mirror of
https://github.com/EGroupware/egroupware.git
synced 2024-11-07 16:44:20 +01:00
* Admin/PostgreSQL: shorten ACL labels used to limit admin rights to 16 char and fixed stalled 14.3 update for PostgreSQL
This commit is contained in:
parent
8fabe11fc5
commit
b5b6784ec1
@ -142,7 +142,7 @@ class admin_accesslog
|
||||
if (is_array($content)) $sessions_list = $content['nm']['session_list'];
|
||||
|
||||
// check if user has access to requested functionality
|
||||
if ($GLOBALS['egw']->acl->check($sessions_list ? 'current_sessions_access' : 'access_log_access',1,'admin'))
|
||||
if ($GLOBALS['egw']->acl->check($sessions_list ? 'current_sessions' : 'access_log_acces',1,'admin'))
|
||||
{
|
||||
$GLOBALS['egw']->redirect_link('/index.php');
|
||||
}
|
||||
@ -283,7 +283,7 @@ class admin_accesslog
|
||||
{
|
||||
unset($sessionid[$key]); // dont allow to kill own sessions
|
||||
}
|
||||
if ($GLOBALS['egw']->acl->check('current_sessions_access',8,'admin'))
|
||||
if ($GLOBALS['egw']->acl->check('current_sessions',8,'admin'))
|
||||
{
|
||||
$failed ++;
|
||||
}
|
||||
|
@ -57,7 +57,7 @@ class admin_categories
|
||||
{
|
||||
throw new egw_exception_no_permission_admin();
|
||||
}
|
||||
if ($GLOBALS['egw']->acl->check('global_categories_access',1,'admin'))
|
||||
if ($GLOBALS['egw']->acl->check('global_categorie',1,'admin'))
|
||||
{
|
||||
$GLOBALS['egw']->redirect_link('/index.php');
|
||||
}
|
||||
@ -71,12 +71,12 @@ class admin_categories
|
||||
{
|
||||
if (is_null(self::$acl_search))
|
||||
{
|
||||
self::$acl_search = !$GLOBALS['egw']->acl->check('global_categories_access',2,'admin');
|
||||
self::$acl_add = !$GLOBALS['egw']->acl->check('global_categories_access',4,'admin');
|
||||
self::$acl_view = !$GLOBALS['egw']->acl->check('global_categories_access',8,'admin');
|
||||
self::$acl_edit = !$GLOBALS['egw']->acl->check('global_categories_access',16,'admin');
|
||||
self::$acl_delete = !$GLOBALS['egw']->acl->check('global_categories_access',32,'admin');
|
||||
self::$acl_add_sub= !$GLOBALS['egw']->acl->check('global_categories_access',64,'admin');
|
||||
self::$acl_search = !$GLOBALS['egw']->acl->check('global_categorie',2,'admin');
|
||||
self::$acl_add = !$GLOBALS['egw']->acl->check('global_categorie',4,'admin');
|
||||
self::$acl_view = !$GLOBALS['egw']->acl->check('global_categorie',8,'admin');
|
||||
self::$acl_edit = !$GLOBALS['egw']->acl->check('global_categorie',16,'admin');
|
||||
self::$acl_delete = !$GLOBALS['egw']->acl->check('global_categorie',32,'admin');
|
||||
self::$acl_add_sub= !$GLOBALS['egw']->acl->check('global_categorie',64,'admin');
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -53,7 +53,7 @@ class admin_hooks
|
||||
if ($GLOBALS['egw_info']['user']['apps']['admin'])
|
||||
{
|
||||
|
||||
if (! $GLOBALS['egw']->acl->check('site_config_access',1,'admin'))
|
||||
if (! $GLOBALS['egw']->acl->check('site_config_acce',1,'admin'))
|
||||
{
|
||||
$file['Site Configuration'] = egw::link('/index.php','menuaction=admin.uiconfig.index&appname=admin');
|
||||
}
|
||||
@ -80,26 +80,26 @@ class admin_hooks
|
||||
);
|
||||
}
|
||||
|
||||
if (! $GLOBALS['egw']->acl->check('applications_access',1,'admin'))
|
||||
if (! $GLOBALS['egw']->acl->check('applications_acc',1,'admin'))
|
||||
{
|
||||
$file['Applications'] = egw::link('/index.php','menuaction=admin.admin_applications.index');
|
||||
}
|
||||
if (! $GLOBALS['egw']->acl->check('global_categories_access',1,'admin'))
|
||||
if (! $GLOBALS['egw']->acl->check('global_categorie',1,'admin'))
|
||||
{
|
||||
$file['Global Categories'] = egw::link('/index.php','menuaction=admin.admin_categories.index&appname=phpgw&ajax=true');
