From db7d12af4b7defcb941dac469e05598fcd16f370 Mon Sep 17 00:00:00 2001 From: Ralf Becker Date: Mon, 26 Aug 2013 18:25:43 +0000 Subject: [PATCH] first take on new ACL dialog for admin --- .../inc/class.addressbook_hooks.inc.php | 16 ++ addressbook/setup/setup.inc.php | 2 +- admin/inc/class.admin_acl.inc.php | 170 ++++++++++++++++++ admin/inc/class.admin_ui.inc.php | 16 +- admin/js/app.js | 8 + admin/templates/default/acl.xet | 58 ++++++ admin/templates/default/app.css | 4 + calendar/inc/class.calendar_hooks.inc.php | 31 +++- calendar/setup/setup.inc.php | 1 + infolog/inc/class.infolog_hooks.inc.php | 19 +- infolog/setup/setup.inc.php | 3 +- phpgwapi/templates/default/images/lock.png | Bin 0 -> 566 bytes timesheet/inc/class.timesheet_hooks.inc.php | 16 +- timesheet/setup/setup.inc.php | 1 + 14 files changed, 338 insertions(+), 7 deletions(-) create mode 100644 admin/inc/class.admin_acl.inc.php create mode 100644 admin/templates/default/acl.xet create mode 100644 phpgwapi/templates/default/images/lock.png diff --git a/addressbook/inc/class.addressbook_hooks.inc.php b/addressbook/inc/class.addressbook_hooks.inc.php index c7ba6ae8b2..d5bc3e3264 100644 --- a/addressbook/inc/class.addressbook_hooks.inc.php +++ b/addressbook/inc/class.addressbook_hooks.inc.php @@ -468,4 +468,20 @@ class addressbook_hooks { return true; } + + /** + * ACL rights and labels used + * + * @param string|array string with location or array with parameters incl. "location", specially "owner" for selected acl owner + * @return array acl::(READ|ADD|EDIT|DELETE|PRIVAT|CUSTOM(1|2|3)) => $label pairs + */ + public static function acl_rights($params) + { + return array( + acl::READ => 'read', + acl::EDIT => 'edit', + acl::ADD => 'add', + acl::DELETE => 'delete', + ); + } } diff --git a/addressbook/setup/setup.inc.php b/addressbook/setup/setup.inc.php index 9ebcfc868c..7efa7dc3ec 100755 --- a/addressbook/setup/setup.inc.php +++ b/addressbook/setup/setup.inc.php @@ -46,7 +46,7 @@ $setup_info['addressbook']['hooks'][] = 'config'; $setup_info['addressbook']['hooks']['group_acl'] = 'addressbook_hooks::group_acl'; $setup_info['addressbook']['hooks']['not_enum_group_acls'] = 'addressbook_hooks::not_enum_group_acls'; $setup_info['addressbook']['hooks']['export_limit'] = 'addressbook_hooks::getAppExportLimit'; - +$setup_info['addressbook']['hooks']['acl_rights'] = 'addressbook_hooks::acl_rights'; /* Dependencies for this app to work */ $setup_info['addressbook']['depends'][] = array( diff --git a/admin/inc/class.admin_acl.inc.php b/admin/inc/class.admin_acl.inc.php new file mode 100644 index 0000000000..5bcaba37d2 --- /dev/null +++ b/admin/inc/class.admin_acl.inc.php @@ -0,0 +1,170 @@ + + * @package admin + * @copyright (c) 2013 by Ralf Becker + * @license http://opensource.org/licenses/gpl-license.php GPL - GNU General Public License + * @version $Id$ + */ + +require_once EGW_INCLUDE_ROOT.'/etemplate/inc/class.etemplate.inc.php'; + +/** + * UI for admin + */ +class admin_acl +{ + /** + * Methods callable via menuaction + * @var array + */ + public $public_functions = array( + 'index' => true, + ); + + /** + * Callback for nextmatch to fetch acl + * + * @param array $query + * @param array &$rows=null + * @return int total number of rows available + */ + public static function get_rows(array $query, array &$rows=null) + { + $so_sql = new so_sql('phpgwapi', acl::TABLE, null, '', true); + + $memberships = $GLOBALS['egw']->accounts->memberships($query['account_id'], true); + $memberships[] = $query['account_id']; + + if ($GLOBALS['egw_info']['user']['preferences']['admin']['acl_filter'] != $query['filter']) + { + $GLOBALS['egw']->preferences->add('admin', 'acl_filter', $query['filter']); + $GLOBALS['egw']->preferences->save_repository(false,'user',false); + } + switch($query['filter']) + { + default: + case 'run': + $query['col_filter']['acl_location'] = 'run'; + $query['col_filter']['acl_account'] = $memberships; + break; + case 'own': + $query['col_filter'][] = "acl_location!