From ff10b2cb6e7f678b242d087de66700234d59688a Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Tue, 13 Jun 2023 14:57:09 +0200
Subject: [permissionmanager] Update default permissions

---
 modules-available/permissionmanager/install.inc.php | 18 +++++++++++-------
 1 file changed, 11 insertions(+), 7 deletions(-)

(limited to 'modules-available/permissionmanager')

diff --git a/modules-available/permissionmanager/install.inc.php b/modules-available/permissionmanager/install.inc.php
index d0e0a016..a1533ac3 100644
--- a/modules-available/permissionmanager/install.inc.php
+++ b/modules-available/permissionmanager/install.inc.php
@@ -132,24 +132,26 @@ if (Database::exec("INSERT INTO `role` (roleid, rolename, builtin, roledescripti
 	Database::exec("DELETE FROM role_x_permission WHERE roleid IN (1,2,3,4)");
 	// Assign permissions to roles
 	Database::exec("INSERT IGNORE INTO `role_x_permission` VALUES
+			-- Exams Admin
 			(3,'exams.exams.*'),
+			(3,'locations.location.view'),
 			(3,'rebootcontrol.action.*'),
 			(3,'statistics.hardware.projectors.view'),
+			(3,'statistics.hints'),
 			(3,'statistics.machine.note.*'),
 			(3,'statistics.machine.view-details'),
 			(3,'statistics.view.*'),
 			(3,'syslog.view'),
-			
+			-- Super Admin
 			(1,'*'),
-			
+			-- Read only
 			(4,'adduser.user.view-list'),
-			(4,'backup.create'),
 			(4,'baseconfig.view'),
 			(4,'dnbd3.access-page'),
-			(4,'dnbd3.refresh'),
 			(4,'dnbd3.view.details'),
 			(4,'dozmod.actionlog.view'),
 			(4,'dozmod.users.view'),
+			(4,'eventlog.filter.rules.view'),
 			(4,'eventlog.view'),
 			(4,'exams.exams.view'),
 			(4,'locationinfo.backend.check'),
@@ -157,6 +159,7 @@ if (Database::exec("INSERT INTO `role` (roleid, rolename, builtin, roledescripti
 			(4,'locations.location.view'),
 			(4,'minilinux.view'),
 			(4,'news.access-page'),
+			(4,'passthrough.view'),
 			(4,'permissionmanager.locations.view'),
 			(4,'permissionmanager.roles.view'),
 			(4,'permissionmanager.users.view'),
@@ -165,6 +168,7 @@ if (Database::exec("INSERT INTO `role` (roleid, rolename, builtin, roledescripti
 			(4,'serversetup.access-page'),
 			(4,'serversetup.download'),
 			(4,'statistics.hardware.projectors.view'),
+			(4,'statistics.hints'),
 			(4,'statistics.machine.note.view'),
 			(4,'statistics.machine.view-details'),
 			(4,'statistics.view.*'),
@@ -180,13 +184,13 @@ if (Database::exec("INSERT INTO `role` (roleid, rolename, builtin, roledescripti
 			(4,'webinterface.access-page'),
 			(4,'rebootcontrol.subnet.view'),
 			(4,'rebootcontrol.jumphost.view'),
-			
+			-- Admin
 			(2,'adduser.user.view-list'),
 			(2,'backup.*'),
 			(2,'baseconfig.*'),
 			(2,'dnbd3.*'),
 			(2,'dozmod.*'),
-			(2,'eventlog.view'),
+			(2,'eventlog.*'),
 			(2,'exams.exams.*'),
 			(2,'locationinfo.*'),
 			(2,'locations.*'),
@@ -205,7 +209,7 @@ if (Database::exec("INSERT INTO `role` (roleid, rolename, builtin, roledescripti
 			(2,'sysconfig.*'),
 			(2,'syslog.*'),
 			(2,'systemstatus.*'),
-			(2,'vmstore.edit'),
+			(2,'vmstore.*'),
 			(2,'webinterface.*')");
 	Database::exec("OPTIMIZE TABLE role_x_permission");
 	// Assign the first user to the superadmin role (if one exists)
-- 
cgit v1.2.3-55-g7522