Skip to content

Commit

Permalink
Fixed issue #9953: Plugins global permissions did not work
Browse files Browse the repository at this point in the history
  • Loading branch information
@c-schmitz
c-schmitz committed Dec 9, 2015
1 parent f221f66 commit b9ba37b
Show file tree
Hide file tree
Showing 3 changed files with 32 additions and 25 deletions.
37 changes: 22 additions & 15 deletions application/controllers/PluginsController.php
View file
Expand Up @@ -27,22 +27,13 @@ public function _init()
Yii::app()->bootstrap->init(); // Make sure bootstrap css is rendered in time
}

public function accessRules()
{
$aRules = array(
array('allow', 'roles' => array('administrator')),
array('allow', 'actions' => array('direct')),
array('deny')
);


// Note the order; rules are numerically indexed and we want to
// parents rules to be executed only if ours dont apply.
return array_merge($aRules, parent::accessRules());
}

public function actionActivate($id)
{
if(!Permission::model()->hasGlobalPermission('settings','update'))
{
Yii::app()->session['flashmessage'] =gT('Access denied!');
$this->redirect($this->createUrl("/admin/plugins"));
}
$oPlugin = Plugin::model()->findByPk($id);
if (!is_null($oPlugin))
{
Expand Down Expand Up @@ -70,6 +61,11 @@ public function actionActivate($id)

public function actionConfigure($id)
{
if(!Permission::model()->hasGlobalPermission('settings','update'))
{
Yii::app()->session['flashmessage'] =gT('Access denied!');
$this->redirect($this->createUrl("/admin/plugins"));
}
$arPlugin = Plugin::model()->findByPk($id)->attributes;
$oPluginObject = App()->getPluginManager()->loadPlugin($arPlugin['name'], $arPlugin['id']);

Expand All @@ -78,7 +74,7 @@ public function actionConfigure($id)
Yii::app()->user->setFlash('pluginmanager', 'Plugin not found');
$this->redirect(array('plugins/'));
}

// If post handle data, yt0 seems to be the submit button
if (App()->request->isPostRequest)
{
Expand Down Expand Up @@ -114,6 +110,11 @@ public function actionConfigure($id)

public function actionDeactivate($id)
{
if(!Permission::model()->hasGlobalPermission('settings','update'))
{
Yii::app()->session['flashmessage'] =gT('Access denied!');
$this->redirect($this->createUrl("/admin/plugins"));
}
$oPlugin = Plugin::model()->findByPk($id);
if (!is_null($oPlugin))
{
Expand Down Expand Up @@ -162,6 +163,12 @@ public function actionDirect($plugin, $function)

public function actionIndex()
{
if(!Permission::model()->hasGlobalPermission('settings','read'))
{
Yii::app()->session['flashmessage'] =gT('Access denied!');
$this->redirect($this->createUrl("/admin"));
}

$oPluginManager = App()->getPluginManager();

// Scan the plugins folder.
Expand Down
2 changes: 1 addition & 1 deletion application/views/admin/super/adminmenu.php
View file
Expand Up @@ -87,7 +87,7 @@
<a href="<?php echo $this->createUrl("admin/participants/sa/index"); ?>" >
<img src='<?php echo $sImageURL;?>cpdb.png' alt='<?php eT("Central participant database/panel");?>' width='<?php echo $iconsize;?>' height='<?php echo $iconsize;?>'/></a>
<?php }
if(Permission::model()->hasGlobalPermission('superadmin','read'))
if(Permission::model()->hasGlobalPermission('settings','read'))
{ ?>
<a href="<?php echo $this->createUrl("plugins/"); ?>" >
<img src='<?php echo $sImageURL;?>plugin.png' alt='<?php eT("Plugin manager");?>' width='<?php echo $iconsize;?>' height='<?php echo $iconsize;?>'/></a>
Expand Down
18 changes: 9 additions & 9 deletions application/views/plugins/index.php
View file
Expand Up @@ -5,7 +5,7 @@
/* @var $dataProvider CActiveDataProvider */

$dataProvider = new CArrayDataProvider($data);

$gridColumns = array(
array(// display the activation link
'class' => 'CLinkColumn',
Expand All @@ -18,15 +18,15 @@
'type' => 'raw',
'header' => gT('Action'),
'value' => function($data) {
if ($data['active'] == 0)
{
if ($data['active'] == 0 && (Permission::model()->hasGlobalPermission('settings','update')))
{
$output = CHtml::link(CHtml::image(App()->getConfig('adminimageurl') . 'active.png', gT('Activate'), array('width' => 16, 'height' => 16)), array("/plugins/activate", "id" => $data['id']));
} else {
$output = CHtml::link(CHtml::image(App()->getConfig('adminimageurl') . 'inactive.png', gT('Deactivate'), array('width' => 16, 'height' => 16)), array("/plugins/deactivate", "id" => $data['id']));
$output = CHtml::link(CHtml::image(App()->getConfig('adminimageurl') . 'inactive.png', gT('Deactivate'), array('width' => 16, 'height' => 16)), array("/plugins/deactivate", "id" => $data['id']));
}
if(count($data['settings'])>0)
if(count($data['settings'])>0 && (Permission::model()->hasGlobalPermission('settings','update')))
{
$output .= CHtml::link(CHtml::image(App()->getConfig('adminimageurl') . 'survey_settings_30.png', gT('Configure'), array('width' => 16, 'height' => 16, 'style' => 'margin-left: 8px;')), array("/plugins/configure", "id" => $data['id']));
$output .= CHtml::link(CHtml::image(App()->getConfig('adminimageurl') . 'survey_settings_30.png', gT('Configure'), array('width' => 16, 'height' => 16, 'style' => 'margin-left: 8px;')), array("/plugins/configure", "id" => $data['id']));
}
return $output;
}
Expand All @@ -41,8 +41,8 @@
'header' => gT('Description'),
'name' => 'description'
),
);
);

/*
array( // display a column with "view", "update" and "delete" buttons
'class' => 'CallbackColumn',
Expand All @@ -51,7 +51,7 @@
)
);
*/

$this->widget('bootstrap.widgets.TbExtendedGridView', array(
'dataProvider'=>$dataProvider,
'columns'=>$gridColumns,
Expand Down

0 comments on commit b9ba37b

Please sign in to comment.