extern/egroupware
1
0
Fork 1
mirror of https://github.com/EGroupware/egroupware.git synced 2025-06-25 12:21:26 +02:00
Code Issues Packages Projects Releases Wiki Activity

- Groups and accounts now fully check ACL rights for each section

Browse Source 
- Admins can only grant as much access as they already have
- Removed Header() calls and replaced them with direct ui calls
This commit is contained in:
jengo 2001-09-04 04:26:51 +00:00
parent 276153be84
commit 32a1526890
5 changed files with 184 additions and 120 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

129
admin/inc/class.boaccounts.inc.php
View File

@ -13,6 +13,8 @@
class boaccounts class boaccounts
{ {
var $ui;
var $so;
var $public_functions = array( var $public_functions = array(
'add_group' => True, 'add_group' => True,
'add_user' => True, 'add_user' => True,
@ -22,11 +24,16 @@
'edit_user' => True 'edit_user' => True
); );
var $so; function boaccounts($dont_load_ui = False)
function boaccounts()
{ {
$this->so = createobject('admin.soaccounts'); $this->so = createobject('admin.soaccounts');
// This is to prevent an infinite loop which ends up segfaulting PHP and will drive
// you crazy for hours tring to track it down. (jengo)
if (! $dont_load_ui)
{
$this->ui = createobject('admin.uiaccounts');
}
} }
function account_total($account_type,$query='') function account_total($account_type,$query='')
@ -36,10 +43,10 @@
function delete_group() function delete_group()
{ {
if (!@isset($GLOBALS['HTTP_POST_VARS']['account_id']) || !@$GLOBALS['HTTP_POST_VARS']['account_id']) if (!@isset($GLOBALS['HTTP_POST_VARS']['account_id']) || !@$GLOBALS['HTTP_POST_VARS']['account_id'] || $GLOBALS['phpgw']->acl->check('group_access',32,'admin'))
{ {
Header('Location: ' . $GLOBALS['phpgw']->link('/index.php','menuaction=admin.uiaccounts.list_groups')); $this->ui->list_groups();
$GLOBALS['phpgw']->common->phpgw_exit(); return False;
} }
$account_id = intval($GLOBALS['HTTP_POST_VARS']['account_id']); $account_id = intval($GLOBALS['HTTP_POST_VARS']['account_id']);
@ -74,23 +81,17 @@
$GLOBALS['phpgw']->db->unlock(); $GLOBALS['phpgw']->db->unlock();
Header('Location: ' . $GLOBALS['phpgw']->link('/index.php', $this->ui->list_accounts();
Array( return False;
'menuaction' => 'admin.uiaccounts.list_groups',
'cd' => $cd
)
)
);
$GLOBALS['phpgw']->common->phpgw_exit();
} }
function delete_user() function delete_user()
{ {
if(isset($GLOBALS['HTTP_POST_VARS']['cancel'])) if (isset($GLOBALS['HTTP_POST_VARS']['cancel']) || $GLOBALS['phpgw']->acl->check('account_access',32,'admin'))
{ {
Header('Location: '.$GLOBALS['phpgw']->link('/index.php','menuaction=admin.uiaccounts.list_users')); $this->ui->list_users();
$GLOBALS['phpgw']->common->phpgw_exit(); return False;
} }
elseif($GLOBALS['HTTP_POST_VARS']['delete_account']) elseif($GLOBALS['HTTP_POST_VARS']['delete_account'])
{ {
@ -127,19 +128,19 @@
$cd = 29; $cd = 29;
} }
Header('Location: ' . $GLOBALS['phpgw']->link('/index.php', $this->ui->list_users();
Array( return False;
'menuaction' => 'admin.uiaccounts.list_users',
'cd' => $cd
)
)
);
$GLOBALS['phpgw']->common->phpgw_exit();
} }
} }
function add_group() function add_group()
{ {
if ($GLOBALS['phpgw']->acl->check('group_access',4,'admin'))
{
$this->ui->list_groups();
return False;
}
$temp_users = ($GLOBALS['HTTP_POST_VARS']['account_user']?$GLOBALS['HTTP_POST_VARS']['account_user']:Array()); $temp_users = ($GLOBALS['HTTP_POST_VARS']['account_user']?$GLOBALS['HTTP_POST_VARS']['account_user']:Array());
