[mms] Replace max blacklist/whitelist configuration parameters with e…

…quivalent permissions options.
horde · Feb 9, 2014 · 2652f7b · 2652f7b
1 parent 0e38062
commit 2652f7b
Show file tree

Hide file tree

Showing 11 changed files with 289 additions and 66 deletions.
diff --git a/ingo/bin/ingo-admin-upgrade b/ingo/bin/ingo-admin-upgrade
@@ -0,0 +1,94 @@
+#!/usr/bin/env php
+<?php
+/**
+ * Perform admin upgrade tasks specific to Ingo.
+ *
+ * Copyright 2014 Horde LLC (http://www.horde.org/)
+ *
+ * See the enclosed file COPYING for license information (ASL). If you
+ * did not receive this file, see http://www.horde.org/licenses/apache.
+ *
+ * @author    Michael Slusarz <slusarz@horde.org>
+ * @category  Horde
+ * @copyright 2014 Horde LLC
+ * @license   http://www.horde.org/licenses/apache ASL
+ * @package   Ingo
+ */
+
+$baseFile = __DIR__ . '/../lib/Application.php';
+if (file_exists($baseFile)) {
+    require_once $baseFile;
+} else {
+    require_once 'PEAR/Config.php';
+    require_once PEAR_Config::singleton()
+        ->get('horde_dir', null, 'pear.horde.org') . '/ingo/lib/Application.php';
+}
+Horde_Registry::appInit('ingo', array('cli' => true));
+
+$parser = new Horde_Argv_Parser();
+$parser->addOption('-t', '--task', array(
+    'dest' => 'task',
+    'help' => 'Upgrade task'
+));
+list($values,) = $parser->parseArgs();
+
+$pkey = 'ingo:';
+
+switch ($values->task) {
+case 'backend_perms':
+case 'backend_perms_force':
+    $backends = array_keys(Ingo::loadBackends());
+    $perms = $injector->getInstance('Horde_Perms');
+
+    $cli->message($cli->bold('Upgrading permissions.'));
+
+    if ($values->task == 'backend_perms_force') {
+        foreach ($backends as $backend) {
+            try {
+                $perms->removePermission($perms->getPermission($pkey . $backend), true);
+                $cli->message(sprintf('Force deletion of all "%s" backend permissions.', $backend));
+            } catch (Horde_Exception $e) {}
+        }
+    }
+
+    try {
+        $pval = null;
+        $remove = array();
+
+        if ($perms->exists($pkey . 'allow_rules')) {
+            $remove[] = $pkey . 'allow_rules';
+            $pval = $perms->getPermission($pkey . 'allow_rules');
+        }
+
+        if ($perms->exists($pkey . 'max_rules')) {
+            $remove[] = $pkey . 'max_rules';
+            if (!$pval) {
+                $pval = $perms->getPermission($pkey . 'max_rules');
+            }
+        }
+
+        if ($pval) {
+            foreach ($backends as $backend) {
+                $parent_perm = $pkey . $backend;
+                if (!$perms->exists($parent_perm)) {
+                    $perms->addPermission($perms->newPermission($parent_perm));
+                }
+
+                $perm_edit = clone $pval;
+                $perm_edit->setName($parent_perm . ':max_rules');
+                $perms->addPermission($perm_edit);
+                $cli->message(sprintf('Added "%s" permission to the "%s" backend.', 'max_rules', $backend));
+            }
+
+            foreach ($remove as $val) {
+                $perms->removePermission($val);
+                $cli->message(sprintf('Removed obsolete "%s" permission.', $val));
+            }
+        }
+    } catch (Horde_Exception $e) {
+        $cli->message(sprintf('Error upgrading "%s" permission: %s.', 'max_rules', $e->getMessage()), 'cli.error');
+    }
+
+    $cli->message($cli->bold('DONE upgrading permissions.'));
+    break;
+}
diff --git a/ingo/config/conf.xml b/ingo/config/conf.xml
@@ -11,10 +11,6 @@
     </configsection>
    </case>
   </configswitch>
-  <configinteger name="maxblacklist" desc="The maximum number of blacklist
-  addresses a user can store.  Set to 0 for no limit.">0</configinteger>
-  <configinteger name="maxwhitelist" desc="The maximum number of whitelist
-  addresses a user can store.  Set to 0 for no limit.">0</configinteger>
  </configsection>
 