|
||||
}
|
||||
|
||||
if (!$GLOBALS['egw']->acl->check('mainscreen_message_access',1,'admin') || !$GLOBALS['egw']->acl->check('mainscreen_message_access',2,'admin'))
|
||||
if (!$GLOBALS['egw']->acl->check('mainscreen_messa',1,'admin') || !$GLOBALS['egw']->acl->check('mainscreen_messa',2,'admin'))
|
||||
{
|
||||
$file['Change Main Screen Message'] = egw::link('/index.php','menuaction=admin.uimainscreen.index');
|
||||
}
|
||||
|
||||
if (! $GLOBALS['egw']->acl->check('current_sessions_access',1,'admin'))
|
||||
if (! $GLOBALS['egw']->acl->check('current_sessions',1,'admin'))
|
||||
{
|
||||
$file['View Sessions'] = egw::link('/index.php','menuaction=admin.admin_accesslog.sessions&ajax=true');
|
||||
}
|
||||
|
||||
if (! $GLOBALS['egw']->acl->check('access_log_access',1,'admin'))
|
||||
if (! $GLOBALS['egw']->acl->check('access_log_acces',1,'admin'))
|
||||
{
|
||||
$file['View Access Log'] = egw::link('/index.php','menuaction=admin.admin_accesslog.index&ajax=true');
|
||||
}
|
||||
@ -110,12 +110,12 @@ class admin_hooks
|
||||
$file['View Error Log'] = egw::link('/index.php','menuaction=admin.uilog.list_log');
|
||||
}*/
|
||||
|
||||
if (! $GLOBALS['egw']->acl->check('applications_access',16,'admin'))
|
||||
if (! $GLOBALS['egw']->acl->check('applications_acc',16,'admin'))
|
||||
{
|
||||
$file['Clear cache and register hooks'] = egw::link('/index.php','menuaction=admin.admin_hooks.register_all_hooks');
|
||||
}
|
||||
|
||||
if (! $GLOBALS['egw']->acl->check('asyncservice_access',1,'admin'))
|
||||
if (! $GLOBALS['egw']->acl->check('asyncservice_acc',1,'admin'))
|
||||
{
|
||||
$file['Asynchronous timed services'] = egw::link('/index.php','menuaction=admin.uiasyncservice.index');
|
||||
}
|
||||
@ -156,7 +156,7 @@ class admin_hooks
|
||||
*/
|
||||
function register_all_hooks()
|
||||
{
|
||||
if ($GLOBALS['egw']->acl->check('applications_access',16,'admin'))
|
||||
if ($GLOBALS['egw']->acl->check('applications_acc',16,'admin'))
|
||||
{
|
||||
$GLOBALS['egw']->redirect_link('/index.php');
|
||||
}
|
||||
@ -193,7 +193,7 @@ class admin_hooks
|
||||
'icon' => 'lock',
|
||||
);
|
||||
|
||||
if (!$GLOBALS['egw']->acl->check('current_sessions_access',1,'admin')) // no rights to view
|
||||
if (!$GLOBALS['egw']->acl->check('current_sessions',1,'admin')) // no rights to view
|
||||
{
|
||||
$actions[] = array(
|
||||
'description' => 'Login History',
|
||||
|
@ -20,7 +20,7 @@ class uiasyncservice
|
||||
|
||||
function index()
|
||||
{
|
||||
if ($GLOBALS['egw']->acl->check('asyncservice_access',1,'admin'))
|
||||
if ($GLOBALS['egw']->acl->check('asyncservice_acc',1,'admin'))
|
||||
{
|
||||
egw::redirect_link('/index.php');
|
||||
}
|
||||
|
@ -36,7 +36,7 @@ class uiconfig
|
||||
//_debug_array($params);
|
||||
$_appname = $_GET['appname'];
|
||||
}
|
||||
if ($GLOBALS['egw']->acl->check('site_config_access',1,'admin'))
|
||||
if ($GLOBALS['egw']->acl->check('site_config_acce',1,'admin'))
|
||||
{
|
||||
egw::redirect_link('/index.php');
|
||||
}
|
||||
@ -105,7 +105,7 @@ class uiconfig
|
||||
|
||||
$c = new config($config_appname);
|
||||
$c->read_repository();
|
||||
if ($_POST['cancel'] || ($_POST['submit'] || $_POST['save'] || $_POST['apply']) && $GLOBALS['egw']->acl->check('site_config_access',2,'admin'))
|
||||
if ($_POST['cancel'] || ($_POST['submit'] || $_POST['save'] || $_POST['apply']) && $GLOBALS['egw']->acl->check('site_config_acce',2,'admin'))
|
||||
{
|
||||
egw::redirect_link('/admin/index.php?ajax=true');
|
||||
}
|
||||
@ -261,7 +261,7 @@ class uiconfig
|
||||
}
|
||||
}
|
||||
$t->set_var('submit', '<div class="dialogFooterToolbar" style="text-align: left">'.
