mirror of
https://github.com/EGroupware/egroupware.git
synced 2024-11-22 16:03:47 +01:00
- Groups and accounts now fully check ACL rights for each section
- Admins can only grant as much access as they already have - Removed Header() calls and replaced them with direct ui calls
This commit is contained in:
jengo
parent
276153be84
commit
32a1526890
@ -13,6 +13,8 @@
|
||||
|
||||
class boaccounts
|
||||
{
|
||||
var $ui;
|
||||
var $so;
|
||||
var $public_functions = array(
|
||||
'add_group' => True,
|
||||
'add_user' => True,
|
||||
@ -22,11 +24,16 @@
|
||||
'edit_user' => True
|
||||
);
|
||||
|
||||
var $so;
|
||||
|
||||
function boaccounts()
|
||||
function boaccounts($dont_load_ui = False)
|
||||
{
|
||||
$this->so = createobject('admin.soaccounts');
|
||||
|
||||
// This is to prevent an infinite loop which ends up segfaulting PHP and will drive
|
||||
// you crazy for hours tring to track it down. (jengo)
|
||||
if (! $dont_load_ui)
|
||||
{
|
||||
$this->ui = createobject('admin.uiaccounts');
|
||||
}
|
||||
}
|
||||
|
||||
function account_total($account_type,$query='')
|
||||
@ -36,10 +43,10 @@
|
||||
|
||||
function delete_group()
|
||||
{
|
||||
if (!@isset($GLOBALS['HTTP_POST_VARS']['account_id']) || !@$GLOBALS['HTTP_POST_VARS']['account_id'])
|
||||
if (!@isset($GLOBALS['HTTP_POST_VARS']['account_id']) || !@$GLOBALS['HTTP_POST_VARS']['account_id'] || $GLOBALS['phpgw']->acl->check('group_access',32,'admin'))
|
||||
{
|
||||
Header('Location: ' . $GLOBALS['phpgw']->link('/index.php','menuaction=admin.uiaccounts.list_groups'));
|
||||
$GLOBALS['phpgw']->common->phpgw_exit();
|
||||
$this->ui->list_groups();
|
||||
return False;
|
||||
}
|
||||
|
||||
$account_id = intval($GLOBALS['HTTP_POST_VARS']['account_id']);
|
||||
@ -74,23 +81,17 @@
|
||||
|
||||
$GLOBALS['phpgw']->db->unlock();
|
||||
|
||||
Header('Location: ' . $GLOBALS['phpgw']->link('/index.php',
|
||||
Array(
|
||||
'menuaction' => 'admin.uiaccounts.list_groups',
|
||||
'cd' => $cd
|
||||
)
|
||||
)
|
||||
);
|
||||
$GLOBALS['phpgw']->common->phpgw_exit();
|
||||
$this->ui->list_accounts();
|
||||
return False;
|
||||
|
||||
}
|
||||
|
||||
function delete_user()
|
||||
{
|
||||
if(isset($GLOBALS['HTTP_POST_VARS']['cancel']))
|
||||
if (isset($GLOBALS['HTTP_POST_VARS']['cancel']) || $GLOBALS['phpgw']->acl->check('account_access',32,'admin'))
|
||||
{
|
||||
Header('Location: '.$GLOBALS['phpgw']->link('/index.php','menuaction=admin.uiaccounts.list_users'));
|
||||
$GLOBALS['phpgw']->common->phpgw_exit();
|
||||
|
||||
$this->ui->list_users();
|
||||
return False;
|
||||
}
|
||||
elseif($GLOBALS['HTTP_POST_VARS']['delete_account'])
|
||||
{
|
||||
@ -127,19 +128,19 @@
|
||||
$cd = 29;
|
||||
}
|
||||
|
||||
Header('Location: ' . $GLOBALS['phpgw']->link('/index.php',
|
||||
Array(
|
||||
'menuaction' => 'admin.uiaccounts.list_users',
|
||||
'cd' => $cd
|
||||
)
|
||||
)
|
||||
);
|
||||
$GLOBALS['phpgw']->common->phpgw_exit();
|
||||
$this->ui->list_users();
|
||||
return False;
|
||||
