+{{#toplevel}}{{/toplevel}}
\ No newline at end of file
diff --git a/modules-available/permissionmanager/templates/treepanel.html b/modules-available/permissionmanager/templates/treepanel.html
index 6f358825..8b510407 100644
--- a/modules-available/permissionmanager/templates/treepanel.html
+++ b/modules-available/permissionmanager/templates/treepanel.html
@@ -6,7 +6,7 @@
-
+
{{{HTML}}}
diff --git a/modules-available/rebootcontrol/permissions/permissions.json b/modules-available/rebootcontrol/permissions/permissions.json
index 5230c9bd..5de9b633 100644
--- a/modules-available/rebootcontrol/permissions/permissions.json
+++ b/modules-available/rebootcontrol/permissions/permissions.json
@@ -1,5 +1,11 @@
-[
- "shutdown",
- "reboot",
- "newkeypair"
-]
\ No newline at end of file
+{
+ "newkeypair": {
+ "location-aware": false
+ },
+ "reboot": {
+ "location-aware": true
+ },
+ "shutdown": {
+ "location-aware": true
+ }
+}
\ No newline at end of file
diff --git a/modules-available/serversetup-bwlp/permissions/permissions.json b/modules-available/serversetup-bwlp/permissions/permissions.json
index 2166cf8e..6bae5422 100644
--- a/modules-available/serversetup-bwlp/permissions/permissions.json
+++ b/modules-available/serversetup-bwlp/permissions/permissions.json
@@ -1,5 +1,11 @@
-[
- "edit.address",
- "edit.menu",
- "download"
-]
\ No newline at end of file
+{
+ "download": {
+ "location-aware": false
+ },
+ "edit.address": {
+ "location-aware": false
+ },
+ "edit.menu": {
+ "location-aware": false
+ }
+}
\ No newline at end of file
diff --git a/modules-available/statistics/permissions/permissions.json b/modules-available/statistics/permissions/permissions.json
index 97a49036..c9dca9f3 100644
--- a/modules-available/statistics/permissions/permissions.json
+++ b/modules-available/statistics/permissions/permissions.json
@@ -1,5 +1,11 @@
-[
- "view",
- "note",
- "delete"
-]
\ No newline at end of file
+{
+ "machine.delete": {
+ "location-aware": true
+ },
+ "machine.note": {
+ "location-aware": true
+ },
+ "machine.view": {
+ "location-aware": true
+ }
+}
\ No newline at end of file
diff --git a/modules-available/statistics_reporting/permissions/permissions.json b/modules-available/statistics_reporting/permissions/permissions.json
index d967b75d..1244027e 100644
--- a/modules-available/statistics_reporting/permissions/permissions.json
+++ b/modules-available/statistics_reporting/permissions/permissions.json
@@ -1,10 +1,26 @@
-[
- "table.view.total",
- "table.view.location",
- "table.view.client",
- "table.view.user",
- "table.view.vm",
- "table.export",
- "reporting.download",
- "reporting.change"
-]
\ No newline at end of file
+{
+ "reporting.change": {
+ "location-aware": false
+ },
+ "reporting.download": {
+ "location-aware": false
+ },
+ "table.export": {
+ "location-aware": false
+ },
+ "table.view.client": {
+ "location-aware": true
+ },
+ "table.view.location": {
+ "location-aware": true
+ },
+ "table.view.total": {
+ "location-aware": false
+ },
+ "table.view.user": {
+ "location-aware": false
+ },
+ "table.view.vm": {
+ "location-aware": false
+ }
+}
\ No newline at end of file
diff --git a/modules-available/syslog/permissions/permissions.json b/modules-available/syslog/permissions/permissions.json
index f04ea714..fcf530c5 100644
--- a/modules-available/syslog/permissions/permissions.json
+++ b/modules-available/syslog/permissions/permissions.json
@@ -1,3 +1,5 @@
-[
- "view"
-]
\ No newline at end of file
+{
+ "view": {
+ "location-aware": true
+ }
+}
\ No newline at end of file
diff --git a/modules-available/systemstatus/permissions/permissions.json b/modules-available/systemstatus/permissions/permissions.json
index 0333564b..8324f708 100644
--- a/modules-available/systemstatus/permissions/permissions.json
+++ b/modules-available/systemstatus/permissions/permissions.json
@@ -1,13 +1,35 @@
-[
- "show.overview.diskstat",
- "show.overview.services",
- "show.overview.adresses",
- "show.overview.systeminfo",
