- Groups and accounts now fully check ACL rights for each section

- Admins can only grant as much access as they already have
- Removed Header() calls and replaced them with direct ui calls
This commit is contained in:
jengo 2001-09-04 04:26:51 +00:00
parent 276153be84
commit 32a1526890
5 changed files with 184 additions and 120 deletions

View File

@ -13,6 +13,8 @@
class boaccounts
{
var $ui;
var $so;
var $public_functions = array(
'add_group' => True,
'add_user' => True,
@ -22,11 +24,16 @@
'edit_user' => True
);
var $so;
function boaccounts()
function boaccounts($dont_load_ui = False)
{
$this->so = createobject('admin.soaccounts');
// This is to prevent an infinite loop which ends up segfaulting PHP and will drive
// you crazy for hours tring to track it down. (jengo)
if (! $dont_load_ui)
{
$this->ui = createobject('admin.uiaccounts');
}
}
function account_total($account_type,$query='')
@ -36,10 +43,10 @@
function delete_group()
{
if (!@isset($GLOBALS['HTTP_POST_VARS']['account_id']) || !@$GLOBALS['HTTP_POST_VARS']['account_id'])
if (!@isset($GLOBALS['HTTP_POST_VARS']['account_id']) || !@$GLOBALS['HTTP_POST_VARS']['account_id'] || $GLOBALS['phpgw']->acl->check('group_access',32,'admin'))
{
Header('Location: ' . $GLOBALS['phpgw']->link('/index.php','menuaction=admin.uiaccounts.list_groups'));
$GLOBALS['phpgw']->common->phpgw_exit();
$this->ui->list_groups();
return False;
}
$account_id = intval($GLOBALS['HTTP_POST_VARS']['account_id']);
@ -74,23 +81,17 @@
$GLOBALS['phpgw']->db->unlock();
Header('Location: ' . $GLOBALS['phpgw']->link('/index.php',
Array(
'menuaction' => 'admin.uiaccounts.list_groups',
'cd' => $cd
)
)
);
$GLOBALS['phpgw']->common->phpgw_exit();
$this->ui->list_accounts();
return False;
}
function delete_user()
{
if(isset($GLOBALS['HTTP_POST_VARS']['cancel']))
if (isset($GLOBALS['HTTP_POST_VARS']['cancel']) || $GLOBALS['phpgw']->acl->check('account_access',32,'admin'))
{
Header('Location: '.$GLOBALS['phpgw']->link('/index.php','menuaction=admin.uiaccounts.list_users'));
$GLOBALS['phpgw']->common->phpgw_exit();
$this->ui->list_users();
return False;
}
elseif($GLOBALS['HTTP_POST_VARS']['delete_account'])
{
@ -127,19 +128,19 @@
$cd = 29;
}
Header('Location: ' . $GLOBALS['phpgw']->link('/index.php',
Array(
'menuaction' => 'admin.uiaccounts.list_users',
'cd' => $cd
)
)
);
$GLOBALS['phpgw']->common->phpgw_exit();
$this->ui->list_users();
return False;
}
}
function add_group()
{
if ($GLOBALS['phpgw']->acl->check('group_access',4,'admin'))
{
$this->ui->list_groups();
return False;
}
$temp_users = ($GLOBALS['HTTP_POST_VARS']['account_user']?$GLOBALS['HTTP_POST_VARS']['account_user']:Array());
$account_user = Array();
