';
- if ($session->user->isInGroup(3)) {
+ if (canView($session)) {
$output .= $session->icon->delete("op=rollbackVersionTag;tagId=".$tag->getId,undef,$rollbackPrompt);
}
$output .= $session->icon->edit("op=editVersionTag;tagId=".$tag->getId)
@@ -410,7 +424,7 @@ sub www_manageRevisionsInTag {
my $ac = WebGUI::AdminConsole->new($session,"versions");
my $i18n = WebGUI::International->new($session,"VersionTag");
$ac->addSubmenuItem($session->url->page('op=editVersionTag'), $i18n->get("add a version tag"));
- $ac->addSubmenuItem($session->url->page('op=manageCommittedVersions'), $i18n->get("manage committed versions")) if ($session->user->isInGroup(3));
+ $ac->addSubmenuItem($session->url->page('op=manageCommittedVersions'), $i18n->get("manage committed versions")) if canView($session);
$ac->addSubmenuItem($session->url->page('op=manageVersions'), $i18n->get("manage versions"));
my $output = "";
if ($session->form->param("workflowInstanceId")) {
@@ -488,7 +502,7 @@ A reference to the current session.
sub www_rollbackVersionTag {
my $session = shift;
- return $session->privilege->adminOnly() unless $session->user->isInGroup(3);
+ return $session->privilege->adminOnly() unless canView($session);
my $tagId = $session->form->process("tagId");
return $session->privilege->vitalComponent() if ($tagId eq "pbversion0000000000001");
if ($tagId) {
diff --git a/lib/WebGUI/Operation/Workflow.pm b/lib/WebGUI/Operation/Workflow.pm
index a8fe16946..8007c84b2 100644
--- a/lib/WebGUI/Operation/Workflow.pm
+++ b/lib/WebGUI/Operation/Workflow.pm
@@ -32,6 +32,36 @@ Operation handler for managing workflows.
=cut
+#----------------------------------------------------------------------------
+
+=head2 canRunWorkflow ( session [, user] )
+
+Returns true if the user can run workflows from this operation. user defaults to
+the current user.
+
+=cut
+
+sub canRunWorkflow {
+ my $session = shift;
+ my $user = shift || $session->user;
+ return $user->isInGroup( $session->setting->get("groupIdAdminWorkflowRun") );
+}
+
+#----------------------------------------------------------------------------
+
+=head2 canView ( session [, user] )
+
+Returns true if the user can administrate this operation. user defaults to
+the current user.
+
+=cut
+
+sub canView {
+ my $session = shift;
+ my $user = shift || $session->user;
+ return $user->isInGroup( $session->setting->get("groupIdAdminWorkflow") );
+}
+
#-------------------------------------------------------------------
=head2 www_activityHelper ( session )
@@ -78,7 +108,7 @@ Allows the user to choose the type of workflow that's going to be created.
sub www_addWorkflow {
my $session = shift;
- return $session->privilege->insufficient() unless ($session->user->isInGroup("pbgroup000000000000015"));
+ return $session->privilege->insufficient() unless canView($session);
my $i18n = WebGUI::International->new($session, "Workflow");
my $f = WebGUI::HTMLForm->new($session);
$f->submit;
@@ -117,7 +147,7 @@ Saves the results from www_addWorkflow().
sub www_addWorkflowSave {
my $session = shift;
- return $session->privilege->insufficient() unless ($session->user->isInGroup("pbgroup000000000000015"));
+ return $session->privilege->insufficient() unless canView($session);
my $workflow = WebGUI::Workflow->create($session, {type=>$session->form->get("type")});
return www_editWorkflow($session, $workflow);
}
@@ -132,7 +162,7 @@ Deletes an entire workflow.
sub www_deleteWorkflow {
my $session = shift;
- return $session->privilege->insufficient() unless ($session->user->isInGroup("pbgroup000000000000015"));
+ return $session->privilege->insufficient() unless canView($session);
my $workflow = WebGUI::Workflow->new($session, $session->form->get("workflowId"));
$workflow->delete if defined $workflow;
return www_manageWorkflows($session);
@@ -148,7 +178,7 @@ Deletes an activity from a workflow.
