From 4c9aba92942c4b9341c46a50aeaa31bea24a8b60 Mon Sep 17 00:00:00 2001 From: Christian Hofmaier Date: Tue, 9 Jan 2018 17:38:21 +0100 Subject: [exams] implemented permission system --- modules-available/rebootcontrol/permissions/permissions.json | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 modules-available/rebootcontrol/permissions/permissions.json (limited to 'modules-available/rebootcontrol/permissions') diff --git a/modules-available/rebootcontrol/permissions/permissions.json b/modules-available/rebootcontrol/permissions/permissions.json new file mode 100644 index 00000000..5230c9bd --- /dev/null +++ b/modules-available/rebootcontrol/permissions/permissions.json @@ -0,0 +1,5 @@ +[ + "shutdown", + "reboot", + "newkeypair" +] \ No newline at end of file -- cgit v1.2.3-55-g7522 From a8b0095b335780ae0bb950bc44021215d43a6b2d Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Mon, 12 Feb 2018 14:17:07 +0100 Subject: [permissionmanager] Introduce "location-aware" flag for permissions This flag tells wether the permission can be restricted to certain locations in a meaningful way. This flag has to be set in the permissions.json of the according module. For example, the permission to reboot the server cannot be limited to certain locations in a meaningful way, while the view of the client log can be filtered to only show log entries for clients in specific locations. --- .../backup/permissions/permissions.json | 12 +++-- .../permissions/permissions.json | 24 +++++++--- .../dozmod/permissions/permissions.json | 52 ++++++++++++++++------ .../eventlog/permissions/permissions.json | 8 ++-- .../exams/permissions/permissions.json | 13 +++--- .../internetaccess/permissions/permissions.json | 8 ++-- .../locations/permissions/permissions.json | 32 +++++++++---- .../minilinux/permissions/permissions.json | 12 +++-- .../news/permissions/permissions.json | 20 ++++++--- .../permissionmanager/inc/permissionutil.inc.php | 9 ++-- modules-available/permissionmanager/page.inc.php | 21 +++++---- modules-available/permissionmanager/style.css | 28 ++++++------ .../permissionmanager/templates/roleeditor.html | 42 +++++++---------- .../permissionmanager/templates/treenode.html | 23 +++++----- .../permissionmanager/templates/treepanel.html | 2 +- .../rebootcontrol/permissions/permissions.json | 16 ++++--- .../serversetup-bwlp/permissions/permissions.json | 16 ++++--- .../statistics/permissions/permissions.json | 16 ++++--- .../permissions/permissions.json | 36 ++++++++++----- .../syslog/permissions/permissions.json | 8 ++-- .../systemstatus/permissions/permissions.json | 48 ++++++++++++++------ .../vmstore/permissions/permissions.json | 16 ++++--- .../webinterface/permissions/permissions.json | 16 ++++--- 23 files changed, 309 insertions(+), 169 deletions(-) (limited to 'modules-available/rebootcontrol/permissions') diff --git a/modules-available/backup/permissions/permissions.json b/modules-available/backup/permissions/permissions.json index feeffe33..1f778ab6 100644 --- a/modules-available/backup/permissions/permissions.json +++ b/modules-available/backup/permissions/permissions.json @@ -1,4 +1,8 @@ -[ - "create", - "restore" -] \ No newline at end of file +{ + "create": { + "location-aware": false + }, + "restore": { + "location-aware": false + } +} \ No newline at end of file diff --git a/modules-available/baseconfig_partitions_cdn/permissions/permissions.json b/modules-available/baseconfig_partitions_cdn/permissions/permissions.json index 286a975b..3acd5230 100644 --- a/modules-available/baseconfig_partitions_cdn/permissions/permissions.json +++ b/modules-available/baseconfig_partitions_cdn/permissions/permissions.json @@ -1,7 +1,17 @@ -[ - "show", - "partitions.add", - "partitions.delete", - "partitions.edit", - "partitions.reset" -] \ No newline at end of file +{ + "partitions.add": { + "location-aware": false + }, + "partitions.delete": { + "location-aware": false + }, + "partitions.edit": { + "location-aware": false + }, + "partitions.reset": { + "location-aware": false + }, + "show": { + "location-aware": false + } +} \ No newline at end of file diff --git a/modules-available/dozmod/permissions/permissions.json