|
||||
($GLOBALS['egw']->acl->check('site_config_access',2,'admin') ? '' :
|
||||
($GLOBALS['egw']->acl->check('site_config_acce',2,'admin') ? '' :
|
||||
html::submit_button('save', 'Save')."\n".
|
||||
html::submit_button('apply', 'Apply')));
|
||||
$t->set_var('cancel', html::submit_button('cancel', 'Cancel').'</div>');
|
||||
|
@ -18,11 +18,11 @@ class uimainscreen
|
||||
$select_lang = $_POST['select_lang'];
|
||||
$message = get_magic_quotes_gpc() ? stripslashes($_POST['message']) : $_POST['message'];
|
||||
$acl_ok = array();
|
||||
if (!$GLOBALS['egw']->acl->check('mainscreen_message_access',1,'admin'))
|
||||
if (!$GLOBALS['egw']->acl->check('mainscreen_messa',1,'admin'))
|
||||
{
|
||||
$acl_ok['mainscreen'] = True;
|
||||
}
|
||||
if (!$GLOBALS['egw']->acl->check('mainscreen_message_access',2,'admin'))
|
||||
if (!$GLOBALS['egw']->acl->check('mainscreen_messa',2,'admin'))
|
||||
{
|
||||
$acl_ok['loginscreen'] = True;
|
||||
}
|
||||
@ -80,7 +80,7 @@ class uimainscreen
|
||||
$GLOBALS['egw']->template->fp('rows','row',True);
|
||||
|
||||
$select_section = '<select name="section">'."\n";
|
||||
foreach($acl_ok as $key => $val)
|
||||
foreach(array_keys($acl_ok) as $key)
|
||||
{
|
||||
$select_section .= ' <option value="'.$key.'"'.
|
||||
($key == $_POST['section'] ? ' selected' : '') . '>' .
|
||||
|
@ -1,125 +1,122 @@
|
||||
<?php
|
||||
/**************************************************************************\
|
||||
* eGroupWare *
|
||||
* http://www.egroupware.org *
|
||||
* -------------------------------------------- *
|
||||
* This program is free software; you can redistribute it and/or modify it *
|
||||
* under the terms of the GNU General Public License as published by the *
|
||||
* Free Software Foundation; either version 2 of the License, or (at your *
|
||||
* option) any later version. *
|
||||
\**************************************************************************/
|
||||
/**
|
||||
* EGgroupware administration
|
||||
*
|
||||
* @link http://www.egroupware.org
|
||||
* @package admin
|
||||
* @license http://opensource.org/licenses/gpl-license.php GPL - GNU General Public License
|
||||
* @version $Id$
|
||||
*/
|
||||
|
||||
/* $Id$ */
|
||||
$GLOBALS['acl_manager']['admin']['site_config_acce'] = array(
|
||||
'name' => 'Deny access to site configuration',
|
||||
'rights' => array(
|
||||
'List config settings' => 1,
|
||||
'Change config settings' => 2
|
||||
)
|
||||
); // added and working ralfbecker
|
||||
|
||||
$GLOBALS['acl_manager']['admin']['site_config_access'] = array(
|
||||
'name' => 'Deny access to site configuration',
|
||||
'rights' => array(
|
||||
'List config settings' => 1,
|
||||
'Change config settings' => 2
|
||||
)
|
||||
); // added and working ralfbecker
|
||||
$GLOBALS['acl_manager']['admin']['account_access'] = array(
|
||||
'name' => 'Deny access to user accounts',
|
||||
'rights' => array(
|
||||
'Account list' => 1,
|
||||
'Search accounts' => 2,
|
||||
'Add account' => 4,
|
||||
'View account' => 8,
|
||||
'Edit account' => 16,
|
||||
'Delete account' => 32,
|
||||
'change ACL Rights' => 64
|
||||
)
|
||||
); // was already there and seems to work ralfbecker
|
||||
|
||||
$GLOBALS['acl_manager']['admin']['account_access'] = array(
|
||||
'name' => 'Deny access to user accounts',
|
||||
'rights' => array(
|
||||
'Account list' => 1,
|
||||
'Search accounts' => 2,
|
||||
'Add account' => 4,
|
||||