='run'"; + $query['col_filter']['acl_account'] = $memberships; + break; + + case 'other': + $query['col_filter']['acl_location'] = $query['account_id']; + break; + } + + $total = $so_sql->get_rows($query, $rows, $readonlys); + + static $rights = array( + acl::READ => 'read', + acl::ADD => 'add', + acl::EDIT => 'edit', + acl::DELETE => 'delete', + acl::PRIVAT => 'private', + acl::CUSTOM1 => 'custom 1', + acl::CUSTOM2 => 'custom 2', + acl::CUSTOM3 => 'custom 3', + ); + + $app_rights = $GLOBALS['egw']->hooks->process(array( + 'location' => 'acl_rights', + 'owner' => $query['account_id'], + ), array(), true); + + foreach($rows as $n => &$row) + { + // generate a row-id + $row['id'] = $row['acl_appname'].'-'.$row['acl_account'].'-'.$row['acl_location']; + + if ($query['filter'] == 'run') + { + $row['acl1'] = lang('run'); + } + else + { + if ($app !== $row['acl_appname']) translation::add_app($row['app_name']); + foreach(isset($app_rights[$row['acl_appname']]) ? $app_rights[$row['acl_appname']] : $rights as $val => $label) + { + if ($row['acl_rights'] & $val) + { + $row['acl'.$val] = lang($label); + } + } + } + error_log(__METHOD__."() $n: ".array2string($row)); + } + error_log(__METHOD__."(".array2string($query).") returning ".$total); + return $total; + } + + /** + * New index page + * + * @param array $content + * @param string $msg + */ + public function index(array $content=null, $msg='') + { + $tpl = new etemplate_new('admin.acl'); + + $content = array(); + $content['nm'] = array( + 'get_rows' => 'admin_acl::get_rows', + 'no_cat' => true, + 'filter' => $GLOBALS['egw_info']['user']['preferences']['admin']['acl_filter'], + 'no_filter2' => true, + 'lettersearch' => false, + //'order' => 'account_lid', + 'sort' => 'ASC', + 'row_id' => 'id', + //'default_cols' => '!account_id,account_created', + 'actions' => self::get_actions(), + ); + if (isset($_GET['account_id']) && (int)$_GET['account_id']) + { + $content['nm']['account_id'] = (int)$_GET['account_id']; + $content['nm']['acl_app'] = ''; // show app run rights + $content['nm']['order'] = 'acl_appname'; + } + $sel_options = array( + 'filter' => array( + 'other' => 'Rights granted to others', + 'own' => 'Own rights granted from others', + 'run' => 'Run rights for applications', + ), + ); + $tpl->exec('admin.admin_acl.index', $content, $sel_options); + } + + /** + * Get actions for ACL + * + * @return array + */ + static function get_actions() + { + return array( + 'edit' => array( + 'caption' => 'Edit ACL', + 'default' => true, + 'allowOnMultiple' => false, + ), + 'add' => array( + 'caption' => 'Add ACL', + ), + 'delete' => array( + 'confirm' => 'Delete this ACL', + 'caption' => 'Delete ACL', + 'disableClass' => 'rowNoEdit', + ), + ); + } +} diff --git a/admin/inc/class.admin_ui.inc.php b/admin/inc/class.admin_ui.inc.php index 0cd743a9c1..599d4d138c 100644 --- a/admin/inc/class.admin_ui.inc.php +++ b/admin/inc/class.admin_ui.inc.php @@ -85,7 +85,13 @@ class admin_ui 'onExecute' => 'javaScript:app.admin.group', 'caption' => 'Edit group', 'enableId' => '^/groups/-\\d+', - ), + ), + 'acl' => array( + 'onExecute' => 'javaScript:app.admin.group', + 'caption' => 'Access control', + 'enableId' => '^/groups/-\\d+', + 'icon' => 'lock', + ), 'delete' => array( 'onExecute' => 'javaScript:app.admin.group', 'confirm' => 'Delete this group', @@ -121,6 +127,14 @@ class admin_ui 'group' => $group, 'onExecute' => 'javaScript:app.admin.iframe_location', ), + 'acl' => array( + 'caption' => 'Access control', + 'allowOnMultiple' => false, + 'url' => 'menuaction=admin.admin_acl.index&account_id=$id', + 'group' => $group, + 'onExecute' => 