* Admin/PostgreSQL: shorten ACL labels used to limit admin rights to 16 char and fixed stalled 14.3 update for PostgreSQL

2024-10-06 10:12:46 +02:00 · 2015-08-04 09:55:57 +00:00 · 2015-08-04 09:55:57 +00:00 · d43c2d0b54
commit d43c2d0b54
parent 15e989f318
8 changed files with 138 additions and 134 deletions
--- a/admin/inc/class.admin_accesslog.inc.php
+++ b/admin/inc/class.admin_accesslog.inc.php
@ -142,7 +142,7 @@ class admin_accesslog
 		if (is_array($content)) $sessions_list = $content['nm']['session_list'];

 		// check if user has access to requested functionality
-		if ($GLOBALS['egw']->acl->check($sessions_list ? 'current_sessions_access' : 'access_log_access',1,'admin'))
+		if ($GLOBALS['egw']->acl->check($sessions_list ? 'current_sessions' : 'access_log_acces',1,'admin'))
 		{
 			$GLOBALS['egw']->redirect_link('/index.php');
 		}
@ -283,7 +283,7 @@ class admin_accesslog
 				{
 						unset($sessionid[$key]);	// dont allow to kill own sessions
 				}
-				if ($GLOBALS['egw']->acl->check('current_sessions_access',8,'admin'))
+				if ($GLOBALS['egw']->acl->check('current_sessions',8,'admin'))
 				{
 					$failed ++;
 				}
--- a/admin/inc/class.admin_categories.inc.php
+++ b/admin/inc/class.admin_categories.inc.php
@ -57,7 +57,7 @@ class admin_categories
 		{
 			throw new egw_exception_no_permission_admin();
 		}
-		if ($GLOBALS['egw']->acl->check('global_categories_access',1,'admin'))
+		if ($GLOBALS['egw']->acl->check('global_categorie',1,'admin'))
 		{
 			$GLOBALS['egw']->redirect_link('/index.php');
 		}
@ -71,12 +71,12 @@ class admin_categories
 	{
 		if (is_null(self::$acl_search))
 		{
-			self::$acl_search = !$GLOBALS['egw']->acl->check('global_categories_access',2,'admin');
-			self::$acl_add    = !$GLOBALS['egw']->acl->check('global_categories_access',4,'admin');
-			self::$acl_view   = !$GLOBALS['egw']->acl->check('global_categories_access',8,'admin');
-			self::$acl_edit   = !$GLOBALS['egw']->acl->check('global_categories_access',16,'admin');
-			self::$acl_delete = !$GLOBALS['egw']->acl->check('global_categories_access',32,'admin');
-			self::$acl_add_sub= !$GLOBALS['egw']->acl->check('global_categories_access',64,'admin');
+			self::$acl_search = !$GLOBALS['egw']->acl->check('global_categorie',2,'admin');
+			self::$acl_add    = !$GLOBALS['egw']->acl->check('global_categorie',4,'admin');
+			self::$acl_view   = !$GLOBALS['egw']->acl->check('global_categorie',8,'admin');
+			self::$acl_edit   = !$GLOBALS['egw']->acl->check('global_categorie',16,'admin');
+			self::$acl_delete = !$GLOBALS['egw']->acl->check('global_categorie',32,'admin');
+			self::$acl_add_sub= !$GLOBALS['egw']->acl->check('global_categorie',64,'admin');
 		}
 	}

--- a/admin/inc/class.admin_hooks.inc.php
+++ b/admin/inc/class.admin_hooks.inc.php
@ -53,7 +53,7 @@ class admin_hooks
 		if ($GLOBALS['egw_info']['user']['apps']['admin'])
 		{

-			if (! $GLOBALS['egw']->acl->check('site_config_access',1,'admin'))
+			if (! $GLOBALS['egw']->acl->check('site_config_acce',1,'admin'))
 			{
 				$file['Site Configuration']         = egw::link('/index.php','menuaction=admin.uiconfig.index&appname=admin');
 			}
@ -80,26 +80,26 @@ class admin_hooks
 				);
 			}

