diff --git a/admin/inc/class.uiaccounts.inc.php b/admin/inc/class.uiaccounts.inc.php index bfada15bbd..c6f5df18f7 100755 --- a/admin/inc/class.uiaccounts.inc.php +++ b/admin/inc/class.uiaccounts.inc.php @@ -113,6 +113,11 @@ function list_users($param_cd='') { + if ($GLOBALS['phpgw']->acl->check('account_access',1,'admin')) + { + $GLOBALS['phpgw']->redirect($GLOBALS['phpgw']->link('/admin/index.php')); + } + if(!$param_cd) { $cd = $param_cd; @@ -151,11 +156,20 @@ 'lang_view' => lang('view'), 'actionurl' => $GLOBALS['phpgw']->link('/index.php','menuaction=admin.uiaccounts.add_user'), 'accounts_url' => $url, - 'lang_add' => lang('add'), 'lang_search' => lang('search') ); $p->set_var($var); + if (! $GLOBALS['phpgw']->acl->check('account_access',4,'admin')) + { + $p->set_var('input_add',''); + } + + if (! $GLOBALS['phpgw']->acl->check('account_access',2,'admin')) + { + $p->set_var('input_search',lang('Search') . ' '); + } + $account_info = $GLOBALS['phpgw']->accounts->get_list('accounts',$start,$sort,$order,$query); if (! count($account_info)) @@ -165,23 +179,62 @@ } else { + if (! $GLOBALS['phpgw']->acl->check('account_access',8,'admin')) + { + $can_view = True; + } + + if (! $GLOBALS['phpgw']->acl->check('account_access',16,'admin')) + { + $can_edit = True; + } + + if (! $GLOBALS['phpgw']->acl->check('account_access',32,'admin')) + { + $can_delete = True; + } + while (list($null,$account) = each($account_info)) { $this->nextmatchs->template_alternate_row_color($p); - $var = Array( - 'row_loginid' => $account['account_lid'], - 'row_firstname' => (!$account['account_firstname']?' ':$account['account_firstname']), - 'row_lastname' => (!$account['account_lastname']?' ':$account['account_lastname']), - 'row_edit' => $this->row_action('edit','user',$account['account_id']), - 'row_delete' => ($GLOBALS['phpgw_info']['user']['userid'] != $account['account_lid']?$this->row_action('delete','user',$account['account_id']):' '), - 'row_view' => $this->row_action('view','user',$account['account_id']) + $var = array( + 'row_loginid' => $account['account_lid'], + 'row_firstname' => (!$account['account_firstname']?' ':$account['account_firstname']), + 'row_lastname' => (!$account['account_lastname']?' ':$account['account_lastname']) ); $p->set_var($var); + + if ($can_edit) + { + $p->set_var('row_edit',$this->row_action('edit','user',$account['account_id'])); + } + else + { + $p->set_var('row_edit',' '); + } + + if ($can_delete) + { + $p->set_var('row_delete',($GLOBALS['phpgw_info']['user']['userid'] != $account['account_lid']?$this->row_action('delete','user',$account['account_id']):' ')); + } + else + { + $p->set_var('row_delete',' '); + } + + if ($can_view) + { + $p->set_var('row_view',$this->row_action('view','user',$account['account_id'])); + } + else + { + $p->set_var('row_view',' '); + } $p->parse('rows','row',True); } } // End else - $p->pparse('out','list'); + $p->pfp('out','list'); } function add_group() @@ -197,7 +250,14 @@ function add_user() { - $this->create_edit_user(0); + if ($GLOBALS['phpgw']->acl->check('account_access',4,'admin')) + { + $this->list_users(); + } + else + { + $this->create_edit_user(0); + } } function delete_group() @@ -276,11 +336,10 @@ function delete_user() { - - if($GLOBALS['phpgw_info']['user']['account_id'] == $GLOBALS['HTTP_GET_VARS']['account_id']) + if ($GLOBALS['phpgw']->acl->check('account_access',32,'admin') || $GLOBALS['phpgw_info']['user']['account_id'] == $GLOBALS['HTTP_GET_VARS']['account_id']) { - Header('Location: '.$GLOBALS['phpgw']->link('/index.php','menuaction=admin.uiaccounts.list_users')); - $GLOBALS['phpgw']->common->phpgw_exit(); + $this->list_users(); + return False; } unset($GLOBALS['phpgw_info']['flags']['noheader']); @@ -348,6 +407,12 @@ function edit_user($cd='',$account_id='') { + if ($GLOBALS['phpgw']->acl->check('account_access',16,'admin')) + { + $this->list_users(); + return False; + } + $cdid = $cd; settype($cd,'integer'); $cd = ($GLOBALS['HTTP_GET_VARS']['cd']?$GLOBALS['HTTP_GET_VARS']['cd']:intval($cdid)); @@ -358,9 +423,10 @@ // todo // not needed if i use the same file for new users too - if (!$account_id) + if (! $account_id) { - Header('Location: ' . $GLOBALS['phpgw']->link('/index.php','menuaction=admin.uiaccounts.list_users')); + $this->list_users(); + return False; } else { @@ -370,9 +436,10 @@ function view_user() { - if (!