* Admin/PostgreSQL: shorten ACL labels used to limit admin rights to 16 char and fixed stalled 14.3 update for PostgreSQL

This commit is contained in:
Ralf Becker 2015-08-04 09:55:57 +00:00
parent 15e989f318
commit d43c2d0b54
8 changed files with 138 additions and 134 deletions

View File

@ -142,7 +142,7 @@ class admin_accesslog
if (is_array($content)) $sessions_list = $content['nm']['session_list'];
// check if user has access to requested functionality
if ($GLOBALS['egw']->acl->check($sessions_list ? 'current_sessions_access' : 'access_log_access',1,'admin'))
if ($GLOBALS['egw']->acl->check($sessions_list ? 'current_sessions' : 'access_log_acces',1,'admin'))
{
$GLOBALS['egw']->redirect_link('/index.php');
}
@ -283,7 +283,7 @@ class admin_accesslog
{
unset($sessionid[$key]); // dont allow to kill own sessions
}
if ($GLOBALS['egw']->acl->check('current_sessions_access',8,'admin'))
if ($GLOBALS['egw']->acl->check('current_sessions',8,'admin'))
{
$failed ++;
}

View File

@ -57,7 +57,7 @@ class admin_categories
{
throw new egw_exception_no_permission_admin();
}
if ($GLOBALS['egw']->acl->check('global_categories_access',1,'admin'))
if ($GLOBALS['egw']->acl->check('global_categorie',1,'admin'))
{
$GLOBALS['egw']->redirect_link('/index.php');
}
@ -71,12 +71,12 @@ class admin_categories
{
if (is_null(self::$acl_search))
{
self::$acl_search = !$GLOBALS['egw']->acl->check('global_categories_access',2,'admin');
self::$acl_add = !$GLOBALS['egw']->acl->check('global_categories_access',4,'admin');
self::$acl_view = !$GLOBALS['egw']->acl->check('global_categories_access',8,'admin');
self::$acl_edit = !$GLOBALS['egw']->acl->check('global_categories_access',16,'admin');
self::$acl_delete = !$GLOBALS['egw']->acl->check('global_categories_access',32,'admin');
self::$acl_add_sub= !$GLOBALS['egw']->acl->check('global_categories_access',64,'admin');
self::$acl_search = !$GLOBALS['egw']->acl->check('global_categorie',2,'admin');
self::$acl_add = !$GLOBALS['egw']->acl->check('global_categorie',4,'admin');
self::$acl_view = !$GLOBALS['egw']->acl->check('global_categorie',8,'admin');
self::$acl_edit = !$GLOBALS['egw']->acl->check('global_categorie',16,'admin');
self::$acl_delete = !$GLOBALS['egw']->acl->check('global_categorie',32,'admin');
self::$acl_add_sub= !$GLOBALS['egw']->acl->check('global_categorie',64,'admin');
}
}

