From a8b0095b335780ae0bb950bc44021215d43a6b2d Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Mon, 12 Feb 2018 14:17:07 +0100
Subject: [permissionmanager] Introduce "location-aware" flag for permissions

This flag tells wether the permission can be restricted to certain
locations in a meaningful way. This flag has to be set in the
permissions.json of the according module.
For example, the permission to reboot the server cannot be limited
to certain locations in a meaningful way, while the view of the
client log can be filtered to only show log entries for clients
in specific locations.
---
 .../permissionmanager/inc/permissionutil.inc.php   |  9 ++---
 modules-available/permissionmanager/page.inc.php   | 21 ++++++-----
 modules-available/permissionmanager/style.css      | 28 +++++++--------
 .../permissionmanager/templates/roleeditor.html    | 42 +++++++++-------------
 .../permissionmanager/templates/treenode.html      | 23 ++++++------
 .../permissionmanager/templates/treepanel.html     |  2 +-
 6 files changed, 62 insertions(+), 63 deletions(-)

(limited to 'modules-available/permissionmanager')

diff --git a/modules-available/permissionmanager/inc/permissionutil.inc.php b/modules-available/permissionmanager/inc/permissionutil.inc.php
index 5ff41046..3daf422e 100644
--- a/modules-available/permissionmanager/inc/permissionutil.inc.php
+++ b/modules-available/permissionmanager/inc/permissionutil.inc.php
@@ -100,9 +100,9 @@ class PermissionUtil
 			if (!is_array($data))
 				continue;
 			preg_match('#^modules/([^/]+)/#', $file, $out);
-			foreach( $data as $p ) {
+			foreach( $data as $p => $data) {
 				$description = Dictionary::translateFileModule($out[1], "permissions", $p);
-				self::putInPermissionTree($out[1].".".$p, $description, $permissions);
+				self::putInPermissionTree($out[1].".".$p, $data['location-aware'], $description, $permissions);
 			}
 		}
 		ksort($permissions);
@@ -120,10 +120,11 @@ class PermissionUtil
 	 * Place a permission into the given permission tree.
 	 *
 	 * @param string $permission the permission to place in the tree
+	 * @param bool $locationAware whether this permissions can be restricted to specific locations only
 	 * @param string $description the description of the permission
 	 * @param array $tree the permission tree to modify
 	 */
-	private static function putInPermissionTree($permission, $description, &$tree)
+	private static function putInPermissionTree($permission, $locationAware, $description, &$tree)
 	{
 		$subPermissions = explode('.', $permission);
 		foreach ($subPermissions as $subPermission) {
@@ -134,6 +135,6 @@ class PermissionUtil
 				$tree =& $tree[$subPermission];
 			}
 		}
-		$tree = $description;
+		$tree = array('description' => $description, 'location-aware' => $locationAware, 'isLeaf' => true);
 	}
 }
\ No newline at end of file
diff --git a/modules-available/permissionmanager/page.inc.php b/modules-available/permissionmanager/page.inc.php
index 13d81c6a..bb8482af 100644
--- a/modules-available/permissionmanager/page.inc.php
+++ b/modules-available/permissionmanager/page.inc.php
@@ -100,18 +100,21 @@ class Page_PermissionManager extends Page
 		$toplevel = $permString == "";
 		if ($toplevel && in_array("*", $selectedPermissions)) $selectAll = true;
 		foreach ($permissions as $k => $v) {
-			$leaf = !is_array($v);
+			$leaf = isset($v['isLeaf']) && $v['isLeaf'];
 			$nextPermString = $permString ? $permString.".".$k : $k;
 			$id = $leaf ? $nextPermString : $nextPermString.".*";
 			$selected = $selectAll || in_array($id, $selectedPermissions);
-			$res .= Render::parse("treenode",
-				array("id" =>  $id,
-						"name" => $toplevel ? Module::get($k)->getDisplayName() : $k,
-						"toplevel" => $toplevel,
-						"checkboxname" => "permissions",
-						"selected" => $selected,
-						"HTML" => $leaf ? "" : self::generatePermissionHTML($v, $selectedPermissions, $selected, $nextPermString),
-						"description" => $leaf ? $v : ""));
+			$data = array("id" =>  $id,
+				"name" => $toplevel ? Module::get($k)->getDisplayName() : $k,
+				"toplevel" => $toplevel,
+				"checkboxname" => "permissions",
+				"selected" => $selected,
+				"HTML" => $leaf ? "" : self::generatePermissionHTML($v, $selectedPermissions, $selected, $nextPermString),
+			);
+			if ($leaf) {
+				$data += $v;
+			}
+			$res .= Render::parse("treenode", $data);
 		}
 		if ($toplevel) {
 			$res = Render::parse("treepanel",
diff --git a/modules-available/permissionmanager/style.css b/modules-available/permissionmanager/style.css
index 49d631a8..9c39af64 100644
--- a/modules-available/permissionmanager/style.css
+++ b/modules-available/permissionmanager/style.css
@@ -55,28 +55,28 @@
     background-color: rgba(0, 182, 41, 0.23);
 }
 
-.tree-container {
-    -moz-column-gap: 20px;
-    -webkit-column-gap: 20px;
-    column-gap: 20px;
-}
-
-
 .tree-container > ul {
     display: inline-block;
     width: 100%;
     padding: 0;
 }
 
-@media (max-width: 767px) {
-    .tree-container {
-        -moz-column-count: 1;
-        -webkit-column-count: 1;
-        column-count: 1;
-    }
+.tree-container > ul > li > div > label {
+    font-weight: bold;
+}
+
+.tree-container {
+    -moz-column-gap: 20px;
+    -webkit-column-gap: 20px;
+    column-gap: 20px;
+    -moz-column-count: 1;
+    -webkit-column-count: 1;
+    column-count: 1;
+    padding-left: 20px;
+    padding-right: 20px;
 }
 