$GLOBALS['HTTP_GET_VARS']['account_id']) + if ($GLOBALS['phpgw']->acl->check('account_access',8,'admin') || ! $GLOBALS['HTTP_GET_VARS']['account_id']) { - Header('Location: ' . $phpgw->link('/index.php','menuaction=admin.uiaccounts.list_users')); + $this->list_users(); + return False; } unset($GLOBALS['phpgw_info']['flags']['noheader']); unset($GLOBALS['phpgw_info']['flags']['nonavbar']); diff --git a/admin/inc/class.uimenuclass.inc.php b/admin/inc/class.uimenuclass.inc.php index e3b069765a..0046c6954f 100644 --- a/admin/inc/class.uimenuclass.inc.php +++ b/admin/inc/class.uimenuclass.inc.php @@ -38,8 +38,8 @@ } // $file must be in the following format: - // $file = Array( - // 'Login History' => array('/index.php','menuaction=admin.uiaccess_history.list') + // $file = array( + // 'Login History' => array('/index.php','menuaction=admin.uiaccess_history.list') // ); // This allows extra data to be sent along function display_section($_menuData) @@ -65,7 +65,8 @@ $this->t->set_var('th_bg',$GLOBALS['phpgw_info']['theme']['th_bg']); $this->t->set_var('link_done',$GLOBALS['phpgw']->link('/index.php','menuaction=admin.uiaccounts.list_users')); - $this->t->set_var('lang_done',lang('back')); + $this->t->set_var('lang_done',lang('Back')); + $this->t->set_var('row_on',$this->rowColor[0]); $this->t->parse('out','menu_links'); @@ -79,23 +80,21 @@ switch ($_hookname) { case 'edit_user': - $GLOBALS['menuData'][] = Array - ( - 'description' => 'userdata', - 'url' => '/index.php', - 'extradata' => 'menuaction=admin.uiaccounts.edit_user' + $GLOBALS['menuData'][] = array( + 'description' => 'User Data', + 'url' => '/index.php', + 'extradata' => 'menuaction=admin.uiaccounts.edit_user' ); break; case 'view_user': - $GLOBALS['menuData'][] = Array - ( - 'description' => 'userdata', - 'url' => '/index.php', - 'extradata' => 'menuaction=admin.uiaccounts.view_user' + $GLOBALS['menuData'][] = array( + 'description' => 'User Data', + 'url' => '/index.php', + 'extradata' => 'menuaction=admin.uiaccounts.view_user' ); break; } - + $GLOBALS['phpgw']->common->hook($_hookname); if (count($GLOBALS['menuData']) > 1) diff --git a/admin/inc/hook_acl_manager.inc.php b/admin/inc/hook_acl_manager.inc.php new file mode 100644 index 0000000000..42a72f78c9 --- /dev/null +++ b/admin/inc/hook_acl_manager.inc.php @@ -0,0 +1,96 @@ + 'Deny to site configuration', + 'rights' => array( + 'List config settings' => 1, + 'Change config settings' => 2 + ) + ); + + $GLOBALS['acl_manager']['admin']['account_access'] = array( + 'name' => 'Deny access to user accounts', + 'rights' => array( + 'Account list' => 1, + 'Search accounts' => 2, + 'Add account' => 4, + 'View account' => 8, + 'Edit account' => 16, + 'Delete account' => 32, + ) + ); + + $GLOBALS['acl_manager']['admin']['group_access'] = array( + 'name' => 'Deny access to groups', + 'rights' => array( + 'Group list' => 1, + 'Search groups' => 2, + 'Add group' => 4, + 'View group' => 8, + 'Edit group' => 16, + 'Delete group' => 32 + ) + ); + + $GLOBALS['acl_manager']['admin']['peer_server_access'] = array( + 'name' => 'Deny access to peer servers', + 'rights' => array( + 'Peer server list' => 1, + 'Search peer servers' => 2, + 'Add peer server' => 4, + 'View peer server' => 8, + 'Edit peer server' => 16, + 'Delete peer server' => 32 + ) + ); + + $GLOBALS['acl_manager']['admin']['applications_access'] = array( + 'name' => 'Deny access to applications', + 'rights' => array( + 'Applications list' => 1, + 'Add application' => 2, + 'Edit application' => 4, + 'Delete application' => 8 + ) + ); + + $GLOBALS['acl_manager']['admin']['global_categories_access'] = array( + 'name' => 'Deny access to global categories', + 'rights' => array( + 'Categories list' => 1, + 'Search categories' => 2, + 'Add category' => 4, + 'View category' => 8, + 'Edit category' => 16, + 'Delete category' => 32 + ) + ); + + $GLOBALS['acl_manager']['admin']['mainscreen_message_access'] = array( + 'name' => 'Deny access to mainscreen message', + 'rights' => array( + 'Main screen message' => 1, + 'Login message' => 2 + ) + ); + + $GLOBALS['acl_manager']['admin']['current_sessions_access'] = array( + 'name' => 'Deny access to current sessions', + 'rights' => array( + 'List current sessions' => 1, + 'Show current action' => 2, + 'Show session IP address' => 4, + 'Kill session' => 8 + ) + ); diff --git a/admin/inc/hook_admin.inc.php b/admin/inc/hook_admin.inc.php index a0f02de61a..8848d64310 100644 --- a/admin/inc/hook_admin.inc.php +++ b/admin/inc/hook_admin.inc.php @@ -11,20 +11,51 @@ /* $Id$ */ - $file = array( - 'Site Configuration' => $phpgw->link('/admin/config.php','appname=admin'), - 'Peer Servers' => $phpgw->link('/admin/servers.php'), - 'User Accounts' => $phpgw->link('/index.php','menuaction=admin.uiaccounts.list_users'), - 'User Groups' => $phpgw->link('/index.php','menuaction=admin.uiaccounts.list_groups'), - 