tyler.durden/icingaweb2
1
0
Fork 0
mirror of https://github.com/Icinga/icingaweb2.git synced 2025-07-25 06:44:33 +02:00
Code Issues Packages Projects Releases Wiki Activity

security: Don't list permissions and restrictions in the roles overview

Browse Source 
fixes #8335
This commit is contained in:
Eric Lippmann 2015-02-03 15:10:18 +01:00
parent d1dd907582
commit a23752de63
1 changed files with 24 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
application/views/scripts/roles/index.phtml
View File

@ -11,8 +11,8 @@
<thead> <thead>
<tr> <tr>
<th><?= $this->translate('Name') ?></th> <th><?= $this->translate('Name') ?></th>
<th><?= $this->translate('Permissions') ?></th> <!-- <th>--><?//= $this->translate('Permissions') ?><!--</th>-->
<th><?= $this->translate('Restrictions') ?></th> <!-- <th>--><?//= $this->translate('Restrictions') ?><!--</th>-->
<th><?= $this->translate('Users') ?></th> <th><?= $this->translate('Users') ?></th>
<th><?= $this->translate('Groups') ?></th> <th><?= $this->translate('Groups') ?></th>
</tr> </tr>
@ -26,28 +26,28 @@
<a href="<?= $this->url('roles/update', array('role' => $name)) ?>"></a> <a href="<?= $this->url('roles/update', array('role' => $name)) ?>"></a>
</div> </div>
</td> </td>
<td><?= $this->escape($role->permissions, 0, 50) ?></td> <!-- <td>--><?//= $this->escape($role->permissions, 0, 50) ?><!--</td>-->
<td> <!-- <td>-->
<?php <!-- --><?php
// TODO(el): $role->without(...) or $role->shift(...) would be nice! // // TODO(el): $role->without(...) or $role->shift(...) would be nice!
$restrictions = clone $role; // $restrictions = clone $role;
unset($restrictions['users']); // unset($restrictions['users']);
unset($restrictions['groups']); // unset($restrictions['groups']);
unset($restrictions['permissions']); // unset($restrictions['permissions']);
?> // ?>
<?php if (! empty($restrictions)): ?> <!-- --><?php //if (! empty($restrictions)): ?>
<table> <!-- <table>-->
<tbody> <!-- <tbody>-->
<?php foreach ($restrictions as $restrictionName => $restriction): ?> <!-- --><?php //foreach ($restrictions as $restrictionName => $restriction): ?>
<tr> <!-- <tr>-->
<th><?= $this->escape($restrictionName) ?></th> <!-- <th>--><?//= $this->escape($restrictionName) ?><!--</th>-->
<td><?= $this->escape($restriction) ?></td> <!-- <td>--><?//= $this->escape($restriction) ?><!--</td>-->
</tr> <!-- </tr>-->
<?php endforeach ?> <!-- --><?php //endforeach ?>
</tbody> <!-- </tbody>-->
</table> <!-- </table>-->
<?php endif ?> <!-- --><?php //endif ?>
</td> <!-- </td>-->
<td><?= $this->escape($role->users) ?></td> <td><?= $this->escape($role->users) ?></td>
<td><?= $this->escape($role->groups) ?></td> <td><?= $this->escape($role->groups) ?></td>
<td> <td>