tyler.durden/icingaweb2
1
0
Fork 0
mirror of https://github.com/Icinga/icingaweb2.git synced 2025-07-25 23:04:51 +02:00
Code Issues Packages Projects Releases Wiki Activity

RoleForm: Don't hide permissions/restrictions in admin roles

Browse Source 
resolves #4068
This commit is contained in:
Johannes Meyer 2021-01-12 11:38:59 +01:00
parent 53388a3940
commit c2efbbdafc
1 changed files with 82 additions and 80 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

162
application/forms/Security/RoleForm.php
View File

@ -178,103 +178,105 @@ class RoleForm extends RepositoryForm
] ]
); );
if (! isset($formData[self::WILDCARD_NAME]) || ! $formData[self::WILDCARD_NAME]) { $hasAdminPerm = isset($formData[self::WILDCARD_NAME]) && $formData[self::WILDCARD_NAME];
foreach ($this->providedPermissions as $moduleName => $permissionList) { foreach ($this->providedPermissions as $moduleName => $permissionList) {
$this->sortPermissions($permissionList); $this->sortPermissions($permissionList);
$elements = [$moduleName . '_header']; $elements = [$moduleName . '_header'];
$this->addElement(
'note',
$moduleName . '_header',
[
'decorators' => ['ViewHelper'],
'value' => '<h3>' . ($moduleName !== 'application'
? sprintf('%s <em>%s</em>', $moduleName, $this->translate('Module'))
: 'Icinga Web 2') . '</h3>'
]
);
$elements[] = 'permission_header';
$this->addElement('note', 'permission_header', [
'value' => '<h4>' . $this->translate('Permissions') . '</h4>',
'decorators' => ['ViewHelper']
]);
$hasFullPerm = false;
foreach ($permissionList as $name => $spec) {
$elementName = $name;
if ($hasFullPerm || $hasAdminPerm) {
$elementName .= '_fake';
}
$elements[] = $elementName;
$this->addElement( $this->addElement(
'note', 'checkbox',
$moduleName . '_header', $elementName,
[ [
'decorators' => ['ViewHelper'], 'ignore' => $hasFullPerm || $hasAdminPerm,
'value' => '<h3>' . ($moduleName !== 'application' 'autosubmit' => isset($spec['isFullPerm']),
? sprintf('%s <em>%s</em>', $moduleName, $this->translate('Module')) 'disabled' => $hasFullPerm || $hasAdminPerm ?: null,
: 'Icinga Web 2') . '</h3>' 'value' => $hasFullPerm || $hasAdminPerm,
'label' => preg_replace(
// Adds a zero-width char after each slash to help browsers break onto newlines
'~(?<!<)/~',
'/&#8203;',
isset($spec['label']) ? $spec['label'] : $spec['name']
),
'description' => isset($spec['description']) ? $spec['description'] : $spec['name']
] ]
); )
->getElement($elementName)
->getDecorator('Label')
->setOption('escape', false);
$elements[] = 'permission_header'; if ($hasFullPerm || $hasAdminPerm) {
$this->addElement('note', 'permission_header', [ // Add a hidden element to preserve the configured permission value
'value' => '<h4>' . $this->translate('Permissions') . '</h4>', $this->addElement('hidden', $name);
}
if (isset($spec['isFullPerm'])) {
$hasFullPerm = isset($formData[$name]) && $formData[$name];
}
}
if (isset($this->providedRestrictions[$moduleName])) {
$elements[] = 'restriction_header';
$this->addElement('note', 'restriction_header', [
'value' => '<h4>' . $this->translate('Restrictions') . '</h4>',
'decorators' => ['ViewHelper'] 'decorators' => ['ViewHelper']
]); ]);
$hasFullPerm = false; foreach ($this->providedRestrictions[$moduleName] as $name => $spec) {
foreach ($permissionList as $name => $spec) {
$elements[] = $name; $elements[] = $name;
$this->addElement( $this->addElement(
'checkbox', 'text',
$name, $name,
[ [
'ignore' => isset($spec['isUsagePerm']) ? false : $hasFullPerm,
'autosubmit' => isset($spec['isFullPerm']),
'disabled' => $hasFullPerm ?: null,
'value' => $hasFullPerm,
'label' => preg_replace( 'label' => preg_replace(
// Adds a zero-width char after each slash to help browsers break onto newlines // Adds a zero-width char after each slash to help browsers break onto newlines
'~(?<!<)/~', '~(?<!<)/~',
'/&#8203;', '/&#8203;',
isset($spec['label']) ? $spec['label'] : $spec['name'] isset($spec['label']) ? $spec['label'] : $spec['name']
), ),
'description' => isset($spec['description']) ? $spec['description'] : $spec['name'] 'description' => $spec['description']
] ]
) )
->getElement($name) ->getElement($name)
->getDecorator('Label') ->getDecorator('Label')
->setOption('escape', false); ->setOption('escape', false);
if (isset($spec['isFullPerm'])) {
$hasFullPerm = isset($formData[$name]) && $formData[$name];
}
}
if (isset($this->providedRestrictions[$moduleName])) {
$elements[] = 'restriction_header';
$this->addElement('note', 'restriction_header', [
'value' => '<h4>' . $this->translate('Restrictions') . '</h4>',
'decorators' => ['ViewHelper']
]);
foreach ($this->providedRestrictions[$moduleName] as $name => $spec) {
$elements[] = $name;
$this->addElement(
'text',
$name,
[
'label' => preg_replace(
// Adds a zero-width char after each slash to help browsers break onto newlines
'~(?<!<)/~',
'/&#8203;',
isset($spec['label']) ? $spec['label'] : $spec['name']
),
'description' => $spec['description']
]
)
->getElement($name)
->getDecorator('Label')
->setOption('escape', false);
}
}
$this->addDisplayGroup($elements, $moduleName . '_elements', [
'decorators' => [
'FormElements',
['Fieldset', [
'class' => 'collapsible',
'data-toggle-element' => 'h3',
'data-visible-height' => 0
]]
]
]);
}
} else {
// Previously it was possible to define restrictions for super users, so make sure
// to not remove any restrictions which were set before the enforced separation
foreach ($this->providedRestrictions as $restrictionList) {
foreach ($restrictionList as $name => $_) {
$this->addElement('hidden', $name);
} }
} }
$this->addDisplayGroup($elements, $moduleName . '_elements', [
'decorators' => [
'FormElements',
['Fieldset', [
'class' => 'collapsible',
'data-toggle-element' => 'h3',
'data-visible-height' => 0
]]
]
]);
} }
} }
@ -293,7 +295,7 @@ class RoleForm extends RepositoryForm
'name' => $role->name, 'name' => $role->name,
'users' => $role->users, 'users' => $role->users,
'groups' => $role->groups, 'groups' => $role->groups,
self::WILDCARD_NAME => $role->permissions === '*' self::WILDCARD_NAME => (bool) preg_match('~(?<!/)\*~', $role->permissions)
]; ];
if (! empty($role->permissions) && $role->permissions !== '*') { if (! empty($role->permissions) && $role->permissions !== '*') {
@ -334,15 +336,15 @@ class RoleForm extends RepositoryForm
$permissions = []; $permissions = [];
if (isset($values[self::WILDCARD_NAME]) && $values[self::WILDCARD_NAME]) { if (isset($values[self::WILDCARD_NAME]) && $values[self::WILDCARD_NAME]) {
$permissions[] = '*'; $permissions[] = '*';
} else { }
foreach ($this->providedPermissions as $moduleName => $permissionList) {
foreach ($permissionList as $name => $spec) {
if (isset($values[$name]) && $values[$name]) {
$permissions[] = $spec['name'];
}
unset($values[$name]); foreach ($this->providedPermissions as $moduleName => $permissionList) {
foreach ($permissionList as $name => $spec) {
if (isset($values[$name]) && $values[$name]) {
$permissions[] = $spec['name'];
} }
unset($values[$name]);
} }
} }