From d09cc1533e858290b3cfa3d4eb3906453e3b2fe9 Mon Sep 17 00:00:00 2001
From: Christian Hofmaier
Date: Tue, 16 Jan 2018 15:25:56 +0100
Subject: [baseconfig_partitions_cdn] implemented permission-system. you can
 only see site if you have atleast one permission. fixed the save-button (it's
 working now!). Didn't know what to do with this download-button.

---
 .../lang/de/permissions.json                       |  7 +++
 .../lang/en/permissions.json                       |  7 +++
 .../lang/en/template-tags.json                     |  4 +-
 .../baseconfig_partitions_cdn/page.inc.php         | 41 +++++++++++----
 .../permissions/permissions.json                   |  7 +++
 .../baseconfig_partitions_cdn/style.css            |  4 ++
 .../baseconfig_partitions_cdn/templates/_page.html | 60 ++++++++++++++--------
 7 files changed, 99 insertions(+), 31 deletions(-)
 create mode 100644 modules-available/baseconfig_partitions_cdn/lang/de/permissions.json
 create mode 100644 modules-available/baseconfig_partitions_cdn/lang/en/permissions.json
 create mode 100644 modules-available/baseconfig_partitions_cdn/permissions/permissions.json
 create mode 100644 modules-available/baseconfig_partitions_cdn/style.css

(limited to 'modules-available')

diff --git a/modules-available/baseconfig_partitions_cdn/lang/de/permissions.json b/modules-available/baseconfig_partitions_cdn/lang/de/permissions.json
new file mode 100644
index 00000000..35c21e09
--- /dev/null
+++ b/modules-available/baseconfig_partitions_cdn/lang/de/permissions.json
@@ -0,0 +1,7 @@
+{
+	"show": "Zeige Partitionen. Wird nicht benötigt, wenn Nutzer eine der anderen Rechte hat.",
+	"add": "Füge eine neue Partition hinzu.",
+	"delete": "Lösche eine Partition.",
+	"edit": "Speichere Änderungen an Partitionen.",
+	"reset": "Setze Partitionen auf Standardwerte zurück."
+}
\ No newline at end of file
diff --git a/modules-available/baseconfig_partitions_cdn/lang/en/permissions.json b/modules-available/baseconfig_partitions_cdn/lang/en/permissions.json
new file mode 100644
index 00000000..49742618
--- /dev/null
+++ b/modules-available/baseconfig_partitions_cdn/lang/en/permissions.json
@@ -0,0 +1,7 @@
+{
+	"show": "Show Partitions. Not needed if User has any of the other permissions.",
+	"add": "Add a new partition.",
+	"delete": "Delete a partition.",
+	"edit": "Save changes of partitions.",
+	"reset": "Reset partitions to default."
+}
\ No newline at end of file
diff --git a/modules-available/baseconfig_partitions_cdn/lang/en/template-tags.json b/modules-available/baseconfig_partitions_cdn/lang/en/template-tags.json
index 04ce6c80..472e5870 100644
--- a/modules-available/baseconfig_partitions_cdn/lang/en/template-tags.json
+++ b/modules-available/baseconfig_partitions_cdn/lang/en/template-tags.json
@@ -1,9 +1,9 @@
 {
     "lang_areYouSureNoUndo": "Are you sure? This cannot be undone!",
-    "lang_confirm": "Would you like to save the settings on [ \/srv\/openslx\/www\/boot\/config ] ?",
+    "lang_confirm": "Would you like to save the settings on \/srv\/openslx\/www\/boot\/config?",
     "lang_create": "Create",
     "lang_discardChanges": "Discard Changes",
-    "lang_explanationText": "Here you can configure what kind of partitions will be created on the client computers, and where they will be mounted",
+    "lang_explanationText": "Here you can configure what kind of partitions will be created on the client computers, and where they will be mounted.",
     "lang_helpId": "Partition Id",
     "lang_helpMountPoint": "Must be a directory: \/example\/directory\/",
     "lang_helpOptions": "Currently, only option 'bootable' is available",
diff --git a/modules-available/baseconfig_partitions_cdn/page.inc.php b/modules-available/baseconfig_partitions_cdn/page.inc.php
index a1d1445f..b61ea448 100644
--- a/modules-available/baseconfig_partitions_cdn/page.inc.php
+++ b/modules-available/baseconfig_partitions_cdn/page.inc.php
@@ -10,23 +10,39 @@ class Page_BaseConfig_Partitions_CDN extends Page
 		$action = Request::post('action');
 