$account_user = Array(); $account_user = Array();
@reset($temp_users); @reset($temp_users);
@ -250,18 +251,18 @@
$GLOBALS['phpgw']->db->unlock(); $GLOBALS['phpgw']->db->unlock();
Header('Location: ' . $GLOBALS['phpgw']->link('/index.php', $this->ui->list_groups();
Array( return False;
'menuaction' => 'admin.uiaccounts.list_groups',
'cd' => $cd
)
)
);
$GLOBALS['phpgw']->common->phpgw_exit();
} }
function add_user() function add_user()
{ {
if ($GLOBALS['phpgw']->acl->check('account_access',4,'admin'))
{
$this->ui->list_users();
return False;
}
if ($GLOBALS['HTTP_POST_VARS']['submit']) if ($GLOBALS['HTTP_POST_VARS']['submit'])
{ {
$userData = array( $userData = array(
@ -386,14 +387,8 @@
$GLOBALS['phpgw']->common->hook_single('add_user_data', $value); $GLOBALS['phpgw']->common->hook_single('add_user_data', $value);
} }
*/ */
Header('Location: ' . $GLOBALS['phpgw']->link('/index.php', $this->ui->list_users();
Array( return False;
'menuaction' => 'admin.uiaccounts.list_users',
'cd' => $cd
)
)
);
$GLOBALS['phpgw']->common->phpgw_exit();
} }
else else
{ {
@ -403,13 +398,19 @@
} }
else else
{ {
Header('Location: '.$GLOBALS['phpgw']->link('/index.php','menuaction=admin.uiaccounts.list_users')); $this->ui->list_users();
$GLOBALS['phpgw']->common->phpgw_exit(); return False;
} }
} }
function edit_group() function edit_group()
{ {
if ($GLOBALS['phpgw']->acl->check('group_access',16,'admin'))
{
$this->ui->list_groups();
return False;
}
$temp_users = ($GLOBALS['HTTP_POST_VARS']['account_user']?$GLOBALS['HTTP_POST_VARS']['account_user']:Array()); $temp_users = ($GLOBALS['HTTP_POST_VARS']['account_user']?$GLOBALS['HTTP_POST_VARS']['account_user']:Array());
$account_user = Array(); $account_user = Array();
@reset($temp_users); @reset($temp_users);
@ -566,18 +567,18 @@
$GLOBALS['phpgw']->db->unlock(); $GLOBALS['phpgw']->db->unlock();
Header('Location: ' . $GLOBALS['phpgw']->link('/index.php', $this->ui->list_groups();
Array( return False;
'menuaction' => 'admin.uiaccounts.list_groups',
'cd' => $cd
)
)
);
$GLOBALS['phpgw']->common->phpgw_exit();
} }
function edit_user() function edit_user()
{ {
if ($GLOBALS['phpgw']->acl->check('account_access',16,'admin'))
{
$this->ui->list_users();
return False;
}
if ($GLOBALS['HTTP_POST_VARS']['submit']) if ($GLOBALS['HTTP_POST_VARS']['submit'])
{ {
$userData = array( $userData = array(
@ -608,31 +609,19 @@
$menuClass = CreateObject('admin.uimenuclass'); $menuClass = CreateObject('admin.uimenuclass');
if (!$menuClass->createHTMLCode('edit_user')) if (!$menuClass->createHTMLCode('edit_user'))
{ {
Header('Location: ' . $GLOBALS['phpgw']->link('/index.php', $this->ui->list_users();
Array( return False;
'menuaction' => 'admin.uiaccounts.list_users',
'cd' => $cd
)
)
);
$GLOBALS['phpgw']->common->phpgw_exit();
} }
else else
{ {
$linkdata = Array( $this->ui->edit_user($GLOBALS['HTTP_GET_VARS']['account_id']);
'menuaction' => 'admin.uiaccounts.edit_user', return False;
'cd' => $cd,
'account_id' => $GLOBALS['HTTP_GET_VARS']['account_id']
);
Header('Location: ' . $GLOBALS['phpgw']->link('/index.php', $linkdata));
$GLOBALS['phpgw']->common->phpgw_exit();
} }
} }
else else
{ {
$ui = createobject('admin.uiaccounts'); // $ui = createobject('admin.uiaccounts');
$ui->create_edit_user($userData['account_id'],$userData,$errors); $this->ui->create_edit_user($userData['account_id'],$userData,$errors);
} }
} }
} }

