From f8778f213cb9f916fa56279c9e1cf6deb067b35c Mon Sep 17 00:00:00 2001
From: Christian Hofmaier
Date: Fri, 27 Oct 2017 16:49:13 +0200
Subject: [dozmod] implemented new permission system to module for: deleting
 expired vm versions, sending testmails and saving mailconfig, resetting
 templates or saving them, saving runtimeconfig, giving users rights (when no
 permission, it will show another animation). Also fixed a design issue
 (dialog instead of modal).

---
 .../dozmod/inc/pagedozmodusers.inc.php             | 15 +++++++-
 .../dozmod/inc/pagemailtemplates.inc.php           | 16 +++++++-
 modules-available/dozmod/page.inc.php              | 44 ++++++++++++++++------
 .../dozmod/permissions/permissions.json            | 12 ++++++
 modules-available/dozmod/templates/templates.html  | 25 +++++++++++-
 modules-available/dozmod/templates/userlist.html   | 14 ++++++-
 6 files changed, 108 insertions(+), 18 deletions(-)
 create mode 100644 modules-available/dozmod/permissions/permissions.json

(limited to 'modules-available/dozmod')

diff --git a/modules-available/dozmod/inc/pagedozmodusers.inc.php b/modules-available/dozmod/inc/pagedozmodusers.inc.php
index 8da07923..621f7d34 100644
--- a/modules-available/dozmod/inc/pagedozmodusers.inc.php
+++ b/modules-available/dozmod/inc/pagedozmodusers.inc.php
@@ -16,11 +16,22 @@ class Page_dozmod_users extends Page
 
 	protected function doAjax()
 	{
+		User::load();
+
 		$action = Request::post('action', '', 'string');
 		if ($action === 'setmail' || $action === 'setsu' || $action == 'setlogin') {
-			$this->setUserOption($action);
+			if (User::hasPermission("users.".$action)) {
+				$this->setUserOption($action);
+			} else {
+				die("No permission.");
+			}
+
 		} elseif ($action === 'setorglogin') {
-			$this->setOrgOption($action);
+			if (User::hasPermission("users.orglogin")) {
+				$this->setOrgOption($action);
+			} else {
+				die("No permission.");
+			}
 		} else {
 			die('No such action');
 		}
diff --git a/modules-available/dozmod/inc/pagemailtemplates.inc.php b/modules-available/dozmod/inc/pagemailtemplates.inc.php
index dc41d8c6..90734a50 100644
--- a/modules-available/dozmod/inc/pagemailtemplates.inc.php
+++ b/modules-available/dozmod/inc/pagemailtemplates.inc.php
@@ -7,13 +7,25 @@ class Page_mail_templates extends Page
 
 	protected function doPreprocess()
 	{
+		User::load();
+
 		$action = Request::post('action', 'show', 'string');
 		if ($action === 'show') {
 			$this->fetchTemplates();
 		} elseif ($action === 'save') {
-			$this->handleSave();
+			if (User::hasPermission("templates.save")) {
+				$this->handleSave();
+			} else {
+				Message::addError('main.no-permission');
+				Util::redirect('?do=dozmod&section=templates');
+			}
 		} elseif ($action === 'reset') {
-			$this->handleReset();
+			if(User::hasPermission("templates.reset")) {
+				$this->handleReset();
+			} else {
+				Message::addError('main.no-permission');
+				Util::redirect('?do=dozmod&section=templates');
+			}
 		} else {
 			Message::addError('main.invalid-action', $action);
 			Util::redirect('?do=dozmod&section=templates');
diff --git a/modules-available/dozmod/page.inc.php b/modules-available/dozmod/page.inc.php
index 24ad00d8..19c05555 100644
--- a/modules-available/dozmod/page.inc.php
+++ b/modules-available/dozmod/page.inc.php
@@ -27,7 +27,7 @@ class Page_DozMod extends Page
 	{
 		User::load();
 
-		if (!User::hasPermission('superadmin')) {
+		if (!User::isLoggedIn()) {
 			Message::addError('main.no-permission');
 			Util::redirect('?do=Main');
 		}
@@ -50,15 +50,30 @@ class Page_DozMod extends Page
 		$action = Request::post('action', false, 'string');
 
 		if ($action === 'mail') {
-			$this->mailHandler();
+			if (User::hasPermission("mail.save")) {
+				$this->mailHandler();
+			} else {
+				Message::addError('main.no-permission');
+				Util::redirect('?do=dozmod&section=mailconfig');
+			}
 		} elseif ($action === 'runtime') {
-			$this->runtimeHandler();
+			if (User::hasPermission("runtimeconfig.save")) {
+				$this->runtimeHandler();
+			} else {
+				Message::addError('main.no-permission');
+				Util::redirect('?do=dozmod&section=runtimeconfig');
+			}
 		} elseif ($action === 'delimages') {
-			$result = $this->handleDeleteImages();
-			if (!empty($result)) {
-				Message::addInfo('delete-images', $result);
+			if (User::hasPermission("images.delete")) {
+				$result = $this->handleDeleteImages();
+				if (!empty($result)) {
+					Message::addInfo('delete-images', $result);
+				}
+				Util::redirect('?do=DozMod');
+			} else {
+				Message::addError('main.no-permission');
+				Util::redirect('?do=dozmod');
 			}
-			Util::redirect('?do=DozMod');
 		} elseif ($action !== false) {
 			Util::traceError('Invalid action: ' . $action);
 		}
@@ -204,8 +219,6 @@ class Page_DozMod extends Page
 	protected function doAjax()
 	{
 		User::load();
-		if (!User::hasPermission('superadmin'))
-			return;
 