'View account' => 8,
|
||||
'Edit account' => 16,
|
||||
'Delete account' => 32,
|
||||
'change ACL Rights' => 64
|
||||
)
|
||||
); // was already there and seems to work ralfbecker
|
||||
|
||||
$GLOBALS['acl_manager']['admin']['group_access'] = array(
|
||||
'name' => 'Deny access to groups',
|
||||
'rights' => array(
|
||||
'Group list' => 1,
|
||||
'Search groups' => 2,
|
||||
'Add group' => 4,
|
||||
$GLOBALS['acl_manager']['admin']['group_access'] = array(
|
||||
'name' => 'Deny access to groups',
|
||||
'rights' => array(
|
||||
'Group list' => 1,
|
||||
'Search groups' => 2,
|
||||
'Add group' => 4,
|
||||
// 'View group' => 8, // Will be added in the future
|
||||
'Edit group' => 16,
|
||||
'Delete group' => 32
|
||||
)
|
||||
); // was already there and seems to work ralfbecker
|
||||
'Edit group' => 16,
|
||||
'Delete group' => 32
|
||||
)
|
||||
); // was already there and seems to work ralfbecker
|
||||
|
||||
$GLOBALS['acl_manager']['admin']['applications_access'] = array(
|
||||
'name' => 'Deny access to applications',
|
||||
'rights' => array(
|
||||
$GLOBALS['acl_manager']['admin']['applications_acc'] = array(
|
||||
'name' => 'Deny access to applications',
|
||||
'rights' => array(
|
||||
/* not usefull --> setup
|
||||
'Applications list' => 1,
|
||||
'Add application' => 2,
|
||||
'Edit application' => 4,
|
||||
'Delete application' => 8,
|
||||
'Applications list' => 1,
|
||||
'Add application' => 2,
|
||||
'Edit application' => 4,
|
||||
'Delete application' => 8,
|
||||
*/
|
||||
'Register application hooks' => 16
|
||||
)
|
||||
); // added and working ralfbecker
|
||||
'Register application hooks' => 16
|
||||
)
|
||||
); // added and working ralfbecker
|
||||
|
||||
$GLOBALS['acl_manager']['admin']['global_categories_access'] = array(
|
||||
'name' => 'Deny access to global categories',
|
||||
'rights' => array(
|
||||
'Categories list' => 1,
|
||||
'Search categories' => 2,
|
||||
'Add category' => 4,
|
||||
'View category' => 8,
|
||||
'Edit category' => 16,
|
||||
'Delete category' => 32,
|
||||
'Add sub-category' => 64
|
||||
)
|
||||
); // added and working ralfbecker
|
||||
$GLOBALS['acl_manager']['admin']['global_categorie'] = array(
|
||||
'name' => 'Deny access to global categories',
|
||||
'rights' => array(
|
||||
'Categories list' => 1,
|
||||
'Search categories' => 2,
|
||||
'Add category' => 4,
|
||||
'View category' => 8,
|
||||
'Edit category' => 16,
|
||||
'Delete category' => 32,
|
||||
'Add sub-category' => 64
|
||||
)
|
||||
); // added and working ralfbecker
|
||||
|
||||
$GLOBALS['acl_manager']['admin']['mainscreen_message_access'] = array(
|
||||
'name' => 'Deny access to mainscreen message',
|
||||
'rights' => array(
|
||||
'Main screen message' => 1,
|
||||
'Login message' => 2
|
||||
)
|
||||
); // added and working ralfbecker
|
||||
$GLOBALS['acl_manager']['admin']['mainscreen_messa'] = array(
|
||||
'name' => 'Deny access to mainscreen message',
|
||||
'rights' => array(
|
||||
'Main screen message' => 1,
|
||||
'Login message' => 2
|
||||
)
|
||||
); // added and working ralfbecker
|
||||
|
||||
$GLOBALS['acl_manager']['admin']['current_sessions_access'] = array(
|
||||
'name' => 'Deny access to current sessions',
|
||||
'rights' => array(
|
||||
'List current sessions' => 1,
|
||||
'Show current action' => 2,
|
||||
'Show session IP address' => 4,
|
||||
'Kill session' => 8
|
||||
)
|
||||
); // checked and working ralfbecker