}
|
||||
}
|
||||
|
||||
function add_group()
|
||||
{
|
||||
if ($GLOBALS['phpgw']->acl->check('group_access',4,'admin'))
|
||||
{
|
||||
$this->ui->list_groups();
|
||||
return False;
|
||||
}
|
||||
|
||||
$temp_users = ($GLOBALS['HTTP_POST_VARS']['account_user']?$GLOBALS['HTTP_POST_VARS']['account_user']:Array());
|
||||
$account_user = Array();
|
||||
@reset($temp_users);
|
||||
@ -250,18 +251,18 @@
|
||||
|
||||
$GLOBALS['phpgw']->db->unlock();
|
||||
|
||||
Header('Location: ' . $GLOBALS['phpgw']->link('/index.php',
|
||||
Array(
|
||||
'menuaction' => 'admin.uiaccounts.list_groups',
|
||||
'cd' => $cd
|
||||
)
|
||||
)
|
||||
);
|
||||
$GLOBALS['phpgw']->common->phpgw_exit();
|
||||
$this->ui->list_groups();
|
||||
return False;
|
||||
}
|
||||
|
||||
function add_user()
|
||||
{
|
||||
if ($GLOBALS['phpgw']->acl->check('account_access',4,'admin'))
|
||||
{
|
||||
$this->ui->list_users();
|
||||
return False;
|
||||
}
|
||||
|
||||
if ($GLOBALS['HTTP_POST_VARS']['submit'])
|
||||
{
|
||||
$userData = array(
|
||||
@ -386,14 +387,8 @@
|
||||
$GLOBALS['phpgw']->common->hook_single('add_user_data', $value);
|
||||
}
|
||||
*/
|
||||
Header('Location: ' . $GLOBALS['phpgw']->link('/index.php',
|
||||
Array(
|
||||
'menuaction' => 'admin.uiaccounts.list_users',
|
||||
'cd' => $cd
|
||||
)
|
||||
)
|
||||
);
|
||||
$GLOBALS['phpgw']->common->phpgw_exit();
|
||||
$this->ui->list_users();
|
||||
return False;
|
||||
}
|
||||
else
|
||||
{
|
||||
@ -403,13 +398,19 @@
|
||||
}
|
||||
else
|
||||
{
|
||||
Header('Location: '.$GLOBALS['phpgw']->link('/index.php','menuaction=admin.uiaccounts.list_users'));
|
||||
$GLOBALS['phpgw']->common->phpgw_exit();
|
||||
$this->ui->list_users();
|
||||
return False;
|
||||
}
|
||||
}
|
||||
|
||||
function edit_group()
|
||||
{
|
||||
if ($GLOBALS['phpgw']->acl->check('group_access',16,'admin'))
|
||||
{
|
||||
$this->ui->list_groups();
|
||||
return False;
|
||||
}
|
||||
|
||||
$temp_users = ($GLOBALS['HTTP_POST_VARS']['account_user']?$GLOBALS['HTTP_POST_VARS']['account_user']:Array());
|
||||
$account_user = Array();
|
||||
@reset($temp_users);
|
||||
@ -566,18 +567,18 @@
|
||||
|
||||
$GLOBALS['phpgw']->db->unlock();
|
||||
|
||||
Header('Location: ' . $GLOBALS['phpgw']->link('/index.php',
|
||||
Array(
|
||||
'menuaction' => 'admin.uiaccounts.list_groups',
|
||||
'cd' => $cd
|
||||
)
|
||||
)
|
||||
);
|
||||
$GLOBALS['phpgw']->common->phpgw_exit();
|
||||
$this->ui->list_groups();
|
||||
return False;
|
||||
}
|
||||
|
||||
function edit_user()
|
||||
{
|
||||
if ($GLOBALS['phpgw']->acl->check('account_access',16,'admin'))
|
||||
{
|
||||
$this->ui->list_users();
|
||||
return False;
|
||||
}
|
||||
|
||||
if ($GLOBALS['HTTP_POST_VARS']['submit'])
|
||||
{
|
||||
$userData = array(
|
||||
@ -608,31 +609,19 @@
|
||||
$menuClass = CreateObject('admin.uimenuclass');
|
||||
if (!$menuClass->createHTMLCode('edit_user'))
|
||||
{
|
||||
Header('Location: ' . $GLOBALS['phpgw']->link('/index.php',
|
||||
Array(
|
||||
