Merge pull request #4301 from Icinga/feature/preserve-previous-settings-for-admin-roles-4068
Preserve previous settings for admin roles
This commit is contained in:
Johannes Meyer
GitHub
commit
627f388cfa
|
|
@ -178,103 +178,105 @@ class RoleForm extends RepositoryForm
|
|||
]
|
||||
);
|
||||
|
||||
if (! isset($formData[self::WILDCARD_NAME]) || ! $formData[self::WILDCARD_NAME]) {
|
||||
foreach ($this->providedPermissions as $moduleName => $permissionList) {
|
||||
$this->sortPermissions($permissionList);
|
||||
$hasAdminPerm = isset($formData[self::WILDCARD_NAME]) && $formData[self::WILDCARD_NAME];
|
||||
foreach ($this->providedPermissions as $moduleName => $permissionList) {
|
||||
$this->sortPermissions($permissionList);
|
||||
|
||||
$elements = [$moduleName . '_header'];
|
||||
$elements = [$moduleName . '_header'];
|
||||
$this->addElement(
|
||||
'note',
|
||||
$moduleName . '_header',
|
||||
[
|
||||
'decorators' => ['ViewHelper'],
|
||||
'value' => '<h3>' . ($moduleName !== 'application'
|
||||
? sprintf('%s <em>%s</em>', $moduleName, $this->translate('Module'))
|
||||
: 'Icinga Web 2') . '</h3>'
|
||||
]
|
||||
);
|
||||
|
||||
$elements[] = 'permission_header';
|
||||
$this->addElement('note', 'permission_header', [
|
||||
'value' => '<h4>' . $this->translate('Permissions') . '</h4>',
|
||||
'decorators' => ['ViewHelper']
|
||||
]);
|
||||
|
||||
$hasFullPerm = false;
|
||||
foreach ($permissionList as $name => $spec) {
|
||||
$elementName = $name;
|
||||
if ($hasFullPerm || $hasAdminPerm) {
|
||||
$elementName .= '_fake';
|
||||
}
|
||||
|
||||
$elements[] = $elementName;
|
||||
$this->addElement(
|
||||
'note',
|
||||
$moduleName . '_header',
|
||||
'checkbox',
|
||||
$elementName,
|
||||
[
|
||||
'decorators' => ['ViewHelper'],
|
||||
'value' => '<h3>' . ($moduleName !== 'application'
|
||||
? sprintf('%s <em>%s</em>', $moduleName, $this->translate('Module'))
|
||||
: 'Icinga Web 2') . '</h3>'
|
||||
'ignore' => $hasFullPerm || $hasAdminPerm,
|
||||
'autosubmit' => isset($spec['isFullPerm']),
|
||||
'disabled' => $hasFullPerm || $hasAdminPerm ?: null,
|
||||
'value' => $hasFullPerm || $hasAdminPerm,
|
||||
'label' => preg_replace(
|
||||
// Adds a zero-width char after each slash to help browsers break onto newlines
|
||||
'~(?<!<)/~',
|
||||
'/​',
|
||||
isset($spec['label']) ? $spec['label'] : $spec['name']
|
||||
),
|
||||
'description' => isset($spec['description']) ? $spec['description'] : $spec['name']
|
||||
]
|
||||
);
|
||||
)
|
||||
->getElement($elementName)
|
||||
->getDecorator('Label')
|
||||
->setOption('escape', false);
|
||||
|
||||
$elements[] = 'permission_header';
|
||||
$this->addElement('note', 'permission_header', [
|
||||
'value' => '<h4>' . $this->translate('Permissions') . '</h4>',
|
||||
if ($hasFullPerm || $hasAdminPerm) {
|
||||
// Add a hidden element to preserve the configured permission value
|
||||
$this->addElement('hidden', $name);
|
||||
}
|
||||
|
||||
if (isset($spec['isFullPerm'])) {
|
||||
$hasFullPerm = isset($formData[$name]) && $formData[$name];
|
||||
}
|
||||
}
|
||||
|
||||
if (isset($this->providedRestrictions[$moduleName])) {
|
||||
$elements[] = 'restriction_header';
|
||||
$this->addElement('note', 'restriction_header', [
|
||||
'value' => '<h4>' . $this->translate('Restrictions') . '</h4>',
|
||||
'decorators' => ['ViewHelper']
|
||||
]);
|
||||
|
||||
$hasFullPerm = false;
|
||||
foreach ($permissionList as $name => $spec) {
|
||||
foreach ($this->providedRestrictions[$moduleName] as $name => $spec) {
|
||||
$elements[] = $name;
|
||||
$this->addElement(
|
||||
'checkbox',
|
||||
'text',
|
||||
$name,
|
||||
[
|
||||
'ignore' => isset($spec['isUsagePerm']) ? false : $hasFullPerm,
|
||||
'autosubmit' => isset($spec['isFullPerm']),