View File

@ -53,7 +53,7 @@ class admin_hooks
if ($GLOBALS['egw_info']['user']['apps']['admin'])
{
if (! $GLOBALS['egw']->acl->check('site_config_access',1,'admin'))
if (! $GLOBALS['egw']->acl->check('site_config_acce',1,'admin'))
{
$file['Site Configuration'] = egw::link('/index.php','menuaction=admin.uiconfig.index&appname=admin');
}
@ -80,26 +80,26 @@ class admin_hooks
);
}
if (! $GLOBALS['egw']->acl->check('applications_access',1,'admin'))
if (! $GLOBALS['egw']->acl->check('applications_acc',1,'admin'))
{
$file['Applications'] = egw::link('/index.php','menuaction=admin.admin_applications.index');
}
if (! $GLOBALS['egw']->acl->check('global_categories_access',1,'admin'))
if (! $GLOBALS['egw']->acl->check('global_categorie',1,'admin'))
{
$file['Global Categories'] = egw::link('/index.php','menuaction=admin.admin_categories.index&appname=phpgw&ajax=true');
}
if (!$GLOBALS['egw']->acl->check('mainscreen_message_access',1,'admin') || !$GLOBALS['egw']->acl->check('mainscreen_message_access',2,'admin'))
if (!$GLOBALS['egw']->acl->check('mainscreen_messa',1,'admin') || !$GLOBALS['egw']->acl->check('mainscreen_messa',2,'admin'))
{
$file['Change Main Screen Message'] = egw::link('/index.php','menuaction=admin.uimainscreen.index');
}
if (! $GLOBALS['egw']->acl->check('current_sessions_access',1,'admin'))
if (! $GLOBALS['egw']->acl->check('current_sessions',1,'admin'))
{
$file['View Sessions'] = egw::link('/index.php','menuaction=admin.admin_accesslog.sessions&ajax=true');
}
if (! $GLOBALS['egw']->acl->check('access_log_access',1,'admin'))
if (! $GLOBALS['egw']->acl->check('access_log_acces',1,'admin'))
{
$file['View Access Log'] = egw::link('/index.php','menuaction=admin.admin_accesslog.index&ajax=true');
}
@ -110,12 +110,12 @@ class admin_hooks
$file['View Error Log'] = egw::link('/index.php','menuaction=admin.uilog.list_log');
}*/
if (! $GLOBALS['egw']->acl->check('applications_access',16,'admin'))
if (! $GLOBALS['egw']->acl->check('applications_acc',16,'admin'))
{
$file['Clear cache and register hooks'] = egw::link('/index.php','menuaction=admin.admin_hooks.register_all_hooks');
}
if (! $GLOBALS['egw']->acl->check('asyncservice_access',1,'admin'))
if (! $GLOBALS['egw']->acl->check('asyncservice_acc',1,'admin'))
{
$file['Asynchronous timed services'] = egw::link('/index.php','menuaction=admin.uiasyncservice.index');
}
@ -156,7 +156,7 @@ class admin_hooks
*/
function register_all_hooks()
{
if ($GLOBALS['egw']->acl->check('applications_access',16,'admin'))
if ($GLOBALS['egw']->acl->check('applications_acc',16,'admin'))
{
$GLOBALS['egw']->redirect_link('/index.php');
}
@ -193,7 +193,7 @@ class admin_hooks
'icon' => 'lock',
);
if (!$GLOBALS['egw']->acl->check('current_sessions_access',1,'admin')) // no rights to view
if (!$GLOBALS['egw']->acl->check('current_sessions',1,'admin')) // no rights to view
{
$actions[] = array(
'description' => 'Login History',

View File

@ -20,7 +20,7 @@ class uiasyncservice
function index()
{
if ($GLOBALS['egw']->acl->check('asyncservice_access',1,'admin'))
if ($GLOBALS['egw']->acl->check('asyncservice_acc',1,'admin'))
{
egw::redirect_link('/index.php');
}

View File

@ -36,7 +36,7 @@ class uiconfig
//_debug_array($params);
$_appname = $_GET['appname'];
}
if ($GLOBALS['egw']->acl->check('site_config_access',1,'admin'))
if ($GLOBALS['egw']->acl->check('site_config_acce',1,'admin'))
{
egw::redirect_link('/index.php');
}
@ -105,7 +105,7 @@ class uiconfig
$c = new config($config_appname);
$c->read_repository();
if ($_POST['cancel'] || ($_POST['submit'] || $_POST['save'] || $_POST['apply']) && $GLOBALS['egw']->acl->check('site_config_access',2,'admin'))
if ($_POST['cancel'] || ($_POST['submit'] || $_POST['save'] || $_POST['apply']) && $GLOBALS['egw']->acl->check('site_config_acce',2,'admin'))
{
egw::redirect_link('/admin/index.php?ajax=true');
}
@ -261,7 +261,7 @@ class uiconfig
}
}
$t->set_var('submit', '<div class="dialogFooterToolbar" style="text-align: left">'.
($GLOBALS['egw']->acl->check('site_config_access',2,'admin') ? '' :
($GLOBALS['egw']->acl->check('site_config_acce',2,'admin') ? '' :
html::submit_button('save', 'Save')."\n".
html::submit_button('apply', 'Apply')));
$t->set_var('cancel', html::submit_button('cancel', 'Cancel').'</div>');