'menuaction' => 'admin.uiaccounts.list_users',
|
||||
'cd' => $cd
|
||||
)
|
||||
)
|
||||
);
|
||||
$GLOBALS['phpgw']->common->phpgw_exit();
|
||||
$this->ui->list_users();
|
||||
return False;
|
||||
}
|
||||
else
|
||||
{
|
||||
$linkdata = Array(
|
||||
'menuaction' => 'admin.uiaccounts.edit_user',
|
||||
'cd' => $cd,
|
||||
'account_id' => $GLOBALS['HTTP_GET_VARS']['account_id']
|
||||
);
|
||||
Header('Location: ' . $GLOBALS['phpgw']->link('/index.php', $linkdata));
|
||||
|
||||
$GLOBALS['phpgw']->common->phpgw_exit();
|
||||
$this->ui->edit_user($GLOBALS['HTTP_GET_VARS']['account_id']);
|
||||
return False;
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
$ui = createobject('admin.uiaccounts');
|
||||
$ui->create_edit_user($userData['account_id'],$userData,$errors);
|
||||
// $ui = createobject('admin.uiaccounts');
|
||||
$this->ui->create_edit_user($userData['account_id'],$userData,$errors);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -31,7 +31,7 @@
|
||||
|
||||
function uiaccounts()
|
||||
{
|
||||
$this->bo = createobject('admin.boaccounts');
|
||||
$this->bo = createobject('admin.boaccounts',True);
|
||||
$this->nextmatchs = createobject('phpgwapi.nextmatchs');
|
||||
}
|
||||
|
||||
@ -45,6 +45,10 @@
|
||||
|
||||
function list_groups()
|
||||
{
|
||||
if ($GLOBALS['phpgw']->acl->check('group_access',1,'admin'))
|
||||
{
|
||||
$GLOBALS['phpgw']->redirect($GLOBALS['phpgw']->link('/admin/index.php'));
|
||||
}
|
||||
|
||||
$GLOBALS['cd'] = ($GLOBALS['HTTP_GET_VARS']['cd']?$GLOBALS['HTTP_GET_VARS']['cd']:0);
|
||||
|
||||
@ -62,7 +66,16 @@
|
||||
$p->set_block('groups','row','row');
|
||||
$p->set_block('groups','row_empty','row_empty');
|
||||
|
||||
$total = $this->bo->account_total('g',$query);
|
||||
if ($GLOBALS['phpgw']->acl->check('group_access',2,'admin'))
|
||||
{
|
||||
$total = $this->bo->account_total('g');
|
||||
$account_info = $GLOBALS['phpgw']->accounts->get_list('groups',$start,$sort, $order, '', $total);
|
||||
}
|
||||
else
|
||||
{
|
||||
$total = $this->bo->account_total('g',$query);
|
||||
$account_info = $GLOBALS['phpgw']->accounts->get_list('groups',$start,$sort, $order, $query, $total);
|
||||
}
|
||||
|
||||
$url = $GLOBALS['phpgw']->link('/index.php');
|
||||
|
||||
@ -76,8 +89,6 @@
|
||||
'header_delete' => lang('Delete')
|
||||
);
|
||||
$p->set_var($var);
|
||||
|
||||
$account_info = $GLOBALS['phpgw']->accounts->get_list('groups',$start,$sort, $order, $query, $total);
|
||||
|
||||
if (!count($account_info))
|
||||
{
|
||||
@ -86,28 +97,70 @@
|
||||
}
|
||||
else
|
||||
{
|
||||
if (! $GLOBALS['phpgw']->acl->check('group_access',8,'admin'))
|
||||
{
|
||||
$can_view = True;
|
||||
}
|
||||
|
||||
if (! $GLOBALS['phpgw']->acl->check('group_access',16,'admin'))
|
||||
{
|
||||
$can_edit = True;
|
||||
}
|
||||
|
||||
if (! $GLOBALS['phpgw']->acl->check('group_access',32,'admin'))
|
||||
{
|
||||
$can_delete = True;
|
||||
}
|
||||
|
||||
while (list($null,$account) = each($account_info))
|
||||
{
|
||||