b/modules-available/dozmod/permissions/permissions.json index e8dfb558..b4ff034b 100644 --- a/modules-available/dozmod/permissions/permissions.json +++ b/modules-available/dozmod/permissions/permissions.json @@ -1,14 +1,38 @@ -[ - "images.delete", - "mail.save", - "mail.testmail", - "runtimeconfig.save", - "templates.save", - "templates.reset", - "users.setmail", - "users.setlogin", - "users.setsu", - "users.orglogin", - "log.showuser", - "log.showtarget" -] \ No newline at end of file +{ + "images.delete": { + "location-aware": false + }, + "log.showtarget": { + "location-aware": false + }, + "log.showuser": { + "location-aware": false + }, + "mail.save": { + "location-aware": false + }, + "mail.testmail": { + "location-aware": false + }, + "runtimeconfig.save": { + "location-aware": false + }, + "templates.reset": { + "location-aware": false + }, + "templates.save": { + "location-aware": false + }, + "users.orglogin": { + "location-aware": false + }, + "users.setlogin": { + "location-aware": false + }, + "users.setmail": { + "location-aware": false + }, + "users.setsu": { + "location-aware": false + } +} \ No newline at end of file diff --git a/modules-available/eventlog/permissions/permissions.json b/modules-available/eventlog/permissions/permissions.json index f04ea714..a1748957 100644 --- a/modules-available/eventlog/permissions/permissions.json +++ b/modules-available/eventlog/permissions/permissions.json @@ -1,3 +1,5 @@ -[ - "view" -] \ No newline at end of file +{ + "view": { + "location-aware": false + } +} \ No newline at end of file diff --git a/modules-available/exams/permissions/permissions.json b/modules-available/exams/permissions/permissions.json index 215b3399..e44974b6 100644 --- a/modules-available/exams/permissions/permissions.json +++ b/modules-available/exams/permissions/permissions.json @@ -1,5 +1,8 @@ -[ - "exams.add", - "exams.delete", - "exams.edit" -] \ No newline at end of file +{ + "exams.edit": { + "location-aware": true + }, + "exams.view": { + "location-aware": true + } +} \ No newline at end of file diff --git a/modules-available/internetaccess/permissions/permissions.json b/modules-available/internetaccess/permissions/permissions.json index 67998da7..09652e51 100644 --- a/modules-available/internetaccess/permissions/permissions.json +++ b/modules-available/internetaccess/permissions/permissions.json @@ -1,3 +1,5 @@ -[ - "configuration.safe" -] \ No newline at end of file +{ + "configuration.safe": { + "location-aware": false + } +} \ No newline at end of file diff --git a/modules-available/locations/permissions/permissions.json b/modules-available/locations/permissions/permissions.json index 609a673a..06b01d2c 100644 --- a/modules-available/locations/permissions/permissions.json +++ b/modules-available/locations/permissions/permissions.json @@ -1,9 +1,23 @@ -[ - "location.view", - "location.edit", - "location.add", - "location.delete", - "subnet.edit", - "subnet.add", - "subnet.delete" -] \ No newline at end of file +{ + "location.add": { + "location-aware": false + }, + "location.delete": { + "location-aware": false + }, + "location.edit": { + "location-aware": false + }, + "location.view": { + "location-aware": false + }, + "subnet.add": { + "location-aware": false + }, + "subnet.delete": { + "location-aware": false + }, + "subnet.edit": { + "location-aware": false + } +} \ No newline at end of file diff --git a/modules-available/minilinux/permissions/permissions.json b/modules-available/minilinux/permissions/permissions.json index 457d9810..650f7e71 100644 --- a/modules-available/minilinux/permissions/permissions.json +++ b/modules-available/minilinux/permissions/permissions.json @@ -1,4 +1,8 @@ -[ - "show", - "update" -] \ No newline at end of file +{ + "show": { + "location-aware": false + }, + "update": { + "location-aware": false + } +} \ No newline at end of file diff --git a/modules-available/news/permissions/permissions.json b/modules-available/news/permissions/permissions.json index 321e73ea..0d9435d7 100644 --- a/modules-available/news/permissions/permissions.json +++ b/modules-available/news/permissions/permissions.json @@ -1,6 +1,14 @@ -[ - "news.save", - "news.delete", - "help.save", - "help.delete" -] \ No newline at end of file +{ + "help.delete": { + "location-aware": false + }, + "help.save": { + "location-aware": false + }, + "news.delete": { + "location-aware": false + }, + "news.save": { + "location-aware": false + } +} \ No newline at end of file diff --git a/modules-available/permissionmanager/inc/permissionutil.inc.php b/modules-available/permissionmanager/inc/permissionutil.inc.php index 5ff41046..3daf422e 100644 --- a/modules-available/permissionmanager/inc/permissionutil.inc.php +++ b/modules-available/permissionmanager/inc/permissionutil.inc.php @@ -100,9 +100,9 @@ class PermissionUtil if (!is_array($data)) continue; preg_match('#^modules/([^/]+)/#', $file, $out); - foreach( $data as $p ) { + foreach( $data as $p => $data) { $description = Dictionary::translateFileModule($out[1], "permissions", $p); - self::putInPermissionTree($out[1].".".$p, $description, $permissions); + self::putInPermissionTree($out[1].".".$p, $data['location-aware'], $description, $permissions); } } ksort($permissions); @@ -120,10 +120,11 @@ class PermissionUtil * Place a permission into the given permission tree. * * @param string $permission the permission to place in the tree + * @param bool $locationAware whether this permissions can be restricted to specific locations only * @param string $description the description of the permission * @param array $tree the permission tree to modify */ - private static function putInPermissionTree($permission, $description, &$tree) + private static function putInPermissionTree($permission, $locationAware, $description, &$tree) { $subPermissions = explode('.', $permission); foreach ($subPermissions as $subPermission) { @@ -134,6 +135,6 @@ class PermissionUtil $tree =& $tree[$subPermission]; } } - $tree = $description; + $tree = array('description' => $description, 'location-aware' => $locationAware, 'isLeaf' => true); } } \ No newline at end of file diff --git a/modules-available/permissionmanager/page.inc.php b/modules-available/permissionmanager/page.inc.php index 13d81c6a..bb8482af 100644 --- a/modules-available/permissionmanager/page.inc.php +++ b/modules-available/permissionmanager/page.inc.php @@ -100,18 +100,21 @@ class Page_PermissionManager extends Page $toplevel = $permString == ""; if ($toplevel && in_array("*", $selectedPermissions)) $selectAll = true; foreach ($permissions as $k => $v) { - $leaf = !is_array($v); + $leaf = isset($v['isLeaf']) && $v['isLeaf']; $nextPermString = $permString ? $permString.".".$k : $k; $id = $leaf ? $nextPermString : $nextPermString.".*"; $selected = $selectAll || in_array($id, $selectedPermissions); - $res .= Render::parse("treenode", - array("id" => $id, - "name" => $toplevel ? Module::get($k)->getDisplayName() : $k, - "toplevel" => $toplevel, - "checkboxname" => "permissions", - "selected" => $selected, - "HTML" => $leaf ? "" : self::generatePermissionHTML($v, $selectedPermissions, $selected, $nextPermString), - "description" => $leaf ? $v : "")); + $data = array("id" => $id, + "name" => $toplevel ? Module::get($k)->getDisplayName() : $k, + "toplevel" => $toplevel, + "checkboxname" => "permissions", + "selected" => $selected, + "HTML" => $leaf ? "" : self::generatePermissionHTML($v, $selectedPermissions, $selected, $nextPermString), + ); + if ($leaf) { + $data += $v; + } + $res .= Render::parse("treenode", $data); } if ($toplevel) { $res = Render::parse("treepanel", diff --git a/modules-available/permissionmanager/style.css b/modules-available/permissionmanager/style.css index 49d631a8..9c39af64 100644 --- a/modules-available/permissionmanager/style.css +++ b/modules-available/permissionmanager/style.css @@ -55,28 +55,28 @@ background-color: rgba(0, 182, 41, 0.23); } -.tree-container { - -moz-column-gap: 20px; - -webkit-column-gap: 20px; - column-gap: 20px; -} - - .tree-container > ul { display: inline-block; width: 100%; padding: 0; } -@media (max-width: 767px) { - .tree-container { - -moz-column-count: 1; - -webkit-column-count: 1; - column-count: 1; - } +.tree-container > ul > li > div > label { + font-weight: bold; +} + +.tree-container { + -moz-column-gap: 20px; + -webkit-column-gap: 20px; + column-gap: 20px; + -moz-column-count: 1; + -webkit-column-count: 1; + column-count: 1; + padding-left: 20px; + padding-right: 20px; } -@media (min-width: 768px) and (max-width: 991px) { +@media (min-width: 768px) { .tree-container { -moz-column-count: 2; -webkit-column-count: 2; diff --git a/modules-available/permissionmanager/templates/roleeditor.html b/modules-available/permissionmanager/templates/roleeditor.html index 871fd0cc..eadce027 100644 --- a/modules-available/permissionmanager/templates/roleeditor.html +++ b/modules-available/permissionmanager/templates/roleeditor.html @@ -4,32 +4,24 @@ -
-
- + +
+
+ {{{permissionHTML}}}
-
-
-
-
-
- {{{permissionHTML}}} -
-
- {{{locationHTML}}} -
-
+
+ {{{locationHTML}}}
diff --git a/modules-available/permissionmanager/templates/treenode.html b/modules-available/permissionmanager/templates/treenode.html index ced973ca..43509237 100644 --- a/modules-available/permissionmanager/templates/treenode.html +++ b/modules-available/permissionmanager/templates/treenode.html @@ -1,11 +1,14 @@ {{#toplevel}}
    {{/toplevel}} -
  • -
    - - -
    -
      - {{{HTML}}} -
    -
  • -{{#toplevel}}
{{/toplevel}} +
  • +
    + + +
    +
      + {{{HTML}}} +
    +
  • +{{#toplevel}}{{/toplevel}} \ No newline at end of file diff --git a/modules-available/permissionmanager/templates/treepanel.html b/modules-available/permissionmanager/templates/treepanel.html index 6f358825..8b510407 100644 --- a/modules-available/permissionmanager/templates/treepanel.html +++ b/modules-available/permissionmanager/templates/treepanel.html @@ -6,7 +6,7 @@
    -
    +
    {{{HTML}}}
    diff --git a/modules-available/rebootcontrol/permissions/permissions.json b/modules-available/rebootcontrol/permissions/permissions.json index 5230c9bd..5de9b633 100644 --- a/modules-available/rebootcontrol/permissions/permissions.json +++ b/modules-available/rebootcontrol/permissions/permissions.json @@ -1,5 +1,11 @@ -[ - "shutdown", - "reboot", - "newkeypair" -] \ No newline at end of file +{ + "newkeypair": { + "location-aware": false + }, + "reboot": { + "location-aware": true + }, + "shutdown": { + "location-aware": true + } +} \ No newline at end of file diff --git a/modules-available/serversetup-bwlp/permissions/permissions.json b/modules-available/serversetup-bwlp/permissions/permissions.json index 2166cf8e..6bae5422 100644 --- a/modules-available/serversetup-bwlp/permissions/permissions.json +++ b/modules-available/serversetup-bwlp/permissions/permissions.json @@ -1,5 +1,11 @@ -[ - "edit.address", - "edit.menu", - "download" -] \ No newline at end of file +{ + "download": { + "location-aware": false + }, + "edit.address": { + "location-aware": false + }, + "edit.menu": { + "location-aware": false + } +} \ No newline at end of file diff --git a/modules-available/statistics/permissions/permissions.json b/modules-available/statistics/permissions/permissions.json index 97a49036..c9dca9f3 100644 --- a/modules-available/statistics/permissions/permissions.json +++ b/modules-available/statistics/permissions/permissions.json @@ -1,5 +1,11 @@ -[ - "view", - "note", - "delete" -] \ No newline at end of file +{ + "machine.delete": { + "location-aware": true + }, + "machine.note": { + "location-aware": true + }, + "machine.view": { + "location-aware": true + } +} \ No newline at end of file diff --git a/modules-available/statistics_reporting/permissions/permissions.json b/modules-available/statistics_reporting/permissions/permissions.json index d967b75d..1244027e 100644 --- a/modules-available/statistics_reporting/permissions/permissions.json +++ b/modules-available/statistics_reporting/permissions/permissions.json @@ -1,10 +1,26 @@ -[ - "table.view.total", - "table.view.location", - "table.view.client", - "table.view.user", - "table.view.vm", - "table.export", - "reporting.download", - "reporting.change" -] \ No newline at end of file +{ + "reporting.change": { + "location-aware": false + }, + "reporting.download": { + "location-aware": false + }, + "table.export": { + "location-aware": false + }, + "table.view.client": { + "location-aware": true + }, + "table.view.location": { + "location-aware": true + }, + "table.view.total": { + "location-aware": false + }, + "table.view.user": { + "location-aware": false + }, + "table.view.vm": { + "location-aware": false + } +} \ No newline at end of file diff --git a/modules-available/syslog/permissions/permissions.json b/modules-available/syslog/permissions/permissions.json index f04ea714..fcf530c5 100644 --- a/modules-available/syslog/permissions/permissions.json +++ b/modules-available/syslog/permissions/permissions.json @@ -1,3 +1,5 @@ -[ - "view" -] \ No newline at end of file +{ + "view": { + "location-aware": true + } +} \ No newline at end of file diff --git a/modules-available/systemstatus/permissions/permissions.json b/modules-available/systemstatus/permissions/permissions.json index 0333564b..8324f708 100644 --- a/modules-available/systemstatus/permissions/permissions.json +++ b/modules-available/systemstatus/permissions/permissions.json @@ -1,13 +1,35 @@ -[ - "show.overview.diskstat", - "show.overview.services", - "show.overview.adresses", - "show.overview.systeminfo", - "show.overview.dmsdusers", - "show.logs.bwlpserver", - "show.logs.netstat", - "show.logs.pslist", - "show.logs.ldapad", - "show.logs.lighttpd", - "serverreboot" -] \ No newline at end of file +{ + "serverreboot": { + "location-aware": false + }, + "show.logs.bwlpserver": { + "location-aware": false + }, + "show.logs.ldapad": { + "location-aware": false + }, + "show.logs.lighttpd": { + "location-aware": false + }, + "show.logs.netstat": { + "location-aware": false + }, + "show.logs.pslist": { + "location-aware": false + }, + "show.overview.adresses": { + "location-aware": false + }, + "show.overview.diskstat": { + "location-aware": false + }, + "show.overview.dmsdusers": { + "location-aware": false + }, + "show.overview.services": { + "location-aware": false + }, + "show.overview.systeminfo": { + "location-aware": false + } +} \ No newline at end of file diff --git a/modules-available/vmstore/permissions/permissions.json b/modules-available/vmstore/permissions/permissions.json index f2c22c72..29ee6a51 100644 --- a/modules-available/vmstore/permissions/permissions.json +++ b/modules-available/vmstore/permissions/permissions.json @@ -1,5 +1,11 @@ -[ - "choose.internal", - "choose.nfs", - "choose.cifs" -] \ No newline at end of file +{ + "choose.cifs": { + "location-aware": false + }, + "choose.internal": { + "location-aware": false + }, + "choose.nfs": { + "location-aware": false + } +} \ No newline at end of file diff --git a/modules-available/webinterface/permissions/permissions.json b/modules-available/webinterface/permissions/permissions.json index 45b5395d..fa6f493f 100644 --- a/modules-available/webinterface/permissions/permissions.json +++ b/modules-available/webinterface/permissions/permissions.json @@ -1,5 +1,11 @@ -[ - "edit.https", - "edit.password", - "edit.design" -] \ No newline at end of file +{ + "edit.design": { + "location-aware": false + }, + "edit.https": { + "location-aware": false + }, + "edit.password": { + "location-aware": false + } +} \ No newline at end of file -- cgit v1.2.3-55-g7522 From 5309badac125114399ec2cf39b095e0d9efcd09f Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Thu, 15 Feb 2018 13:18:56 +0100 Subject: [rebootcontrol] Rewrite permission handling, simplify html/javascript --- .../rebootcontrol/lang/de/module.json | 1 - .../rebootcontrol/lang/de/permissions.json | 4 +- .../rebootcontrol/lang/de/template-tags.json | 5 +- .../rebootcontrol/lang/en/module.json | 1 - .../rebootcontrol/lang/en/permissions.json | 4 +- .../rebootcontrol/lang/en/template-tags.json | 5 +- modules-available/rebootcontrol/page.inc.php | 107 ++++++-------- .../rebootcontrol/permissions/permissions.json | 4 +- modules-available/rebootcontrol/style.css | 10 +- .../rebootcontrol/templates/_page.html | 162 ++++++--------------- .../rebootcontrol/templates/header.html | 63 ++++++++ 11 files changed, 172 insertions(+), 194 deletions(-) create mode 100644 modules-available/rebootcontrol/templates/header.html (limited to 'modules-available/rebootcontrol/permissions') diff --git