From 02d4fc65209fcdf6f501f0ba62b433adf9a35293 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Wed, 14 Feb 2018 13:47:28 +0100 Subject: [permissionmanager] Speed up queries for saving roles and assignments --- .../inc/permissiondbupdate.inc.php | 30 +++++++++++++--------- 1 file changed, 18 insertions(+), 12 deletions(-) (limited to 'modules-available/permissionmanager/inc/permissiondbupdate.inc.php') diff --git a/modules-available/permissionmanager/inc/permissiondbupdate.inc.php b/modules-available/permissionmanager/inc/permissiondbupdate.inc.php index ffe5fac0..0f37a053 100644 --- a/modules-available/permissionmanager/inc/permissiondbupdate.inc.php +++ b/modules-available/permissionmanager/inc/permissiondbupdate.inc.php @@ -9,12 +9,14 @@ class PermissionDbUpdate { * @param array $roles roleids */ public static function addRoleToUser($users, $roles) { - $query = "INSERT IGNORE INTO user_x_role (userid, roleid) VALUES (:userid, :roleid)"; + $arg = array(); foreach($users AS $userid) { foreach ($roles AS $roleid) { - Database::exec($query, array("userid" => $userid, "roleid" => $roleid)); + $arg[] = compact('userid', 'roleid'); } } + Database::exec("INSERT IGNORE INTO user_x_role (userid, roleid) VALUES :arg", + ['arg' => $arg]); } /** @@ -49,20 +51,24 @@ class PermissionDbUpdate { if ($roleid) { Database::exec("UPDATE role SET rolename = :rolename WHERE roleid = :roleid", array("rolename" => $rolename, "roleid" => $roleid)); - Database::exec("DELETE FROM role_x_location WHERE roleid = :roleid", array("roleid" => $roleid)); - Database::exec("DELETE FROM role_x_permission WHERE roleid = :roleid", array("roleid" => $roleid)); + Database::exec("DELETE FROM role_x_location + WHERE roleid = :roleid AND locationid NOT IN (:locations)", array("roleid" => $roleid, 'locations' => $locations)); + Database::exec("DELETE FROM role_x_permission + WHERE roleid = :roleid AND permissionid NOT IN (:permissions)", array("roleid" => $roleid, 'permissions' => $permissions)); } else { Database::exec("INSERT INTO role (rolename) VALUES (:rolename)", array("rolename" => $rolename)); $roleid = Database::lastInsertId(); } - foreach ($locations as $locationid) { - Database::exec("INSERT INTO role_x_location (roleid, locationid) VALUES (:roleid, :locationid)", - array("roleid" => $roleid, "locationid" => $locationid)); - } - foreach ($permissions as $permissionid) { - Database::exec("INSERT INTO role_x_permission (roleid, permissionid) VALUES (:roleid, :permissionid)", - array("roleid" => $roleid, "permissionid" => $permissionid)); - } + $arg = array_map(function($loc) use ($roleid) { + return compact('roleid', 'loc'); + }, $locations); + Database::exec("INSERT IGNORE INTO role_x_location (roleid, locationid) VALUES :arg", + ['arg' => $arg]); + $arg = array_map(function($perm) use ($roleid) { + return compact('roleid', 'perm'); + }, $permissions); + Database::exec("INSERT IGNORE INTO role_x_permission (roleid, permissionid) VALUES :arg", + ['arg' => $arg]); } } -- cgit v1.2.3-55-g7522 From e39bc13cee5db3d4905498e0fe3ac89fd3ccbfe7 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Wed, 14 Feb 2018 13:54:45 +0100 Subject: [permissionmanager] Apply formatting --- modules-available/permissionmanager/api.inc.php | 7 --- .../inc/permissiondbupdate.inc.php | 37 +++++++++------- .../permissionmanager/inc/permissionutil.inc.php | 17 +++++--- modules-available/permissionmanager/page.inc.php | 51 ++++++++++++---------- 4 files changed, 60 insertions(+), 52 deletions(-) delete mode 100644 modules-available/permissionmanager/api.inc.php (limited to 'modules-available/permissionmanager/inc/permissiondbupdate.inc.php') diff --git a/modules-available/permissionmanager/api.inc.php b/modules-available/permissionmanager/api.inc.php deleted file mode 100644 index 0d84ebce..00000000 --- a/modules-available/permissionmanager/api.inc.php +++ /dev/null @@ -1,7 +0,0 @@ - 'value', - 'number' => 123, - 'list' => array(1,2,3,4,5,6,'foo') -)); diff --git a/modules-available/permissionmanager/inc/permissiondbupdate.inc.php b/modules-available/permissionmanager/inc/permissiondbupdate.inc.php index 0f37a053..f2e7a366 100644 --- a/modules-available/permissionmanager/inc/permissiondbupdate.inc.php +++ b/modules-available/permissionmanager/inc/permissiondbupdate.inc.php @@ -1,6 +1,7 @@ $users, "roles" => $roles)); } @@ -35,7 +38,8 @@ class PermissionDbUpdate { * * @param string $roleid roleid */ - public static function deleteRole($roleid) { + public static function deleteRole($roleid) + { Database::exec("DELETE FROM role WHERE roleid = :roleid", array("roleid" => $roleid)); } @@ -47,28 +51,31 @@ class PermissionDbUpdate { * @param array $permissions array of permissions * @param string|null $roleid roleid or null if the role does not exist yet */ - public static function saveRole($rolename, $locations, $permissions, $roleid = NULL) { + public static function saveRole($rolename, $locations, $permissions, $roleid = null) + { if ($roleid) { Database::exec("UPDATE role SET rolename = :rolename WHERE roleid = :roleid", - array("rolename" => $rolename, "roleid" => $roleid)); + array("rolename" => $rolename, "roleid" => $roleid)); Database::exec("DELETE FROM role_x_location - WHERE roleid = :roleid AND locationid NOT IN (:locations)", array("roleid" => $roleid, 'locations' => $locations)); + WHERE roleid = :roleid AND locationid NOT IN (:locations)", + array("roleid" => $roleid, 'locations' => $locations)); Database::exec("DELETE FROM role_x_permission - WHERE roleid = :roleid AND permissionid NOT IN (:permissions)", array("roleid" => $roleid, 'permissions' => $permissions)); + WHERE roleid = :roleid AND permissionid NOT IN (:permissions)", + array("roleid" => $roleid, 'permissions' => $permissions)); } else { Database::exec("INSERT INTO role (rolename) VALUES (:rolename)", array("rolename" => $rolename)); $roleid = Database::lastInsertId(); } - $arg = array_map(function($loc) use ($roleid) { + + $arg = array_map(function ($loc) use ($roleid) { return compact('roleid', 'loc'); }, $locations); - Database::exec("INSERT IGNORE INTO role_x_location (roleid, locationid) VALUES :arg", - ['arg' => $arg]); - $arg = array_map(function($perm) use ($roleid) { + Database::exec("INSERT IGNORE INTO role_x_location (roleid, locationid) VALUES :arg", ['arg' => $arg]); + + $arg = array_map(function ($perm) use ($roleid) { return compact('roleid', 'perm'); }, $permissions); - Database::exec("INSERT IGNORE INTO role_x_permission (roleid, permissionid) VALUES :arg", - ['arg' => $arg]); + Database::exec("INSERT IGNORE INTO role_x_permission (roleid, permissionid) VALUES :arg", ['arg' => $arg]); } } diff --git a/modules-available/permissionmanager/inc/permissionutil.inc.php b/modules-available/permissionmanager/inc/permissionutil.inc.php index 6d83ef92..d3948ebd 100644 --- a/modules-available/permissionmanager/inc/permissionutil.inc.php +++ b/modules-available/permissionmanager/inc/permissionutil.inc.php @@ -25,15 +25,15 @@ class PermissionUtil $compare[] = $permission[0]; } for ($i = 1; $i < $partCount; ++$i) { - $compare[$i-1] .= '.*'; + $compare[$i - 1] .= '.*'; for ($j = $i; $j < $partCount; ++$j) { $compare[$j] .