From 58ac54b81df8002ddb8cde535d05c38b01496b20 Mon Sep 17 00:00:00 2001 From: Doug Bell Date: Thu, 26 Jul 2007 06:56:38 +0000 Subject: [PATCH] add: Ability to specify which group can use individual admin console items --- docs/changelog/7.x.x.txt | 1 + docs/upgrades/upgrade_7.3.22-7.4.0.pl | 41 ++ lib/WebGUI/AdminConsole.pm | 391 +++++++++--------- .../Asset/Wobject/EventManagementSystem.pm | 1 - lib/WebGUI/Operation/ActiveSessions.pm | 21 +- lib/WebGUI/Operation/AdSpace.pm | 29 +- lib/WebGUI/Operation/Cache.pm | 82 ++-- lib/WebGUI/Operation/Commerce.pm | 76 ++-- lib/WebGUI/Operation/Cron.pm | 33 +- lib/WebGUI/Operation/DatabaseLink.pm | 70 ++-- lib/WebGUI/Operation/Graphics.pm | 43 +- lib/WebGUI/Operation/Group.pm | 108 +++-- lib/WebGUI/Operation/Help.pm | 21 +- lib/WebGUI/Operation/LDAPLink.pm | 28 +- lib/WebGUI/Operation/LoginHistory.pm | 17 +- lib/WebGUI/Operation/ProductManager.pm | 49 ++- lib/WebGUI/Operation/ProfileSettings.pm | 40 +- lib/WebGUI/Operation/Replacements.pm | 66 +-- lib/WebGUI/Operation/SSO.pm | 10 +- lib/WebGUI/Operation/Settings.pm | 48 ++- lib/WebGUI/Operation/Shared.pm | 3 +- lib/WebGUI/Operation/Spectre.pm | 27 +- lib/WebGUI/Operation/Statistics.pm | 24 +- lib/WebGUI/Operation/Subscription.pm | 39 +- lib/WebGUI/Operation/TransactionLog.pm | 19 +- lib/WebGUI/Operation/User.pm | 85 +++- lib/WebGUI/Operation/VersionTag.pm | 40 +- lib/WebGUI/Operation/Workflow.pm | 58 ++- lib/WebGUI/i18n/English/WebGUI.pm | 245 +++++++++++ 29 files changed, 1227 insertions(+), 488 deletions(-) diff --git a/docs/changelog/7.x.x.txt b/docs/changelog/7.x.x.txt index 7ef765309..b207c5081 100644 --- a/docs/changelog/7.x.x.txt +++ b/docs/changelog/7.x.x.txt @@ -102,6 +102,7 @@ - fix: javascript errors in SQL Form date inputs in IE - Added optional parameters for DatabaseLinks so that users can setup their database's with things like LongReadLen, etc. + - Added ability to restrict admin console items to specific groups. 7.3.22 - fix: relative links sent out in emails don't work properly diff --git a/docs/upgrades/upgrade_7.3.22-7.4.0.pl b/docs/upgrades/upgrade_7.3.22-7.4.0.pl index bede799dc..65e4daa01 100644 --- a/docs/upgrades/upgrade_7.3.22-7.4.0.pl +++ b/docs/upgrades/upgrade_7.3.22-7.4.0.pl @@ -37,9 +37,50 @@ addCanStartThreadToCS($session); addPostCaptchaToCS($session); addFieldsToDatabaseLinks($session); addWikiAttachments($session); +addAdminConsoleGroupSettings($session); finish($session); # this line required +#------------------------------------------------- +# Add the default admin console group settings +sub addAdminConsoleGroupSettings { + my $session = shift; + print "\tAdding default admin console group settings... " unless $quiet; + + my %groupDefaults = ( + groupIdAdminActiveSessions => 3, + groupIdAdminAdSpace => 3, + groupIdAdminCache => 3, + groupIdAdminCommerce => 3, + groupIdAdminCron => 3, + groupIdAdminDatabaseLink => 3, + groupIdAdminGraphics => 3, + groupIdAdminGroup => 3, + groupIdAdminGroupAdmin => 11, + groupIdAdminHelp => 7, + groupIdAdminLDAPLink => 3, + groupIdAdminLoginHistory => 3, + groupIdAdminProductManager => 14, + groupIdAdminProfileSettings => 3, + groupIdAdminReplacements => 3, + groupIdAdminSpectre => 3, + groupIdAdminStatistics => 3, + groupIdAdminSubscription => 3, + groupIdAdminTransactionLog => 3, + groupIdAdminUser => 3, + groupIdAdminUserAdd => 11, + groupIdAdminVersionTag => 12, + groupIdAdminWorkflow => 'pbgroup000000000000015', + groupIdAdminWorkflowRun => 3, + ); + + for my $setting (keys %groupDefaults) { + $session->setting->add($setting, $groupDefaults{$setting}); + } + + print "DONE!\n" unless $quiet; +} + #------------------------------------------------- sub addWikiAttachments { diff --git a/lib/WebGUI/AdminConsole.pm b/lib/WebGUI/AdminConsole.pm index 704a394d8..50b8f2f92 100644 --- a/lib/WebGUI/AdminConsole.pm +++ b/lib/WebGUI/AdminConsole.pm @@ -69,13 +69,24 @@ sub _formatFunction { $url = $self->session->url->page("op=".$function->{op}); } my $i18n = WebGUI::International->new($self->session); + + # Determine if the user can use this control + my $canUse = 0; + if ($function->{class} && $function->{class}->can('canView')) { + eval { require $function->{class}; }; + $canUse = $function->{class}->can('canView')->($self->session); + } + else { + $canUse = $self->session->user->isInGroup( $function->{group} ); + } + return { - title=>$i18n->get($function->{title}{id}, $function->{title}{namespace}), - icon=>$self->session->url->extras("/adminConsole/".$function->{icon}), - 'icon.small'=>$self->session->url->extras("adminConsole/small/".$function->{icon}), - url=>$url, - canUse=>$self->session->user->isInGroup($function->{group}), - isCurrentOpFunc=>($self->session->form->process("op") eq $function->{op} || $self->session->form->process("func") eq $function->{func}) + title => $i18n->get($function->{title}{id}, $function->{title}{namespace}), + icon => $self->session->url->extras("/adminConsole/".$function->{icon}), + 'icon.small' => $self->session->url->extras("adminConsole/small/".$function->{icon}), + url => $url, + canUse => $canUse, + isCurrentOpFunc => ($self->session->form->process("op") eq $function->{op} || $self->session->form->process("func") eq $function->{func}) }; } @@ -188,239 +199,239 @@ sub getAdminFunction { my $id = shift; my $testing = shift; my $functions = { # at some point in the future we'll need to make this pluggable/configurable - "spectre"=>{ - title=>{ - id=>"spectre", - namespace=>"Spectre" + "spectre" => { + title => { + id => "spectre", + namespace => "Spectre", }, - icon=>"spectre.gif", - op=>"spectreStatus", - group=>"3" + icon => "spectre.gif", + op => "spectreStatus", + class => "WebGUI::Operation::Spectre", }, - "assets"=>{ - title=>{ - id=>"assets", - namespace=>"Asset" + "assets" => { + title => { + id => "assets", + namespace => "Asset", }, - icon=>"assets.gif", - func=>"manageAssets", - group=>"12" + icon => "assets.gif", + func => "manageAssets", + group => "12", }, - "versions"=>{ - title=>{ - id=>"version tags", - namespace=>"VersionTag" + "versions" => { + title => { + id => "version tags", + namespace => "VersionTag", }, - icon=>"versionTags.gif", - op=>"manageVersions", - group=>"12" + icon => "versionTags.gif", + op => "manageVersions", + class => "WebGUI::Operation::VersionTag", }, - "workflow"=>{ - title=>{ - id=>"topicName", - namespace=>"Workflow" + "workflow" => { + title => { + id => "topicName", + namespace => "Workflow", }, - icon=>"workflow.gif", - op=>"manageWorkflows", - group=>"pbgroup000000000000015" + icon => "workflow.gif", + op => "manageWorkflows", + class => 'WebGUI::Operation::Workflow', }, - "adSpace"=>{ - title=>{ - id=>"topicName", - namespace=>"AdSpace" + "adSpace" => { + title => { + id => "topicName", + namespace => "AdSpace", }, - icon=>"advertising.gif", - op=>"manageAdSpaces", - group=>"pbgroup000000000000017" + icon => "advertising.gif", + op => "manageAdSpaces", + class => 'WebGUI::Operation::AdSpace', }, - "cron"=>{ - title=>{ - id=>"topicName", - namespace=>"Workflow_Cron" + "cron" => { + title => { + id => "topicName", + namespace => "Workflow_Cron", }, - icon=>"cron.gif", - op=>"manageCron", - group=>"3" + icon => "cron.gif", + op => "manageCron", + class => 'WebGUI::Operation::Cron', }, - "users"=>{ - title=>{ - id=>"149", - namespace=>"WebGUI" + "users" => { + title => { + id => "149", + namespace => "WebGUI", }, - icon=>"users.gif", - op=>"listUsers", - group=>"11" + icon => "users.gif", + op => "listUsers", + class => 'WebGUI::Operation::User', }, - "clipboard"=>{ - title=>{ - id=>"948", - namespace=>"WebGUI" + "clipboard" => { + title => { + id => "948", + namespace => "WebGUI", }, - icon=>"clipboard.gif", - func=>"manageClipboard", - group=>"12" + icon => "clipboard.gif", + func => "manageClipboard", + group => "12", }, - "trash"=>{ - title=>{ - id=>"trash", - namespace=>"WebGUI" + "trash" => { + title => { + id => "trash", + namespace => "WebGUI", }, - icon=>"trash.gif", - func=>"manageTrash", - group=>"12" + icon => "trash.gif", + func => "manageTrash", + group => "12", }, - "databases"=>{ - title=>{ - id=>"databases", - namespace=>"WebGUI" + "databases" => { + title => { + id => "databases", + namespace => "WebGUI", }, - icon=>"databases.gif", - op=>"listDatabaseLinks", - group=>"3" + icon => "databases.gif", + op => "listDatabaseLinks", + class => 'WebGUI::Operation::DatabaseLink', }, - "ldapconnections"=>{ - title=>{ - id=>"ldapconnections", - namespace=>"AuthLDAP" + "ldapconnections" => { + title => { + id => "ldapconnections", + namespace => "AuthLDAP", }, - icon=>"ldap.gif", - op=>"listLDAPLinks", - group=>"3" + icon => "ldap.gif", + op => "listLDAPLinks", + class => 'WebGUI::Operation::LDAPLink', }, - "groups"=>{ - title=>{ - id=>"89", - namespace=>"WebGUI" + "groups" => { + title => { + id => "89", + namespace => "WebGUI", }, - icon=>"groups.gif", - op=>"listGroups", - group=>"11" + icon => "groups.gif", + op => "listGroups", + class => 'WebGUI::Operation::Group', }, - "settings"=>{ - title=>{ - id=>"settings", - namespace=>"WebGUI" + "settings" => { + title => { + id => "settings", + namespace => "WebGUI", }, - icon=>"settings.gif", - op=>"editSettings", - group=>"3" + icon => "settings.gif", + op => "editSettings", + class => 'WebGUI::Operation::Settings', }, - "help"=>{ - title=>{ - id=>"help", - namespace=>"WebGUI" + "help" => { + title => { + id => "help", + namespace => "WebGUI", }, - icon=>"help.gif", - op=>"viewHelpIndex", - group=>"7" + icon => "help.gif", + op => "viewHelpIndex", + class => 'WebGUI::Operation::Help', }, - "statistics"=>{ - title=>{ - id=>"437", - namespace=>"WebGUI" + "statistics" => { + title => { + id => "437", + namespace => "WebGUI", }, - icon=>"statistics.gif", - op=>"viewStatistics", - group=>"3" + icon => "statistics.gif", + op => "viewStatistics", + class => 'WebGUI::Operation::Statistics', }, - "contentProfiling"=>{ - title=>{ - id=>"content profiling", - namespace=>"Asset" + "contentProfiling" => { + title => { + id => "content profiling", + namespace => "Asset", }, - icon=>"contentProfiling.gif", - func=>"manageMetaData", - group=>"4" + icon => "contentProfiling.gif", + func => "manageMetaData", + group => "4", }, - "contentFilters"=>{ - title=>{ - id=>"content filters", - namespace=>"WebGUI" + "contentFilters" => { + title => { + id => "content filters", + namespace => "WebGUI", }, - icon=>"contentFilters.gif", - op=>"listReplacements", - group=>"3" + icon => "contentFilters.gif", + op => "listReplacements", + class => 'WebGUI::Operation::Replacements', }, - "userProfiling"=>{ - title=>{ - id=>"user profiling", - namespace=>"WebGUIProfile" + "userProfiling" => { + title => { + id => "user profiling", + namespace => "WebGUIProfile", }, - icon=>"userProfiling.gif", - op=>"editProfileSettings", - group=>"3" + icon => "userProfiling.gif", + op => "editProfileSettings", + class => 'WebGUI::Operation::ProfileSettings', }, - "loginHistory"=>{ - title=>{ - id=>"426", - namespace=>"WebGUI" + "loginHistory" => { + title => { + id => "426", + namespace => "WebGUI", }, - icon=>"loginHistory.gif", - op=>"viewLoginHistory", - group=>"3" + icon => "loginHistory.gif", + op => "viewLoginHistory", + class => 'WebGUI::Operation::LoginHistory', }, - "inbox"=>{ - title=>{ - id=>"159", - namespace=>"WebGUI" + "inbox" => { + title => { + id => "159", + namespace => "WebGUI", }, - icon=>"inbox.gif", - op=>"viewInbox", - group=>"2" + icon => "inbox.gif", + op => "viewInbox", + group => "2", }, - "activeSessions"=>{ - title=>{ - id=>"425", - namespace=>"WebGUI" + "activeSessions" => { + title => { + id => "425", + namespace => "WebGUI", }, - icon=>"activeSessions.gif", - op=>"viewActiveSessions", - group=>"3" + icon => "activeSessions.gif", + op => "viewActiveSessions", + class => 'WebGUI::Operation::ActiveSessions', }, - "commerce"=>{ - title=>{ - id=>"commerce settings", - namespace=>"Commerce" + "commerce" => { + title => { + id => "commerce settings", + namespace => "Commerce", }, - icon=>"commerce.gif", - op=>"editCommerceSettings", - group=>"3" + icon => "commerce.gif", + op => "editCommerceSettings", + class => 'WebGUI::Operation::Commerce', }, - "subscriptions"=>{ - title=>{ - id=>"manage subscriptions", - namespace=>"Subscription" + "subscriptions" => { + title => { + id => "manage subscriptions", + namespace => "Subscription", }, - icon=>"subscriptions.gif", - op=>"listSubscriptions", - group=>"3" + icon => "subscriptions.gif", + op => "listSubscriptions", + class => 'WebGUI::Operation::Subscription', }, - "productManager"=>{ - title=>{ - id=>"manage products", - namespace=>"ProductManager" + "productManager" => { + title => { + id => "manage products", + namespace => "ProductManager", }, - icon=>"productManager.gif", - op=>"listProducts", - group=>"14" + icon => "productManager.gif", + op => "listProducts", + class => 'WebGUI::Operation::ProductManager', }, - "cache"=>{ - title=>{ - id=>"manage cache", - namespace=>"WebGUI" - }, - icon=>"cache.gif", - op=>"manageCache", - group=>"3" - }, - "graphics"=>{ - title=>{ - id=>"manage graphics", - namespace=>"Graphics", + "cache" => { + title => { + id => "manage cache", + namespace => "WebGUI", + }, + icon => "cache.gif", + op => "manageCache", + class => 'WebGUI::Operation::Cache', + }, + "graphics" => { + title => { + id => "manage graphics", + namespace => "Graphics",, }, - icon=>"graphics.gif", - op=>"listGraphicsOptions", - group=>"3", + icon => "graphics.gif", + op => "listGraphicsOptions", + class => 'WebGUI::Operation::Graphics', }, }; return $functions if $testing; diff --git a/lib/WebGUI/Asset/Wobject/EventManagementSystem.pm b/lib/WebGUI/Asset/Wobject/EventManagementSystem.pm index bc1960573..6570a0d78 100644 --- a/lib/WebGUI/Asset/Wobject/EventManagementSystem.pm +++ b/lib/WebGUI/Asset/Wobject/EventManagementSystem.pm @@ -163,7 +163,6 @@ sub _acWrapper { my $title = shift; my $i18n = WebGUI::International->new($self->session,'Asset_EventManagementSystem'); my $ac = $self->getAdminConsole; - unless $ac->getHelp; $ac->addSubmenuItem($self->getUrl('func=search'),$i18n->get("manage events")); $ac->addSubmenuItem($self->getUrl('func=manageEventMetadata'), $i18n->get('manage event metadata')); $ac->addSubmenuItem($self->getUrl('func=managePrereqSets'), $i18n->get('manage prerequisite sets')); diff --git a/lib/WebGUI/Operation/ActiveSessions.pm b/lib/WebGUI/Operation/ActiveSessions.pm index 4b651b37f..c85fc4624 100644 --- a/lib/WebGUI/Operation/ActiveSessions.pm +++ b/lib/WebGUI/Operation/ActiveSessions.pm @@ -26,6 +26,21 @@ Operation handler for displaying and killing active sessions. =cut +#---------------------------------------------------------------------------- + +=head2 canView ( session [, user] ) + +Returns true if the given user is allowed to use this operation. user must be +a WebGUI::User object. By default, checks the current user. + +=cut + +sub canView { + my $session = shift; + my $user = shift || $session->user; + return $user->isInGroup( $session->setting->get("groupIdAdminActiveSessions") ); +} + #------------------------------------------------------------------- =head2 www_killSession ( ) @@ -39,7 +54,7 @@ $session->form->process("sid"). Afterwards, it calls www_viewActiveSessions. sub www_killSession { my $session = shift; return www_viewActiveSessions($session) if $session->form->process("sid") eq $session->var->get("sessionId"); - return $session->privilege->adminOnly() unless ($session->user->isInGroup(3)); + return $session->privilege->adminOnly unless canView($session); $session->db->write("delete from userSession where sessionId=?",[$session->form->process("sid")]); $session->db->write("delete from userSessionScratch where sessionId=?", [$session->form->process("sid")]); return www_viewActiveSessions($session); @@ -55,8 +70,8 @@ delete (kill) each one via www_killSession =cut sub www_viewActiveSessions { - my $session = shift; - return $session->privilege->adminOnly() unless ($session->user->isInGroup(3)); + my $session = shift; + return $session->privilege->adminOnly unless canView($session); my ($output, $p, @row, $i, $sth, %data); tie %data, 'Tie::CPHash'; $sth = $session->db->read("select users.username,users.userId,userSession.sessionId,userSession.expires, diff --git a/lib/WebGUI/Operation/AdSpace.pm b/lib/WebGUI/Operation/AdSpace.pm index 99325bb83..e2507e295 100644 --- a/lib/WebGUI/Operation/AdSpace.pm +++ b/lib/WebGUI/Operation/AdSpace.pm @@ -28,6 +28,21 @@ Operation handler for advertising functions. =cut +#---------------------------------------------------------------------------- + +=head2 canView ( session [, user] ) + +Returns true if the user is allowed to use this operation. user defaults to +the current user. + +=cut + +sub canView { + my $session = shift; + my $user = shift || $session->user; + return $user->isInGroup( $session->setting->get("groupIdAdminAdSpace") ); +} + #------------------------------------------------------------------- =head2 www_clickAd ( ) @@ -55,7 +70,7 @@ Deletes an ad. sub www_deleteAd { my $session = shift; - return $session->privilege->insufficient unless ($session->user->isInGroup("pbgroup000000000000017")); + return $session->privilege->insufficient unless canView($session); WebGUI::AdSpace::Ad->new($session, $session->form->param("adId"))->delete; return www_editAdSpace($session); } @@ -70,7 +85,7 @@ Deletes an ad space. sub www_deleteAdSpace { my $session = shift; - return $session->privilege->insufficient unless ($session->user->isInGroup("pbgroup000000000000017")); + return $session->privilege->insufficient unless canView($session); WebGUI::AdSpace->new($session, $session->form->param("adSpaceId"))->delete; return www_manageAdSpaces($session); } @@ -85,7 +100,7 @@ Displays form for editing an ad. sub www_editAd { my $session = shift; - return $session->privilege->insufficient unless ($session->user->isInGroup("pbgroup000000000000017")); + return $session->privilege->insufficient unless canView($session); my $id = $session->form->param("adId") || "new"; my $ac = WebGUI::AdminConsole->new($session,"adSpace"); my $i18n = WebGUI::International->new($session,"AdSpace"); @@ -224,7 +239,7 @@ The save method for www_editAd() sub www_editAdSave { my $session = shift; - return $session->privilege->insufficient unless ($session->user->isInGroup("pbgroup000000000000017")); + return $session->privilege->insufficient unless canView($session); my %properties = ( type=>$session->form->process("type", "selectBox"), url=>$session->form->process("url", "url"), @@ -265,7 +280,7 @@ Edit or add an ad space form. sub www_editAdSpace { my $session = shift; my $adSpace = shift; - return $session->privilege->insufficient unless ($session->user->isInGroup("pbgroup000000000000017")); + return $session->privilege->insufficient unless canView($session); my $id; my $i18n = WebGUI::International->new($session,"AdSpace"); my $ac = WebGUI::AdminConsole->new($session,"adSpace"); @@ -346,7 +361,7 @@ Save the www_editAdSpace method. sub www_editAdSpaceSave { my $session = shift; - return $session->privilege->insufficient unless ($session->user->isInGroup("pbgroup000000000000017")); + return $session->privilege->insufficient unless canView($session); my %properties = ( name=>$session->form->process("name", "text"), title=>$session->form->process("title", "text"), @@ -374,7 +389,7 @@ Manage ad spaces. sub www_manageAdSpaces { my $session = shift; - return $session->privilege->insufficient unless ($session->user->isInGroup("pbgroup000000000000017")); + return $session->privilege->insufficient unless canView($session); my $ac = WebGUI::AdminConsole->new($session,"adSpace"); my $i18n = WebGUI::International->new($session,"AdSpace"); my $output = ""; diff --git a/lib/WebGUI/Operation/Cache.pm b/lib/WebGUI/Operation/Cache.pm index 735f40b8d..e12f5d470 100644 --- a/lib/WebGUI/Operation/Cache.pm +++ b/lib/WebGUI/Operation/Cache.pm @@ -45,19 +45,34 @@ is looked up in the i18n table in the WebGUI namespace. =cut sub _submenu { - my $session = shift; - my $workarea = shift; - my $title = shift; - my $i18n = WebGUI::International->new($session); - $title = $i18n->get($title) if ($title); - my $ac = WebGUI::AdminConsole->new($session,"cache"); - if ($session->setting->get("trackPageStatistics")) { - $ac->addSubmenuItem( $session->url->page('op=manageCache'), $i18n->get('manage cache')); - } - return $ac->render($workarea, $title); + my $session = shift; + my $workarea = shift; + my $title = shift; + my $i18n = WebGUI::International->new($session); + $title = $i18n->get($title) if ($title); + my $ac = WebGUI::AdminConsole->new($session,"cache"); + if ($session->setting->get("trackPageStatistics")) { + $ac->addSubmenuItem( $session->url->page('op=manageCache'), $i18n->get('manage cache')); + } + return $ac->render($workarea, $title); } +#---------------------------------------------------------------------------- + +=head2 canView ( session [, user] ) + +Returns true if the user can use this Operation. user defaults to the current +user. + +=cut + +sub canView { + my $session = shift; + my $user = shift || $session->user; + return $user->isInGroup( $session->setting->get("groupIdAdminCache") ); +} + #------------------------------------------------------------------- =head2 www_flushCache ( duration ) @@ -74,11 +89,13 @@ Text description of how long the subscription lasts. =cut sub www_flushCache { - my $session = shift; - return $session->privilege->adminOnly() unless ($session->user->isInGroup(3)); - my $cache = WebGUI::Cache->new($session,); - $cache->flush; - return www_manageCache($session); + my $session = shift; + return $session->privilege->adminOnly unless canView($session); + + # Flush the cache + WebGUI::Cache->new($session)->flush; + + return www_manageCache($session); } #------------------------------------------------------------------- @@ -91,24 +108,25 @@ provides an option to clear the cache. =cut sub www_manageCache { - my $session = shift; - return $session->privilege->adminOnly() unless ($session->user->isInGroup(3)); - my ($output, $data); - my $cache = WebGUI::Cache->new($session); - my $flushURL = $session->url->page('op=flushCache'); - my $i18n = WebGUI::International->new($session); - $output .= ''; - $output .= ''; - $output .= ''; - $output .= ''; + my $session = shift; + return $session->privilege->adminOnly unless canView($session); + my $cache = WebGUI::Cache->new($session); + my $flushURL = $session->url->page('op=flushCache'); + my $i18n = WebGUI::International->new($session); + my $output + = '
'.$i18n->get('cache type').':'.ref($cache).'
'.$i18n->get('cache statistics').':
'.$cache->stats.'
 '. - WebGUI::Form::button($session,{ - value=>$i18n->get("clear cache"), - extras=>qq{onclick="document.location.href='$flushURL';"}, - }). - '
' + . '' + . '' + . '' + . '
'.$i18n->get('cache type').':'.ref($cache).'
'.$i18n->get('cache statistics').':
'.$cache->stats.'
 ' + . WebGUI::Form::button($session, { + value => $i18n->get("clear cache"), + extras => qq{onclick="document.location.href='$flushURL';"}, + }) + . '
' + ; - $output .= ""; - return _submenu($session,$output); + return _submenu($session,$output); } diff --git a/lib/WebGUI/Operation/Commerce.pm b/lib/WebGUI/Operation/Commerce.pm index ca71bd042..86df39dfc 100644 --- a/lib/WebGUI/Operation/Commerce.pm +++ b/lib/WebGUI/Operation/Commerce.pm @@ -42,17 +42,16 @@ The i18n key of the title of this workarea. =cut sub _submenu { - my $session = shift; - my $i18n = WebGUI::International->new($session, "Commerce"); - - my $workarea = shift; - my $title = shift; - $title = $i18n->get($title) if ($title); - my $ac = WebGUI::AdminConsole->new($session,"commerce"); - $ac->addSubmenuItem($session->url->page('op=editCommerceSettings'), $i18n->get('manage commerce settings')); - $ac->addSubmenuItem($session->url->page('op=listTransactions'), $i18n->get('list transactions')); - $ac->addSubmenuItem($session->url->page('op=listPendingTransactions'), $i18n->get('list pending transactions')); - return $ac->render($workarea, $title); + my $session = shift; + my $i18n = WebGUI::International->new($session, "Commerce"); + my $workarea = shift; + my $title = shift; + $title = $i18n->get($title) if ($title); + my $ac = WebGUI::AdminConsole->new($session,"commerce"); + $ac->addSubmenuItem($session->url->page('op=editCommerceSettings'), $i18n->get('manage commerce settings')); + $ac->addSubmenuItem($session->url->page('op=listTransactions'), $i18n->get('list transactions')); + $ac->addSubmenuItem($session->url->page('op=listPendingTransactions'), $i18n->get('list pending transactions')); + return $ac->render($workarea, $title); } #------------------------------------------------------------------- @@ -64,9 +63,9 @@ A wrapper around _clearShippingScratch and _clearPaymentScratch. =cut sub _clearCheckoutScratch { - my $session = shift; - _clearShippingScratch($session); - _clearPaymentScratch($session); + my $session = shift; + _clearShippingScratch($session); + _clearPaymentScratch($session); } #------------------------------------------------------------------- @@ -78,8 +77,8 @@ Clears the C scratch variable. =cut sub _clearPaymentScratch { - my $session = shift; - $session->scratch->delete('paymentGateway'); + my $session = shift; + $session->scratch->delete('paymentGateway'); } #------------------------------------------------------------------- @@ -162,6 +161,21 @@ sub _validateState { return $state; } +#---------------------------------------------------------------------------- + +=head2 canView ( session [, user] ) + +Returns true if the user can administrate this operation. user defaults to +the current user. + +=cut + +sub canView { + my $session = shift; + my $user = shift || $session->user; + return $user->isInGroup( $session->setting->get("groupIdAdminCommerce") ); +} + #------------------------------------------------------------------- =head2 www_addToCart ( $session ) @@ -535,8 +549,7 @@ sub www_checkoutSubmit { =head2 www_completePendingTransaction ( $session ) -You must be in group Admin (3) to execute the subroutine. Completes -the transaction specified in the form variable C by calling +Completes the transaction specified in the form variable C by calling WebGUI::Commerce::Transaction->completeTransaction. Returns the user to the C operation. @@ -544,7 +557,7 @@ to the C operation. sub www_completePendingTransaction { my $session = shift; - return $session->privilege->adminOnly() unless ($session->user->isInGroup(3)); + return $session->privilege->adminOnly unless canView($session); WebGUI::Commerce::Transaction->new($session, $session->form->process("tid"))->completeTransaction; @@ -581,8 +594,7 @@ transaction, but only if the plugin's C returns true. sub www_confirmTransaction { my $session = shift; - my($plugin, %var); - $plugin = WebGUI::Commerce::Payment->load($session, $session->form->process("pg","className")); + my $plugin = WebGUI::Commerce::Payment->load($session, $session->form->process("pg","className")); if ($plugin->confirmTransaction) { WebGUI::Commerce::Transaction->new($session, $plugin->getTransactionId)->completeTransaction; @@ -609,8 +621,6 @@ sub www_deleteCartItem { =head2 www_editCommerceSettings ( $session ) -Only users in group Admin (3) can execute the subroutine. - Site wide setting for commerce, including payment plugins, shipping plugins and templates. @@ -623,17 +633,17 @@ sub www_editCommerceSettings { my (%tabs, $tabform, $currentPlugin, $ac, $jscript, $i18n, $paymentPlugin, @paymentPlugins, %paymentPlugins, @failedPaymentPlugins, $plugin, $shippingPlugin, @shippingPlugins, %shippingPlugins, @failedShippingPlugins); - return $session->privilege->adminOnly() unless ($session->user->isInGroup(3)); + return $session->privilege->adminOnly unless canView($session); $i18n = WebGUI::International->new($session, 'Commerce'); tie %tabs, 'Tie::IxHash'; %tabs = ( - general=>{label=>$i18n->get('general tab')}, - payment=>{label=>$i18n->get('payment tab')}, - shipping=>{label=>$i18n->get('shipping tab')}, - salesTax=>{label=>$i18n->get('salesTax tab')}, - ); + general=>{label=>$i18n->get('general tab')}, + payment=>{label=>$i18n->get('payment tab')}, + shipping=>{label=>$i18n->get('shipping tab')}, + salesTax=>{label=>$i18n->get('salesTax tab')}, + ); $paymentPlugin = $session->config->get("paymentPlugins")->[0]; $shippingPlugin = $session->config->get("shippingPlugins")->[0]; @@ -794,8 +804,6 @@ sub www_editCommerceSettings { =head2 www_editCommerceSettingsSave ( $session ) -Only users in group Admin (3) can execute the subroutine. - Form post processor for C. Plugin configuration data is stored in a special table for security and all other settings in the WebGUI settings table for easy access. @@ -806,7 +814,7 @@ Returns the user to C. sub www_editCommerceSettingsSave { my $session = shift; - return $session->privilege->adminOnly() unless ($session->user->isInGroup(3)); + return $session->privilege->adminOnly() unless canView($session); PARAM: foreach ($session->form->param) { @@ -845,7 +853,7 @@ links so the Admin can complete any pending transaction. sub www_listPendingTransactions { my $session = shift; my ($p, $transactions, $output, $properties, $i18n); - return $session->privilege->adminOnly() unless ($session->user->isInGroup(3)); + return $session->privilege->adminOnly() unless