'javaScript:app.admin.iframe_location', + 'icon' => 'lock', + ), ); ++$group; // supporting both old way using $GLOBALS['menuData'] and new just returning data in hook diff --git a/admin/js/app.js b/admin/js/app.js index 8b1950486f..95256a861a 100644 --- a/admin/js/app.js +++ b/admin/js/app.js @@ -168,6 +168,14 @@ app.admin = AppJS.extend( account_id: _senders[0].id.split('/')[2] })); break; + + case 'acl': + this.splitter.dock(); + this.iframe.set_src(egw.link('/index.php', { + menuaction: 'admin.admin_acl.index', + account_id: _senders[0].id.split('/')[2] + })); + break; } }, diff --git a/admin/templates/default/acl.xet b/admin/templates/default/acl.xet new file mode 100644 index 0000000000..2eceff621c --- /dev/null +++ b/admin/templates/default/acl.xet @@ -0,0 +1,58 @@ + + + + + + \ No newline at end of file diff --git a/admin/templates/default/app.css b/admin/templates/default/app.css index cc6f34cba4..d9c47d027d 100644 --- a/admin/templates/default/app.css +++ b/admin/templates/default/app.css @@ -37,3 +37,7 @@ tr.adminAccountInactive .adminStatus { overflow: hidden; text-overflow: ellipsis; } + +img.admin_aclApp { + width: 16px; +} diff --git a/calendar/inc/class.calendar_hooks.inc.php b/calendar/inc/class.calendar_hooks.inc.php index e00d7b78b0..ef6db9964d 100644 --- a/calendar/inc/class.calendar_hooks.inc.php +++ b/calendar/inc/class.calendar_hooks.inc.php @@ -5,7 +5,7 @@ * @link http://www.egroupware.org * @package calendar * @author Ralf Becker - * @copyright (c) 2004-11 by RalfBecker-At-outdoor-training.de + * @copyright (c) 2004-13 by RalfBecker-At-outdoor-training.de * @license http://opensource.org/licenses/gpl-license.php GPL - GNU General Public License * @version $Id$ */ @@ -707,9 +707,36 @@ class calendar_hooks return $settings; } - public static function config_validate() { + public static function config_validate() + { $GLOBALS['egw_info']['server']['found_validation_hook'] = True; } + + /** + * ACL rights and labels used + * + * @param string|array string with location or array with parameters incl. "location", specially "owner" for selected acl owner + * @return array acl::(READ|ADD|EDIT|DELETE|PRIVAT|CUSTOM(1|2|3)) => $label pairs + */ + public static function acl_rights($params) + { + $rights = array( + acl::CUSTOM2 => 'freebusy', + acl::CUSTOM3 => 'invite', + acl::READ => 'read', + acl::ADD => 'add', + acl::EDIT => 'edit', + acl::DELETE => 'delete', + acl::PRIVAT => 'private', + ); + $require_acl_invite = $GLOBALS['egw_info']['server']['require_acl_invite']; + + if (!$require_acl_invite || $require_acl_invite == 'groups' && !($params['owner'] < 0)) + { + unset($rights[acl::CUSTOM3]); + } + return $rights; + } } // Not part of the class, since config hooks are still using the old style diff --git a/calendar/setup/setup.inc.php b/calendar/setup/setup.inc.php index 9f5968d69c..12e86dee01 100755 --- a/calendar/setup/setup.inc.php +++ b/calendar/setup/setup.inc.php @@ -45,6 +45,7 @@ $setup_info['calendar']['hooks']['config_validate'] = 'calendar_hooks::config_va $setup_info['calendar']['hooks']['timesheet_set'] = 'calendar.calendar_bo.timesheet_set'; $setup_info['calendar']['hooks']['infolog_set'] = 'calendar.calendar_bo.infolog_set'; $setup_info['calendar']['hooks']['export_limit'] = 'calendar_hooks::getAppExportLimit'; +$setup_info['calendar']['hooks']['acl_rights'] = 'calendar_hooks::acl_rights'; /* Dependencies for this app to work */ $setup_info['calendar']['depends'][] = array( diff --git a/infolog/inc/class.infolog_hooks.inc.php b/infolog/inc/class.infolog_hooks.inc.php index 123a99968f..30b790629a 100644 --- a/infolog/inc/class.infolog_hooks.inc.php +++ b/infolog/inc/class.infolog_hooks.inc.php @@ -5,7 +5,7 @@ * @link http://www.egroupware.org * @author Ralf Becker * @package infolog - * @copyright (c) 2003-12 by Ralf