107
admin/inc/class.uiaccounts.inc.php
View File

@ -31,7 +31,7 @@
function uiaccounts() function uiaccounts()
{ {
$this->bo = createobject('admin.boaccounts'); $this->bo = createobject('admin.boaccounts',True);
$this->nextmatchs = createobject('phpgwapi.nextmatchs'); $this->nextmatchs = createobject('phpgwapi.nextmatchs');
} }
@ -45,6 +45,10 @@
function list_groups() function list_groups()
{ {
if ($GLOBALS['phpgw']->acl->check('group_access',1,'admin'))
{
$GLOBALS['phpgw']->redirect($GLOBALS['phpgw']->link('/admin/index.php'));
}
$GLOBALS['cd'] = ($GLOBALS['HTTP_GET_VARS']['cd']?$GLOBALS['HTTP_GET_VARS']['cd']:0); $GLOBALS['cd'] = ($GLOBALS['HTTP_GET_VARS']['cd']?$GLOBALS['HTTP_GET_VARS']['cd']:0);
@ -62,7 +66,16 @@
$p->set_block('groups','row','row'); $p->set_block('groups','row','row');
$p->set_block('groups','row_empty','row_empty'); $p->set_block('groups','row_empty','row_empty');
$total = $this->bo->account_total('g',$query); if ($GLOBALS['phpgw']->acl->check('group_access',2,'admin'))
{
$total = $this->bo->account_total('g');
$account_info = $GLOBALS['phpgw']->accounts->get_list('groups',$start,$sort, $order, '', $total);
}
else
{
$total = $this->bo->account_total('g',$query);
$account_info = $GLOBALS['phpgw']->accounts->get_list('groups',$start,$sort, $order, $query, $total);
}
$url = $GLOBALS['phpgw']->link('/index.php'); $url = $GLOBALS['phpgw']->link('/index.php');
@ -76,8 +89,6 @@
'header_delete' => lang('Delete') 'header_delete' => lang('Delete')
); );
$p->set_var($var); $p->set_var($var);
$account_info = $GLOBALS['phpgw']->accounts->get_list('groups',$start,$sort, $order, $query, $total);
if (!count($account_info)) if (!count($account_info))
{ {
@ -86,28 +97,70 @@
} }
else else
{ {
if (! $GLOBALS['phpgw']->acl->check('group_access',8,'admin'))
{
$can_view = True;
}
if (! $GLOBALS['phpgw']->acl->check('group_access',16,'admin'))
{
$can_edit = True;
}
if (! $GLOBALS['phpgw']->acl->check('group_access',32,'admin'))
{
$can_delete = True;
}
while (list($null,$account) = each($account_info)) while (list($null,$account) = each($account_info))
{ {
$tr_color = $this->nextmatchs->alternate_row_color($tr_color); $tr_color = $this->nextmatchs->alternate_row_color($tr_color);
$var = Array( $var = Array(
'tr_color' => $tr_color, 'tr_color' => $tr_color,
'group_name' => (!$account['account_lid']?' ':$account['account_lid']), 'group_name' => (!$account['account_lid']?' ':$account['account_lid']),
'edit_link' => $this->row_action('edit','group',$account['account_id']),
'delete_link' => $this->row_action('delete','group',$account['account_id']) 'delete_link' => $this->row_action('delete','group',$account['account_id'])
); );
$p->set_var($var); $p->set_var($var);
$p->parse('rows','row',True);
if ($can_edit)
{
$p->set_var('edit_link',$this->row_action('edit','group',$account['account_id']));
}
else
{
$p->set_var('edit_link',' ');
}
if ($can_delete)
{
$p->set_var('delete_link',$this->row_action('delete','group',$account['account_id']));
}
else
{
$p->set_var('delete_link',' ');
}
$p->fp('rows','row',True);
} }
} }
$var = Array( $var = Array(
'new_action' => $GLOBALS['phpgw']->link('/index.php','menuaction=admin.uiaccounts.add_group'), 'new_action' => $GLOBALS['phpgw']->link('/index.php','menuaction=admin.uiaccounts.add_group'),
'lang_add' => lang('add'),
'search_action' => $GLOBALS['phpgw']->link('/index.php','menuaction=admin.uiaccounts.list_groups'), 'search_action' => $GLOBALS['phpgw']->link('/index.php','menuaction=admin.uiaccounts.list_groups'),
'lang_search' => lang('search')
