mirror of
https://github.com/EGroupware/egroupware.git
synced 2024-12-22 06:30:59 +01:00
Run ACL changes through an admin_cmd
This commit is contained in:
parent
be34f95723
commit
63fddef20b
@ -336,9 +336,10 @@ class admin_acl
|
||||
*
|
||||
* @param string|array $ids "$app:$account:$location" string used as row-id in list
|
||||
* @param int $rights =null null to delete, or new rights
|
||||
* @param Array $values =array() Additional values from UI
|
||||
* @throws Api\Exception\NoPermission
|
||||
*/
|
||||
public static function ajax_change_acl($ids, $rights=null)
|
||||
public static function ajax_change_acl($ids, $rights=null, $values = array())
|
||||
{
|
||||
try {
|
||||
foreach((array)$ids as $id)
|
||||
@ -349,13 +350,23 @@ class admin_acl
|
||||
|
||||
$acl = $GLOBALS['egw']->acl;
|
||||
|
||||
if (!(int)$rights) // this also handles taking away all rights as delete
|
||||
$right_list = Api\Hooks::single(array('location' => 'acl_rights'), $app);
|
||||
$current = (int)$acl->get_specific_rights_for_account($account_id,$location,$app);
|
||||
foreach($right_list as $right => $name)
|
||||
{
|
||||
$acl->delete_repository($app, $location, $account_id);
|
||||
}
|
||||
else
|
||||
{
|
||||
$acl->add_repository($app, $location, $account_id, $rights);
|
||||
$have_it = !!($current & $right);
|
||||
$set_it = !!($rights & $right);
|
||||
if($have_it == $set_it) continue;
|
||||
$data = array(
|
||||
'allow' => $set_it,
|
||||
'account' => $account_id,
|
||||
'app' => $app,
|
||||
'location' => $location,
|
||||
'rights' => (int)$right
|
||||
// This is the documentation from policy app
|
||||
)+(array)$values['admin_cmd'];
|
||||
$cmd = new admin_cmd_acl($data);
|
||||
$cmd->run();
|
||||
}
|
||||
}
|
||||
if (!(int)$rights)
|
||||
@ -428,7 +439,7 @@ class admin_acl
|
||||
// Set this so if loaded via preferences, js is still properly
|
||||
// loaded into global app.admin
|
||||
$GLOBALS['egw_info']['flags']['currentapp'] = 'admin';
|
||||
|
||||
|
||||
$tpl->exec('admin.admin_acl.index', $content, $sel_options, array(), array(), 2);
|
||||
}
|
||||
|
||||
|
117
admin/inc/class.admin_cmd_acl.inc.php
Normal file
117
admin/inc/class.admin_cmd_acl.inc.php
Normal file
@ -0,0 +1,117 @@
|
||||
<?php
|
||||
/**
|
||||
* EGroupware admin - admin command: give or remove run rights from a given account and application
|
||||
*
|
||||
* @link http://www.egroupware.org
|
||||
* @author Ralf Becker <RalfBecker-AT-outdoor-training.de>
|
||||
* @package admin
|
||||
* @copyright (c) 2007-16 by Ralf Becker <RalfBecker-AT-outdoor-training.de>
|
||||
* @license http://opensource.org/licenses/gpl-license.php GPL - GNU General Public License
|
||||
* @version $Id$
|
||||
*/
|
||||
|
||||
use EGroupware\Api;
|
||||
|
||||
/**
|
||||
* admin command: give or remove run rights from a given account and application
|
||||
*/
|
||||
class admin_cmd_acl extends admin_cmd
|
||||
{
|
||||
/**
|
||||
* Constructor
|
||||
*
|
||||
* @param boolean|array $allow true=give rights, false=remove rights, or array with all params
|
||||
* @param string|int $account =null account name or id
|
||||
* @param array|string $app =null app-name
|
||||
* @param string $location =null ACL location. Usually a user or group ID, but may also be any app-specific string
|
||||
* @param int $rights =null ACL rights. See Api\ACL.