$tr_color = $this->nextmatchs->alternate_row_color($tr_color);
|
||||
$var = Array(
|
||||
'tr_color' => $tr_color,
|
||||
'group_name' => (!$account['account_lid']?' ':$account['account_lid']),
|
||||
'edit_link' => $this->row_action('edit','group',$account['account_id']),
|
||||
'delete_link' => $this->row_action('delete','group',$account['account_id'])
|
||||
);
|
||||
$p->set_var($var);
|
||||
$p->parse('rows','row',True);
|
||||
|
||||
if ($can_edit)
|
||||
{
|
||||
$p->set_var('edit_link',$this->row_action('edit','group',$account['account_id']));
|
||||
}
|
||||
else
|
||||
{
|
||||
$p->set_var('edit_link',' ');
|
||||
}
|
||||
|
||||
if ($can_delete)
|
||||
{
|
||||
$p->set_var('delete_link',$this->row_action('delete','group',$account['account_id']));
|
||||
}
|
||||
else
|
||||
{
|
||||
$p->set_var('delete_link',' ');
|
||||
}
|
||||
|
||||
$p->fp('rows','row',True);
|
||||
|
||||
}
|
||||
}
|
||||
$var = Array(
|
||||
'new_action' => $GLOBALS['phpgw']->link('/index.php','menuaction=admin.uiaccounts.add_group'),
|
||||
'lang_add' => lang('add'),
|
||||
'search_action' => $GLOBALS['phpgw']->link('/index.php','menuaction=admin.uiaccounts.list_groups'),
|
||||
'lang_search' => lang('search')
|
||||
);
|
||||
$p->set_var($var);
|
||||
$p->pparse('out','list');
|
||||
|
||||
if (! $GLOBALS['phpgw']->acl->check('group_access',4,'admin'))
|
||||
{
|
||||
$p->set_var('input_add','<input type="submit" value="' . lang('Add') . '">');
|
||||
}
|
||||
|
||||
if (! $GLOBALS['phpgw']->acl->check('group_access',2,'admin'))
|
||||
{
|
||||
$p->set_var('input_search',lang('Search') . ' <input name="query">');
|
||||
}
|
||||
|
||||
$p->pfp('out','list');
|
||||
}
|
||||
|
||||
function list_users($param_cd='')
|
||||
@ -137,7 +190,16 @@
|
||||
$p->set_block('accounts','row','row');
|
||||
$p->set_block('accounts','row_empty','row_empty');
|
||||
|
||||
$total = $this->bo->account_total('u',$query);
|
||||
if ($GLOBALS['phpgw']->acl->check('account_access',2,'admin'))
|
||||
{
|
||||
$total = $this->bo->account_total('u');
|
||||
$account_info = $GLOBALS['phpgw']->accounts->get_list('accounts',$start,$sort,$order,'');
|
||||
}
|
||||
else
|
||||
{
|
||||
$total = $this->bo->account_total('u',$query);
|
||||
$account_info = $GLOBALS['phpgw']->accounts->get_list('accounts',$start,$sort,$order,$query);
|
||||
}
|
||||
|
||||
$url = $GLOBALS['phpgw']->link('/index.php');
|
||||
|
||||
@ -169,8 +231,6 @@
|
||||
$p->set_var('input_search',lang('Search') . ' <input name="query">');
|
||||
}
|
||||
|
||||
$account_info = $GLOBALS['phpgw']->accounts->get_list('accounts',$start,$sort,$order,$query);
|
||||
|
||||
if (! count($account_info))
|
||||
{
|
||||
$p->set_var('message',lang('No matchs found'));
|
||||
@ -238,6 +298,12 @@
|
||||
|
||||
function add_group()
|
||||
{
|
||||
if ($GLOBALS['phpgw']->acl->check('group_access',4,'admin'))
|
||||
{
|
||||
$this->list_groups();
|
||||
return False;
|
||||
}
|
||||
|
||||
$group_info = Array(
|
||||
'account_id' => $GLOBALS['HTTP_GET_VARS']['account_id'],