= '.' . $permission[$i]; } } $compare[] = '*'; - if ($permission[$partCount-1] === '*') { - $wildcard = substr($compare[$partCount-1], 0, -1); + if ($permission[$partCount - 1] === '*') { + $wildcard = substr($compare[$partCount - 1], 0, -1); $wclen = strlen($wildcard); } else { $wclen = $wildcard = false; @@ -48,7 +48,8 @@ class PermissionUtil * @param int|null $locationid locationid to check or null if the location should be disregarded * @return bool true if user has permission, false if not */ - public static function userHasPermission($userid, $permissionid, $locationid) { + public static function userHasPermission($userid, $permissionid, $locationid) + { self::validatePermission($permissionid); $parts = explode('.', $permissionid); // Limit query to first part of permissionid, which is always the module id @@ -91,7 +92,8 @@ class PermissionUtil * @param string $permissionid permissionid to check * @return array array of locationids where the user has the given permission */ - public static function getAllowedLocations($userid, $permissionid) { + public static function getAllowedLocations($userid, $permissionid) + { self::validatePermission($permissionid); $parts = explode('.', $permissionid); // Limit query to first part of permissionid, which is always the module id @@ -130,7 +132,8 @@ class PermissionUtil * @param array $allowedLocations the array of locationids to extend * @return array extended array of locationids */ - public static function getSublocations($tree, $allowedLocations) { + public static function getSublocations($tree, $allowedLocations) + { $result = $allowedLocations; foreach ($tree as $location) { if (array_key_exists("children", $location)) { @@ -189,7 +192,7 @@ class PermissionUtil $moduleId = $out[1]; if (Module::get($moduleId) === false) continue; - foreach($data as $perm => $permissionFlags) { + foreach ($data as $perm => $permissionFlags) { $description = Dictionary::translateFileModule($moduleId, "permissions", $perm); self::putInPermissionTree($moduleId . "." . $perm, $permissionFlags['location-aware'], $description, $permissions); } diff --git a/modules-available/permissionmanager/page.inc.php b/modules-available/permissionmanager/page.inc.php index 89c72842..1c2d56bf 100644 --- a/modules-available/permissionmanager/page.inc.php +++ b/modules-available/permissionmanager/page.inc.php @@ -95,8 +95,8 @@ class Page_PermissionManager extends Page * * @param array $permissions the permission tree * @param array $selectedPermissions permissions that should be preselected - * @param array $selectAll true if all pemrissions should be preselected, false if only those in $selectedPermissions - * @param array $permString the prefix permission string with which all permissions in the permission tree should start + * @param bool $selectAll true if all permissions should be preselected, false if only those in $selectedPermissions + * @param string $permString the prefix permission string with which all permissions in the permission tree should start * @return string generated html code */ private static function generatePermissionHTML($permissions, $selectedPermissions = array(), $selectAll = false, $permString = "") @@ -142,10 +142,10 @@ class Page_PermissionManager extends Page if ($toplevel) { $res = Render::parse("treepanel", array("id" => "*", - "name" => Dictionary::translateFile("template-tags", "lang_permissions"), - "checkboxname" => "permissions", - "selected" => $selectAll, - "HTML" => $res)); + "name" => Dictionary::translateFile("template-tags", "lang_permissions"), + "checkboxname" => "permissions", + "selected" => $selectAll, + "HTML" => $res)); } return $res; } @@ -162,25 +162,27 @@ class Page_PermissionManager extends Page private static function generateLocationHTML($locations, $selectedLocations = array(), $selectAll = false, $toplevel = true) { $res = ""; - if ($toplevel && in_array(0, $selectedLocations)) $selectAll = true; + if ($toplevel && in_array(0, $selectedLocations)) { + $selectAll = true; + } foreach ($locations as $location) { $selected = $selectAll || in_array($location["locationid"], $selectedLocations); $res .= Render::parse("treenode", - array("id" => $location["locationid"], - "name" => $location["locationname"], - "toplevel" => $toplevel, - "checkboxname" => "locations", - "selected" => $selected, - "HTML" => array_key_exists("children", $location) ? - self::generateLocationHTML($location["children"], $selectedLocations, $selected, false) : "")); + array("id" => $location["locationid"], + "name" => $location["locationname"], + "toplevel" => $toplevel, + "checkboxname" => "locations", + "selected" => $selected, + "HTML" => array_key_exists("children", $location) ? + self::generateLocationHTML($location["children"], $selectedLocations, $selected, false) : "")); } if ($toplevel) { $res = Render::parse("treepanel", array("id" => 0, - "name" => Dictionary::translateFile("template-tags", "lang_locations"), - "checkboxname" => "locations", - "selected" => $selectAll, - "HTML" => $res)); + "name" => Dictionary::translateFile("template-tags", "lang_locations"), + "checkboxname" => "locations", + "selected" => $selectAll, + "HTML" => $res)); } return $res; } @@ -193,12 +195,14 @@ class Page_PermissionManager extends Page */ private static function processLocations($locations) { - if (in_array(0, $locations)) return array(NULL); + if (in_array(0, $locations)) + return array(null); $result = array(); foreach ($locations as $location) { $rootchain = array_reverse(Location::getLocationRootChain($location)); foreach ($rootchain as $l) { - if (in_array($l, $result)) break; + if (in_array($l, $result)) + break; if (in_array($l, $locations)) { $result[] = $l; break; @@ -216,7 +220,8 @@ class Page_PermissionManager extends Page */ private static function processPermissions($permissions) { - if (in_array("*", $permissions)) return array("*"); + if (in_array("*", $permissions)) + return array("*"); $result = array(); foreach ($permissions as $permission) { $x =& $result; @@ -239,10 +244,10 @@ class Page_PermissionManager extends Page foreach ($permissions as $permission => $a) { if (is_array($a)) { if (array_key_exists("*", $a)) { - $result[] = $permission.".*"; + $result[] = $permission . ".*"; } else { foreach (self::extractPermissions($a) as $subPermission) { - $result[] = $permission.".".$subPermission; + $result[] = $permission . "." . $subPermission; } } } else { -- cgit v1.2.3-55-g7522 From 7bde027d280e3e08758d95213559677099cd3819 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Fri, 16 Feb 2018 12:20:25 +0100 Subject: [permissionmanager] Force lowercase permissions, handle locId 0 properly --- .../permissionmanager/inc/permissiondbupdate.inc.php | 4 ++++ .../permissionmanager/inc/permissionutil.inc.php | 13 ++++++++++--- 2 files changed, 14 insertions(+), 3 deletions(-) (limited to 'modules-available/permissionmanager/inc/permissiondbupdate.inc.php') diff --git a/modules-available/permissionmanager/inc/permissiondbupdate.inc.php b/modules-available/permissionmanager/inc/permissiondbupdate.inc.php index f2e7a366..8a67bf24 100644 --- a/modules-available/permissionmanager/inc/permissiondbupdate.inc.php +++ b/modules-available/permissionmanager/inc/permissiondbupdate.inc.php @@ -53,6 +53,10 @@ class PermissionDbUpdate */ public static function saveRole($rolename, $locations, $permissions, $roleid = null) { + foreach ($permissions as &$permission) { + $permission = strtolower($permission); + } + unset($permission); if ($roleid) { Database::exec("UPDATE role