-			if (! $GLOBALS['egw']->acl->check('applications_access',1,'admin'))
+			if (! $GLOBALS['egw']->acl->check('applications_acc',1,'admin'))
 			{
 				$file['Applications']               = egw::link('/index.php','menuaction=admin.admin_applications.index');
 			}
-			if (! $GLOBALS['egw']->acl->check('global_categories_access',1,'admin'))
+			if (! $GLOBALS['egw']->acl->check('global_categorie',1,'admin'))
 			{
 				$file['Global Categories']          = egw::link('/index.php','menuaction=admin.admin_categories.index&appname=phpgw&ajax=true');
 			}

-			if (!$GLOBALS['egw']->acl->check('mainscreen_message_access',1,'admin') || !$GLOBALS['egw']->acl->check('mainscreen_message_access',2,'admin'))
+			if (!$GLOBALS['egw']->acl->check('mainscreen_messa',1,'admin') || !$GLOBALS['egw']->acl->check('mainscreen_messa',2,'admin'))
 			{
 				$file['Change Main Screen Message'] = egw::link('/index.php','menuaction=admin.uimainscreen.index');
 			}

-			if (! $GLOBALS['egw']->acl->check('current_sessions_access',1,'admin'))
+			if (! $GLOBALS['egw']->acl->check('current_sessions',1,'admin'))
 			{
 				$file['View Sessions'] = egw::link('/index.php','menuaction=admin.admin_accesslog.sessions&ajax=true');
 			}

-			if (! $GLOBALS['egw']->acl->check('access_log_access',1,'admin'))
+			if (! $GLOBALS['egw']->acl->check('access_log_acces',1,'admin'))
 			{
 				$file['View Access Log'] = egw::link('/index.php','menuaction=admin.admin_accesslog.index&ajax=true');
 			}
@ -110,12 +110,12 @@ class admin_hooks
 				$file['View Error Log']  = egw::link('/index.php','menuaction=admin.uilog.list_log');
 			}*/

-			if (! $GLOBALS['egw']->acl->check('applications_access',16,'admin'))
+			if (! $GLOBALS['egw']->acl->check('applications_acc',16,'admin'))
 			{
 				$file['Clear cache and register hooks'] = egw::link('/index.php','menuaction=admin.admin_hooks.register_all_hooks');
 			}

-			if (! $GLOBALS['egw']->acl->check('asyncservice_access',1,'admin'))
+			if (! $GLOBALS['egw']->acl->check('asyncservice_acc',1,'admin'))
 			{
 				$file['Asynchronous timed services'] = egw::link('/index.php','menuaction=admin.uiasyncservice.index');
 			}
@ -156,7 +156,7 @@ class admin_hooks
 	 */
 	function register_all_hooks()
 	{
-		if ($GLOBALS['egw']->acl->check('applications_access',16,'admin'))
+		if ($GLOBALS['egw']->acl->check('applications_acc',16,'admin'))
 		{
 			$GLOBALS['egw']->redirect_link('/index.php');
 		}
@ -193,7 +193,7 @@ class admin_hooks
 			'icon' => 'lock',
 		);

-		if (!$GLOBALS['egw']->acl->check('current_sessions_access',1,'admin'))	// no rights to view
+		if (!$GLOBALS['egw']->acl->check('current_sessions',1,'admin'))	// no rights to view
 		{
 			$actions[] = array(
 				'description' => 'Login History',
--- a/admin/inc/class.uiasyncservice.inc.php
+++ b/admin/inc/class.uiasyncservice.inc.php
@ -20,7 +20,7 @@ class uiasyncservice

 	function index()
 	{
-		if ($GLOBALS['egw']->acl->check('asyncservice_access',1,'admin'))
+		if ($GLOBALS['egw']->acl->check('asyncservice_acc',1,'admin'))
 		{
 			egw::redirect_link('/index.php');
 		}
--- a/admin/inc/class.uiconfig.inc.php
+++ b/admin/inc/class.uiconfig.inc.php
@ -36,7 +36,7 @@ class uiconfig
 			//_debug_array($params);
 			$_appname = $_GET['appname'];
 		}
-		if ($GLOBALS['egw']->acl->check('site_config_access',1,'admin'))
+		if ($GLOBALS['egw']->acl->check('site_config_acce',1,'admin'))
 		{
 			egw::redirect_link('/index.php');
 		}
@ -105,7 +105,7 @@ class uiconfig

