From 87e6bcd37681eb175ca4926774550e199bd487a0 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Mon, 12 Feb 2018 18:10:02 +0100 Subject: [exams] Simplify permissions, add some error messages --- modules-available/exams/page.inc.php | 297 ++++++++++++++++------------------- 1 file changed, 136 insertions(+), 161 deletions(-) (limited to 'modules-available/exams/page.inc.php') diff --git a/modules-available/exams/page.inc.php b/modules-available/exams/page.inc.php index b32f758c..51975052 100644 --- a/modules-available/exams/page.inc.php +++ b/modules-available/exams/page.inc.php @@ -10,9 +10,7 @@ class Page_Exams extends Page private $rangeMin; private $rangeMax; private $userEditLocations = []; - private $userDeleteLocations = []; - private $userAddLocations = []; - private $allowedLocations = []; + private $userViewLocations = []; /** if examid is set, also add a column 'selected' **/ @@ -43,29 +41,37 @@ class Page_Exams extends Page . "ORDER BY examid ASC"); while ($exam = $tmp->fetch(PDO::FETCH_ASSOC)) { - // check if allowed to edit this exam - if ($this->allowedToEdit($exam['examid'])) { - $exam['allowedEdit'] = True; + $view = $edit = false; + // User has permission for all locations + if (in_array(0, $this->userViewLocations)) { + $view = true; } - // check if allowed to delete this exam - if ($this->allowedToDelete($exam['examid'])) { - $exam['allowedDelete'] = True; + if (in_array(0, $this->userEditLocations)) { + $edit = true; } - - - $locationids = explode(',', $exam['locationids']); - // if global permission, add all exams to the list, no filter required - if ($locationids[0] == 0) { + if ($view && $edit) { $this->exams[] = $exam; + continue; + } + // Fine grained check by locations + if ($exam['locationids'] === null) { + $locationids = [0]; } else { - foreach($locationids as $locid) { - // only add the exam if permisson for atleast one of the exam locations - if (in_array($locid, $this->allowedLocations)) { - $this->exams[] = $exam; - break; - } - } + $locationids = explode(',', $exam['locationids']); + } + if (!$view && empty(array_intersect($locationids, $this->userViewLocations))) { + // Not a single location in common, skip + continue; + } + if (!$edit && $this->userCanEditLocation($locationids)) { + // Only allow edit if user can edit all the locations the exam is assigned to + $edit = true; + } + // Set disabled string + if (!$edit) { + $exam['edit']['disabled'] = 'disabled'; } + $this->exams[] = $exam; } } @@ -86,65 +92,34 @@ class Page_Exams extends Page } } - // Returns the list of locations of the exam - protected function getExamLocations($examid) { - $res = Database::simpleQuery("SELECT locationid FROM exams_x_location WHERE examid= :examid", array('examid' => $examid)); - return $res; - } - // Initialise the user-permission-based lists - protected function setUserLocations() { - + protected function setUserLocations() + { // all locations the user has permission to edit $this->userEditLocations = User::getAllowedLocations("exams.edit"); - // all locations the user has permission to delete - $this->userDeleteLocations = User::getAllowedLocations("exams.delete"); - // all locations the user has permission to add - $this->userAddLocations = User::getAllowedLocations("exams.add"); - // all locations the user has at least one of the 3 permissions - $this->allowedLocations = array_unique(array_merge($this->userAddLocations, $this->userEditLocations, $this->userDeleteLocations)); - } - - // returns true if user is allowed to delete the exam - protected function allowedToDelete($examid) { - - $res = $this->getExamLocations($examid); - $locations = []; - while ($locId = $res->fetch(PDO::FETCH_ASSOC)) { - $locations[] = $locId['locationid']; - } - - return empty(array_diff($locations, $this->userDeleteLocations)); - - } - - // returns true if user is allowed to add an exam - protected function allowedToAdd() { - return User::hasPermission("exams.add"); + $view = User::getAllowedLocations("exams.view"); + // all locations the user can view or edit + $this->userViewLocations = array_unique(array_merge($this->userEditLocations, $view)); } // returns true if user is allowed to edit the exam - protected function allowedToEdit($examid) { - - $res = $this->getExamLocations($examid); - $locations = []; + protected function userCanEditExam($examid = NULL) + { + if ($examid === null) + return User::hasPermission('exams.edit'); + // Check locations of existing exam + $res = Database::simpleQuery("SELECT locationid FROM exams_x_location WHERE examid= :examid", array('examid' => $examid)); while ($locId = $res->fetch(PDO::FETCH_ASSOC)) { - $locations[] = $locId['locationid']; + if (!in_array($locId['locationid'], $this->userEditLocations)) + return false; } - - return empty(array_diff($locations, $this->userEditLocations)); - + return true; } // checks if user is allowed to save an exam with all the locations // needs information if it's add (second para = true) or edit (second para = false) - protected function allowedToSave($locationids, $isAdd) { - - if ($isAdd) { - return empty(array_diff($locationids, $this->userAddLocations)); - } else { - return empty(array_diff($locationids, $this->userEditLocations)); - } + protected function userCanEditLocation($locationids) { + return empty(array_diff($locationids, $this->userEditLocations)); } protected function makeItemsForVis() @@ -225,7 +200,7 @@ class Page_Exams extends Page $out = []; foreach ($this->locations as $l) { - if (in_array($l["locationid"], $this->allowedLocations)) { + if (in_array($l["locationid"], $this->userViewLocations)) { $out[] = [ 'id' => $l['locationid'], 'content' => $l['locationpad'] . ' ' . $l['locationname'], @@ -315,6 +290,11 @@ class Page_Exams extends Page $locationids[] = 0; } + if (!$this->userCanEditLocation($locationids)) { + Message::addError('main.no-permission'); + Util::redirect('?do=exams'); + } + $examid = Request::post('examid', 0, 'int'); $starttime = strtotime(Request::post('starttime_date') . " " . Request::post('starttime_time')); $endtime = strtotime(Request::post('endtime_date') . " " . Request::post('endtime_time')); @@ -336,45 +316,41 @@ class Page_Exams extends Page if ($examid === 0) { // No examid given, is add - if ($this->allowedToSave($locationids, True)) { - $res = Database::exec("INSERT INTO exams(lectureid, starttime, endtime, autologin, description) VALUES(:lectureid, :starttime, :endtime, :autologin, :description);", - compact('lectureid', 'starttime', 'endtime', 'autologin', 'description')) !== false; + $res = Database::exec("INSERT INTO exams(lectureid, starttime, endtime, autologin, description) VALUES(:lectureid, :starttime, :endtime, :autologin, :description);", + compact('lectureid', 'starttime', 'endtime', 'autologin', 'description')) !== false; - $exam_id = Database::lastInsertId(); - foreach ($locationids as $lid) { - $res = $res && Database::exec("INSERT INTO exams_x_location(examid, locationid) VALUES(:exam_id, :lid)", compact('exam_id', 'lid')) !== false; - } - if ($res === false) { - Message::addError('exam-not-added'); - } else { - Message::addInfo('exam-added-success'); - } + $exam_id = Database::lastInsertId(); + foreach ($locationids as $lid) { + $res = $res && Database::exec("INSERT INTO exams_x_location(examid, locationid) VALUES(:exam_id, :lid)", compact('exam_id', 'lid')) !== false; + } + if ($res === false) { + Message::addError('exam-not-added'); + } else { + Message::addInfo('exam-added-success'); } Util::redirect('?do=exams'); } // Edit - if ($this->allowedToSave($locationids, False)) { - $this->currentExam = Database::queryFirst("SELECT * FROM exams WHERE examid = :examid", array('examid' => $examid)); - if ($this->currentExam === false) { - Message::addError('invalid-exam-id', $examid); - Util::redirect('?do=exams'); - } + $this->currentExam = Database::queryFirst("SELECT * FROM exams WHERE examid = :examid", array('examid' => $examid)); + if ($this->currentExam === false) { + Message::addError('invalid-exam-id', $examid); + Util::redirect('?do=exams'); + } - /* update fields */ - $res = Database::exec("UPDATE exams SET lectureid = :lectureid, starttime = :starttime, endtime = :endtime, autologin = :autologin, description = :description WHERE examid = :examid", - compact('lectureid', 'starttime', 'endtime', 'description', 'examid', 'autologin')) !== false; - /* drop all connections and reconnect to rooms */ - $res = $res && Database::exec("DELETE FROM exams_x_location WHERE examid = :examid", compact('examid')) !== false; - /* reconnect */ - foreach ($locationids as $lid) { - $res = $res && Database::exec("INSERT INTO exams_x_location(examid, locationid) VALUES(:examid, :lid)", compact('examid', 'lid')) !== false; - } - if ($res !== false) { - Message::addInfo("changes-successfully-saved"); - } else { - Message::addError("error-while-saving-changes"); - } + /* update fields */ + $res = Database::exec("UPDATE exams SET lectureid = :lectureid, starttime = :starttime, endtime = :endtime, autologin = :autologin, description = :description WHERE examid = :examid", + compact('lectureid', 'starttime', 'endtime', 'description', 'examid', 'autologin')) !== false; + /* drop all connections and reconnect to rooms */ + $res = $res && Database::exec("DELETE FROM exams_x_location WHERE examid = :examid", compact('examid')) !== false; + /* reconnect */ + foreach ($locationids as $lid) { + $res = $res && Database::exec("INSERT INTO exams_x_location(examid, locationid) VALUES(:examid, :lid)", compact('examid', 'lid')) !== false; + } + if ($res !== false) { + Message::addInfo("changes-successfully-saved"); + } else { + Message::addError("error-while-saving-changes"); } Util::redirect('?do=exams'); } @@ -408,28 +384,29 @@ class Page_Exams extends Page $this->setUserLocations(); if ($this->action === 'show') { + $this->readExams(); $this->readLocations(); $this->readLectures(); } elseif ($this->action === 'add') { - if($this->allowedToAdd()) { - $this->readLectures(); - } + User::assertPermission('exams.edit'); + $this->readLectures(); } elseif ($this->action === 'edit') { - if($this->allowedToEdit($examid)) { - $this->currentExam = Database::queryFirst("SELECT * FROM exams WHERE examid = :examid", array('examid' => $examid)); - if ($this->currentExam === false) { - Message::addError('invalid-exam-id', $examid); - Util::redirect('?do=exams'); - } - $this->readLocations($examid); - $this->readLectures(); - + if (!$this->userCanEditExam($examid)) { + Message::addError('main.no-permission'); + Util::redirect('?do=exams'); + } + $this->currentExam = Database::queryFirst("SELECT * FROM exams WHERE examid = :examid", array('examid' => $examid)); + if ($this->currentExam === false) { + Message::addError('invalid-exam-id', $examid); + Util::redirect('?do=exams'); } + $this->readLocations($examid); + $this->readLectures(); } elseif ($this->action === 'save') { @@ -441,7 +418,9 @@ class Page_Exams extends Page die('delete only works with a post request'); } - if ($this->allowedToDelete($examid)) { + if (!$this->userCanEditExam($examid)) { + Message::addError('main.no-permission'); + } else { $res1 = Database::exec("DELETE FROM exams WHERE examid = :examid;", compact('examid')); $res2 = Database::exec("DELETE FROM exams_x_location WHERE examid = :examid;", compact('examid')); if ($res1 === false || $res2 === false) { @@ -475,10 +454,9 @@ class Page_Exams extends Page // General title and description Render::addTemplate('page-main-heading'); // List of defined exam periods - Render::addTemplate('page-exams', [ - 'exams' => $this->makeExamsForTemplate(), - 'allowedToAdd' => $this->allowedToAdd() - ]); + $params = ['exams' => $this->makeExamsForTemplate()]; + Permission::addGlobalTags($params['perms'], NULL, ['exams.edit']); + Render::addTemplate('page-exams', $params); // List of upcoming lectures marked as exam $upcoming = $this->makeLectureExamList(); if (empty($upcoming)) { @@ -486,7 +464,7 @@ class Page_Exams extends Page } else { Render::addTemplate('page-upcoming-lectures', [ 'pending_lectures' => $upcoming, - 'allowedToAdd' => $this->allowedToAdd(), + 'allowedToEdit' => $this->userCanEditExam(), 'decollapse' => array_key_exists('class', end($upcoming)) ]); } @@ -504,62 +482,59 @@ class Page_Exams extends Page } elseif ($this->action === "add") { - if($this->allowedToAdd()) { - Render::setTitle(Dictionary::translate('title_add-exam')); - $data = []; - $baseLecture = Request::any('lectureid', false, 'string'); - $locations = null; - if ($baseLecture !== false) { - foreach ($this->lectures as &$lecture) { - if ($lecture['lectureid'] === $baseLecture) { - $data['exam'] = $this->makeEditFromArray($lecture); - $locations = explode(',', $lecture['lids']); - $lecture['selected'] = 'selected'; - break; - } + Render::setTitle(Dictionary::translate('title_add-exam')); + $data = []; + $baseLecture = Request::any('lectureid', false, 'string'); + $locations = null; + if ($baseLecture !