|
||||
'disabled' => $hasFullPerm ?: null,
|
||||
'value' => $hasFullPerm,
|
||||
'label' => preg_replace(
|
||||
// Adds a zero-width char after each slash to help browsers break onto newlines
|
||||
'~(?<!<)/~',
|
||||
'/​',
|
||||
isset($spec['label']) ? $spec['label'] : $spec['name']
|
||||
),
|
||||
'description' => isset($spec['description']) ? $spec['description'] : $spec['name']
|
||||
'description' => $spec['description']
|
||||
]
|
||||
)
|
||||
->getElement($name)
|
||||
->getDecorator('Label')
|
||||
->setOption('escape', false);
|
||||
if (isset($spec['isFullPerm'])) {
|
||||
$hasFullPerm = isset($formData[$name]) && $formData[$name];
|
||||
}
|
||||
}
|
||||
|
||||
if (isset($this->providedRestrictions[$moduleName])) {
|
||||
$elements[] = 'restriction_header';
|
||||
$this->addElement('note', 'restriction_header', [
|
||||
'value' => '<h4>' . $this->translate('Restrictions') . '</h4>',
|
||||
'decorators' => ['ViewHelper']
|
||||
]);
|
||||
|
||||
foreach ($this->providedRestrictions[$moduleName] as $name => $spec) {
|
||||
$elements[] = $name;
|
||||
$this->addElement(
|
||||
'text',
|
||||
$name,
|
||||
[
|
||||
'label' => preg_replace(
|
||||
// Adds a zero-width char after each slash to help browsers break onto newlines
|
||||
'~(?<!<)/~',
|
||||
'/​',
|
||||
isset($spec['label']) ? $spec['label'] : $spec['name']
|
||||
),
|
||||
'description' => $spec['description']
|
||||
]
|
||||
)
|
||||
->getElement($name)
|
||||
->getDecorator('Label')
|
||||
->setOption('escape', false);
|
||||
}
|
||||
}
|
||||
|
||||
$this->addDisplayGroup($elements, $moduleName . '_elements', [
|
||||
'decorators' => [
|
||||
'FormElements',
|
||||
['Fieldset', [
|
||||
'class' => 'collapsible',
|
||||
'data-toggle-element' => 'h3',
|
||||
'data-visible-height' => 0
|
||||
]]
|
||||
]
|
||||
]);
|
||||
}
|
||||
} else {
|
||||
// Previously it was possible to define restrictions for super users, so make sure
|
||||
// to not remove any restrictions which were set before the enforced separation
|
||||
foreach ($this->providedRestrictions as $restrictionList) {
|
||||
foreach ($restrictionList as $name => $_) {
|
||||
$this->addElement('hidden', $name);
|
||||
}
|
||||
}
|
||||
|
||||
$this->addDisplayGroup($elements, $moduleName . '_elements', [
|
||||
'decorators' => [
|
||||
'FormElements',
|
||||
['Fieldset', [
|
||||
'class' => 'collapsible',
|
||||
'data-toggle-element' => 'h3',
|
||||
'data-visible-height' => 0
|
||||
]]
|
||||
]
|
||||
]);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -293,7 +295,7 @@ class RoleForm extends RepositoryForm
|
|||
'name' => $role->name,
|
||||
'users' => $role->users,
|
||||
'groups' => $role->groups,
|
||||
self::WILDCARD_NAME => $role->permissions === '*'
|
||||
self::WILDCARD_NAME => (bool) preg_match('~(?<!/)\*~', $role->permissions)
|
||||
];
|
||||
|
||||
if (! empty($role->permissions) && $role->permissions !== '*') {
|
||||
|
|
@ -334,15 +336,15 @@ class RoleForm extends RepositoryForm
|
|||
$permissions = [];
|
||||
if (isset($values[self::WILDCARD_NAME]) && $values[self::WILDCARD_NAME]) {
|
||||
$permissions[] = '*';
|
||||
} else {
|
||||
foreach ($this->providedPermissions as $moduleName => $permissionList) {
|
||||
foreach ($permissionList as $name => $spec) {
|
||||
if (isset($values[$name]) && $values[$name]) {
|
||||
$permissions[] = $spec['name'];
|
||||
}
|
||||
}
|
||||
|
||||
unset($values[$name]);
|
||||
foreach ($this->providedPermissions as $moduleName => $permissionList) {
|
||||
foreach ($permissionList as $name => $spec) {
|
||||
if (isset($values[$name]) && $values[$name]) {
|
||||
$permissions[] = $spec['name'];
|
||||
}
|
||||
|
||||
unset($values[$name]);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue