RoleForm: Don't hide permissions/restrictions in admin roles

resolves #4068
This commit is contained in:
Johannes Meyer 2021-01-12 11:38:59 +01:00
parent 53388a3940
commit c2efbbdafc
1 changed files with 82 additions and 80 deletions

View File

@ -178,103 +178,105 @@ class RoleForm extends RepositoryForm
]
);
if (! isset($formData[self::WILDCARD_NAME]) || ! $formData[self::WILDCARD_NAME]) {
foreach ($this->providedPermissions as $moduleName => $permissionList) {
$this->sortPermissions($permissionList);
$hasAdminPerm = isset($formData[self::WILDCARD_NAME]) && $formData[self::WILDCARD_NAME];
foreach ($this->providedPermissions as $moduleName => $permissionList) {
$this->sortPermissions($permissionList);
$elements = [$moduleName . '_header'];
$elements = [$moduleName . '_header'];
$this->addElement(
'note',
$moduleName . '_header',
[
'decorators' => ['ViewHelper'],
'value' => '<h3>' . ($moduleName !== 'application'
? sprintf('%s <em>%s</em>', $moduleName, $this->translate('Module'))
: 'Icinga Web 2') . '</h3>'
]
);
$elements[] = 'permission_header';
$this->addElement('note', 'permission_header', [
'value' => '<h4>' . $this->translate('Permissions') . '</h4>',
'decorators' => ['ViewHelper']
]);
$hasFullPerm = false;
foreach ($permissionList as $name => $spec) {
$elementName = $name;
if ($hasFullPerm || $hasAdminPerm) {
$elementName .= '_fake';
}
$elements[] = $elementName;
$this->addElement(
'note',
$moduleName . '_header',
'checkbox',
$elementName,
[
'decorators' => ['ViewHelper'],
'value' => '<h3>' . ($moduleName !== 'application'
? sprintf('%s <em>%s</em>', $moduleName, $this->translate('Module'))
: 'Icinga Web 2') . '</h3>'
'ignore' => $hasFullPerm || $hasAdminPerm,
'autosubmit' => isset($spec['isFullPerm']),
'disabled' => $hasFullPerm || $hasAdminPerm ?: null,
'value' => $hasFullPerm || $hasAdminPerm,
'label' => preg_replace(
// Adds a zero-width char after each slash to help browsers break onto newlines
'~(?<!<)/~',
'/&#8203;',
isset($spec['label']) ? $spec['label'] : $spec['name']
),
'description' => isset($spec['description']) ? $spec['description'] : $spec['name']
]
);
)
->getElement($elementName)
->getDecorator('Label')
->setOption('escape', false);
$elements[] = 'permission_header';
$this->addElement('note', 'permission_header', [
'value' => '<h4>' . $this->translate('Permissions') . '</h4>',
if ($hasFullPerm || $hasAdminPerm) {
// Add a hidden element to preserve the configured permission value
$this->addElement('hidden', $name);
}
if (isset($spec['isFullPerm'])) {
$hasFullPerm = isset($formData[$name]) && $formData[$name];
}
}
if (isset($this->providedRestrictions[$moduleName])) {
$elements[] = 'restriction_header';
$this->addElement('note', 'restriction_header', [
'value' => '<h4>' . $this->translate('Restrictions') . '</h4>',
'decorators' => ['ViewHelper']
]);
$hasFullPerm = false;
foreach ($permissionList as $name => $spec) {
foreach ($this->providedRestrictions[$moduleName] as $name => $spec) {
$elements[] = $name;
$this->addElement(
'checkbox',
'text',
$name,
[
'ignore' => isset($spec['isUsagePerm']) ? false : $hasFullPerm,
'autosubmit' => isset($spec['isFullPerm']),
'disabled' => $hasFullPerm ?: null,
'value' => $hasFullPerm,
'label' => preg_replace(
// Adds a zero-width char after each slash to help browsers break onto newlines
'~(?<!<)/~',
'/&#8203;',
isset($spec['label']) ? $spec['label'] : $spec['name']
),
'description' => isset($spec['description']) ? $spec['description'] : $spec['name']
'description' => $spec['description']
]
)
->getElement($name)
->getDecorator('Label')
->setOption('escape', false);
if (isset($spec['isFullPerm'])) {
$hasFullPerm = isset($formData[$name]) && $formData[$name];
}
}
if (isset($this->providedRestrictions[$moduleName])) {
$elements[] = 'restriction_header';
$this->addElement('note', 'restriction_header', [
'value' => '<h4>' . $this->translate('Restrictions') . '</h4>',
'decorators' => ['ViewHelper']
]);
foreach ($this->providedRestrictions[$moduleName] as $name => $spec) {
$elements[] = $name;
$this->addElement(
'text',
$name,
[
'label' => preg_replace(
// Adds a zero-width char after each slash to help browsers break onto newlines
'~(?<!<)/~',
'/&#8203;',
isset($spec['label']) ? $spec['label'] : $spec['name']
),
'description' => $spec['description']
]
)
->getElement($name)
->getDecorator('Label')
->setOption('escape', false);
}
}
$this->addDisplayGroup($elements, $moduleName . '_elements', [
'decorators' => [
'FormElements',
['Fieldset', [
'class' => 'collapsible',
'data-toggle-element' => 'h3',
'data-visible-height' => 0
]]
]
]);
}
} else {
// Previously it was possible to define restrictions for super users, so make sure
// to not remove any restrictions which were set before the enforced separation
foreach ($this->providedRestrictions as $restrictionList) {
foreach ($restrictionList as $name => $_) {
$this->addElement('hidden', $name);
}
}
$this->addDisplayGroup($elements, $moduleName . '_elements', [
'decorators' => [
'FormElements',
['Fieldset', [
'class' => 'collapsible',
'data-toggle-element' => 'h3',
'data-visible-height' => 0
]]
]
]);
}
}
@ -293,7 +295,7 @@ class RoleForm extends RepositoryForm
'name' => $role->name,
'users' => $role->users,
'groups' => $role->groups,
self::WILDCARD_NAME => $role->permissions === '*'
self::WILDCARD_NAME => (bool) preg_match('~(?<!/)\*~', $role->permissions)
];
if (! empty($role->permissions) && $role->permissions !== '*') {
@ -334,15 +336,15 @@ class RoleForm extends RepositoryForm
$permissions = [];
if (isset($values[self::WILDCARD_NAME]) && $values[self::WILDCARD_NAME]) {
$permissions[] = '*';
} else {
foreach ($this->providedPermissions as $moduleName => $permissionList) {
foreach ($permissionList as $name => $spec) {
if (isset($values[$name]) && $values[$name]) {
$permissions[] = $spec['name'];
}
}
unset($values[$name]);
foreach ($this->providedPermissions as $moduleName => $permissionList) {
foreach ($permissionList as $name => $spec) {
if (isset($values[$name]) && $values[$name]) {
$permissions[] = $spec['name'];
}
unset($values[$name]);
}
}