sub www_deleteWorkflowActivity {
my $session = shift;
- return $session->privilege->insufficient() unless ($session->user->isInGroup("pbgroup000000000000015"));
+ return $session->privilege->insufficient() unless canView($session);
my $workflow = WebGUI::Workflow->new($session, $session->form->get("workflowId"));
if (defined $workflow) {
$workflow->deleteActivity($session->form->get("activityId"));
@@ -170,7 +200,7 @@ A reference to the current session.
sub www_demoteWorkflowActivity {
my $session = shift;
- return $session->privilege->insufficient() unless ($session->user->isInGroup("pbgroup000000000000015"));
+ return $session->privilege->insufficient() unless canView($session);
my $workflow = WebGUI::Workflow->new($session, $session->form->param("workflowId"));
$workflow->demoteActivity($session->form->param("activityId"));
return www_editWorkflow($session);
@@ -187,7 +217,7 @@ Displays displays the editable properties of a workflow.
sub www_editWorkflow {
my $session = shift;
my $workflow = shift;
- return $session->privilege->insufficient() unless ($session->user->isInGroup("pbgroup000000000000015"));
+ return $session->privilege->insufficient() unless canView($session);
$workflow = WebGUI::Workflow->new($session, $session->form->get("workflowId")) unless (defined $workflow);
my $i18n = WebGUI::International->new($session, "Workflow");
my $workflowActivities = $session->config->get("workflowActivities");
@@ -331,7 +361,7 @@ Saves the results of www_editWorkflow()
sub www_editWorkflowSave {
my $session = shift;
- return $session->privilege->insufficient() unless ($session->user->isInGroup("pbgroup000000000000015"));
+ return $session->privilege->insufficient() unless canView($session);
my $workflow = WebGUI::Workflow->new($session, $session->form->param("workflowId"));
$workflow->set({
enabled => $session->form->get("enabled", "yesNo"),
@@ -353,7 +383,7 @@ Displays a form to edit the properties of a workflow activity.
sub www_editWorkflowActivity {
my $session = shift;
- return $session->privilege->insufficient() unless ($session->user->isInGroup("pbgroup000000000000015"));
+ return $session->privilege->insufficient() unless canView($session);
my $activity = '';
if ($session->form->process("className","className")) {
$activity = WebGUI::Workflow::Activity->newByPropertyHashRef($session, {activityId=>"new",className=>$session->form->process("className","className")});
@@ -381,7 +411,7 @@ Saves the results of www_editWorkflowActivity().
sub www_editWorkflowActivitySave {
my $session = shift;
- return $session->privilege->insufficient() unless ($session->user->isInGroup("pbgroup000000000000015"));
+ return $session->privilege->insufficient() unless canView($session);
my $workflow = WebGUI::Workflow->new($session, $session->form->get("workflowId"));
if (defined $workflow) {
my $activityId = $session->form->get("activityId");
@@ -406,7 +436,7 @@ Display a list of the workflows.
sub www_manageWorkflows {
my $session = shift;
- return $session->privilege->insufficient() unless ($session->user->isInGroup("pbgroup000000000000015"));
+ return $session->privilege->insufficient() unless canView($session);
my $i18n = WebGUI::International->new($session, "Workflow");
my $output = '';
my $rs = $session->db->read("select workflowId, title, enabled from Workflow order by title");
@@ -440,7 +470,7 @@ A reference to the current session.
sub www_promoteWorkflowActivity {
my $session = shift;
- return $session->privilege->insufficient() unless ($session->user->isInGroup("pbgroup000000000000015"));
+ return $session->privilege->insufficient() unless canView($session);
my $workflow = WebGUI::Workflow->new($session, $session->form->param("workflowId"));
$workflow->promoteActivity($session->form->param("activityId"));
return www_editWorkflow($session);
@@ -458,7 +488,7 @@ sub www_runWorkflow {
my $session = shift;
$session->http->setMimeType("text/plain");
$session->http->setCacheControl("none");
- unless (isInSubnet($session->env->get("REMOTE_ADDR"), $session->config->get("spectreSubnets")) || $session->user->isInGroup("3")) {
+ unless (isInSubnet($session->env->get("REMOTE_ADDR"), $session->config->get("spectreSubnets")) || canRunWorkflow($session)) {
$session->errorHandler->security("make a Spectre workflow runner request, but we're only allowed to accept requests from ".join(",",@{$session->config->get("spectreSubnets")}).".");
return "error";
}
@@ -487,11 +517,11 @@ Display a list of the running workflow instances.
