security: Don't list permissions and restrictions in the roles overview

fixes #8335
This commit is contained in:
Eric Lippmann 2015-02-03 15:10:18 +01:00
parent d1dd907582
commit a23752de63
1 changed files with 24 additions and 24 deletions

View File

@ -11,8 +11,8 @@
<thead>
<tr>
<th><?= $this->translate('Name') ?></th>
<th><?= $this->translate('Permissions') ?></th>
<th><?= $this->translate('Restrictions') ?></th>
<!-- <th>--><?//= $this->translate('Permissions') ?><!--</th>-->
<!-- <th>--><?//= $this->translate('Restrictions') ?><!--</th>-->
<th><?= $this->translate('Users') ?></th>
<th><?= $this->translate('Groups') ?></th>
</tr>
@ -26,28 +26,28 @@
<a href="<?= $this->url('roles/update', array('role' => $name)) ?>"></a>
</div>
</td>
<td><?= $this->escape($role->permissions, 0, 50) ?></td>
<td>
<?php
// TODO(el): $role->without(...) or $role->shift(...) would be nice!
$restrictions = clone $role;
unset($restrictions['users']);
unset($restrictions['groups']);
unset($restrictions['permissions']);
?>
<?php if (! empty($restrictions)): ?>
<table>
<tbody>
<?php foreach ($restrictions as $restrictionName => $restriction): ?>
<tr>
<th><?= $this->escape($restrictionName) ?></th>
<td><?= $this->escape($restriction) ?></td>
</tr>
<?php endforeach ?>
</tbody>
</table>
<?php endif ?>
</td>
<!-- <td>--><?//= $this->escape($role->permissions, 0, 50) ?><!--</td>-->
<!-- <td>-->
<!-- --><?php
// // TODO(el): $role->without(...) or $role->shift(...) would be nice!
// $restrictions = clone $role;
// unset($restrictions['users']);
// unset($restrictions['groups']);
// unset($restrictions['permissions']);
// ?>
<!-- --><?php //if (! empty($restrictions)): ?>
<!-- <table>-->
<!-- <tbody>-->
<!-- --><?php //foreach ($restrictions as $restrictionName => $restriction): ?>
<!-- <tr>-->
<!-- <th>--><?//= $this->escape($restrictionName) ?><!--</th>-->
<!-- <td>--><?//= $this->escape($restriction) ?><!--</td>-->
<!-- </tr>-->
<!-- --><?php //endforeach ?>
<!-- </tbody>-->
<!-- </table>-->
<!-- --><?php //endif ?>
<!-- </td>-->
<td><?= $this->escape($role->users) ?></td>
<td><?= $this->escape($role->groups) ?></td>
<td>