mirror of
https://github.com/EGroupware/egroupware.git
synced 2024-12-24 15:49:06 +01:00
first take on new ACL dialog for admin
This commit is contained in:
parent
85aae69c69
commit
db7d12af4b
@ -468,4 +468,20 @@ class addressbook_hooks
|
||||
{
|
||||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
* ACL rights and labels used
|
||||
*
|
||||
* @param string|array string with location or array with parameters incl. "location", specially "owner" for selected acl owner
|
||||
* @return array acl::(READ|ADD|EDIT|DELETE|PRIVAT|CUSTOM(1|2|3)) => $label pairs
|
||||
*/
|
||||
public static function acl_rights($params)
|
||||
{
|
||||
return array(
|
||||
acl::READ => 'read',
|
||||
acl::EDIT => 'edit',
|
||||
acl::ADD => 'add',
|
||||
acl::DELETE => 'delete',
|
||||
);
|
||||
}
|
||||
}
|
||||
|
@ -46,7 +46,7 @@ $setup_info['addressbook']['hooks'][] = 'config';
|
||||
$setup_info['addressbook']['hooks']['group_acl'] = 'addressbook_hooks::group_acl';
|
||||
$setup_info['addressbook']['hooks']['not_enum_group_acls'] = 'addressbook_hooks::not_enum_group_acls';
|
||||
$setup_info['addressbook']['hooks']['export_limit'] = 'addressbook_hooks::getAppExportLimit';
|
||||
|
||||
$setup_info['addressbook']['hooks']['acl_rights'] = 'addressbook_hooks::acl_rights';
|
||||
|
||||
/* Dependencies for this app to work */
|
||||
$setup_info['addressbook']['depends'][] = array(
|
||||
|
170
admin/inc/class.admin_acl.inc.php
Normal file
170
admin/inc/class.admin_acl.inc.php
Normal file
@ -0,0 +1,170 @@
|
||||
<?php
|
||||
/**
|
||||
* EGroupware: Admin app ACL
|
||||
*
|
||||
* @link http://www.egroupware.org
|
||||
* @author Ralf Becker <rb@stylite.de>
|
||||
* @package admin
|
||||
* @copyright (c) 2013 by Ralf Becker <rb@stylite.de>
|
||||
* @license http://opensource.org/licenses/gpl-license.php GPL - GNU General Public License
|
||||
* @version $Id$
|
||||
*/
|
||||
|
||||
require_once EGW_INCLUDE_ROOT.'/etemplate/inc/class.etemplate.inc.php';
|
||||
|
||||
/**
|
||||
* UI for admin
|
||||
*/
|
||||
class admin_acl
|
||||
{
|
||||
/**
|
||||
* Methods callable via menuaction
|
||||
* @var array
|
||||
*/
|
||||
public $public_functions = array(
|
||||
'index' => true,
|
||||
);
|
||||
|
||||
/**
|
||||
* Callback for nextmatch to fetch acl
|
||||
*
|
||||
* @param array $query
|
||||
* @param array &$rows=null
|
||||
* @return int total number of rows available
|
||||
*/
|
||||
public static function get_rows(array $query, array &$rows=null)
|
||||
{
|
||||
$so_sql = new so_sql('phpgwapi', acl::TABLE, null, '', true);
|
||||
|
||||
$memberships = $GLOBALS['egw']->accounts->memberships($query['account_id'], true);
|
||||
$memberships[] = $query['account_id'];
|
||||
|
||||
if ($GLOBALS['egw_info']['user']['preferences']['admin']['acl_filter'] != $query['filter'])
|
||||
{
|
||||
$GLOBALS['egw']->preferences->add('admin', 'acl_filter', $query['filter']);
|
||||
$GLOBALS['egw']->preferences->save_repository(false,'user',false);
|
||||
}
|
||||
switch($query['filter'])
|
||||
{
|
||||
default:
|
||||
case 'run':
|
||||
$query['col_filter']['acl_location'] = 'run';
|
||||
$query['col_filter']['acl_account'] = $memberships;
|
||||
break;
|
||||
case 'own':
|
||||
$query['col_filter'][] = "acl_location!='run'";
|
||||
