security: Don't list permissions and restrictions in the roles overview

fixes #8335
2015-02-03 15:10:18 +01:00 · 2015-02-03 15:10:18 +01:00 · a23752de63
parent d1dd907582
commit a23752de63
1 changed files with 24 additions and 24 deletions
--- a/application/views/scripts/roles/index.phtml
+++ b/application/views/scripts/roles/index.phtml
@ -11,8 +11,8 @@
                <thead>
                <tr>
                    <th><?= $this->translate('Name') ?></th>
-                    <th><?= $this->translate('Permissions') ?></th>
-                    <th><?= $this->translate('Restrictions') ?></th>
+<!--                    <th>--><?//= $this->translate('Permissions') ?><!--</th>-->
+<!--                    <th>--><?//= $this->translate('Restrictions') ?><!--</th>-->
                    <th><?= $this->translate('Users') ?></th>
                    <th><?= $this->translate('Groups') ?></th>
                </tr>
@ -26,28 +26,28 @@
                                <a href="<?= $this->url('roles/update', array('role' => $name)) ?>"></a>
                            </div>
                        </td>
-                        <td><?= $this->escape($role->permissions, 0, 50) ?></td>
-                        <td>
-                            <?php
-                            // TODO(el): $role->without(...) or $role->shift(...) would be nice!
-                            $restrictions = clone $role;
-                            unset($restrictions['users']);
-                            unset($restrictions['groups']);
-                            unset($restrictions['permissions']);
-                            ?>
-                            <?php if (! empty($restrictions)): ?>
-                            <table>
-                                <tbody>
-                                <?php foreach ($restrictions as $restrictionName => $restriction): ?>
-                                    <tr>
-                                        <th><?= $this->escape($restrictionName) ?></th>
-                                        <td><?= $this->escape($restriction) ?></td>
-                                    </tr>
-                                <?php endforeach ?>
-                                </tbody>
-                            </table>
-                            <?php endif ?>
-                        </td>
+<!--                        <td>--><?//= $this->escape($role->permissions, 0, 50) ?><!--</td>-->
+<!--                        <td>-->
+<!--                            --><?php
+//                            // TODO(el): $role->without(...) or $role->shift(...) would be nice!
+//                            $restrictions = clone $role;
+//                            unset($restrictions['users']);
+//                            unset($restrictions['groups']);
+//                            unset($restrictions['permissions']);
+//                            ?>
+<!--                            --><?php //if (! empty($restrictions)): ?>
+<!--                            <table>-->
+<!--                                <tbody>-->
+<!--                                --><?php //foreach ($restrictions as $restrictionName => $restriction): ?>
+<!--                                    <tr>-->
+<!--                                        <th>--><?//= $this->escape($restrictionName) ?><!--</th>-->
+<!--                                        <td>--><?//= $this->escape($restriction) ?><!--</td>-->
+<!--                                    </tr>-->
+<!--                                --><?php //endforeach ?>
+<!--                                </tbody>-->
+<!--                            </table>-->
+<!--                            --><?php //endif ?>
+<!--                        </td>-->
                        <td><?= $this->escape($role->users) ?></td>
                        <td><?= $this->escape($role->groups) ?></td>
                        <td>