mirror of
https://github.com/Icinga/icingaweb2.git
synced 2025-07-26 15:24:05 +02:00
RoleForm: Don't hide permissions/restrictions in admin roles
resolves #4068
This commit is contained in:
Johannes Meyer
parent
53388a3940
commit
c2efbbdafc
@ -178,7 +178,7 @@ class RoleForm extends RepositoryForm
|
|||||||
]
|
]
|
||||||
);
|
);
|
||||||
|
|
||||||
if (! isset($formData[self::WILDCARD_NAME]) || ! $formData[self::WILDCARD_NAME]) {
|
$hasAdminPerm = isset($formData[self::WILDCARD_NAME]) && $formData[self::WILDCARD_NAME];
|
||||||
foreach ($this->providedPermissions as $moduleName => $permissionList) {
|
foreach ($this->providedPermissions as $moduleName => $permissionList) {
|
||||||
$this->sortPermissions($permissionList);
|
$this->sortPermissions($permissionList);
|
||||||
|
|
||||||
@ -202,15 +202,20 @@ class RoleForm extends RepositoryForm
|
|||||||
|
|
||||||
$hasFullPerm = false;
|
$hasFullPerm = false;
|
||||||
foreach ($permissionList as $name => $spec) {
|
foreach ($permissionList as $name => $spec) {
|
||||||
$elements[] = $name;
|
$elementName = $name;
|
||||||
|
if ($hasFullPerm || $hasAdminPerm) {
|
||||||
|
$elementName .= '_fake';
|
||||||
|
}
|
||||||
|
|
||||||
|
$elements[] = $elementName;
|
||||||
$this->addElement(
|
$this->addElement(
|
||||||
'checkbox',
|
'checkbox',
|
||||||
$name,
|
$elementName,
|
||||||
[
|
[
|
||||||
'ignore' => isset($spec['isUsagePerm']) ? false : $hasFullPerm,
|
'ignore' => $hasFullPerm || $hasAdminPerm,
|
||||||
'autosubmit' => isset($spec['isFullPerm']),
|
'autosubmit' => isset($spec['isFullPerm']),
|
||||||
'disabled' => $hasFullPerm ?: null,
|
'disabled' => $hasFullPerm || $hasAdminPerm ?: null,
|
||||||
'value' => $hasFullPerm,
|
'value' => $hasFullPerm || $hasAdminPerm,
|
||||||
'label' => preg_replace(
|
'label' => preg_replace(
|
||||||
// Adds a zero-width char after each slash to help browsers break onto newlines
|
// Adds a zero-width char after each slash to help browsers break onto newlines
|
||||||
'~(?<!<)/~',
|
'~(?<!<)/~',
|
||||||
@ -220,9 +225,15 @@ class RoleForm extends RepositoryForm
|
|||||||
'description' => isset($spec['description']) ? $spec['description'] : $spec['name']
|
'description' => isset($spec['description']) ? $spec['description'] : $spec['name']
|
||||||
]
|
]
|
||||||
)
|
)
|
||||||
->getElement($name)
|
->getElement($elementName)
|
||||||
->getDecorator('Label')
|
->getDecorator('Label')
|
||||||
->setOption('escape', false);
|
->setOption('escape', false);
|
||||||
|
|
||||||
|
if ($hasFullPerm || $hasAdminPerm) {
|
||||||
|
// Add a hidden element to preserve the configured permission value
|
||||||
|
$this->addElement('hidden', $name);
|
||||||
|
}
|
||||||
|
|
||||||
if (isset($spec['isFullPerm'])) {
|
if (isset($spec['isFullPerm'])) {
|
||||||
$hasFullPerm = isset($formData[$name]) && $formData[$name];
|
$hasFullPerm = isset($formData[$name]) && $formData[$name];
|
||||||
}
|
}
|
||||||
@ -267,15 +278,6 @@ class RoleForm extends RepositoryForm
|
|||||||
]
|
]
|
||||||
]);
|
]);
|
||||||
}
|
}
|
||||||
} else {
|
|
||||||
// Previously it was possible to define restrictions for super users, so make sure
|
|
||||||
// to not remove any restrictions which were set before the enforced separation
|
|
||||||
foreach ($this->providedRestrictions as $restrictionList) {
|
|
||||||
foreach ($restrictionList as $name => $_) {
|
|
||||||
$this->addElement('hidden', $name);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
protected function createDeleteElements(array $formData)
|
protected function createDeleteElements(array $formData)
|
||||||
@ -293,7 +295,7 @@ class RoleForm extends RepositoryForm
|
|||||||
'name' => $role->name,
|
'name' => $role->name,
|
||||||
'users' => $role->users,
|
'users' => $role->users,
|
||||||
'groups' => $role->groups,
|
'groups' => $role->groups,
|
||||||
self::WILDCARD_NAME => $role->permissions === '*'
|
self::WILDCARD_NAME => (bool) preg_match('~(?<!/)\*~', $role->permissions)
|
||||||
];
|
];
|
||||||
|
|
||||||
if (! empty($role->permissions) && $role->permissions !== '*') {
|
if (! empty($role->permissions) && $role->permissions !== '*') {
|
||||||
@ -334,7 +336,8 @@ class RoleForm extends RepositoryForm
|
|||||||
$permissions = [];
|
$permissions = [];
|
||||||
if (isset($values[self::WILDCARD_NAME]) && $values[self::WILDCARD_NAME]) {
|
if (isset($values[self::WILDCARD_NAME]) && $values[self::WILDCARD_NAME]) {
|
||||||
$permissions[] = '*';
|
$permissions[] = '*';
|
||||||
} else {
|
}
|
||||||
|
|
||||||
foreach ($this->providedPermissions as $moduleName => $permissionList) {
|
foreach ($this->providedPermissions as $moduleName => $permissionList) {
|
||||||
foreach ($permissionList as $name => $spec) {
|
foreach ($permissionList as $name => $spec) {
|
||||||
if (isset($values[$name]) && $values[$name]) {
|
if (isset($values[$name]) && $values[$name]) {
|
||||||
@ -344,7 +347,6 @@ class RoleForm extends RepositoryForm
|
|||||||
unset($values[$name]);
|
unset($values[$name]);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
unset($values[self::WILDCARD_NAME]);
|
unset($values[self::WILDCARD_NAME]);
|
||||||
$values['permissions'] = join(',', $permissions);
|
$values['permissions'] = join(',', $permissions);
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user