first take on new ACL dialog for admin

This commit is contained in:
Ralf Becker 2013-08-26 18:25:43 +00:00
parent 85aae69c69
commit db7d12af4b
14 changed files with 338 additions and 7 deletions

View File

@ -468,4 +468,20 @@ class addressbook_hooks
{
return true;
}
/**
* ACL rights and labels used
*
* @param string|array string with location or array with parameters incl. "location", specially "owner" for selected acl owner
* @return array acl::(READ|ADD|EDIT|DELETE|PRIVAT|CUSTOM(1|2|3)) => $label pairs
*/
public static function acl_rights($params)
{
return array(
acl::READ => 'read',
acl::EDIT => 'edit',
acl::ADD => 'add',
acl::DELETE => 'delete',
);
}
}

View File

@ -46,7 +46,7 @@ $setup_info['addressbook']['hooks'][] = 'config';
$setup_info['addressbook']['hooks']['group_acl'] = 'addressbook_hooks::group_acl';
$setup_info['addressbook']['hooks']['not_enum_group_acls'] = 'addressbook_hooks::not_enum_group_acls';
$setup_info['addressbook']['hooks']['export_limit'] = 'addressbook_hooks::getAppExportLimit';
$setup_info['addressbook']['hooks']['acl_rights'] = 'addressbook_hooks::acl_rights';
/* Dependencies for this app to work */
$setup_info['addressbook']['depends'][] = array(

View File

@ -0,0 +1,170 @@
<?php
/**
* EGroupware: Admin app ACL
*
* @link http://www.egroupware.org
* @author Ralf Becker <rb@stylite.de>
* @package admin
* @copyright (c) 2013 by Ralf Becker <rb@stylite.de>
* @license http://opensource.org/licenses/gpl-license.php GPL - GNU General Public License
* @version $Id$
*/
require_once EGW_INCLUDE_ROOT.'/etemplate/inc/class.etemplate.inc.php';
/**
* UI for admin
*/
class admin_acl
{
/**
* Methods callable via menuaction
* @var array
*/
public $public_functions = array(
'index' => true,
);
/**
* Callback for nextmatch to fetch acl
*
* @param array $query
* @param array &$rows=null
* @return int total number of rows available
*/
public static function get_rows(array $query, array &$rows=null)
{
$so_sql = new so_sql('phpgwapi', acl::TABLE, null, '', true);
$memberships = $GLOBALS['egw']->accounts->memberships($query['account_id'], true);
$memberships[] = $query['account_id'];
if ($GLOBALS['egw_info']['user']['preferences']['admin']['acl_filter'] != $query['filter'])
{
$GLOBALS['egw']->preferences->add('admin', 'acl_filter', $query['filter']);
$GLOBALS['egw']->preferences->save_repository(false,'user',false);
}
switch($query['filter'])
{
default:
case 'run':
$query['col_filter']['acl_location'] = 'run';
$query['col_filter']['acl_account'] = $memberships;
break;
case 'own':
$query['col_filter'][] = "acl_location!='run'";
$query['col_filter']['acl_account'] = $memberships;
break;
case 'other':
$query['col_filter']['acl_location'] = $query['account_id'];
break;
}
$total = $so_sql->get_rows($query, $rows, $readonlys);
static $rights = array(
acl::READ => 'read',
acl::ADD => 'add',
acl::EDIT => 'edit',
acl::DELETE => 'delete',
acl::PRIVAT => 'private',
acl::CUSTOM1 => 'custom 1',
acl::CUSTOM2 => 'custom 2',
acl::CUSTOM3 => 'custom 3',
);
$app_rights = $GLOBALS['egw']->hooks->process(array(
'location' => 'acl_rights',
'owner' => $query['account_id'],
), array(), true);
foreach($rows as $n => &$row)
{
// generate a row-id
$row['id'] = $row['acl_appname'].'-'.$row['acl_account'].'-'.$row['acl_location'];
if ($query['filter'] == 'run')
{
$row['acl1'] = lang('run');
}
else
{
if ($app !== $row['acl_appname']) translation::add_app($row['app_name']);
foreach(isset($app_rights[$row['acl_appname']]) ? $app_rights[$row['acl_appname']] : $rights as $val => $label)
{
if ($row['acl_rights'] & $val)
{
$row['acl'.$val] = lang($label);
}
}
}
error_log(__METHOD__."() $n: ".array2string($row));
}
error_log(__METHOD__."(".array2string($query).") returning ".$total);
return $total;
}
/**
* New index page
*
* @param array $content
* @param string $msg
*/
public function index(array $content=null, $msg='')
{
$tpl = new etemplate_new('admin.acl');
$content = array();
$content['nm'] = array(
'get_rows' => 'admin_acl::get_rows',
'no_cat' => true,
'filter' => $GLOBALS['egw_info']['user']['preferences']['admin']['acl_filter'],
'no_filter2' => true,
'lettersearch' => false,
//'order' => 'account_lid',
'sort' => 'ASC',
'row_id' => 'id',
//'default_cols' => '!account_id,account_created',
'actions' => self::get_actions(),
);
if (isset($_GET['account_id']) && (int)$_GET['account_id'])
{
$content['nm']['account_id'] = (int)$_GET['account_id'];
$content['nm']['acl_app'] = ''; // show app run rights
$content['nm']['order'] = 'acl_appname';
}
$sel_options = array(
'filter' => array(
'other' => 'Rights granted to others',
'own' => 'Own rights granted from others',
'run' => 'Run rights for applications',
),
);
$tpl->exec('admin.admin_acl.index', $content, $sel_options);
}
/**
* Get actions for ACL
*
* @return array
*/
static function get_actions()
{
return array(
'edit' => array(
'caption' => 'Edit ACL',
'default' => true,
'allowOnMultiple' => false,
),
'add' => array(
'caption' => 'Add ACL',
),
'delete' => array(
'confirm' => 'Delete this ACL',
'caption' => 'Delete ACL',
'disableClass' => 'rowNoEdit',
),
);
}
}

