tyler.durden/icingaweb2
1
0
Fork 0
mirror of https://github.com/Icinga/icingaweb2.git synced 2025-07-25 06:44:33 +02:00
Code Issues Packages Projects Releases Wiki Activity

RoleForm: Make sure to grant general module access...

Browse Source 
...if full access is granted
This commit is contained in:
Johannes Meyer 2021-07-27 13:28:41 +02:00
parent 47891ddc72
commit 0c8466fa93
1 changed files with 19 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
application/forms/Security/RoleForm.php
View File

@ -332,15 +332,24 @@ class RoleForm extends RepositoryForm
} }
foreach ($this->providedPermissions as $moduleName => $permissionList) { foreach ($this->providedPermissions as $moduleName => $permissionList) {
$hasFullPerm = false;
foreach ($permissionList as $name => $spec) { foreach ($permissionList as $name => $spec) {
if (in_array($name, $permissions, true)) { if (in_array($name, $permissions, true)) {
$values[$this->filterName($name)] = 1; $values[$this->filterName($name)] = 1;
if (isset($spec['isFullPerm'])) {
$hasFullPerm = true;
}
} }
if (in_array($name, $refusals, true)) { if (in_array($name, $refusals, true)) {
$values[$this->filterName(self::DENY_PREFIX . $name)] = 1; $values[$this->filterName(self::DENY_PREFIX . $name)] = 1;
} }
} }
if ($hasFullPerm) {
unset($values[$this->filterName(Manager::MODULE_PERMISSION_NS . $moduleName)]);
}
} }
} }
@ -376,10 +385,15 @@ class RoleForm extends RepositoryForm
$refusals = []; $refusals = [];
foreach ($this->providedPermissions as $moduleName => $permissionList) { foreach ($this->providedPermissions as $moduleName => $permissionList) {
$hasFullPerm = false;
foreach ($permissionList as $name => $spec) { foreach ($permissionList as $name => $spec) {
$elementName = $this->filterName($name); $elementName = $this->filterName($name);
if (isset($values[$elementName]) && $values[$elementName]) { if (isset($values[$elementName]) && $values[$elementName]) {
$permissions[] = $name; $permissions[] = $name;
if (isset($spec['isFullPerm'])) {
$hasFullPerm = true;
}
} }
$denyName = $this->filterName(self::DENY_PREFIX . $name); $denyName = $this->filterName(self::DENY_PREFIX . $name);
@ -389,6 +403,11 @@ class RoleForm extends RepositoryForm
unset($values[$elementName], $values[$denyName]); unset($values[$elementName], $values[$denyName]);
} }
$modulePermission = Manager::MODULE_PERMISSION_NS . $moduleName;
if ($hasFullPerm && ! in_array($modulePermission, $permissions, true)) {
$permissions[] = $modulePermission;
}
} }
unset($values[self::WILDCARD_NAME]); unset($values[self::WILDCARD_NAME]);