Browse Source

Users who can handle cats can see all of them on the edit user/perm group pages

master^2
Mike Koch 1 year ago
parent
commit
3458f240b7
No account linked to committer's email address
3 changed files with 31 additions and 12 deletions
  1. 7
    5
      admin/manage_permission_groups.php
  2. 6
    1
      admin/manage_users.php
  3. 18
    6
      inc/profile_functions.inc.php

+ 7
- 5
admin/manage_permission_groups.php View File

@@ -189,8 +189,9 @@ function createEditModal($template, $features, $categories)
<div class="footerWithBorder blankSpace"></div>
<div class="form-group">
<?php
foreach ($categories as $category): ?>
<?php
foreach ($categories as $category):
$can_man_categories = hesk_checkPermission('can_man_cat', 0);

$checked = '';
$disabled = '';
if (in_array($category['id'], $enabledCategories) ||
@@ -198,12 +199,13 @@ function createEditModal($template, $features, $categories)
$checked = 'checked ';
}
if ((!hesk_SESSION('isadmin') &&
!in_array($category['id'], $_SESSION['categories'])) ||
!in_array($category['id'], $_SESSION['categories']) &&
!$can_man_categories) ||
$template['categories'] === 'ALL') {
$disabled = ' disabled';
}?>
}

<?php if ($_SESSION['isadmin'] || in_array($category['id'], $_SESSION['categories']) || $checked): ?>
if ($_SESSION['isadmin'] || $can_man_categories || in_array($category['id'], $_SESSION['categories']) || $checked): ?>
<div class="checkbox">
<label>
<input type="checkbox" name="categories[]"

+ 6
- 1
admin/manage_users.php View File

@@ -95,7 +95,7 @@ $orderBy = $modsForHesk_settings['category_order_column'];
$hesk_settings['categories'] = array();
$res = hesk_dbQuery('SELECT `id`,`name` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'categories` ORDER BY `' . $orderBy . '` ASC');
while ($row = hesk_dbFetchAssoc($res)) {
if (hesk_okCategory($row['id'], 0)) {
if (hesk_checkPermission('can_man_cat', 0) || hesk_okCategory($row['id'], 0)) {
$hesk_settings['categories'][$row['id']] = $row['name'];
}
}
@@ -406,6 +406,11 @@ function compare_user_permissions($compare_id, $compare_isadmin, $compare_catego
return false;
}

// Users who can edit categories can see all of them
if (hesk_checkPermission('can_man_cat', 0)) {
return true;
}

/* Compare categories */
foreach ($compare_categories as $catid) {
if (!array_key_exists($catid, $hesk_settings['categories'])) {

+ 18
- 6
inc/profile_functions.inc.php View File

@@ -162,22 +162,34 @@ function hesk_profile_tab($session_array = 'new', $is_profile_page = true, $acti
if (!$is_profile_page) {
?>
<div role="tabpanel" class="tab-pane fade" id="permissions">
<?php if ($_SESSION['isadmin']): ?>
<?php if (hesk_checkPermission('can_man_permission_tpl', 0)): ?>
<div class="form-group">
<label for="administrator"
class="col-md-3 control-label"><?php echo $hesklang['permission_group']; ?></label>

<div class="col-md-9">
<?php
// Get list of permission templates. If current user is not admin, exclude permission tpl 1
$excludeSql = $_SESSION['isadmin'] ? '' : " WHERE `heskprivileges` <> 'ALL'";
// Get list of permission templates. If current user is not admin, only allow permission templates that have equal or less access
$excludeSql = $_SESSION['isadmin'] ? '' : " WHERE `id` <> 1";
$res = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "permission_templates`" . $excludeSql);

$current_features = explode(',', $_SESSION['heskprivileges']);
$templates = array();
echo '<select name="template" id="permission-tpl" class="form-control" onchange="updateCheckboxes()">';
while ($row = hesk_dbFetchAssoc($res)) {
array_push($templates, $row);
$selected = $_SESSION[$session_array]['permission_template'] == $row['id'] ? 'selected' : '';
echo '<option value="' . $row['id'] . '" ' . $selected . '>' . htmlspecialchars($row['name']) . '</option>';
$categories = $row['id'] != 1 ? explode(',', $row['categories']) : array('ALL');
$features = $row['id'] != 1 ? explode(',', $row['heskprivileges']) : array('ALL');

if ($_SESSION['isadmin'] ||
$_SESSION['template'] == $row['id'] ||
$_SESSION[$session_array]['permission_template'] == $row['id'] ||
(count(array_diff($categories, $_SESSION['categories'])) == 0 &&
count(array_diff($features, $current_features)) == 0)) {
$templates[] = $row;

$selected = $_SESSION[$session_array]['permission_template'] == $row['id'] ? 'selected' : '';
echo '<option value="' . $row['id'] . '" ' . $selected . '>' . htmlspecialchars($row['name']) . '</option>';
}
}
$selected = $_SESSION[$session_array]['permission_template'] == '-1' ? 'selected' : '';
echo '<option value="-1" ' . $selected . '>' . htmlspecialchars($hesklang['custom']) . '</option>';

Loading…
Cancel
Save