$query['col_filter']['acl_account'] = $memberships;
|
||||
break;
|
||||
|
||||
case 'other':
|
||||
$query['col_filter']['acl_location'] = $query['account_id'];
|
||||
break;
|
||||
}
|
||||
|
||||
$total = $so_sql->get_rows($query, $rows, $readonlys);
|
||||
|
||||
static $rights = array(
|
||||
acl::READ => 'read',
|
||||
acl::ADD => 'add',
|
||||
acl::EDIT => 'edit',
|
||||
acl::DELETE => 'delete',
|
||||
acl::PRIVAT => 'private',
|
||||
acl::CUSTOM1 => 'custom 1',
|
||||
acl::CUSTOM2 => 'custom 2',
|
||||
acl::CUSTOM3 => 'custom 3',
|
||||
);
|
||||
|
||||
$app_rights = $GLOBALS['egw']->hooks->process(array(
|
||||
'location' => 'acl_rights',
|
||||
'owner' => $query['account_id'],
|
||||
), array(), true);
|
||||
|
||||
foreach($rows as $n => &$row)
|
||||
{
|
||||
// generate a row-id
|
||||
$row['id'] = $row['acl_appname'].'-'.$row['acl_account'].'-'.$row['acl_location'];
|
||||
|
||||
if ($query['filter'] == 'run')
|
||||
{
|
||||
$row['acl1'] = lang('run');
|
||||
}
|
||||
else
|
||||
{
|
||||
if ($app !== $row['acl_appname']) translation::add_app($row['app_name']);
|
||||
foreach(isset($app_rights[$row['acl_appname']]) ? $app_rights[$row['acl_appname']] : $rights as $val => $label)
|
||||
{
|
||||
if ($row['acl_rights'] & $val)
|
||||
{
|
||||
$row['acl'.$val] = lang($label);
|
||||
}
|
||||
}
|
||||
}
|
||||
error_log(__METHOD__."() $n: ".array2string($row));
|
||||
}
|
||||
error_log(__METHOD__."(".array2string($query).") returning ".$total);
|
||||
return $total;
|
||||
}
|
||||
|
||||
/**
|
||||
* New index page
|
||||
*
|
||||
* @param array $content
|
||||
* @param string $msg
|
||||
*/
|
||||
public function index(array $content=null, $msg='')
|
||||
{
|
||||
$tpl = new etemplate_new('admin.acl');
|
||||
|
||||
$content = array();
|
||||
$content['nm'] = array(
|
||||
'get_rows' => 'admin_acl::get_rows',
|
||||
'no_cat' => true,
|
||||
'filter' => $GLOBALS['egw_info']['user']['preferences']['admin']['acl_filter'],
|
||||
'no_filter2' => true,
|
||||
'lettersearch' => false,
|
||||
//'order' => 'account_lid',
|
||||
'sort' => 'ASC',
|
||||
'row_id' => 'id',
|
||||
//'default_cols' => '!account_id,account_created',
|
||||
'actions' => self::get_actions(),
|
||||
);
|
||||
if (isset($_GET['account_id']) && (int)$_GET['account_id'])
|
||||
{
|
||||
$content['nm']['account_id'] = (int)$_GET['account_id'];
|
||||
$content['nm']['acl_app'] = ''; // show app run rights
|
||||
$content['nm']['order'] = 'acl_appname';
|
||||
}
|
||||
$sel_options = array(
|
||||
'filter' => array(
|
||||
'other' => 'Rights granted to others',
|
||||
'own' => 'Own rights granted from others',
|
||||
'run' => 'Run rights for applications',
|
||||
),
|
||||
);
|
||||
$tpl->exec('admin.admin_acl.index', $content, $sel_options);
|
||||
}
|
||||
|
||||
/**
|
||||
* Get actions for ACL
|
||||
*
|
||||
* @return array
|
||||
*/
|
||||
static function get_actions()
|
||||
{
|
||||
return array(
|
||||
'edit' => array(
|
||||
'caption' => 'Edit ACL',
|
||||
'default' => true,
|
||||
'allowOnMultiple' => false,
|
||||
),
|
||||
'add' => array(
|
||||
'caption' => 'Add ACL',
|
||||
),
|
||||
'delete' => array(
|
||||
'confirm' => 'Delete this ACL',
|
||||
'caption' => 'Delete ACL',
|
||||
'disableClass' => 'rowNoEdit',
|
||||
),
|
||||
);
|
||||
}
|
||||
}
|