- "show.overview.dmsdusers",
- "show.logs.bwlpserver",
- "show.logs.netstat",
- "show.logs.pslist",
- "show.logs.ldapad",
- "show.logs.lighttpd",
- "serverreboot"
-]
\ No newline at end of file
+{
+ "serverreboot": {
+ "location-aware": false
+ },
+ "show.logs.bwlpserver": {
+ "location-aware": false
+ },
+ "show.logs.ldapad": {
+ "location-aware": false
+ },
+ "show.logs.lighttpd": {
+ "location-aware": false
+ },
+ "show.logs.netstat": {
+ "location-aware": false
+ },
+ "show.logs.pslist": {
+ "location-aware": false
+ },
+ "show.overview.adresses": {
+ "location-aware": false
+ },
+ "show.overview.diskstat": {
+ "location-aware": false
+ },
+ "show.overview.dmsdusers": {
+ "location-aware": false
+ },
+ "show.overview.services": {
+ "location-aware": false
+ },
+ "show.overview.systeminfo": {
+ "location-aware": false
+ }
+}
\ No newline at end of file
diff --git a/modules-available/vmstore/permissions/permissions.json b/modules-available/vmstore/permissions/permissions.json
index f2c22c72..29ee6a51 100644
--- a/modules-available/vmstore/permissions/permissions.json
+++ b/modules-available/vmstore/permissions/permissions.json
@@ -1,5 +1,11 @@
-[
- "choose.internal",
- "choose.nfs",
- "choose.cifs"
-]
\ No newline at end of file
+{
+ "choose.cifs": {
+ "location-aware": false
+ },
+ "choose.internal": {
+ "location-aware": false
+ },
+ "choose.nfs": {
+ "location-aware": false
+ }
+}
\ No newline at end of file
diff --git a/modules-available/webinterface/permissions/permissions.json b/modules-available/webinterface/permissions/permissions.json
index 45b5395d..fa6f493f 100644
--- a/modules-available/webinterface/permissions/permissions.json
+++ b/modules-available/webinterface/permissions/permissions.json
@@ -1,5 +1,11 @@
-[
- "edit.https",
- "edit.password",
- "edit.design"
-]
\ No newline at end of file
+{
+ "edit.design": {
+ "location-aware": false
+ },
+ "edit.https": {
+ "location-aware": false
+ },
+ "edit.password": {
+ "location-aware": false
+ }
+}
\ No newline at end of file
--
cgit v1.2.3-55-g7522
From 5309badac125114399ec2cf39b095e0d9efcd09f Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Thu, 15 Feb 2018 13:18:56 +0100
Subject: [rebootcontrol] Rewrite permission handling, simplify html/javascript
---
.../rebootcontrol/lang/de/module.json | 1 -
.../rebootcontrol/lang/de/permissions.json | 4 +-
.../rebootcontrol/lang/de/template-tags.json | 5 +-
.../rebootcontrol/lang/en/module.json | 1 -
.../rebootcontrol/lang/en/permissions.json | 4 +-
.../rebootcontrol/lang/en/template-tags.json | 5 +-
modules-available/rebootcontrol/page.inc.php | 107 ++++++--------
.../rebootcontrol/permissions/permissions.json | 4 +-
modules-available/rebootcontrol/style.css | 10 +-
.../rebootcontrol/templates/_page.html | 162 ++++++---------------
.../rebootcontrol/templates/header.html | 63 ++++++++
11 files changed, 172 insertions(+), 194 deletions(-)
create mode 100644 modules-available/rebootcontrol/templates/header.html
(limited to 'modules-available/rebootcontrol')
diff --git a/modules-available/rebootcontrol/lang/de/module.json b/modules-available/rebootcontrol/lang/de/module.json
index 03196610..1f325354 100644
--- a/modules-available/rebootcontrol/lang/de/module.json
+++ b/modules-available/rebootcontrol/lang/de/module.json
@@ -1,5 +1,4 @@
{
"module_name": "Reboot Control",
- "notAssigned": "Nicht zugewiesen",
"page_title": "Reboot Control"
}
\ No newline at end of file
diff --git a/modules-available/rebootcontrol/lang/de/permissions.json b/modules-available/rebootcontrol/lang/de/permissions.json
index 92eeb37e..12ec4c83 100644
--- a/modules-available/rebootcontrol/lang/de/permissions.json
+++ b/modules-available/rebootcontrol/lang/de/permissions.json
@@ -1,5 +1,5 @@
{
- "shutdown": "Client herunterfahren.",
- "reboot": "Client neustarten.",
+ "action.shutdown": "Client herunterfahren.",
+ "action.reboot": "Client neustarten.",
"newkeypair": "Neues Schlüsselpaar generieren."
