From 4c9aba92942c4b9341c46a50aeaa31bea24a8b60 Mon Sep 17 00:00:00 2001 From: Christian Hofmaier Date: Tue, 9 Jan 2018 17:38:21 +0100 Subject: [exams] implemented permission system --- modules-available/rebootcontrol/permissions/permissions.json | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 modules-available/rebootcontrol/permissions/permissions.json (limited to 'modules-available/rebootcontrol/permissions') diff --git a/modules-available/rebootcontrol/permissions/permissions.json b/modules-available/rebootcontrol/permissions/permissions.json new file mode 100644 index 00000000..5230c9bd --- /dev/null +++ b/modules-available/rebootcontrol/permissions/permissions.json @@ -0,0 +1,5 @@ +[ + "shutdown", + "reboot", + "newkeypair" +] \ No newline at end of file -- cgit v1.2.3-55-g7522 From a8b0095b335780ae0bb950bc44021215d43a6b2d Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Mon, 12 Feb 2018 14:17:07 +0100 Subject: [permissionmanager] Introduce "location-aware" flag for permissions This flag tells wether the permission can be restricted to certain locations in a meaningful way. This flag has to be set in the permissions.json of the according module. For example, the permission to reboot the server cannot be limited to certain locations in a meaningful way, while the view of the client log can be filtered to only show log entries for clients in specific locations. --- .../backup/permissions/permissions.json | 12 +++-- .../permissions/permissions.json | 24 +++++++--- .../dozmod/permissions/permissions.json | 52 ++++++++++++++++------ .../eventlog/permissions/permissions.json | 8 ++-- .../exams/permissions/permissions.json | 13 +++--- .../internetaccess/permissions/permissions.json | 8 ++-- .../locations/permissions/permissions.json | 32 +++++++++---- .../minilinux/permissions/permissions.json | 12 +++-- .../news/permissions/permissions.json | 20 ++++++--- .../permissionmanager/inc/permissionutil.inc.php | 9 ++-- modules-available/permissionmanager/page.inc.php | 21 +++++---- modules-available/permissionmanager/style.css | 28 ++++++------ .../permissionmanager/templates/roleeditor.html | 42 +++++++---------- .../permissionmanager/templates/treenode.html | 23 +++++----- .../permissionmanager/templates/treepanel.html | 2 +- .../rebootcontrol/permissions/permissions.json | 16 ++++--- .../serversetup-bwlp/permissions/permissions.json | 16 ++++--- .../statistics/permissions/permissions.json | 16 ++++--- .../permissions/permissions.json | 36 ++++++++++----- .../syslog/permissions/permissions.json | 8 ++-- .../systemstatus/permissions/permissions.json | 48 ++++++++++++++------ .../vmstore/permissions/permissions.json | 16 ++++--- .../webinterface/permissions/permissions.json | 16 ++++--- 23 files changed, 309 insertions(+), 169 deletions(-) (limited to 'modules-available/rebootcontrol/permissions') diff --git a/modules-available/backup/permissions/permissions.json b/modules-available/backup/permissions/permissions.json index feeffe33..1f778ab6 100644 --- a/modules-available/backup/permissions/permissions.json +++ b/modules-available/backup/permissions/permissions.json @@ -1,4 +1,8 @@ -[ - "create", - "restore" -] \ No newline at end of file +{ + "create": { + "location-aware": false + }, + "restore": { + "location-aware": false + } +} \ No newline at end of file diff --git a/modules-available/baseconfig_partitions_cdn/permissions/permissions.json b/modules-available/baseconfig_partitions_cdn/permissions/permissions.json index 286a975b..3acd5230 100644 --- a/modules-available/baseconfig_partitions_cdn/permissions/permissions.json +++ b/modules-available/baseconfig_partitions_cdn/permissions/permissions.json @@ -1,7 +1,17 @@ -[ - "show", - "partitions.add", - "partitions.delete", - "partitions.edit", - "partitions.reset" -] \ No newline at end of file +{ + "partitions.add": { + "location-aware": false + }, + "partitions.delete": { + "location-aware": false + }, + "partitions.edit": { + "location-aware": false + }, + "partitions.reset": { + "location-aware": false + }, + "show": { + "location-aware": false + } +} \ No newline at end of file diff --git a/modules-available/dozmod/permissions/permissions.json b/modules-available/dozmod/permissions/permissions.json index e8dfb558..b4ff034b 100644 --- a/modules-available/dozmod/permissions/permissions.json +++ b/modules-available/dozmod/permissions/permissions.json @@ -1,14 +1,38 @@ -[ - "images.delete", - "mail.save", - "mail.testmail", - "runtimeconfig.save", - "templates.save", - "templates.reset", - "users.setmail", - "users.setlogin", - "users.setsu", - "users.orglogin", - "log.showuser", - "log.showtarget" -] \ No newline at end of file +{ + "images.delete": { + "location-aware": false + }, + "log.showtarget": { + "location-aware": false + }, + "log.showuser": { + "location-aware": false + }, + "mail.save": { + "location-aware": false + }, + "mail.testmail": { + "location-aware": false + }, + "runtimeconfig.save": { + "location-aware": false + }, + "templates.reset": { + "location-aware": false + }, + "templates.save": { + "location-aware": false + }, + "users.orglogin": { + "location-aware": false + }, + "users.setlogin": { + "location-aware": false + }, + "users.setmail": { + "location-aware": false + }, + "users.setsu": { + "location-aware": false + } +} \ No newline at end of file diff --git a/modules-available/eventlog/permissions/permissions.json b/modules-available/eventlog/permissions/permissions.json index f04ea714..a1748957 100644 --- a/modules-available/eventlog/permissions/permissions.json +++ b/modules-available/eventlog/permissions/permissions.json @@ -1,3 +1,5 @@ -[ - "view" -] \ No newline at end of file +{ + "view": { + "location-aware": false + } +} \ No newline at end of file diff --git a/modules-available/exams/permissions/permissions.json b/modules-available/exams/permissions/permissions.json index 215b3399..e44974b6 100644 --- a/modules-available/exams/permissions/permissions.json +++ b/modules-available/exams/permissions/permissions.json @@ -1,5 +1,8 @@ -[ - "exams.add", - "exams.delete", - "exams.edit" -] \ No newline at end of file +{ + "exams.edit": { + "location-aware": true + }, + "exams.view": { + "location-aware": true + } +} \ No newline at end of file diff --git a/modules-available/internetaccess/permissions/permissions.json b/modules-available/internetaccess/permissions/permissions.json index 67998da7..09652e51 100644 --- a/modules-available/internetaccess/permissions/permissions.json +++ b/modules-available/internetaccess/permissions/permissions.json @@ -1,3 +1,5 @@ -[ - "configuration.safe" -] \ No newline at end of file +{ + "configuration.safe": { + "location-aware": false + } +} \ No newline at end of file diff --git a/modules-available/locations/permissions/permissions.json b/modules-available/locations/permissions/permissions.json index 609a673a..06b01d2c 100644 --- a/modules-available/locations/permissions/permissions.json +++ b/modules-available/locations/permissions/permissions.json @@ -1,9 +1,23 @@ -[ - "location.view", - "location.edit", - "location.add", - "location.delete", - "subnet.edit", - "subnet.add", - "subnet.delete" -] \ No newline at end of file +{ + "location.add": { + "location-aware": false + }, + "location.delete": { + "location-aware": false + }, + "location.edit": { + "location-aware": false + }, + "location.view": { + "location-aware": false + }, + "subnet.add": { + "location-aware": false + }, + "subnet.delete": { + "location-aware": false + }, + "subnet.edit": { + "location-aware": false + } +} \ No newline at end of file diff --git a/modules-available/minilinux/permissions/permissions.json b/modules-available/minilinux/permissions/permissions.json index 457d9810..650f7e71 100644 --- a/modules-available/minilinux/permissions/permissions.json +++ b/modules-available/minilinux/permissions/permissions.json @@ -1,4 +1,8 @@ -[ - "show", - "update" -] \ No newline at end of file +{ + "show": { + "location-aware": false + }, + "update": { + "location-aware": false + } +} \ No newline at end of file diff --git a/modules-available/news/permissions/permissions.json b/modules-available/news/permissions/permissions.json index 321e73ea..0d9435d7 100644 --- a/modules-available/news/permissions/permissions.json +++ b/modules-available/news/permissions/permissions.json @@ -1,6 +1,14 @@ -[ - "news.save", - "news.delete", - "help.save", - "help.delete" -] \ No newline at end of file +{ + "help.delete": { + "location-aware": false + }, + "help.save": { + "location-aware": false + }, + "news.delete": { + "location-aware": false + }, + "news.save": { + "location-aware": false + } +} \ No newline at end of file diff --git a/modules-available/permissionmanager/inc/permissionutil.inc.php b/modules-available/permissionmanager/inc/permissionutil.inc.php index 5ff41046..3daf422e 100644 --- a/modules-available/permissionmanager/inc/permissionutil.inc.php +++ b/modules-available/permissionmanager/inc/permissionutil.inc.php @@ -100,9 +100,9 @@ class PermissionUtil if (!is_array($data)) continue; preg_match('#^modules/([^/]+)/#', $file, $out); - foreach( $data as $p ) { + foreach( $data as $p => $data) { $description = Dictionary::translateFileModule($out[1], "permissions", $p); - self::putInPermissionTree($out[1].".".