sub www_showRunningWorkflows {
my $session = shift;
- return $session->privilege->insufficient() unless ($session->user->isInGroup("pbgroup000000000000015"));
+ return $session->privilege->insufficient() unless canView($session);
my $i18n = WebGUI::International->new($session, "Workflow");
my $ac = WebGUI::AdminConsole->new($session,"workflow");
- my $isAdmin = $session->user->isInGroup("3");
+ my $isAdmin = canRunWorkflow($session);
# javascript for creating/showing/hiding the edit priority form
my $cancel = $i18n->get('edit priority cancel');
diff --git a/lib/WebGUI/i18n/English/WebGUI.pm b/lib/WebGUI/i18n/English/WebGUI.pm
index 6b5d4abf0..fbe4e48fb 100644
--- a/lib/WebGUI/i18n/English/WebGUI.pm
+++ b/lib/WebGUI/i18n/English/WebGUI.pm
@@ -3591,6 +3591,251 @@ LongTruncOk=1
lastUpdated => 0,
},
+ 'permissions' => {
+ message => q{Permissions},
+ lastUpdated => 0,
+ context => q{The label for the Permissions tab of the Settings Admin panel},
+ },
+
+ 'settings groupIdAdminActiveSessions label' => {
+ message => q{Active Sessions},
+ lastUpdated => 0,
+ },
+ 'settings groupIdAdminActiveSessions hoverHelp' => {
+ message => q{Group to view and expire active sessions.},
+ lastUpdated => 0,
+ },
+
+
+ 'settings groupIdAdminAdSpace label' => {
+ message => q{AdSpace},
+ lastUpdated => 0,
+ },
+ 'settings groupIdAdminAdSpace hoverHelp' => {
+ message => q{Group to manage advertising.},
+ lastUpdated => 0,
+ },
+
+
+ 'settings groupIdAdminCache label' => {
+ message => q{Cache},
+ lastUpdated => 0,
+ },
+ 'settings groupIdAdminCache hoverHelp' => {
+ message => q{Group to view and flush cache.},
+ lastUpdated => 0,
+ },
+
+
+ 'settings groupIdAdminCommerce label' => {
+ message => q{Commerce},
+ lastUpdated => 0,
+ },
+ 'settings groupIdAdminCommerce hoverHelp' => {
+ message => q{Group to manage Commerce settings.},
+ lastUpdated => 0,
+ },
+
+
+ 'settings groupIdAdminCron label' => {
+ message => q{Cron},
+ lastUpdated => 0,
+ },
+ 'settings groupIdAdminCron hoverHelp' => {
+ message => q{Group to manage scheduled workflows.},
+ lastUpdated => 0,
+ },
+
+
+ 'settings groupIdAdminDatabaseLink label' => {
+ message => q{Database Link},
+ lastUpdated => 0,
+ },
+ 'settings groupIdAdminDatabaseLink hoverHelp' => {
+ message => q{Group to manage database links.},
+ lastUpdated => 0,
+ },
+
+
+ 'settings groupIdAdminGraphics label' => {
+ message => q{Graphics},
+ lastUpdated => 0,
+ },
+ 'settings groupIdAdminGraphics hoverHelp' => {
+ message => q{Group to manage fonts and palettes.},
+ lastUpdated => 0,
+ },
+
+
+ 'settings groupIdAdminGroup label' => {
+ message => q{Groups},
+ lastUpdated => 0,
+ },
+ 'settings groupIdAdminGroup hoverHelp' => {
+ message => q{Group to manage all groups.},
+ lastUpdated => 0,
+ },
+
+
+ 'settings groupIdAdminGroupAdmin label' => {
+ message => q{Groups (limited)},
+ lastUpdated => 0,
+ },
+ 'settings groupIdAdminGroupAdmin hoverHelp' => {
+ message => q{Group to manage groups that user is administrator of.},
+ lastUpdated => 0,
+ },
+
+
+ 'settings groupIdAdminHelp label' => {
+ message => q{Help},
+ lastUpdated => 0,
+ },
+ 'settings groupIdAdminHelp hoverHelp' => {
+ message => q{Group that can view help.},
+ lastUpdated => 0,
+ },
+
+
+ 'settings groupIdAdminLDAPLink label' => {
+ message => q{LDAP},
