restricting server edit/add/delete to admins only
parent
51cefd6cd6
commit
130a000cda
|
@ -112,6 +112,13 @@ abstract class AbstractController implements ControllerInterface {
|
|||
*/
|
||||
protected $user_level_required = PSM_USER_USER;
|
||||
|
||||
/**
|
||||
* Required user level for certain actions
|
||||
* @var int $user_level_required_actions
|
||||
* @see setMinUserLevelRequiredForAction()
|
||||
*/
|
||||
protected $user_level_required_actions = array();
|
||||
|
||||
function __construct(Database $db, Template $tpl) {
|
||||
$this->db = $db;
|
||||
$this->tpl = $tpl;
|
||||
|
@ -121,22 +128,10 @@ abstract class AbstractController implements ControllerInterface {
|
|||
* Initialize the module
|
||||
*/
|
||||
public function initialize() {
|
||||
// yeh baby, "initialize" me..
|
||||
// right, anyway, lets determine the aciton
|
||||
$action = null;
|
||||
$action = psm_GET('action', psm_POST('action', $this->action_default));
|
||||
|
||||
if(isset($_GET['action'])) {
|
||||
$action = $_GET['action'];
|
||||
} elseif(isset($_POST['action'])) {
|
||||
$action = $_POST['action'];
|
||||
}
|
||||
if($action !== null && in_array($action, $this->actions)) {
|
||||
// we have an action
|
||||
$this->initializeAction($action);
|
||||
} elseif($this->action_default !== null) {
|
||||
if(!in_array($action, $this->actions) || !$this->initializeAction($action)) {
|
||||
$this->initializeAction($this->action_default);
|
||||
} else {
|
||||
// else what..?
|
||||
}
|
||||
|
||||
$this->createHTML();
|
||||
|
@ -145,15 +140,26 @@ abstract class AbstractController implements ControllerInterface {
|
|||
/**
|
||||
* Run a specified action
|
||||
*
|
||||
* For it to run, the "execute$action" method must exist
|
||||
* For it to run, the "execute$action" method must exist.
|
||||
* @param string $action
|
||||
* @return boolean whether action has been initialized successfully
|
||||
*/
|
||||
protected function initializeAction($action) {
|
||||
$this->action = $action;
|
||||
if(isset($this->user_level_required_actions[$action])) {
|
||||
$ulvl = ($this->user) ? $this->user->getUserLevel() : PSM_USER_ANONYMOUS;
|
||||
|
||||
if($ulvl > $this->user_level_required_actions[$action]) {
|
||||
// user is not allowed to access this action..
|
||||
return false;
|
||||
}
|
||||
}
|
||||
$method = 'execute' . ucfirst($action);
|
||||
if(method_exists($this, $method)) {
|
||||
$this->action = $action;
|
||||
$this->$method();
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -390,9 +396,11 @@ abstract class AbstractController implements ControllerInterface {
|
|||
/**
|
||||
* Set the minimum required user level for this module
|
||||
* @param int $level
|
||||
* @return \psm\Module\AbstractController
|
||||
*/
|
||||
public function setMinUserLevelRequired($level) {
|
||||
$this->user_level_required = intval($level);
|
||||
return $this;
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -402,4 +410,23 @@ abstract class AbstractController implements ControllerInterface {
|
|||
public function getMinUserLevelRequired() {
|
||||
return $this->user_level_required;
|
||||
}
|
||||
|
||||
/**
|
||||
* Set the minimum required user level for a certain action.