|
||||
'account_name' => '',
|
||||
@ -261,9 +327,10 @@
|
||||
|
||||
function delete_group()
|
||||
{
|
||||
if (!@isset($GLOBALS['HTTP_GET_VARS']['account_id']) || !@$GLOBALS['HTTP_GET_VARS']['account_id'])
|
||||
if (!@isset($GLOBALS['HTTP_GET_VARS']['account_id']) || !@$GLOBALS['HTTP_GET_VARS']['account_id'] || $GLOBALS['phpgw']->acl->check('group_access',32,'admin'))
|
||||
{
|
||||
Header('Location: ' . $GLOBALS['phpgw']->link('/index.php','menuaction=admin.uiaccounts.list_groups'));
|
||||
$this->list_groups();
|
||||
return False;
|
||||
}
|
||||
|
||||
unset($GLOBALS['phpgw_info']['flags']['noheader']);
|
||||
@ -377,6 +444,12 @@
|
||||
|
||||
function edit_group($cd='',$account_id='')
|
||||
{
|
||||
if ($GLOBALS['phpgw']->acl->check('group_access',16,'admin'))
|
||||
{
|
||||
$this->list_groups();
|
||||
return False;
|
||||
}
|
||||
|
||||
$cdid = $cd;
|
||||
settype($cd,'integer');
|
||||
$cd = ($GLOBALS['HTTP_GET_VARS']['cd']?$GLOBALS['HTTP_GET_VARS']['cd']:intval($cdid));
|
||||
@ -386,10 +459,10 @@
|
||||
$account_id = ($GLOBALS['HTTP_GET_VARS']['account_id']?$GLOBALS['HTTP_GET_VARS']['account_id']:intval($accountid));
|
||||
|
||||
// todo
|
||||
// not needed if i use the same file for new users too
|
||||
if (!$account_id)
|
||||
// not needed if i use the same file for new groups too
|
||||
if (! $account_id)
|
||||
{
|
||||
Header('Location: ' . $GLOBALS['phpgw']->link('/index.php','menuaction=admin.uiaccounts.list_groups'));
|
||||
$this->list_groups();
|
||||
}
|
||||
else
|
||||
{
|
||||
|
||||
@ -51,7 +51,6 @@
|
||||
|
||||
while (is_array($GLOBALS['acl_manager']) && list($app,$locations) = each($GLOBALS['acl_manager']))
|
||||
{
|
||||
|
||||
$icon = $GLOBALS['phpgw']->common->image($app,array('navbar.gif',$app.'.gif'));
|
||||
$this->template->set_var('icon_backcolor',$GLOBALS['phpgw_info']['theme']['row_off']);
|
||||
$this->template->set_var('link_backcolor',$GLOBALS['phpgw_info']['theme']['row_off']);
|
||||
@ -68,32 +67,29 @@
|
||||
$this->template->fp('rows','app_row_noicon',True);
|
||||
}
|
||||
|
||||
if (is_array($locations['deny']))
|
||||
{
|
||||
$link_values = array(
|
||||
'menuaction' => 'admin.uiaclmanager.access_form',
|
||||
'location' => urlencode(base64_encode('deny')),
|
||||
'acl_app' => $app,
|
||||
'account_id' => $GLOBALS['account_id']
|
||||
);
|
||||
|
||||
$this->template->set_var('link_location',$GLOBALS['phpgw']->link('/index.php',$link_values));
|
||||
$this->template->set_var('lang_location',lang('Deny access'));
|
||||
$this->template->fp('rows','link_row',True);
|
||||
}
|
||||
|
||||
while (is_array($locations) && list($loc,$value) = each($locations))
|
||||
{
|
||||
$link_values = array(
|
||||
'menuaction' => 'admin.uiaclmanager.access_form',
|
||||
'location' => urlencode(base64_encode($loc)),
|
||||
'acl_app' => $app,
|
||||
'account_id' => $GLOBALS['account_id']
|
||||
);
|
||||
$total_rights = 0;
|
||||
while (list($k,$v) = each($value['rights']))
|
||||
{
|
||||