SET rolename = :rolename WHERE roleid = :roleid", array("rolename" => $rolename, "roleid" => $roleid)); diff --git a/modules-available/permissionmanager/inc/permissionutil.inc.php b/modules-available/permissionmanager/inc/permissionutil.inc.php index f1385bc2..b4d54055 100644 --- a/modules-available/permissionmanager/inc/permissionutil.inc.php +++ b/modules-available/permissionmanager/inc/permissionutil.inc.php @@ -50,6 +50,7 @@ class PermissionUtil */ public static function userHasPermission($userid, $permissionid, $locationid) { + $permissionid = strtolower($permissionid); self::validatePermission($permissionid); $parts = explode('.', $permissionid); // Limit query to first part of permissionid, which is always the module id @@ -60,9 +61,14 @@ class PermissionUtil WHERE user_x_role.userid = :userid AND (permissionid LIKE :prefix OR permissionid LIKE '*')", compact('userid', 'prefix')); } else { - $locations = Location::getLocationRootChain($locationid); - if (count($locations) == 0) - return false; + if ($locationid === 0) { + $locations = [0]; + } else { + $locations = Location::getLocationRootChain($locationid); + if (empty($locations)) { // Non-existent location, still continue as user might have global perms + $locations = [0]; + } + } $res = Database::simpleQuery("SELECT permissionid FROM role_x_permission INNER JOIN user_x_role USING (roleid) INNER JOIN role_x_location USING (roleid) @@ -94,6 +100,7 @@ class PermissionUtil */ public static function getAllowedLocations($userid, $permissionid) { + $permissionid = strtolower($permissionid); self::validatePermission($permissionid); $parts = explode('.', $permissionid); // Limit query to first part of permissionid, which is always the module id -- cgit v1.2.3-55-g7522 From 7dc7a49e3704b52c4a40909050bf831826b3c41b Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Tue, 20 Feb 2018 15:20:26 +0100 Subject: [permissionmanager] Ensure uniqueness in role_x_location table, consistent table naming, drop unused id field --- .../inc/getpermissiondata.inc.php | 6 ++-- .../inc/permissiondbupdate.inc.php | 22 +++++++------- .../permissionmanager/inc/permissionutil.inc.php | 12 ++++---- .../permissionmanager/install.inc.php | 34 +++++++++++++++++----- 4 files changed, 47 insertions(+), 27 deletions(-) (limited to 'modules-available/permissionmanager/inc/permissiondbupdate.inc.php') diff --git a/modules-available/permissionmanager/inc/getpermissiondata.inc.php b/modules-available/permissionmanager/inc/getpermissiondata.inc.php index 496c8224..fc18de99 100644 --- a/modules-available/permissionmanager/inc/getpermissiondata.inc.php +++ b/modules-available/permissionmanager/inc/getpermissiondata.inc.php @@ -15,8 +15,8 @@ class GetPermissionData { $res = Database::simpleQuery("SELECT user.userid AS userid, user.login AS login, role.rolename AS rolename, role.roleid AS roleid FROM user - LEFT JOIN user_x_role ON user.userid = user_x_role.userid - LEFT JOIN role ON user_x_role.roleid = role.roleid + LEFT JOIN role_x_user ON user.userid = role_x_user.userid + LEFT JOIN role ON role_x_user.roleid = role.roleid "); $userdata = array(); while ($row = $res->fetch(PDO::FETCH_ASSOC)) { @@ -75,7 +75,7 @@ class GetPermissionData $cols = $joins = ''; if ($flags & self::WITH_USER_COUNT) { $cols .= ', Count(DISTINCT rxu.userid) AS users'; - $joins .= ' LEFT JOIN user_x_role rxu ON (r.roleid = rxu.roleid)'; + $joins .= ' LEFT JOIN role_x_user rxu ON (r.roleid = rxu.roleid)'; } if ($flags & self::WITH_LOCATION_COUNT) { $cols .= ', Count(DISTINCT rxl.locationid) AS locations'; diff --git a/modules-available/permissionmanager/inc/permissiondbupdate.inc.php b/modules-available/permissionmanager/inc/permissiondbupdate.inc.php index 8a67bf24..1f56f4ea 100644 --- a/modules-available/permissionmanager/inc/permissiondbupdate.inc.php +++ b/modules-available/permissionmanager/inc/permissiondbupdate.inc.php @@ -4,10 +4,10 @@ class PermissionDbUpdate { /** - * Insert all user/role combinations into the user_x_role table. + * Insert all user/role combinations into the role_x_user table. * - * @param array $users userids - * @param array $roles roleids + * @param int[] $users userids + * @param string[] $roles roleids */ public static function addRoleToUser($users, $roles) { @@ -17,19 +17,19 @@ class PermissionDbUpdate $arg[] = compact('userid', 'roleid'); } } - Database::exec("INSERT IGNORE INTO user_x_role (userid, roleid) VALUES :arg", + Database::exec("INSERT IGNORE INTO role_x_user (userid, roleid) VALUES :arg", ['arg' => $arg]); } /** - * Remove all user/role combinations from the user_x_role table. + * Remove all user/role combinations from the role_x_user table. * - * @param array $users userids - * @param array $roles roleids + * @param int[] $users userids + * @param string[] $roles roleids */ public static function removeRoleFromUser($users, $roles) { - $query = "DELETE FROM user_x_role WHERE userid IN (:users) AND roleid IN (:roles)"; + $query = "DELETE FROM role_x_user WHERE userid IN (:users) AND roleid IN (:roles)"; Database::exec($query, array("users" => $users, "roles" => $roles)); } @@ -47,8 +47,8 @@ class PermissionDbUpdate * Save changes to a role or create a new one. * * @param string $rolename rolename - * @param array $locations array of locations - * @param array $permissions array of permissions + * @param int[] $locations array of locations + * @param string[] $permissions array of permissions * @param string|null $roleid roleid or null if the role does not exist yet */ public static function saveRole($rolename, $locations, $permissions, $roleid = null) @@ -61,7 +61,7 @@ class PermissionDbUpdate Database::exec("UPDATE role SET rolename = :rolename WHERE roleid = :roleid", array("rolename" => $rolename, "roleid" => $roleid)); Database::exec("DELETE FROM role_x_location - WHERE roleid = :roleid AND locationid NOT IN (:locations)", + WHERE roleid = :roleid AND (locationid NOT IN (:locations) OR locationid IS NULL)", array("roleid" => $roleid, 'locations' => $locations)); Database::exec("DELETE FROM role_x_permission WHERE roleid = :roleid AND permissionid NOT IN (:permissions)", diff --git a/modules-available/permissionmanager/inc/permissionutil.inc.php b/modules-available/permissionmanager/inc/permissionutil.inc.php index bc42c5a0..29663ed9 100644 --- a/modules-available/permissionmanager/inc/permissionutil.inc.php +++ b/modules-available/permissionmanager/inc/permissionutil.inc.php @@ -60,8 +60,8 @@ class PermissionUtil $prefix = $parts[0] . '.%'; if (is_null($locationid)) { $res = Database::simpleQuery("SELECT permissionid FROM role_x_permission - INNER JOIN user_x_role USING (roleid) - WHERE user_x_role.userid = :userid AND (permissionid LIKE :prefix OR permissionid LIKE '*')", + INNER JOIN role_x_user USING (roleid) + WHERE role_x_user.userid = :userid AND (permissionid LIKE :prefix OR permissionid LIKE '*')", compact('userid', 'prefix')); } else { if ($locationid === 0) { @@ -73,9 +73,9 @@ class PermissionUtil } } $res = Database::simpleQuery("SELECT permissionid FROM role_x_permission - INNER JOIN user_x_role USING (roleid) + INNER JOIN role_x_user USING (roleid) INNER JOIN role_x_location USING (roleid) - WHERE user_x_role.userid = :userid AND (permissionid LIKE :prefix OR permissionid LIKE '*') + WHERE role_x_user.userid = :userid AND (permissionid LIKE :prefix OR permissionid LIKE '*') AND (locationid IN (:locations) OR locationid IS NULL)", compact('userid', 'prefix', 'locations')); } @@ -113,9 +113,9 @@ class PermissionUtil // Limit query to first part of permissionid, which is always the module id $prefix = $parts[0] . '.