+ lastUpdated => 0,
+ },
+ 'settings groupIdAdminLDAPLink hoverHelp' => {
+ message => q{Group to manage LDAP links.},
+ lastUpdated => 0,
+ },
+
+
+ 'settings groupIdAdminLoginHistory label' => {
+ message => q{Login History},
+ lastUpdated => 0,
+ },
+ 'settings groupIdAdminLoginHistory hoverHelp' => {
+ message => q{Group to view login history.},
+ lastUpdated => 0,
+ },
+
+
+ 'settings groupIdAdminProductManager label' => {
+ message => q{Products},
+ lastUpdated => 0,
+ },
+ 'settings groupIdAdminProductManager hoverHelp' => {
+ message => q{Group to manage products},
+ lastUpdated => 0,
+ },
+
+
+ 'settings groupIdAdminProfileSettings label' => {
+ message => q{User Profiling},
+ lastUpdated => 0,
+ },
+ 'settings groupIdAdminProfileSettings hoverHelp' => {
+ message => q{Group to manage user profile fields.},
+ lastUpdated => 0,
+ },
+
+
+ 'settings groupIdAdminReplacements label' => {
+ message => q{Content Filters},
+ lastUpdated => 0,
+ },
+ 'settings groupIdAdminReplacements hoverHelp' => {
+ message => q{Group to manage content filters.},
+ lastUpdated => 0,
+ },
+
+
+ 'settings groupIdAdminSpectre label' => {
+ message => q{Spectre},
+ lastUpdated => 0,
+ },
+ 'settings groupIdAdminSpectre hoverHelp' => {
+ message => q{Group to view Spectre status},
+ lastUpdated => 0,
+ },
+
+
+ 'settings groupIdAdminStatistics label' => {
+ message => q{Statistics},
+ lastUpdated => 0,
+ },
+ 'settings groupIdAdminStatistics hoverHelp' => {
+ message => q{Group to view statistics},
+ lastUpdated => 0,
+ },
+
+
+ 'settings groupIdAdminSubscription label' => {
+ message => q{Subscriptions},
+ lastUpdated => 0,
+ },
+ 'settings groupIdAdminSubscription hoverHelp' => {
+ message => q{Group to manage subscriptions.},
+ lastUpdated => 0,
+ },
+
+
+ 'settings groupIdAdminTransactionLog label' => {
+ message => q{Transactions},
+ lastUpdated => 0,
+ },
+ 'settings groupIdAdminTransactionLog hoverHelp' => {
+ message => q{Group to manage transactions.},
+ lastUpdated => 0,
+ },
+
+
+ 'settings groupIdAdminUser label' => {
+ message => q{Users},
+ lastUpdated => 0,
+ },
+ 'settings groupIdAdminUser hoverHelp' => {
+ message => q{Group to manage users. Can add and edit users.},
+ lastUpdated => 0,
+ },
+
+
+ 'settings groupIdAdminUserAdd label' => {
+ message => q{Users (add only)},
+ lastUpdated => 0,
+ },
+ 'settings groupIdAdminUserAdd hoverHelp' => {
+ message => q{Group that can only add new users.},
+ lastUpdated => 0,
+ },
+
+
+ 'settings groupIdAdminVersionTag label' => {
+ message => q{Version Tags},
+ lastUpdated => 0,
+ },
+ 'settings groupIdAdminVersionTag hoverHelp' => {
+ message => q{Group to manage version tags},
+ lastUpdated => 0,
+ },
+
+
+ 'settings groupIdAdminWorkflow label' => {
+ message => q{Workflow},
+ lastUpdated => 0,
+ },
+ 'settings groupIdAdminWorkflow hoverHelp' => {
+ message => q{Group to manage workflows},
+ lastUpdated => 0,
+ },
+
+
+ 'settings groupIdAdminWorkflowRun label' => {
+ message => q{Workflow (run)},
+ lastUpdated => 0,
+ },
+ 'settings groupIdAdminWorkflowRun hoverHelp' => {
+ message => q{Group that is allowed to run workflows from the admin console.},
+ lastUpdated => 0,
+ },
+
'wiki help label leadin' => {
message => q{For more help, visit the},
lastUpdated => 1185162265,
|