From 59430e90b1b9334761d815aeb6e519effe7e5243 Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Tue, 13 Feb 2018 17:52:52 +0100
Subject: [dozmod] Move subpages to pages/, hide pages where user has no
permission
---
modules-available/dozmod/pages/actionlog.inc.php | 168 +++++++++++++++++++++++
1 file changed, 168 insertions(+)
create mode 100644 modules-available/dozmod/pages/actionlog.inc.php
(limited to 'modules-available/dozmod/pages/actionlog.inc.php')
diff --git a/modules-available/dozmod/pages/actionlog.inc.php b/modules-available/dozmod/pages/actionlog.inc.php
new file mode 100644
index 00000000..6cbd2868
--- /dev/null
+++ b/modules-available/dozmod/pages/actionlog.inc.php
@@ -0,0 +1,168 @@
+ self::$uuid));
+ if ($user === false) {
+ Message::addError('unknown-userid', self::$uuid);
+ Util::redirect('?do=dozmod§ion=actionlog');
+ }
+ // Mangle date and render
+ $user['lastlogin_s'] = date('d.m.Y H:i', $user['lastlogin']);
+ Render::addTemplate('actionlog-user', $user);
+ // Finally add the actionlog
+ self::generateLog("SELECT al.dateline, al.targetid, al.description,"
+ . " img.displayname AS imgname, usr.firstname AS tfirstname, usr.lastname AS tlastname, l.displayname AS lecturename"
+ . " FROM sat.actionlog al"
+ . " LEFT JOIN sat.imagebase img ON (img.imagebaseid = targetid)"
+ . " LEFT JOIN sat.user usr ON (usr.userid = targetid)"
+ . " LEFT JOIN sat.lecture l ON (l.lectureid = targetid)"
+ . " WHERE al.userid = :uuid"
+ . " ORDER BY al.dateline DESC LIMIT 500", array('uuid' => self::$uuid), false, true);
+ }
+
+ private static function listTarget()
+ {
+ // We have to guess what kind of target it is
+ if (!self::addImageHeader()
+ && !self::addLectureHeader()) {
+ Message::addError('unknown-targetid', self::$uuid);
+ // Keep going, there might still be log entries for a deleted uuid
+ }
+
+ // Finally add the actionlog
+ self::generateLog("SELECT al.dateline, al.userid AS uuserid, al.description,"
+ . " usr.firstname AS ufirstname, usr.lastname AS ulastname"
+ . " FROM sat.actionlog al"
+ . " LEFT JOIN sat.user usr ON (usr.userid = al.userid)"
+ . " WHERE al.targetid = :uuid"
+ . " ORDER BY al.dateline DESC LIMIT 500", array('uuid' => self::$uuid), true, false);
+ }
+
+ private static function addImageHeader()
+ {
+ $image = Database::queryFirst('SELECT o.userid AS ouserid, o.firstname AS ofirstname, o.lastname AS olastname,'
+ . ' u.userid AS uuserid, u.firstname AS ufirstname, u.lastname AS ulastname,'
+ . ' img.displayname, img.description, img.createtime, img.updatetime,'
+ . ' os.displayname AS osname'
+ . ' FROM sat.imagebase img'
+ . ' LEFT JOIN sat.user o ON (img.ownerid = o.userid)'
+ . ' LEFT JOIN sat.user u ON (img.updaterid = u.userid)'
+ . ' LEFT JOIN sat.operatingsystem os ON (img.osid = os.osid)'
+ . ' WHERE img.imagebaseid = :uuid'
+ . ' LIMIT 1', array('uuid' => self::$uuid));
+ if ($image !== false) {
+ // Mangle date and render
+ $image['createtime_s'] = date('d.m.Y H:i', $image['createtime']);
+ $image['updatetime_s'] = date('d.m.Y H:i', $image['updatetime']);
+ $image['descriptionHtml'] = nl2br(htmlspecialchars($image['description']));
+ Render::addTemplate('actionlog-image', $image);
+ }
+ return $image !== false;
+ }
+
+ private static function addLectureHeader()
+ {
+ $lecture = Database::queryFirst('SELECT o.userid AS ouserid, o.firstname AS ofirstname, o.lastname AS olastname,'
+ . ' u.userid AS uuserid, u.firstname AS ufirstname, u.lastname AS ulastname,'
+ . ' l.displayname, l.description, l.createtime, l.updatetime,'
+ . ' img.displayname AS imgname, img.imagebaseid'
+ . ' FROM sat.lecture l'
+ . ' LEFT JOIN sat.user o ON (l.ownerid = o.userid)'
+ . ' LEFT JOIN sat.user u ON (l.updaterid = u.userid)'
+ . ' LEFT JOIN sat.imageversion ver ON (ver.imageversionid = l.imageversionid)'
+ . ' LEFT JOIN sat.imagebase img ON (img.imagebaseid = ver.imagebaseid)'
+ . ' WHERE l.lectureid = :uuid'
