From 676bb4aebcbb65f6271f062d03aef2a48346f2e3 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Fri, 9 Feb 2018 16:17:03 +0100 Subject: [backup] Use permission helpers --- modules-available/backup/page.inc.php | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) (limited to 'modules-available/backup/page.inc.php') diff --git a/modules-available/backup/page.inc.php b/modules-available/backup/page.inc.php index 949cd7f3..14522734 100644 --- a/modules-available/backup/page.inc.php +++ b/modules-available/backup/page.inc.php @@ -16,16 +16,18 @@ class Page_Backup extends Page Util::redirect('?do=Main'); } $this->action = Request::post('action'); - if ($this->action === 'backup' && User::hasPermission("create")) { + if ($this->action === 'backup') { + User::assertPermission("create"); $this->backup(); - } elseif ($this->action === 'restore' && User::hasPermission("restore")) { + } elseif ($this->action === 'restore') { + User::assertPermission("restore"); $this->restore(); } } protected function doRender() { - if ($this->action === 'restore' && User::hasPermission("restore")) { + if ($this->action === 'restore') { // TODO: We're in post mode, redirect with all the taskids first... Render::addTemplate('restore', $this->templateData); } else { $lastBackup = (int)Property::get(self::LAST_BACKUP_PROP, 0); @@ -34,9 +36,9 @@ class Page_Backup extends Page } else { $lastBackup = date('d.m.Y', $lastBackup); } - Render::addTemplate('_page', ['last_backup' => $lastBackup, - "createAllowed" => User::hasPermission("create"), - "restoreAllowed" => User::hasPermission("restore")]); + $params = ['last_backup' => $lastBackup]; + Permission::addGlobalTags($params['perms'], NULL, ['create', 'restore']); + Render::addTemplate('_page', $params); } } -- cgit v1.2.3-55-g7522 From 24815e16087b4b1b64e9f380d45d411af32daf42 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Mon, 9 Apr 2018 16:56:04 +0200 Subject: Permissions: Consistency: Make all pages require at least one permission to be accessible Closes #3340 --- modules-available/backup/page.inc.php | 1 + modules-available/exams/page.inc.php | 9 +-------- modules-available/locations/page.inc.php | 19 +++++++++++++++---- modules-available/news/page.inc.php | 10 ++-------- modules-available/news/permissions/permissions.json | 3 +++ modules-available/rebootcontrol/page.inc.php | 9 ++++++--- modules-available/serversetup-bwlp/page.inc.php | 6 ++++++ .../serversetup-bwlp/permissions/permissions.json | 3 +++ modules-available/statistics_reporting/page.inc.php | 1 + modules-available/sysconfig/page.inc.php | 2 +- modules-available/syslog/page.inc.php | 1 + modules-available/systemstatus/page.inc.php | 1 + modules-available/webinterface/page.inc.php | 4 ++++ .../webinterface/permissions/permissions.json | 3 +++ 14 files changed, 48 insertions(+), 24 deletions(-) (limited to 'modules-available/backup/page.inc.php') diff --git a/modules-available/backup/page.inc.php b/modules-available/backup/page.inc.php index 14522734..985f39ee 100644 --- a/modules-available/backup/page.inc.php +++ b/modules-available/backup/page.inc.php @@ -23,6 +23,7 @@ class Page_Backup extends Page User::assertPermission("restore"); $this->restore(); } + User::assertPermission('*'); } protected function doRender() diff --git a/modules-available/exams/page.inc.php b/modules-available/exams/page.inc.php index 51975052..15640a73 100644 --- a/modules-available/exams/page.inc.php +++ b/modules-available/exams/page.inc.php @@ -441,16 +441,9 @@ class Page_Exams extends Page protected function doRender() { - if (Request::isPost()) { - $examid = Request::post('examid', 0, 'int'); - } else if (Request::isGet()) { - $examid = Request::get('examid', 0, 'int'); - } else { - die('Neither Post nor Get Request send.'); - } - if ($this->action === "show") { + User::assertPermission('exams.view'); // General title and description Render::addTemplate('page-main-heading'); // List of defined exam periods diff --git a/modules-available/locations/page.inc.php b/modules-available/locations/page.inc.php index 80a8076b..4d5c6628 100644 --- a/modules-available/locations/page.inc.php +++ b/modules-available/locations/page.inc.php @@ -24,6 +24,9 @@ class Page_Locations extends Page } elseif ($this->action === 'updatesubnets') { $this->updateSubnets(); } + if (Request::isPost()) { + Util::redirect('?do=locations'); + } } private function updateSubnets() @@ -306,10 +309,16 @@ class Page_Locations extends Page protected function doRender() { - $getAction = Request::get('action'); - if (empty($getAction)) { - // Until we have a main landing page? - Util::redirect('?do=Locations&action=showlocations'); + $getAction = Request::get('action', false, 'string'); + if ($getAction === false) { + if (User::hasPermission('location.view')) { + Util::redirect('?do=locations&action=showlocations'); + } elseif (User::hasPermission('subnets.edit')) { + Util::redirect('?do=locations&action=showsubnets'); + } else { + // Trigger permission denied by asserting non-existent permission + User::assertPermission('location.view'); + } } if ($getAction === 'showsubnets') { User::assertPermission('subnets.edit', NULL, '?do=locations'); @@ -324,6 +333,8 @@ class Page_Locations extends Page Render::addTemplate('subnets', array('list' => $rows)); } elseif ($getAction === 'showlocations') { $this->showLocationList(); + } else { + Util::redirect('?do=locations'); } } diff --git a/modules-available/news/page.inc.php b/modules-available/news/page.inc.php index e7b70c0f..1e2e3eef 100644 --- a/modules-available/news/page.inc.php +++ b/modules-available/news/page.inc.php @@ -46,14 +46,8 @@ class Page_News extends Page // check which action we need to do $action = Request::any('action', 'show'); - if ($action === 'clear') { - // clear news input fields - // TODO: is this the right way? - $this->newsId = false; - $this->newsTitle = false; - $this->newsContent = false; - $this->newsDate = false; - } elseif ($action === 'show') { + if ($action === 'show') { + User::assertPermission('access-page'); /* load latest things */ $this->loadLatest('help'); $this->loadLatest('news'); diff --git a/modules-available/news/permissions/permissions.json b/modules-available/news/permissions/permissions.json index 0d9435d7..953599df 100644 --- a/modules-available/news/permissions/permissions.json +++ b/modules-available/news/permissions/permissions.json @@ -1,4 +1,7 @@ { + "access-page": { + "location-aware": false + }, "help.delete": { "location-aware": false }, diff --git a/modules-available/rebootcontrol/page.inc.php b/modules-available/rebootcontrol/page.inc.php index abbdb2c3..041ae74f 100644 --- a/modules-available/rebootcontrol/page.inc.php +++ b/modules-available/rebootcontrol/page.inc.php @@ -79,11 +79,14 @@ class Page_RebootControl extends Page //location you want to see, default are "not assigned" clients $requestedLocation = Request::get('location', false, 'int'); $allowedLocs = User::getAllowedLocations("action.*"); + if (empty($allowedLocs)) { + User::assertPermission('action.*'); + } if ($requestedLocation === false) { if (in_array(0, $allowedLocs)) { $requestedLocation = 0; - } elseif (!empty($allowedLocs)) { + } else { $requestedLocation = reset($allowedLocs); } } @@ -105,8 +108,8 @@ class Page_RebootControl extends Page Render::addTemplate('header', $data); // only fill table if user has at least one permission for the location - if ($requestedLocation === false) { - Message::addError('main.no-permission'); + if (!in_array($requestedLocation, $allowedLocs)) { + Message::addError('locations.no-permission-location', $requestedLocation); } else { $data['data'] = RebootQueries::getMachineTable($requestedLocation); Render::addTemplate('_page', $data); diff --git a/modules-available/serversetup-bwlp/page.inc.php b/modules-available/serversetup-bwlp/page.inc.php index ae709da7..78096d7b 100644 --- a/modules-available/serversetup-bwlp/page.inc.php +++ b/modules-available/serversetup-bwlp/page.inc.php @@ -43,6 +43,12 @@ class Page_ServerSetup extends Page // iPXE stuff changes $this->updatePxeMenu(); } + + if (Request::isPost()) { + Util::redirect('?do=serversetup'); + } + + User::assertPermission('access-page'); } protected function doRender() diff --git a/modules-available/serversetup-bwlp/permissions/permissions.json b/modules-available/serversetup-bwlp/permissions/permissions.json index 6bae5422..44927506 100644 --- a/modules-available/serversetup-bwlp/permissions/permissions.json +++ b/modules-available/serversetup-bwlp/permissions/permissions.json @@ -1,4 +1,7 @@ { + "access-page": { + "location-aware": false + }, "download": { "location-aware": false }, diff --git a/modules-available/statistics_reporting/page.inc.php b/modules-available/statistics_reporting/page.inc.php index af4b2b12..cc03e4d8 100644 --- a/modules-available/statistics_reporting/page.inc.php +++ b/modules-available/statistics_reporting/page.inc.php @@ -84,6 +84,7 @@ class Page_Statistics_Reporting extends Page die(json_encode($report)); } } + User::assertPermission('*'); } /** diff --git a/modules-available/sysconfig/page.inc.php b/modules-available/sysconfig/page.inc.php index 7bb3e599..8d1799af 100644 --- a/modules-available/sysconfig/page.inc.php +++ b/modules-available/sysconfig/page.inc.php @@ -160,7 +160,7 @@ class Page_SysConfig extends Page $pMods = User::hasPermission('module.view-list'); $pConfs = User::hasPermission('config.view-list'); if (!($pMods || $pConfs)) { - Message::addError('main.no-permission'); + User::assertPermission('config.view-list'); } Render::openTag('div', array('class' => 'row')); if ($pConfs) { diff --git a/modules-available/syslog/page.inc.php b/modules-available/syslog/page.inc.php index 3a7513b5..00c55a3f 100644 --- a/modules-available/syslog/page.inc.php +++ b/modules-available/syslog/page.inc.php @@ -25,6 +25,7 @@ class Page_SysLog extends Page } Util::redirect('?do=syslog'); } + User::assertPermission('*'); } protected function doRender() diff --git a/modules-available/systemstatus/page.inc.php b/modules-available/systemstatus/page.inc.php index 816caa05..66b30bcf 100644 --- a/modules-available/systemstatus/page.inc.php +++ b/modules-available/systemstatus/page.inc.php @@ -18,6 +18,7 @@ class Page_SystemStatus extends Page User::assertPermission("serverreboot"); $this->rebootTask = Taskmanager::submit('Reboot'); } + User::assertPermission('*'); } protected function doRender() diff --git a/modules-available/webinterface/page.inc.php b/modules-available/webinterface/page.inc.php index 806ffd59..ca52c2ab 100644 --- a/modules-available/webinterface/page.inc.php +++ b/modules-available/webinterface/page.inc.php @@ -28,6 +28,10 @@ class Page_WebInterface extends Page $this->actionCustomization(); break; } + if (Request::isPost()) { + Util::redirect('?do=webinterface'); + } + User::assertPermission('access-page'); } private function actionConfigureHttps() diff --git a/modules-available/webinterface/permissions/permissions.json b/modules-available/webinterface/permissions/permissions.json index fa6f493f..ed81602a 100644 --- a/modules-available/webinterface/permissions/permissions.json +++ b/modules-available/webinterface/permissions/permissions.json @@ -1,4 +1,7 @@ { + "access-page": { + "location-aware": false + }, "edit.design": { "location-aware": false }, -- cgit v1.2.3-55-g7522