'Applications' => $phpgw->link('/admin/applications.php'), - 'Global Categories' => $phpgw->link('/admin/categories.php'), - 'Change Main Screen Message' => $phpgw->link('/admin/mainscreen_message.php'), - 'View Sessions' => $phpgw->link('/index.php','menuaction=admin.uicurrentsessions.list_sessions'), - 'View Access Log' => $phpgw->link('/index.php','menuaction=admin.uiaccess_history.list_history'), - 'View Error Log' => $phpgw->link('/admin/log.php'), - 'phpInfo' => $phpgw->link('/admin/phpinfo.php') - ); + if (! $GLOBALS['phpgw']->acl->check('site_config_access',1,'admin')) + { + $file['Site Configuration'] = $phpgw->link('/admin/config.php','appname=admin'); + } + + if (! $GLOBALS['phpgw']->acl->check('peer_server_access',1,'admin')) + { + $file['Peer Servers'] = $phpgw->link('/admin/servers.php'); + } + + if (! $GLOBALS['phpgw']->acl->check('account_access',1,'admin')) + { + $file['User Accounts'] = $phpgw->link('/index.php','menuaction=admin.uiaccounts.list_users'); + } + + if (! $GLOBALS['phpgw']->acl->check('group_access',1,'admin')) + { + $file['User Groups'] = $phpgw->link('/index.php','menuaction=admin.uiaccounts.list_groups'); + } + + if (! $GLOBALS['phpgw']->acl->check('applications_access',1,'admin')) + { + $file['Applications'] = $phpgw->link('/admin/applications.php'); + } + + if (! $GLOBALS['phpgw']->acl->check('global_categories_access',1,'admin')) + { + $file['Global Categories'] = $phpgw->link('/admin/categories.php'); + } + + if (! $GLOBALS['phpgw']->acl->check('mainscreen_message_access',1,'admin')) + { + $file['Change Main Screen Message'] = $phpgw->link('/admin/mainscreen_message.php'); + } + + if (! $GLOBALS['phpgw']->acl->check('current_sessions_access',1,'admin')) + { + $file['View Sessions'] = $phpgw->link('/index.php','menuaction=admin.uicurrentsessions.list_sessions'); + } + + // These need to be added still + $file['View Access Log'] = $phpgw->link('/index.php','menuaction=admin.uiaccess_history.list_history'); + $file['View Error Log'] = $phpgw->link('/admin/log.php'); + $file['phpInfo'] = $phpgw->link('/admin/phpinfo.php'); //Do not modify below this line display_section('admin','admin',$file); -?> +?> \ No newline at end of file diff --git a/admin/inc/hook_view_account.inc.php b/admin/inc/hook_view_account.inc.php new file mode 100644 index 0000000000..40e7004ebc --- /dev/null +++ b/admin/inc/hook_view_account.inc.php @@ -0,0 +1,30 @@ + 'Login History', + 'url' => '/index.php', + 'extradata' => 'menuaction=admin.uiaccess_history.list_history' + ); + + $GLOBALS['menuData'][] = array( + 'description' => 'ACL Rights', + 'url' => '/index.php', + 'extradata' => 'menuaction=admin.uiaclmanager.list_apps' + ); + + //Do not modify below this line +// global $menuData; + +// $GLOBALS['menuData'][] = $data; +?> \ No newline at end of file diff --git a/admin/inc/hook_view_user.inc.php b/admin/inc/hook_view_user.inc.php index 87e82c6c59..a451d73603 100755 --- a/admin/inc/hook_view_user.inc.php +++ b/admin/inc/hook_view_user.inc.php @@ -1,12 +1,25 @@ 'Login History', - 'url' => '/index.php', - 'extradata' => 'menuaction=admin.uiaccess_history.list_history' + /**************************************************************************\ + * phpGroupWare - Administration * + * http://www.phpgroupware.org * + * -------------------------------------------- * + * This program is free software; you can redistribute it and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; either version 2 of the License, or (at your * + * option) any later version. * + \**************************************************************************/ + + /* $Id$ */ + + $GLOBALS['menuData'][] = array( + 'description' => 'Login History', + 'url' => '/index.php', + 'extradata' => 'menuaction=admin.uiaccess_history.list_history' ); - //Do not modify below this line - $GLOBALS['menuData'][] = $data; -?> + $GLOBALS['menuData'][] = array( + 'description' => 'ACL Rights', + 'url' => '/index.php', + 'extradata' => 'menuaction=admin.uiaclmanager.list_apps' + ); +?> \ No newline at end of file diff --git a/admin/templates/default/account_form.tpl b/admin/templates/default/account_form.tpl index 08b0fffbd9..243b2b5174 100644 --- a/admin/templates/default/account_form.tpl +++ b/admin/templates/default/account_form.tpl @@ -5,8 +5,10 @@
- {rows} - + + + + + + + + + + + + + diff --git a/admin/templates/default/acl_applist.tpl b/admin/templates/default/acl_applist.tpl new file mode 100644 index 0000000000..d6bd7a53c5 --- /dev/null +++ b/admin/templates/default/acl_applist.tpl @@ -0,0 +1,33 @@ + +{lang_header} +