+ . ' LIMIT 1', array('uuid' => self::$uuid));
+ if ($lecture !== false) {
+ // Mangle date and render
+ $lecture['createtime_s'] = date('d.m.Y H:i', $lecture['createtime']);
+ $lecture['updatetime_s'] = date('d.m.Y H:i', $lecture['updatetime']);
+ $lecture['descriptionHtml'] = nl2br(htmlspecialchars($lecture['description']));
+ Render::addTemplate('actionlog-lecture', $lecture);
+ }
+ return $lecture !== false;
+ }
+
+ private static function generateLog($query, $params, $showActor, $showTarget)
+ {
+ // query action log
+ $res = Database::simpleQuery($query, $params);
+ $events = array();
+ while ($row = $res->fetch(PDO::FETCH_ASSOC)) {
+ $row['dateline_s'] = date('d.m.Y H:i', $row['dateline']);
+ if (isset($row['imgname'])) {
+ $row['targeturl'] = '?do=dozmod§ion=actionlog&action=showtarget&uuid=' . $row['targetid'];
+ $row['targetname'] = $row['imgname'];
+ } elseif (isset($row['tlastname'])) {
+ $row['targeturl'] = '?do=dozmod§ion=actionlog&action=showuser&uuid=' . $row['targetid'];
+ $row['targetname'] = $row['tlastname'] . ', ' . $row['tfirstname'];
+ } elseif (isset($row['lecturename'])) {
+ $row['targeturl'] = '?do=dozmod§ion=actionlog&action=showtarget&uuid=' . $row['targetid'];
+ $row['targetname'] = $row['lecturename'];
+ }
+ $events[] = $row;
+ }
+ $data = array('events' => $events);
+ if ($showActor) {
+ $data['showActor'] = true;
+ }
+ if ($showTarget) {
+ $data['showTarget'] = true;
+ }
+
+ $data['allowedShowUser'] = User::hasPermission("actionlog.showuser");
+ $data['allowedShowTarget'] = User::hasPermission("actionlog.showtarget");
+ Render::addTemplate('actionlog-log', $data);
+ }
+
+ public static function doAjax()
+ {
+
+ }
+
+}
\ No newline at end of file
--
cgit v1.2.3-55-g7522
From bf6d65f55eacde61e996b3b08994ddc6e66e0424 Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Wed, 28 Mar 2018 14:30:22 +0200
Subject: [dozmod] Simplify permissions, don't link user in userlist if
actionlog is inaccessible
Closes #3332
---
modules-available/dozmod/lang/de/permissions.json | 9 ++++-----
modules-available/dozmod/lang/de/template-tags.json | 7 +------
modules-available/dozmod/lang/en/permissions.json | 9 ++++-----
modules-available/dozmod/lang/en/template-tags.json | 7 +------
modules-available/dozmod/pages/actionlog.inc.php | 11 +++--------
modules-available/dozmod/pages/users.inc.php | 5 ++++-
modules-available/dozmod/permissions/permissions.json | 8 ++++----
modules-available/dozmod/templates/actionlog-log.html | 6 ++++--
modules-available/dozmod/templates/userlist.html | 6 +++++-
9 files changed, 30 insertions(+), 38 deletions(-)
(limited to 'modules-available/dozmod/pages/actionlog.inc.php')
diff --git a/modules-available/dozmod/lang/de/permissions.json b/modules-available/dozmod/lang/de/permissions.json
index 9c5af91d..df913265 100644
--- a/modules-available/dozmod/lang/de/permissions.json
+++ b/modules-available/dozmod/lang/de/permissions.json
@@ -1,14 +1,13 @@
{
- "actionlog.showtarget": "Target Data im Aktions-Log anzeigen.",
- "actionlog.showuser": "User Data im Aktions-Log anzeigen.",
+ "actionlog.view": "Aktions-Log einsehen.",
"expiredimages.delete": "Zur L\u00f6schung vorgemerkete Abbilder l\u00f6schen.",
"mailconfig.save": "\u00c4nderungen an der SMTP-Konfiguration zum Versenden von Mails speichern.",
- "mailconfig.testmail": "Eine Test E-Mail verschicken.",
"runtimeconfig.save": "\u00c4nderungen an der Laufzeit-Konfiguration speichern.",
"templates.reset": "E-Mail Templates zur\u00fccksetzen.",
"templates.save": "E-Mail Templates speichern.",
- "users.setorglogin": "Anmeldungen f\u00fcr Benutzer von bestimmten Einrichtungen aktivieren\/deaktivieren.",
"users.setlogin": "Anmeldungen f\u00fcr einzelne Benutzer aktivieren\/deaktivieren.",
"users.setmail": "E-Mail Benachrichtigungen f\u00fcr einzelne Benutzer aktivieren\/deaktivieren.",
- "users.setsu": "Benutzer zu SuperUser ernennen."
