AdminUI: Improved permissions control. Additional Admin -> News access options added. (not finalized)

e107_admin/newspost.php

@@ -12,7 +12,7 @@
 
 require_once('../class2.php');
 
-if (!getperms('H|N'))
+if (!getperms('H|N|H0|H1|H2|H3|H4|H5'))
 {
 	header('Location:'.e_BASE.'index.php');
 	exit;
@@ -29,7 +29,8 @@ class news_admin extends e_admin_dispatcher
 			'controller' 	=> 'news_admin_ui',
 			'path' 			=> null,
 			'ui' 			=> 'news_form_ui',
-			'uipath' 		=> null
+			'uipath' 		=> null,
+			'perm'          => null
 		),
 		'cat'		=> array(
 			'controller' 	=> 'news_cat_ui',
@@ -41,11 +42,31 @@ class news_admin extends e_admin_dispatcher
 			'controller' 	=> 'news_sub_ui',
 			'path' 			=> null,
 			'ui' 			=> 'news_sub_form_ui',
-			'uipath' 		=> null
+			'uipath' 		=> null,
+			'perm'          => null
 		)
 	);
 
 
+	protected $access = array(); // as below, but uses userclasses instead of admin perms eg. e_UC_* or numeric userclass value.
+
+
+	//Route access. (equivalent of getperms() for each mode/action )
+	protected $perm = array(
+		'main/list'     => 'H|H0|H1|H2',
+		'main/create'   => 'H|H0',
+		'main/edit'     => 'H|H1', // edit button and inline editing in list mode.
+		'main/delete'   => 'H|H2', // delete button in list mode.
+		'cat/list'      => 'H',
+		'cat/create'    => 'H|H3|H4|H5',
+		'cat/edit'      => 'H|H4', // edit button and inline editing in list mode.
+		'cat/delete'    => 'H|H5', // delete button in list mode.
+		'main/settings' => '0',
+		'sub/list'      => 'N'
+	);
+
+
+
 	protected $adminMenu = array(
 		'main/list'			=> array('caption'=> LAN_LIST, 'perm' => 'H'),
 		'main/create' 		=> array('caption'=> NWSLAN_45, 'perm' => 'H'),  // Create/Edit News Item
@@ -58,6 +79,8 @@ class news_admin extends e_admin_dispatcher
 	//	'main/maint'		=> array('caption'=> LAN_NEWS_55, 'perm' => '0') // Maintenance
 	);
 
+
+
 	protected $adminMenuAliases = array(
 		'main/edit'	=> 'main/list',
 		'cat/edit'	=> 'cat/list'

e107_handlers/admin_ui.php

@@ -966,9 +966,10 @@ class e_admin_dispatcher
 	/**
 	 * Optional - generic entry point access restriction (via getperms()) 
 	 * Value of this for plugins would be always 'P'.
+	 * When an array is detected, route mode/action = admin perms is used. (similar to $access)
 	 * More detailed access control is granted with $access and $modes[MODE]['perm'] or  $modes[MODE]['userclass'] settings
 	 *
-	 * @var string
+	 * @var string|array
 	 */
 	protected $perm;
 
@@ -1096,7 +1097,7 @@ class e_admin_dispatcher
 		{
 			$request->setAction('e403');
 			e107::getMessage()->addError('You don\'t have permissions to view this page.')
-				->addDebug('Route access restriction triggered.');
+				->addDebug('Route access restriction triggered:'.$route);
 			return false;
 		}
 		
@@ -1116,7 +1117,7 @@ class e_admin_dispatcher
 			return false;
 		}
 		// generic dispatcher admin permission  (former getperms())
-		if(null !== $this->perm && !e107::getUser()->checkAdminPerms($this->perm))
+		if(null !== $this->perm && is_string($this->perm) && !e107::getUser()->checkAdminPerms($this->perm))
 		{
 			return false;
 		}
@@ -1129,6 +1130,13 @@ class e_admin_dispatcher
 		{
 			return false;
 		}
+
+		if(!empty($this->perm) && is_array($this->perm) && !e107::getUser()->checkAdminPerms($this->perm[$route]))
+		{
+			return false;
+		}
+
+
 		return true;
 	}
 
