gnh1201/seeddms-code
1
0
Fork 0
mirror of https://git.code.sf.net/p/seeddms/code synced 2025-02-06 07:04:57 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

add access control

Browse Source
This commit is contained in:
Uwe Steinmann 2021-06-23 08:58:55 +02:00
parent 0f98640ba3
commit e21ef794c4
4 changed files with 23 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
op/op.TransferDocument.php
View File

@ -24,12 +24,17 @@ include("../inc/inc.Language.php");
include("../inc/inc.Init.php");
include("../inc/inc.Extension.php");
include("../inc/inc.DBInit.php");
include("../inc/inc.ClassAccessOperation.php");
include("../inc/inc.ClassUI.php");
include("../inc/inc.ClassController.php");
include("../inc/inc.Authentication.php");
$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
$controller = Controller::factory($tmp[1], array('dms'=>$dms, 'user'=>$user));
$accessop = new SeedDMS_AccessOperation($dms, null, $user, $settings);
if (!$accessop->check_controller_access($controller, $_POST)) {
UI::exitError(getMLText("document_title", array("documentname" => getMLText("invalid_doc_id"))),getMLText("access_denied"));
}
/* Check if the form data comes from a trusted request */
if(!checkFormKey('transferdocument')) {

6
op/op.UsrMgr.php
View File

@ -26,6 +26,7 @@ include("../inc/inc.Language.php");
include("../inc/inc.Init.php");
include("../inc/inc.Extension.php");
include("../inc/inc.DBInit.php");
include("../inc/inc.ClassAccessOperation.php");
include("../inc/inc.ClassUI.php");
include("../inc/inc.Authentication.php");
include("../inc/inc.ClassPasswordStrength.php");
@ -34,6 +35,11 @@ if (!$user->isAdmin()) {
UI::exitError(getMLText("admin_tools"),getMLText("access_denied"));
}
$accessop = new SeedDMS_AccessOperation($dms, null, $user, $settings);
if (!$accessop->check_controller_access('UsrMgr', $_POST)) {
UI::exitError(getMLText("admin_tools"),getMLText("access_denied"));
}
if (isset($_POST["action"])) $action=$_POST["action"];
else $action=NULL;

2
out/out.SendLoginData.php
View File

@ -40,10 +40,12 @@ if (!is_object($newuser)) {
UI::exitError(getMLText("rm_user"),getMLText("invalid_user_id"));
}
$accessop = new SeedDMS_AccessOperation($dms, null, $user, $settings);
$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
$view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user));
if($view) {
$view->setParam('newuser', $newuser);
$view->setParam('accessobject', $accessop);
$view($_GET);
exit;
}

16
views/bootstrap/class.UsrMgr.php
View File

@ -181,6 +181,7 @@ $(document).ready( function() {
$quota = $this->params['quota'];
$undeluserids = $this->params['undeluserids'];
$enableemail = $this->params['enableemail'];
$accessobject = $this->params['accessobject'];
if($seluser) {
$button = array(
@ -188,15 +189,18 @@ $(document).ready( function() {
'menuitems'=>array(
)
);
if(!in_array($seluser->getID(), $undeluserids)) {
if(!in_array($seluser->getID(), $undeluserids) && $accessobject->check_controller_access('UsrMgr', ['action'=>'removeuser'])) {
$button['menuitems'][] = array('label'=>'<i class="fa fa-remove"></i> '.getMLText("rm_user"), 'link'=>'../out/out.RemoveUser.php?userid='.$seluser->getID());
}
$button['menuitems'][] = array('label'=>'<i class="fa fa-unlink"></i> '.getMLText("rm_user_from_processes"), 'link'=>'../out/out.RemoveUserFromProcesses.php?userid='.$seluser->getID());
$button['menuitems'][] = array('label'=>'<i class="fa fa-share-square-o"></i> '.getMLText("transfer_objects"), 'link'=>'../out/out.TransferObjects.php?userid='.$seluser->getID());
if($accessobject->check_controller_access('UsrMgr', ['action'=>'removefromprocesses']))
$button['menuitems'][] = array('label'=>'<i class="fa fa-unlink"></i> '.getMLText("rm_user_from_processes"), 'link'=>'../out/out.RemoveUserFromProcesses.php?userid='.$seluser->getID());
if($accessobject->check_controller_access('UsrMgr', ['action'=>'transferobjects']))
$button['menuitems'][] = array('label'=>'<i class="fa fa-share-square-o"></i> '.getMLText("transfer_objects"), 'link'=>'../out/out.TransferObjects.php?userid='.$seluser->getID());
if($user->isAdmin() && $seluser->getID() != $user->getID())
$button['menuitems'][] = array('label'=>'<i class="fa fa-exchange"></i> '.getMLText("substitute_user"), 'link'=>'../op/op.SubstituteUser.php?userid='.$seluser->getID());
if($enableemail)
$button['menuitems'][] = array('label'=>'<i class="fa fa-envelope-o"></i> '.getMLText("send_login_data"), 'link'=>'../out/out.SendLoginData.php?userid='.$seluser->getID());
$button['menuitems'][] = array('label'=>'<i class="fa fa-exchange"></i> '.getMLText("substitute_user"), 'link'=>'../op/op.SubstituteUser.php?userid='.$seluser->getID()."&formtoken=".createFormKey('substituteuser'));
if($accessobject->check_controller_access('UsrMgr', ['action'=>'sendlogindata']))
if($enableemail)
$button['menuitems'][] = array('label'=>'<i class="fa fa-envelope-o"></i> '.getMLText("send_login_data"), 'link'=>'../out/out.SendLoginData.php?userid='.$seluser->getID());
self::showButtonwithMenu($button);
}
} /* }}} */