+ "users.setorglogin": "Anmeldungen f\u00fcr Benutzer von bestimmten Einrichtungen aktivieren\/deaktivieren.",
+ "users.setsu": "Benutzer zu SuperUser ernennen.",
+ "users.view": "Benutzerliste sehen."
}
\ No newline at end of file
diff --git a/modules-available/dozmod/lang/de/template-tags.json b/modules-available/dozmod/lang/de/template-tags.json
index a1c23d2e..84f6e0de 100644
--- a/modules-available/dozmod/lang/de/template-tags.json
+++ b/modules-available/dozmod/lang/de/template-tags.json
@@ -40,7 +40,6 @@
"lang_lecturePermissionEdit": "Bearbeiten",
"lang_loadDefaults": "Alle Texte auf Auslieferungszustand zur\u00fccksetzen",
"lang_mailConfig": "SMTP-Konfiguration zum Versenden von Mails",
- "lang_mailConfigHeadline": "EMail-Konfiguration",
"lang_mailDescription": "F\u00fcllen Sie die folgenden Felder aus, wenn sie m\u00f6chten, dass Dozierende per Mail benachrichtigt werden, falls eine von ihnen genutzte oder erstellte VM oder Veranstaltung abl\u00e4uft. Um diese Funktion zu deaktivieren, lassen Sie eines der mit (*) gekennzeichneten Felder leer. Wenn das hier angegebene E-Mail-Konto nur zum Versenden von Mails genutzt wird, sollten Sie einen Auto-Responder einrichten f\u00fcr den Fall, dass ein Dozierender auf eine der automatisch generierten Mails antwortet (bzw. eine explizit angegebene Reply-To Adresse ignoriert).",
"lang_mailTemplates": "E-Mail Templates",
"lang_maxImageValidity": "G\u00fcltigkeitsdauer neuer VM-Versionen (Tage)",
@@ -50,7 +49,6 @@
"lang_miscOptions": "Verschiedene Einstellungen",
"lang_modified": "Modifiziert",
"lang_organization": "Einrichtung",
- "lang_organizationList": "Liste der Einrichtungen",
"lang_organizationListHeader": "Nutzungsrechte f\u00fcr den Satelliten festlegen",
"lang_os": "Betriebssystem",
"lang_owner": "Besitzer",
@@ -61,7 +59,6 @@
"lang_replaceWithOriginal": "Originaltext in Textbox laden",
"lang_replyTo": "Reply-To Adresse",
"lang_runtimeConfig": "Laufzeit-Konfiguration",
- "lang_runtimeConfigHeadline": "Laufzeit-Konfiguration",
"lang_runtimeConfigLimits": "Beschr\u00e4nkungen",
"lang_senderAddress": "Absenderadresse",
"lang_senderName": "Absender Anzeigename",
@@ -71,7 +68,6 @@
"lang_sslExplicit": "Explizites SSL (\"STARTTLS\")",
"lang_sslImplicit": "Implizites SSL",
"lang_sslNone": "Kein SSL",
- "lang_subHeading": "Images, die abgelaufen oder besch\u00e4digt sind",
"lang_superUser": "Ist SuperUser (darf alle Veranstaltungen und VMs bearbeiten\/l\u00f6schen)",
"lang_system": "System",
"lang_template": "Template",
@@ -83,10 +79,9 @@
"lang_updateTime": "Letzte Bearbeitung",
"lang_user": "Benutzername",
"lang_userId": "Benutzer-ID",
- "lang_userList": "Benutzerliste",
"lang_userListDescription": "Hier k\u00f6nnen Sie individuelle Nutzer zu \"Super-Usern\" machen. Diese haben in der bwLehrpool-Suite auf alle Veranstaltungen und VMs Vollzugriff, unabh\u00e4ngig von den gesetzten Berechtigungen. Au\u00dferdem k\u00f6nnen Sie hier Benutzer vom Zugriff mittels der bwLehrpool-Suite ausschlie\u00dfen.",
"lang_userListHeader": "Dem Satelliten bekannte Benutzer",
"lang_usernameplaceholder": "SMTP Benutzername",
"lang_version": "Version vom",
"lang_when": "Wann"
-}
+}
\ No newline at end of file
diff --git a/modules-available/dozmod/lang/en/permissions.json b/modules-available/dozmod/lang/en/permissions.json
index a86cf155..0827c8d2 100644
--- a/modules-available/dozmod/lang/en/permissions.json
+++ b/modules-available/dozmod/lang/en/permissions.json
@@ -1,14 +1,13 @@
{
