTime - ); + foreach ($planElements as $planElement) { + $unitPlannedDates = $this->getArrayPath($planElement, + '/hisplannedDates/hisplannedDate/hisindividualDates/hisindividualDate'); + if ($unitPlannedDates === false) { + $this->error = 'Cannot find ./hisplannedDates/hisplannedDate/hisindividualDates/hisindividualDate'; + error_log('Cannot find ./hisplannedDates/hisplannedDate/hisindividualDates/hisindividualDate'); + error_log(print_r($planElement, true)); + continue; + } + $localName = $this->getArrayPath($planElement, '/hisdefaulttext'); + if ($localName === false || empty($localName[0])) { + $localName = $name; + } + foreach ($unitPlannedDates as $plannedDate) { + $eventRoomId = $this->getArrayPath($plannedDate, '/hisroomId')[0]; + $eventDate = $this->getArrayPath($plannedDate, '/hisexecutiondate')[0]; + if (in_array($eventRoomId, $requestedRoomIds) && in_array($eventDate, $currentWeek)) { + $startTime = $this->getArrayPath($plannedDate, '/hisstarttime')[0]; + $endTime = $this->getArrayPath($plannedDate, '/hisendtime')[0]; + $tTables[$eventRoomId][] = array( + 'title' => $localName[0], + 'start' => $eventDate . "T" . $startTime, + 'end' => $eventDate . "T" . $endTime + ); + } } } } diff --git a/modules-available/locationinfo/lang/de/template-tags.json b/modules-available/locationinfo/lang/de/template-tags.json index bcdf7148..b51c420b 100644 --- a/modules-available/locationinfo/lang/de/template-tags.json +++ b/modules-available/locationinfo/lang/de/template-tags.json @@ -76,7 +76,7 @@ "lang_remoteSchedule": "Abruf Belegungsplan", "lang_room": "Raum", "lang_roomId": "Raum ID", - "lang_roomIdTooltip": "Die Raum ID, die der Server ben\u00f6tigt, um Kalenderdaten abzurufen", + "lang_roomIdTooltip": "Die Raum ID, die der Server ben\u00f6tigt, um Kalenderdaten abzurufen (bei Exchange die Postfachadresse)", "lang_roomupdateTooltip": "Zeit nach der die PCs aktualisiert werden (in Sekunden)", "lang_rotation": "Rotation", "lang_rotation0": "0\u00b0", diff --git a/modules-available/locationinfo/lang/en/template-tags.json b/modules-available/locationinfo/lang/en/template-tags.json index 558ddff0..f041dc0a 100644 --- a/modules-available/locationinfo/lang/en/template-tags.json +++ b/modules-available/locationinfo/lang/en/template-tags.json @@ -76,7 +76,7 @@ "lang_remoteSchedule": "Time table retrieval", "lang_room": "Room", "lang_roomId": "Room ID", - "lang_roomIdTooltip": "The ID of the room the server needs, for querying the calendar data", + "lang_roomIdTooltip": "The ID of the room the server needs, for querying the calendar data (when using exchange the room mailbox)", "lang_roomupdateTooltip": "Time the PCs in the room gets updated (in seconds)", "lang_rotation": "Rotation", "lang_rotation0": "0\u00b0", -- cgit v1.2.3-55-g7522