canView($session); $i18n = WebGUI::International->new($session, "Commerce"); @@ -894,7 +902,7 @@ sub www_listTransactions { my $session = shift; my ($output, %criteria, $transaction, @transactions); - return $session->privilege->insufficient unless ($session->user->isInGroup(3)); + return $session->privilege->insufficient unless canView($session); my $i18n = WebGUI::International->new($session, 'TransactionLog'); diff --git a/lib/WebGUI/Operation/Cron.pm b/lib/WebGUI/Operation/Cron.pm index 28d50a05d..84ba93eb2 100644 --- a/lib/WebGUI/Operation/Cron.pm +++ b/lib/WebGUI/Operation/Cron.pm @@ -29,6 +29,21 @@ Operation handler for managing scheduler activities. =cut +#---------------------------------------------------------------------------- + +=head2 canView ( session [, user] ) + +Returns true if the user can administrate this operation. user defaults to +the current user. + +=cut + +sub canView { + my $session = shift; + my $user = shift || $session->user; + return $user->isInGroup( $session->setting->get("groupIdAdminCron") ); +} + #------------------------------------------------------------------- =head2 www_deleteCronJob ( ) @@ -38,11 +53,11 @@ Deletes a cron job. =cut sub www_deleteCronJob { - my $session = shift; - return $session->privilege->adminOnly() unless ($session->user->isInGroup(3)); - my $cron = WebGUI::Workflow::Cron->new($session, $session->form->get("id")); - $cron->delete if defined $cron; - return www_manageCron($session); + my $session = shift; + return $session->privilege->adminOnly unless canView($session); + my $cron = WebGUI::Workflow::Cron->new($session, $session->form->get("id")); + $cron->delete if defined $cron; + return www_manageCron($session); } #------------------------------------------------------------------- @@ -55,7 +70,7 @@ Displays an edit form for a cron job. sub www_editCronJob { my $session = shift; - return $session->privilege->adminOnly() unless ($session->user->isInGroup(3)); + return $session->privilege->adminOnly unless canView($session); my $i18n = WebGUI::International->new($session, "Workflow_Cron"); my $cron = WebGUI::Workflow::Cron->new($session, $session->form->get("id")); my $f = WebGUI::HTMLForm->new($session); @@ -180,7 +195,7 @@ Saves the results of www_editCronJob() sub www_editCronJobSave { my $session = shift; - return $session->privilege->adminOnly() unless ($session->user->isInGroup(3)); + return $session->privilege->adminOnly unless canView($session); if ($session->form->get("id") eq "new") { WebGUI::Workflow::Cron->create($session,{ monthOfYear=>$session->form->get("monthOfYear"), @@ -223,7 +238,7 @@ Display a list of the scheduler activities. sub www_manageCron { my $session = shift; - return $session->privilege->adminOnly() unless ($session->user->isInGroup(3)); + return $session->privilege->adminOnly unless canView($session); my $i18n = WebGUI::International->new($session, "Workflow_Cron"); my $output = ''; my $rs = $session->db->read("select taskId, title, concat(minuteOfHour, ' ', hourOfDay, ' ', dayOfMonth, ' ', monthOfYear, ' ', dayOfWeek), enabled from WorkflowSchedule"); @@ -256,7 +271,7 @@ sub www_runCronJob { my $session = shift; $session->http->setMimeType("text/plain"); $session->http->setCacheControl("none"); - unless (isInSubnet($session->env->get("REMOTE_ADDR"), $session->config->get("spectreSubnets")) || $session->user->isInGroup("3")) { + unless (isInSubnet($session->env->get("REMOTE_ADDR"), $session->config->get("spectreSubnets")) || canView($session)) { $session->errorHandler->security("make a Spectre cron job runner request, but we're only allowed to accept requests from ".join(",",@{$session->config->get("spectreSubnets")})."."); return "error"; } diff --git a/lib/WebGUI/Operation/DatabaseLink.pm b/lib/WebGUI/Operation/DatabaseLink.pm index 0b0855853..344303c26 100644 --- a/lib/WebGUI/Operation/DatabaseLink.pm +++ b/lib/WebGUI/Operation/DatabaseLink.pm @@ -55,41 +55,57 @@ sub _submenu { $ac->addSubmenuItem($session->url->page('op=editDatabaseLink;dlid=new'), $i18n->get(982)); my $dlid = $session->form->process("dlid"); if (($session->form->process("op") eq "editDatabaseLink" && $dlid ne "new") || $session->form->process("op") eq "deleteDatabaseLink") { - $ac->addSubmenuItem($session->url->page('op=editDatabaseLink;dlid='.$dlid), $i18n->get(983)); - $ac->addSubmenuItem($session->url->page('op=copyDatabaseLink;dlid='.$dlid), $i18n->get(984)); - $ac->addConfirmedSubmenuItem($session->url->page("op=deleteDatabaseLinkConfirm;dlid=".$dlid), $i18n->get(985), $i18n->get(988)); - $ac->addSubmenuItem($session->url->page('op=listDatabaseLinks'), $i18n->get(986)); + $ac->addSubmenuItem($session->url->page('op=editDatabaseLink;dlid='.$dlid), $i18n->get(983)); + $ac->addSubmenuItem($session->url->page('op=copyDatabaseLink;dlid='.$dlid), $i18n->get(984)); + $ac->addConfirmedSubmenuItem($session->url->page("op=deleteDatabaseLinkConfirm;dlid=".$dlid), $i18n->get(985), $i18n->get(988)); + $ac->addSubmenuItem($session->url->page('op=listDatabaseLinks'), $i18n->get(986)); } return $ac->render($workarea, $title); } -=head2 www_copyDatabaseLink ( $session ) +#---------------------------------------------------------------------------- -Copies the requested database link in the form variable C if the user -is in group Admin (3). Returns the user to the List Database Links screen. +=head2 canView ( session [, user] ) + +Returns true if the user can administrate this operation. user defaults to +the current user. =cut -#------------------------------------------------------------------- -sub www_copyDatabaseLink { - my $session = shift; - return $session->privilege->insufficient unless ($session->user->isInGroup(3)); - WebGUI::DatabaseLink->new($session,$session->form->process("dlid"))->copy; - return www_listDatabaseLinks($session); +sub canView { + my $session = shift; + my $user = shift || $session->user; + return $user->isInGroup( $session->setting->get("groupIdAdminDatabaseLink") ); } +#------------------------------------------------------------------- + +=head2 www_copyDatabaseLink ( $session ) + +Copies the requested database link in the form variable C if the user +is in the correct group. Returns the user to the List Database Links screen. + +=cut + +sub www_copyDatabaseLink { + my $session = shift; + return $session->privilege->insufficient unless canView($session); + WebGUI::DatabaseLink->new($session,$session->form->process("dlid"))->copy; + return www_listDatabaseLinks($session); +} + +#------------------------------------------------------------------- + =head2 www_deleteDatabaseLink ( $session ) Requests that the user confirm the deletion of the database link in -the form variable C. Returns Insufficient privilege if the -user is not in group Admin (3). +the form variable C. =cut -#------------------------------------------------------------------- sub www_deleteDatabaseLink { my $session = shift; - return $session->privilege->insufficient unless ($session->user->isInGroup(3)); + return $session->privilege->insufficient unless canView($session); return $session->privilege->vitalComponent if ($session->form->process("dlid") eq '0'); my $i18n = WebGUI::International->new($session); my ($output); @@ -102,6 +118,8 @@ sub www_deleteDatabaseLink { return _submenu($session,$output,"987"); } +#------------------------------------------------------------------- + =head2 www_deleteDatabaseLinkConfirm ( $session ) Deletes the requested database link in the form variable C if the user @@ -112,16 +130,17 @@ Returns the user to the List Database Links screen. =cut -#------------------------------------------------------------------- sub www_deleteDatabaseLinkConfirm { my $session = shift; - return $session->privilege->insufficient unless ($session->user->isInGroup(3)); + return $session->privilege->insufficient unless canView($session); return $session->privilege->vitalComponent if ($session->form->process("dlid") eq '0'); WebGUI::DatabaseLink->new($session,$session->form->process("dlid"))->delete; return www_listDatabaseLinks($session); } +#------------------------------------------------------------------- + =head2 www_editDatabaseLink ( $session ) Create a new database link or edit an existing database link. The user must @@ -131,10 +150,9 @@ Calls www_editDatabaseLinkSave on user submission. =cut -#------------------------------------------------------------------- sub www_editDatabaseLink { my $session = shift; - return $session->privilege->insufficient unless ($session->user->isInGroup(3)); + return $session->privilege->insufficient unless canView($session); my ($output, %db, $f); tie %db, 'Tie::CPHash'; if ($session->form->process("dlid") eq "new") { @@ -212,6 +230,8 @@ sub www_editDatabaseLink { return _submenu($session,$output,"990"); } +#------------------------------------------------------------------- + =head2 www_editDatabaseLinkSave ( $session ) Form postprocessor for www_editDatabaseLink. Only users in group Admin (3) @@ -221,11 +241,10 @@ Returns the user the Link Database Links screen. =cut -#------------------------------------------------------------------- sub www_editDatabaseLinkSave { my ($allowedKeywords); my $session = shift; - return $session->privilege->insufficient unless ($session->user->isInGroup(3)); + return $session->privilege->insufficient unless canView($session); # Convert enters to a single \n. ($allowedKeywords = $session->form->process("allowedKeywords")) =~ s/\s+/\n/g; @@ -246,6 +265,8 @@ sub www_editDatabaseLinkSave { return www_listDatabaseLinks($session); } +#------------------------------------------------------------------- + =head2 www_listDatabaseLinks ( $session ) List all Database links and allow the user to edit, copy or delete them. @@ -253,10 +274,9 @@ Only users in group Admin (3) are allowed to see this screen. =cut -#------------------------------------------------------------------- sub www_listDatabaseLinks { my $session = shift; - return $session->privilege->adminOnly() unless($session->user->isInGroup(3)); + return $session->privilege->adminOnly() unless canView($session); my $links = WebGUI::DatabaseLink->getList($session); my $output = '
'; my $i18n = WebGUI::International->new($session); diff --git a/lib/WebGUI/Operation/Graphics.pm b/lib/WebGUI/Operation/Graphics.pm index c2454ad14..041ede0b0 100644 --- a/lib/WebGUI/Operation/Graphics.pm +++ b/lib/WebGUI/Operation/Graphics.pm @@ -90,12 +90,27 @@ sub _getColorForm { return $f->printRowsOnly; } +#---------------------------------------------------------------------------- + +=head2 canView ( session [, user] ) + +Returns true if the user can administrate this operation. user defaults to +the current user. + +=cut + +sub canView { + my $session = shift; + my $user = shift || $session->user; + return $user->isInGroup( $session->setting->get("groupIdAdminGraphics") ); +} + #------------------------------------------------------------------- sub www_addColorToPalette { my ($f); my $session = shift; - return $session->privilege->adminOnly() unless ($session->user->isInGroup(3)); + return $session->privilege->adminOnly() unless canView($session); $f = WebGUI::HTMLForm->new($session); $f->hidden( @@ -120,7 +135,7 @@ sub www_addColorToPalette { sub www_addColorToPaletteSave { my $session = shift; - return $session->privilege->adminOnly() unless ($session->user->isInGroup(3)); + return $session->privilege->adminOnly() unless canView($session); my $color = WebGUI::Image::Color->new($session, $session->form->process('cid')); if ($session->form->process('cid') eq 'new') { @@ -141,7 +156,7 @@ my $palette = WebGUI::Image::Palette->new($session, $session->form->process('pid sub www_deleteFont { my $session = shift; - return $session->privilege->adminOnly() unless ($session->user->isInGroup(3)); + return $session->privilege->adminOnly() unless canView($session); my $font = WebGUI::Image::Font->new($session, $session->form->process('fid')); $font->delete; @@ -153,7 +168,7 @@ sub www_deleteFont { sub www_deletePalette { my $session = shift; - return $session->privilege->adminOnly() unless ($session->user->isInGroup(3)); + return $session->privilege->adminOnly() unless canView($session); my $palette = WebGUI::Image::Palette->new($session, $session->form->process('pid')); $palette->delete; @@ -166,7 +181,7 @@ sub www_editColor { my ($f); my $session = shift; - return $session->privilege->adminOnly() unless ($session->user->isInGroup(3)); + return $session->privilege->adminOnly() unless canView($session); my $colorId = $session->form->process('cid'); return www_listPalettes($session) if ($colorId eq 'new'); @@ -194,7 +209,7 @@ sub www_editColor { sub www_editColorSave { my $session = shift; - return $session->privilege->adminOnly() unless ($session->user->isInGroup(3)); + return $session->privilege->adminOnly() unless canView($session); my $colorId = $session->form->process('cid'); return www_listPalettes($session) if ($colorId eq 'new'); @@ -215,7 +230,7 @@ sub www_editFont { my ($f, $fontName); my $session = shift; - return $session->privilege->adminOnly() unless ($session->user->isInGroup(3)); + return $session->privilege->adminOnly() unless canView($session); my $i18n = WebGUI::International->new($session, "Graphics"); @@ -253,7 +268,7 @@ sub www_editFont { sub www_editFontSave { my $session = shift; - return $session->privilege->adminOnly() unless ($session->user->isInGroup(3)); + return $session->privilege->adminOnly() unless canView($session); if ($session->form->process('fid') eq 'new') { @@ -278,7 +293,7 @@ sub www_editPalette { my $session = shift; my $paletteId = shift || $session->form->process('pid'); - return $session->privilege->adminOnly() unless ($session->user->isInGroup(3)); + return $session->privilege->adminOnly() unless canView($session); my $i18n = WebGUI::International->new($session, 'Graphics'); @@ -333,7 +348,7 @@ sub www_editPalette { sub www_editPaletteSave { my $session = shift; - return $session->privilege->adminOnly() unless ($session->user->isInGroup(3)); + return $session->privilege->adminOnly() unless canView($session); my $palette = WebGUI::Image::Palette->new($session, $session->form->process('pid')); $palette->setName($session->form->process('paletteName')); @@ -346,7 +361,7 @@ sub www_listGraphicsOptions { my ($output); my $session = shift; - return $session->privilege->adminOnly() unless ($session->user->isInGroup(3)); + return $session->privilege->adminOnly() unless canView($session); my $i18n = WebGUI::International->new($session, 'Graphics'); @@ -361,7 +376,7 @@ sub www_listPalettes { my ($output); my $session = shift; - return $session->privilege->adminOnly() unless ($session->user->isInGroup(3)); + return $session->privilege->adminOnly() unless canView($session); my $i18n = WebGUI::International->new($session, 'Graphics'); @@ -420,7 +435,7 @@ sub www_listFonts { my ($output); my $session = shift; - return $session->privilege->adminOnly() unless ($session->user->isInGroup(3)); + return $session->privilege->adminOnly() unless canView($session); my $i18n = WebGUI::International->new($session, 'Graphics'); @@ -448,7 +463,7 @@ sub www_listFonts { sub www_removeColorFromPalette { my $session = shift; - return $session->privilege->adminOnly() unless ($session->user->isInGroup(3)); + return $session->privilege->adminOnly() unless canView($session); my $palette = WebGUI::Image::Palette->new($session, $session->form->process('pid')); $palette->removeColor($session->form->process('index')); diff --git a/lib/WebGUI/Operation/Group.pm b/lib/WebGUI/Operation/Group.pm index 6ff41ce12..e91b5a89f 100644 --- a/lib/WebGUI/Operation/Group.pm +++ b/lib/WebGUI/Operation/Group.pm @@ -23,16 +23,7 @@ use WebGUI::Paginator; use WebGUI::SQL; use WebGUI::Utility; -#------------------------------------------------------------------- -sub _hasSecondaryPrivilege { - my $session = shift; - return 0 unless ($session->user->isInGroup(11)); - my $group = WebGUI::Group->new($session,$_[0]); - return $group->userIsAdmin($session->user->userId); -} - - -#------------------------------------------------------------------- +#---------------------------------------------------------------------------- sub _submenu { my $session = shift; my $workarea = shift; @@ -40,10 +31,10 @@ sub _submenu { my $i18n = WebGUI::International->new($session); $title = $i18n->get($title) if ($title); my $ac = WebGUI::AdminConsole->new($session,"groups"); - if ($session->user->isInGroup(3)) { + if (canEditAll($session)) { $ac->addSubmenuItem($session->url->page('op=editGroup;gid=new'), $i18n->get(90)); } - if ($session->user->isInGroup(11)) { + if (canView($session)) { unless ($session->form->process("op") eq "listGroups" || $session->form->process("gid") eq "new" || $session->form->process("op") eq "deleteGroupConfirm") { @@ -55,10 +46,65 @@ sub _submenu { } $ac->addSubmenuItem($session->url->page("op=listGroups"), $i18n->get(756)); } - return $ac->render($workarea, $title); + return $ac->render($workarea, $title); } +#---------------------------------------------------------------------------- + +=head2 canEditAll ( session [, user] ) + +Returns true if the user is allowed to edit all groups. user defaults to the +current user. + +=cut + +sub canEditAll { + my $session = shift; + my $user = shift || $session->user; + return $user->isInGroup( $session->setting->get("groupIdAdminGroup") ); +} + +#---------------------------------------------------------------------------- + +=head2 canEditGroup ( session, group [, user] ) + +Returns true if the user can edit the specified group. user defaults to the +current user. + +=cut + +sub canEditGroup { + my $session = shift; + my $groupId = shift; + my $user = shift || $session->user; + + return 1 if canEditAll($session, $user); + + my $group = WebGUI::Group->new($session,$groupId); + return $user->isInGroup( $session->setting->get("groupIdAdminGroupAdmin") ) + && $group->userIsAdmin( $user->userId ) + ; +} + +#---------------------------------------------------------------------------- + +=head2 canView ( session [, user] ) + +Returns true if the user is allowed to use this control in any capacity. user +defaults to the current user. + +=cut + +sub canView { + my $session = shift; + my $user = shift || $session->user; + + return canEditAll($session, $user) + || $user->isInGroup( $session->setting->get("groupIdAdminGroupAdmin") ) + ; +} + #------------------------------------------------------------------- sub doGroupSearch { my $session = shift; @@ -160,7 +206,7 @@ sub walkGroups { #------------------------------------------------------------------- sub www_addGroupsToGroupSave { my $session = shift; - return $session->privilege->adminOnly() unless ($session->user->isInGroup(3) || _hasSecondaryPrivilege($session,$session->form->process("gid"))); + return $session->privilege->adminOnly() unless (canEditGroup($session,$session->form->process("gid"))); my $group = WebGUI::Group->new($session,$session->form->process("gid")); my @groups = $session->form->group('groups'); $group->addGroups(\@groups); @@ -170,7 +216,7 @@ sub www_addGroupsToGroupSave { #------------------------------------------------------------------- sub www_addUsersToGroupSave { my $session = shift; - return $session->privilege->adminOnly() unless ($session->user->isInGroup(3) || _hasSecondaryPrivilege($session,$session->form->process("gid"))); + return $session->privilege->adminOnly() unless (canEditGroup($session,$session->form->process("gid"))); my @users = $session->form->selectList('users'); my $group = WebGUI::Group->new($session,$session->form->process("gid")); $group->addUsers(\@users); @@ -202,7 +248,7 @@ sub www_autoDeleteFromGroup { #------------------------------------------------------------------- sub www_deleteGroup { my $session = shift; - return $session->privilege->adminOnly() unless ($session->user->isInGroup(3) || _hasSecondaryPrivilege($session,$session->form->process("gid"))); + return $session->privilege->adminOnly() unless (canEditGroup($session,$session->form->process("gid"))); return $session->privilege->vitalComponent() if (isIn($session->form->process("gid"), qw(1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17))); my $g = WebGUI::Group->new($session,$session->form->process("gid")); $g->delete; @@ -212,7 +258,7 @@ sub www_deleteGroup { #------------------------------------------------------------------- sub www_deleteGroupGrouping { my $session = shift; - return $session->privilege->adminOnly() unless ($session->user->isInGroup('3') || _hasSecondaryPrivilege($session,$session->form->process("gid"))); + return $session->privilege->adminOnly() unless (canEditGroup($session,$session->form->process("gid"))); my $group = WebGUI::Group->new($session,$session->form->process("gid")); $group->deleteGroups([$session->form->process("delete")]); return www_manageGroupsInGroup($session); @@ -222,7 +268,7 @@ sub www_deleteGroupGrouping { =head2 www_deleteGrouping ( ) -Deletes a set of users from a set of groups. Only Admins may perform this function. +Deletes a set of users from a set of groups. The user and group lists are expected to be found in form fields names uid and gid, respectively. Visitors are not allowed to perform this operation. @@ -231,7 +277,7 @@ perform this operation. sub www_deleteGrouping { my $session = shift; - return $session->privilege->adminOnly() unless ($session->user->isInGroup(3) || _hasSecondaryPrivilege($session,$session->form->process("gid"))); + return $session->privilege->adminOnly() unless (canEditGroup($session,$session->form->process("gid"))); if (($session->user->userId eq $session->form->process("uid") || $session->form->process("uid") eq '3') && $session->form->process("gid") eq '3') { return $session->privilege->vitalComponent(); } @@ -248,7 +294,7 @@ sub www_deleteGrouping { #------------------------------------------------------------------- sub www_editGroup { my $session = shift; - return $session->privilege->adminOnly() unless ($session->user->isInGroup(3) || _hasSecondaryPrivilege($session,$session->form->process("gid"))); + return $session->privilege->adminOnly() unless (canEditGroup($session,$session->form->process("gid"))); my ($output, $f, $g); if ($session->form->process("gid") eq "new") { $g = WebGUI::Group->new($session,""); @@ -414,7 +460,7 @@ sub www_editGroup { #------------------------------------------------------------------- sub www_editGroupSave { my $session = shift; - return $session->privilege->adminOnly() unless ($session->user->isInGroup(3) || _hasSecondaryPrivilege($session,$session->form->process("gid"))); + return $session->privilege->adminOnly() unless (canEditGroup($session,$session->form->process("gid"))); my $g = WebGUI::Group->new($session,$session->form->process("gid")); $g->description($session->form->process("description")); $g->name($session->form->process("groupName")); @@ -442,7 +488,7 @@ sub www_editGroupSave { #------------------------------------------------------------------- sub www_editGrouping { my $session = shift; - return $session->privilege->adminOnly() unless ($session->user->isInGroup(3) || _hasSecondaryPrivilege($session,$session->form->process("gid"))); + return $session->privilege->adminOnly() unless (canEditGroup($session,$session->form->process("gid"))); my $i18n = WebGUI::International->new($session); my $f = WebGUI::HTMLForm->new($session); $f->submit; @@ -490,7 +536,7 @@ sub www_editGrouping { #------------------------------------------------------------------- sub www_editGroupingSave { my $session = shift; - return $session->privilege->adminOnly() unless ($session->user->isInGroup(3) || _hasSecondaryPrivilege($session,$session->form->process("gid"))); + return $session->privilege->adminOnly() unless (canEditGroup($session,$session->form->process("gid"))); my $group = WebGUI::Group->new($session,$session->form->process("gid")); $group->userGroupExpireDate($session->form->process("uid"),$session->datetime->setToEpoch($session->form->process("expireDate"))); $group->userIsAdmin($session->form->process("uid"),$session->form->process("groupAdmin")); @@ -500,7 +546,7 @@ sub www_editGroupingSave { #------------------------------------------------------------------- sub www_emailGroup { my $session = shift; - return $session->privilege->adminOnly() unless ($session->user->isInGroup(3) || _hasSecondaryPrivilege($session,$session->form->process("gid"))); + return $session->privilege->adminOnly() unless (canEditGroup($session,$session->form->process("gid"))); my ($output,$f); my $i18n = WebGUI::International->new($session); $f = WebGUI::HTMLForm->new($session); @@ -536,7 +582,7 @@ sub www_emailGroup { #------------------------------------------------------------------- sub www_emailGroupSend { my $session = shift; - return $session->privilege->adminOnly() unless ($session->user->isInGroup(3) || _hasSecondaryPrivilege($session,$session->form->process("gid"))); + return $session->privilege->adminOnly() unless (canEditGroup($session,$session->form->process("gid"))); my $mail = WebGUI::Mail::Send->create($session, {toGroup=>$session->form->process("gid"),subject=>$session->form->process("subject"),from=>$session->form->process("from")}); $mail->addHtml($session->form->process("message","HTMLArea")); $mail->addFooter; @@ -549,7 +595,7 @@ sub www_emailGroupSend { sub www_listGroups { my $session = shift; my $i18n = WebGUI::International->new($session); - if ($session->user->isInGroup(3)) { + if (canEditAll($session)) { my $output = getGroupSearchForm($session, "listGroups"); my ($groupCount) = $session->db->quickArray("select count(*) from groups where isEditable=1"); return _submenu($session,$output) unless ($session->form->process("doit") || $groupCount<250 || $session->form->process("pn") > 1); @@ -571,7 +617,7 @@ sub www_listGroups { $output .= '
'; $output .= $p->getBarTraditional; return _submenu($session,$output); - } elsif ($session->user->isInGroup(11)) { + } elsif (canView($session)) { my ($output, $p, $sth, @data, @row, $i, $userCount); my @editableGroups = $session->db->buildArray("select groupId from groupings where userId=".$session->db->quote($session->user->userId)." and groupAdmin=1"); push (@editableGroups,0); @@ -599,14 +645,16 @@ sub www_listGroups { $output .= $p->getBarTraditional($session->form->process("pn")); return _submenu($session,$output,'89'); } - return $session->privilege->adminOnly(); + else { + return $session->privilege->adminOnly(); + } } #------------------------------------------------------------------- sub www_manageGroupsInGroup { my $session = shift; - return $session->privilege->adminOnly() unless ($session->user->isInGroup(3) || _hasSecondaryPrivilege($session,$session->form->process("gid"))); + return $session->privilege->adminOnly() unless (canEditGroup($session,$session->form->process("gid"))); my $f = WebGUI::HTMLForm->new($session); $f->submit; $f->hidden( @@ -640,7 +688,7 @@ sub www_manageGroupsInGroup { #------------------------------------------------------------------- sub www_manageUsersInGroup { my $session = shift; - return $session->privilege->adminOnly() unless ($session->user->isInGroup(3) || _hasSecondaryPrivilege($session,$session->form->process("gid"))); + return $session->privilege->adminOnly() unless (canEditGroup($session,$session->form->process("gid"))); my $i18n = WebGUI::International->new($session); my $output = WebGUI::Form::formHeader($session,) .WebGUI::Form::hidden($session,{ diff --git a/lib/WebGUI/Operation/Help.pm b/lib/WebGUI/Operation/Help.pm index a5785b7da..f266d7ccd 100644 --- a/lib/WebGUI/Operation/Help.pm +++ b/lib/WebGUI/Operation/Help.pm @@ -277,6 +277,21 @@ sub _columnar { return $output; } +#---------------------------------------------------------------------------- + +=head2 canView ( session [, user] ) + +Returns true if the user can administrate this operation. user defaults to +the current user. + +=cut + +sub canView { + my $session = shift; + my $user = shift || $session->user; + return $user->isInGroup( $session->setting->get("groupIdAdminHelp") ); +} + #------------------------------------------------------------------- =head2 www_viewHelp ( $session ) @@ -289,7 +304,7 @@ UI level, and this can be toggled on and off by another form parameter, uiOverri sub www_viewHelp { my $session = shift; - return $session->privilege->insufficient() unless ($session->user->isInGroup(7)); + return $session->privilege->insufficient() unless canView($session); my $ac = WebGUI::AdminConsole->new($session,"help"); $session->style->setLink($session->url->extras("/help.css"), {rel=>"stylesheet", type=>"text/css"}); my $namespace = $session->form->process("namespace","className") || "WebGUI"; @@ -372,7 +387,7 @@ Display the index of all help entries in all namespaces. sub www_viewHelpIndex { my $session = shift; - return $session->privilege->insufficient() unless ($session->user->isInGroup(7)); + return $session->privilege->insufficient() unless canView($session); my $i18n = WebGUI::International->new($session); my @helpIndex; my $i; @@ -415,11 +430,13 @@ Utility method that returns link to the WebGUI Community Wiki with i18n'ed text. sub wikiHelpLink { my $session = shift; + return $session->privilege->insufficient() unless canView($session); my $i18n = WebGUI::International->new($session); return sprintf q!