- "actionlog.showtarget": "Show Target Data in Log.",
- "actionlog.showuser": "Show User Data in Log.",
+ "actionlog.view": "View action log.",
"expiredimages.delete": "Delete images marked for deletion.",
"mailconfig.save": "Save SMTP configuration for sending mails.",
- "mailconfig.testmail": "Send a testmail.",
"runtimeconfig.save": "Save limits and defaults of a runtime configuration.",
"templates.reset": "Reset email templates.",
"templates.save": "Save email templates.",
- "users.setorglogin": "Enalbe\/Disable Login for Users from certain organisations.",
"users.setlogin": "Enable\/Disable Login.",
"users.setmail": "Enable\/Disable Email Notification.",
- "users.setsu": "Set User to superuser."
+ "users.setorglogin": "Enalbe\/Disable Login for Users from certain organisations.",
+ "users.setsu": "Set User to superuser.",
+ "users.view": "View user list."
}
\ No newline at end of file
diff --git a/modules-available/dozmod/lang/en/template-tags.json b/modules-available/dozmod/lang/en/template-tags.json
index f12e4ab8..329f7260 100644
--- a/modules-available/dozmod/lang/en/template-tags.json
+++ b/modules-available/dozmod/lang/en/template-tags.json
@@ -40,7 +40,6 @@
"lang_lecturePermissionEdit": "Edit",
"lang_loadDefaults": "Reset all templates to their defaults",
"lang_mailConfig": "SMTP configuration for sending mails",
- "lang_mailConfigHeadline": "Email Configuration",
"lang_mailDescription": "Fill in the following fields if you want to notify tutors\/professors\/lecturers about expiring VMs and lectures. If you leave one of the required fields blank, the feature will be disabled.",
"lang_mailTemplates": "E-Mail Templates",
"lang_maxImageValidity": "New VM validity (days)",
@@ -50,7 +49,6 @@
"lang_miscOptions": "Misc options",
"lang_modified": "modified",
"lang_organization": "Organization",
- "lang_organizationList": "List of Organizations",
"lang_organizationListHeader": "Set access permissions for organizations",
"lang_os": "Operating System",
"lang_owner": "Owner",
@@ -61,7 +59,6 @@
"lang_replaceWithOriginal": "load original text into text box",
"lang_replyTo": "Reply-To address",
"lang_runtimeConfig": "Limits and Defaults",
- "lang_runtimeConfigHeadline": "Configure Limits and Defaults for bwLehrpool-Suite",
"lang_runtimeConfigLimits": "Limitations",
"lang_senderAddress": "Sender address",
"lang_senderName": "Sender's display name",
@@ -71,7 +68,6 @@
"lang_sslExplicit": "Explicit SSL (\"STARTTLS\")",
"lang_sslImplicit": "Implicit SSL",
"lang_sslNone": "No SSL",
- "lang_subHeading": "Expired or damaged images",
"lang_superUser": "Is super user (can edit\/delete all lectures and VMs)",
"lang_system": "System",
"lang_template": "Template",
@@ -83,10 +79,9 @@
"lang_updateTime": "Last update",
"lang_user": "User name",
"lang_userId": "User id",
- "lang_userList": "User List",
"lang_userListDescription": "Here you can promote \"super users\", which will have all permissions in the bwLehrpool-Suite. You can also ban users from accessing this server via the bwLehrpool-Suite.",
"lang_userListHeader": "Users known to this satellite",
"lang_usernameplaceholder": "SMTP Username",
"lang_version": "Version timestamp",
"lang_when": "When"
-}
+}
\ No newline at end of file
diff --git a/modules-available/dozmod/pages/actionlog.inc.php b/modules-available/dozmod/pages/actionlog.inc.php
index 6cbd2868..a014ddf7 100644
--- a/modules-available/dozmod/pages/actionlog.inc.php
+++ b/modules-available/dozmod/pages/actionlog.inc.php
