From 3ddf56c399746efe3c56194b7be522a92caefb59 Mon Sep 17 00:00:00 2001 From: Christian Hofmaier Date: Tue, 16 Jan 2018 17:50:22 +0100 Subject: [minilinux] implemented permission-system. you can't see the side without any permission. there are only 2 permissions: show the side and update content (which includes the show permission). --- modules-available/minilinux/page.inc.php | 80 ++++++++++++++++++-------------- 1 file changed, 44 insertions(+), 36 deletions(-) (limited to 'modules-available/minilinux/page.inc.php') diff --git a/modules-available/minilinux/page.inc.php b/modules-available/minilinux/page.inc.php index 2623500b..df4f14a3 100644 --- a/modules-available/minilinux/page.inc.php +++ b/modules-available/minilinux/page.inc.php @@ -7,7 +7,12 @@ class Page_MiniLinux extends Page { User::load(); - if (!User::hasPermission('superadmin')) { + if (!User::isLoggedIn()) { + Message::addError('main.no-permission'); + Util::redirect('?do=Main'); + } + + if (!(User::hasPermission("show") || User::hasPermission("update"))) { Message::addError('main.no-permission'); Util::redirect('?do=Main'); } @@ -81,48 +86,51 @@ class Page_MiniLinux extends Page $system['version'] = $selected['version']; } $data['versions'] = array_values($versionNumbers); + $data['allowedToUpdate'] = User::hasPermission("update"); echo Render::parse('filelist', $data); return; case 'download': - $id = Request::post('id'); - $name = Request::post('name'); - if (!$id || !$name || strpos("$id$name", '/') !== false) { - echo "Invalid download request"; - return; - } - $file = false; - $gpg = 'missing'; - foreach ($data['systems'] as &$system) { - if ($system['id'] !== $id) continue; - foreach ($system['versions'] as &$version) { - if ($version['version'] != $selectedVersion) continue; - foreach ($version['files'] as &$f) { - if ($f['name'] !== $name) continue; - $file = $f; - if (!empty($f['gpg'])) $gpg = $f['gpg']; - break; + if (User::hasPermission("update")) { + $id = Request::post('id'); + $name = Request::post('name'); + if (!$id || !$name || strpos("$id$name", '/') !== false) { + echo "Invalid download request"; + return; + } + $file = false; + $gpg = 'missing'; + foreach ($data['systems'] as &$system) { + if ($system['id'] !== $id) continue; + foreach ($system['versions'] as &$version) { + if ($version['version'] != $selectedVersion) continue; + foreach ($version['files'] as &$f) { + if ($f['name'] !== $name) continue; + $file = $f; + if (!empty($f['gpg'])) $gpg = $f['gpg']; + break; + } } } - } - if ($file === false) { - echo "Nonexistent system/file: $id / $name"; - return; - } - $task = Taskmanager::submit('DownloadFile', array( - 'url' => CONFIG_REMOTE_ML . '/' . $id . '/' . $selectedVersion . '/' . $name, - 'destination' => CONFIG_HTTP_DIR . '/' . $id . '/' . $name, - 'gpg' => $gpg - )); - if (!isset($task['id'])) { - echo 'Error launching download task: ' . $task['statusCode']; + if ($file === false) { + echo "Nonexistent system/file: $id / $name"; + return; + } + $task = Taskmanager::submit('DownloadFile', array( + 'url' => CONFIG_REMOTE_ML . '/' . $id . '/' . $selectedVersion . '/' . $name, + 'destination' => CONFIG_HTTP_DIR . '/' . $id . '/' . $name, + 'gpg' => $gpg + )); + if (!isset($task['id'])) { + echo 'Error launching download task: ' . $task['statusCode']; + return; + } + Property::setDownloadTask($file['md5'], $task['id']); + echo Render::parse('download', array( + 'name' => $name, + 'task' => $task['id'] + )); return; } - Property::setDownloadTask($file['md5'], $task['id']); - echo Render::parse('download', array( - 'name' => $name, - 'task' => $task['id'] - )); - return; } } -- cgit v1.2.3-55-g7522 From db4cf34ba9782dd5709a79a2d9a8e0337661486c Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Wed, 14 Feb 2018 14:30:18 +0100 Subject: [minilinux] Use new permission helpers --- modules-available/minilinux/page.inc.php | 80 ++++++++++------------ .../minilinux/templates/filelist.html | 6 +- 2 files changed, 41 insertions(+), 45 deletions(-) (limited to 'modules-available/minilinux/page.inc.php') diff --git a/modules-available/minilinux/page.inc.php b/modules-available/minilinux/page.inc.php index 710ffd15..6a331e1e 100644 --- a/modules-available/minilinux/page.inc.php +++ b/modules-available/minilinux/page.inc.php @@ -12,10 +12,7 @@ class Page_MiniLinux extends Page Util::redirect('?do=Main'); } - if (!