$p, $description, $permissions); + self::putInPermissionTree($out[1].".".$p, $data['location-aware'], $description, $permissions); } } ksort($permissions); @@ -120,10 +120,11 @@ class PermissionUtil * Place a permission into the given permission tree. * * @param string $permission the permission to place in the tree + * @param bool $locationAware whether this permissions can be restricted to specific locations only * @param string $description the description of the permission * @param array $tree the permission tree to modify */ - private static function putInPermissionTree($permission, $description, &$tree) + private static function putInPermissionTree($permission, $locationAware, $description, &$tree) { $subPermissions = explode('.', $permission); foreach ($subPermissions as $subPermission) { @@ -134,6 +135,6 @@ class PermissionUtil $tree =& $tree[$subPermission]; } } - $tree = $description; + $tree = array('description' => $description, 'location-aware' => $locationAware, 'isLeaf' => true); } } \ No newline at end of file diff --git a/modules-available/permissionmanager/page.inc.php b/modules-available/permissionmanager/page.inc.php index 13d81c6a..bb8482af 100644 --- a/modules-available/permissionmanager/page.inc.php +++ b/modules-available/permissionmanager/page.inc.php @@ -100,18 +100,21 @@ class Page_PermissionManager extends Page $toplevel = $permString == ""; if ($toplevel && in_array("*", $selectedPermissions)) $selectAll = true; foreach ($permissions as $k => $v) { - $leaf = !is_array($v); + $leaf = isset($v['isLeaf']) && $v['isLeaf']; $nextPermString = $permString ? $permString.".".$k : $k; $id = $leaf ? $nextPermString : $nextPermString.".*"; $selected = $selectAll || in_array($id, $selectedPermissions); - $res .= Render::parse("treenode", - array("id" => $id, - "name" => $toplevel ? Module::get($k)->getDisplayName() : $k, - "toplevel" => $toplevel, - "checkboxname" => "permissions", - "selected" => $selected, - "HTML" => $leaf ? "" : self::generatePermissionHTML($v, $selectedPermissions, $selected, $nextPermString), - "description" => $leaf ? $v : "")); + $data = array("id" => $id, + "name" => $toplevel ? Module::get($k)->getDisplayName() : $k, + "toplevel" => $toplevel, + "checkboxname" => "permissions", + "selected" => $selected, + "HTML" => $leaf ? "" : self::generatePermissionHTML($v, $selectedPermissions, $selected, $nextPermString), + ); + if ($leaf) { + $data += $v; + } + $res .= Render::parse("treenode", $data); } if ($toplevel) { $res = Render::parse("treepanel", diff --git a/modules-available/permissionmanager/style.css b/modules-available/permissionmanager/style.css index 49d631a8..9c39af64 100644 --- a/modules-available/permissionmanager/style.css +++ b/modules-available/permissionmanager/style.css @@ -55,28 +55,28 @@ background-color: rgba(0, 182, 41, 0.23); } -.tree-container { - -moz-column-gap: 20px; - -webkit-column-gap: 20px; - column-gap: 20px; -} - - .tree-container > ul { display: inline-block; width: 100%; padding: 0; } -@media (max-width: 767px) { - .tree-container { - -moz-column-count: 1; - -webkit-column-count: 1; - column-count: 1; - } +.tree-container > ul > li > div > label { + font-weight: bold; +} + +.tree-container { + -moz-column-gap: 20px; + -webkit-column-gap: 20px; + column-gap: 20px; + -moz-column-count: 1; + -webkit-column-count: 1; + column-count: 1; + padding-left: 20px; + padding-right: 20px; } -@media (min-width: 768px) and (max-width: 991px) { +@media (min-width: 768px) { .tree-container { -moz-column-count: 2; -webkit-column-count: 2; diff --git a/modules-available/permissionmanager/templates/roleeditor.html b/modules-available/permissionmanager/templates/roleeditor.html index 871fd0cc..eadce027 100644 --- a/modules-available/permissionmanager/templates/roleeditor.html +++ b/modules-available/permissionmanager/templates/roleeditor.html @@ -4,32 +4,24 @@ -