a/modules-available/rebootcontrol/lang/de/module.json b/modules-available/rebootcontrol/lang/de/module.json index 03196610..1f325354 100644 --- a/modules-available/rebootcontrol/lang/de/module.json +++ b/modules-available/rebootcontrol/lang/de/module.json @@ -1,5 +1,4 @@ { "module_name": "Reboot Control", - "notAssigned": "Nicht zugewiesen", "page_title": "Reboot Control" } \ No newline at end of file diff --git a/modules-available/rebootcontrol/lang/de/permissions.json b/modules-available/rebootcontrol/lang/de/permissions.json index 92eeb37e..12ec4c83 100644 --- a/modules-available/rebootcontrol/lang/de/permissions.json +++ b/modules-available/rebootcontrol/lang/de/permissions.json @@ -1,5 +1,5 @@ { - "shutdown": "Client herunterfahren.", - "reboot": "Client neustarten.", + "action.shutdown": "Client herunterfahren.", + "action.reboot": "Client neustarten.", "newkeypair": "Neues Schlüsselpaar generieren." } \ No newline at end of file diff --git a/modules-available/rebootcontrol/lang/de/template-tags.json b/modules-available/rebootcontrol/lang/de/template-tags.json index c5bd1670..eccc8738 100644 --- a/modules-available/rebootcontrol/lang/de/template-tags.json +++ b/modules-available/rebootcontrol/lang/de/template-tags.json @@ -1,12 +1,14 @@ { "lang_authFail": "Authentifizierung fehlgeschlagen", "lang_client": "Client", + "lang_confirmNewKeypair": "Wirklich neues Schl\u00fcsselpaar erzeugen?", "lang_connecting": "Verbinde...", "lang_error": "Nicht erreichbar", "lang_genNew": "Neues Schl\u00fcsselpaar generieren", "lang_ip": "IP", "lang_location": "Standort", "lang_minutes": " Minuten", + "lang_newKeypairExplanation": "Sie k\u00f6nnen ein neues Schl\u00fcsselpaar erzeugen lassen. In diesem Fall wird das alte Schl\u00fcsselpaar verworfen, sodass alle zum jetzigen Zeitpunkt bereits gestarteten Rechner nicht mehr aus der Ferne bedient werden k\u00f6nnen, bis diese manuell neugestartet wurden.", "lang_off": "Aus", "lang_on": "An", "lang_online": "Online", @@ -27,6 +29,5 @@ "lang_shutdownCheck": "Wollen Sie die ausgew\u00e4hlten Rechner wirklich herunterfahren?", "lang_shutdownIn": "Herunterfahren in: ", "lang_status": "Status", - "lang_unselectall": "Alle abw\u00e4hlen", - "lang_user": "Nutzer" + "lang_unselectall": "Alle abw\u00e4hlen" } \ No newline at end of file diff --git a/modules-available/rebootcontrol/lang/en/module.json b/modules-available/rebootcontrol/lang/en/module.json index 129140dd..1f325354 100644 --- a/modules-available/rebootcontrol/lang/en/module.json +++ b/modules-available/rebootcontrol/lang/en/module.json @@ -1,5 +1,4 @@ { "module_name": "Reboot Control", - "notAssigned": "Not assigned", "page_title": "Reboot Control" } \ No newline at end of file diff --git a/modules-available/rebootcontrol/lang/en/permissions.json b/modules-available/rebootcontrol/lang/en/permissions.json index 077890fb..34badbaf 100644 --- a/modules-available/rebootcontrol/lang/en/permissions.json +++ b/modules-available/rebootcontrol/lang/en/permissions.json @@ -1,5 +1,5 @@ { - "shutdown": "Shutdown Client.", - "reboot": "Reboot Client.", + "action.shutdown": "Shutdown Client.", + "action.reboot": "Reboot Client.", "newkeypair": "Generate new Keypair." } \ No newline at end of file diff --git a/modules-available/rebootcontrol/lang/en/template-tags.json b/modules-available/rebootcontrol/lang/en/template-tags.json index 63a5b4a8..c2346044 100644 --- a/modules-available/rebootcontrol/lang/en/template-tags.json +++ b/modules-available/rebootcontrol/lang/en/template-tags.json @@ -1,12 +1,14 @@ { "lang_authFail": "Authentication failed", "lang_client": "Client", + "lang_confirmNewKeypair": "Really create new key pair?", "lang_connecting": "Connecting...", "lang_error": "Not available", "lang_genNew": "Generate new keypair", "lang_ip": "IP", "lang_location": "Location", "lang_minutes": " Minutes", + "lang_newKeypairExplanation": "You can create a new keypair, which will replace the old one. Please note that after doing so, you cannot poweroff or reboot clients that are already running, since they still use the old key. They have to be rebooted manually first.", "lang_off": "Off", "lang_on": "On", "lang_online": "Online", @@ -27,6 +29,5 @@ "lang_shutdownCheck": "Do you really want to shut down the selected clients?", "lang_shutdownIn": "Shutdown in: ", "lang_status": "Status", - "lang_unselectall": "Unselect all", - "lang_user": "User" + "lang_unselectall": "Unselect all" } \ No newline at end of file diff --git a/modules-available/rebootcontrol/page.inc.php b/modules-available/rebootcontrol/page.inc.php index fa34a05a..fa7688d8 100644 --- a/modules-available/rebootcontrol/page.inc.php +++ b/modules-available/rebootcontrol/page.inc.php @@ -4,9 +4,6 @@ class Page_RebootControl extends Page { private $action = false; - private $allowedShutdownLocs = []; - private $allowedRebootLocs = []; - private $allowedLocs = []; /** * Called before any page rendering happens - early hook to check parameters etc. @@ -20,54 +17,40 @@ class Page_RebootControl extends Page Util::redirect('?do=Main'); // does not return } - $this->allowedShutdownLocs = User::getAllowedLocations("shutdown"); - $this->allowedRebootLocs = User::getAllowedLocations("reboot"); - $this->allowedLocs = array_unique(array_merge($this->allowedShutdownLocs, $this->allowedRebootLocs)); - $this->action = Request::any('action', 'show', 'string'); - if ($this->action === 'startReboot' || $this->action === 'startShutdown') { - - $locationId = Request::post('locationId', false, 'int'); - if ($locationId === false) { - Message::addError('locations.invalid-location-id', $locationId); - Util::redirect(); - } - - $shutdown = $this->action === "startShutdown"; - // Check user permission (if user has no permission, the getAllowed-list will be empty and the check will fail) - if ($shutdown) { - if (!in_array($locationId, $this->allowedShutdownLocs)) { - Message::addError('main.no-permission'); - Util::redirect(); - } - } else { - if (!in_array($locationId, $this->allowedRebootLocs)) { - Message::addError('main.no-permission'); - Util::redirect(); - } - } + if ($this->action === 'reboot' || $this->action === 'shutdown') { - $clients = Request::post('clients'); - if (!is_array($clients) || empty($clients)) { + $requestedClients = Request::post('clients', false, 'array'); + if (!is_array($requestedClients) || empty($requestedClients)) { Message::addError('no-clients-selected'); Util::redirect(); } $minutes = Request::post('minutes', 0, 'int'); - $list = RebootQueries::getMachinesByUuid($clients); - if (count($list) !== count($clients)) { + $actualClients = RebootQueries::getMachinesByUuid($requestedClients); + if (count($actualClients) !== count($requestedClients)) { // We could go ahead an see which ones were not found in DB but this should not happen anyways unless the // user manipulated the request Message::addWarning('some-machine-not-found'); } - // TODO: Iterate over list and check if a locationid is not in permissions - // TODO: we could also check if the locationid is equal or a sublocation of the $locationId from above - // (this would be more of a sanity check though, or does the UI allow selecting machines from different locations) - - $task = RebootControl::execute($list, $shutdown, $minutes, $locationId); + // Filter ones with no permission + foreach (array_keys($actualClients) as $idx) { + if (!User::hasPermission('action.' . $this->action, $actualClients[$idx]['locationid'])) { + Message::addWarning('main.location-no-permission', $actualClients[$idx]['locationid']); + unset($actualClients[$idx]); + } else { + $locationId = $actualClients[$idx]['locationid']; + } + } + // See if anything is left + if (!is_array($actualClients) || empty($actualClients)) { + Message::addError('no-clients-selected'); + Util::redirect(); + } + $task = RebootControl::execute($actualClients, $this->action === 'shutdown', $minutes, $locationId); Util::redirect("?do=rebootcontrol&taskid=".