View File

@ -85,7 +85,13 @@ class admin_ui
'onExecute' => 'javaScript:app.admin.group',
'caption' => 'Edit group',
'enableId' => '^/groups/-\\d+',
),
),
'acl' => array(
'onExecute' => 'javaScript:app.admin.group',
'caption' => 'Access control',
'enableId' => '^/groups/-\\d+',
'icon' => 'lock',
),
'delete' => array(
'onExecute' => 'javaScript:app.admin.group',
'confirm' => 'Delete this group',
@ -121,6 +127,14 @@ class admin_ui
'group' => $group,
'onExecute' => 'javaScript:app.admin.iframe_location',
),
'acl' => array(
'caption' => 'Access control',
'allowOnMultiple' => false,
'url' => 'menuaction=admin.admin_acl.index&account_id=$id',
'group' => $group,
'onExecute' => 'javaScript:app.admin.iframe_location',
'icon' => 'lock',
),
);
++$group;
// supporting both old way using $GLOBALS['menuData'] and new just returning data in hook

View File

@ -168,6 +168,14 @@ app.admin = AppJS.extend(
account_id: _senders[0].id.split('/')[2]
}));
break;
case 'acl':
this.splitter.dock();
this.iframe.set_src(egw.link('/index.php', {
menuaction: 'admin.admin_acl.index',
account_id: _senders[0].id.split('/')[2]
}));
break;
}
},