); );
$p->set_var($var); $p->set_var($var);
$p->pparse('out','list');
if (! $GLOBALS['phpgw']->acl->check('group_access',4,'admin'))
{
$p->set_var('input_add','<input type="submit" value="' . lang('Add') . '">');
}
if (! $GLOBALS['phpgw']->acl->check('group_access',2,'admin'))
{
$p->set_var('input_search',lang('Search') . '&nbsp;<input name="query">');
}
$p->pfp('out','list');
} }
function list_users($param_cd='') function list_users($param_cd='')
@ -137,7 +190,16 @@
$p->set_block('accounts','row','row'); $p->set_block('accounts','row','row');
$p->set_block('accounts','row_empty','row_empty'); $p->set_block('accounts','row_empty','row_empty');
$total = $this->bo->account_total('u',$query); if ($GLOBALS['phpgw']->acl->check('account_access',2,'admin'))
{
$total = $this->bo->account_total('u');
$account_info = $GLOBALS['phpgw']->accounts->get_list('accounts',$start,$sort,$order,'');
}
else
{
$total = $this->bo->account_total('u',$query);
$account_info = $GLOBALS['phpgw']->accounts->get_list('accounts',$start,$sort,$order,$query);
}
$url = $GLOBALS['phpgw']->link('/index.php'); $url = $GLOBALS['phpgw']->link('/index.php');
@ -169,8 +231,6 @@
$p->set_var('input_search',lang('Search') . '&nbsp;<input name="query">'); $p->set_var('input_search',lang('Search') . '&nbsp;<input name="query">');
} }
$account_info = $GLOBALS['phpgw']->accounts->get_list('accounts',$start,$sort,$order,$query);
if (! count($account_info)) if (! count($account_info))
{ {
$p->set_var('message',lang('No matchs found')); $p->set_var('message',lang('No matchs found'));
@ -238,6 +298,12 @@
function add_group() function add_group()
{ {
if ($GLOBALS['phpgw']->acl->check('group_access',4,'admin'))
{
$this->list_groups();
return False;
}
$group_info = Array( $group_info = Array(
'account_id' => $GLOBALS['HTTP_GET_VARS']['account_id'], 'account_id' => $GLOBALS['HTTP_GET_VARS']['account_id'],
'account_name' => '', 'account_name' => '',
@ -261,9 +327,10 @@
function delete_group() function delete_group()
{ {
if (!@isset($GLOBALS['HTTP_GET_VARS']['account_id']) || !@$GLOBALS['HTTP_GET_VARS']['account_id']) if (!@isset($GLOBALS['HTTP_GET_VARS']['account_id']) || !@$GLOBALS['HTTP_GET_VARS']['account_id'] || $GLOBALS['phpgw']->acl->check('group_access',32,'admin'))
{ {
Header('Location: ' . $GLOBALS['phpgw']->link('/index.php','menuaction=admin.uiaccounts.list_groups')); $this->list_groups();
return False;
} }
unset($GLOBALS['phpgw_info']['flags']['noheader']); unset($GLOBALS['phpgw_info']['flags']['noheader']);
@ -377,6 +444,12 @@
function edit_group($cd='',$account_id='') function edit_group($cd='',$account_id='')
{ {
if ($GLOBALS['phpgw']->acl->check('group_access',16,'admin'))
{
$this->list_groups();
return False;
}
$cdid = $cd; $cdid = $cd;
settype($cd,'integer'); settype($cd,'integer');
$cd = ($GLOBALS['HTTP_GET_VARS']['cd']?$GLOBALS['HTTP_GET_VARS']['cd']:intval($cdid)); $cd = ($GLOBALS['HTTP_GET_VARS']['cd']?$GLOBALS['HTTP_GET_VARS']['cd']:intval($cdid));
@ -386,10 +459,10 @@
$account_id = ($GLOBALS['HTTP_GET_VARS']['account_id']?$GLOBALS['HTTP_GET_VARS']['account_id']:intval($accountid)); $account_id = ($GLOBALS['HTTP_GET_VARS']['account_id']?$GLOBALS['HTTP_GET_VARS']['account_id']:intval($accountid));
// todo // todo
// not needed if i use the same file for new users too // not needed if i use the same file for new groups too
if (!$account_id) if (! $account_id)
{ {
Header('Location: ' . $GLOBALS['phpgw']->link('/index.php','menuaction=admin.uiaccounts.list_groups')); $this->list_groups();
} }
else else
{ {