 		if($action == 'new_partition') {
-			$this->addPartition();
+			if (User::hasPermission("partitions.add")) {
+				$this->addPartition();
+			}
 		}
 		if($action == 'reset') {
-			$this->resetConfig();
+			if (User::hasPermission("partitions.reset")) {
+				$this->resetConfig();
+			}
 		}
 
 		$deletePartition = Request::get('deletePartition');
 		if($deletePartition !== false) { // TODO: CSRF: Actions that change/update/delete anything should be POST
-			$this->deletePartition($deletePartition);
+			if (User::hasPermission("partitions.delete")) {
+				$this->deletePartition($deletePartition);
+			}
 		}
 
-		$this->updatePartitions();
+		if(User::hasPermission("partitions.edit")) {
+			$this->updatePartitions();
+		}
 	}
 
 	protected function doRender()
 	{
-		if (!User::hasPermission('baseconfig_local')) {
+		if (!User::isLoggedIn()) {
+			Message::addError('main.no-permission');
+			Util::redirect('?do=Main');
+		}
+
+		$hasAnyRight = User::hasPermission("partitions.add") || User::hasPermission("partitions.delete")
+						|| User::hasPermission("partitions.edit") || User::hasPermission("partitions.reset");
+
+		if (!(User::hasPermission("show") || $hasAnyRight)) {
 			Message::addError('main.no-permission');
 			Util::redirect('?do=Main');
 		}
@@ -48,7 +64,11 @@ class Page_BaseConfig_Partitions_CDN extends Page
 
 		Render::addTemplate('_page', array(
 			'partitions' => $partitions,
-			'user' => User::getId()
+			'user' => User::getId(),
+			'allowedToAdd' => User::hasPermission("partitions.add"),
+			'allowedToDelete' => User::hasPermission("partitions.delete"),
+			'allowedToEdit' => User::hasPermission("partitions.edit"),
+			'allowedToReset' => User::hasPermission("partitions.reset")
 		));
 	}
 
