Netsyms/Mods-for-HESK-Netsyms
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Users who can handle cats can see all of them on the edit user/perm group pages

Browse Source
This commit is contained in:
Mike Koch 2018-05-19 20:23:47 -04:00
parent 7a3d2f20a9
commit 3458f240b7
No known key found for this signature in database
GPG Key ID: 9BA5D7F8391455ED
3 changed files with 31 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
admin/manage_permission_groups.php
View File

@ -189,8 +189,9 @@ function createEditModal($template, $features, $categories)
<div class="footerWithBorder blankSpace"></div> <div class="footerWithBorder blankSpace"></div>
<div class="form-group"> <div class="form-group">
<?php <?php
foreach ($categories as $category): ?> foreach ($categories as $category):
<?php $can_man_categories = hesk_checkPermission('can_man_cat', 0);
$checked = ''; $checked = '';
$disabled = ''; $disabled = '';
if (in_array($category['id'], $enabledCategories) || if (in_array($category['id'], $enabledCategories) ||
@ -198,12 +199,13 @@ function createEditModal($template, $features, $categories)
$checked = 'checked '; $checked = 'checked ';
} }
if ((!hesk_SESSION('isadmin') && if ((!hesk_SESSION('isadmin') &&
!in_array($category['id'], $_SESSION['categories'])) || !in_array($category['id'], $_SESSION['categories']) &&
!$can_man_categories) ||
$template['categories'] === 'ALL') { $template['categories'] === 'ALL') {
$disabled = ' disabled'; $disabled = ' disabled';
}?> }
<?php if ($_SESSION['isadmin'] || in_array($category['id'], $_SESSION['categories']) || $checked): ?> if ($_SESSION['isadmin'] || $can_man_categories || in_array($category['id'], $_SESSION['categories']) || $checked): ?>
<div class="checkbox"> <div class="checkbox">
<label> <label>
<input type="checkbox" name="categories[]" <input type="checkbox" name="categories[]"

7
admin/manage_users.php
View File

@ -95,7 +95,7 @@ $orderBy = $modsForHesk_settings['category_order_column'];
$hesk_settings['categories'] = array(); $hesk_settings['categories'] = array();
$res = hesk_dbQuery('SELECT `id`,`name` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'categories` ORDER BY `' . $orderBy . '` ASC'); $res = hesk_dbQuery('SELECT `id`,`name` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'categories` ORDER BY `' . $orderBy . '` ASC');
while ($row = hesk_dbFetchAssoc($res)) { while ($row = hesk_dbFetchAssoc($res)) {
if (hesk_okCategory($row['id'], 0)) { if (hesk_checkPermission('can_man_cat', 0) || hesk_okCategory($row['id'], 0)) {
$hesk_settings['categories'][$row['id']] = $row['name']; $hesk_settings['categories'][$row['id']] = $row['name'];
} }
} }
@ -406,6 +406,11 @@ function compare_user_permissions($compare_id, $compare_isadmin, $compare_catego
return false; return false;
} }
// Users who can edit categories can see all of them
if (hesk_checkPermission('can_man_cat', 0)) {
return true;
}
/* Compare categories */ /* Compare categories */
foreach ($compare_categories as $catid) { foreach ($compare_categories as $catid) {
if (!array_key_exists($catid, $hesk_settings['categories'])) { if (!array_key_exists($catid, $hesk_settings['categories'])) {

20
inc/profile_functions.inc.php
View File

@ -162,23 +162,35 @@ function hesk_profile_tab($session_array = 'new', $is_profile_page = true, $acti
if (!$is_profile_page) { if (!$is_profile_page) {
?> ?>
<div role="tabpanel" class="tab-pane fade" id="permissions"> <div role="tabpanel" class="tab-pane fade" id="permissions">
<?php if ($_SESSION['isadmin']): ?> <?php if (hesk_checkPermission('can_man_permission_tpl', 0)): ?>
<div class="form-group"> <div class="form-group">
<label for="administrator" <label for="administrator"
class="col-md-3 control-label"><?php echo $hesklang['permission_group']; ?></label> class="col-md-3 control-label"><?php echo $hesklang['permission_group']; ?></label>
<div class="col-md-9"> <div class="col-md-9">
<?php <?php
// Get list of permission templates. If current user is not admin, exclude permission tpl 1 // Get list of permission templates. If current user is not admin, only allow permission templates that have equal or less access
$excludeSql = $_SESSION['isadmin'] ? '' : " WHERE `heskprivileges` <> 'ALL'"; $excludeSql = $_SESSION['isadmin'] ? '' : " WHERE `id` <> 1";
$res = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "permission_templates`" . $excludeSql); $res = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "permission_templates`" . $excludeSql);
$current_features = explode(',', $_SESSION['heskprivileges']);
$templates = array(); $templates = array();
echo '<select name="template" id="permission-tpl" class="form-control" onchange="updateCheckboxes()">'; echo '<select name="template" id="permission-tpl" class="form-control" onchange="updateCheckboxes()">';
while ($row = hesk_dbFetchAssoc($res)) { while ($row = hesk_dbFetchAssoc($res)) {
array_push($templates, $row); $categories = $row['id'] != 1 ? explode(',', $row['categories']) : array('ALL');
$features = $row['id'] != 1 ? explode(',', $row['heskprivileges']) : array('ALL');
if ($_SESSION['isadmin'] ||
$_SESSION['template'] == $row['id'] ||
$_SESSION[$session_array]['permission_template'] == $row['id'] ||
(count(array_diff($categories, $_SESSION['categories'])) == 0 &&
count(array_diff($features, $current_features)) == 0)) {
$templates[] = $row;
$selected = $_SESSION[$session_array]['permission_template'] == $row['id'] ? 'selected' : ''; $selected = $_SESSION[$session_array]['permission_template'] == $row['id'] ? 'selected' : '';
echo '<option value="' . $row['id'] . '" ' . $selected . '>' . htmlspecialchars($row['name']) . '</option>'; echo '<option value="' . $row['id'] . '" ' . $selected . '>' . htmlspecialchars($row['name']) . '</option>';
} }
}
$selected = $_SESSION[$session_array]['permission_template'] == '-1' ? 'selected' : ''; $selected = $_SESSION[$session_array]['permission_template'] == '-1' ? 'selected' : '';
echo '<option value="-1" ' . $selected . '>' . htmlspecialchars($hesklang['custom']) . '</option>'; echo '<option value="-1" ' . $selected . '>' . htmlspecialchars($hesklang['custom']) . '</option>';
echo '</select>'; echo '</select>';