(User::hasPermission("show") || User::hasPermission("update"))) { - Message::addError('main.no-permission'); - Util::redirect('?do=Main'); - } + User::assertPermission('show'); } protected function doRender() @@ -87,51 +84,50 @@ class Page_MiniLinux extends Page $system['version'] = $selected['version']; } $data['versions'] = array_values($versionNumbers); - $data['allowedToUpdate'] = User::hasPermission("update"); + Permission::addGlobalTags($data['perms'], null, ['update']); echo Render::parse('filelist', $data); return; case 'download': - if (User::hasPermission("update")) { - $id = Request::post('id'); - $name = Request::post('name'); - if (!$id || !$name || strpos("$id$name", '/') !== false) { - echo "Invalid download request"; - return; - } - $file = false; - $gpg = 'missing'; - foreach ($data['systems'] as &$system) { - if ($system['id'] !== $id) continue; - foreach ($system['versions'] as &$version) { - if ($version['version'] != $selectedVersion) continue; - foreach ($version['files'] as &$f) { - if ($f['name'] !== $name) continue; - $file = $f; - if (!empty($f['gpg'])) $gpg = $f['gpg']; - break; - } + User::assertPermission('update'); + $id = Request::post('id'); + $name = Request::post('name'); + if (!$id || !$name || strpos("$id$name", '/') !== false) { + echo "Invalid download request"; + return; + } + $file = false; + $gpg = 'missing'; + foreach ($data['systems'] as &$system) { + if ($system['id'] !== $id) continue; + foreach ($system['versions'] as &$version) { + if ($version['version'] != $selectedVersion) continue; + foreach ($version['files'] as &$f) { + if ($f['name'] !== $name) continue; + $file = $f; + if (!empty($f['gpg'])) $gpg = $f['gpg']; + break; } } - if ($file === false) { - echo "Nonexistent system/file: $id / $name"; - return; - } - $task = Taskmanager::submit('DownloadFile', array( - 'url' => CONFIG_REMOTE_ML . '/' . $id . '/' . $selectedVersion . '/' . $name, - 'destination' => CONFIG_HTTP_DIR . '/' . $id . '/' . $name, - 'gpg' => $gpg - )); - if (!isset($task['id'])) { - echo 'Error launching download task: ' . $task['statusCode']; - return; - } - Property::setDownloadTask($file['md5'], $task['id']); - echo Render::parse('download', array( - 'name' => $name, - 'task' => $task['id'] - )); + } + if ($file === false) { + echo "Nonexistent system/file: $id / $name"; return; } + $task = Taskmanager::submit('DownloadFile', array( + 'url' => CONFIG_REMOTE_ML . '/' . $id . '/' . $selectedVersion . '/' . $name, + 'destination' => CONFIG_HTTP_DIR . '/' . $id . '/' . $name, + 'gpg' => $gpg + )); + if (!isset($task['id'])) { + echo 'Error launching download task: ' . $task['statusCode']; + return; + } + Property::setDownloadTask($file['md5'], $task['id']); + echo Render::parse('download', array( + 'name' => $name, + 'task' => $task['id'] + )); + return; } } diff --git a/modules-available/minilinux/templates/filelist.html b/modules-available/minilinux/templates/filelist.html index 34138c14..8df868d2 100644 --- a/modules-available/minilinux/templates/filelist.html +++ b/modules-available/minilinux/templates/filelist.html @@ -18,7 +18,7 @@
{{lang_canUpdate1}} {{title}} {{lang_canUpdate2}}
- + {{/systemChanged}} {{^systemChanged}}{{lang_systemUpdated}}
@@ -35,8 +35,8 @@ {{#fileChanged}} {{lang_outdated}}{{/fileChanged}}