From 44742851b22f225294a693f54161ad8e43a7dfda Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Mon, 28 Jun 2021 15:04:35 +0200
Subject: [eventlog] Check permissions; add synamic suggestions for keys

---
 modules-available/eventlog/page.inc.php            |  17 ++++
 .../eventlog/pages/mailconfigs.inc.php             |   3 +
 modules-available/eventlog/pages/rules.inc.php     |   3 +
 .../eventlog/pages/transports.inc.php              |   3 +
 .../eventlog/templates/page-filters-edit-rule.html | 113 +++++++++++++++++----
 5 files changed, 120 insertions(+), 19 deletions(-)

(limited to 'modules-available/eventlog')

diff --git a/modules-available/eventlog/page.inc.php b/modules-available/eventlog/page.inc.php
index 9006c3c5..b24b9447 100644
--- a/modules-available/eventlog/page.inc.php
+++ b/modules-available/eventlog/page.inc.php
@@ -43,4 +43,21 @@ class Page_EventLog extends Page
 		}
 	}
 
+	protected function doAjax()
+	{
+		// XXX Should go into rules.inc.php
+		User::assertPermission('filter.rules.edit');
+		if (Request::any('show') === 'rules') {
+			$type = Request::any('type', Request::REQUIRED, 'string');
+			$res = Database::queryFirst('SELECT data FROM notification_sample WHERE type = :type LIMIT 1',
+				['type' => $type]);
+			Header('Content-Type: application/json');
+			if ($res === false) {
+				echo '{}';
+			} else {
+				echo $res['data'];
+			}
+		}
+	}
+
 }
diff --git a/modules-available/eventlog/pages/mailconfigs.inc.php b/modules-available/eventlog/pages/mailconfigs.inc.php
index 6d5d20b6..141bf6e2 100644
--- a/modules-available/eventlog/pages/mailconfigs.inc.php
+++ b/modules-available/eventlog/pages/mailconfigs.inc.php
@@ -8,6 +8,7 @@ class SubPage
 	public static function doPreprocess()
 	{
 		if (Request::isPost()) {
+			User::assertPermission('filter.mailconfigs.edit');
 			$action = Request::post('action');
 			if ($action === 'save-mailconfig') {
 				self::saveMailconfig();
@@ -61,6 +62,7 @@ class SubPage
 
 	public static function doRender()
 	{
+		User::assertPermission('filter.mailconfigs.view');
 		$id = Request::get('id', null, 'int');
 		if ($id !== null) {
 			self::showMailconfigEditor($id);
@@ -79,6 +81,7 @@ class SubPage
 	 */
 	private static function showMailconfigEditor(int $id)
 	{
+		User::assertPermission('filter.mailconfigs.edit');
 		if ($id !== 0) {
 			// EDIT
 			$data = Database::queryFirst('SELECT configid, host, port, `ssl`, senderaddress, replyto,
diff --git a/modules-available/eventlog/pages/rules.inc.php b/modules-available/eventlog/pages/rules.inc.php
index 131c4eb6..b00dcf08 100644
--- a/modules-available/eventlog/pages/rules.inc.php
+++ b/modules-available/eventlog/pages/rules.inc.php
@@ -8,6 +8,7 @@ class SubPage
 	public static function doPreprocess()
 	{
 		if (Request::isPost()) {
+			User::assertPermission('filter.rule.edit');
 			$action = Request::post('action');
 			if ($action === 'save-filter') {
 				self::saveRule();
@@ -87,6 +88,7 @@ class SubPage
 
 	public static function doRender()
 	{
+		User::assertPermission('filter.rule.view');
 		$id = Request::get('id', null, 'int');
 		if ($id !== null) {
 			self::showRuleEditor($id);
@@ -109,6 +111,7 @@ class SubPage
 	private static function showRuleEditor(int $id)
 	{
 		// EDIT
+		User::assertPermission('filter.rule.edit');
 		$index = 0;
 		$existing = [];
 		if ($id !== 0) {
diff --git a/modules-available/eventlog/pages/transports.inc.php b/modules-available/eventlog/pages/transports.inc.php
index b72f36f9..c5d3713c 100644
--- a/modules-available/eventlog/pages/transports.inc.php
+++ b/modules-available/eventlog/pages/transports.inc.php
@@ -6,6 +6,7 @@ class SubPage
 	public static function doPreprocess()
 	{
 		if (Request::isPost()) {
+			User::assertPermission('filter.transport.edit');
 			$action = Request::post('action');
 			if ($action === 'save-transport') {
 				self::saveTransport();
@@ -107,6 +108,7 @@ class SubPage
 