View File

@ -0,0 +1,58 @@
<?xml version="1.0"?>
<!-- $Id$ -->
<overlay>
<template id="admin.acl.rows" template="" lang="" group="0" version="1.9.001">
<grid width="100%">
<columns>
<column width="24"/>
<column/>
<column/>
<column/>
<column/>
<column/>
<column/>
<column/>
<column/>
<column/>
<column/>
<column/>
</columns>
<rows>
<row>
<description/>
<nextmatch-customfilter id="acl_appname" options="select-app,Application"/>
<nextmatch-accountfilter id="acl_location" options="Location"/>
<nextmatch-accountfilter id="acl_account" options="All accounts"/>
<nextmatch-header label="Rights" span="all"/>
</row>
<row>
<image align="center" src="$row_cont[acl_appname]/navbar" class="admin_aclApp"/>
<menulist>
<menupopup type="select-app" id="${row}[acl_appname]" readonly="true"/>
</menulist>
<menulist>
<menupopup type="select-account" id="${row}[acl_location]" readonly="true"/>
</menulist>
<menulist>
<menupopup type="select-account" id="${row}[acl_account]" readonly="true"/>
</menulist>
<description id="${row}[acl1]"/>
<description id="${row}[acl2]"/>
<description id="${row}[acl4]"/>
<description id="${row}[acl8]"/>
<description id="${row}[acl16]"/>
<description id="${row}[acl64]"/>
<description id="${row}[acl128]"/>
<description id="${row}[acl256]"/>
</row>
</rows>
</grid>
</template>
<template id="admin.acl" template="" lang="" group="0" version="1.9.001">
<vbox>
<description id="msg" class="message"/>
<nextmatch id="nm" template="admin.acl.rows"/>
<description/>
</vbox>
</template>
</overlay>

View File

@ -37,3 +37,7 @@ tr.adminAccountInactive .adminStatus {
overflow: hidden;
text-overflow: ellipsis;
}
img.admin_aclApp {
width: 16px;
}

View File

@ -5,7 +5,7 @@
* @link http://www.egroupware.org
* @package calendar
* @author Ralf Becker <RalfBecker-AT-outdoor-training.de>
* @copyright (c) 2004-11 by RalfBecker-At-outdoor-training.de
* @copyright (c) 2004-13 by RalfBecker-At-outdoor-training.de
* @license http://opensource.org/licenses/gpl-license.php GPL - GNU General Public License
* @version $Id$
*/
@ -707,9 +707,36 @@ class calendar_hooks
return $settings;
}
public static function config_validate() {
public static function config_validate()
{
$GLOBALS['egw_info']['server']['found_validation_hook'] = True;
}
/**
* ACL rights and labels used
*
* @param string|array string with location or array with parameters incl. "location", specially "owner" for selected acl owner
* @return array acl::(READ|ADD|EDIT|DELETE|PRIVAT|CUSTOM(1|2|3)) => $label pairs
*/
public static function acl_rights($params)
{
$rights = array(
acl::CUSTOM2 => 'freebusy',
acl::CUSTOM3 => 'invite',
acl::READ => 'read',
acl::ADD => 'add',
acl::EDIT => 'edit',
acl::DELETE => 'delete',
acl::PRIVAT => 'private',
);
$require_acl_invite = $GLOBALS['egw_info']['server']['require_acl_invite'];
if (!$require_acl_invite || $require_acl_invite == 'groups' && !($params['owner'] < 0))
{
unset($rights[acl::CUSTOM3]);
}
return $rights;
}
}
// Not part of the class, since config hooks are still using the old style

View File

@ -45,6 +45,7 @@ $setup_info['calendar']['hooks']['config_validate'] = 'calendar_hooks::config_va
$setup_info['calendar']['hooks']['timesheet_set'] = 'calendar.calendar_bo.timesheet_set';
$setup_info['calendar']['hooks']['infolog_set'] = 'calendar.calendar_bo.infolog_set';
$setup_info['calendar']['hooks']['export_limit'] = 'calendar_hooks::getAppExportLimit';
$setup_info['calendar']['hooks']['acl_rights'] = 'calendar_hooks::acl_rights';
/* Dependencies for this app to work */
$setup_info['calendar']['depends'][] = array(

View File

@ -5,7 +5,7 @@
* @link http://www.egroupware.org
* @author Ralf Becker <RalfBecker-AT-outdoor-training.de>
* @package infolog
* @copyright (c) 2003-12 by Ralf Becker <RalfBecker-AT-outdoor-training.de>
* @copyright (c) 2003-13 by Ralf Becker <RalfBecker-AT-outdoor-training.de>
* @license http://opensource.org/licenses/gpl-license.php GPL - GNU General Public License
* @version $Id$
*/
@ -557,4 +557,21 @@ class infolog_hooks
}
}
}
/**
* ACL rights and labels used
*
* @param string|array string with location or array with parameters incl. "location", specially "owner" for selected acl owner
* @return array acl::(READ|ADD|EDIT|DELETE|PRIVAT|CUSTOM(1|2|3)) => $label pairs
*/
public static function acl_rights($params)
{
return array(
acl::READ => 'read',
acl::ADD => 'add',
acl::EDIT => 'edit',
acl::DELETE => 'delete',
acl::PRIVAT => 'private',
);
}
}

View File

@ -6,7 +6,7 @@
* @author Ralf Becker <RalfBecker-AT-outdoor-training.de>
* @package infolog
* @subpackage setup
* @copyright (c) 2003-11 by Ralf Becker <RalfBecker-AT-outdoor-training.de>
* @copyright (c) 2003-13 by Ralf Becker <RalfBecker-AT-outdoor-training.de>
* @license http://opensource.org/licenses/gpl-license.php GPL - GNU General Public License
* @version $Id$
*/
@ -50,6 +50,7 @@ $setup_info['infolog']['hooks']['settings'] = 'infolog_hooks::settings';
$setup_info['infolog']['hooks']['verify_settings'] = 'infolog_hooks::verify_settings';
$setup_info['infolog']['hooks']['admin'] = 'infolog_hooks::all_hooks';
$setup_info['infolog']['hooks']['not_enum_group_acls'] = 'infolog_hooks::not_enum_group_acls';
$setup_info['infolog']['hooks']['acl_rights'] = 'infolog_hooks::acl_rights';
$setup_info['infolog']['hooks']['deleteaccount'] = 'infolog.infolog_so.change_delete_owner';
$setup_info['infolog']['hooks'][] = 'home';
$setup_info['infolog']['hooks']['addressbook_view'] = 'infolog.infolog_ui.hook_view';

Binary file not shown.

After

Width:  |  Height:  |  Size: 566 B

View File

@ -5,7 +5,7 @@
* @link http://www.egroupware.org
* @author Ralf Becker <RalfBecker-AT-outdoor-training.de>
* @package timesheet
* @copyright (c) 2005-11 by Ralf Becker <RalfBecker-AT-outdoor-training.de>
* @copyright (c) 2005-13 by Ralf Becker <RalfBecker-AT-outdoor-training.de>
* @license http://opensource.org/licenses/gpl-license.php GPL - GNU General Public License
* @version $Id$
*/
@ -242,4 +242,18 @@ class timesheet_hooks
return $settings;
}
/**
* ACL rights and labels used by Calendar
*
* @param string|array string with location or array with parameters incl. "location", specially "owner" for selected acl owner
*/
public static function acl_rights($params)
{
return array(
acl::READ => 'read',
acl::EDIT => 'edit',
acl::DELETE => 'delete',
);
}
}

View File

@ -45,6 +45,7 @@ $setup_info[TIMESHEET_APP]['hooks']['sidebox_menu'] = 'timesheet_hooks::all_hook
$setup_info[TIMESHEET_APP]['hooks']['search_link'] = 'timesheet_hooks::search_link';
$setup_info[TIMESHEET_APP]['hooks']['pm_cumulate'] = 'timesheet_hooks::cumulate';
$setup_info[TIMESHEET_APP]['hooks']['deleteaccount'] = 'timesheet.timesheet_bo.deleteaccount';
$setup_info[TIMESHEET_APP]['hooks']['acl_rights'] = 'timesheet_hooks::acl_rights';
/* Dependencies for this app to work */
$setup_info[TIMESHEET_APP]['depends'][] = array(