 		$c = new config($config_appname);
 		$c->read_repository();
-		if ($_POST['cancel'] || ($_POST['submit'] || $_POST['save'] || $_POST['apply']) && $GLOBALS['egw']->acl->check('site_config_access',2,'admin'))
+		if ($_POST['cancel'] || ($_POST['submit'] || $_POST['save'] || $_POST['apply']) && $GLOBALS['egw']->acl->check('site_config_acce',2,'admin'))
 		{
 			egw::redirect_link('/admin/index.php?ajax=true');
 		}
@ -261,7 +261,7 @@ class uiconfig
 			}
 		}
 		$t->set_var('submit', '<div class="dialogFooterToolbar" style="text-align: left">'.
-			($GLOBALS['egw']->acl->check('site_config_access',2,'admin') ? '' :
+			($GLOBALS['egw']->acl->check('site_config_acce',2,'admin') ? '' :
 				html::submit_button('save', 'Save')."\n".
 				html::submit_button('apply', 'Apply')));
 		$t->set_var('cancel', html::submit_button('cancel', 'Cancel').'</div>');
--- a/admin/inc/class.uimainscreen.inc.php
+++ b/admin/inc/class.uimainscreen.inc.php
@ -18,11 +18,11 @@ class uimainscreen
 		$select_lang = $_POST['select_lang'];
 		$message     = get_magic_quotes_gpc() ? stripslashes($_POST['message']) : $_POST['message'];
 		$acl_ok = array();
-		if (!$GLOBALS['egw']->acl->check('mainscreen_message_access',1,'admin'))
+		if (!$GLOBALS['egw']->acl->check('mainscreen_messa',1,'admin'))
 		{
 			$acl_ok['mainscreen'] = True;
 		}
-		if (!$GLOBALS['egw']->acl->check('mainscreen_message_access',2,'admin'))
+		if (!$GLOBALS['egw']->acl->check('mainscreen_messa',2,'admin'))
 		{
 			$acl_ok['loginscreen'] = True;
 		}
@ -80,7 +80,7 @@ class uimainscreen
 			$GLOBALS['egw']->template->fp('rows','row',True);

 			$select_section = '<select name="section">'."\n";
-			foreach($acl_ok as $key => $val)
+			foreach(array_keys($acl_ok) as $key)
 			{
 				$select_section .= ' <option value="'.$key.'"'.
 					($key == $_POST['section'] ? ' selected' : '') . '>' .
--- a/admin/inc/hook_acl_manager.inc.php
+++ b/admin/inc/hook_acl_manager.inc.php
@ -1,125 +1,122 @@
 <?php
-	/**************************************************************************\
-	* eGroupWare                                                               *
-	* http://www.egroupware.org                                                *
-	* --------------------------------------------                             *
-	*  This program is free software; you can redistribute it and/or modify it *
-	*  under the terms of the GNU General Public License as published by the   *
-	*  Free Software Foundation; either version 2 of the License, or (at your  *
-	*  option) any later version.                                              *
-	\**************************************************************************/
+/**
+ * EGgroupware administration
+ *
+ * @link http://www.egroupware.org
+ * @package admin
+ * @license http://opensource.org/licenses/gpl-license.php GPL - GNU General Public License
+ * @version $Id$
+ */

-	/* $Id$ */
+$GLOBALS['acl_manager']['admin']['site_config_acce'] = array(
+	'name' => 'Deny access to site configuration',
+	'rights' => array(
+		'List config settings'   => 1,
+		'Change config settings' => 2
+	)
+);	// added and working ralfbecker