|
||||
*
|
||||
* Use this only if one of the access is more restricted than the entire controller
|
||||
* @param int $level
|
||||
* @param string|array $actions one or more actions to set this level for
|
||||
* @return \psm\Module\AbstractController
|
||||
* @see setMinUserLevelRequired()
|
||||
*/
|
||||
public function setMinUserLevelRequiredForAction($level, $actions) {
|
||||
if(!is_array($actions)) {
|
||||
$actions = array($actions);
|
||||
}
|
||||
foreach($actions as $action) {
|
||||
$this->user_level_required_actions[$action] = intval($level);
|
||||
}
|
||||
return $this;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -41,6 +41,11 @@ class ServerController extends AbstractController {
|
|||
$this->setActions(array(
|
||||
'index', 'edit', 'save', 'delete',
|
||||
), 'index');
|
||||
|
||||
// make sure only admins are allowed to edit/delete servers:
|
||||
$this->setMinUserLevelRequiredForAction(PSM_USER_ADMIN, array(
|
||||
'delete', 'edit', 'save'
|
||||
));
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -48,6 +53,22 @@ class ServerController extends AbstractController {
|
|||
*/
|
||||
protected function executeIndex() {
|
||||
$this->setTemplateId('servers_list', 'servers.tpl.html');
|
||||
// check if user is admin, in that case we add the buttons
|
||||
if($this->user->getUserLevel() == PSM_USER_ADMIN) {
|
||||
// first add buttons at the top
|
||||
$this->tpl->newTemplate('servers_list_admin_buttons', 'servers.tpl.html');
|
||||
$this->tpl->addTemplateData($this->getTemplateId(), array(
|
||||
'html_buttons_admin' => $this->tpl->getTemplate('servers_list_admin_buttons'),
|
||||
'url_add' => psm_build_url(array('mod' => 'server', 'action' => 'edit'))
|
||||
));
|
||||
// get the action buttons per server
|
||||
$this->tpl->newTemplate('servers_list_admin_actions', 'servers.tpl.html');
|
||||
$html_actions = $this->tpl->getTemplate('servers_list_admin_actions');
|
||||
} else {
|
||||
$html_actions = '';
|
||||
}
|
||||
// we need an array for our template magic (see below):
|
||||
$html_actions = array('html_actions' => $html_actions);
|
||||
|
||||
// get servers from database
|
||||
$servers = $this->db->query(
|
||||
|
@ -81,6 +102,10 @@ class ServerController extends AbstractController {
|
|||
$server_count = count($servers);
|
||||
|
||||
for ($x = 0; $x < $server_count; $x++) {
|
||||
// template magic: push the actions html to the front of the server array
|
||||
// so the template handler will add it first. that way the other server vars
|
||||
// will also be replaced in the html_actions template itself
|
||||
$servers[$x] = $html_actions + $servers[$x];
|
||||
$servers[$x]['class'] = ($x & 1) ? 'odd' : 'even';
|
||||
$servers[$x]['rtime'] = round((float) $servers[$x]['rtime'], 4);
|
||||
|
||||
|
|
|
@ -82,7 +82,7 @@
|
|||
</ul>
|
||||
<ul class="nav">
|
||||
<!--%tpl_repeat_menu-->
|
||||
<li id="nav_option_{key}" class="{active}">
|
||||
<li class="{active}">
|
||||
<a href="{url}">{label}</a>
|
||||
</li>
|
||||
<!--%%tpl_repeat_menu-->
|
||||
|
|
|
@ -1,12 +1,6 @@
|
|||
<!--%tpl_servers_list-->
|
||||
<div class="span12">
|
||||
<div class="top_buutons">
|
||||
<a class="btn btn-success" href="index.php?mod=server&action=edit">
|
||||
<i class="icon-plus icon-white"></i>
|
||||
{label_add_new}
|
||||
</a>
|
||||
</div>
|
||||
|
||||
{html_buttons_admin}
|
||||
<table class="table table-bordered table-striped">
|
||||
<thead>
|
||||
<tr>
|
||||
|
@ -21,7 +15,7 @@
|
|||
<th>{label_monitoring}</th>
|
||||
<th>{label_send_email}</th>
|
||||
<th>{label_send_sms}</th>
|
||||
<th width="75">{label_action}</th>
|
||||
<th>{label_action}</th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
|
@ -42,14 +36,7 @@
|
|||
<td>{active}</td>
|
||||
<td>{email}</td>
|
||||
<td>{sms}</td>
|
||||
<td>
|
||||
<a class="btn btn-small" href="index.php?mod=server&action=edit&id={server_id}" title="{label_edit}">
|
||||
<i class="icon-pencil"></i>
|
||||
</a>
|
||||
<a class="btn btn-small btn-danger" href="javascript:sm_delete('{server_id}', 'server');" title="{label_delete}">
|
||||
<i class="icon-remove icon-white"></i>
|
||||
</a>
|
||||
</td>
|
||||
<td>{html_actions}</td>
|
||||
</tr>
|
||||
<!--%%tpl_repeat_servers-->
|
||||
{servers}
|
||||
|
@ -58,6 +45,23 @@
|
|||
</div>
|
||||
<!--%%tpl_servers_list-->
|
||||
|
||||
<!--%tpl_servers_list_admin_buttons-->
|
||||
<div class="top_buutons">
|
||||
<a class="btn btn-success" href="{url_add}">
|
||||
<i class="icon-plus icon-white"></i>
|
||||
{label_add_new}
|
||||
</a>
|
||||
</div>
|
||||
<!--%%tpl_servers_list_admin_buttons-->
|
||||
|
||||
<!--%tpl_servers_list_admin_actions-->
|
||||
<a class="btn btn-small" href="index.php?mod=server&action=edit&id={server_id}" title="{label_edit}">
|
||||
<i class="icon-pencil"></i>
|
||||
</a>
|
||||
<a class="btn btn-small btn-danger" href="javascript:sm_delete('{server_id}', 'server');" title="{label_delete}">
|
||||
<i class="icon-remove icon-white"></i>
|
||||
</a>
|
||||
<!--%%tpl_servers_list_admin_actions-->
|
||||
|
||||
<!--%tpl_servers_update-->
|
||||
<div class="span12">
|
||||
|
|
Loading…
Reference in New Issue