}
\ No newline at end of file
diff --git a/modules-available/rebootcontrol/lang/de/template-tags.json b/modules-available/rebootcontrol/lang/de/template-tags.json
index c5bd1670..eccc8738 100644
--- a/modules-available/rebootcontrol/lang/de/template-tags.json
+++ b/modules-available/rebootcontrol/lang/de/template-tags.json
@@ -1,12 +1,14 @@
{
"lang_authFail": "Authentifizierung fehlgeschlagen",
"lang_client": "Client",
+ "lang_confirmNewKeypair": "Wirklich neues Schl\u00fcsselpaar erzeugen?",
"lang_connecting": "Verbinde...",
"lang_error": "Nicht erreichbar",
"lang_genNew": "Neues Schl\u00fcsselpaar generieren",
"lang_ip": "IP",
"lang_location": "Standort",
"lang_minutes": " Minuten",
+ "lang_newKeypairExplanation": "Sie k\u00f6nnen ein neues Schl\u00fcsselpaar erzeugen lassen. In diesem Fall wird das alte Schl\u00fcsselpaar verworfen, sodass alle zum jetzigen Zeitpunkt bereits gestarteten Rechner nicht mehr aus der Ferne bedient werden k\u00f6nnen, bis diese manuell neugestartet wurden.",
"lang_off": "Aus",
"lang_on": "An",
"lang_online": "Online",
@@ -27,6 +29,5 @@
"lang_shutdownCheck": "Wollen Sie die ausgew\u00e4hlten Rechner wirklich herunterfahren?",
"lang_shutdownIn": "Herunterfahren in: ",
"lang_status": "Status",
- "lang_unselectall": "Alle abw\u00e4hlen",
- "lang_user": "Nutzer"
+ "lang_unselectall": "Alle abw\u00e4hlen"
}
\ No newline at end of file
diff --git a/modules-available/rebootcontrol/lang/en/module.json b/modules-available/rebootcontrol/lang/en/module.json
index 129140dd..1f325354 100644
--- a/modules-available/rebootcontrol/lang/en/module.json
+++ b/modules-available/rebootcontrol/lang/en/module.json
@@ -1,5 +1,4 @@
{
"module_name": "Reboot Control",
- "notAssigned": "Not assigned",
"page_title": "Reboot Control"
}
\ No newline at end of file
diff --git a/modules-available/rebootcontrol/lang/en/permissions.json b/modules-available/rebootcontrol/lang/en/permissions.json
index 077890fb..34badbaf 100644
--- a/modules-available/rebootcontrol/lang/en/permissions.json
+++ b/modules-available/rebootcontrol/lang/en/permissions.json
@@ -1,5 +1,5 @@
{
- "shutdown": "Shutdown Client.",
- "reboot": "Reboot Client.",
+ "action.shutdown": "Shutdown Client.",
+ "action.reboot": "Reboot Client.",
"newkeypair": "Generate new Keypair."
}
\ No newline at end of file
diff --git a/modules-available/rebootcontrol/lang/en/template-tags.json b/modules-available/rebootcontrol/lang/en/template-tags.json
index 63a5b4a8..c2346044 100644
--- a/modules-available/rebootcontrol/lang/en/template-tags.json
+++ b/modules-available/rebootcontrol/lang/en/template-tags.json
@@ -1,12 +1,14 @@
{
"lang_authFail": "Authentication failed",
"lang_client": "Client",
+ "lang_confirmNewKeypair": "Really create new key pair?",
"lang_connecting": "Connecting...",
"lang_error": "Not available",
"lang_genNew": "Generate new keypair",
"lang_ip": "IP",
"lang_location": "Location",
"lang_minutes": " Minutes",
+ "lang_newKeypairExplanation": "You can create a new keypair, which will replace the old one. Please note that after doing so, you cannot poweroff or reboot clients that are already running, since they still use the old key. They have to be rebooted manually first.",
"lang_off": "Off",
"lang_on": "On",
"lang_online": "Online",
@@ -27,6 +29,5 @@
"lang_shutdownCheck": "Do you really want to shut down the selected clients?",
"lang_shutdownIn": "Shutdown in: ",
"lang_status": "Status",
- "lang_unselectall": "Unselect all",
- "lang_user": "User"
+ "lang_unselectall": "Unselect all"
}
\ No newline at end of file
diff --git a/modules-available/rebootcontrol/page.inc.php b/modules-available/rebootcontrol/page.inc.php
index fa34a05a..fa7688d8 100644
--- a/modules-available/rebootcontrol/page.inc.php
+++ b/modules-available/rebootcontrol/page.inc.php
@@ -4,9 +4,6 @@ class Page_RebootControl extends Page
{
private $action = false;
- private $allowedShutdownLocs = [];
- private $allowedRebootLocs = [];
- private $allowedLocs = [];
/**
* Called before any page rendering happens - early hook to check parameters etc.