%s %s

!, $i18n->get('wiki help label leadin'), 'http://www.webgui.org/community-wiki', $i18n->get('wiki help target'), + ; } 1; diff --git a/lib/WebGUI/Operation/LDAPLink.pm b/lib/WebGUI/Operation/LDAPLink.pm index 4d2615894..30ae6134a 100644 --- a/lib/WebGUI/Operation/LDAPLink.pm +++ b/lib/WebGUI/Operation/LDAPLink.pm @@ -25,8 +25,7 @@ Package WebGUI::Operation::LDAPLink =head1 DESCRIPTION -Operational handler for creating, managing and deleting LDAP Links. Only users -in group Admin (3) are allowed to execute subroutines in this package. +Operational handler for creating, managing and deleting LDAP Links. =cut @@ -72,6 +71,21 @@ sub _submenu { return $ac->render($workarea, $title); } +#---------------------------------------------------------------------------- + +=head2 canView ( session [, user] ) + +Returns true if the user can administrate this operation. user defaults to +the current user. + +=cut + +sub canView { + my $session = shift; + my $user = shift || $session->user; + return $user->isInGroup( $session->setting->get("groupIdAdminLDAPLink") ); +} + #------------------------------------------------------------------- =head2 validateForm ( ) @@ -123,7 +137,7 @@ Returns the user to the List LDAP Links screen. sub www_copyLDAPLink { my $session = shift; - return $session->privilege->insufficient unless ($session->user->isInGroup(3)); + return $session->privilege->insufficient unless canView($session); my (%db); tie %db, 'Tie::CPHash'; %db = $session->db->quickHash("select * from ldapLink where ldapLinkId=".$session->db->quote($session->form->process("llid"))); @@ -143,7 +157,7 @@ Deletes the requested LDAP Link in the form variable C. Returns the user sub www_deleteLDAPLink { my $session = shift; - return $session->privilege->insufficient unless ($session->user->isInGroup(3)); + return $session->privilege->insufficient unless canView($session); $session->db->write("delete from ldapLink where ldapLinkId=".$session->db->quote($session->form->process("llid"))); $session->form->process("op") = "listLDAPLinks"; return www_listLDAPLinks($session); @@ -161,7 +175,7 @@ Calls www_editLDAPLinkSave when done. sub www_editLDAPLink { my $session = shift; my $errors = shift; - return $session->privilege->insufficient unless ($session->user->isInGroup(3)); + return $session->privilege->insufficient unless canView($session); my ($output, %db, $f); @@ -298,7 +312,7 @@ Returns the user to www_listLDAPLinks when done. sub www_editLDAPLinkSave { my $session = shift; - return $session->privilege->insufficient unless ($session->user->isInGroup(3)); + return $session->privilege->insufficient unless canView($session); # Check for errors my $errors = validateForm($session); @@ -338,7 +352,7 @@ links. Each LDAP link is tested and the status of that test is returned. sub www_listLDAPLinks { my $session = shift; - return $session->privilege->adminOnly() unless($session->user->isInGroup(3)); + return $session->privilege->adminOnly() unless canView($session); my ($output, $p, $sth, $data, @row, $i); my $i18n = WebGUI::International->new($session,"AuthLDAP"); my $returnUrl = ""; diff --git a/lib/WebGUI/Operation/LoginHistory.pm b/lib/WebGUI/Operation/LoginHistory.pm index f02f0d557..9a9162d5f 100644 --- a/lib/WebGUI/Operation/LoginHistory.pm +++ b/lib/WebGUI/Operation/LoginHistory.pm @@ -22,6 +22,21 @@ Package WebGUI::Operation::LoginHistory =cut +#---------------------------------------------------------------------------- + +=head2 canView ( session [, user] ) + +Returns true if the user can administrate this operation. user defaults to +the current user. + +=cut + +sub canView { + my $session = shift; + my $user = shift || $session->user; + return $user->isInGroup( $session->setting->get("groupIdAdminLoginHistory") ); +} + #------------------------------------------------------------------- =head2 www_viewLoginHistory ( ) @@ -35,7 +50,7 @@ they used. sub www_viewLoginHistory { my $session = shift; - return $session->privilege->adminOnly() unless ($session->user->isInGroup(3)); + return $session->privilege->adminOnly() unless canView($session); my ($output, $p, @row, $i, $sth, %data); my $i18n = WebGUI::International->new($session); tie %data, 'Tie::CPHash'; diff --git a/lib/WebGUI/Operation/ProductManager.pm b/lib/WebGUI/Operation/ProductManager.pm index ce9d3427d..25b308d5b 100755 --- a/lib/WebGUI/Operation/ProductManager.pm +++ b/lib/WebGUI/Operation/ProductManager.pm @@ -49,6 +49,21 @@ sub _submenu { return $ac->render($workarea, $title); } +#---------------------------------------------------------------------------- + +=head2 canView ( session [, user] ) + +Returns true if the user can administrate this operation. user defaults to +the current user. + +=cut + +sub canView { + my $session = shift; + my $user = shift || $session->user; + return $user->isInGroup( $session->setting->get("groupIdAdminProductManager") ); +} + #------------------------------------------------------------------- =head2 www_deleteProductParameterOption ( $session ) @@ -65,7 +80,7 @@ sub www_deleteProductParameterOption { my $session = shift; my $optionId = $session->form->process("optionId"); - return $session->privilege->insufficient unless ($session->user->isInGroup(14)); + return $session->privilege->insufficient unless canView($session); WebGUI::Product->getByOptionId($session,$optionId)->deleteOption($optionId); @@ -88,7 +103,7 @@ sub www_deleteProductParameter { my $session = shift; my $parameterId = $session->form->process("parameterId"); - return $session->privilege->insufficient unless ($session->user->isInGroup(14)); + return $session->privilege->insufficient unless canView($session); WebGUI::Product->getByParameterId($session,$parameterId)->deleteParameter($parameterId); @@ -111,7 +126,7 @@ sub www_deleteProduct { my $session = shift; my $productId = $session->form->process("productId"); - return $session->privilege->insufficient unless ($session->user->isInGroup(14)); + return $session->privilege->insufficient unless canView($session); WebGUI::Product->new($session,$productId)->delete; @@ -134,7 +149,7 @@ sub www_editProduct { my $session = shift; my ($productId, $product, $f, $i18n); - return $session->privilege->insufficient unless ($session->user->isInGroup(14)); + return $session->privilege->insufficient unless canView($session); $i18n = WebGUI::International->new($session, 'ProductManager'); $productId = $session->form->process("productId"); @@ -260,7 +275,7 @@ sub www_editProductSave { my $session = shift; my ($self, @error, $productId, $product, $i18n); - return $session->privilege->insufficient unless ($session->user->isInGroup(14)); + return $session->privilege->insufficient unless canView($session); $i18n = WebGUI::International->new($session, 'ProductManager'); @@ -307,7 +322,7 @@ sub www_editProductParameter { my $session = shift; my ($parameterId, $product, $productId, $parameter, $f, $i18n); - return $session->privilege->insufficient unless ($session->user->isInGroup(14)); + return $session->privilege->insufficient unless canView($session); $i18n = WebGUI::International->new($session, 'ProductManager'); @@ -366,7 +381,7 @@ sub www_editProductParameterSave { my $session = shift; my (@error, $parameterId, $product, $i18n, $skuTemplate, $oldName, $newName); - return $session->privilege->insufficient unless ($session->user->isInGroup(14)); + return $session->privilege->insufficient unless canView($session); $i18n = WebGUI::International->new($session, 'ProductManager'); @@ -416,7 +431,7 @@ sub www_editProductParameterOption { my $session = shift; my ($self, $optionId, $option, $f, $i18n); - return $session->privilege->insufficient unless ($session->user->isInGroup(14)); + return $session->privilege->insufficient unless canView($session); $i18n = WebGUI::International->new($session, 'ProductManager'); @@ -492,7 +507,7 @@ sub www_editProductParameterOptionSave { my $session = shift; my ($self, @error, $optionId, $product, $i18n); - return $session->privilege->insufficient unless ($session->user->isInGroup(14)); + return $session->privilege->insufficient unless canView($session); $i18n = WebGUI::International->new($session, 'ProductManager'); @@ -530,7 +545,7 @@ sub www_editProductVariant { my $session = shift; my ($variantId, $variant, $f, $i18n); - return $session->privilege->insufficient unless ($session->user->isInGroup(14)); + return $session->privilege->insufficient unless canView($session); $i18n = WebGUI::International->new($session, "ProductManager"); @@ -596,7 +611,7 @@ sub www_editProductVariantSave { my $session = shift; my $variantId = $session->form->process("variantId"); - return $session->privilege->insufficient unless ($session->user->isInGroup(14)); + return $session->privilege->insufficient unless canView($session); WebGUI::Product->getByVariantId($session,$variantId)->setVariant($variantId, $session->form->paramsHashRef); @@ -619,7 +634,7 @@ sub www_editSkuTemplate { my $session = shift; my ($product, $productId, $output, $f, $name, $i18n); - return $session->privilege->insufficient unless ($session->user->isInGroup(14)); + return $session->privilege->insufficient unless canView($session); $i18n = WebGUI::International->new($session, "ProductManager"); @@ -671,7 +686,7 @@ sub www_editSkuTemplateSave { my $session = shift; my ($productId) = $session->form->process("productId"); - return $session->privilege->insufficient unless ($session->user->isInGroup(14)); + return $session->privilege->insufficient unless canView($session); WebGUI::Product->new($session,$productId)->set({ skuTemplate => $session->form->process("skuTemplate"), @@ -696,7 +711,7 @@ sub www_listProducts { my $session = shift; my ($self, $sth, $output, $row, $i18n); - return $session->privilege->insufficient unless ($session->user->isInGroup(14)); + return $session->privilege->insufficient unless canView($session); $i18n = WebGUI::International->new($session, 'ProductManager'); @@ -735,7 +750,7 @@ sub www_listProductVariants { my $session = shift; my ($productId, $product, @variants, %parameters, %options, $output, %composition, $i18n); - return $session->privilege->insufficient unless ($session->user->isInGroup(14)); + return $session->privilege->insufficient unless canView($session); $i18n = WebGUI::International->new($session, "ProductManager"); @@ -808,7 +823,7 @@ The current WebGUI session object. sub www_listProductVariantsSave { my $session = shift; - return $session->privilege->insufficient unless ($session->user->isInGroup(14)); + return $session->privilege->insufficient unless canView($session); my %availableVariants = map {$_ => 1} $session->form->selectList('available'); @@ -839,7 +854,7 @@ sub www_manageProduct { my $session = shift; my ($product, $output, $parameter, $option, $optionId, $i18n); - return $session->privilege->insufficient unless ($session->user->isInGroup(14)); + return $session->privilege->insufficient unless canView($session); $i18n = WebGUI::International->new($session, "ProductManager"); diff --git a/lib/WebGUI/Operation/ProfileSettings.pm b/lib/WebGUI/Operation/ProfileSettings.pm index 554e2ca12..dca513184 100644 --- a/lib/WebGUI/Operation/ProfileSettings.pm +++ b/lib/WebGUI/Operation/ProfileSettings.pm @@ -74,6 +74,23 @@ sub _submenu { return $ac->render($workarea, $title); } +#---------------------------------------------------------------------------- + +=head2 canView ( session [, user] ) + +Returns true if the user can administrate this operation. user defaults to +the current user. + +=cut + +sub canView { + my $session = shift; + my $user = shift || $session->user; + return $user->isInGroup( $session->setting->get("groupIdAdminProfileSettings") ); +} + +#------------------------------------------------------------------- + =head2 www_deleteProfileCategoryConfirm ( $session ) Deletes the profile category in form variable C, unless the category is @@ -82,10 +99,9 @@ Othewise, it returns the user to www_editProfileSettings. =cut -#------------------------------------------------------------------- sub www_deleteProfileCategoryConfirm { my $session = shift; - return $session->privilege->adminOnly() unless ($session->user->isInGroup(3)); + return $session->privilege->adminOnly() unless canView($session); my $category = WebGUI::ProfileCategory->new($session,$session->form->process("cid")); return WebGUI::AdminConsole->new($session,"userProfiling")->render($session->privilege->vitalComponent()) if ($category->isProtected); $category->delete; @@ -103,7 +119,7 @@ Othewise, it returns the user to www_editProfileSettings. #------------------------------------------------------------------- sub www_deleteProfileFieldConfirm { my $session = shift; - return $session->privilege->adminOnly() unless ($session->user->isInGroup(3)); + return $session->privilege->adminOnly() unless canView($session); my $field = WebGUI::ProfileField->new($session,$session->form->process("fid")); return WebGUI::AdminConsole->new($session,"userProfiling")->render($session->privilege->vitalComponent()) if ($field->isProtected); $field->delete; @@ -120,7 +136,7 @@ Add or edit a profile category specified in form variable C. Calls www_edi #------------------------------------------------------------------- sub www_editProfileCategory { my $session = shift; - return $session->privilege->adminOnly() unless ($session->user->isInGroup(3)); + return $session->privilege->adminOnly() unless canView($session); my $data = {}; my $i18n = WebGUI::International->new($session,"WebGUIProfile"); my $f = WebGUI::HTMLForm->new($session); @@ -179,7 +195,7 @@ Returns the user to www_editProfileSettings when done. #------------------------------------------------------------------- sub www_editProfileCategorySave { my $session = shift; - return $session->privilege->adminOnly() unless ($session->user->isInGroup(3)); + return $session->privilege->adminOnly() unless canView($session); my %data = ( label=>$session->form->text("label"), visible=>$session->form->yesNo("visible"), @@ -202,7 +218,7 @@ Add or edit a profile field specified in form variable C. Calls www_editPr #------------------------------------------------------------------- sub www_editProfileField { my $session = shift; - return $session->privilege->adminOnly() unless ($session->user->isInGroup(3)); + return $session->privilege->adminOnly() unless canView($session); my $i18n = WebGUI::International->new($session,"WebGUIProfile"); my $f = WebGUI::HTMLForm->new($session); $f->submit; @@ -337,7 +353,7 @@ Returns the user to www_editProfileSettings when done. #------------------------------------------------------------------- sub www_editProfileFieldSave { my $session = shift; - return $session->privilege->adminOnly() unless ($session->user->isInGroup(3)); + return $session->privilege->adminOnly() unless canView($session); # Special case for WebGUI auth password recovery. my $requiredForPasswordRecovery = $session->form->yesNo('requiredForPasswordRecovery'); @@ -381,7 +397,7 @@ Allows profile categories and fields to be managed (added, edited, deleted or mo #------------------------------------------------------------------- sub www_editProfileSettings { my $session = shift; - return $session->privilege->adminOnly() unless ($session->user->isInGroup(3)); + return $session->privilege->adminOnly() unless canView($session); my $i18n = WebGUI::International->new($session,"WebGUIProfile"); my $output = ""; foreach my $category (@{WebGUI::ProfileCategory->getCategories($session)}) { @@ -414,7 +430,7 @@ Returns the user to www_editProfileSettings. #------------------------------------------------------------------- sub www_moveProfileCategoryDown { my $session = shift; - return $session->privilege->adminOnly() unless ($session->user->isInGroup(3)); + return $session->privilege->adminOnly() unless canView($session); WebGUI::ProfileCategory->new($session,$session->form->process("cid"))->moveDown; return www_editProfileSettings($session); } @@ -429,7 +445,7 @@ Returns the user to www_editProfileSettings. #------------------------------------------------------------------- sub www_moveProfileCategoryUp { my $session = shift; - return $session->privilege->adminOnly() unless ($session->user->isInGroup(3)); + return $session->privilege->adminOnly() unless