View File

@ -18,11 +18,11 @@ class uimainscreen
$select_lang = $_POST['select_lang'];
$message = get_magic_quotes_gpc() ? stripslashes($_POST['message']) : $_POST['message'];
$acl_ok = array();
if (!$GLOBALS['egw']->acl->check('mainscreen_message_access',1,'admin'))
if (!$GLOBALS['egw']->acl->check('mainscreen_messa',1,'admin'))
{
$acl_ok['mainscreen'] = True;
}
if (!$GLOBALS['egw']->acl->check('mainscreen_message_access',2,'admin'))
if (!$GLOBALS['egw']->acl->check('mainscreen_messa',2,'admin'))
{
$acl_ok['loginscreen'] = True;
}
@ -80,7 +80,7 @@ class uimainscreen
$GLOBALS['egw']->template->fp('rows','row',True);
$select_section = '<select name="section">'."\n";
foreach($acl_ok as $key => $val)
foreach(array_keys($acl_ok) as $key)
{
$select_section .= ' <option value="'.$key.'"'.
($key == $_POST['section'] ? ' selected' : '') . '>' .

View File

@ -1,125 +1,122 @@
<?php
/**************************************************************************\
* eGroupWare *
* http://www.egroupware.org *
* -------------------------------------------- *
* This program is free software; you can redistribute it and/or modify it *
* under the terms of the GNU General Public License as published by the *
* Free Software Foundation; either version 2 of the License, or (at your *
* option) any later version. *
\**************************************************************************/
/**
* EGgroupware administration
*
* @link http://www.egroupware.org
* @package admin
* @license http://opensource.org/licenses/gpl-license.php GPL - GNU General Public License
* @version $Id$
*/
/* $Id$ */
$GLOBALS['acl_manager']['admin']['site_config_acce'] = array(
'name' => 'Deny access to site configuration',
'rights' => array(
'List config settings' => 1,
'Change config settings' => 2
)
); // added and working ralfbecker
$GLOBALS['acl_manager']['admin']['site_config_access'] = array(
'name' => 'Deny access to site configuration',
'rights' => array(
'List config settings' => 1,
'Change config settings' => 2
)
); // added and working ralfbecker
$GLOBALS['acl_manager']['admin']['account_access'] = array(
'name' => 'Deny access to user accounts',
'rights' => array(
'Account list' => 1,
'Search accounts' => 2,
'Add account' => 4,
'View account' => 8,
'Edit account' => 16,
'Delete account' => 32,
'change ACL Rights' => 64
)
); // was already there and seems to work ralfbecker
$GLOBALS['acl_manager']['admin']['account_access'] = array(
'name' => 'Deny access to user accounts',
'rights' => array(
'Account list' => 1,
'Search accounts' => 2,
'Add account' => 4,
'View account' => 8,
'Edit account' => 16,
'Delete account' => 32,
'change ACL Rights' => 64
)
); // was already there and seems to work ralfbecker
$GLOBALS['acl_manager']['admin']['group_access'] = array(
'name' => 'Deny access to groups',
'rights' => array(
'Group list' => 1,
'Search groups' => 2,
'Add group' => 4,
$GLOBALS['acl_manager']['admin']['group_access'] = array(
'name' => 'Deny access to groups',
'rights' => array(
'Group list' => 1,
'Search groups' => 2,
'Add group' => 4,
// 'View group' => 8, // Will be added in the future
'Edit group' => 16,
'Delete group' => 32
)
); // was already there and seems to work ralfbecker
'Edit group' => 16,
'Delete group' => 32
)
); // was already there and seems to work ralfbecker
$GLOBALS['acl_manager']['admin']['applications_access'] = array(
'name' => 'Deny access to applications',
'rights' => array(
$GLOBALS['acl_manager']['admin']['applications_acc'] = array(
'name' => 'Deny access to applications',
'rights' => array(
/* not usefull --> setup
'Applications list' => 1,
'Add application' => 2,
'Edit application' => 4,
'Delete application' => 8,
'Applications list' => 1,
'Add application' => 2,
'Edit application' => 4,
'Delete application' => 8,
*/
'Register application hooks' => 16
)
); // added and working ralfbecker
'Register application hooks' => 16
)
); // added and working ralfbecker
$GLOBALS['acl_manager']['admin']['global_categories_access'] = array(
'name' => 'Deny access to global categories',