$total_rights += $v;
|
||||
}
|
||||
reset($value['rights']);
|
||||
|
||||
$this->template->set_var('link_location',$GLOBALS['phpgw']->link('/index.php',$link_values));
|
||||
$this->template->set_var('lang_location',lang($value['name']));
|
||||
$this->template->fp('rows','link_row',True);
|
||||
// If all of there rights are denied, then they shouldn't even see the option
|
||||
if ($total_rights != $GLOBALS['phpgw']->acl->get_rights($loc,$app))
|
||||
{
|
||||
$link_values = array(
|
||||
'menuaction' => 'admin.uiaclmanager.access_form',
|
||||
'location' => urlencode(base64_encode($loc)),
|
||||
'acl_app' => $app,
|
||||
'account_id' => $GLOBALS['account_id']
|
||||
);
|
||||
|
||||
$this->template->set_var('link_location',$GLOBALS['phpgw']->link('/index.php',$link_values));
|
||||
$this->template->set_var('lang_location',lang($value['name']));
|
||||
$this->template->fp('rows','link_row',True);
|
||||
}
|
||||
}
|
||||
|
||||
$this->template->parse('rows','spacer_row',True);
|
||||
@ -124,23 +120,29 @@
|
||||
);
|
||||
|
||||
$acl = createobject('phpgwapi.acl',$GLOBALS['account_id']);
|
||||
$acl->read_repository();
|
||||
|
||||
$this->template->set_var('form_action',$GLOBALS['phpgw']->link('/index.php',$link_values));
|
||||
$this->template->set_var('lang_title',lang('ACL Manager'));
|
||||
|
||||
$total = 0;
|
||||
while (list($name,$value) = each($acl_manager['rights']))
|
||||
{
|
||||
$grants = $acl->get_rights($location,$GLOBALS['acl_app']);
|
||||
|
||||
$s .= '<option value="' . $value . '"';
|
||||
$s .= (($grants & $value)?' selected':'');
|
||||
$s .= '>' . lang($name) . '</option>';
|
||||
if (! $GLOBALS['phpgw']->acl->check($location,$value,$GLOBALS['acl_app']))
|
||||
{
|
||||
$s .= '<option value="' . $value . '"';
|
||||
$s .= (($grants & $value)?' selected':'');
|
||||
$s .= '>' . lang($name) . '</option>';
|
||||
$total++;
|
||||
}
|
||||
}
|
||||
|
||||
$size = 7;
|
||||
if (count($acl_manager['rights']) < 7)
|
||||
if ($total < 7)
|
||||
{
|
||||
$size = count($acl_manager['rights']);
|
||||
$size = $total;
|
||||
}
|
||||
$this->template->set_var('select_values','<select name="acl_rights[]" multiple size="' . $size . '">' . $s . '</select>');
|
||||
$this->template->set_var('lang_submit',lang('Submit'));
|
||||
|
||||
@ -37,7 +37,7 @@
|
||||
'Group list' => 1,
|
||||
'Search groups' => 2,
|
||||
'Add group' => 4,
|
||||
'View group' => 8,
|
||||
// 'View group' => 8, // Will be added in the future
|
||||
'Edit group' => 16,
|
||||
'Delete group' => 32
|
||||
)
|
||||
|
||||
@ -23,12 +23,12 @@
|
||||
<tr>
|
||||
<td align="left">
|
||||
<form method="POST" action="{new_action}">
|
||||
<input type="submit" value="{lang_add}">
|
||||
{input_add}
|
||||
</form>
|
||||
</td>
|
||||
<td align="right">{lang_search}
|
||||
<td align="right">
|
||||
<form method="POST" action="{search_action}">
|
||||
<input name="query">
|
||||
{input_search}
|
||||
</form>
|
||||
</td>
|
||||
</tr>
|
||||
|
||||
Loading…
Reference in New Issue
Block a user