@@ -8,6 +8,7 @@ class SubPage
public static function doPreprocess()
{
+ User::assertPermission("actionlog.view");
self::$action = Request::get('action', '', 'string');
if (self::$action !== '' && self::$action !== 'showtarget' && self::$action !== 'showuser') {
Util::traceError('Invalid action for actionlog: "' . self::$action . '"');
@@ -29,13 +30,9 @@ class SubPage
. " LEFT JOIN sat.lecture l ON (l.lectureid = targetid)"
. " ORDER BY al.dateline DESC LIMIT 500", array(), true, true);
} elseif (self::$action === 'showuser') {
- if (User::hasPermission("actionlog.showuser")) {
- self::listUser();
- }
+ self::listUser();
} else {
- if (User::hasPermission("actionlog.showtarget")) {
- self::listTarget();
- }
+ self::listTarget();
}
}
@@ -155,8 +152,6 @@ class SubPage
$data['showTarget'] = true;
}
- $data['allowedShowUser'] = User::hasPermission("actionlog.showuser");
- $data['allowedShowTarget'] = User::hasPermission("actionlog.showtarget");
Render::addTemplate('actionlog-log', $data);
}
diff --git a/modules-available/dozmod/pages/users.inc.php b/modules-available/dozmod/pages/users.inc.php
index 0791da2e..0c958feb 100644
--- a/modules-available/dozmod/pages/users.inc.php
+++ b/modules-available/dozmod/pages/users.inc.php
@@ -48,7 +48,10 @@ class SubPage
$row['lastlogin'] = date('d.m.Y', $row['lastlogin']);
$rows[] = $row;
}
- Render::addTemplate('userlist', array('users' => $rows));
+ Render::addTemplate('userlist', array(
+ 'users' => $rows,
+ 'nameTag' => User::hasPermission('actionlog.view') ? 'a' : 'span',
+ ));
}
private static function listOrganizations()
diff --git a/modules-available/dozmod/permissions/permissions.json b/modules-available/dozmod/permissions/permissions.json
index c46768d7..b9c82107 100644
--- a/modules-available/dozmod/permissions/permissions.json
+++ b/modules-available/dozmod/permissions/permissions.json
@@ -2,10 +2,7 @@
"expiredimages.delete": {
"location-aware": false
},
- "actionlog.showtarget": {
- "location-aware": false
- },
- "actionlog.showuser": {
+ "actionlog.view": {
"location-aware": false
},
"mailconfig.save": {
@@ -31,5 +28,8 @@
},
"users.setsu": {
"location-aware": false
+ },
+ "users.view": {
+ "location-aware": false
}
}
\ No newline at end of file
diff --git a/modules-available/dozmod/templates/actionlog-log.html b/modules-available/dozmod/templates/actionlog-log.html
index 8aa57207..7caa3d34 100644
--- a/modules-available/dozmod/templates/actionlog-log.html
+++ b/modules-available/dozmod/templates/actionlog-log.html
@@ -18,7 +18,9 @@
{{#showActor}}
|
{{#uuserid}}
- {{#allowedShowUser}}{{/allowedShowUser}} {{ulastname}}, {{ufirstname}}{{#allowedShowUser}}{{/allowedShowUser}}
+
+ {{ulastname}}, {{ufirstname}}
+
{{/uuserid}}
{{^uuserid}}
{{lang_system}}
@@ -28,7 +30,7 @@
{{#showTarget}}
|
{{#targeturl}}
- {{#allowedShowTarget}}{{/allowedShowTarget}}{{targetname}}{{#allowedShowTarget}}{{/allowedShowTarget}}
+ {{targetname}}
{{/targeturl}}
{{^targeturl}}
{{targetname}}
diff --git a/modules-available/dozmod/templates/userlist.html b/modules-available/dozmod/templates/userlist.html
index b8080b44..3b919099 100644
--- a/modules-available/dozmod/templates/userlist.html
+++ b/modules-available/dozmod/templates/userlist.html
@@ -22,7 +22,11 @@
|
{{#users}}
- | {{lastname}}, {{firstname}} |
+
+ <{{nameTag}} href="?do=dozmod§ion=actionlog&action=showuser&uuid={{userid}}">
+ {{lastname}}, {{firstname}}
+
+ |
{{orgname}} |
{{lastlogin}} |
{{email}} |
--
cgit v1.2.3-55-g7522