canView($session); WebGUI::ProfileCategory->new($session,$session->form->process("cid"))->moveUp; return www_editProfileSettings($session); } @@ -445,7 +461,7 @@ Returns the user to www_editProfileSettings. #------------------------------------------------------------------- sub www_moveProfileFieldDown { my $session = shift; - return $session->privilege->adminOnly() unless ($session->user->isInGroup(3)); + return $session->privilege->adminOnly() unless canView($session); WebGUI::ProfileField->new($session,$session->form->process("fid"))->moveDown; return www_editProfileSettings($session); } @@ -461,7 +477,7 @@ Returns the user to www_editProfileSettings. #------------------------------------------------------------------- sub www_moveProfileFieldUp { my $session = shift; - return $session->privilege->adminOnly() unless ($session->user->isInGroup(3)); + return $session->privilege->adminOnly() unless canView($session); WebGUI::ProfileField->new($session,$session->form->process("fid"))->moveUp; return www_editProfileSettings($session); } diff --git a/lib/WebGUI/Operation/Replacements.pm b/lib/WebGUI/Operation/Replacements.pm index d04bae02d..1ab1a18fd 100644 --- a/lib/WebGUI/Operation/Replacements.pm +++ b/lib/WebGUI/Operation/Replacements.pm @@ -25,6 +25,8 @@ Package WebGUI::Operation::Replacements Operation handler for conditional editing of submitted WebGUI content, similar to a search and replace function in word processors. +#---------------------------------------------------------------------------- + =head2 _submenu ( $session, $workarea, $title ) Utility routine for creating the AdminConsole for Replacement functions. @@ -44,35 +46,51 @@ table in the WebGUI namespace. =cut -#------------------------------------------------------------------- sub _submenu { - my $session = shift; - my $workarea = shift; - my $title = shift; - my $i18n = WebGUI::International->new($session); - $title = $i18n->get($title) if ($title); - my $ac = WebGUI::AdminConsole->new($session,"contentFilters"); - $ac->addSubmenuItem($session->url->page("op=editReplacement;replacementId=new"), $i18n->get(1047)); - $ac->addSubmenuItem($session->url->page("op=listReplacements"), $i18n->get("content filters")); - return $ac->render($workarea, $title); + my $session = shift; + my $workarea = shift; + my $title = shift; + my $i18n = WebGUI::International->new($session); + $title = $i18n->get($title) if ($title); + my $ac = WebGUI::AdminConsole->new($session,"contentFilters"); + $ac->addSubmenuItem($session->url->page("op=editReplacement;replacementId=new"), $i18n->get(1047)); + $ac->addSubmenuItem($session->url->page("op=listReplacements"), $i18n->get("content filters")); + return $ac->render($workarea, $title); } +#---------------------------------------------------------------------------- -=head2 www_deleteReplacement ( $session ) +=head2 canView ( session [, user] ) -Delete a replacement specified by the form variable C if the user is in group Admin (3). Returns the -user to the List Replacements screen, www_listReplacements. +Returns true if the user can administrate this operation. user defaults to +the current user. =cut +sub canView { + my $session = shift; + my $user = shift || $session->user; + return $user->isInGroup( $session->setting->get("groupIdAdminReplacements") ); +} + #------------------------------------------------------------------- + +=head2 www_deleteReplacement ( $session ) + +Delete a replacement specified by the form variable C. +Returns the user to the List Replacements screen, www_listReplacements. + +=cut + sub www_deleteReplacement { my $session = shift; - return $session->privilege->adminOnly() unless ($session->user->isInGroup(3)); + return $session->privilege->adminOnly() unless canView($session); $session->db->write("delete from replacements where replacementId=".$session->db->quote($session->form->process("replacementId"))); return www_listReplacements($session); } +#------------------------------------------------------------------- + =head2 www_editReplacement ( $session ) Add a new, or edit an existing specified by the form variable @@ -83,10 +101,9 @@ Calls www_editReplacementSave on submission. =cut -#------------------------------------------------------------------- sub www_editReplacement { my $session = shift; - return $session->privilege->adminOnly() unless ($session->user->isInGroup(3)); + return $session->privilege->adminOnly() unless canView($session); my $data = $session->db->getRow("replacements","replacementId",$session->form->process("replacementId")); my $i18n = WebGUI::International->new($session); my $f = WebGUI::HTMLForm->new($session); @@ -119,19 +136,19 @@ sub www_editReplacement { return _submenu($session,$f->print,"1052"); } +#------------------------------------------------------------------- + =head2 www_editReplacementSave ( $session ) -Form post processor for www_editReplacement. You must be in group Admin (3) to -execute this function. +Form post processor for www_editReplacement. Returns the user to www_listReplacements. =cut -#------------------------------------------------------------------- sub www_editReplacementSave { my $session = shift; - return $session->privilege->adminOnly() unless ($session->user->isInGroup(3)); + return $session->privilege->adminOnly() unless canView($session); $session->db->setRow("replacements","replacementId",{ replacementId=>$session->form->process("replacementId"), searchFor=>$session->form->process("searchFor"), @@ -140,17 +157,18 @@ sub www_editReplacementSave { return www_listReplacements($session); } +#------------------------------------------------------------------- + =head2 www_listReplacements ( $session ) -List all replacements if the user is in group Admin (3) and provides URls for replacements -to be added or deleted. +List all replacements and provides URls for replacements to be added or +deleted. =cut -#------------------------------------------------------------------- sub www_listReplacements { my $session = shift; - return $session->privilege->adminOnly() unless ($session->user->isInGroup(3)); + return $session->privilege->adminOnly() unless canView($session); my $i18n = WebGUI::International->new($session); my $output = ''; $output .= ''; diff --git a/lib/WebGUI/Operation/SSO.pm b/lib/WebGUI/Operation/SSO.pm index 575d64dbd..c46c8ad11 100644 --- a/lib/WebGUI/Operation/SSO.pm +++ b/lib/WebGUI/Operation/SSO.pm @@ -14,21 +14,19 @@ use strict; =head1 NAME -Package WebGUI::Operation::Admin +WebGUI::Operation::SSO =head1 DESCRIPTION -Operation handler for admin functions +TODO =cut #------------------------------------------------------------------- -=head2 www_switchOffAdmin ( ) - -If the current user is in the Turn On Admin Group, then allow them to turn off Admin mode -via WebGUI::Session::Var::switchAdminOff() +=head2 www_ssoViaSessionId +TODO: DOCUMENT ME =cut diff --git a/lib/WebGUI/Operation/Settings.pm b/lib/WebGUI/Operation/Settings.pm index 7fd1a4bf2..f184adeb0 100644 --- a/lib/WebGUI/Operation/Settings.pm +++ b/lib/WebGUI/Operation/Settings.pm @@ -40,9 +40,9 @@ Returns an array reference used by www_editSettings and www_editSettingsSave to =cut sub definition { - my $session = shift; - my $i18n = shift; - my @fields = (); + my $session = shift; + my $i18n = shift; + my @fields = (); # company info push(@fields, { tab=>"company", @@ -434,6 +434,47 @@ sub definition { hoverHelp=>$i18n->get('164 description'), defaultValue=>[$session->setting->get("authMethod")], }); + + # Administrative permissions + my @groupSettings = qw( + groupIdAdminActiveSessions + groupIdAdminAdSpace + groupIdAdminCache + groupIdAdminCommerce + groupIdAdminCron + groupIdAdminDatabaseLink + groupIdAdminGraphics + groupIdAdminGroup + groupIdAdminGroupAdmin + groupIdAdminHelp + groupIdAdminLDAPLink + groupIdAdminLoginHistory + groupIdAdminProductManager + groupIdAdminProfileSettings + groupIdAdminReplacements + groupIdAdminSpectre + groupIdAdminStatistics + groupIdAdminSubscription + groupIdAdminTransactionLog + groupIdAdminUser + groupIdAdminUserAdd + groupIdAdminVersionTag + groupIdAdminWorkflow + groupIdAdminWorkflowRun + ); + + for my $group (@groupSettings) { + push @fields, { + tab => 'perms', + fieldType => 'group', + name => $group, + label => $i18n->get("settings $group label"), + hoverHelp => $i18n->get("settings $group hoverHelp"), + defaultValue => $session->setting->get($group), + }; + } + + return \@fields; } @@ -486,6 +527,7 @@ sub www_editSettings { misc => { label => $i18n->get("misc") }, user => { label => $i18n->get("user") }, auth => { label => $i18n->get("authentication") }, + perms => { label => $i18n->get("permissions") }, ); # Start the form diff --git a/lib/WebGUI/Operation/Shared.pm b/lib/WebGUI/Operation/Shared.pm index 69d561d85..8c818fe85 100644 --- a/lib/WebGUI/Operation/Shared.pm +++ b/lib/WebGUI/Operation/Shared.pm @@ -25,8 +25,7 @@ Shared routines for WebGUI Operations. =head2 accountOptions ( $session ) -Copies the requested database link in the form variable C if the user -is in group Admin (3). Returns the user to the List Database Links screen. +TODO: DOCUMENT ME =cut diff --git a/lib/WebGUI/Operation/Spectre.pm b/lib/WebGUI/Operation/Spectre.pm index 08812e93b..524c68c6f 100644 --- a/lib/WebGUI/Operation/Spectre.pm +++ b/lib/WebGUI/Operation/Spectre.pm @@ -27,6 +27,21 @@ Operations for Spectre. =cut +#---------------------------------------------------------------------------- + +=head2 canView ( session [, user] ) + +Returns true if the user can administrate this operation. user defaults to +the current user. + +=cut + +sub canView { + my $session = shift; + my $user = shift || $session->user; + return $user->isInGroup( $session->setting->get("groupIdAdminSpectre") ); +} + #------------------------------------------------------------------- =head2 www_spectreGetSiteData ( ) @@ -36,7 +51,7 @@ Checks to ensure the requestor is who we think it is, and then returns a JSON st =cut sub www_spectreGetSiteData { - my $session = shift; + my $session = shift; $session->http->setMimeType("text/json"); $session->http->setCacheControl("none"); my %siteData = (); @@ -92,17 +107,13 @@ Show information about Spectre's current workload. sub www_spectreStatus { my $session = shift; - return $session->privilege->adminOnly() unless $session->user->isInGroup(3); + return $session->privilege->adminOnly unless canView($session); # start to prepare the display my $ac = WebGUI::AdminConsole->new($session, 'spectre'); my $i18n = WebGUI::International->new($session, 'Spectre'); $session->http->setCacheControl("none"); - unless (isInSubnet($session->env->get("REMOTE_ADDR"), $session->config->get("spectreSubnets"))) { - $session->errorHandler->security("make a Spectre workflow runner request, but we're only allowed to accept requests from ".join(",",@{$session->config->get("spectreSubnets")})."."); - return "subnet"; - } my $remote = create_ikc_client( port=>$session->config->get("spectrePort"), @@ -112,14 +123,14 @@ sub www_spectreStatus { ); if (!$remote) { - return $ac->render($i18n->get('not running'), $i18n->get('spectre')); + return $ac->render($i18n->get('not running'), $i18n->get('spectre')); } my $sitename = $session->config()->get('sitename')->[0]; my $workflowResult = $remote->post_respond('workflow/getJsonStatus',$sitename); if (!$workflowResult) { $remote->disconnect(); - return $ac->render($i18n->get('workflow status error'), $i18n->get('spectre')); + return $ac->render($i18n->get('workflow status error'), $i18n->get('spectre')); } my $cronResult = $remote->post_respond('cron/getJsonStatus',$sitename); diff --git a/lib/WebGUI/Operation/Statistics.pm b/lib/WebGUI/Operation/Statistics.pm index dbe0e43a0..3b83a2df4 100644 --- a/lib/WebGUI/Operation/Statistics.pm +++ b/lib/WebGUI/Operation/Statistics.pm @@ -25,6 +25,8 @@ Package WebGUI::Operation::Statistics Handles displaying statistics about WebGUI. This isn't page count, but rather information about the number of assets, users, groups, etc. +#------------------------------------------------------------------- + =head2 _submenu ( $session, $workarea, $title, $help ) Utility routine for creating the AdminConsole for Statistics functions. @@ -49,8 +51,6 @@ as a link to the user. =cut - -#------------------------------------------------------------------- sub _submenu { my $session = shift; my $workarea = shift; @@ -64,6 +64,23 @@ sub _submenu { return $ac->render($workarea, $title); } +#---------------------------------------------------------------------------- + +=head2 canView ( session [, user] ) + +Returns true if the user can administrate this operation. user defaults to +the current user. + +=cut + +sub canView { + my $session = shift; + my $user = shift || $session->user; + return $user->isInGroup( $session->setting->get("groupIdAdminStatistics") ); +} + +#------------------------------------------------------------------- + =head2 www_viewStatistics ( $session ) Displays information to the user about WebGUI statistics if they are @@ -109,10 +126,9 @@ Number of groups. =cut -#------------------------------------------------------------------- sub www_viewStatistics { my $session = shift; - return $session->privilege->adminOnly() unless ($session->user->isInGroup(3)); + return $session->privilege->adminOnly() unless canView($session); my ($output, $data); my $i18n = WebGUI::International->new($session); my $url = "http://update.webgui.org/latest-version.txt"; diff --git a/lib/WebGUI/Operation/Subscription.pm b/lib/WebGUI/Operation/Subscription.pm index 5fa40a25c..7db00fe2d 100644 --- a/lib/WebGUI/Operation/Subscription.pm +++ b/lib/WebGUI/Operation/Subscription.pm @@ -84,6 +84,23 @@ sub _submenu { return $ac->render($workarea, $title); } +#---------------------------------------------------------------------------- + +=head2 canView ( session [, user] ) + +Returns true if the user can administrate this operation. user defaults to +the current user. + +=cut + +sub canView { + my $session = shift; + my $user = shift || $session->user; + return $user->isInGroup( $session->setting->get("groupIdAdminSubscription") ); +} + +#---------------------------------------------------------------------------- + =head2 www_createSubscriptionCodeBatch ( $session, error ) Form to accept parameters to create a batch of subscription codes. @@ -98,12 +115,10 @@ An HTML scalar of an error message to be returned to the user. =cut - -#------------------------------------------------------------------- sub www_createSubscriptionCodeBatch { my $session = shift; my (%subscriptions, $f, $error, $errorMessage); - return $session->privilege->adminOnly() unless ($session->user->isInGroup(3)); + return $session->privilege->adminOnly() unless canView($session); $error = shift; my $i18n = WebGUI::International->new($session, "Subscription"); @@ -174,7 +189,7 @@ sub www_createSubscriptionCodeBatchSave { my $session = shift; my ($numberOfCodes, $description, $expires, $batchId, @codeElements, $currentCode, $code, $i, @subscriptions, @error, $creationEpoch); - return $session->privilege->adminOnly() unless ($session->user->isInGroup(3)); + return $session->privilege->adminOnly() unless canView($session); my $i18n = WebGUI::International->new($session, "Subscription"); @@ -224,7 +239,7 @@ The current WebGUI session object. #------------------------------------------------------------------- sub www_deleteSubscription { my $session = shift; - return $session->privilege->adminOnly() unless ($session->user->isInGroup(3)); + return $session->privilege->adminOnly() unless canView($session); WebGUI::Subscription->new($session,$session->form->process("sid"))->delete; return www_listSubscriptions($session); @@ -244,7 +259,7 @@ The current WebGUI session object. #------------------------------------------------------------------- sub www_deleteSubscriptionCodeBatch { my $session = shift; - return $session->privilege->adminOnly() unless ($session->user->isInGroup(3)); + return $session->privilege->adminOnly() unless canView($session); $session->db->write("delete from subscriptionCodeBatch where batchId=".$session->db->quote($session->form->process("bid"))); $session->db->write("delete from subscriptionCode where batchId=".