-@media (min-width: 768px) and (max-width: 991px) {
+@media (min-width: 768px) {
     .tree-container {
         -moz-column-count: 2;
         -webkit-column-count: 2;
diff --git a/modules-available/permissionmanager/templates/roleeditor.html b/modules-available/permissionmanager/templates/roleeditor.html
index 871fd0cc..eadce027 100644
--- a/modules-available/permissionmanager/templates/roleeditor.html
+++ b/modules-available/permissionmanager/templates/roleeditor.html
@@ -4,32 +4,24 @@
 	<input type="hidden" name="token" value="{{token}}">
 	<input type="hidden" name="roleid" value="{{roleid}}">
 
-	<div class="row">
-		<div class="col-md-12" style="margin-bottom: 20px;">
-			<ul class="nav nav-tabs text-center" role="tablist">
-				<li role="presentation" class="active"><a href="#permissions" role="tab" data-toggle="tab">{{lang_permissions}}</a></li>
-				<li role="presentation"><a href="#locations" role="tab" data-toggle="tab">{{lang_locations}}</a></li>
-				<li style="float: none; display: inline-block">
-					<label for="rolename">{{lang_name}}:</label>
-					<input id="rolename" name="rolename" value="{{rolename}}" type="text" class="form-control">
-				</li>
-				<li style="float: right;">
-					<span><a href="?do=permissionmanager&show={{cancelShow}}" id="cancelButton" class="btn btn-default">{{lang_cancel}}</a></span>
-					<button type="submit" id="saveButton" class="btn btn-primary"><span class="glyphicon glyphicon-floppy-disk"></span> {{lang_save}}</button>
-				</li>
-			</ul>
+	<ul class="nav nav-tabs text-center" role="tablist">
+		<li role="presentation" class="active"><a href="#permissions" role="tab" data-toggle="tab">{{lang_permissions}}</a></li>
+		<li role="presentation"><a href="#locations" role="tab" data-toggle="tab">{{lang_locations}}</a></li>
+		<li style="float: none; display: inline-block">
+			<label for="rolename">{{lang_name}}:</label>
+			<input id="rolename" name="rolename" value="{{rolename}}" type="text" class="form-control">
+		</li>
+		<li style="float: right;">
+			<span><a href="?do=permissionmanager&show={{cancelShow}}" id="cancelButton" class="btn btn-default">{{lang_cancel}}</a></span>
+			<button type="submit" id="saveButton" class="btn btn-primary"><span class="glyphicon glyphicon-floppy-disk"></span> {{lang_save}}</button>
+		</li>
+	</ul>
+	<div class="tab-content">
+		<div role="tabpanel" class="tab-pane active" id="permissions">
+			{{{permissionHTML}}}
 		</div>
-	</div>
-	<div class="row" style="margin-bottom: 20px;">
-		<div class="col-md-12">
-			<div class="tab-content">
-				<div role="tabpanel" class="tab-pane active" id="permissions">
-					{{{permissionHTML}}}
-				</div>
-				<div role="tabpanel" class="tab-pane" id="locations">
-					{{{locationHTML}}}
-				</div>
-			</div>
+		<div role="tabpanel" class="tab-pane" id="locations">
+			{{{locationHTML}}}
 		</div>
 	</div>
 
diff --git a/modules-available/permissionmanager/templates/treenode.html b/modules-available/permissionmanager/templates/treenode.html
index ced973ca..43509237 100644
--- a/modules-available/permissionmanager/templates/treenode.html
+++ b/modules-available/permissionmanager/templates/treenode.html
@@ -1,11 +1,14 @@
 {{#toplevel}}<ul>{{/toplevel}}
-	<li title="{{description}}" data-toggle="tooltip" data-placement="left">
-		<div class='checkbox'>
-			<input id="{{id}}" name="{{checkboxname}}[]" value="{{id}}" type="checkbox" class="form-control" {{#selected}}checked{{/selected}}>
-			<label for="{{id}}">{{#toplevel}}<b>{{/toplevel}}{{name}}{{#toplevel}}</b>{{/toplevel}}</label>
-		</div>
-		<ul>
-			{{{HTML}}}
-		</ul>
-	</li>
-{{#toplevel}}</ul>{{/toplevel}}
+<li title="{{description}}" data-toggle="tooltip" data-placement="left">
+	<div class='checkbox'>
+		<input id="{{id}}" name="{{checkboxname}}[]" value="{{id}}" type="checkbox" class="form-control" {{#selected}}checked{{/selected}}>
+		<label for="{{id}}">
+			{{name}}
+			{{#location-aware}}<span class="glyphicon glyphicon-home text-muted"></span>{{/location-aware}}
+		</label>
+	</div>
+	<ul>
+		{{{HTML}}}
+	</ul>
+</li>
+{{#toplevel}}</ul>{{/toplevel}}
\ No newline at end of file
diff --git a/modules-available/permissionmanager/templates/treepanel.html b/modules-available/permissionmanager/templates/treepanel.html
index 6f358825..8b510407 100644
--- a/modules-available/permissionmanager/templates/treepanel.html
+++ b/modules-available/permissionmanager/templates/treepanel.html
@@ -6,7 +6,7 @@
 		</div>
 	</div>
 	<div class="panel-body">
-		<div class="tree-container" style="padding-left: 20px; padding-right: 20px;">
+		<div class="tree-container">
 			{{{HTML}}}
 		</div>
 	</div>
-- 
cgit v1.2.3-55-g7522