|
||||
*/
|
||||
function __construct($allow,$account=null,$app=null,$location=null,$rights=null)
|
||||
{
|
||||
if (!is_array($allow))
|
||||
{
|
||||
$allow = array(
|
||||
'allow' => $allow,
|
||||
'account' => $account,
|
||||
'app' => $app,
|
||||
'location' => $location,
|
||||
'rights' => (int)$rights
|
||||
);
|
||||
}
|
||||
|
||||
// Make sure we only deal with real add/remove changes
|
||||
|
||||
admin_cmd::__construct($allow);
|
||||
}
|
||||
|
||||
/**
|
||||
* give or remove run rights from a given account and application
|
||||
*
|
||||
* @param boolean $check_only =false only run the checks (and throw the exceptions), but not the command itself
|
||||
* @return string success message
|
||||
* @throws Api\Exception\NoPermission\Admin
|
||||
* @throws Api\Exception\WrongUserinput(lang("Unknown account: %1 !!!",$this->account),15);
|
||||
* @throws Api\Exception\WrongUserinput(lang("Application '%1' not found (maybe not installed or misspelled)!",$name),8);
|
||||
*/
|
||||
protected function exec($check_only=false)
|
||||
{
|
||||
$account_id = admin_cmd::parse_account($this->account);
|
||||
|
||||
|
||||
list($app) = admin_cmd::parse_apps(array($this->app));
|
||||
$location = $this->location;
|
||||
$rights = (int)$this->rights;
|
||||
|
||||
|
||||
$old_rights = (int)$GLOBALS['egw']->acl->get_specific_rights_for_account($account_id, $location, $app);
|
||||
$new_rights = $old_rights + (($this->allow ? 1 : -1) * $rights);
|
||||
|
||||
$this->set = $new_rights;
|
||||
$this->old = $old_rights;
|
||||
if ($check_only) return true;
|
||||
|
||||
//echo "account=$this->account, account_id=$account_id, apps: ".implode(', ',$apps)."\n";
|
||||
admin_cmd::_instanciate_acl($account_id);
|
||||
|
||||
if ($new_rights)
|
||||
{
|
||||
admin_cmd::$acl->add_repository($app,$location,$account_id,$new_rights);
|
||||
}
|
||||
else
|
||||
{
|
||||
admin_cmd::$acl->delete_repository($app,$location,$account_id);
|
||||
}
|
||||
return lang('Applications run rights updated.');
|
||||
}
|
||||
|
||||
/**
|
||||
* Return a title / string representation for a given command, eg. to display it
|
||||
*
|
||||
* @return string
|
||||
*/
|
||||
function __tostring()
|
||||
{
|
||||
$rights = $this->rights;
|
||||
$location = $this->location;
|
||||
|
||||
$names = Api\Hooks::single(array(
|
||||
'location' => 'acl_rights'
|
||||
), $this->app);
|
||||
if($names[$rights])
|
||||
{
|
||||
$rights = lang($names[$rights]);
|
||||
}
|
||||
|
||||
if(is_numeric($this->location))
|
||||
{
|
||||
$location = admin_cmd::display_account($this->location);
|
||||
}
|
||||
return lang('%1 %2 rights for %3 on %4 to %5',
|
||||
$this->allow ? lang('Grant') : lang('Remove'),
|
||||
$rights,
|
||||
admin_cmd::display_account($this->account),
|
||||
$this->app,
|
||||
$location
|
||||
);
|
||||
}
|
||||
}
|
@ -505,6 +505,7 @@ app.classes.admin = AppJS.extend(
|
||||
var className = app+'_acl';
|
||||
var acl_rights = {};
|
||||
var readonlys = {acl: {}};
|
||||
var modifications = {};
|
||||
|
||||
// Select options are already here, just pull them and pass along
|
||||
sel_options = et2.getArrayMgr('sel_options').data||{};
|
||||
@ -585,8 +586,7 @@ app.classes.admin = AppJS.extend(
|
||||
this.egw.link_title('api-accounts', content.acl_location, function(title) {sel_options.acl_location[content.acl_location] = title;});
|
||||
}
|
||||
|
||||
// Create the dialog
|
||||
this.acl_dialog = et2_createWidget("dialog", {
|
||||
var dialog_options = {
|
||||
callback: jQuery.proxy(function(_button_id, _value) {
|
||||
this.acl_dialog = null;
|
||||
if(_button_id != et2_dialog.OK_BUTTON) return;
|
||||
@ -649,7 +649,7 @@ app.classes.admin = AppJS.extend(
|
||||
.sendRequest();
|
||||
}
|
||||
}
|
||||
this.egw.json(className+'::ajax_change_acl', [id, rights], callback ? callback : this._acl_callback,this,false,this)
|
||||
this.egw.json(className+'::ajax_change_acl', [id, rights, _value], callback ? callback : this._acl_callback,this,false,this)
|
||||
.sendRequest();
|
||||
}
|
||||
},this),
|
||||
@ -658,10 +658,29 @@ app.classes.admin = AppJS.extend(
|
||||
value: {
|
||||
content: content,
|
||||
sel_options: sel_options,
|
||||
modifications: modifications,
|
||||
readonlys: readonlys
|
||||
},
|
||||
template: egw.webserverUrl+'/admin/templates/default/acl.edit.xet'
|
||||
}, et2_dialog._create_parent(app));
|
||||
};
|
||||
|
||||
// Handle policy documentation tab here
|
||||
if(this.egw.user('apps').policy)
|
||||
{
|
||||
dialog_options['width'] = 550;
|
||||
dialog_options['height'] = 350,
|
||||
modifications.tabs = {
|
||||
add_tabs: true,
|
||||
tabs: [{
|
||||
label: egw.lang('Documentation'),
|
||||
template: 'policy.admin_cmd',
|
||||
prepend: false
|
||||
}]
|
||||
};
|
||||
}
|
||||
|
||||
// Create the dialog
|
||||
this.acl_dialog = et2_createWidget("dialog", dialog_options, et2_dialog._create_parent(app));
|
||||
},
|
||||
|
||||
/**
|
||||
|
@ -2,7 +2,7 @@
|
||||
<!DOCTYPE overlay PUBLIC "-//EGroupware GmbH//eTemplate 2//EN" "http://www.egroupware.org/etemplate2.dtd">
|
||||
<!-- $Id$ -->
|
||||
<overlay>
|
||||
<template id="admin.acl.edit" template="" lang="" group="0" version="1.9.001">
|
||||
<template id="admin.acl.edit.acl" template="" lang="" group="0" version="1.9.001">
|
||||
<grid>
|
||||
<columns>
|
||||
<column/>
|
||||
@ -49,4 +49,14 @@
|
||||
</rows>
|
||||
</grid>
|
||||
</template>
|
||||
<template id="admin.acl.edit" template="" lang="" group="0" version="1.9.001">
|
||||
<tabbox id="tabs" class="et2_nowrap" span="all" width="100%" tab_height="250px">
|
||||
<tabs>
|
||||
<tab id="acl" label="Access" statustext="Access"/>
|
||||
</tabs>
|
||||
<tabpanels>
|
||||
<template id="admin.acl.edit.acl"/>
|
||||
</tabpanels>
|
||||
</tabbox>
|
||||
</template>
|
||||
</overlay>
|
||||
|
Loading…
Reference in New Issue
Block a user