Run ACL changes through an admin_cmd

This commit is contained in:
nathangray 2018-08-23 16:17:23 -06:00
parent be34f95723
commit 63fddef20b
4 changed files with 170 additions and 13 deletions

View File

@ -336,9 +336,10 @@ class admin_acl
* *
* @param string|array $ids "$app:$account:$location" string used as row-id in list * @param string|array $ids "$app:$account:$location" string used as row-id in list
* @param int $rights =null null to delete, or new rights * @param int $rights =null null to delete, or new rights
* @param Array $values =array() Additional values from UI
* @throws Api\Exception\NoPermission * @throws Api\Exception\NoPermission
*/ */
public static function ajax_change_acl($ids, $rights=null) public static function ajax_change_acl($ids, $rights=null, $values = array())
{ {
try { try {
foreach((array)$ids as $id) foreach((array)$ids as $id)
@ -349,13 +350,23 @@ class admin_acl
$acl = $GLOBALS['egw']->acl; $acl = $GLOBALS['egw']->acl;
if (!(int)$rights) // this also handles taking away all rights as delete $right_list = Api\Hooks::single(array('location' => 'acl_rights'), $app);
$current = (int)$acl->get_specific_rights_for_account($account_id,$location,$app);
foreach($right_list as $right => $name)
{ {
$acl->delete_repository($app, $location, $account_id); $have_it = !!($current & $right);
} $set_it = !!($rights & $right);
else if($have_it == $set_it) continue;
{ $data = array(
$acl->add_repository($app, $location, $account_id, $rights); 'allow' => $set_it,
'account' => $account_id,
'app' => $app,
'location' => $location,
'rights' => (int)$right
// This is the documentation from policy app
)+(array)$values['admin_cmd'];
$cmd = new admin_cmd_acl($data);
$cmd->run();
} }
} }
if (!(int)$rights) if (!(int)$rights)

View File

@ -0,0 +1,117 @@
<?php
/**
* EGroupware admin - admin command: give or remove run rights from a given account and application
*
* @link http://www.egroupware.org
* @author Ralf Becker <RalfBecker-AT-outdoor-training.de>
* @package admin
* @copyright (c) 2007-16 by Ralf Becker <RalfBecker-AT-outdoor-training.de>
* @license http://opensource.org/licenses/gpl-license.php GPL - GNU General Public License
* @version $Id$
*/
use EGroupware\Api;
/**
* admin command: give or remove run rights from a given account and application
*/
class admin_cmd_acl extends admin_cmd
{
/**
* Constructor
*
* @param boolean|array $allow true=give rights, false=remove rights, or array with all params
* @param string|int $account =null account name or id
* @param array|string $app =null app-name
* @param string $location =null ACL location. Usually a user or group ID, but may also be any app-specific string
* @param int $rights =null ACL rights. See Api\ACL.
*/
function __construct($allow,$account=null,$app=null,$location=null,$rights=null)
{
if (!is_array($allow))
{
$allow = array(
'allow' => $allow,
'account' => $account,
'app' => $app,
'location' => $location,
'rights' => (int)$rights
);
}
// Make sure we only deal with real add/remove changes
admin_cmd::__construct($allow);
}
/**
* give or remove run rights from a given account and application
*
* @param boolean $check_only =false only run the checks (and throw the exceptions), but not the command itself
* @return string success message
* @throws Api\Exception\NoPermission\Admin
* @throws Api\Exception\WrongUserinput(lang("Unknown account: %1 !!!",$this->account),15);
* @throws Api\Exception\WrongUserinput(lang("Application '%1' not found (maybe not installed or misspelled)!",$name),8);
*/
protected function exec($check_only=false)
{
$account_id = admin_cmd::parse_account($this->account);
list($app) = admin_cmd::parse_apps(array($this->app));
$location = $this->location;
$rights = (int)$this->rights;
$old_rights = (int)$GLOBALS['egw']->acl->get_specific_rights_for_account($account_id, $location, $app);
$new_rights = $old_rights + (($this->allow ? 1 : -1) * $rights);
$this->set = $new_rights;
$this->old = $old_rights;
if ($check_only) return true;
//echo "account=$this->account, account_id=$account_id, apps: ".implode(', ',$apps)."\n";
admin_cmd::_instanciate_acl($account_id);
if ($new_rights)
{
admin_cmd::$acl->add_repository($app,$location,$account_id,$new_rights);
}
else
{
admin_cmd::$acl->delete_repository($app,$location,$account_id);
}
return lang('Applications run rights updated.');
}
/**
* Return a title / string representation for a given command, eg. to display it
*
* @return string
*/
function __tostring()
{
$rights = $this->rights;
$location = $this->location;
$names = Api\Hooks::single(array(
'location' => 'acl_rights'
), $this->app);
if($names[$rights])
{
$rights = lang($names[$rights]);
}
if(is_numeric($this->location))
{
$location = admin_cmd::display_account($this->location);
}
return lang('%1 %2 rights for %3 on %4 to %5',
$this->allow ? lang('Grant') : lang('Remove'),
$rights,
admin_cmd::display_account($this->account),
$this->app,
$location
);
}
}

