From 9d9bb6390020c3cb138b9c62a8acd1fd8e274c6b Mon Sep 17 00:00:00 2001
From: Christian Hofmaier
Date: Thu, 30 Nov 2017 16:35:04 +0100
Subject: [statistics_reporting] reworked permission system from "click and you
 get error" to "button is disabled due to lack of permission"

---
 .../statistics_reporting/page.inc.php              | 47 +++++++++++-----------
 .../permissions/permissions.json                   |  2 +-
 .../templates/columnChooser.html                   | 12 +++---
 3 files changed, 30 insertions(+), 31 deletions(-)

(limited to 'modules-available/statistics_reporting')

diff --git a/modules-available/statistics_reporting/page.inc.php b/modules-available/statistics_reporting/page.inc.php
index 9862a82e..5d586b6c 100644
--- a/modules-available/statistics_reporting/page.inc.php
+++ b/modules-available/statistics_reporting/page.inc.php
@@ -55,8 +55,6 @@ class Page_Statistics_Reporting extends Page
 			if (User::hasPermission("table.export") && User::hasPermission("table.view.$this->type")) {
 				$this->doExport();
 				// Does not return
-			} else {
-				Message::addError('main.no-permission');
 			}
 		}
 		// Get report - fetch data exactly the way it would automatically be reported
@@ -67,10 +65,7 @@ class Page_Statistics_Reporting extends Page
 				Header('Content-Disposition: attachment; filename=remote-report.json');
 				Header('Content-Type: application/json; charset=utf-8');
 				die(json_encode($report));
-			} else {
-				Message::addError('main.no-permission');
 			}
-
 		}
 	}
 
@@ -109,6 +104,7 @@ class Page_Statistics_Reporting extends Page
 				$data['tables'][] = array(
 					'name' => Dictionary::translate('table_' . $table, true),
 					'value' => $table,
+					'allowed' => User::hasPermission("table.view.$table"),
 					'selected' => ($this->type === $table) ? 'selected' : '',
 				);
 			}
@@ -130,15 +126,17 @@ class Page_Statistics_Reporting extends Page
 				$data['settingsButtonClass'] = 'danger';
 			}
 
+			$data['allowedExport'] = User::hasPermission("table.export") && User::hasPermission("table.view.$this->type");
+			$data['allowedDownload'] = User::hasPermission("reporting.download");
+			$data['allowedReportChange'] = User::hasPermission("reporting.change");
+
 			Render::addTemplate('columnChooser', $data);
 
 			$data['data'] = $this->fetchData(GETDATA_PRINTABLE);
 
-			if (User::hasPermission("table.view.$this->type"))
+			if (User::hasPermission("table.view.$this->type")) {
 				Render::addTemplate('table-' . $this->type, $data);
-			else
-				Message::addError('main.no-permission');
-
+			}
 		}
 	}
 