@@ -20,54 +17,40 @@ class Page_RebootControl extends Page
Util::redirect('?do=Main'); // does not return
}
- $this->allowedShutdownLocs = User::getAllowedLocations("shutdown");
- $this->allowedRebootLocs = User::getAllowedLocations("reboot");
- $this->allowedLocs = array_unique(array_merge($this->allowedShutdownLocs, $this->allowedRebootLocs));
-
$this->action = Request::any('action', 'show', 'string');
- if ($this->action === 'startReboot' || $this->action === 'startShutdown') {
-
- $locationId = Request::post('locationId', false, 'int');
- if ($locationId === false) {
- Message::addError('locations.invalid-location-id', $locationId);
- Util::redirect();
- }
-
- $shutdown = $this->action === "startShutdown";
- // Check user permission (if user has no permission, the getAllowed-list will be empty and the check will fail)
- if ($shutdown) {
- if (!in_array($locationId, $this->allowedShutdownLocs)) {
- Message::addError('main.no-permission');
- Util::redirect();
- }
- } else {
- if (!in_array($locationId, $this->allowedRebootLocs)) {
- Message::addError('main.no-permission');
- Util::redirect();
- }
- }
+ if ($this->action === 'reboot' || $this->action === 'shutdown') {
- $clients = Request::post('clients');
- if (!is_array($clients) || empty($clients)) {
+ $requestedClients = Request::post('clients', false, 'array');
+ if (!is_array($requestedClients) || empty($requestedClients)) {
Message::addError('no-clients-selected');
Util::redirect();
}
$minutes = Request::post('minutes', 0, 'int');
- $list = RebootQueries::getMachinesByUuid($clients);
- if (count($list) !== count($clients)) {
+ $actualClients = RebootQueries::getMachinesByUuid($requestedClients);
+ if (count($actualClients) !== count($requestedClients)) {
// We could go ahead an see which ones were not found in DB but this should not happen anyways unless the
// user manipulated the request
Message::addWarning('some-machine-not-found');
}
- // TODO: Iterate over list and check if a locationid is not in permissions
- // TODO: we could also check if the locationid is equal or a sublocation of the $locationId from above
- // (this would be more of a sanity check though, or does the UI allow selecting machines from different locations)
-
- $task = RebootControl::execute($list, $shutdown, $minutes, $locationId);
+ // Filter ones with no permission
+ foreach (array_keys($actualClients) as $idx) {
+ if (!User::hasPermission('action.' . $this->action, $actualClients[$idx]['locationid'])) {
+ Message::addWarning('main.location-no-permission', $actualClients[$idx]['locationid']);
+ unset($actualClients[$idx]);
+ } else {
+ $locationId = $actualClients[$idx]['locationid'];
+ }
+ }
+ // See if anything is left
+ if (!is_array($actualClients) || empty($actualClients)) {
+ Message::addError('no-clients-selected');
+ Util::redirect();
+ }
+ $task = RebootControl::execute($actualClients, $this->action === 'shutdown', $minutes, $locationId);
Util::redirect("?do=rebootcontrol&taskid=".$task["id"]);
}
@@ -81,6 +64,7 @@ class Page_RebootControl extends Page
{
if ($this->action === 'show') {
+ $data = [];
$taskId = Request::get("taskid");
if ($taskId && Taskmanager::isTask($taskId)) {
@@ -91,36 +75,42 @@ class Page_RebootControl extends Page
$data['clients'] = $task['data']['clients'];
Render::addTemplate('status', $data);
} else {
- //location you want to see, default are "not assigned" clients
- $requestedLocation = Request::get('location', 0, 'int');
- // only fill table if user has at least one permission for the location
- if (in_array($requestedLocation, $this->allowedLocs)) {
- $data['data'] = RebootQueries::getMachineTable($requestedLocation);
- $data['allowedToSelect'] = True;
+ //location you want to see, default are "not assigned" clients
+ $requestedLocation = Request::get('location', false, 'int');
+ $allowedLocs = User::getAllowedLocations("action.*");
+
+ if ($requestedLocation === false) {
+ if (in_array(0, $allowedLocs)) {
+ $requestedLocation = 0;
+ } elseif (!empty($allowedLocs)) {
+ $requestedLocation = reset($allowedLocs);
+ }
}
$data['locations'] = Location::getLocations($requestedLocation, 0, true);
- // Always show public key (it's public, isn't it?)