  <configsection name="rules">

diff --git a/ingo/docs/CHANGES b/ingo/docs/CHANGES
@@ -2,6 +2,8 @@
 v3.2.0-git
 ----------
 
+[mms] Replace max blacklist/whitelist configuration parameters with equivalent
+      permissions options.
 [mms] Sorting of rules now done via drag/drop javascript.
 [jan] Make shares table compatible with Oracle.
 [mms] Validate e-mail addresses on the forward and vacation pages (Request

diff --git a/ingo/docs/UPGRADING b/ingo/docs/UPGRADING
@@ -39,6 +39,35 @@ Added the 'newEmailFilter' API link.  Takes one argument: 'email', the
 e-mail address to pre-populate into a new rule.
 
 
+Configuration Options (conf.php)
+--------------------------------
+
+The following options have been removed (see Permissions section for
+replacement functionality)::
+
+   $conf['storage']['maxblacklist']
+   $conf['storage']['maxwhitelist']
+
+
+Permissions
+-----------
+
+Ingo permissions are now applied per backend. To upgrade existing permissions,
+an admin needs to run the following script::
+
+   bin/ingo-admin-upgrade --task=backend_perms
+
+The following permissions have been added::
+
+   max_blacklist
+   max_whitelist
+
+The following permissions have been removed::
+
+   allow_rules (replacement: set max_rules permission to 0)
+
+
+
 Upgrading Ingo From 3.0.x To 3.1.x
 ==================================
 

diff --git a/ingo/lib/Application.php b/ingo/lib/Application.php
@@ -96,22 +96,6 @@ protected function _init()
         }
     }
 
-    /**
-     */
-    public function perms()
-    {
-        return array(
-            'allow_rules' => array(
-                'title' => _("Allow Rules"),
-                'type' => 'boolean'
-            ),
-            'max_rules' => array(
-                'title' => _("Maximum Number of Rules"),
-                'type' => 'int'
-            )
-        );
-    }
-
     /**
      */
     public function menu($menu)
@@ -188,7 +172,6 @@ public function sidebar($sidebar)
     {
         global $injector;
 
-        $perms = $injector->getInstance('Horde_Core_Perms');
         $actions = array();
         foreach ($injector->getInstance('Ingo_Factory_Script')->createAll() as $script) {
             $actions = array_merge($actions, $script->availableActions());
@@ -198,11 +181,11 @@ public function sidebar($sidebar)
             ->retrieve(Ingo_Storage::ACTION_FILTERS)
             ->getFilterList();
 
-        if (!empty($actions) &&
-            ($perms->hasAppPermission('allow_rules') &&
-             ($perms->hasAppPermission('max_rules') === true ||
-              $perms->hasAppPermission('max_rules') > count($filters)))) {
-            $sidebar->addNewButton(_("New Rule"), Ingo_Basic_Rule::url());
+        if (!empty($actions)) {
+            $max = $injector->getInstance('Horde_Core_Perms')->hasAppPermission(Ingo_Perms::getPerm('max_rules'));
+            if (($max === true) || ($max > count($filters))) {
+                $sidebar->addNewButton(_("New Rule"), Ingo_Basic_Rule::url());
+            }
         }
 
         if ($injector->getInstance('Ingo_Shares') &&
@@ -229,22 +212,18 @@ public function sidebar($sidebar)
         }
     }
 
+    /**
+     */
+    public function perms()
+    {
+        return $GLOBALS['injector']->getInstance('Ingo_Perms')->perms();
+    }
+
     /**
      */
     public function hasPermission($permission, $allowed, $opts = array())
     {
-        if (is_array($allowed)) {
-            switch ($permission) {
-            case 'allow_rules':
-                $allowed = (bool)count(array_filter($allowed));
-                break;
-
-            case 'max_rules':
-                $allowed = max($allowed);
-                break;
-            }
-        }
-        return $allowed;
+        return $GLOBALS['injector']->getInstance('Ingo_Perms')->hasPermission($permission, $allowed, $opts);
     }
 