@@ -146,23 +144,24 @@ class Page_Statistics_Reporting extends Page
 	{
 		$this->action = Request::any('action', false, 'string');
 		if ($this->action === 'setReporting') {
-			if (!User::hasPermission("reporting.change")) {
-				die("Permission denied.");
-			}
-			$state = Request::post('reporting', false, 'string');
-			if ($state === false) {
-				die('Missing setting value.');
-			}
-			RemoteReport::setReportingEnabled($state);
-			$data = array();
-			if (RemoteReport::isReportingEnabled()) {
-				$data['class'] = 'default';
-				$data['checked'] = true;
+			if (User::hasPermission("reporting.change")) {
+				$state = Request::post('reporting', false, 'string');
+				if ($state === false) {
+					die('Missing setting value.');
+				}
+				RemoteReport::setReportingEnabled($state);
+				$data = array();
+				if (RemoteReport::isReportingEnabled()) {
+					$data['class'] = 'default';
+					$data['checked'] = true;
+				} else {
+					$data['class'] = 'danger';
+				}
+				Header('Content-Type: application/json; charset=utf-8');
+				die(json_encode($data));
 			} else {
-				$data['class'] = 'danger';
+				die('No permission.');
 			}
-			Header('Content-Type: application/json; charset=utf-8');
-			die(json_encode($data));
 		} else {
 			echo 'Invalid action.';
 		}
diff --git a/modules-available/statistics_reporting/permissions/permissions.json b/modules-available/statistics_reporting/permissions/permissions.json
index 14f4ff3b..e6e550eb 100644
--- a/modules-available/statistics_reporting/permissions/permissions.json
+++ b/modules-available/statistics_reporting/permissions/permissions.json
@@ -4,7 +4,7 @@
 	"table.view.client": "View client table.",
 	"table.view.user": "View user table.",
 	"table.view.vm": "View lecture table.",
-	"table.export": "Export tables as JSON/CSV/XML.",
+	"table.export": "Export tables as JSON/CSV/XML. Needs the permission to view the table to export it.",
 	"reporting.download": "Download weekly report.",
 	"reporting.change": "Change weekly reporting settings."
 }
\ No newline at end of file
diff --git a/modules-available/statistics_reporting/templates/columnChooser.html b/modules-available/statistics_reporting/templates/columnChooser.html
index 0059e681..a6561c47 100644
--- a/modules-available/statistics_reporting/templates/columnChooser.html
+++ b/modules-available/statistics_reporting/templates/columnChooser.html
@@ -15,7 +15,7 @@
 				<div class="col-md-2">
 					<select name="type" id="select-table" class="form-control">
 						{{#tables}}
-						<option value="{{value}}" {{selected}}>{{name}}</option>
+						<option {{^allowed}}disabled{{/allowed}} value="{{value}}" {{selected}}>{{name}}</option>
 						{{/tables}}
 					</select>
 				</div>
@@ -45,7 +45,7 @@
 							<option value="xml">XML</option>
 						</select>
 						<div class="input-group-btn">
-							<button type="submit" class="btn btn-default" name="action" value="export">{{lang_export}}</button>
+							<button {{^allowedExport}}disabled {{/allowedExport}} type="submit" class="btn btn-default" name="action" value="export">{{lang_export}}</button>
 						</div>
 					</div>
 				</div>
@@ -86,18 +86,18 @@
 			</div>
 			<div class="modal-body">
 				<div class="checkbox">
-					<input id="checkbox-reporting" type="checkbox" value="on" {{reportChecked}}>
-					<label for="checkbox-reporting" style="padding-left: 40px">{{lang_reportingLabel}}</label>
+					<input {{^allowedReportChange}}disabled {{/allowedReportChange}} id="checkbox-reporting" type="checkbox" value="on" {{reportChecked}}>
+					<label for="checkbox-reporting" style="padding-left: 20px">{{lang_reportingLabel}}</label>
 				</div>
 				<div>
 					<p>{{lang_reportingDescription}}</p>
 					<p><a href="https://www.bwlehrpool.de/doku.php/satellite/statistics_reporting" target="_blank">{{lang_reportMoreInfo}}</a></p>
-					<a class="btn btn-success" href="?do=statistics_reporting&amp;action=getreport">{{lang_downloadReport}}</a>
 				</div>
 			</div>
 			<div class="modal-footer">
+				<button {{^allowedDownload}}disabled {{/allowedDownload}} class="btn btn-warning pull-left" onclick="window.location.href='?do=statistics_reporting&amp;action=getreport'">{{lang_downloadReport}}</button>
 				<button type="button" class="btn btn-default" data-dismiss="modal">{{lang_cancel}}</button>
-				<button type="button" class="btn btn-primary" data-dismiss="modal" onclick="saveSettings()">{{lang_save}}</button>
+				<button {{^allowedReportChange}}disabled {{/allowedReportChange}} type="button" class="btn btn-primary" data-dismiss="modal" onclick="saveSettings()">{{lang_save}}</button>
 			</div>
 		</div>
 
-- 
cgit v1.2.3-55-g7522