Becker + * @copyright (c) 2003-13 by Ralf Becker * @license http://opensource.org/licenses/gpl-license.php GPL - GNU General Public License * @version $Id$ */ @@ -557,4 +557,21 @@ class infolog_hooks } } } + + /** + * ACL rights and labels used + * + * @param string|array string with location or array with parameters incl. "location", specially "owner" for selected acl owner + * @return array acl::(READ|ADD|EDIT|DELETE|PRIVAT|CUSTOM(1|2|3)) => $label pairs + */ + public static function acl_rights($params) + { + return array( + acl::READ => 'read', + acl::ADD => 'add', + acl::EDIT => 'edit', + acl::DELETE => 'delete', + acl::PRIVAT => 'private', + ); + } } diff --git a/infolog/setup/setup.inc.php b/infolog/setup/setup.inc.php index 4dc29b0b35..6bea665cab 100755 --- a/infolog/setup/setup.inc.php +++ b/infolog/setup/setup.inc.php @@ -6,7 +6,7 @@ * @author Ralf Becker * @package infolog * @subpackage setup - * @copyright (c) 2003-11 by Ralf Becker + * @copyright (c) 2003-13 by Ralf Becker * @license http://opensource.org/licenses/gpl-license.php GPL - GNU General Public License * @version $Id$ */ @@ -50,6 +50,7 @@ $setup_info['infolog']['hooks']['settings'] = 'infolog_hooks::settings'; $setup_info['infolog']['hooks']['verify_settings'] = 'infolog_hooks::verify_settings'; $setup_info['infolog']['hooks']['admin'] = 'infolog_hooks::all_hooks'; $setup_info['infolog']['hooks']['not_enum_group_acls'] = 'infolog_hooks::not_enum_group_acls'; +$setup_info['infolog']['hooks']['acl_rights'] = 'infolog_hooks::acl_rights'; $setup_info['infolog']['hooks']['deleteaccount'] = 'infolog.infolog_so.change_delete_owner'; $setup_info['infolog']['hooks'][] = 'home'; $setup_info['infolog']['hooks']['addressbook_view'] = 'infolog.infolog_ui.hook_view'; diff --git a/phpgwapi/templates/default/images/lock.png b/phpgwapi/templates/default/images/lock.png new file mode 100644 index 0000000000000000000000000000000000000000..b3381c7d0f08f86a17b780e844954195845a0506 GIT binary patch literal 566 zcmV-60?GY}P)0ON<} z21ly?-8&KsFWa< z?Jrmb$qGm#a%lpUA|!(RWv9T=zDW~Ii(G+$Jt4#fLI;3|1qv;n7*?K<>-!Vv2z)Gr z1^^or0w`H2E!5862Y+bvm$M*si-07*qoM6N<$ Eg6B~6a{vGU literal 0 HcmV?d00001 diff --git a/timesheet/inc/class.timesheet_hooks.inc.php b/timesheet/inc/class.timesheet_hooks.inc.php index acab8d10f8..9e6717881e 100644 --- a/timesheet/inc/class.timesheet_hooks.inc.php +++ b/timesheet/inc/class.timesheet_hooks.inc.php @@ -5,7 +5,7 @@ * @link http://www.egroupware.org * @author Ralf Becker * @package timesheet - * @copyright (c) 2005-11 by Ralf Becker + * @copyright (c) 2005-13 by Ralf Becker * @license http://opensource.org/licenses/gpl-license.php GPL - GNU General Public License * @version $Id$ */ @@ -242,4 +242,18 @@ class timesheet_hooks return $settings; } + + /** + * ACL rights and labels used by Calendar + * + * @param string|array string with location or array with parameters incl. "location", specially "owner" for selected acl owner + */ + public static function acl_rights($params) + { + return array( + acl::READ => 'read', + acl::EDIT => 'edit', + acl::DELETE => 'delete', + ); + } } diff --git a/timesheet/setup/setup.inc.php b/timesheet/setup/setup.inc.php index f0843c9caf..44c5a9bc62 100644 --- a/timesheet/setup/setup.inc.php +++ b/timesheet/setup/setup.inc.php @@ -45,6 +45,7 @@ $setup_info[TIMESHEET_APP]['hooks']['sidebox_menu'] = 'timesheet_hooks::all_hook $setup_info[TIMESHEET_APP]['hooks']['search_link'] = 'timesheet_hooks::search_link'; $setup_info[TIMESHEET_APP]['hooks']['pm_cumulate'] = 'timesheet_hooks::cumulate'; $setup_info[TIMESHEET_APP]['hooks']['deleteaccount'] = 'timesheet.timesheet_bo.deleteaccount'; +$setup_info[TIMESHEET_APP]['hooks']['acl_rights'] = 'timesheet_hooks::acl_rights'; /* Dependencies for this app to work */ $setup_info[TIMESHEET_APP]['depends'][] = array(