%'; $res = Database::simpleQuery("SELECT permissionid, locationid FROM role_x_permission - INNER JOIN user_x_role USING (roleid) + INNER JOIN role_x_user USING (roleid) INNER JOIN role_x_location USING (roleid) - WHERE user_x_role.userid = :userid AND (permissionid LIKE :prefix OR permissionid LIKE '*')", + WHERE role_x_user.userid = :userid AND (permissionid LIKE :prefix OR permissionid LIKE '*')", compact('userid', 'prefix')); // Gather locationid from relevant rows diff --git a/modules-available/permissionmanager/install.inc.php b/modules-available/permissionmanager/install.inc.php index 71ee7a1e..afa5dd7e 100644 --- a/modules-available/permissionmanager/install.inc.php +++ b/modules-available/permissionmanager/install.inc.php @@ -8,17 +8,23 @@ $res[] = tableCreate('role', " PRIMARY KEY (roleid) "); -$res[] = tableCreate('user_x_role', " +if (tableExists('user_x_role')) { + if (tableExists('role_x_user')) { + Database::exec('DROP TABLE user_x_role'); + } else { + $res[] = tableRename('user_x_role', 'role_x_user'); + } +} +$res[] = tableCreate('role_x_user', " userid int(10) unsigned NOT NULL, roleid int(10) unsigned NOT NULL, PRIMARY KEY (userid, roleid) "); $res[] = tableCreate('role_x_location', " - id int(10) unsigned NOT NULL AUTO_INCREMENT, roleid int(10) unsigned NOT NULL, locationid int(11), - PRIMARY KEY (id) + CONSTRAINT role_loc UNIQUE (roleid, locationid) "); $res[] = tableCreate('role_x_permission', " @@ -27,24 +33,38 @@ $res[] = tableCreate('role_x_permission', " PRIMARY KEY (roleid, permissionid) "); +if (tableHasColumn('role_x_location', 'id')) { + $cnt = Database::exec('DELETE a FROM role_x_location a, role_x_location b + WHERE a.roleid = b.roleid AND (a.locationid = b.locationid OR (a.locationid IS NULL AND b.locationid IS NULL)) + AND a.id > b.id'); + $ret = Database::exec('ALTER TABLE role_x_location DROP COLUMN id, + ADD CONSTRAINT role_loc UNIQUE (roleid, locationid)'); + if ($ret === false) { + $res[] = UPDATE_NOOP; + } else { + $res[] = UPDATE_DONE; + } + +} + if (!tableExists('user') || !tableExists('location')) { finalResponse(UPDATE_RETRY, 'Cannot add constraint yet. Please retry.'); } else { - $c = tableGetContraints('user_x_role', 'userid', 'user', 'userid'); + $c = tableGetContraints('role_x_user', 'userid', 'user', 'userid'); if ($c === false) finalResponse(UPDATE_FAILED, 'Cannot get constraints of user table: ' . Database::lastError()); if (empty($c)) { - $alter = Database::exec('ALTER TABLE user_x_role ADD FOREIGN KEY (userid) REFERENCES user (userid) ON DELETE CASCADE ON UPDATE CASCADE'); + $alter = Database::exec('ALTER TABLE role_x_user ADD FOREIGN KEY (userid) REFERENCES user (userid) ON DELETE CASCADE ON UPDATE CASCADE'); if ($alter === false) finalResponse(UPDATE_FAILED, 'Cannot add userid constraint referencing user table: ' . Database::lastError()); $res[] = UPDATE_DONE; } - $c = tableGetContraints('user_x_role', 'roleid', 'role', 'roleid'); + $c = tableGetContraints('role_x_user', 'roleid', 'role', 'roleid'); if ($c === false) finalResponse(UPDATE_FAILED, 'Cannot get constraints of role table: ' . Database::lastError()); if (empty($c)) { - $alter = Database::exec('ALTER TABLE user_x_role ADD FOREIGN KEY (roleid) REFERENCES role (roleid) ON DELETE CASCADE ON UPDATE CASCADE'); + $alter = Database::exec('ALTER TABLE role_x_user ADD FOREIGN KEY (roleid) REFERENCES role (roleid) ON DELETE CASCADE ON UPDATE CASCADE'); if ($alter === false) finalResponse(UPDATE_FAILED, 'Cannot add roleid constraint referencing role table: ' . Database::lastError()); $res[] = UPDATE_DONE; -- cgit v1.2.3-55-g7522 From 00851bd25e57938a79356d2efb36c2bea1697760 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Fri, 23 Feb 2018 18:41:49 +0100 Subject: [adduser] Support setting user's roles on add/edit --- modules-available/adduser/page.inc.php | 33 ++++++ .../adduser/templates/page-adduser.html | 74 +++++++------ .../adduser/templates/page-edituser.html | 120 ++++++++++----------- .../adduser/templates/user-permissions.html | 24 +++++ .../inc/permissiondbupdate.inc.php | 28 ++++- .../permissionmanager/inc/permissionutil.inc.php | 23 ++++ 6 files changed, 198 insertions(+), 104 deletions(-) create mode 100644 modules-available/adduser/templates/user-permissions.html (limited to 'modules-available/permissionmanager/inc/permissiondbupdate.inc.php') diff --git a/modules-available/adduser/page.inc.php b/modules-available/adduser/page.inc.php index a4edcf59..d1615828 100644 --- a/modules-available/adduser/page.inc.php +++ b/modules-available/adduser/page.inc.php @@ -61,6 +61,7 @@ class Page_AddUser extends Page EventLog::info(User::getName() . ' created user ' . $login); } Message::addInfo('adduser-success'); + $this->saveRoles($id); return; } } @@ -113,6 +114,7 @@ class Page_AddUser extends Page Database::exec('UPDATE user SET passwd = :pass WHERE userid = :userid', $data); Message::addSuccess('password-changed'); } + $this->saveRoles($userid); } } Util::redirect('?do=adduser&show=edituser&userid=' . $userid); @@ -141,6 +143,19 @@ class Page_AddUser extends Page Message::addSuccess('user-deleted', $userid); } + private function saveRoles($userid) + { + if (!Module::isAvailable('permissionmanager')) + return; + if (!User::hasPermission('.permissionmanager.users.edit-roles')) + return; + $roles = Request::post('roles', [], 'array'); + $ret = PermissionDbUpdate::setRolesForUser([$userid], $roles); + if ($ret > 0) { + Message::addSuccess('roles-updated'); + } + } + protected function doRender() { Render::addTemplate('header'); @@ -151,7 +166,12 @@ class Page_AddUser extends Page if ($hasUsers) { User::assertPermission('user.add'); } + Render::openTag('form', ['class' => 'form-adduser', 'action' => '?do=adduser', 'method' => 'post']); Render::addTemplate('page-adduser'); + if ($hasUsers) { + $this->showPermissions(); + } + Render::closeTag('form'); } elseif ($show === 'edituser') { User::assertPermission('user.edit'); $userid = Request::get('userid', false, 'int'); @@ -165,7 +185,10 @@ class Page_AddUser extends Page Message::addError('user-not-found', $userid); } else { // TODO: LDAP -> disallow pw change, maybe other fields too? + Render::openTag('form', ['class' => 'form-adduser', 'action' => '?do=adduser', 'method' => 'post']); Render::addTemplate('page-edituser', $user); + $this->showPermissions($userid); + Render::closeTag('form'); } } elseif ($show === 'list') { User::assertPermission('list.view'); @@ -181,4 +204,14 @@ class Page_AddUser extends Page } } + private function showPermissions($userid = false) + { + if (!Module::isAvailable('permissionmanager')) + return; + if (!User::hasPermission('.permissionmanager.users.edit-roles')) + return; + $data = ['roles' => PermissionUtil::getRoles($userid, false)]; + Render::addTemplate('user-permissions', $data); + } + } diff --git a/modules-available/adduser/templates/page-adduser.html b/modules-available/adduser/templates/page-adduser.html index 58d705f8..bd16dbbf 100644 --- a/modules-available/adduser/templates/page-adduser.html +++ b/modules-available/adduser/templates/page-adduser.html @@ -1,39 +1,37 @@ -
- - -

{{lang_createUser}}

-
-
-
+ + +

{{lang_createUser}}

+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- -
-
- - - +
+ + diff --git a/modules-available/adduser/templates/page-edituser.html b/modules-available/adduser/templates/page-edituser.html index b8e51b5c..36293b11 100644 --- a/modules-available/adduser/templates/page-edituser.html +++ b/modules-available/adduser/templates/page-edituser.html @@ -1,72 +1,70 @@ -
- - -

{{lang_editUser}}

+ + +

{{lang_editUser}}

-
-
-
-
-
-
-
-

- {{lang_changeLoginHint}} -

-
+
+
+
+
+
+
+
+

+ {{lang_changeLoginHint}} +

+
-
-
-
-
-
+
+
+
- {{#password_disabled}} -
-
-
-

- {{lang_changeOwnPasswordHint}} -

-
+
+
+{{#password_disabled}} +
+
+
+

+ {{lang_changeOwnPasswordHint}} +

- {{/password_disabled}} -
+
+{{/password_disabled}} +
-
-
-
-
-
+
+
+
+
+
-
-
-
-
-
+
+
+
+
+
-
-
-
-
+
+
+
-
+
+
-
-
-
- -
+
+
+
+
- - - - +
+ + + diff --git a/modules-available/adduser/templates/user-permissions.html b/modules-available/adduser/templates/user-permissions.html new file mode 100644 index 00000000..ce51630f --- /dev/null +++ b/modules-available/adduser/templates/user-permissions.html @@ -0,0 +1,24 @@ +