@ -85,7 +85,13 @@ class admin_ui
|
||||
'onExecute' => 'javaScript:app.admin.group',
|
||||
'caption' => 'Edit group',
|
||||
'enableId' => '^/groups/-\\d+',
|
||||
),
|
||||
),
|
||||
'acl' => array(
|
||||
'onExecute' => 'javaScript:app.admin.group',
|
||||
'caption' => 'Access control',
|
||||
'enableId' => '^/groups/-\\d+',
|
||||
'icon' => 'lock',
|
||||
),
|
||||
'delete' => array(
|
||||
'onExecute' => 'javaScript:app.admin.group',
|
||||
'confirm' => 'Delete this group',
|
||||
@ -121,6 +127,14 @@ class admin_ui
|
||||
'group' => $group,
|
||||
'onExecute' => 'javaScript:app.admin.iframe_location',
|
||||
),
|
||||
'acl' => array(
|
||||
'caption' => 'Access control',
|
||||
'allowOnMultiple' => false,
|
||||
'url' => 'menuaction=admin.admin_acl.index&account_id=$id',
|
||||
'group' => $group,
|
||||
'onExecute' => 'javaScript:app.admin.iframe_location',
|
||||
'icon' => 'lock',
|
||||
),
|
||||
);
|
||||
++$group;
|
||||
// supporting both old way using $GLOBALS['menuData'] and new just returning data in hook
|
||||
|
@ -168,6 +168,14 @@ app.admin = AppJS.extend(
|
||||
account_id: _senders[0].id.split('/')[2]
|
||||
}));
|
||||
break;
|
||||
|
||||
case 'acl':
|
||||
this.splitter.dock();
|
||||
this.iframe.set_src(egw.link('/index.php', {
|
||||
menuaction: 'admin.admin_acl.index',
|
||||
account_id: _senders[0].id.split('/')[2]
|
||||
}));
|
||||
break;
|
||||
}
|
||||
},
|
||||
|
||||
|
58
admin/templates/default/acl.xet
Normal file
58
admin/templates/default/acl.xet
Normal file
@ -0,0 +1,58 @@
|
||||
<?xml version="1.0"?>
|
||||
<!-- $Id$ -->
|
||||
<overlay>
|
||||
<template id="admin.acl.rows" template="" lang="" group="0" version="1.9.001">
|
||||
<grid width="100%">
|
||||
<columns>
|
||||
<column width="24"/>
|
||||
<column/>
|
||||
<column/>
|
||||
<column/>
|
||||
<column/>
|
||||
<column/>
|
||||
<column/>
|
||||
<column/>
|
||||
<column/>
|
||||
<column/>
|
||||
<column/>
|
||||
<column/>
|
||||
</columns>
|
||||
<rows>
|
||||
<row>
|
||||
<description/>
|
||||
<nextmatch-customfilter id="acl_appname" options="select-app,Application"/>
|
||||
<nextmatch-accountfilter id="acl_location" options="Location"/>
|
||||
<nextmatch-accountfilter id="acl_account" options="All accounts"/>
|
||||
<nextmatch-header label="Rights" span="all"/>
|
||||
</row>
|
||||
<row>
|
||||
<image align="center" src="$row_cont[acl_appname]/navbar" class="admin_aclApp"/>
|
||||
<menulist>
|
||||
<menupopup type="select-app" id="${row}[acl_appname]" readonly="true"/>
|
||||
</menulist>
|
||||
<menulist>
|
||||
<menupopup type="select-account" id="${row}[acl_location]" readonly="true"/>
|
||||
</menulist>
|
||||
<menulist>
|
||||
<menupopup type="select-account" id="${row}[acl_account]" readonly="true"/>
|
||||
</menulist>
|
||||
<description id="${row}[acl1]"/>
|
||||
<description id="${row}[acl2]"/>
|
||||
<description id="${row}[acl4]"/>
|
||||
<description id="${row}[acl8]"/>
|
||||
<description id="${row}[acl16]"/>
|
||||
<description id="${row}[acl64]"/>
|
||||
<description id="${row}[acl128]"/>
|
||||
<description id="${row}[acl256]"/>
|
||||
</row>
|
||||
</rows>
|
||||
</grid>
|
||||
</template>
|
||||
<template id="admin.acl" template="" lang="" group="0" version="1.9.001">
|
||||
<vbox>
|
||||
<description id="msg" class="message"/>