+ +

+ + {rows} + @@ -32,9 +34,7 @@ - - - + diff --git a/admin/templates/default/accounts.tpl b/admin/templates/default/accounts.tpl index 7661d5a2d8..dec12d314c 100644 --- a/admin/templates/default/accounts.tpl +++ b/admin/templates/default/accounts.tpl @@ -28,12 +28,12 @@
{lang_groups}{groups_select} {lang_file_space}{account_file_space}{account_file_space_select}{groups_select} 
diff --git a/admin/templates/default/acl_accounts.tpl b/admin/templates/default/acl_accounts.tpl new file mode 100644 index 0000000000..e9d602aec3 --- /dev/null +++ b/admin/templates/default/acl_accounts.tpl @@ -0,0 +1,53 @@ + +{lang_header} +

+ +

- + {input_add} +
- {lang_search}  - + {input_search}
+ + + + + +
{left_next_matchs} {right_next_matchs}
+ +
+ + + + + + + + + {rows} + +
{lang_loginid}{lang_lastname}{lang_firstname}{lang_access}
+
+ +
+ + + + +
+ + + +
+ + + + +
{row_loginid}{row_lastname}{row_firstname}{row_access}
{message}
+ {rows} +
+ + + + + [ {app_name} ] +   {app_name} + + + + + +   {app_name} + + + + + +  • {lang_location} + + + + + +   + + diff --git a/admin/templates/default/acl_manager_form.tpl b/admin/templates/default/acl_manager_form.tpl new file mode 100644 index 0000000000..c10c9a75bd --- /dev/null +++ b/admin/templates/default/acl_manager_form.tpl @@ -0,0 +1,20 @@ + +{lang_title} +

+ +

+ + + + + + + + + + + +
{lang_message}
{select_values}
+
+ + diff --git a/admin/templates/default/menurow.tpl b/admin/templates/default/menurow.tpl index 8ec045e637..8a4dd5d2fa 100644 --- a/admin/templates/default/menurow.tpl +++ b/admin/templates/default/menurow.tpl @@ -1,27 +1,19 @@ - - {all_rows} - + - +
 
-   -  
-   {lang_done} -   {lang_done}
- - -   {row_text} +   {row_text}