{{lang_assignRoles}}

+ + + + + + + + + + + {{#roles}} + + + + + {{/roles}} + +
{{lang_role}}
{{rolename}} +
+ + +
+
\ No newline at end of file diff --git a/modules-available/permissionmanager/inc/permissiondbupdate.inc.php b/modules-available/permissionmanager/inc/permissiondbupdate.inc.php index 1f56f4ea..5f528a37 100644 --- a/modules-available/permissionmanager/inc/permissiondbupdate.inc.php +++ b/modules-available/permissionmanager/inc/permissiondbupdate.inc.php @@ -7,17 +7,19 @@ class PermissionDbUpdate * Insert all user/role combinations into the role_x_user table. * * @param int[] $users userids - * @param string[] $roles roleids + * @param int[] $roles roleids */ public static function addRoleToUser($users, $roles) { + if (empty($users) || empty($roles)) + return 0; $arg = array(); foreach ($users AS $userid) { foreach ($roles AS $roleid) { $arg[] = compact('userid', 'roleid'); } } - Database::exec("INSERT IGNORE INTO role_x_user (userid, roleid) VALUES :arg", + return Database::exec("INSERT IGNORE INTO role_x_user (userid, roleid) VALUES :arg", ['arg' => $arg]); } @@ -25,12 +27,28 @@ class PermissionDbUpdate * Remove all user/role combinations from the role_x_user table. * * @param int[] $users userids - * @param string[] $roles roleids + * @param int[] $roles roleids */ public static function removeRoleFromUser($users, $roles) { + if (empty($users) || empty($roles)) + return 0; $query = "DELETE FROM role_x_user WHERE userid IN (:users) AND roleid IN (:roles)"; - Database::exec($query, array("users" => $users, "roles" => $roles)); + return Database::exec($query, array("users" => $users, "roles" => $roles)); + } + + /** + * Assign the specified roles to given users, removing any roles from the users + * that are not in the given set. + * + * @param int[] $users list of user ids + * @param int[] $roles list of role ids + */ + public static function setRolesForUser($users, $roles) + { + $count = Database::exec("DELETE FROM role_x_user WHERE userid in (:users) AND roleid NOT IN (:roles)", + compact('users', 'roles')); + return $count + self::addRoleToUser($users, $roles); } /** @@ -40,7 +58,7 @@ class PermissionDbUpdate */ public static function deleteRole($roleid) { - Database::exec("DELETE FROM role WHERE roleid = :roleid", array("roleid" => $roleid)); + return Database::exec("DELETE FROM role WHERE roleid = :roleid", array("roleid" => $roleid)); } /** diff --git a/modules-available/permissionmanager/inc/permissionutil.inc.php b/modules-available/permissionmanager/inc/permissionutil.inc.php index 29663ed9..a3a2b610 100644 --- a/modules-available/permissionmanager/inc/permissionutil.inc.php +++ b/modules-available/permissionmanager/inc/permissionutil.inc.php @@ -231,6 +231,28 @@ class PermissionUtil return $permissions; } + /** + * Get all existing roles. + * + * @param int|false $userid Which user to consider, false = none + * @param bool $onlyMatching true = filter roles the user doesn't have + * @return array list of roles + */ + public static function getRoles($userid = false, $onlyMatching = true) + { + if ($userid === false) { + return Database::queryAll('SELECT roleid, rolename FROM role ORDER BY rolename ASC'); + } + $ret = Database::queryAll('SELECT r.roleid, r.rolename, u.userid AS hasRole FROM role r + LEFT JOIN role_x_user u ON (r.roleid = u.roleid AND u.userid = :userid) + GROUP BY r.roleid + ORDER BY rolename ASC', ['userid' => $userid]); + foreach ($ret as &$role) { + settype($role['hasRole'], 'bool'); + } + return $ret; + } + /** * Place a permission into the given permission tree. * @@ -252,4 +274,5 @@ class PermissionUtil } $tree = array('description' => $description, 'location-aware' => $locationAware, 'isLeaf' => true); } + } \ No newline at end of file -- cgit v1.2.3-55-g7522 From 3a8408bf30cb6e95421fc1f50ab045d90f805004 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Mon, 5 Mar 2018 15:38:15 +0100 Subject: [permissionmanager] PermissionDbUpdate::saveRole(): handle empty lists --- .../permissionmanager/inc/permissiondbupdate.inc.php | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) (limited to 'modules-available/permissionmanager/inc/permissiondbupdate.inc.php') diff --git a/modules-available/permissionmanager/inc/permissiondbupdate.inc.php b/modules-available/permissionmanager/inc/permissiondbupdate.inc.php index 5f528a37..1d6367af 100644 --- a/modules-available/permissionmanager/inc/permissiondbupdate.inc.php +++ b/modules-available/permissionmanager/inc/permissiondbupdate.inc.php @@ -89,15 +89,19 @@ class PermissionDbUpdate $roleid = Database::lastInsertId(); } - $arg = array_map(function ($loc) use ($roleid) { - return compact('roleid', 'loc'); - }, $locations); - Database::exec("INSERT IGNORE INTO role_x_location (roleid, locationid) VALUES :arg", ['arg' => $arg]); + if (!empty($locations)) { + $arg = array_map(function ($loc) use ($roleid) { + return compact('roleid', 'loc'); + }, $locations); + Database::exec("INSERT IGNORE INTO role_x_location (roleid, locationid) VALUES :arg", ['arg' => $arg]); + } - $arg = array_map(function ($perm) use ($roleid) { - return compact('roleid', 'perm'); - }, $permissions); - Database::exec("INSERT IGNORE INTO role_x_permission (roleid, permissionid) VALUES :arg", ['arg' => $arg]); + if (!empty($permissions)) { + $arg = array_map(function ($perm) use ($roleid) { + return compact('roleid', 'perm'); + }, $permissions); + Database::exec("INSERT IGNORE INTO role_x_permission (roleid, permissionid) VALUES :arg", ['arg' => $arg]); + } } } -- cgit v1.2.3-55-g7522 From 5014f09a5aa30b1c3aa1e35e67a183086a212052 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Fri, 13 Apr 2018 12:30:43 +0200 Subject: [permissionmanager] Add role description field; install some default rules Closes #3356 --- .../inc/getpermissiondata.inc.php | 4 +- .../inc/permissiondbupdate.inc.php | 31 ++++--- .../permissionmanager/install.inc.php | 103 +++++++++++++++++++++ .../permissionmanager/lang/de/template-tags.json | 5 +- .../permissionmanager/lang/en/template-tags.json | 5 +- modules-available/permissionmanager/page.inc.php | 29 +++--- .../permissionmanager/templates/roleeditor.html | 8 +- .../permissionmanager/templates/rolestable.html | 6 +- 8 files changed, 156 insertions(+), 35 deletions(-) (limited to 'modules-available/permissionmanager/inc/permissiondbupdate.inc.php') diff --git a/modules-available/permissionmanager/inc/getpermissiondata.inc.php b/modules-available/permissionmanager/inc/getpermissiondata.inc.php index fc18de99..660c94ae 100644 --- a/modules-available/permissionmanager/inc/getpermissiondata.inc.php +++ b/modules-available/permissionmanager/inc/getpermissiondata.inc.php @@ -84,7 +84,7 @@ class GetPermissionData if (!empty($joins)) { $joins .