'rights' => array(
'Categories list' => 1,
'Search categories' => 2,
'Add category' => 4,
'View category' => 8,
'Edit category' => 16,
'Delete category' => 32,
'Add sub-category' => 64
)
); // added and working ralfbecker
$GLOBALS['acl_manager']['admin']['global_categorie'] = array(
'name' => 'Deny access to global categories',
'rights' => array(
'Categories list' => 1,
'Search categories' => 2,
'Add category' => 4,
'View category' => 8,
'Edit category' => 16,
'Delete category' => 32,
'Add sub-category' => 64
)
); // added and working ralfbecker
$GLOBALS['acl_manager']['admin']['mainscreen_message_access'] = array(
'name' => 'Deny access to mainscreen message',
'rights' => array(
'Main screen message' => 1,
'Login message' => 2
)
); // added and working ralfbecker
$GLOBALS['acl_manager']['admin']['mainscreen_messa'] = array(
'name' => 'Deny access to mainscreen message',
'rights' => array(
'Main screen message' => 1,
'Login message' => 2
)
); // added and working ralfbecker
$GLOBALS['acl_manager']['admin']['current_sessions_access'] = array(
'name' => 'Deny access to current sessions',
'rights' => array(
'List current sessions' => 1,
'Show current action' => 2,
'Show session IP address' => 4,
'Kill session' => 8
)
); // checked and working ralfbecker
$GLOBALS['acl_manager']['admin']['current_sessions'] = array(
'name' => 'Deny access to current sessions',
'rights' => array(
'List current sessions' => 1,
'Show current action' => 2,
'Show session IP address' => 4,
'Kill session' => 8
)
); // checked and working ralfbecker
$GLOBALS['acl_manager']['admin']['access_log_access'] = array(
'name' => 'Deny access to access log',
'rights' => array(
'Show access log' => 1
)
); // added and working ralfbecker
$GLOBALS['acl_manager']['admin']['access_log_acces'] = array(
'name' => 'Deny access to access log',
'rights' => array(
'Show access log' => 1
)
); // added and working ralfbecker
$GLOBALS['acl_manager']['admin']['error_log_access'] = array(
'name' => 'Deny access to error log',
'rights' => array(
'Show error log' => 1
)
); // added and working ralfbecker
$GLOBALS['acl_manager']['admin']['error_log_access'] = array(
'name' => 'Deny access to error log',
'rights' => array(
'Show error log' => 1
)
); // added and working ralfbecker
$GLOBALS['acl_manager']['admin']['asyncservice_access'] = array(
'name' => 'Deny access to asynchronous timed services',
'rights' => array(
'Asynchronous timed services' => 1
)
); // added and working ralfbecker
$GLOBALS['acl_manager']['admin']['asyncservice_acc'] = array(
'name' => 'Deny access to asynchronous timed services',
'rights' => array(
'Asynchronous timed services' => 1
)
); // added and working ralfbecker
$GLOBALS['acl_manager']['admin']['db_backup_access'] = array(
'name' => 'Deny access to DB backup and restore',
'rights' => array(
'DB backup and restore' => 1
)
); // added and working ralfbecker
$GLOBALS['acl_manager']['admin']['db_backup_access'] = array(
'name' => 'Deny access to DB backup and restore',
'rights' => array(
'DB backup and restore' => 1
)
); // added and working ralfbecker
$GLOBALS['acl_manager']['admin']['info_access'] = array(
'name' => 'Deny access to phpinfo',
'rights' => array(
'Show phpinfo()' => 1
)
); // added and working ralfbecker
$GLOBALS['acl_manager']['admin']['info_access'] = array(
'name' => 'Deny access to phpinfo',
'rights' => array(
'Show phpinfo()' => 1
)
); // added and working ralfbecker

View File

@ -158,6 +158,13 @@ function phpgwapi_upgrade14_2_004()
'type' => 'auto',
'nullable' => False
));*/
// shorten all acl_location entries to 16 chars, to not stall update for PostgreSQL
$GLOBALS['egw_setup']->db->update('egw_acl', array(
'acl_location=SUBSTRING(acl_location FROM 1 FOR 16)',
'acl_appname=SUBSTRING(acl_appname FROM 1 FOR 16)',
), 'LENGTH(acl_location) > 16 OR LENGTH(acl_appname) > 16', __LINE__, __FILE__);
$GLOBALS['egw_setup']->oProc->RefreshTable('egw_acl',array(
'fd' => array(
'acl_appname' => array('type' => 'ascii','precision' => '16','nullable' => False),