@reset($temp_users);
@ -250,18 +251,18 @@
$GLOBALS['phpgw']->db->unlock();
Header('Location: ' . $GLOBALS['phpgw']->link('/index.php',
Array(
'menuaction' => 'admin.uiaccounts.list_groups',
'cd' => $cd
)
)
);
$GLOBALS['phpgw']->common->phpgw_exit();
$this->ui->list_groups();
return False;
}
function add_user()
{
if ($GLOBALS['phpgw']->acl->check('account_access',4,'admin'))
{
$this->ui->list_users();
return False;
}
if ($GLOBALS['HTTP_POST_VARS']['submit'])
{
$userData = array(
@ -386,14 +387,8 @@
$GLOBALS['phpgw']->common->hook_single('add_user_data', $value);
}
*/
Header('Location: ' . $GLOBALS['phpgw']->link('/index.php',
Array(
'menuaction' => 'admin.uiaccounts.list_users',
'cd' => $cd
)
)
);
$GLOBALS['phpgw']->common->phpgw_exit();
$this->ui->list_users();
return False;
}
else
{
@ -403,13 +398,19 @@
}
else
{
Header('Location: '.$GLOBALS['phpgw']->link('/index.php','menuaction=admin.uiaccounts.list_users'));
$GLOBALS['phpgw']->common->phpgw_exit();
$this->ui->list_users();
return False;
}
}
function edit_group()
{
if ($GLOBALS['phpgw']->acl->check('group_access',16,'admin'))
{
$this->ui->list_groups();
return False;
}
$temp_users = ($GLOBALS['HTTP_POST_VARS']['account_user']?$GLOBALS['HTTP_POST_VARS']['account_user']:Array());
$account_user = Array();
@reset($temp_users);
@ -566,18 +567,18 @@
$GLOBALS['phpgw']->db->unlock();
Header('Location: ' . $GLOBALS['phpgw']->link('/index.php',
Array(
'menuaction' => 'admin.uiaccounts.list_groups',
'cd' => $cd
)
)
);
$GLOBALS['phpgw']->common->phpgw_exit();
$this->ui->list_groups();
return False;
}
function edit_user()
{
if ($GLOBALS['phpgw']->acl->check('account_access',16,'admin'))
{
$this->ui->list_users();
return False;
}
if ($GLOBALS['HTTP_POST_VARS']['submit'])
{
$userData = array(
@ -608,31 +609,19 @@
$menuClass = CreateObject('admin.uimenuclass');
if (!$menuClass->createHTMLCode('edit_user'))
{
Header('Location: ' . $GLOBALS['phpgw']->link('/index.php',
Array(
'menuaction' => 'admin.uiaccounts.list_users',
'cd' => $cd
)
)
);
$GLOBALS['phpgw']->common->phpgw_exit();
$this->ui->list_users();
return False;
}
else
{
$linkdata = Array(
'menuaction' => 'admin.uiaccounts.edit_user',
'cd' => $cd,
'account_id' => $GLOBALS['HTTP_GET_VARS']['account_id']
);
Header('Location: ' . $GLOBALS['phpgw']->link('/index.php', $linkdata));
$GLOBALS['phpgw']->common->phpgw_exit();
$this->ui->edit_user($GLOBALS['HTTP_GET_VARS']['account_id']);
return False;
}
}
else
{
$ui = createobject('admin.uiaccounts');
$ui->create_edit_user($userData['account_id'],$userData,$errors);
// $ui = createobject('admin.uiaccounts');
$this->ui->create_edit_user($userData['account_id'],$userData,$errors);
}
}
}