@@ -92,9 +112,9 @@ class Page_BaseConfig_Partitions_CDN extends Page
 	private function updatePartitions(){
 		$partitions = array();
 		foreach($_POST as $key => $value){
-			if(substr($key,0,9) == 'partition'){
-				$id = substr($key,10,1);
-				$type = substr($key,12);
+
+			if (substr($key, 0, 9) == 'partition') {
+				list($key, $id, $type) = explode("-", $key);
 				$partitions[$id][$type] = $value;
 			}
 		}
@@ -111,6 +131,8 @@ class Page_BaseConfig_Partitions_CDN extends Page
 			Database::exec('UPDATE setting_partition SET partition_id=:partition_id, size=:size, mount_point=:mount_point,
 					options=:options  WHERE id=:id AND user=:user;', $data);
 		}
+
+
 		if (!empty($partitions)) {
 			Message::addSuccess('partitions-updated');
 			Util::redirect('?do=BaseConfig_Partitions_CDN');
@@ -129,5 +151,6 @@ class Page_BaseConfig_Partitions_CDN extends Page
 		Database::exec ( "INSERT INTO setting_partition SET partition_id = '40', size = '20G', mount_point = '/cache/export/dnbd3', user = :user", $data );
 		Database::exec ( "INSERT INTO setting_partition SET partition_id = '41', size = '5G', mount_point = '/home', user = :user", $data );
 		Database::exec ( "INSERT INTO setting_partition SET partition_id = '82', size = '1G', user = :user", $data );
+		Util::redirect('?do=BaseConfig_Partitions_CDN');
 	}
 }
\ No newline at end of file
diff --git a/modules-available/baseconfig_partitions_cdn/permissions/permissions.json b/modules-available/baseconfig_partitions_cdn/permissions/permissions.json
new file mode 100644
index 00000000..286a975b
--- /dev/null
+++ b/modules-available/baseconfig_partitions_cdn/permissions/permissions.json
@@ -0,0 +1,7 @@
+[
+	"show",
+	"partitions.add",
+	"partitions.delete",
+	"partitions.edit",
+	"partitions.reset"
+]
\ No newline at end of file
diff --git a/modules-available/baseconfig_partitions_cdn/style.css b/modules-available/baseconfig_partitions_cdn/style.css
new file mode 100644
index 00000000..d55e5e5b
--- /dev/null
+++ b/modules-available/baseconfig_partitions_cdn/style.css
@@ -0,0 +1,4 @@
+.missingInput {
+    border-color: rgba(255, 0, 0, 0.8);
+    box-shadow: 0 1px 1px rgba(255, 0, 0, 0.075) inset, 0 0 8px rgba(255, 0, 0, 0.6);
+}
\ No newline at end of file
diff --git a/modules-available/baseconfig_partitions_cdn/templates/_page.html b/modules-available/baseconfig_partitions_cdn/templates/_page.html
index 71cbb7db..2cb3f2a6 100644
--- a/modules-available/baseconfig_partitions_cdn/templates/_page.html
+++ b/modules-available/baseconfig_partitions_cdn/templates/_page.html
@@ -21,7 +21,7 @@
 					<input name='partition-{{id}}-options' type='text' class='form-control' size='30' value='{{options}}' placeholder='{{lang_partitionOptions}}'/>
 				</div>
 				<div class='col-sm-1 col-md-2'>
-					<a class='btn btn-danger' href='?do=BaseConfig_Partitions_CDN&amp;deletePartition={{id}}&amp;token={{token}}'>
+					<a class='btn btn-danger btn-sm {{allowedToDelete}}disabled{{allowedToDelete}}' href='?do=BaseConfig_Partitions_CDN&amp;deletePartition={{id}}&amp;token={{token}}'>
 						<span class='glyphicon glyphicon-trash'></span>
 					</a>
 				</div>
@@ -30,16 +30,16 @@
 		{{/partitions}}
 		<div class='list-group-item clearfix'>
 			<div class="pull-right">
-				<a class='btn btn-success ' data-toggle='modal' data-target='#add-partition'>
+				<button {{^allowedToAdd}}disabled{{/allowedToAdd}} type="button" class='btn btn-success' data-toggle='modal' data-target='#add-partition'>
 					<span class='glyphicon glyphicon-plus'></span> {{lang_newPartition}}
-				</a>
+				</button>
 			</div>
 		</div>
 	</div>
 	<div class="pull-right">
-		<a class="btn btn-default" data-toggle="modal" data-target="#downloadModal"><span class="glyphicon glyphicon-download-alt"></span> Download</a>
+		<button type="button" class="btn btn-default" data-toggle="modal" data-target="#downloadModal"><span class="glyphicon glyphicon-download-alt"></span> Download</button>
 		<button class="btn btn-warning" type="reset"><span class="glyphicon glyphicon-refresh"></span> {{lang_discardChanges}}</button>
-		<button class="btn btn-primary" type="submit"><span class="glyphicon glyphicon-floppy-disk"></span> {{lang_save}}</button>
+		<button {{^allowedToEdit}}disabled{{/allowedToEdit}} class="btn btn-primary" type="submit"><span class="glyphicon glyphicon-floppy-disk"></span> {{lang_save}}</button>
 	</div>
 
 	<div class ="modal fade" id="downloadModal" tabindex="-1" role="dialog" aria-labelledby="myModalLabel">
@@ -49,8 +49,10 @@
 					{{lang_confirm}}
 				</div>
 				<div class="modal-footer">
-					<button type="button" onclick="saveConfig(false)" class="btn btn-default" data-dismiss="modal">{{lang_cancel}}</button>
-					<button type="button" onclick="saveConfig(true)" class="btn btn-sm btn-danger" name="download"> Download</button>
+					<button type="button" class="btn btn-default" data-dismiss="modal">{{lang_cancel}}</button>
+					<button type="button" onclick="saveConfig()" class="btn btn-primary" name="download">
+						<span class="glyphicon glyphicon-download-alt"></span> Download
+					</button>
 				</div>
 			</div>
 		</div>
@@ -60,7 +62,7 @@
 <form method="post" action="?do=BaseConfig_Partitions_CDN">
 	<input type="hidden" name="token" value="{{token}}">
 	<input type="hidden" name="action" value="reset">
-	<button class="btn btn-danger" type="button" data-toggle="modal" data-target="#resetDefaultModal">{{lang_resetDefault}}</button>
+	<button {{^allowedToReset}}disabled{{/allowedToReset}} class="btn btn-danger" type="button" data-toggle="modal" data-target="#resetDefaultModal">{{lang_resetDefault}}</button>
 