 		$this->setupSubPage();
 		if ($this->subPage !== false) {
@@ -214,10 +227,19 @@ class Page_DozMod extends Page
 		}
 
 		$action = Request::post('action');
+
 		if ($action === 'mail') {
-			$this->handleTestMail();
+			if (User::hasPermission("mail.testmail")) {
+				$this->handleTestMail();
+			} else {
+				die('No permission');
+			}
 		} elseif ($action === 'delimages') {
-			die($this->handleDeleteImages());
+			if (User::hasPermission("images.delete")) {
+				die($this->handleDeleteImages());
+			} else {
+				die('No permission');
+			}
 		} elseif ($action === 'getblockinfo') {
 			$this->ajaxGetBlockInfo();
 		}
diff --git a/modules-available/dozmod/permissions/permissions.json b/modules-available/dozmod/permissions/permissions.json
new file mode 100644
index 00000000..8295d0f0
--- /dev/null
+++ b/modules-available/dozmod/permissions/permissions.json
@@ -0,0 +1,12 @@
+{
+	"images.delete": "Delete images marked for deletion.",
+	"mail.save": "Save SMTP configuration for sending mails.",
+	"mail.testmail": "Send a testmail.",
+	"runtimeconfig.save": "Save limits and defaults of a runtime configuration.",
+	"templates.save": "Save email templates",
+	"templates.reset": "Reset email templates",
+	"users.setmail": "Enable/Disable Email Notification",
+	"users.setlogin": "Enable/Disable Login",
+	"users.setsu": "Set User to superuser",
+	"users.orglogin": "Enalbe/Disable Login for Users from certain organisations."
+}
\ No newline at end of file
diff --git a/modules-available/dozmod/templates/templates.html b/modules-available/dozmod/templates/templates.html
index 62b250a9..4764c0e9 100644
--- a/modules-available/dozmod/templates/templates.html
+++ b/modules-available/dozmod/templates/templates.html
@@ -84,15 +84,36 @@
 		</form>
 		<form method="POST" action="?do=dozmod&amp;section=templates">
 			<input type="hidden" name="token" value="{{token}}">
-			<input type="hidden" name="action" value="reset">
 			<div>
-				<button type="submit" onclick="return confirm('{{lang_reallyResetTemplates}}')" class="btn btn-danger">{{lang_loadDefaults}}</button>
+				<button type="button" data-toggle="modal" data-target="#resetTemplatesModal" class="btn btn-danger">{{lang_loadDefaults}}</button>
 			</div>
+
+			<div id="resetTemplatesModal" class="modal fade" role="dialog">
+				<div class="modal-dialog">
+					<div class="modal-content">
+						<div class="modal-header">
+							<button type="button" class="close" data-dismiss="modal">&times;</button>
+							<h4 class="modal-title"></h4>
+						</div>
+						<div class="modal-body">
+							<p>{{lang_reallyResetTemplates}}</p>
+						</div>
+						<div class="modal-footer">
+							<button type="button" class="btn btn-default" data-dismiss="modal">{{lang_cancel}}</button>
+							<button type="submit" name="action" value ="reset" class="btn btn-primary">{{lang_reset}}</button>
+						</div>
+					</div>
+
+				</div>
+			</div>
+
 		</form>
 		<div class="clearfix"></div>
 	</div>
 </div>
 
+
+
 <script type="application/javascript"><!--
 
 
diff --git a/modules-available/dozmod/templates/userlist.html b/modules-available/dozmod/templates/userlist.html
index 8bba4ef8..378a2be1 100644
--- a/modules-available/dozmod/templates/userlist.html
+++ b/modules-available/dozmod/templates/userlist.html
@@ -64,7 +64,19 @@ function setu(action, el, uid) {
 
 		if (data !== '1' && data !== '0') {
 			el.checked = !old;
-			box.parent().css('background-color', 'red !important');
+			box.parent().css('background-color', '');
+			/* show success notification */
+			$notification = $('<span></span>')
+				.addClass('glyphicon glyphicon-remove')
+				.css('color', 'red')
+				.css('width', '0px')
+				.css('position', 'relative')
+				.css('right', '20px')
+				.hide();
+			box.before($notification);
+			$notification.fadeIn('fast', function () {
+				$notification.fadeOut('slow', function () { $notification.remove() });
+			});
 		} else {
 			el.checked = (data == 1);
 			box.parent().css('background-color', '');
-- 
cgit v1.2.3-55-g7522