From 34ac81c0191e2beec64020d594402257c06ecccf Mon Sep 17 00:00:00 2001 From: Cameron Date: Fri, 5 Jun 2015 22:00:25 -0700 Subject: [PATCH] AdminUI: Improved permissions control. Additional Admin -> News access options added. (not finalized) --- e107_admin/newspost.php | 29 +++++++++++++++++-- e107_handlers/admin_ui.php | 51 ++++++++++++++++++++++++++++++++-- e107_handlers/user_handler.php | 8 ++++++ 3 files changed, 82 insertions(+), 6 deletions(-) diff --git a/e107_admin/newspost.php b/e107_admin/newspost.php index d50023369..42f84dab0 100644 --- a/e107_admin/newspost.php +++ b/e107_admin/newspost.php @@ -12,7 +12,7 @@ require_once('../class2.php'); -if (!getperms('H|N')) +if (!getperms('H|N|H0|H1|H2|H3|H4|H5')) { header('Location:'.e_BASE.'index.php'); exit; @@ -29,7 +29,8 @@ class news_admin extends e_admin_dispatcher 'controller' => 'news_admin_ui', 'path' => null, 'ui' => 'news_form_ui', - 'uipath' => null + 'uipath' => null, + 'perm' => null ), 'cat' => array( 'controller' => 'news_cat_ui', @@ -41,11 +42,31 @@ class news_admin extends e_admin_dispatcher 'controller' => 'news_sub_ui', 'path' => null, 'ui' => 'news_sub_form_ui', - 'uipath' => null + 'uipath' => null, + 'perm' => null ) ); + protected $access = array(); // as below, but uses userclasses instead of admin perms eg. e_UC_* or numeric userclass value. + + + //Route access. (equivalent of getperms() for each mode/action ) + protected $perm = array( + 'main/list' => 'H|H0|H1|H2', + 'main/create' => 'H|H0', + 'main/edit' => 'H|H1', // edit button and inline editing in list mode. + 'main/delete' => 'H|H2', // delete button in list mode. + 'cat/list' => 'H', + 'cat/create' => 'H|H3|H4|H5', + 'cat/edit' => 'H|H4', // edit button and inline editing in list mode. + 'cat/delete' => 'H|H5', // delete button in list mode. + 'main/settings' => '0', + 'sub/list' => 'N' + ); + + + protected $adminMenu = array( 'main/list' => array('caption'=> LAN_LIST, 'perm' => 'H'), 'main/create' => array('caption'=> NWSLAN_45, 'perm' => 'H'), // Create/Edit News Item @@ -58,6 +79,8 @@ class news_admin extends e_admin_dispatcher // 'main/maint' => array('caption'=> LAN_NEWS_55, 'perm' => '0') // Maintenance ); + + protected $adminMenuAliases = array( 'main/edit' => 'main/list', 'cat/edit' => 'cat/list' diff --git a/e107_handlers/admin_ui.php b/e107_handlers/admin_ui.php index e052212c9..e0264e14f 100644 --- a/e107_handlers/admin_ui.php +++ b/e107_handlers/admin_ui.php @@ -966,9 +966,10 @@ class e_admin_dispatcher /** * Optional - generic entry point access restriction (via getperms()) * Value of this for plugins would be always 'P'. + * When an array is detected, route mode/action = admin perms is used. (similar to $access) * More detailed access control is granted with $access and $modes[MODE]['perm'] or $modes[MODE]['userclass'] settings * - * @var string + * @var string|array */ protected $perm; @@ -1096,7 +1097,7 @@ class e_admin_dispatcher { $request->setAction('e403'); e107::getMessage()->addError('You don\'t have permissions to view this page.') - ->addDebug('Route access restriction triggered.'); + ->addDebug('Route access restriction triggered:'.