$session->db->quote($session->form->process("bid"))); @@ -266,7 +281,7 @@ The current WebGUI session object. #------------------------------------------------------------------- sub www_deleteSubscriptionCodes { my $session = shift; - return $session->privilege->adminOnly() unless ($session->user->isInGroup(3)); + return $session->privilege->adminOnly() unless canView($session); if ($session->form->process("selection") eq 'dc') { $session->db->write("delete from subscriptionCode where dateCreated >= ".$session->db->quote($session->form->process("dcStart")). @@ -294,7 +309,7 @@ The current WebGUI session object. sub www_editSubscription { my $session = shift; my ($properties, $subscriptionId, $durationInterval, $durationUnits, $f); - return $session->privilege->adminOnly() unless ($session->user->isInGroup(3)); + return $session->privilege->adminOnly() unless canView($session); my $i18n = WebGUI::International->new($session, "Subscription"); @@ -388,7 +403,7 @@ The current WebGUI session object. sub www_editSubscriptionSave { my $session = shift; my (@relevantFields); - return $session->privilege->adminOnly() unless ($session->user->isInGroup(3)); + return $session->privilege->adminOnly() unless canView($session); my $properties = {}; @relevantFields = qw(subscriptionId name useSalesTax price description subscriptionGroup duration executeOnSubscription karma); @@ -415,7 +430,7 @@ The current WebGUI session object. sub www_listSubscriptionCodeBatches { my $session = shift; my ($p, $batches, $output); - return $session->privilege->adminOnly() unless ($session->user->isInGroup(3)); + return $session->privilege->adminOnly() unless canView($session); my $i18n = WebGUI::International->new($session, "Subscription"); @@ -456,7 +471,7 @@ The current WebGUI session object. sub www_listSubscriptionCodes { my $session = shift; my ($p, $codes, $output, $where, $ops, $delete); - return $session->privilege->adminOnly() unless ($session->user->isInGroup(3)); + return $session->privilege->adminOnly() unless canView($session); my $i18n = WebGUI::International->new($session, "Subscription"); @@ -549,7 +564,7 @@ The current WebGUI session object. sub www_listSubscriptions { my $session = shift; my ($p, $subscriptions, $output); - return $session->privilege->adminOnly() unless ($session->user->isInGroup(3)); + return $session->privilege->adminOnly() unless canView($session); my $i18n = WebGUI::International->new($session, "Subscription"); diff --git a/lib/WebGUI/Operation/TransactionLog.pm b/lib/WebGUI/Operation/TransactionLog.pm index c0be93f85..14dc5ad13 100644 --- a/lib/WebGUI/Operation/TransactionLog.pm +++ b/lib/WebGUI/Operation/TransactionLog.pm @@ -18,6 +18,21 @@ Operations for dealing with transactions from the WebGUI Commerce System. =cut +#---------------------------------------------------------------------------- + +=head2 canView ( session [, user] ) + +Returns true if the user can administrate this operation. user defaults to +the current user. + +=cut + +sub canView { + my $session = shift; + my $user = shift || $session->user; + return $user->isInGroup( $session->setting->get("groupIdAdminTransactionLog") ); +} + #------------------------------------------------------------------- =head2 www_viewPurchaseHistory ( errorMessage ) @@ -108,7 +123,7 @@ sub www_deleteTransaction { my $session = shift; my $transactionId; - return $session->privilege->insufficient unless ($session->user->isInGroup(3)); + return $session->privilege->insufficient unless canView($session); $transactionId = $session->form->process("tid"); @@ -120,7 +135,7 @@ sub www_deleteTransaction { #------------------------------------------------------------------- sub www_deleteTransactionItem { my $session = shift; - return $session->privilege->insufficient unless ($session->user->isInGroup(3)); + return $session->privilege->insufficient unless canView($session); WebGUI::Commerce::Transaction->new($session, $session->form->process("tid"))->deleteItem($session->form->process("iid"), $session->form->process("itype")); diff --git a/lib/WebGUI/Operation/User.pm b/lib/WebGUI/Operation/User.pm index 4c2143217..be42b12f6 100644 --- a/lib/WebGUI/Operation/User.pm +++ b/lib/WebGUI/Operation/User.pm @@ -69,11 +69,11 @@ sub _submenu { my $title; $title = $i18n->get($properties->{title}) if ($properties->{title}); - if ($session->user->isInGroup(11)) { + if (canEdit($session)) { $ac->addSubmenuItem($session->url->page("op=editUser;uid=new"), $i18n->get(169)); } - if ($session->user->isInGroup(3)) { + if (canEdit($session)) { unless ($session->form->process("op") eq "listUsers" || $session->form->process("op") eq "deleteUserConfirm" || $userId eq "new") { @@ -89,6 +89,55 @@ sub _submenu { return $ac->render($workarea, $title); } +#---------------------------------------------------------------------------- + +=head2 canAdd ( session [, user] ) + +Returns true if the user is allowed to add other users. user defaults to the +current user. + +=cut + +sub canAdd { + my $session = shift; + my $user = shift || $session->user; + return $user->isInGroup( $session->setting->get("groupIdAdminUserAdd") ) + || canEdit($session, $user) + ; +} + +#---------------------------------------------------------------------------- + +=head2 canEdit ( session [, user] ) + +Returns true if the user is allowed to do everything in this module. user +defaults to the current user. + +=cut + +sub canEdit { + my $session = shift; + my $user = shift || $session->user; + return $user->isInGroup( $session->setting->get("groupIdAdminUser") ); +} + +#---------------------------------------------------------------------------- + +=head2 canView ( session [, user] ) + +Returns true if the user is allowed to see this module. user defaults to the +current user. + +=cut + +sub canView { + my $session = shift; + my $user = shift || $session->user; + return canAdd($session, $user); +} + +#------------------------------------------------------------------- + =head2 doUserSearch ( session, op, returnPaginator, userFilter ) Subroutine that actually performs the SQL search for users. @@ -112,7 +161,6 @@ Array reference, used to screen out user names via a SQL "not in ()" clause. =cut -#------------------------------------------------------------------- sub doUserSearch { my $session = shift; my $op = shift; @@ -151,7 +199,7 @@ sub doUserSearch { #------------------------------------------------------------------- -=head2 doUserSearchForm ( session, op, params, noStatus ) +=head2 getUserSearchForm ( session, op, params, noStatus ) Form front-end and display for searching for users. @@ -246,7 +294,7 @@ Allows an administrator to assume another user. sub www_becomeUser { my $session = shift; - return $session->privilege->adminOnly() unless ($session->user->isInGroup(3)); + return $session->privilege->adminOnly() unless canEdit($session); return unless WebGUI::User->validUserId($session, $session->form->process("uid")); $session->var->end($session->var->get("sessionId")); $session->user({userId=>$session->form->process("uid")}); @@ -265,7 +313,7 @@ after this. sub www_deleteUser { my $session = shift; - return $session->privilege->adminOnly() unless ($session->user->isInGroup(3)); + return $session->privilege->adminOnly() unless canEdit($session); my ($u); if ($session->form->process("uid") eq '1' || $session->form->process("uid") eq '3') { return WebGUI::AdminConsole->new($session,"users")->render($session->privilege->vitalComponent()); @@ -279,7 +327,7 @@ sub www_deleteUser { #------------------------------------------------------------------- sub www_editUser { my $session = shift; - return $session->privilege->adminOnly() unless ($session->user->isInGroup(11)); + return $session->privilege->adminOnly() unless canAdd($session); my $error = shift; my $uid = shift || $session->form->process("uid"); my $i18n = WebGUI::International->new($session, "WebGUI"); @@ -400,7 +448,7 @@ sub www_editUser { sub www_editUserSave { my $session = shift; my $postedUserId = $session->form->process("uid"); #userId posted from www_editUser form - my $isAdmin = $session->user->isInGroup(3); + my $isAdmin = canEdit($session); my $isSecondary; my $i18n = WebGUI::International->new($session); my ($existingUserId) = $session->db->quickArray("select userId from users where username=".$session->db->quote($session->form->process("username"))); @@ -408,7 +456,7 @@ sub www_editUserSave { my $actualUserId; #userId returned from the user object unless ($isAdmin) { - $isSecondary = ($session->user->isInGroup(11) && $postedUserId eq "new"); + $isSecondary = (canAdd($session) && $postedUserId eq "new"); } return $session->privilege->adminOnly() unless ($isAdmin || $isSecondary); @@ -474,7 +522,7 @@ sub www_editUserSave { #------------------------------------------------------------------- sub www_editUserKarma { my $session = shift; - return $session->privilege->adminOnly() unless ($session->user->isInGroup(3)); + return $session->privilege->adminOnly() unless canEdit($session); my ($output, $f, $a, %user, %data, $method, $values, $category, $label, $default, $previousCategory); my $i18n = WebGUI::International->new($session); $f = WebGUI::HTMLForm->new($session); @@ -510,7 +558,7 @@ sub www_editUserKarma { #------------------------------------------------------------------- sub www_editUserKarmaSave { my $session = shift; - return $session->privilege->adminOnly() unless ($session->user->isInGroup(3)); + return $session->privilege->adminOnly() unless canEdit($session); my ($u); $u = WebGUI::User->new($session,$session->form->process("uid")); $u->karma($session->form->process("amount"),$session->user->username." (".$session->user->userId.")",$session->form->process("description")); @@ -542,8 +590,8 @@ sub www_formUsers { foreach my $data (@{$p->getPageData}) { $output .= '
  • {userId}.'\';window.opener.document.getElementById(\''.$session->form->process("formId").'_display\').value=\''.$data->{username}.'\';window.close();">'.$data->{username}.'
    • '; } - $output .= ''; - $output .= $p->getBarTraditional; + $output .= ''; + $output .= $p->getBarTraditional; return $output; } @@ -551,12 +599,17 @@ sub www_formUsers { #------------------------------------------------------------------- sub www_listUsers { my $session = shift; - unless ($session->user->isInGroup(3)) { - if ($session->user->isInGroup(11)) { + + # If the user is only allowed to add users, send them right there. + unless (canEdit($session)) { + if (canAdd($session)) { return www_editUser($session, undef, "new"); } - return $session->privilege->adminOnly(); + else { + return $session->privilege->adminOnly(); + } } + my %status; my $i18n = WebGUI::International->new($session); my $output = getUserSearchForm($session,"listUsers"); diff --git a/lib/WebGUI/Operation/VersionTag.pm b/lib/WebGUI/Operation/VersionTag.pm index bf2c5f119..5c08d1317 100644 --- a/lib/WebGUI/Operation/VersionTag.pm +++ b/lib/WebGUI/Operation/VersionTag.pm @@ -40,6 +40,20 @@ These methods are available from this class: =cut +#---------------------------------------------------------------------------- + +=head2 canView ( session [, user] ) + +Returns true if the user can administrate this operation. user defaults to +the current user. + +=cut + +sub canView { + my $session = shift; + my $user = shift || $session->user; + return $user->isInGroup( $session->setting->get("groupIdAdminVersionTag") ); +} #------------------------------------------------------------------- @@ -86,7 +100,7 @@ An open tag id. This is optional as it normally grabs this value from a form pos sub www_editVersionTag { my $session = shift; - return $session->privilege->insufficient() unless ($session->user->isInGroup(12)); + return $session->privilege->insufficient() unless canView($session); my $tagId = shift || $session->form->param("tagId"); my $ac = WebGUI::AdminConsole->new($session,"versions"); my $i18n = WebGUI::International->new($session,"VersionTag"); @@ -113,7 +127,7 @@ sub www_editVersionTag { ); my $workflowId = (defined $tag) ? $tag->get("workflowId") : $session->setting->get("defaultVersionTagWorkflow"); my $groupId = (defined $tag) ? $tag->get("groupToUse") : "12"; - if ($session->user->isInGroup("pbgroup000000000000016")) { + if (canView($session)) { $f->workflow( value=>$workflowId, type=>"WebGUI::VersionTag", @@ -154,7 +168,7 @@ A reference to the current session. sub www_editVersionTagSave { my $session = shift; - return $session->session->privilege->insufficient() unless ($session->user->isInGroup(12)); + return $session->session->privilege->insufficient() unless canView($session); if ($session->form->param("tagId") eq "new") { my $tag = WebGUI::VersionTag->create($session, { name=>$session->form->process("name","text", "Untitled"), @@ -274,14 +288,14 @@ A reference to the current session. sub www_manageCommittedVersions { my $session = shift; - return $session->privilege->adminOnly() unless ($session->user->isInGroup(3)); + return $session->privilege->adminOnlycanView($session); my $ac = WebGUI::AdminConsole->new($session,"versions"); my $i18n = WebGUI::International->new($session,"VersionTag"); my $rollback = $i18n->get('rollback'); my $rollbackPrompt = $i18n->get('rollback version tag confirm'); $ac->addSubmenuItem($session->url->page('op=editVersionTag'), $i18n->get("add a version tag")); $ac->addSubmenuItem($session->url->page('op=manageVersions'), $i18n->get("manage versions")); - $ac->addSubmenuItem($session->url->page('op=managePendingVersions'), $i18n->get("manage pending versions")) if ($session->user->isInGroup(3)); + $ac->addSubmenuItem($session->url->page('op=managePendingVersions'), $i18n->get("manage pending versions")) if canView($session); my $output = '
    '.$i18n->get(1050).''.$i18n->get(1051).'
    '; my $paginator = WebGUI::Paginator->new($session, $session->url->page("op=manageCommittedVersions")); @@ -315,12 +329,12 @@ A reference to the current session. sub www_managePendingVersions { my $session = shift; - return $session->privilege->adminOnly() unless ($session->user->isInGroup(3)); + return $session->privilege->adminOnly() unless canView($session); my $ac = WebGUI::AdminConsole->new($session,"versions"); my $i18n = WebGUI::International->new($session,"VersionTag"); $ac->addSubmenuItem($session->url->page('op=editVersionTag'), $i18n->get("add a version tag")); $ac->addSubmenuItem($session->url->page('op=manageVersions'), $i18n->get("manage versions")); - $ac->addSubmenuItem($session->url->page('op=manageCommittedVersions'), $i18n->get("manage committed versions")) if ($session->user->isInGroup(3)); + $ac->addSubmenuItem($session->url->page('op=manageCommittedVersions'), $i18n->get("manage committed versions")) if canView($session); my $output = '
    '.$i18n->get("version tag name").''.$i18n->get("committed on").''.$i18n->get("committed by").'
    '; my $sth = $session->db->read("select tagId,name,commitDate,committedBy from assetVersionTag where isCommitted=0 and isLocked=1"); @@ -349,12 +363,12 @@ A reference to the current session. sub www_manageVersions { my $session = shift; - return $session->privilege->insufficient() unless ($session->user->isInGroup(12)); + return $session->privilege->insufficient() unless canView($session); my $ac = WebGUI::AdminConsole->new($session,"versions"); my $i18n = WebGUI::International->new($session,"VersionTag"); $ac->addSubmenuItem($session->url->page('op=editVersionTag'), $i18n->get("add a version tag")); - $ac->addSubmenuItem($session->url->page('op=managePendingVersions'), $i18n->get("manage pending versions")) if ($session->user->isInGroup(3)); - $ac->addSubmenuItem($session->url->page('op=manageCommittedVersions'), $i18n->get("manage committed versions")) if ($session->user->isInGroup(3)); + $ac->addSubmenuItem($session->url->page('op=managePendingVersions'), $i18n->get("manage pending versions")) if canView($session); + $ac->addSubmenuItem($session->url->page('op=manageCommittedVersions'), $i18n->get("manage committed versions")) if canView($session); my ($tag,$workingTagId) = $session->db->quickArray("select name,tagId from assetVersionTag where tagId=?",[$session->scratch->get("versionTag")]); $tag ||= "None"; my $rollback = $i18n->get("rollback"); @@ -369,7 +383,7 @@ sub www_manageVersions { my $u = WebGUI::User->new($session,$tag->get("createdBy")); $output .= '
    '.$i18n->get("version tag name").'