 	<div class ="modal fade" id="resetDefaultModal" tabindex="-1" role="dialog" aria-labelledby="myModalLabel">
 		<div class="modal-dialog" style="width: 400px" role="document">
@@ -70,7 +72,7 @@
 				</div>
 				<div class="modal-footer">
 					<button type="button" class="btn btn-default" data-dismiss="modal">{{lang_cancel}}</button>
-					<button type="submit" class="btn btn-sm btn-danger" name="resetDefault"> {{lang_resetDefault}}</button>
+					<button type="submit" class="btn btn-danger" name="resetDefault"> {{lang_resetDefault}}</button>
 				</div>
 			</div>
 		</div>
@@ -78,7 +80,7 @@
 </form>
 
 <!-- Create Partition Window -->
-<form action="?do=BaseConfig_Partitions_CDN" method="post">
+<form id="createPartitionForm" action="?do=BaseConfig_Partitions_CDN" method="post">
 	<div class="modal fade" id="add-partition" tabindex="-1" role="dialog">
 		<div class="modal-dialog">
 
@@ -89,12 +91,12 @@
 
 				<div class="modal-body">
 					<div class="input-group">
-						<span class="input-group-addon" style="min-width:140px;">{{lang_partitionId}}</span>
+						<span class="input-group-addon" style="min-width:140px;">{{lang_partitionId}} *</span>
 						<input name="new-partition-id" class="form-control" type="text">
 					</div>
 					<p class="help-block">{{lang_helpId}}</p>
 					<div class="input-group">
-						<span class="input-group-addon" style="min-width:140px;">{{lang_partitionSize}}</span>
+						<span class="input-group-addon" style="min-width:140px;">{{lang_partitionSize}} *</span>
 						<input name="new-partition-size" class="form-control" type="text">
 					</div>
 					<p class="help-block">{{lang_helpSize}}</p>
@@ -111,8 +113,10 @@
 				</div>
 
 				<div class="modal-footer">
-					<a class="btn btn-default" data-dismiss="modal">{{lang_cancel}}</a>
-					<input type="submit" class="btn btn-primary" value="{{lang_create}}">
+					<button class="btn btn-default" data-dismiss="modal">{{lang_cancel}}</button>
+					<button type="submit" class="btn btn-success">
+						<span class='glyphicon glyphicon-plus'></span> {{lang_create}}
+					</button>
 				</div>
 			</div>
 		</div>
@@ -120,12 +124,28 @@
 	<input type="hidden" name="action" value="new_partition">
 	<input type="hidden" name="token" value="{{token}}">
 </form>
+
 <script type="text/javascript">
-	function saveConfig(download){
-		if(download)
-			window.location = 'api.php?do=baseconfig&user={{user}}&save=true';
-		else
-			window.location = 'api.php?do=baseconfig&user={{user}}';
-	}
+	document.addEventListener("DOMContentLoaded", function () {
+		$("#createPartitionForm").submit(function () {
+			var input1 = $("input[name=new-partition-id]");
+			var input2 = $("input[name=new-partition-size]");
+			var id = $.trim(input1.val());
+			var size = $.trim(input2.val());
+			if (!id) {
+				input1.addClass("missingInput");
+			}
+			if (!size) {
+				input2.addClass("missingInput");
+			}
+			if (!id || !size) {
+				return false;
+			}
+		});
+	});
+
 
+	function saveConfig(){
+		window.location = 'api.php?do=baseconfig&user={{user}}&save=true';
+	}
 </script>
\ No newline at end of file
-- 
cgit v1.2.3-55-g7522