-	$GLOBALS['acl_manager']['admin']['site_config_access'] = array(
-		'name' => 'Deny access to site configuration',
-		'rights' => array(
-			'List config settings'   => 1,
-			'Change config settings' => 2
-		)
-	);	// added and working ralfbecker
+$GLOBALS['acl_manager']['admin']['account_access'] = array(
+	'name' => 'Deny access to user accounts',
+	'rights' => array(
+		'Account list'    => 1,
+		'Search accounts' => 2,
+		'Add account'     => 4,
+		'View account'    => 8,
+		'Edit account'    => 16,
+		'Delete account'  => 32,
+		'change ACL Rights' => 64
+	)
+);	// was already there and seems to work ralfbecker

-	$GLOBALS['acl_manager']['admin']['account_access'] = array(
-		'name' => 'Deny access to user accounts',
-		'rights' => array(
-			'Account list'    => 1,
-			'Search accounts' => 2,
-			'Add account'     => 4,
-			'View account'    => 8,
-			'Edit account'    => 16,
-			'Delete account'  => 32,
-			'change ACL Rights' => 64
-		)
-	);	// was already there and seems to work ralfbecker
-
-	$GLOBALS['acl_manager']['admin']['group_access'] = array(
-		'name' => 'Deny access to groups',
-		'rights' => array(
-			'Group list'    => 1,
-			'Search groups' => 2,
-			'Add group'     => 4,
+$GLOBALS['acl_manager']['admin']['group_access'] = array(
+	'name' => 'Deny access to groups',
+	'rights' => array(
+		'Group list'    => 1,
+		'Search groups' => 2,
+		'Add group'     => 4,
 //			'View group'    => 8,			// Will be added in the future
-			'Edit group'    => 16,
-			'Delete group'  => 32
-		)
-	);	// was already there and seems to work ralfbecker
+		'Edit group'    => 16,
+		'Delete group'  => 32
+	)
+);	// was already there and seems to work ralfbecker

-	$GLOBALS['acl_manager']['admin']['applications_access'] = array(
-		'name' => 'Deny access to applications',
-		'rights' => array(
+$GLOBALS['acl_manager']['admin']['applications_acc'] = array(
+	'name' => 'Deny access to applications',
+	'rights' => array(
 /* not usefull --> setup
-			'Applications list' => 1,
-			'Add application'   => 2,
-			'Edit application'  => 4,
-			'Delete application'  => 8,
+		'Applications list' => 1,
+		'Add application'   => 2,
+		'Edit application'  => 4,
+		'Delete application'  => 8,
 */
-			'Register application hooks' => 16
-		)
-	);	// added and working ralfbecker
+		'Register application hooks' => 16
+	)
+);	// added and working ralfbecker

-	$GLOBALS['acl_manager']['admin']['global_categories_access'] = array(
-		'name' => 'Deny access to global categories',
-		'rights' => array(
-			'Categories list'   => 1,
-			'Search categories' => 2,
-			'Add category'      => 4,
-			'View category'     => 8,
-			'Edit category'     => 16,
-			'Delete category'   => 32,
-			'Add sub-category'  => 64
-		)
-	);	// added and working ralfbecker
+$GLOBALS['acl_manager']['admin']['global_categorie'] = array(
+	'name' => 'Deny access to global categories',
+	'rights' => array(
+		'Categories list'   => 1,
+		'Search categories' => 2,
+		'Add category'      => 4,
+		'View category'     => 8,
+		'Edit category'     => 16,
+		'Delete category'   => 32,
+		'Add sub-category'  => 64
+	)
+);	// added and working ralfbecker

-	$GLOBALS['acl_manager']['admin']['mainscreen_message_access'] = array(
-		'name' => 'Deny access to mainscreen message',
-		'rights' => array(
-			'Main screen message' => 1,
-			'Login message'       => 2
-		)
-	);	// added and working ralfbecker
+$GLOBALS['acl_manager']['admin']['mainscreen_messa'] = array(
+	'name' => 'Deny access to mainscreen message',
+	'rights' => array(
+		'Main screen message' => 1,
+		'Login message'       => 2
+	)
+);	// added and working ralfbecker