 	public static function doRender()
 	{
+		User::assertPermission('filter.transport.view');
 		$id = Request::get('id', null, 'int');
 		if ($id !== null) {
 			self::showTransportEditor($id);
@@ -134,6 +136,7 @@ class SubPage
 	 */
 	private static function showTransportEditor(int $id)
 	{
+		User::assertPermission('filter.transport.edit');
 		if ($id !== 0) {
 			$entry = Database::queryFirst('SELECT transportid, title, description, data
 				FROM notification_backend
diff --git a/modules-available/eventlog/templates/page-filters-edit-rule.html b/modules-available/eventlog/templates/page-filters-edit-rule.html
index 72a53e9a..2019406a 100644
--- a/modules-available/eventlog/templates/page-filters-edit-rule.html
+++ b/modules-available/eventlog/templates/page-filters-edit-rule.html
@@ -7,7 +7,8 @@
 	<div class="form-group row">
 		<div class="col-md-4">
 			<label for="i-type">{{lang_type}}</label>
-			<input autocomplete="off" id="i-type" list="i-types" class="form-control" name="type" value="{{type}}" required>
+			<input autocomplete="off" id="i-type" list="i-types" class="form-control" name="type" value="{{type}}"
+					 required>
 			<datalist id="i-types">
 				{{#types}}
 				<option value="{{.}}">{{lang_typeExample}}: {{.}}</option>
@@ -30,38 +31,52 @@
 		</div>
 	</div>
 	{{#filter}}
-	<div class="form-group">
-		<label>
+	<div class="form-group row">
+		<div class="col-md-1 col-sm-3">
+			<label>{{lang_index}}</label>
 			<span class="form-control">{{index}}</span>
-		</label>
-		<label>
-			{{lang_filterPath}}
-			<input class="form-control" name="filter[{{index}}][path]" value="{{path}}">
-		</label>
-		<label>
-			{{lang_filterOp}}
-			<select class="form-control op-select" name="filter[{{index}}][op]" data-index="{{index}}">
+		</div>
+		<div class="col-md-2 col-sm-9">
+			<label for="key-{{index}}">
+				{{lang_filterPath}}
+			</label>
+			<input id="key-{{index}}" class="form-control filter-key" name="filter[{{index}}][path]" value="{{path}}"
+					 list="filter-keys"
+					 autocomplete="off" data-index="{{index}}">
+		</div>
+		<div class="col-md-1 col-sm-6">
+			<label for="op-{{index}}">
+				{{lang_filterOp}}
+			</label>
+			<select id="op-{{index}}" class="form-control op-select" name="filter[{{index}}][op]" data-index="{{index}}">
 				{{#operators}}
 				<option {{selected}}>{{name}}</option>
 				{{/operators}}
 			</select>
-		</label>
-		<label>
-			{{lang_filterArg}}
-			<input class="form-control op-arg" name="filter[{{index}}][arg]" value="{{arg}}" data-index="{{index}}">
-		</label>
+		</div>
+		<div class="col-md-3 col-sm-6">
+			<label for="arg-{{index}}">
+				{{lang_filterArg}}
+			</label>
+			<input id="arg-{{index}}" class="form-control op-arg" name="filter[{{index}}][arg]" value="{{arg}}"
+					 data-index="{{index}}">
+		</div>
+		<div class="col-md-5 col-sm-12 small" id="sample-{{index}}" style="word-break:break-all">
+		</div>
 		<!--label>
 			{{lang_filterResult}}
 			<input class="form-control" name="filter[{{index}}][result]" value="{{result}}">
 		</label-->
 	</div>
 	{{/filter}}
+	<datalist id="filter-keys">
+	</datalist>
 	<div>
 		<p>{{lang_hintRegex}}</p>
 	</div>
 	<div class="form-group">
-			<label for="i-subject">{{lang_subject}}</label>
-			<input id="i-subject" class="form-control" name="subject" value="{{subject}}">
+		<label for="i-subject">{{lang_subject}}</label>
+		<input id="i-subject" class="form-control" name="subject" value="{{subject}}">
 	</div>
 	<div class="form-group">
 		<label for="msg-txt">
@@ -93,10 +108,70 @@
 				buttonClass: 'form-control'
 			});
 		}
-		$('.op-select').change(function() {
+		$('.op-select').change(function () {
 			var $t = $(this);
 			var disabled = $t.val() === '*';
 			$('.op-arg[data-index=' + $t.data('index') + ']').prop('disabled', disabled);
 		}).change();
+		var currentType = {};
+		var typeSamples = {};
+		var typeChanged = true;
+		var $type = $('#i-type');
+		var $list = $('#filter-keys');
+		var $fkInputs = $('.filter-key');
+		// Flag if type changed
+		$type.change(function () {
+			typeChanged = true;
+		});
+		// If type changed, fetch sample data, or use cached, and populate autocomplete
+		$fkInputs.focus(function () {
+			if (!typeChanged)
+				return;
+			typeChanged = false;
+			var typeVal = $type.val();
+			if (typeSamples[typeVal]) {
+				setAutocomplete(typeVal);
+				return;
+			}
+			$.ajax('?do=eventlog&show=rules', {
+				data: {type: typeVal, token: TOKEN},
+				method: 'POST',
+				dataType: 'json'
+			}).done(function (data) {
+				typeSamples[typeVal] = data;
+				setAutocomplete(typeVal);
+			});
+		});
+
+		// Population function
+		function setAutocomplete(type) {
+			var t = typeSamples[type];
+			$list.empty();
+			if (!t)
+				return;
+			currentType = t;
+			for (var k in t) {
+				if (!t.hasOwnProperty(k))
+					continue;
+				$list.append($('<option>').text(k));
+			}
+		}
+
+		// Display sample data
+		var chFn = function () {
+			var $this = $(this);
+			var wat = currentType[$this.val()];
+			if (wat) {
+				wat = wat.replace("\r", "\\r").replace("\n", "\\n");
+				if (wat.length > 180) {
+					wat = wat.substr(0, 180) + '...';
+				}
+			} else {
+				wat = '';
+			}
+			var index = $this.data('index');
+			$('#sample-' + index).text(wat);
+		};
+		$fkInputs.on('input', chFn).change(chFn).change();
 	});
 </script>
\ No newline at end of file
-- 
cgit v1.2.3-55-g7522