Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
Stud.IP
Manage
Activity
Members
Labels
Plan
Issues
Issue boards
Milestones
Wiki
Requirements
Code
Merge requests
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Snippets
Locked files
Build
Pipelines
Jobs
Pipeline schedules
Test cases
Artifacts
Deploy
Releases
Package registry
Container registry
Model registry
Operate
Environments
Terraform modules
Monitor
Incidents
Analyze
Value stream analytics
Contributor analytics
CI/CD analytics
Repository analytics
Code review analytics
Issue analytics
Insights
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
GitLab community forum
Contribute to GitLab
Provide feedback
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
Marcus Eibrink-Lunzenauer
Stud.IP
Commits
aee06a2a
Commit
aee06a2a
authored
2 years ago
by
Jan-Hendrik Willms
Browse files
Options
Downloads
Patches
Plain Diff
fix permission handling, fixes #2160
Closes #2160 Merge request
studip/studip!1395
parent
e343ab9e
No related branches found
No related tags found
No related merge requests found
Changes
2
Show whitespace changes
Inline
Side-by-side
Showing
2 changed files
app/controllers/room_management/overview.php
+19
-25
19 additions, 25 deletions
app/controllers/room_management/overview.php
lib/resources/ResourceManager.class.php
+14
-8
14 additions, 8 deletions
lib/resources/ResourceManager.class.php
with
33 additions
and
33 deletions
app/controllers/room_management/overview.php
+
19
−
25
View file @
aee06a2a
...
@@ -28,7 +28,7 @@ class RoomManagement_OverviewController extends AuthenticatedController
...
@@ -28,7 +28,7 @@ class RoomManagement_OverviewController extends AuthenticatedController
{
{
public
function
before_filter
(
&
$action
,
&
$args
)
public
function
before_filter
(
&
$action
,
&
$args
)
{
{
if
(
$action
==
'public_booking_plans'
)
{
if
(
$action
==
=
'public_booking_plans'
)
{
if
(
Config
::
get
()
->
RESOURCES_SHOW_PUBLIC_ROOM_PLANS
)
{
if
(
Config
::
get
()
->
RESOURCES_SHOW_PUBLIC_ROOM_PLANS
)
{
$this
->
allow_nobody
=
true
;
$this
->
allow_nobody
=
true
;
}
else
{
}
else
{
...
@@ -36,6 +36,7 @@ class RoomManagement_OverviewController extends AuthenticatedController
...
@@ -36,6 +36,7 @@ class RoomManagement_OverviewController extends AuthenticatedController
}
}
}
}
parent
::
before_filter
(
$action
,
$args
);
parent
::
before_filter
(
$action
,
$args
);
$this
->
user
=
User
::
findCurrent
();
$this
->
user
=
User
::
findCurrent
();
$this
->
user_is_root
=
$GLOBALS
[
'perm'
]
->
have_perm
(
'root'
);
$this
->
user_is_root
=
$GLOBALS
[
'perm'
]
->
have_perm
(
'root'
);
$this
->
user_is_global_resource_user
=
ResourceManager
::
userHasGlobalPermission
(
$this
->
user
);
$this
->
user_is_global_resource_user
=
ResourceManager
::
userHasGlobalPermission
(
$this
->
user
);
...
@@ -43,16 +44,13 @@ class RoomManagement_OverviewController extends AuthenticatedController
...
@@ -43,16 +44,13 @@ class RoomManagement_OverviewController extends AuthenticatedController
$this
->
show_resource_actions
=
(
$this
->
show_resource_actions
=
(
ResourceManager
::
userHasGlobalPermission
(
$this
->
user
,
'autor'
)
ResourceManager
::
userHasGlobalPermission
(
$this
->
user
,
'autor'
)
||
||
ResourceManager
::
userHasResourcePermissions
(
$this
->
user
,
'autor'
)
ResourceManager
::
userHasResourcePermissions
(
$this
->
user
,
'autor'
)
);
);
$this
->
show_admin_actions
=
(
$this
->
show_admin_actions
=
(
$this
->
user_is_global_resource_admin
$this
->
user_is_global_resource_admin
||
||
ResourceManager
::
userHasResourcePermissions
(
$this
->
user
)
ResourceManager
::
userHasResourcePermissions
(
$this
->
user
)
);
);
$this
->
show_global_admin_actions
=
$this
->
user_is_global_resource_admin
;
$this
->
show_global_admin_actions
=
$this
->
user_is_global_resource_admin
;
}
}
public
function
index_action
()
public
function
index_action
()
...
