diff --git a/application/forms/Security/RoleForm.php b/application/forms/Security/RoleForm.php
index d6f3d447b..b50cb8f8b 100644
--- a/application/forms/Security/RoleForm.php
+++ b/application/forms/Security/RoleForm.php
@@ -178,103 +178,105 @@ class RoleForm extends RepositoryForm
]
);
- if (! isset($formData[self::WILDCARD_NAME]) || ! $formData[self::WILDCARD_NAME]) {
- foreach ($this->providedPermissions as $moduleName => $permissionList) {
- $this->sortPermissions($permissionList);
+ $hasAdminPerm = isset($formData[self::WILDCARD_NAME]) && $formData[self::WILDCARD_NAME];
+ foreach ($this->providedPermissions as $moduleName => $permissionList) {
+ $this->sortPermissions($permissionList);
- $elements = [$moduleName . '_header'];
+ $elements = [$moduleName . '_header'];
+ $this->addElement(
+ 'note',
+ $moduleName . '_header',
+ [
+ 'decorators' => ['ViewHelper'],
+ 'value' => '' . ($moduleName !== 'application'
+ ? sprintf('%s %s', $moduleName, $this->translate('Module'))
+ : 'Icinga Web 2') . '
'
+ ]
+ );
+
+ $elements[] = 'permission_header';
+ $this->addElement('note', 'permission_header', [
+ 'value' => '' . $this->translate('Permissions') . '
',
+ 'decorators' => ['ViewHelper']
+ ]);
+
+ $hasFullPerm = false;
+ foreach ($permissionList as $name => $spec) {
+ $elementName = $name;
+ if ($hasFullPerm || $hasAdminPerm) {
+ $elementName .= '_fake';
+ }
+
+ $elements[] = $elementName;
$this->addElement(
- 'note',
- $moduleName . '_header',
+ 'checkbox',
+ $elementName,
[
- 'decorators' => ['ViewHelper'],
- 'value' => '' . ($moduleName !== 'application'
- ? sprintf('%s %s', $moduleName, $this->translate('Module'))
- : 'Icinga Web 2') . '
'
+ 'ignore' => $hasFullPerm || $hasAdminPerm,
+ 'autosubmit' => isset($spec['isFullPerm']),
+ 'disabled' => $hasFullPerm || $hasAdminPerm ?: null,
+ 'value' => $hasFullPerm || $hasAdminPerm,
+ 'label' => preg_replace(
+ // Adds a zero-width char after each slash to help browsers break onto newlines
+ '~(? isset($spec['description']) ? $spec['description'] : $spec['name']
]
- );
+ )
+ ->getElement($elementName)
+ ->getDecorator('Label')
+ ->setOption('escape', false);
- $elements[] = 'permission_header';
- $this->addElement('note', 'permission_header', [
- 'value' => '' . $this->translate('Permissions') . '
',
+ if ($hasFullPerm || $hasAdminPerm) {
+ // Add a hidden element to preserve the configured permission value
+ $this->addElement('hidden', $name);
+ }
+
+ if (isset($spec['isFullPerm'])) {
+ $hasFullPerm = isset($formData[$name]) && $formData[$name];
+ }
+ }
+
+ if (isset($this->providedRestrictions[$moduleName])) {
+ $elements[] = 'restriction_header';
+ $this->addElement('note', 'restriction_header', [
+ 'value' => '' . $this->translate('Restrictions') . '
',
'decorators' => ['ViewHelper']
]);
- $hasFullPerm = false;
- foreach ($permissionList as $name => $spec) {
+ foreach ($this->providedRestrictions[$moduleName] as $name => $spec) {
$elements[] = $name;
$this->addElement(
- 'checkbox',
+ 'text',
$name,
[
- 'ignore' => isset($spec['isUsagePerm']) ? false : $hasFullPerm,
- 'autosubmit' => isset($spec['isFullPerm']),
- 'disabled' => $hasFullPerm ?: null,
- 'value' => $hasFullPerm,
'label' => preg_replace(
// Adds a zero-width char after each slash to help browsers break onto newlines
'~(? isset($spec['description']) ? $spec['description'] : $spec['name']
+ 'description' => $spec['description']
]
)
->getElement($name)
->getDecorator('Label')
->setOption('escape', false);
- if (isset($spec['isFullPerm'])) {
- $hasFullPerm = isset($formData[$name]) && $formData[$name];
- }
- }
-
- if (isset($this->providedRestrictions[$moduleName])) {
- $elements[] = 'restriction_header';
- $this->addElement('note', 'restriction_header', [
- 'value' => '' . $this->translate('Restrictions') . '
',
- 'decorators' => ['ViewHelper']
- ]);
-
- foreach ($this->providedRestrictions[$moduleName] as $name => $spec) {
- $elements[] = $name;
- $this->addElement(
- 'text',
- $name,
- [
- 'label' => preg_replace(
- // Adds a zero-width char after each slash to help browsers break onto newlines
- '~(? $spec['description']
- ]
- )
- ->getElement($name)
- ->getDecorator('Label')
- ->setOption('escape', false);
- }
- }
-
- $this->addDisplayGroup($elements, $moduleName . '_elements', [
- 'decorators' => [
- 'FormElements',
- ['Fieldset', [
- 'class' => 'collapsible',
- 'data-toggle-element' => 'h3',
- 'data-visible-height' => 0
- ]]
- ]
- ]);
- }
- } else {
- // Previously it was possible to define restrictions for super users, so make sure
- // to not remove any restrictions which were set before the enforced separation
- foreach ($this->providedRestrictions as $restrictionList) {
- foreach ($restrictionList as $name => $_) {
- $this->addElement('hidden', $name);
}
}
+
+ $this->addDisplayGroup($elements, $moduleName . '_elements', [
+ 'decorators' => [
+ 'FormElements',
+ ['Fieldset', [
+ 'class' => 'collapsible',
+ 'data-toggle-element' => 'h3',
+ 'data-visible-height' => 0
+ ]]
+ ]
+ ]);
}
}
@@ -293,7 +295,7 @@ class RoleForm extends RepositoryForm
'name' => $role->name,
'users' => $role->users,
'groups' => $role->groups,
- self::WILDCARD_NAME => $role->permissions === '*'
+ self::WILDCARD_NAME => (bool) preg_match('~(?permissions)
];
if (! empty($role->permissions) && $role->permissions !== '*') {
@@ -334,15 +336,15 @@ class RoleForm extends RepositoryForm
$permissions = [];
if (isset($values[self::WILDCARD_NAME]) && $values[self::WILDCARD_NAME]) {
$permissions[] = '*';
- } else {
- foreach ($this->providedPermissions as $moduleName => $permissionList) {
- foreach ($permissionList as $name => $spec) {
- if (isset($values[$name]) && $values[$name]) {
- $permissions[] = $spec['name'];
- }
+ }
- unset($values[$name]);
+ foreach ($this->providedPermissions as $moduleName => $permissionList) {
+ foreach ($permissionList as $name => $spec) {
+ if (isset($values[$name]) && $values[$name]) {
+ $permissions[] = $spec['name'];
}
+
+ unset($values[$name]);
}
}