== false) { + foreach ($this->lectures as &$lecture) { + if ($lecture['lectureid'] === $baseLecture) { + $data['exam'] = $this->makeEditFromArray($lecture); + $locations = explode(',', $lecture['lids']); + $lecture['selected'] = 'selected'; + break; } - unset($lecture); } + unset($lecture); + } - $this->readLocations($locations); - $data['lectures'] = $this->lectures; - $data['locations'] = $this->locations; + $this->readLocations($locations); + $data['lectures'] = $this->lectures; + $data['locations'] = $this->locations; - // if user has no permission to add for this location, disable the location in the select - foreach ($data['locations'] as &$loc) { - if (!in_array($loc["locationid"], $this->userAddLocations)) { - $loc["disabled"] = "disabled"; - } + // if user has no permission to add for this location, disable the location in the select + foreach ($data['locations'] as &$loc) { + if (!in_array($loc["locationid"], $this->userEditLocations)) { + $loc["disabled"] = "disabled"; } - - Render::addTemplate('page-add-edit-exam', $data); } + Render::addTemplate('page-add-edit-exam', $data); + } elseif ($this->action === 'edit') { - if ($this->allowedToEdit($examid)) { - Render::setTitle(Dictionary::translate('title_edit-exam')); - $exam = $this->makeEditFromArray($this->currentExam); - foreach ($this->lectures as &$lecture) { - if ($lecture['lectureid'] === $this->currentExam['lectureid']) { - $lecture['selected'] = 'selected'; - } + Render::setTitle(Dictionary::translate('title_edit-exam')); + $exam = $this->makeEditFromArray($this->currentExam); + foreach ($this->lectures as &$lecture) { + if ($lecture['lectureid'] === $this->currentExam['lectureid']) { + $lecture['selected'] = 'selected'; } + } - $data = []; - $data['exam'] = $exam; - $data['locations'] = $this->locations; - $data['lectures'] = $this->lectures; + $data = []; + $data['exam'] = $exam; + $data['locations'] = $this->locations; + $data['lectures'] = $this->lectures; - // if user has no permission to edit for this location, disable the location in the select - foreach ($data['locations'] as &$loc) { - if (!in_array($loc["locationid"], $this->userEditLocations)) { - $loc["disabled"] = "disabled"; - } + // if user has no permission to edit for this location, disable the location in the select + foreach ($data['locations'] as &$loc) { + if (!in_array($loc["locationid"], $this->userEditLocations)) { + $loc["disabled"] = "disabled"; } - - Render::addTemplate('page-add-edit-exam', $data); } + + Render::addTemplate('page-add-edit-exam', $data); + } } -- cgit v1.2.3-55-g7522 From 24815e16087b4b1b64e9f380d45d411af32daf42 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Mon, 9 Apr 2018 16:56:04 +0200 Subject: Permissions: Consistency: Make all pages require at least one permission to be accessible Closes #3340 --- modules-available/backup/page.inc.php | 1 + modules-available/exams/page.inc.php | 9 +-------- modules-available/locations/page.inc.php | 19 +++++++++++++++---- modules-available/news/page.inc.php | 10 ++-------- modules-available/news/permissions/permissions.json | 3 +++ modules-available/rebootcontrol/page.inc.php | 9 ++++++--- modules-available/serversetup-bwlp/page.inc.php | 6 ++++++ .../serversetup-bwlp/permissions/permissions.json | 3 +++ modules-available/statistics_reporting/page.inc.php | 1 + modules-available/sysconfig/page.inc.php | 2 +- modules-available/syslog/page.inc.php | 1 + modules-available/systemstatus/page.inc.php | 1 + modules-available/webinterface/page.inc.php | 4 ++++ .../webinterface/permissions/permissions.json | 3 +++ 14 files changed, 48 insertions(+), 24 deletions(-) (limited to 'modules-available/exams/page.inc.php') diff --git a/modules-available/backup/page.inc.php b/modules-available/backup/page.inc.php index 14522734..985f39ee 100644 --- a/modules-available/backup/page.inc.php +++ b/modules-available/backup/page.inc.php @@ -23,6 +23,7 @@ class Page_Backup extends Page User::assertPermission("restore"); $this->restore(); } + User::assertPermission('*'); } protected function doRender() diff --git a/modules-available/exams/page.inc.php b/modules-available/exams/page.inc.php index 51975052..15640a73 100644 --- a/modules-available/exams/page.inc.php +++ b/modules-available/exams/page.inc.php @@ -441,16 +441,9 @@ class Page_Exams extends Page protected function