@@ -61,10 +59,10 @@ class RoomManagement_OverviewController extends AuthenticatedController
...
@@ -61,10 +59,10 @@ class RoomManagement_OverviewController extends AuthenticatedController
Navigation
::
activateItem
(
'/resources/overview'
);
Navigation
::
activateItem
(
'/resources/overview'
);
}
}
$sufficient_permissions
=
$sufficient_permissions
=
(
ResourceManager
::
userHasGlobalPermission
(
$this
->
user
)
$this
->
user_is_global_resource_
user
||
||
ResourceManager
::
userHasResourcePermissions
(
$this
->
user
,
'user'
)
ResourceManager
::
userHasResourcePermissions
(
$this
->
user
,
'user'
);
);
if
(
!
$sufficient_permissions
)
{
if
(
!
$sufficient_permissions
)
{
throw
new
AccessDeniedException
();
throw
new
AccessDeniedException
();
}
}
...
@@ -97,14 +95,12 @@ class RoomManagement_OverviewController extends AuthenticatedController
...
@@ -97,14 +95,12 @@ class RoomManagement_OverviewController extends AuthenticatedController
$tree_selected_resource
=
null
;
$tree_selected_resource
=
null
;
if
(
$this
->
user_is_global_resource_admin
)
{
if
(
$this
->
user_is_global_resource_admin
)
{
if
(
ResourceManager
::
userHasGlobalPermission
(
$this
->
user
,
'admin'
)){
$locations
=
Location
::
findAll
();
$locations
=
Location
::
findAll
();
if
(
$locations
)
{
if
(
$locations
)
{
$sidebar
->
addWidget
(
$sidebar
->
addWidget
(
new
ResourceTreeWidget
(
$locations
)
new
ResourceTreeWidget
(
$locations
)
);
);
}
}
}
$tree_selected_resource
=
Request
::
get
(
'tree_selected_resource'
);
$tree_selected_resource
=
Request
::
get
(
'tree_selected_resource'
);
if
(
$tree_selected_resource
)
{
if
(
$tree_selected_resource
)
{
...
@@ -131,10 +127,9 @@ class RoomManagement_OverviewController extends AuthenticatedController
...
@@ -131,10 +127,9 @@ class RoomManagement_OverviewController extends AuthenticatedController
if
(
!
$tree_selected_resource
&&
$this
->
room_requests_activated
)
{
if
(
!
$tree_selected_resource
&&
$this
->
room_requests_activated
)
{
if
(
Config
::
get
()
->
RESOURCES_DISPLAY_CURRENT_REQUESTS_IN_OVERVIEW
)
{
if
(
Config
::
get
()
->
RESOURCES_DISPLAY_CURRENT_REQUESTS_IN_OVERVIEW
)
{
$this
->
display_current_requests
=
true
;
$this
->
display_current_requests
=
true
;
$this
->
current_user
=
User
::
findCurrent
();
//Load a list with the current room requests:
//Load a list with the current room requests:
if
(
ResourceManager
::
userHasGlobalPermission
(
$this
->
current_user
,
'
admin
'
)
)
{
if
(
$this
->
user_is_global_resource_
admin
)
{
//Global resource admins can see all room requests.
//Global resource admins can see all room requests.
//Get the 10 latest requests:
//Get the 10 latest requests:
$room_requests
=
RoomRequest
::
findBySql
(
$room_requests
=
RoomRequest
::
findBySql
(
...
@@ -146,7 +141,7 @@ class RoomManagement_OverviewController extends AuthenticatedController
...
@@ -146,7 +141,7 @@ class RoomManagement_OverviewController extends AuthenticatedController
//Users who aren't global resource admins see only the requests
//Users who aren't global resource admins see only the requests
//of the rooms where they have at least 'autor' permissions.
//of the rooms where they have at least 'autor' permissions.
$rooms
=
RoomManager
::
getUserRooms
(
$rooms
=
RoomManager
::
getUserRooms
(
$this
->
current_
user
,
$this
->
user
,
'autor'
'autor'
);
);
$room_ids
=
[];
$room_ids
=
[];
...
@@ -329,7 +324,7 @@ class RoomManagement_OverviewController extends AuthenticatedController
...
@@ -329,7 +324,7 @@ class RoomManagement_OverviewController extends AuthenticatedController
public
function
rooms_action
()
public
function
rooms_action
()
{
{
if
(
ResourceManager
::
userHasGlobalPermission
(
$this
->
user
)
)
{
if
(
$this
->
user_is_global_resource_
user
)
{
PageLayout
::
setTitle
(
_
(
'Übersicht über alle Räume'
));
PageLayout
::
setTitle
(
_
(
'Übersicht über alle Räume'
));
}
else
{
}
else
{
PageLayout
::
setTitle
(
_
(
'Meine Räume'
));
PageLayout
::
setTitle
(
_
(
'Meine Räume'
));
...
@@ -345,8 +340,7 @@ class RoomManagement_OverviewController extends AuthenticatedController
...
@@ -345,8 +340,7 @@ class RoomManagement_OverviewController extends AuthenticatedController
//Check permissions:
//Check permissions:
$sufficient_permissions
=
(
$sufficient_permissions
=
(
$this
->
user_is_global_resource_user
$this
->
user_is_global_resource_user
||
||
ResourceManager
::
userHasResourcePermissions
(
$this
->
user
,
'user'
)
ResourceManager
::
userHasResourcePermissions
(
$this
->
user
,
'user'
)
);
);
if
(
!
$sufficient_permissions
)
{
if
(
!
$sufficient_permissions
)
{
throw
new
AccessDeniedException
();
throw
new
AccessDeniedException
();
...
...
This diff is collapsed.
Click to expand it.
lib/resources/ResourceManager.class.php
+
14
−
8
View file @
aee06a2a
...
@@ -845,12 +845,16 @@ class ResourceManager
...
@@ -845,12 +845,16 @@ class ResourceManager
* This method does the mapping from the old resource management permissions
* This method does the mapping from the old resource management permissions
* to the new resource management permissions.
* to the new resource management permissions.
*/
*/
public
static
function
getGlobalResourcePermission
(
User
$user
)
public
static
function
getGlobalResourcePermission
(
User
$user
=
null
)
{
{
if
(
!
$user
)
{
return
''
;
}
global
$perm
;
global
$perm
;
//First we check if the user is a root user:
//First we check if the user is a root user:
if
(
$perm
->
get_perm
(
$user
->
id
)
==
'root'
)
{
if
(
$perm
->
get_perm
(
$user
->
id
)
==
=
'root'
)
{
return
'admin'
;
return
'admin'
;
}
}
...
@@ -886,11 +890,15 @@ class ResourceManager
...
@@ -886,11 +890,15 @@ class ResourceManager
* If this is not set the current timestamp will be used.
* If this is not set the current timestamp will be used.
*/
*/
public
static
function
userHasResourcePermissions
(
public
static
function
userHasResourcePermissions
(
User
$user
,
User
$user
=
null
,
$level
=
'admin'
,
$level
=
'admin'
,
$time
=
null
$time
=
null
)
)
{
{
if
(
!
$user
)
{
return
false
;
}
//Get all permissions and temporary permissions of the user:
//Get all permissions and temporary permissions of the user:
$permissions
=
ResourcePermission
::
findBySQL
(
$permissions
=
ResourcePermission
::
findBySQL
(
...
@@ -1062,16 +1070,14 @@ class ResourceManager
...
@@ -1062,16 +1070,14 @@ class ResourceManager
* Checks if the specified user has the specified permission level
* Checks if the specified user has the specified permission level
* for the resource management system.
* for the resource management system.
*
*
* @param User $user The user whose global resource permissions
* @param User|null $user The user whose global resource permissions shall be checked.
* shall be checked.
* @param string $requested_permission The required permission level for the user.
* @param string $requested_permission The required permission level
* for the user.
*
*
* @returns bool True, if the user has the required permission level,
* @returns bool True, if the user has the required permission level,
* false otherwise.
* false otherwise.
*/
*/
public
static
function
userHasGlobalPermission
(
public
static
function
userHasGlobalPermission
(
User
$user
,
User
$user
=
null
,
$requested_permission
=
'user'
$requested_permission
=
'user'
)
)
{
{
...
...
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment