From a4e81c320a6b0d165b053fcf68cdcbbbfa3da65f Mon Sep 17 00:00:00 2001 From: Eric Lippmann Date: Thu, 12 Mar 2015 14:44:45 +0100 Subject: [PATCH] Security: Rename system/config/authentication to config/application/authentication Module config permission and application config permission have to be separeted. Application config related permissions will be added beneath config/application and module related config permissions will be added beneath config/modules. refs #8720 --- application/controllers/ConfigController.php | 10 +++++----- application/controllers/RolesController.php | 2 +- application/forms/Security/RoleForm.php | 14 +++++++------- 3 files changed, 13 insertions(+), 13 deletions(-) diff --git a/application/controllers/ConfigController.php b/application/controllers/ConfigController.php index 307ce3b00..21f359226 100644 --- a/application/controllers/ConfigController.php +++ b/application/controllers/ConfigController.php @@ -45,7 +45,7 @@ class ConfigController extends ActionController )); $allowedActions[] = 'application'; } - if ($auth->hasPermission('system/config/authentication')) { + if ($auth->hasPermission('config/application/authentication')) { $tabs->add('authentication', array( 'title' => $this->translate('Configure how users authenticate with and log into Icinga Web 2'), 'label' => $this->translate('Authentication'), @@ -199,7 +199,7 @@ class ConfigController extends ActionController */ public function authenticationAction() { - $this->assertPermission('system/config/authentication'); + $this->assertPermission('config/application/authentication'); $form = new AuthenticationBackendReorderForm(); $form->setIniConfig(Config::app('authentication')); $form->handleRequest(); @@ -214,7 +214,7 @@ class ConfigController extends ActionController */ public function createauthenticationbackendAction() { - $this->assertPermission('system/config/authentication'); + $this->assertPermission('config/application/authentication'); $form = new AuthenticationBackendConfigForm(); $form->setTitle($this->translate('Create New Authentication Backend')); $form->addDescription($this->translate( @@ -236,7 +236,7 @@ class ConfigController extends ActionController */ public function editauthenticationbackendAction() { - $this->assertPermission('system/config/authentication'); + $this->assertPermission('config/application/authentication'); $form = new AuthenticationBackendConfigForm(); $form->setTitle($this->translate('Edit Backend')); $form->setIniConfig(Config::app('authentication')); @@ -254,7 +254,7 @@ class ConfigController extends ActionController */ public function removeauthenticationbackendAction() { - $this->assertPermission('system/config/authentication'); + $this->assertPermission('config/application/authentication'); $form = new ConfirmRemovalForm(array( 'onSuccess' => function ($form) { $configForm = new AuthenticationBackendConfigForm(); diff --git a/application/controllers/RolesController.php b/application/controllers/RolesController.php index 95440ca96..57987e60d 100644 --- a/application/controllers/RolesController.php +++ b/application/controllers/RolesController.php @@ -30,7 +30,7 @@ class RolesController extends ActionController 'url' => 'config' )); } - if ($auth->hasPermission('system/config/authentication')) { + if ($auth->hasPermission('config/application/authentication')) { $tabs->add('authentication', array( 'title' => $this->translate('Configure how users authenticate with and log into Icinga Web 2'), 'label' => $this->translate('Authentication'), diff --git a/application/forms/Security/RoleForm.php b/application/forms/Security/RoleForm.php index d77210510..f9d306698 100644 --- a/application/forms/Security/RoleForm.php +++ b/application/forms/Security/RoleForm.php @@ -21,13 +21,13 @@ class RoleForm extends ConfigForm * @type array */ protected $providedPermissions = array( - '*' => '*', - 'system/config/*' => 'system/config/*', - 'config/application/general' => 'config/application/general', - 'system/config/authentication' => 'system/config/authentication', - 'system/config/modules' => 'system/config/modules', - 'system/config/resources' => 'system/config/resources', - 'system/config/roles' => 'system/config/roles' + '*' => '*', + 'system/config/*' => 'system/config/*', + 'config/application/general' => 'config/application/general', + 'config/application/authentication' => 'config/application/authentication', + 'system/config/modules' => 'system/config/modules', + 'system/config/resources' => 'system/config/resources', + 'system/config/roles' => 'system/config/roles' ); /**