     /**

diff --git a/ingo/lib/Basic/Filters.php b/ingo/lib/Basic/Filters.php
@@ -77,26 +77,27 @@ protected function _init()
                 break;
 
             case 'rule_copy':
-                if (!$perms->hasAppPermission('allow_rules')) {
+                $max = $perms->hasAppPermission(Ingo_Perms::getPerm('max_rules'));
+                if ($max === 0) {
                     Horde::permissionDeniedError(
                         'ingo',
-                        'allow_rules',
+                        'max_rules',
                         _("You are not allowed to create or edit custom rules.")
                     );
                     break 2;
-                } elseif (($perms->hasAppPermission('max_rules') !== true) &&
-                          $perms->hasAppPermission('max_rules') <= count($filters->getFilterList())) {
+                } elseif (($max !== true) &&
+                          ($max <= count($filters->getFilterList()))) {
                     Horde::permissionDeniedError(
                         'ingo',
                         'max_rules',
-                        sprintf(_("You are not allowed to create more than %d rules."), $perms->hasAppPermission('max_rules'))
+                        sprintf(_("You are not allowed to create more than %d rules."), $max)
                     );
                     break 2;
-                } else {
-                    $tmp = $filters->getFilter($this->vars->rulenumber);
-                    if ($filters->copyRule($this->vars->rulenumber)) {
-                        $notification->push(sprintf(_("Rule \"%s\" copied."), $tmp['name']), 'horde.success');
-                    }
+                }
+
+                $tmp = $filters->getFilter($this->vars->rulenumber);
+                if ($filters->copyRule($this->vars->rulenumber)) {
+                    $notification->push(sprintf(_("Rule \"%s\" copied."), $tmp['name']), 'horde.success');
                 }
                 break;
 
@@ -183,7 +184,7 @@ protected function _init()
 
             $view->can_copy =
                 $edit_allowed &&
-                ((($max_rules = $perms->hasAppPermission('max_rules')) === true) ||
+                ((($max_rules = $perms->hasAppPermission(Ingo_Perms::getPerm('max_rules'))) === true) ||
                 ($max_rules > count($filter_list)));
 
             foreach ($filter_list as $rule_number => $filter) {

diff --git a/ingo/lib/Basic/Rule.php b/ingo/lib/Basic/Rule.php
@@ -30,8 +30,8 @@ protected function _init()
         global $conf, $injector, $notification, $page_output;
 
         /* Check rule permissions. */
-        $perms = $injector->getInstance('Horde_Core_Perms');
-        if (!$perms->hasAppPermission('allow_rules')) {
+        $max = $injector->getInstance('Horde_Core_Perms')->hasAppPermission(Ingo_Perms::getPerm('max_rules'));
+        if ($max === 0) {
             Horde::permissionDeniedError(
                 'ingo',
                 'allow_rules',
@@ -63,7 +63,7 @@ protected function _init()
         $ingo_storage = $injector->getInstance('Ingo_Factory_Storage')->create();
         $filters = $ingo_storage->retrieve(Ingo_Storage::ACTION_FILTERS);
 
-        if ($this->_assertMaxRules($perms, $filters)) {
+        if ($this->_assertMaxRules($max, $filters)) {
             Ingo_Basic_Filters::url()->redirect();
         }
 
@@ -183,7 +183,7 @@ protected function _init()
             }
 
             if (!isset($this->vars->edit)) {
-                if ($this->_assertMaxRules($perms, $filters)) {
+                if ($this->_assertMaxRules($max, $filters)) {
                     break;
                 }
                 $filters->addRule($rule);
@@ -344,15 +344,16 @@ protected function _init()
     }
 
     /**
+     * @param mixed $max
+     * @param Ingo_Storage_Filters $filters
      */
-    protected function _assertMaxRules($perms, $filters)
+    protected function _assertMaxRules($max, $filters)
     {
-        if (($perms->hasAppPermission('max_rules') !== true) &&
-            ($perms->hasAppPermission('max_rules') <= count($filters->getFilterList()))) {
+        if (($max !== true) && ($max <= count($filters->getFilterList()))) {
             Horde::permissionDeniedError(
                 'ingo',
                 'max_rules',
-                sprintf(_("You are not allowed to create more than %d rules."), $perms->hasAppPermission('max_rules'))
+                sprintf(_("You are not allowed to create more than %d rules."), $max)
             );
             return true;
         }