|
||||
<nextmatch id="nm" template="admin.acl.rows"/>
|
||||
<description/>
|
||||
</vbox>
|
||||
</template>
|
||||
</overlay>
|
@ -37,3 +37,7 @@ tr.adminAccountInactive .adminStatus {
|
||||
overflow: hidden;
|
||||
text-overflow: ellipsis;
|
||||
}
|
||||
|
||||
img.admin_aclApp {
|
||||
width: 16px;
|
||||
}
|
||||
|
@ -5,7 +5,7 @@
|
||||
* @link http://www.egroupware.org
|
||||
* @package calendar
|
||||
* @author Ralf Becker <RalfBecker-AT-outdoor-training.de>
|
||||
* @copyright (c) 2004-11 by RalfBecker-At-outdoor-training.de
|
||||
* @copyright (c) 2004-13 by RalfBecker-At-outdoor-training.de
|
||||
* @license http://opensource.org/licenses/gpl-license.php GPL - GNU General Public License
|
||||
* @version $Id$
|
||||
*/
|
||||
@ -707,9 +707,36 @@ class calendar_hooks
|
||||
return $settings;
|
||||
}
|
||||
|
||||
public static function config_validate() {
|
||||
public static function config_validate()
|
||||
{
|
||||
$GLOBALS['egw_info']['server']['found_validation_hook'] = True;
|
||||
}
|
||||
|
||||
/**
|
||||
* ACL rights and labels used
|
||||
*
|
||||
* @param string|array string with location or array with parameters incl. "location", specially "owner" for selected acl owner
|
||||
* @return array acl::(READ|ADD|EDIT|DELETE|PRIVAT|CUSTOM(1|2|3)) => $label pairs
|
||||
*/
|
||||
public static function acl_rights($params)
|
||||
{
|
||||
$rights = array(
|
||||
acl::CUSTOM2 => 'freebusy',
|
||||
acl::CUSTOM3 => 'invite',
|
||||
acl::READ => 'read',
|
||||
acl::ADD => 'add',
|
||||
acl::EDIT => 'edit',
|
||||
acl::DELETE => 'delete',
|
||||
acl::PRIVAT => 'private',
|
||||
);
|
||||
$require_acl_invite = $GLOBALS['egw_info']['server']['require_acl_invite'];
|
||||
|
||||
if (!$require_acl_invite || $require_acl_invite == 'groups' && !($params['owner'] < 0))
|
||||
{
|
||||
unset($rights[acl::CUSTOM3]);
|
||||
}
|
||||
return $rights;
|
||||
}
|
||||
}
|
||||
|
||||
// Not part of the class, since config hooks are still using the old style
|
||||
|
@ -45,6 +45,7 @@ $setup_info['calendar']['hooks']['config_validate'] = 'calendar_hooks::config_va
|
||||
$setup_info['calendar']['hooks']['timesheet_set'] = 'calendar.calendar_bo.timesheet_set';
|
||||
$setup_info['calendar']['hooks']['infolog_set'] = 'calendar.calendar_bo.infolog_set';
|
||||
$setup_info['calendar']['hooks']['export_limit'] = 'calendar_hooks::getAppExportLimit';
|
||||
$setup_info['calendar']['hooks']['acl_rights'] = 'calendar_hooks::acl_rights';
|
||||
|
||||
/* Dependencies for this app to work */
|
||||
$setup_info['calendar']['depends'][] = array(
|
||||
|
@ -5,7 +5,7 @@
|
||||
* @link http://www.egroupware.org
|
||||
* @author Ralf Becker <RalfBecker-AT-outdoor-training.de>
|
||||
* @package infolog
|
||||
* @copyright (c) 2003-12 by Ralf Becker <RalfBecker-AT-outdoor-training.de>
|
||||
* @copyright (c) 2003-13 by Ralf Becker <RalfBecker-AT-outdoor-training.de>
|
||||
* @license http://opensource.org/licenses/gpl-license.php GPL - GNU General Public License
|
||||
* @version $Id$
|
||||
*/
|
||||
@ -557,4 +557,21 @@ class infolog_hooks
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* ACL rights and labels used
|
||||
*
|
||||
* @param string|array string with location or array with parameters incl. "location", specially "owner" for selected acl owner
|
||||
* @return array acl::(READ|ADD|EDIT|DELETE|PRIVAT|CUSTOM(1|2|3)) => $label pairs
|
||||
*/
|
||||
public static function acl_rights($params)
|
||||
{
|
||||
return array(
|
||||
acl::READ => 'read',
|
||||
acl::ADD => 'add',
|
||||
acl::EDIT => 'edit',
|
||||
acl::DELETE => 'delete',
|
||||
acl::PRIVAT => 'private',
|
||||
);
|
||||
}
|
||||
}
|
||||
|
@ -6,7 +6,7 @@
|
||||
* @author Ralf Becker <RalfBecker-AT-outdoor-training.de>
|
||||
* @package infolog
|
||||
* @subpackage setup
|
||||
* @copyright (c) 2003-11 by Ralf Becker <RalfBecker-AT-outdoor-training.de>
|
||||
* @copyright (c) 2003-13 by Ralf Becker <RalfBecker-AT-outdoor-training.de>
|
||||
* @license http://opensource.org/licenses/gpl-license.php GPL - GNU General Public License
|
||||
* @version $Id$
|
||||
*/
|
||||
@ -50,6 +50,7 @@ $setup_info['infolog']['hooks']['settings'] = 'infolog_hooks::settings';
|
||||
$setup_info['infolog']['hooks']['verify_settings'] = 'infolog_hooks::verify_settings';
|
||||
$setup_info['infolog']['hooks']['admin'] = 'infolog_hooks::all_hooks';
|
||||
$setup_info['infolog']['hooks']['not_enum_group_acls'] = 'infolog_hooks::not_enum_group_acls';
|
||||
$setup_info['infolog']['hooks']['acl_rights'] = 'infolog_hooks::acl_rights';
|
||||
$setup_info['infolog']['hooks']['deleteaccount'] = 'infolog.infolog_so.change_delete_owner';
|
||||
$setup_info['infolog']['hooks'][] = 'home';
|
||||
$setup_info['infolog']['hooks']['addressbook_view'] = 'infolog.infolog_ui.hook_view';
|
||||
|
BIN
phpgwapi/templates/default/images/lock.png
Normal file
BIN
phpgwapi/templates/default/images/lock.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 566 B |
@ -5,7 +5,7 @@
|
||||
* @link http://www.egroupware.org
|
||||
* @author Ralf Becker <RalfBecker-AT-outdoor-training.de>
|
||||
* @package timesheet
|
||||
* @copyright (c) 2005-11 by Ralf Becker <RalfBecker-AT-outdoor-training.de>
|
||||
* @copyright (c) 2005-13 by Ralf Becker <RalfBecker-AT-outdoor-training.de>
|
||||
* @license http://opensource.org/licenses/gpl-license.php GPL - GNU General Public License
|
||||
* @version $Id$
|
||||
*/
|
||||
@ -242,4 +242,18 @@ class timesheet_hooks
|
||||
|
||||
return $settings;
|
||||
}
|
||||
|
||||
/**
|
||||
* ACL rights and labels used by Calendar
|
||||
*
|
||||
* @param string|array string with location or array with parameters incl. "location", specially "owner" for selected acl owner
|
||||
*/
|
||||
public static function acl_rights($params)
|
||||
{
|
||||
return array(
|
||||
acl::READ => 'read',
|
||||
acl::EDIT => 'edit',
|
||||
acl::DELETE => 'delete',
|
||||
);
|
||||
}
|
||||
}
|
||||
|
@ -45,6 +45,7 @@ $setup_info[TIMESHEET_APP]['hooks']['sidebox_menu'] = 'timesheet_hooks::all_hook
|
||||
$setup_info[TIMESHEET_APP]['hooks']['search_link'] = 'timesheet_hooks::search_link';
|
||||
$setup_info[TIMESHEET_APP]['hooks']['pm_cumulate'] = 'timesheet_hooks::cumulate';
|
||||
$setup_info[TIMESHEET_APP]['hooks']['deleteaccount'] = 'timesheet.timesheet_bo.deleteaccount';
|
||||
$setup_info[TIMESHEET_APP]['hooks']['acl_rights'] = 'timesheet_hooks::acl_rights';
|
||||
|
||||
/* Dependencies for this app to work */
|
||||
$setup_info[TIMESHEET_APP]['depends'][] = array(
|
||||
|
Loading…
Reference in New Issue
Block a user