60
admin/inc/class.uiaclmanager.inc.php
View File

@ -51,7 +51,6 @@
while (is_array($GLOBALS['acl_manager']) && list($app,$locations) = each($GLOBALS['acl_manager'])) while (is_array($GLOBALS['acl_manager']) && list($app,$locations) = each($GLOBALS['acl_manager']))
{ {
$icon = $GLOBALS['phpgw']->common->image($app,array('navbar.gif',$app.'.gif')); $icon = $GLOBALS['phpgw']->common->image($app,array('navbar.gif',$app.'.gif'));
$this->template->set_var('icon_backcolor',$GLOBALS['phpgw_info']['theme']['row_off']); $this->template->set_var('icon_backcolor',$GLOBALS['phpgw_info']['theme']['row_off']);
$this->template->set_var('link_backcolor',$GLOBALS['phpgw_info']['theme']['row_off']); $this->template->set_var('link_backcolor',$GLOBALS['phpgw_info']['theme']['row_off']);
@ -68,32 +67,29 @@
$this->template->fp('rows','app_row_noicon',True); $this->template->fp('rows','app_row_noicon',True);
} }
if (is_array($locations['deny']))
{
$link_values = array(
'menuaction' => 'admin.uiaclmanager.access_form',
'location' => urlencode(base64_encode('deny')),
'acl_app' => $app,
'account_id' => $GLOBALS['account_id']
);
$this->template->set_var('link_location',$GLOBALS['phpgw']->link('/index.php',$link_values));
$this->template->set_var('lang_location',lang('Deny access'));
$this->template->fp('rows','link_row',True);
}
while (is_array($locations) && list($loc,$value) = each($locations)) while (is_array($locations) && list($loc,$value) = each($locations))
{ {
$link_values = array( $total_rights = 0;
'menuaction' => 'admin.uiaclmanager.access_form', while (list($k,$v) = each($value['rights']))
'location' => urlencode(base64_encode($loc)), {
'acl_app' => $app, $total_rights += $v;
'account_id' => $GLOBALS['account_id'] }
); reset($value['rights']);
$this->template->set_var('link_location',$GLOBALS['phpgw']->link('/index.php',$link_values)); // If all of there rights are denied, then they shouldn't even see the option
$this->template->set_var('lang_location',lang($value['name'])); if ($total_rights != $GLOBALS['phpgw']->acl->get_rights($loc,$app))
$this->template->fp('rows','link_row',True); {
$link_values = array(
'menuaction' => 'admin.uiaclmanager.access_form',
'location' => urlencode(base64_encode($loc)),
'acl_app' => $app,
'account_id' => $GLOBALS['account_id']
);
$this->template->set_var('link_location',$GLOBALS['phpgw']->link('/index.php',$link_values));
$this->template->set_var('lang_location',lang($value['name']));
$this->template->fp('rows','link_row',True);
}
} }