View File

@ -31,7 +31,7 @@
function uiaccounts()
{
$this->bo = createobject('admin.boaccounts');
$this->bo = createobject('admin.boaccounts',True);
$this->nextmatchs = createobject('phpgwapi.nextmatchs');
}
@ -45,6 +45,10 @@
function list_groups()
{
if ($GLOBALS['phpgw']->acl->check('group_access',1,'admin'))
{
$GLOBALS['phpgw']->redirect($GLOBALS['phpgw']->link('/admin/index.php'));
}
$GLOBALS['cd'] = ($GLOBALS['HTTP_GET_VARS']['cd']?$GLOBALS['HTTP_GET_VARS']['cd']:0);
@ -62,7 +66,16 @@
$p->set_block('groups','row','row');
$p->set_block('groups','row_empty','row_empty');
if ($GLOBALS['phpgw']->acl->check('group_access',2,'admin'))
{
$total = $this->bo->account_total('g');
$account_info = $GLOBALS['phpgw']->accounts->get_list('groups',$start,$sort, $order, '', $total);
}
else
{
$total = $this->bo->account_total('g',$query);
$account_info = $GLOBALS['phpgw']->accounts->get_list('groups',$start,$sort, $order, $query, $total);
}
$url = $GLOBALS['phpgw']->link('/index.php');
@ -77,8 +90,6 @@
);
$p->set_var($var);
$account_info = $GLOBALS['phpgw']->accounts->get_list('groups',$start,$sort, $order, $query, $total);
if (!count($account_info))
{
$p->set_var('message',lang('No matchs found'));
@ -86,28 +97,70 @@
}
else
{
if (! $GLOBALS['phpgw']->acl->check('group_access',8,'admin'))
{
$can_view = True;
}
if (! $GLOBALS['phpgw']->acl->check('group_access',16,'admin'))
{
$can_edit = True;
}
if (! $GLOBALS['phpgw']->acl->check('group_access',32,'admin'))
{
$can_delete = True;
}
while (list($null,$account) = each($account_info))
{
$tr_color = $this->nextmatchs->alternate_row_color($tr_color);
$var = Array(
'tr_color' => $tr_color,
'group_name' => (!$account['account_lid']?' ':$account['account_lid']),
'edit_link' => $this->row_action('edit','group',$account['account_id']),
'delete_link' => $this->row_action('delete','group',$account['account_id'])
);
$p->set_var($var);
$p->parse('rows','row',True);
if ($can_edit)
{
$p->set_var('edit_link',$this->row_action('edit','group',$account['account_id']));
}
else
{
$p->set_var('edit_link',' ');
}
if ($can_delete)
{
$p->set_var('delete_link',$this->row_action('delete','group',$account['account_id']));
}
else
{
$p->set_var('delete_link',' ');
}
$p->fp('rows','row',True);
}
}
$var = Array(
'new_action' => $GLOBALS['phpgw']->link('/index.php','menuaction=admin.uiaccounts.add_group'),
'lang_add' => lang('add'),
'search_action' => $GLOBALS['phpgw']->link('/index.php','menuaction=admin.uiaccounts.list_groups'),
'lang_search' => lang('search')
);
$p->set_var($var);
$p->pparse('out','list');
if (! $GLOBALS['phpgw']->acl->check('group_access',4,'admin'))
{
$p->set_var('input_add','<input type="submit" value="' . lang('Add') . '">');
}
if (! $GLOBALS['phpgw']->acl->check('group_access',2,'admin'))
{
$p->set_var('input_search',lang('Search') . '&nbsp;<input name="query">');
}
$p->pfp('out','list');
}
function list_users($param_cd='')
@ -137,7 +190,16 @@
$p->set_block('accounts','row','row');
$p->set_block('accounts','row_empty','row_empty');
if ($GLOBALS['phpgw']->acl->check('account_access',2,'admin'))
{
$total = $this->bo->account_total('u');
$account_info = $GLOBALS['phpgw']->accounts->get_list('accounts',$start,$sort,$order,'');
}
else
{
$total = $this->bo->account_total('u',$query);
$account_info = $GLOBALS['phpgw']->accounts->get_list('accounts',$start,$sort,$order,$query);
}
$url = $GLOBALS['phpgw']->link('/index.php');
@ -169,8 +231,6 @@
$p->set_var('input_search',lang('Search') . '&nbsp;<input name="query">');
}
$account_info = $GLOBALS['phpgw']->accounts->get_list('accounts',$start,$sort,$order,$query);
if (! count($account_info))
{
$p->set_var('message',lang('No matchs found'));
@ -238,6 +298,12 @@
function add_group()
{
if ($GLOBALS['phpgw']->acl->check('group_access',4,'admin'))
{
$this->list_groups();
return False;
}
$group_info = Array(
'account_id' => $GLOBALS['HTTP_GET_VARS']['account_id'],
'account_name' => '',
@ -261,9 +327,10 @@
function delete_group()
{
if (!@isset($GLOBALS['HTTP_GET_VARS']['account_id']) || !@$GLOBALS['HTTP_GET_VARS']['account_id'])
if (!@isset($GLOBALS['HTTP_GET_VARS']['account_id']) || !@$GLOBALS['HTTP_GET_VARS']['account_id'] || $GLOBALS['phpgw']->acl->check('group_access',32,'admin'))
{
Header('Location: ' . $GLOBALS['phpgw']->link('/index.php','menuaction=admin.uiaccounts.list_groups'));
$this->list_groups();
return False;
}
unset($GLOBALS['phpgw_info']['flags']['noheader']);
@ -377,6 +444,12 @@
function edit_group($cd='',$account_id='')
{
if ($GLOBALS['phpgw']->acl->check('group_access',16,'admin'))
{
$this->list_groups();
return False;
}
$cdid = $cd;
settype($cd,'integer');
$cd = ($GLOBALS['HTTP_GET_VARS']['cd']?$GLOBALS['HTTP_GET_VARS']['cd']:intval($cdid));
@ -386,10 +459,10 @@
$account_id = ($GLOBALS['HTTP_GET_VARS']['account_id']?$GLOBALS['HTTP_GET_VARS']['account_id']:intval($accountid));
// todo
// not needed if i use the same file for new users too
if (!$account_id)
// not needed if i use the same file for new groups too
if (! $account_id)
{
Header('Location: ' . $GLOBALS['phpgw']->link('/index.php','menuaction=admin.uiaccounts.list_groups'));
$this->list_groups();
}
else
{