$task["id"]); } @@ -81,6 +64,7 @@ class Page_RebootControl extends Page { if ($this->action === 'show') { + $data = []; $taskId = Request::get("taskid"); if ($taskId && Taskmanager::isTask($taskId)) { @@ -91,36 +75,42 @@ class Page_RebootControl extends Page $data['clients'] = $task['data']['clients']; Render::addTemplate('status', $data); } else { - //location you want to see, default are "not assigned" clients - $requestedLocation = Request::get('location', 0, 'int'); - // only fill table if user has at least one permission for the location - if (in_array($requestedLocation, $this->allowedLocs)) { - $data['data'] = RebootQueries::getMachineTable($requestedLocation); - $data['allowedToSelect'] = True; + //location you want to see, default are "not assigned" clients + $requestedLocation = Request::get('location', false, 'int'); + $allowedLocs = User::getAllowedLocations("action.*"); + + if ($requestedLocation === false) { + if (in_array(0, $allowedLocs)) { + $requestedLocation = 0; + } elseif (!empty($allowedLocs)) { + $requestedLocation = reset($allowedLocs); + } } $data['locations'] = Location::getLocations($requestedLocation, 0, true); - // Always show public key (it's public, isn't it?) - $data['pubKey'] = SSHKey::getPublicKey(); // disable each location user has no permission for foreach ($data['locations'] as &$loc) { - if (!in_array($loc["locationid"], $this->allowedLocs)) { + if (!in_array($loc["locationid"], $allowedLocs)) { $loc["disabled"] = "disabled"; } } + // Always show public key (it's public, isn't it?) + $data['pubKey'] = SSHKey::getPublicKey(); // Only enable shutdown/reboot-button if user has permission for the location - if (in_array($requestedLocation, $this->allowedShutdownLocs)) { - $data['allowedToShutdown'] = True; - } - if (in_array($requestedLocation, $this->allowedRebootLocs)) { - $data['allowedToReboot'] = True; - } - $data['allowedToGenerateKey'] = User::hasPermission("newkeypair"); + Permission::addGlobalTags($data['perms'], $requestedLocation, ['newkeypair', 'action.shutdown', 'action.reboot']); + + Render::addTemplate('header', $data); - Render::addTemplate('_page', $data); + // only fill table if user has at least one permission for the location + if ($requestedLocation === false) { + Message::addError('main.no-permission'); + } else { + $data['data'] = RebootQueries::getMachineTable($requestedLocation); + Render::addTemplate('_page', $data); + } } } @@ -130,12 +120,9 @@ class Page_RebootControl extends Page { $this->action = Request::post('action', false, 'string'); if ($this->action === 'generateNewKeypair') { - if (User::hasPermission("newkeypair")) { - Property::set("rebootcontrol-private-key", false); - echo SSHKey::getPublicKey(); - } else { - echo 'No permission.'; - } + User::assertPermission("newkeypair"); + Property::set("rebootcontrol-private-key", false); + echo SSHKey::getPublicKey(); } else { echo 'Invalid action.'; } diff --git a/modules-available/rebootcontrol/permissions/permissions.json b/modules-available/rebootcontrol/permissions/permissions.json index 5de9b633..a058ffbf 100644 --- a/modules-available/rebootcontrol/permissions/permissions.json +++ b/modules-available/rebootcontrol/permissions/permissions.json @@ -2,10 +2,10 @@ "newkeypair": { "location-aware": false }, - "reboot": { + "action.reboot": { "location-aware": true }, - "shutdown": { + "action.shutdown": { "location-aware": true } } \ No newline at end of file diff --git a/modules-available/rebootcontrol/style.css b/modules-available/rebootcontrol/style.css index f10a6157..e35bce29 100644 --- a/modules-available/rebootcontrol/style.css +++ b/modules-available/rebootcontrol/style.css @@ -16,9 +16,8 @@ margin-bottom: 0; } -.controlButtons { - margin-left: 10px; - width: 140px; +.select-button { + min-width: 150px; } #dataTable { @@ -29,11 +28,6 @@ #shutdownTimer { text-align: center; } -#pubKeyTitle { - display: inline-block; - margin-top: 7px; - margin-bottom: 20px; -} pre { white-space: pre-wrap; diff --git a/modules-available/rebootcontrol/templates/_page.html b/modules-available/rebootcontrol/templates/_page.html index e540cafb..82f82b02 100644 --- a/modules-available/rebootcontrol/templates/_page.html +++ b/modules-available/rebootcontrol/templates/_page.html @@ -1,26 +1,5 @@ - - -
    -
    -
    - - - - - -
    -
    @@ -53,7 +32,7 @@ -
    {{#status}}{{currentsession}}{{/status}} {{#status}}{{currentuser}}{{/status}} +
    @@ -69,25 +48,6 @@ - - @@ -115,11 +75,11 @@
    @@ -128,104 +88,76 @@ \ No newline at end of file -- cgit v1.2.3-55-g7522