= ' GROUP BY r.roleid'; } - return Database::queryAll("SELECT r.roleid, r.rolename $cols FROM role r + return Database::queryAll("SELECT r.roleid, r.rolename, r.roledescription $cols FROM role r $joins ORDER BY rolename ASC"); } @@ -97,7 +97,7 @@ class GetPermissionData */ public static function getRoleData($roleid) { - $query = "SELECT roleid, rolename FROM role WHERE roleid = :roleid"; + $query = "SELECT roleid, rolename, roledescription FROM role WHERE roleid = :roleid"; $data = Database::queryFirst($query, array("roleid" => $roleid)); $query = "SELECT roleid, locationid FROM role_x_location WHERE roleid = :roleid"; $res = Database::simpleQuery($query, array("roleid" => $roleid)); diff --git a/modules-available/permissionmanager/inc/permissiondbupdate.inc.php b/modules-available/permissionmanager/inc/permissiondbupdate.inc.php index 1d6367af..0cd89b3a 100644 --- a/modules-available/permissionmanager/inc/permissiondbupdate.inc.php +++ b/modules-available/permissionmanager/inc/permissiondbupdate.inc.php @@ -54,7 +54,7 @@ class PermissionDbUpdate /** * Delete role from the role table. * - * @param string $roleid roleid + * @param int $roleid roleid */ public static function deleteRole($roleid) { @@ -64,41 +64,42 @@ class PermissionDbUpdate /** * Save changes to a role or create a new one. * - * @param string $rolename rolename + * @param string $roleName rolename * @param int[] $locations array of locations * @param string[] $permissions array of permissions - * @param string|null $roleid roleid or null if the role does not exist yet + * @param int|null $roleId roleid or null if the role does not exist yet */ - public static function saveRole($rolename, $locations, $permissions, $roleid = null) + public static function saveRole($roleName, $roleDescription, $locations, $permissions, $roleId = null) { foreach ($permissions as &$permission) { $permission = strtolower($permission); } unset($permission); - if ($roleid) { - Database::exec("UPDATE role SET rolename = :rolename WHERE roleid = :roleid", - array("rolename" => $rolename, "roleid" => $roleid)); + if ($roleId) { + Database::exec("UPDATE role SET rolename = :rolename, roledescription = :roledescription WHERE roleid = :roleid", + array("rolename" => $roleName, "roledescription" => $roleDescription, "roleid" => $roleId)); Database::exec("DELETE FROM role_x_location WHERE roleid = :roleid AND (locationid NOT IN (:locations) OR locationid IS NULL)", - array("roleid" => $roleid, 'locations' => $locations)); + array("roleid" => $roleId, 'locations' => $locations)); Database::exec("DELETE FROM role_x_permission WHERE roleid = :roleid AND permissionid NOT IN (:permissions)", - array("roleid" => $roleid, 'permissions' => $permissions)); + array("roleid" => $roleId, 'permissions' => $permissions)); } else { - Database::exec("INSERT INTO role (rolename) VALUES (:rolename)", array("rolename" => $rolename)); - $roleid = Database::lastInsertId(); + Database::exec("INSERT INTO role (rolename, roledescription) VALUES (:rolename, :roledescription)", + array("rolename" => $roleName, "roledescription" => $roleDescription)); + $roleId = Database::lastInsertId(); } if (!empty($locations)) { - $arg = array_map(function ($loc) use ($roleid) { - return compact('roleid', 'loc'); + $arg = array_map(function ($loc) use ($roleId) { + return compact('roleId', 'loc'); }, $locations); Database::exec("INSERT IGNORE INTO role_x_location (roleid, locationid) VALUES :arg", ['arg' => $arg]); } if (!empty($permissions)) { - $arg = array_map(function ($perm) use ($roleid) { - return compact('roleid', 'perm'); + $arg = array_map(function ($perm) use ($roleId) { + return compact('roleId', 'perm'); }, $permissions); Database::exec("INSERT IGNORE INTO role_x_permission (roleid, permissionid) VALUES :arg", ['arg' => $arg]); } diff --git a/modules-available/permissionmanager/install.inc.php b/modules-available/permissionmanager/install.inc.php index afa5dd7e..480460db 100644 --- a/modules-available/permissionmanager/install.inc.php +++ b/modules-available/permissionmanager/install.inc.php @@ -5,6 +5,7 @@ $res = array(); $res[] = tableCreate('role', " roleid int(10) unsigned NOT NULL AUTO_INCREMENT, rolename varchar(200) NOT NULL, + roledescription TEXT, PRIMARY KEY (roleid) "); @@ -100,6 +101,108 @@ if (!tableExists('user') || !tableExists('location')) { $res[] = UPDATE_DONE; } } + +// 2018-04-13 role description field; add a couple default roles +if (!tableHasColumn('role', 'roledescription')) { + $alter = Database::exec("ALTER TABLE role ADD roledescription TEXT"); + if ($alter === false) + finalResponse(UPDATE_FAILED, 'Cannot add roledescription field to table role: ' . Database::lastError()); + $res[] = UPDATE_DONE; +} + +if (!tableHasColumn('role', 'roledescription')) { + finalResponse(UPDATE_RETRY, 'Try again later'); +} + +if (Database::exec("INSERT INTO `role` VALUES + (1,'Super-Admin', 'Hat keinerlei Zugriffsbeschränkungen'), + (2,'Admin', 'Alles bis auf Rechte-/Nutzerverwaltung'), + (3,'Prüfungsadmin', 'Kann E-Prüfungen verwalten, Prüfungsmodus einschalten, etc.'), + (4,'Lesezugriff', 'Kann auf die meisten Seiten zugreifen, jedoch keine Änderungen vornehmen')") !== false) { + // Success, there probably were no roles before, keep going + // Assign roles to location (all) + Database::exec("INSERT INTO `role_x_location` VALUES (1,NULL),(2,NULL),(3,NULL),(4,NULL)"); + // Assign permissions to roles + Database::exec("INSERT INTO `role_x_permission` VALUES + (3,'exams.exams.*'), + (3,'rebootcontrol.action.*'), + (3,'statistics.hardware.projectors.view'), + (3,'statistics.machine.note.*'), + (3,'statistics.machine.view-details'), + (3,'statistics.view.*'), + (3,'syslog.view'), + + (1,'*'), + + (4,'adduser.user.view-list'), + (4,'backup.create'), + (4,'baseconfig.view'), + (4,'dnbd3.access-page'), + (4,'dnbd3.refresh'), + (4,'dnbd3.view.details'), + (4,'dozmod.actionlog.view'), + (4,'dozmod.users.view'), + (4,'eventlog.view'), + (4,'exams.exams.view'), + (4,'locationinfo.backend.check'), + (4,'locationinfo.panel.list'), + (4,'locations.location.view'), + (4,'minilinux.view'), + (4,'news.*'), + (4,'permissionmanager.locations.view'), + (4,'permissionmanager.roles.view'), + (4,'permissionmanager.users.view'), + (4,'runmode.list-all'), + (4,'serversetup.access-page'), + (4,'serversetup.download'), + (4,'statistics.hardware.projectors.view'), + (4,'statistics.machine.note.view'), + (4,'statistics.machine.view-details'), + (4,'statistics.view.*'), + (4,'statistics_reporting.reporting.download'), + (4,'statistics_reporting.table.export'), + (4,'statistics_reporting.table.view.*'), + (4,'sysconfig.config.view-list'), + (4,'sysconfig.module.download'), + (4,'sysconfig.module.view-list'), + (4,'syslog.view'), + (4,'systemstatus.show.overview.*'), + (4,'systemstatus.tab.*'), + (4,'webinterface.access-page'), + + (2,'adduser.user.view-list'), + (2,'backup.*'), + (2,'baseconfig.*'), + (2,'dnbd3.*'), + (2,'dozmod.*'), + (2,'eventlog.view'), + (2,'exams.exams.*'), + (2,'locationinfo.*'), + (2,'locations.*'), + (2,'minilinux.*'), + (2,'news.*'), + (2,'permissionmanager.locations.view'), + (2,'permissionmanager.roles.view'), + (2,'permissionmanager.users.view'), + (2,'rebootcontrol.