|
||||
$GLOBALS['acl_manager']['admin']['current_sessions'] = array(
|
||||
'name' => 'Deny access to current sessions',
|
||||
'rights' => array(
|
||||
'List current sessions' => 1,
|
||||
'Show current action' => 2,
|
||||
'Show session IP address' => 4,
|
||||
'Kill session' => 8
|
||||
)
|
||||
); // checked and working ralfbecker
|
||||
|
||||
$GLOBALS['acl_manager']['admin']['access_log_access'] = array(
|
||||
'name' => 'Deny access to access log',
|
||||
'rights' => array(
|
||||
'Show access log' => 1
|
||||
)
|
||||
); // added and working ralfbecker
|
||||
$GLOBALS['acl_manager']['admin']['access_log_acces'] = array(
|
||||
'name' => 'Deny access to access log',
|
||||
'rights' => array(
|
||||
'Show access log' => 1
|
||||
)
|
||||
); // added and working ralfbecker
|
||||
|
||||
$GLOBALS['acl_manager']['admin']['error_log_access'] = array(
|
||||
'name' => 'Deny access to error log',
|
||||
'rights' => array(
|
||||
'Show error log' => 1
|
||||
)
|
||||
); // added and working ralfbecker
|
||||
$GLOBALS['acl_manager']['admin']['error_log_access'] = array(
|
||||
'name' => 'Deny access to error log',
|
||||
'rights' => array(
|
||||
'Show error log' => 1
|
||||
)
|
||||
); // added and working ralfbecker
|
||||
|
||||
$GLOBALS['acl_manager']['admin']['asyncservice_access'] = array(
|
||||
'name' => 'Deny access to asynchronous timed services',
|
||||
'rights' => array(
|
||||
'Asynchronous timed services' => 1
|
||||
)
|
||||
); // added and working ralfbecker
|
||||
$GLOBALS['acl_manager']['admin']['asyncservice_acc'] = array(
|
||||
'name' => 'Deny access to asynchronous timed services',
|
||||
'rights' => array(
|
||||
'Asynchronous timed services' => 1
|
||||
)
|
||||
); // added and working ralfbecker
|
||||
|
||||
$GLOBALS['acl_manager']['admin']['db_backup_access'] = array(
|
||||
'name' => 'Deny access to DB backup and restore',
|
||||
'rights' => array(
|
||||
'DB backup and restore' => 1
|
||||
)
|
||||
); // added and working ralfbecker
|
||||
$GLOBALS['acl_manager']['admin']['db_backup_access'] = array(
|
||||
'name' => 'Deny access to DB backup and restore',
|
||||
'rights' => array(
|
||||
'DB backup and restore' => 1
|
||||
)
|
||||
); // added and working ralfbecker
|
||||
|
||||
$GLOBALS['acl_manager']['admin']['info_access'] = array(
|
||||
'name' => 'Deny access to phpinfo',
|
||||
'rights' => array(
|
||||
'Show phpinfo()' => 1
|
||||
)
|
||||
); // added and working ralfbecker
|
||||
$GLOBALS['acl_manager']['admin']['info_access'] = array(
|
||||
'name' => 'Deny access to phpinfo',
|
||||
'rights' => array(
|
||||
'Show phpinfo()' => 1
|
||||
)
|
||||
); // added and working ralfbecker
|
||||
|
||||
|
@ -162,6 +162,13 @@ function phpgwapi_upgrade14_2_004()
|
||||
'type' => 'auto',
|
||||
'nullable' => False
|
||||
));*/
|
||||
|
||||
// shorten all acl_location entries to 16 chars, to not stall update for PostgreSQL
|
||||
$GLOBALS['egw_setup']->db->update('egw_acl', array(
|
||||
'acl_location=SUBSTRING(acl_location FROM 1 FOR 16)',
|
||||
'acl_appname=SUBSTRING(acl_appname FROM 1 FOR 16)',
|
||||
), 'LENGTH(acl_location) > 16 OR LENGTH(acl_appname) > 16', __LINE__, __FILE__);
|
||||
|
||||
$GLOBALS['egw_setup']->oProc->RefreshTable('egw_acl',array(
|
||||
'fd' => array(
|
||||
'acl_appname' => array('type' => 'ascii','precision' => '16','nullable' => False),
|
||||
|
Loading…
Reference in New Issue
Block a user