- $data['pubKey'] = SSHKey::getPublicKey();
// disable each location user has no permission for
foreach ($data['locations'] as &$loc) {
- if (!in_array($loc["locationid"], $this->allowedLocs)) {
+ if (!in_array($loc["locationid"], $allowedLocs)) {
$loc["disabled"] = "disabled";
}
}
+ // Always show public key (it's public, isn't it?)
+ $data['pubKey'] = SSHKey::getPublicKey();
// Only enable shutdown/reboot-button if user has permission for the location
- if (in_array($requestedLocation, $this->allowedShutdownLocs)) {
- $data['allowedToShutdown'] = True;
- }
- if (in_array($requestedLocation, $this->allowedRebootLocs)) {
- $data['allowedToReboot'] = True;
- }
- $data['allowedToGenerateKey'] = User::hasPermission("newkeypair");
+ Permission::addGlobalTags($data['perms'], $requestedLocation, ['newkeypair', 'action.shutdown', 'action.reboot']);
+
+ Render::addTemplate('header', $data);
- Render::addTemplate('_page', $data);
+ // only fill table if user has at least one permission for the location
+ if ($requestedLocation === false) {
+ Message::addError('main.no-permission');
+ } else {
+ $data['data'] = RebootQueries::getMachineTable($requestedLocation);
+ Render::addTemplate('_page', $data);
+ }
}
}
@@ -130,12 +120,9 @@ class Page_RebootControl extends Page
{
$this->action = Request::post('action', false, 'string');
if ($this->action === 'generateNewKeypair') {
- if (User::hasPermission("newkeypair")) {
- Property::set("rebootcontrol-private-key", false);
- echo SSHKey::getPublicKey();
- } else {
- echo 'No permission.';
- }
+ User::assertPermission("newkeypair");
+ Property::set("rebootcontrol-private-key", false);
+ echo SSHKey::getPublicKey();
} else {
echo 'Invalid action.';
}
diff --git a/modules-available/rebootcontrol/permissions/permissions.json b/modules-available/rebootcontrol/permissions/permissions.json
index 5de9b633..a058ffbf 100644
--- a/modules-available/rebootcontrol/permissions/permissions.json
+++ b/modules-available/rebootcontrol/permissions/permissions.json
@@ -2,10 +2,10 @@
"newkeypair": {
"location-aware": false
},
- "reboot": {
+ "action.reboot": {
"location-aware": true
},
- "shutdown": {
+ "action.shutdown": {
"location-aware": true
}
}
\ No newline at end of file
diff --git a/modules-available/rebootcontrol/style.css b/modules-available/rebootcontrol/style.css
index f10a6157..e35bce29 100644
--- a/modules-available/rebootcontrol/style.css
+++ b/modules-available/rebootcontrol/style.css
@@ -16,9 +16,8 @@
margin-bottom: 0;
}
-.controlButtons {
- margin-left: 10px;
- width: 140px;
+.select-button {
+ min-width: 150px;
}
#dataTable {
@@ -29,11 +28,6 @@
#shutdownTimer {
text-align: center;
}
-#pubKeyTitle {
- display: inline-block;
- margin-top: 7px;
- margin-bottom: 20px;
-}
pre {
white-space: pre-wrap;
diff --git a/modules-available/rebootcontrol/templates/_page.html b/modules-available/rebootcontrol/templates/_page.html
index e540cafb..82f82b02 100644
--- a/modules-available/rebootcontrol/templates/_page.html
+++ b/modules-available/rebootcontrol/templates/_page.html
@@ -1,26 +1,5 @@
-