$this->template->parse('rows','spacer_row',True); $this->template->parse('rows','spacer_row',True);
@ -124,23 +120,29 @@
); );
$acl = createobject('phpgwapi.acl',$GLOBALS['account_id']); $acl = createobject('phpgwapi.acl',$GLOBALS['account_id']);
$acl->read_repository();
$this->template->set_var('form_action',$GLOBALS['phpgw']->link('/index.php',$link_values)); $this->template->set_var('form_action',$GLOBALS['phpgw']->link('/index.php',$link_values));
$this->template->set_var('lang_title',lang('ACL Manager')); $this->template->set_var('lang_title',lang('ACL Manager'));
$total = 0;
while (list($name,$value) = each($acl_manager['rights'])) while (list($name,$value) = each($acl_manager['rights']))
{ {
$grants = $acl->get_rights($location,$GLOBALS['acl_app']); $grants = $acl->get_rights($location,$GLOBALS['acl_app']);
$s .= '<option value="' . $value . '"'; if (! $GLOBALS['phpgw']->acl->check($location,$value,$GLOBALS['acl_app']))
$s .= (($grants & $value)?' selected':''); {
$s .= '>' . lang($name) . '</option>'; $s .= '<option value="' . $value . '"';
$s .= (($grants & $value)?' selected':'');
$s .= '>' . lang($name) . '</option>';
$total++;
}
} }
$size = 7; $size = 7;
if (count($acl_manager['rights']) < 7) if ($total < 7)
{ {
$size = count($acl_manager['rights']); $size = $total;
} }
$this->template->set_var('select_values','<select name="acl_rights[]" multiple size="' . $size . '">' . $s . '</select>'); $this->template->set_var('select_values','<select name="acl_rights[]" multiple size="' . $size . '">' . $s . '</select>');
$this->template->set_var('lang_submit',lang('Submit')); $this->template->set_var('lang_submit',lang('Submit'));

2
admin/inc/hook_acl_manager.inc.php
View File

@ -37,7 +37,7 @@
'Group list' => 1, 'Group list' => 1,
'Search groups' => 2, 'Search groups' => 2,
'Add group' => 4, 'Add group' => 4,
'View group' => 8, // 'View group' => 8, // Will be added in the future
'Edit group' => 16, 'Edit group' => 16,
'Delete group' => 32 'Delete group' => 32
) )

6
admin/templates/default/groups.tpl
View File

@ -23,12 +23,12 @@
<tr> <tr>
<td align="left"> <td align="left">
<form method="POST" action="{new_action}"> <form method="POST" action="{new_action}">
<input type="submit" value="{lang_add}"> {input_add}
</form> </form>
</td> </td>
<td align="right">{lang_search}&nbsp; <td align="right">
<form method="POST" action="{search_action}"> <form method="POST" action="{search_action}">
<input name="query"> {input_search}
</form> </form>
</td> </td>
</tr> </tr>