    '; - if ($session->user->isInGroup(3)) { + if (canView($session)) { $output .= $session->icon->delete("op=rollbackVersionTag;tagId=".$tag->getId,undef,$rollbackPrompt); } $output .= $session->icon->edit("op=editVersionTag;tagId=".$tag->getId) @@ -410,7 +424,7 @@ sub www_manageRevisionsInTag { my $ac = WebGUI::AdminConsole->new($session,"versions"); my $i18n = WebGUI::International->new($session,"VersionTag"); $ac->addSubmenuItem($session->url->page('op=editVersionTag'), $i18n->get("add a version tag")); - $ac->addSubmenuItem($session->url->page('op=manageCommittedVersions'), $i18n->get("manage committed versions")) if ($session->user->isInGroup(3)); + $ac->addSubmenuItem($session->url->page('op=manageCommittedVersions'), $i18n->get("manage committed versions")) if canView($session); $ac->addSubmenuItem($session->url->page('op=manageVersions'), $i18n->get("manage versions")); my $output = ""; if ($session->form->param("workflowInstanceId")) { @@ -488,7 +502,7 @@ A reference to the current session. sub www_rollbackVersionTag { my $session = shift; - return $session->privilege->adminOnly() unless $session->user->isInGroup(3); + return $session->privilege->adminOnly() unless canView($session); my $tagId = $session->form->process("tagId"); return $session->privilege->vitalComponent() if ($tagId eq "pbversion0000000000001"); if ($tagId) { diff --git a/lib/WebGUI/Operation/Workflow.pm b/lib/WebGUI/Operation/Workflow.pm index a8fe16946..8007c84b2 100644 --- a/lib/WebGUI/Operation/Workflow.pm +++ b/lib/WebGUI/Operation/Workflow.pm @@ -32,6 +32,36 @@ Operation handler for managing workflows. =cut +#---------------------------------------------------------------------------- + +=head2 canRunWorkflow ( session [, user] ) + +Returns true if the user can run workflows from this operation. user defaults to +the current user. + +=cut + +sub canRunWorkflow { + my $session = shift; + my $user = shift || $session->user; + return $user->isInGroup( $session->setting->get("groupIdAdminWorkflowRun") ); +} + +#---------------------------------------------------------------------------- + +=head2 canView ( session [, user] ) + +Returns true if the user can administrate this operation. user defaults to +the current user. + +=cut + +sub canView { + my $session = shift; + my $user = shift || $session->user; + return $user->isInGroup( $session->setting->get("groupIdAdminWorkflow") ); +} + #------------------------------------------------------------------- =head2 www_activityHelper ( session ) @@ -78,7 +108,7 @@ Allows the user to choose the type of workflow that's going to be created. sub www_addWorkflow { my $session = shift; - return $session->privilege->insufficient() unless ($session->user->isInGroup("pbgroup000000000000015")); + return $session->privilege->insufficient() unless canView($session); my $i18n = WebGUI::International->new($session, "Workflow"); my $f = WebGUI::HTMLForm->new($session); $f->submit; @@ -117,7 +147,7 @@ Saves the results from www_addWorkflow(). sub www_addWorkflowSave { my $session = shift; - return $session->privilege->insufficient() unless ($session->user->isInGroup("pbgroup000000000000015")); + return $session->privilege->insufficient() unless canView($session); my $workflow = WebGUI::Workflow->create($session, {type=>$session->form->get("type")}); return www_editWorkflow($session, $workflow); } @@ -132,7 +162,7 @@ Deletes an entire workflow. sub www_deleteWorkflow { my $session = shift; - return $session->privilege->insufficient() unless ($session->user->isInGroup("pbgroup000000000000015")); + return $session->privilege->insufficient() unless canView($session); my $workflow = WebGUI::Workflow->new($session, $session->form->get("workflowId")); $workflow->delete if defined $workflow; return www_manageWorkflows($session); @@ -148,7 +178,7 @@ Deletes an activity from a workflow. sub www_deleteWorkflowActivity { my $session = shift; - return $session->privilege->insufficient() unless ($session->user->isInGroup("pbgroup000000000000015")); + return $session->privilege->insufficient() unless canView($session); my $workflow = WebGUI::Workflow->new($session, $session->form->get("workflowId")); if (defined $workflow) { $workflow->deleteActivity($session->form->get("activityId")); @@ -170,7 +200,7 @@ A reference to the current session. sub www_demoteWorkflowActivity { my $session = shift; - return $session->privilege->insufficient() unless ($session->user->isInGroup("pbgroup000000000000015")); + return $session->privilege->insufficient() unless canView($session); my $workflow = WebGUI::Workflow->new($session, $session->form->param("workflowId")); $workflow->demoteActivity($session->form->param("activityId")); return www_editWorkflow($session); @@ -187,7 +217,7 @@ Displays displays the editable properties of a workflow. sub www_editWorkflow { my $session = shift; my $workflow = shift; - return $session->privilege->insufficient() unless ($session->user->isInGroup("pbgroup000000000000015")); + return $session->privilege->insufficient() unless canView($session); $workflow = WebGUI::Workflow->new($session, $session->form->get("workflowId")) unless (defined $workflow); my $i18n = WebGUI::International->new($session, "Workflow"); my $workflowActivities = $session->config->get("workflowActivities"); @@ -331,7 +361,7 @@ Saves the results of www_editWorkflow() sub www_editWorkflowSave { my $session = shift; - return $session->privilege->insufficient() unless ($session->user->isInGroup("pbgroup000000000000015")); + return $session->privilege->insufficient() unless canView($session); my $workflow = WebGUI::Workflow->new($session, $session->form->param("workflowId")); $workflow->set({ enabled => $session->form->get("enabled", "yesNo"), @@ -353,7 +383,7 @@ Displays a form to edit the properties of a workflow activity. sub www_editWorkflowActivity { my $session = shift; - return $session->privilege->insufficient() unless ($session->user->isInGroup("pbgroup000000000000015")); + return $session->privilege->insufficient() unless canView($session); my $activity = ''; if ($session->form->process("className","className")) { $activity = WebGUI::Workflow::Activity->newByPropertyHashRef($session, {activityId=>"new",className=>$session->form->process("className","className")}); @@ -381,7 +411,7 @@ Saves the results of www_editWorkflowActivity(). sub www_editWorkflowActivitySave { my $session = shift; - return $session->privilege->insufficient() unless ($session->user->isInGroup("pbgroup000000000000015")); + return $session->privilege->insufficient() unless canView($session); my $workflow = WebGUI::Workflow->new($session, $session->form->get("workflowId")); if (defined $workflow) { my $activityId = $session->form->get("activityId"); @@ -406,7 +436,7 @@ Display a list of the workflows. sub www_manageWorkflows { my $session = shift; - return $session->privilege->insufficient() unless ($session->user->isInGroup("pbgroup000000000000015")); + return $session->privilege->insufficient() unless canView($session); my $i18n = WebGUI::International->new($session, "Workflow"); my $output = ''; my $rs = $session->db->read("select workflowId, title, enabled from Workflow order by title"); @@ -440,7 +470,7 @@ A reference to the current session. sub www_promoteWorkflowActivity { my $session = shift; - return $session->privilege->insufficient() unless ($session->user->isInGroup("pbgroup000000000000015")); + return $session->privilege->insufficient() unless canView($session); my $workflow = WebGUI::Workflow->new($session, $session->form->param("workflowId")); $workflow->promoteActivity($session->form->param("activityId")); return www_editWorkflow($session); @@ -458,7 +488,7 @@ sub www_runWorkflow { my $session = shift; $session->http->setMimeType("text/plain"); $session->http->setCacheControl("none"); - unless (isInSubnet($session->env->get("REMOTE_ADDR"), $session->config->get("spectreSubnets")) || $session->user->isInGroup("3")) { + unless (isInSubnet($session->env->get("REMOTE_ADDR"), $session->config->get("spectreSubnets")) || canRunWorkflow($session)) { $session->errorHandler->security("make a Spectre workflow runner request, but we're only allowed to accept requests from ".join(",",@{$session->config->get("spectreSubnets")})."."); return "error"; } @@ -487,11 +517,11 @@ Display a list of the running workflow instances. sub www_showRunningWorkflows { my $session = shift; - return $session->privilege->insufficient() unless ($session->user->isInGroup("pbgroup000000000000015")); + return $session->privilege->insufficient() unless canView($session); my $i18n = WebGUI::International->new($session, "Workflow"); my $ac = WebGUI::AdminConsole->new($session,"workflow"); - my $isAdmin = $session->user->isInGroup("3"); + my $isAdmin = canRunWorkflow($session); # javascript for creating/showing/hiding the edit priority form my $cancel = $i18n->get('edit priority cancel'); diff --git a/lib/WebGUI/i18n/English/WebGUI.pm b/lib/WebGUI/i18n/English/WebGUI.pm index 6b5d4abf0..fbe4e48fb 100644 --- a/lib/WebGUI/i18n/English/WebGUI.pm +++ b/lib/WebGUI/i18n/English/WebGUI.pm @@ -3591,6 +3591,251 @@ LongTruncOk=1

    lastUpdated => 0, }, + 'permissions' => { + message => q{Permissions}, + lastUpdated => 0, + context => q{The label for the Permissions tab of the Settings Admin panel}, + }, + + 'settings groupIdAdminActiveSessions label' => { + message => q{Active Sessions}, + lastUpdated => 0, + }, + 'settings groupIdAdminActiveSessions hoverHelp' => { + message => q{Group to view and expire active sessions.}, + lastUpdated => 0, + }, + + + 'settings groupIdAdminAdSpace label' => { + message => q{AdSpace}, + lastUpdated => 0, + }, + 'settings groupIdAdminAdSpace hoverHelp' => { + message => q{Group to manage advertising.}, + lastUpdated => 0, + }, + + + 'settings groupIdAdminCache label' => { + message => q{Cache}, + lastUpdated => 0, + }, + 'settings groupIdAdminCache hoverHelp' => { + message => q{Group to view and flush cache.}, + lastUpdated => 0, + }, + + + 'settings groupIdAdminCommerce label' => { + message => q{Commerce}, + lastUpdated => 0, + }, + 'settings groupIdAdminCommerce hoverHelp' => { + message => q{Group to manage Commerce settings.}, + lastUpdated => 0, + }, + + + 'settings groupIdAdminCron label' => { + message => q{Cron}, + lastUpdated => 0, + }, + 'settings groupIdAdminCron hoverHelp' => { + message => q{Group to manage scheduled workflows.}, + lastUpdated => 0, + }, + + + 'settings groupIdAdminDatabaseLink label' => { + message => q{Database Link}, + lastUpdated => 0, + }, + 'settings groupIdAdminDatabaseLink hoverHelp' => { + message => q{Group to manage database links.}, + lastUpdated => 0, + }, + + + 'settings groupIdAdminGraphics label' => { + message => q{Graphics}, + lastUpdated => 0, + }, + 'settings groupIdAdminGraphics hoverHelp' => { + message => q{Group to manage fonts and palettes.}, + lastUpdated => 0, + }, + + + 'settings groupIdAdminGroup label' => { + message => q{Groups}, + lastUpdated => 0, + }, + 'settings groupIdAdminGroup hoverHelp' => { + message => q{Group to manage all groups.}, + lastUpdated => 0, + }, + + + 'settings groupIdAdminGroupAdmin label' => { + message => q{Groups (limited)}, + lastUpdated => 0, + }, + 'settings groupIdAdminGroupAdmin hoverHelp' => { + message => q{Group to manage groups that user is administrator of.}, + lastUpdated => 0, + }, + + + 'settings groupIdAdminHelp label' => { + message => q{Help}, + lastUpdated => 0, + }, + 'settings groupIdAdminHelp hoverHelp' => { + message => q{Group that can view help.}, + lastUpdated => 0, + }, + + + 'settings groupIdAdminLDAPLink label' => { + message => q{LDAP}, + lastUpdated => 0, + }, + 'settings groupIdAdminLDAPLink hoverHelp' => { + message => q{Group to manage LDAP links.}, + lastUpdated => 0, + }, + + + 'settings groupIdAdminLoginHistory label' => { + message => q{Login History}, + lastUpdated => 0, + }, + 'settings groupIdAdminLoginHistory hoverHelp' => { + message => q{Group to view login history.}, + lastUpdated => 0, + }, + + + 'settings groupIdAdminProductManager label' => { + message => q{Products}, + lastUpdated => 0, + }, + 'settings groupIdAdminProductManager hoverHelp' => { + message => q{Group to manage products}, + lastUpdated => 0, + }, + + + 'settings groupIdAdminProfileSettings label' => { + message => q{User Profiling}, + lastUpdated => 0, + }, + 'settings groupIdAdminProfileSettings hoverHelp' => { + message => q{Group to manage user profile fields.}, + lastUpdated => 0, + }, + + + 'settings groupIdAdminReplacements label' => { + message => q{Content Filters}, + lastUpdated => 0, + }, + 'settings groupIdAdminReplacements hoverHelp' => { + message => q{Group to manage content filters.}, + lastUpdated => 0, + }, + + + 'settings groupIdAdminSpectre label' => { + message => q{Spectre}, + lastUpdated => 0, + }, + 'settings groupIdAdminSpectre hoverHelp' => { + message => q{Group to view Spectre status}, + lastUpdated => 0, + }, + + + 'settings groupIdAdminStatistics label' => { + message => q{Statistics}, + lastUpdated => 0, + }, + 'settings groupIdAdminStatistics hoverHelp' => { + message => q{Group to view statistics}, + lastUpdated => 0, + }, + + + 'settings groupIdAdminSubscription label' => { + message => q{Subscriptions}, + lastUpdated => 0, + }, + 'settings groupIdAdminSubscription hoverHelp' => { + message => q{Group to manage subscriptions.}, + lastUpdated => 0, + }, + + + 'settings groupIdAdminTransactionLog label' => { + message => q{Transactions}, + lastUpdated => 0, + }, + 'settings groupIdAdminTransactionLog hoverHelp' => { + message => q{Group to manage transactions.}, + lastUpdated => 0, + }, + + + 'settings groupIdAdminUser label' => { + message => q{Users}, + lastUpdated => 0, + }, + 'settings groupIdAdminUser hoverHelp' => { + message => q{Group to manage users. Can add and edit users.}, + lastUpdated => 0, + }, + + + 'settings groupIdAdminUserAdd label' => { + message => q{Users (add only)}, + lastUpdated => 0, + }, + 'settings groupIdAdminUserAdd hoverHelp' => { + message => q{Group that can only add new users.}, + lastUpdated => 0, + }, + + + 'settings groupIdAdminVersionTag label' => { + message => q{Version Tags}, + lastUpdated => 0, + }, + 'settings groupIdAdminVersionTag hoverHelp' => { + message => q{Group to manage version tags}, + lastUpdated => 0, + }, + + + 'settings groupIdAdminWorkflow label' => { + message => q{Workflow}, + lastUpdated => 0, + }, + 'settings groupIdAdminWorkflow hoverHelp' => { + message => q{Group to manage workflows}, + lastUpdated => 0, + }, + + + 'settings groupIdAdminWorkflowRun label' => { + message => q{Workflow (run)}, + lastUpdated => 0, + }, + 'settings groupIdAdminWorkflowRun hoverHelp' => { + message => q{Group that is allowed to run workflows from the admin console.}, + lastUpdated => 0, + }, + 'wiki help label leadin' => { message => q{For more help, visit the}, lastUpdated => 1185162265,