-	$GLOBALS['acl_manager']['admin']['current_sessions_access'] = array(
-		'name' => 'Deny access to current sessions',
-		'rights' => array(
-			'List current sessions'   => 1,
-			'Show current action'     => 2,
-			'Show session IP address' => 4,
-			'Kill session'            => 8
-		)
-	);	// checked and working ralfbecker
+$GLOBALS['acl_manager']['admin']['current_sessions'] = array(
+	'name' => 'Deny access to current sessions',
+	'rights' => array(
+		'List current sessions'   => 1,
+		'Show current action'     => 2,
+		'Show session IP address' => 4,
+		'Kill session'            => 8
+	)
+);	// checked and working ralfbecker

-	$GLOBALS['acl_manager']['admin']['access_log_access'] = array(
-		'name' => 'Deny access to access log',
-		'rights' => array(
-			'Show access log' => 1
-		)
-	);	// added and working ralfbecker
+$GLOBALS['acl_manager']['admin']['access_log_acces'] = array(
+	'name' => 'Deny access to access log',
+	'rights' => array(
+		'Show access log' => 1
+	)
+);	// added and working ralfbecker

-	$GLOBALS['acl_manager']['admin']['error_log_access'] = array(
-		'name' => 'Deny access to error log',
-		'rights' => array(
-			'Show error log' => 1
-		)
-	);	// added and working ralfbecker
+$GLOBALS['acl_manager']['admin']['error_log_access'] = array(
+	'name' => 'Deny access to error log',
+	'rights' => array(
+		'Show error log' => 1
+	)
+);	// added and working ralfbecker

-	$GLOBALS['acl_manager']['admin']['asyncservice_access'] = array(
-		'name' => 'Deny access to asynchronous timed services',
-		'rights' => array(
-			'Asynchronous timed services' => 1
-		)
-	);	// added and working ralfbecker
+$GLOBALS['acl_manager']['admin']['asyncservice_acc'] = array(
+	'name' => 'Deny access to asynchronous timed services',
+	'rights' => array(
+		'Asynchronous timed services' => 1
+	)
+);	// added and working ralfbecker

-	$GLOBALS['acl_manager']['admin']['db_backup_access'] = array(
-		'name' => 'Deny access to DB backup and restore',
-		'rights' => array(
-			'DB backup and restore' => 1
-		)
-	);	// added and working ralfbecker
+$GLOBALS['acl_manager']['admin']['db_backup_access'] = array(
+	'name' => 'Deny access to DB backup and restore',
+	'rights' => array(
+		'DB backup and restore' => 1
+	)
+);	// added and working ralfbecker

-	$GLOBALS['acl_manager']['admin']['info_access'] = array(
-		'name' => 'Deny access to phpinfo',
-		'rights' => array(
-			'Show phpinfo()' => 1
- 		)
- 	);	// added and working ralfbecker
+$GLOBALS['acl_manager']['admin']['info_access'] = array(
+	'name' => 'Deny access to phpinfo',
+	'rights' => array(
+		'Show phpinfo()' => 1
+	)
+);	// added and working ralfbecker

--- a/phpgwapi/setup/tables_update.inc.php
+++ b/phpgwapi/setup/tables_update.inc.php
@ -158,6 +158,13 @@ function phpgwapi_upgrade14_2_004()
 		'type' => 'auto',
 		'nullable' => False
 	));*/
+
+	// shorten all acl_location entries to 16 chars, to not stall update for PostgreSQL
+	$GLOBALS['egw_setup']->db->update('egw_acl', array(
+		'acl_location=SUBSTRING(acl_location FROM 1 FOR 16)',
+		'acl_appname=SUBSTRING(acl_appname FROM 1 FOR 16)',
+	), 'LENGTH(acl_location) > 16 OR LENGTH(acl_appname) > 16', __LINE__, __FILE__);
+
 	$GLOBALS['egw_setup']->oProc->RefreshTable('egw_acl',array(
 		'fd' => array(
 			'acl_appname' => array('type' => 'ascii','precision' => '16','nullable' => False),