View File

@ -51,7 +51,6 @@
while (is_array($GLOBALS['acl_manager']) && list($app,$locations) = each($GLOBALS['acl_manager']))
{
$icon = $GLOBALS['phpgw']->common->image($app,array('navbar.gif',$app.'.gif'));
$this->template->set_var('icon_backcolor',$GLOBALS['phpgw_info']['theme']['row_off']);
$this->template->set_var('link_backcolor',$GLOBALS['phpgw_info']['theme']['row_off']);
@ -68,21 +67,17 @@
$this->template->fp('rows','app_row_noicon',True);
}
if (is_array($locations['deny']))
{
$link_values = array(
'menuaction' => 'admin.uiaclmanager.access_form',
'location' => urlencode(base64_encode('deny')),
'acl_app' => $app,
'account_id' => $GLOBALS['account_id']
);
$this->template->set_var('link_location',$GLOBALS['phpgw']->link('/index.php',$link_values));
$this->template->set_var('lang_location',lang('Deny access'));
$this->template->fp('rows','link_row',True);
}
while (is_array($locations) && list($loc,$value) = each($locations))
{
$total_rights = 0;
while (list($k,$v) = each($value['rights']))
{
$total_rights += $v;
}
reset($value['rights']);
// If all of there rights are denied, then they shouldn't even see the option
if ($total_rights != $GLOBALS['phpgw']->acl->get_rights($loc,$app))
{
$link_values = array(
'menuaction' => 'admin.uiaclmanager.access_form',
@ -95,6 +90,7 @@
$this->template->set_var('lang_location',lang($value['name']));
$this->template->fp('rows','link_row',True);
}
}
$this->template->parse('rows','spacer_row',True);
}
@ -124,23 +120,29 @@
);
$acl = createobject('phpgwapi.acl',$GLOBALS['account_id']);
$acl->read_repository();
$this->template->set_var('form_action',$GLOBALS['phpgw']->link('/index.php',$link_values));
$this->template->set_var('lang_title',lang('ACL Manager'));
$total = 0;
while (list($name,$value) = each($acl_manager['rights']))
{
$grants = $acl->get_rights($location,$GLOBALS['acl_app']);
if (! $GLOBALS['phpgw']->acl->check($location,$value,$GLOBALS['acl_app']))
{
$s .= '<option value="' . $value . '"';
$s .= (($grants & $value)?' selected':'');
$s .= '>' . lang($name) . '</option>';
$total++;
}
}
$size = 7;
if (count($acl_manager['rights']) < 7)
if ($total < 7)
{
$size = count($acl_manager['rights']);
$size = $total;
}
$this->template->set_var('select_values','<select name="acl_rights[]" multiple size="' . $size . '">' . $s . '</select>');
$this->template->set_var('lang_submit',lang('Submit'));

View File

@ -37,7 +37,7 @@
'Group list' => 1,
'Search groups' => 2,
'Add group' => 4,
'View group' => 8,
// 'View group' => 8, // Will be added in the future
'Edit group' => 16,
'Delete group' => 32
)

View File

@ -23,12 +23,12 @@
<tr>
<td align="left">
<form method="POST" action="{new_action}">
<input type="submit" value="{lang_add}">
{input_add}
</form>
</td>
<td align="right">{lang_search}&nbsp;
<td align="right">
<form method="POST" action="{search_action}">
<input name="query">
{input_search}
</form>
</td>
</tr>