*'), + (2,'roomplanner.edit'), + (2,'runmode.list-all'), + (2,'serversetup.*'), + (2,'statistics.*'), + (2,'statistics_reporting.*'), + (2,'sysconfig.*'), + (2,'syslog.*'), + (2,'systemstatus.*'), + (2,'vmstore.edit'), + (2,'webinterface.*')"); + // Asign the first user to the superadmin role + Database::exec("INSERT INTO `role_x_user` VALUES (1,1)"); + $res[] = UPDATE_DONE; +} + +// +// + if (in_array(UPDATE_DONE, $res)) { finalResponse(UPDATE_DONE, 'Tables created successfully'); } diff --git a/modules-available/permissionmanager/lang/de/template-tags.json b/modules-available/permissionmanager/lang/de/template-tags.json index a4fc990b..504ef6d2 100644 --- a/modules-available/permissionmanager/lang/de/template-tags.json +++ b/modules-available/permissionmanager/lang/de/template-tags.json @@ -1,6 +1,7 @@ { "lang_addRole": "Rollen erteilen", "lang_addRoleHeading": "Neue Rolle hinzuf\u00fcgen", + "lang_description": "Beschreibung", "lang_editRoleHeading": "Rolle bearbeiten", "lang_locationAwareDesc": "Berechtigungen mit diesem Symbol k\u00f6nnen auf bestimmte R\u00e4ume\/Orte beschr\u00e4nkt werden. Alle anderen Berechtigungen sind unabh\u00e4ngig von den f\u00fcr diese Rolle ausgew\u00e4hlten Orten.", "lang_locations": "R\u00e4ume", @@ -8,9 +9,9 @@ "lang_name": "Name", "lang_newRole": "Rolle anlegen", "lang_numAssignedUsers": "Benutzer mit dieser Rolle", + "lang_permission": "Berechtigung", "lang_permissionDeniedBody": "Ihnen fehlt eine oder mehrere Berechtigungen, um auf diese Seite oder Funktion zuzugreifen.", "lang_permissionDeniedHeader": "Zugriff verweigert", - "lang_permission": "Berechtigung", "lang_permissions": "Rechte", "lang_removeRole": "Rollen entziehen", "lang_roleDeleteConfirm": "Sind Sie sich sicher, dass Sie diese Rolle l\u00f6schen m\u00f6chten? Benutzer, denen diese Rolle zugewiesen ist, werden die entsprechenden Berechtigungen verlieren.", @@ -20,4 +21,4 @@ "lang_selectizePlaceholder": "Nach Rollen filtern...", "lang_users": "Nutzer", "lang_view": "Anzeigen" -} +} \ No newline at end of file diff --git a/modules-available/permissionmanager/lang/en/template-tags.json b/modules-available/permissionmanager/lang/en/template-tags.json index 92c3ac26..6f1fa614 100644 --- a/modules-available/permissionmanager/lang/en/template-tags.json +++ b/modules-available/permissionmanager/lang/en/template-tags.json @@ -1,6 +1,7 @@ { "lang_addRole": "Grant Roles", "lang_addRoleHeading": "Add new role", + "lang_description": "Description", "lang_editRoleHeading": "Edit role", "lang_locationAwareDesc": "Permissions with this symbol can be restricted to certain locations. All other permissions are independent of the locations selected for this role.", "lang_locations": "Locations", @@ -8,9 +9,9 @@ "lang_name": "Name", "lang_newRole": "New Role", "lang_numAssignedUsers": "Users with this role", + "lang_permission": "Permission", "lang_permissionDeniedBody": "You are missing one or more permissions to access this page or functionality.", "lang_permissionDeniedHeader": "Access denied", - "lang_permission": "Permission", "lang_permissions": "Permissions", "lang_removeRole": "Revoke Roles", "lang_roleDeleteConfirm": "Are you sure you want to delete this role? Users currently assigned to this role will lose the according permissions.", @@ -20,4 +21,4 @@ "lang_selectizePlaceholder": "Filter for roles...", "lang_users": "Users", "lang_view": "View" -} +} \ No newline at end of file diff --git a/modules-available/permissionmanager/page.inc.php b/modules-available/permissionmanager/page.inc.php index 11b5b028..462d3163 100644 --- a/modules-available/permissionmanager/page.inc.php +++ b/modules-available/permissionmanager/page.inc.php @@ -28,15 +28,24 @@ class Page_PermissionManager extends Page PermissionDbUpdate::removeRoleFromUser($users, $roles); } elseif ($action === 'deleteRole') { User::assertPermission('roles.edit'); - $id = Request::post('deleteId', false, 'string'); + $id = Request::post('deleteId', false, 'int'); PermissionDbUpdate::deleteRole($id); } elseif ($action === 'saveRole') { User::assertPermission('roles.edit'); - $roleID = Request::post("roleid", false); - $rolename = Request::post("rolename"); - $locations = self::processLocations(Request::post("locations")); + $roleID = Request::post("roleid", false, 'int'); + if ($roleID === false) { + Message::addError('main.parameter-missing', 'roleid'); + Util::redirect('?do=permissionmanager'); + } + $roleName = Request::post("rolename", '', 'string'); + if (empty($roleName)) { + Message::addError('main.parameter-empty', 'rolename'); + Util::redirect('?do=permissionmanager'); + } + $roleDescription = Request::post('roledescription', '', 'string'); + $locations = self::processLocations(Request::post("locations", [], 'array')); $permissions = self::processPermissions(Request::post("permissions")); - PermissionDbUpdate::saveRole($rolename, $locations, $permissions, $roleID); + PermissionDbUpdate::saveRole($roleName, $roleDescription, $locations, $permissions, $roleID); } if (Request::isPost()) { Util::redirect('?do=permissionmanager&show=' . Request::get("show", "roles")); @@ -100,18 +109,16 @@ class Page_PermissionManager extends Page Render::addTemplate('locationstable', $data); } elseif ($show === "roleEditor") { User::assertPermission('roles.*'); - $data = array("cancelShow" => Request::get("cancel", "roles")); + $data = array("cancelShow" => Request::get("cancel", "roles", 'string')); Permission::addGlobalTags($data['perms'], null, ['roles.edit']); $selectedPermissions = array(); $selectedLocations = array(); $roleid = Request::get("roleid", false, 'int'); if ($roleid !== false) { - $roleData = GetPermissionData::getRoleData($roleid); - $data["roleid"] = $roleid; - $data["rolename"] = $roleData["rolename"]; - $selectedPermissions = $roleData["permissions"]; - $selectedLocations = $roleData["locations"]; + $data += GetPermissionData::getRoleData($roleid); + $selectedPermissions = $data["permissions"]; + $selectedLocations = $data["locations"]; } $data["permissionHTML"] = self::generatePermissionHTML(PermissionUtil::getPermissions(), $selectedPermissions, diff --git a/modules-available/permissionmanager/templates/roleeditor.html b/modules-available/permissionmanager/templates/roleeditor.html index 38493d5d..c464c1fc 100644 --- a/modules-available/permissionmanager/templates/roleeditor.html +++ b/modules-available/permissionmanager/templates/roleeditor.html @@ -13,11 +13,17 @@
- +
+
+ + + + +

diff --git a/modules-available/permissionmanager/templates/rolestable.html b/modules-available/permissionmanager/templates/rolestable.html index 9ba8d85c..d520db33 100644 --- a/modules-available/permissionmanager/templates/rolestable.html +++ b/modules-available/permissionmanager/templates/rolestable.html @@ -11,6 +11,7 @@ {{lang_roles}} + {{lang_description}} {{#perms.roles.edit.disabled}} {{lang_view}} @@ -27,8 +28,9 @@ {{#roles}} {{rolename}} +
{{roledescription}}
- +