$route); return false; } @@ -1116,7 +1117,7 @@ class e_admin_dispatcher return false; } // generic dispatcher admin permission (former getperms()) - if(null !== $this->perm && !e107::getUser()->checkAdminPerms($this->perm)) + if(null !== $this->perm && is_string($this->perm) && !e107::getUser()->checkAdminPerms($this->perm)) { return false; } @@ -1129,6 +1130,13 @@ class e_admin_dispatcher { return false; } + + if(!empty($this->perm) && is_array($this->perm) && !e107::getUser()->checkAdminPerms($this->perm[$route])) + { + return false; + } + + return true; } @@ -1330,6 +1338,16 @@ class e_admin_dispatcher return $response->send('default', $options); } + + /** + * Get perms + * @return array|string + */ + public function getPerm() + { + return $this->perm; + } + /** * Proxy method * @@ -5688,9 +5706,36 @@ class e_admin_form_ui extends e_form 'field' => $controller->getQuery('field'), //current order field name, default - primary field 'asc' => $controller->getQuery('asc', 'desc'), //current 'order by' rule, default 'asc' ); + + + // checks dispatcher perms for edit/delete access in list mode. + + $deleteRoute = $this->getController()->getMode()."/delete"; + $editRoute = $this->getController()->getMode()."/edit"; + $perm = $this->getController()->getDispatcher()->getPerm(); + + if(isset($perm[$deleteRoute]) && !getperms($perm[$deleteRoute])) // disable the delete button. + { + $options[$id]['fields']['options']['readParms']['deleteClass'] = e_UC_NOBODY; + } + + if(isset($perm[$editRoute]) && !getperms($perm[$editRoute])) + { + $options[$id]['fields']['options']['readParms']['editClass'] = e_UC_NOBODY; // display the edit button. + foreach($options[$id]['fields'] as $k=>$v) // disable inline editing. + { + $options[$id]['fields'][$k]['inline'] = false; + } + } + return $this->renderListForm($options, $tree, $ajax); } + + + + + public function getConfirmDelete($ids, $ajax = false) { $controller = $this->getController(); diff --git a/e107_handlers/user_handler.php b/e107_handlers/user_handler.php index 6dfaec14c..d55a4aa5a 100644 --- a/e107_handlers/user_handler.php +++ b/e107_handlers/user_handler.php @@ -1288,6 +1288,14 @@ class e_userperms "5" => array(ADMSLAN_23,E_16_CUST, E_32_CUST), // create/edit custom PAGES "J" => array(ADMSLAN_41,E_16_CUST, E_32_CUST), // create/edit custom MENUS "H" => array(ADMSLAN_39,E_16_NEWS, E_32_NEWS), // Post News + + "H0" => array(ADMSLAN_39." (".LAN_CREATE.")",E_16_NEWS, E_32_NEWS), // Create News Items + "H1" => array(ADMSLAN_39." (".LAN_EDIT.")",E_16_NEWS, E_32_NEWS), // Edit News Items + "H2" => array(ADMSLAN_39." (".LAN_DELETE.")",E_16_NEWS, E_32_NEWS), // Delete News Items + "H3" => array(ADMSLAN_39." (".LAN_CATEGORY." - ".LAN_CREATE.")",E_16_NEWS, E_32_NEWS), // Create News Category + "H4" => array(ADMSLAN_39." (".LAN_CATEGORY." - ".LAN_EDIT.")",E_16_NEWS, E_32_NEWS), // Edit News Category + "H5" => array(ADMSLAN_39." (".LAN_CATEGORY." - ".LAN_DELETE.")",E_16_NEWS, E_32_NEWS), // Delete News Category + "N" => array(ADMSLAN_47,E_16_NEWS, E_32_NEWS), // Moderate submitted news "V" => array(ADMSLAN_35,E_16_UPLOADS, E_32_UPLOADS), // Configure public file uploads "M" => array(ADMSLAN_46,E_16_WELCOME, E_32_WELCOME), // Welcome Messages