@@ -1330,6 +1338,16 @@ class e_admin_dispatcher
 		return $response->send('default', $options);
 	}
 
+
+	/**
+	 * Get perms
+	 * @return array|string
+	 */
+	public function getPerm()
+	{
+		return $this->perm;
+	}
+
 	/**
 	 * Proxy method
 	 *
@@ -5688,9 +5706,36 @@ class e_admin_form_ui extends e_form
 			'field' => $controller->getQuery('field'), //current order field name, default - primary field
 			'asc' => $controller->getQuery('asc', 'desc'), //current 'order by' rule, default 'asc'
 		);
+
+
+		// checks dispatcher perms for edit/delete access in list mode.
+
+		$deleteRoute = $this->getController()->getMode()."/delete";
+		$editRoute = $this->getController()->getMode()."/edit";
+		$perm = $this->getController()->getDispatcher()->getPerm();
+
+		if(isset($perm[$deleteRoute]) && !getperms($perm[$deleteRoute])) // disable the delete button.
+		{
+			$options[$id]['fields']['options']['readParms']['deleteClass'] = e_UC_NOBODY;
+		}
+
+		if(isset($perm[$editRoute]) && !getperms($perm[$editRoute]))
+		{
+			$options[$id]['fields']['options']['readParms']['editClass'] = e_UC_NOBODY; // display the edit button.
+			foreach($options[$id]['fields'] as $k=>$v) // disable inline editing.
+			{
+				$options[$id]['fields'][$k]['inline'] = false;
+			}
+		}
+
 		return $this->renderListForm($options, $tree, $ajax);
 	}
 
+
+
+
+
+
 	public function getConfirmDelete($ids, $ajax = false)
 	{
 		$controller = $this->getController();

e107_handlers/user_handler.php

@@ -1288,6 +1288,14 @@ class e_userperms
 		"5"	=> array(ADMSLAN_23,E_16_CUST, E_32_CUST),			// create/edit custom PAGES
 		"J"	=> array(ADMSLAN_41,E_16_CUST, E_32_CUST),			// create/edit custom MENUS
 		"H"	=> array(ADMSLAN_39,E_16_NEWS, E_32_NEWS),			// Post News
+
+		"H0" => array(ADMSLAN_39." (".LAN_CREATE.")",E_16_NEWS, E_32_NEWS),			// Create News Items
+		"H1" => array(ADMSLAN_39." (".LAN_EDIT.")",E_16_NEWS, E_32_NEWS),			// Edit News Items
+		"H2" => array(ADMSLAN_39." (".LAN_DELETE.")",E_16_NEWS, E_32_NEWS),			// Delete News Items
+		"H3" => array(ADMSLAN_39." (".LAN_CATEGORY." - ".LAN_CREATE.")",E_16_NEWS, E_32_NEWS),			// Create News Category
+		"H4" => array(ADMSLAN_39." (".LAN_CATEGORY." - ".LAN_EDIT.")",E_16_NEWS, E_32_NEWS),			// Edit News Category
+		"H5" => array(ADMSLAN_39." (".LAN_CATEGORY." - ".LAN_DELETE.")",E_16_NEWS, E_32_NEWS),			// Delete News Category
+
 		"N"	=> array(ADMSLAN_47,E_16_NEWS, E_32_NEWS),			// Moderate submitted news
 		"V"	=> array(ADMSLAN_35,E_16_UPLOADS, E_32_UPLOADS),	// Configure public file uploads
 		"M"	=> array(ADMSLAN_46,E_16_WELCOME, E_32_WELCOME),	// Welcome Messages