View File

@ -505,6 +505,7 @@ app.classes.admin = AppJS.extend(
var className = app+'_acl'; var className = app+'_acl';
var acl_rights = {}; var acl_rights = {};
var readonlys = {acl: {}}; var readonlys = {acl: {}};
var modifications = {};
// Select options are already here, just pull them and pass along // Select options are already here, just pull them and pass along
sel_options = et2.getArrayMgr('sel_options').data||{}; sel_options = et2.getArrayMgr('sel_options').data||{};
@ -585,8 +586,7 @@ app.classes.admin = AppJS.extend(
this.egw.link_title('api-accounts', content.acl_location, function(title) {sel_options.acl_location[content.acl_location] = title;}); this.egw.link_title('api-accounts', content.acl_location, function(title) {sel_options.acl_location[content.acl_location] = title;});
} }
// Create the dialog var dialog_options = {
this.acl_dialog = et2_createWidget("dialog", {
callback: jQuery.proxy(function(_button_id, _value) { callback: jQuery.proxy(function(_button_id, _value) {
this.acl_dialog = null; this.acl_dialog = null;
if(_button_id != et2_dialog.OK_BUTTON) return; if(_button_id != et2_dialog.OK_BUTTON) return;
@ -649,7 +649,7 @@ app.classes.admin = AppJS.extend(
.sendRequest(); .sendRequest();
} }
} }
this.egw.json(className+'::ajax_change_acl', [id, rights], callback ? callback : this._acl_callback,this,false,this) this.egw.json(className+'::ajax_change_acl', [id, rights, _value], callback ? callback : this._acl_callback,this,false,this)
.sendRequest(); .sendRequest();
} }
},this), },this),
@ -658,10 +658,29 @@ app.classes.admin = AppJS.extend(
value: { value: {
content: content, content: content,
sel_options: sel_options, sel_options: sel_options,
modifications: modifications,
readonlys: readonlys readonlys: readonlys
}, },
template: egw.webserverUrl+'/admin/templates/default/acl.edit.xet' template: egw.webserverUrl+'/admin/templates/default/acl.edit.xet'
}, et2_dialog._create_parent(app)); };
// Handle policy documentation tab here
if(this.egw.user('apps').policy)
{
dialog_options['width'] = 550;
dialog_options['height'] = 350,
modifications.tabs = {
add_tabs: true,
tabs: [{
label: egw.lang('Documentation'),
template: 'policy.admin_cmd',
prepend: false
}]
};
}
// Create the dialog
this.acl_dialog = et2_createWidget("dialog", dialog_options, et2_dialog._create_parent(app));
}, },
/** /**

View File

@ -2,7 +2,7 @@
<!DOCTYPE overlay PUBLIC "-//EGroupware GmbH//eTemplate 2//EN" "http://www.egroupware.org/etemplate2.dtd"> <!DOCTYPE overlay PUBLIC "-//EGroupware GmbH//eTemplate 2//EN" "http://www.egroupware.org/etemplate2.dtd">
<!-- $Id$ --> <!-- $Id$ -->
<overlay> <overlay>
<template id="admin.acl.edit" template="" lang="" group="0" version="1.9.001"> <template id="admin.acl.edit.acl" template="" lang="" group="0" version="1.9.001">
<grid> <grid>
<columns> <columns>
<column/> <column/>
@ -49,4 +49,14 @@
</rows> </rows>
</grid> </grid>
</template> </template>
<template id="admin.acl.edit" template="" lang="" group="0" version="1.9.001">
<tabbox id="tabs" class="et2_nowrap" span="all" width="100%" tab_height="250px">
<tabs>
<tab id="acl" label="Access" statustext="Access"/>
</tabs>
<tabpanels>
<template id="admin.acl.edit.acl"/>
</tabpanels>
</tabbox>
</template>
</overlay> </overlay>