doRender() { - if (Request::isPost()) { - $examid = Request::post('examid', 0, 'int'); - } else if (Request::isGet()) { - $examid = Request::get('examid', 0, 'int'); - } else { - die('Neither Post nor Get Request send.'); - } - if ($this->action === "show") { + User::assertPermission('exams.view'); // General title and description Render::addTemplate('page-main-heading'); // List of defined exam periods diff --git a/modules-available/locations/page.inc.php b/modules-available/locations/page.inc.php index 80a8076b..4d5c6628 100644 --- a/modules-available/locations/page.inc.php +++ b/modules-available/locations/page.inc.php @@ -24,6 +24,9 @@ class Page_Locations extends Page } elseif ($this->action === 'updatesubnets') { $this->updateSubnets(); } + if (Request::isPost()) { + Util::redirect('?do=locations'); + } } private function updateSubnets() @@ -306,10 +309,16 @@ class Page_Locations extends Page protected function doRender() { - $getAction = Request::get('action'); - if (empty($getAction)) { - // Until we have a main landing page? - Util::redirect('?do=Locations&action=showlocations'); + $getAction = Request::get('action', false, 'string'); + if ($getAction === false) { + if (User::hasPermission('location.view')) { + Util::redirect('?do=locations&action=showlocations'); + } elseif (User::hasPermission('subnets.edit')) { + Util::redirect('?do=locations&action=showsubnets'); + } else { + // Trigger permission denied by asserting non-existent permission + User::assertPermission('location.view'); + } } if ($getAction === 'showsubnets') { User::assertPermission('subnets.edit', NULL, '?do=locations'); @@ -324,6 +333,8 @@ class Page_Locations extends Page Render::addTemplate('subnets', array('list' => $rows)); } elseif ($getAction === 'showlocations') { $this->showLocationList(); + } else { + Util::redirect('?do=locations'); } } diff --git a/modules-available/news/page.inc.php b/modules-available/news/page.inc.php index e7b70c0f..1e2e3eef 100644 --- a/modules-available/news/page.inc.php +++ b/modules-available/news/page.inc.php @@ -46,14 +46,8 @@ class Page_News extends Page // check which action we need to do $action = Request::any('action', 'show'); - if ($action === 'clear') { - // clear news input fields - // TODO: is this the right way? - $this->newsId = false; - $this->newsTitle = false; - $this->newsContent = false; - $this->newsDate = false; - } elseif ($action === 'show') { + if ($action === 'show') { + User::assertPermission('access-page'); /* load latest things */ $this->loadLatest('help'); $this->loadLatest('news'); diff --git a/modules-available/news/permissions/permissions.json b/modules-available/news/permissions/permissions.json index 0d9435d7..953599df 100644 --- a/modules-available/news/permissions/permissions.json +++ b/modules-available/news/permissions/permissions.json @@ -1,4 +1,7 @@ { + "access-page": { + "location-aware": false + }, "help.delete": { "location-aware": false }, diff --git a/modules-available/rebootcontrol/page.inc.php b/modules-available/rebootcontrol/page.inc.php index abbdb2c3..041ae74f 100644 --- a/modules-available/rebootcontrol/page.inc.php +++ b/modules-available/rebootcontrol/page.inc.php @@ -79,11 +79,14 @@ class Page_RebootControl extends Page //location you want to see, default are "not assigned" clients $requestedLocation = Request::get('location', false, 'int'); $allowedLocs = User::getAllowedLocations("action.*"); + if (empty($allowedLocs)) { + User::assertPermission('action.*'); + } if ($requestedLocation === false) { if (in_array(0, $allowedLocs)) { $requestedLocation = 0; - } elseif (!empty($allowedLocs)) { + } else { $requestedLocation = reset($allowedLocs); } } @@ -105,8 +108,8 @@ class Page_RebootControl extends Page Render::addTemplate('header', $data); // only fill table if user has at least one permission for the location - if ($requestedLocation === false) { - Message::addError('main.no-permission'); + if (!in_array($requestedLocation, $allowedLocs)) { + Message::addError('locations.no-permission-location', $requestedLocation); } else { $data['data'] = RebootQueries::getMachineTable($requestedLocation); Render::addTemplate('_page', $data); diff --git a/modules-available/serversetup-bwlp/page.inc.php b/modules-available/serversetup-bwlp/page.inc.php index ae709da7..78096d7b 100644 --- a/modules-available/serversetup-bwlp/page.inc.php +++ b/modules-available/serversetup-bwlp/page.inc.php @@ -43,6 +43,12 @@ class Page_ServerSetup extends Page // iPXE stuff changes $this->updatePxeMenu(); } + + if (Request::isPost()) { + Util::redirect('?do=serversetup'); + } + + User::assertPermission('access-page'); } protected function doRender() diff --git a/modules-available/serversetup-bwlp/permissions/permissions.json b/modules-available/serversetup-bwlp/permissions/permissions.json index 6bae5422..44927506 100644 --- a/modules-available/serversetup-bwlp/permissions/permissions.json +++ b/modules-available/serversetup-bwlp/permissions/permissions.json @@ -1,4 +1,7 @@ { + "access-page": { + "location-aware": false + }, "download": { "location-aware": false }, diff --git a/modules-available/statistics_reporting/page.inc.php b/modules-available/statistics_reporting/page.inc.php index af4b2b12..cc03e4d8 100644 --- a/modules-available/statistics_reporting/page.inc.php +++ b/modules-available/statistics_reporting/page.inc.php @@ -84,6 +84,7 @@ class Page_Statistics_Reporting extends Page die(json_encode($report)); } } + User::assertPermission('*'); } /** diff --git a/modules-available/sysconfig/page.inc.php b/modules-available/sysconfig/page.inc.php index 7bb3e599..8d1799af 100644 --- a/modules-available/sysconfig/page.inc.php +++ b/modules-available/sysconfig/page.inc.php @@ -160,7 +160,7 @@ class Page_SysConfig extends Page $pMods = User::hasPermission('module.view-list'); $pConfs = User::hasPermission('config.view-list'); if (!($pMods || $pConfs)) { - Message::addError('main.no-permission'); + User::assertPermission('config.view-list'); } Render::openTag('div', array('class' => 'row')); if ($pConfs) { diff --git a/modules-available/syslog/page.inc.php b/modules-available/syslog/page.inc.php index 3a7513b5..00c55a3f 100644 --- a/modules-available/syslog/page.inc.php +++ b/modules-available/syslog/page.inc.php @@ -25,6 +25,7 @@ class Page_SysLog extends Page } Util::redirect('?do=syslog'); } + User::assertPermission('*'); } protected function doRender() diff --git a/modules-available/systemstatus/page.inc.php b/modules-available/systemstatus/page.inc.php index 816caa05..66b30bcf 100644 --- a/modules-available/systemstatus/page.inc.php +++ b/modules-available/systemstatus/page.inc.php @@ -18,6 +18,7 @@ class Page_SystemStatus extends Page User::assertPermission("serverreboot"); $this->rebootTask = Taskmanager::submit('Reboot'); } + User::assertPermission('*'); } protected function doRender() diff --git a/modules-available/webinterface/page.inc.php b/modules-available/webinterface/page.inc.php index 806ffd59..ca52c2ab 100644 --- a/modules-available/webinterface/page.inc.php +++ b/modules-available/webinterface/page.inc.php @@ -28,6 +28,10 @@ class Page_WebInterface extends Page $this->actionCustomization(); break; } + if (Request::isPost()) { + Util::redirect('?do=webinterface'); + } + User::assertPermission('access-page'); } private function actionConfigureHttps() diff --git a/modules-available/webinterface/permissions/permissions.json b/modules-available/webinterface/permissions/permissions.json index fa6f493f..ed81602a 100644 --- a/modules-available/webinterface/permissions/permissions.json +++ b/modules-available/webinterface/permissions/permissions.json @@ -1,4 +1,7 @@ { + "access-page": { + "location-aware": false + }, "edit.design": { "location-aware": false }, -- cgit v1.2.3-55-g7522 From 956eaf10e0d6ac36ac7a25340834346955b1122b Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Tue, 10 Apr 2018 15:40:15 +0200 Subject: [exams] Fix always-disabled "add" button for existing lectures --- modules-available/exams/page.inc.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules-available/exams/page.inc.php') diff --git a/modules-available/exams/page.inc.php b/modules-available/exams/page.inc.php index 15640a73..600089fc 100644 --- a/modules-available/exams/page.inc.php +++ b/modules-available/exams/page.inc.php @@ -457,7 +457,7 @@ class Page_Exams extends Page } else { Render::addTemplate('page-upcoming-lectures', [ 'pending_lectures' => $upcoming, - 'allowedToEdit' => $this->userCanEditExam(), + 'allowedToAdd' => $this->userCanEditExam(), 'decollapse' => array_key_exists('class', end($upcoming)) ]); } -- cgit v1.2.3-55-g7522