From bcdae868209ba4d7657519a4b128e15489f9b5c4 Mon Sep 17 00:00:00 2001 From: Curtis Conard Date: Mon, 13 May 2024 06:21:53 -0400 Subject: [PATCH] Modernize permission handling --- hook.php | 26 ++++++--------- report.php | 2 +- setup.php | 4 +-- src/Example.php | 39 +---------------------- src/Profile.php | 85 +++++++++++++++++++++++++++++++++++++++++++++++++ stat.php | 2 +- 6 files changed, 99 insertions(+), 59 deletions(-) create mode 100644 src/Profile.php diff --git a/hook.php b/hook.php index 61c02b3..26bf722 100644 --- a/hook.php +++ b/hook.php @@ -37,20 +37,8 @@ use GlpiPlugin\Example\Dropdown; use GlpiPlugin\Example\Example; use Dropdown as GlpiDropdown; -// Hook called on profile change -// Good place to evaluate the user right on this plugin -// And to save it in the session function plugin_change_profile_example() { - // For example : same right of computer - if (Session::haveRight('computer', UPDATE)) { - $_SESSION["glpi_plugin_example_profile"] = ['example' => 'w']; - - } else if (Session::haveRight('computer', READ)) { - $_SESSION["glpi_plugin_example_profile"] = ['example' => 'r']; - - } else { - unset($_SESSION["glpi_plugin_example_profile"]); - } + // Some logic that runs when the profile is changed } @@ -469,10 +457,14 @@ function plugin_example_addParamFordynamicReport($itemtype) { function plugin_example_install() { global $DB; - $config = new Config(); - $config->setConfigurationValues('plugin:Example', ['configuration' => false]); + $migration = new Migration(PLUGIN_EXAMPLE_VERSION); + Config::setConfigurationValues('plugin:Example', ['configuration' => false]); - ProfileRight::addProfileRights(['example:read']); + // Adds the right(s) to all pre-existing profiles with no access by default + ProfileRight::addProfileRights([Example::$rightname]); + + // Grants full access to profiles that can update the Config (super-admins) + $migration->addRight(Example::$rightname, ALLSTANDARDRIGHT, [Config::$rightname => UPDATE]); $default_charset = DBConnection::getDefaultCharset(); $default_collation = DBConnection::getDefaultCollation(); @@ -571,7 +563,7 @@ function plugin_example_uninstall() { $config = new Config(); $config->deleteConfigurationValues('plugin:Example', ['configuration' => false]); - ProfileRight::deleteProfileRights(['example:read']); + ProfileRight::deleteProfileRights([Example::$rightname]); $notif = new Notification(); $options = ['itemtype' => 'Ticket', diff --git a/report.php b/report.php index 10e02d4..51853f3 100644 --- a/report.php +++ b/report.php @@ -40,7 +40,7 @@ define('GLPI_ROOT', '../..'); include (GLPI_ROOT . "/inc/includes.php"); -Session::checkRight("config", "w"); +Session::checkRight(Config::$rightname, UPDATE); Html::header("TITRE", $_SERVER['PHP_SELF'], "plugins"); diff --git a/setup.php b/setup.php index b7ded57..67340d1 100644 --- a/setup.php +++ b/setup.php @@ -85,8 +85,8 @@ function plugin_init_example() { } } // Display a menu entry ? - $_SESSION["glpi_plugin_example_profile"]['example'] = 'w'; - if (isset($_SESSION["glpi_plugin_example_profile"])) { // Right set in change_profile hook + Plugin::registerClass(\GlpiPlugin\Example\Profile::class, ['addtabon' => ['Profile']]); + if (Example::canView()) { // Right set in change_profile hook $PLUGIN_HOOKS['menu_toadd']['example'] = ['plugins' => Example::class, 'tools' => Example::class]; diff --git a/src/Example.php b/src/Example.php index 42ec715..de4482a 100644 --- a/src/Example.php +++ b/src/Example.php @@ -46,43 +46,17 @@ use Session; class Example extends CommonDBTM { static $tags = '[EXAMPLE_ID]'; + public static $rightname = 'plugin_example'; // Should return the localized name of the type static function getTypeName($nb = 0) { return 'Example Type'; } - - static function canCreate() { - - if (isset($_SESSION["glpi_plugin_example_profile"])) { - return ($_SESSION["glpi_plugin_example_profile"]['example'] == 'w'); - } - return false; - } - - - static function canView() { - - if (isset($_SESSION["glpi_plugin_example_profile"])) { - return ($_SESSION["glpi_plugin_example_profile"]['example'] == 'w' - || $_SESSION["glpi_plugin_example_profile"]['example'] == 'r'); - } - return false; - } - - - /** - * @see CommonGLPI::getMenuName() - **/ static function getMenuName() { return __('Example plugin'); } - - /** - * @see CommonGLPI::getAdditionalMenuLinks() - **/ static function getAdditionalMenuLinks() { global $CFG_GLPI; $links = []; @@ -406,11 +380,6 @@ class Example extends CommonDBTM { ////////////////////////////// ////// SPECIFIC MODIF MASSIVE FUNCTIONS /////// - /** - * @since version 0.85 - * - * @see CommonDBTM::getSpecificMassiveActions() - **/ function getSpecificMassiveActions($checkitem = null) { $actions = parent::getSpecificMassiveActions($checkitem); @@ -423,12 +392,6 @@ class Example extends CommonDBTM { return $actions; } - - /** - * @since version 0.85 - * - * @see CommonDBTM::showMassiveActionsSubForm() - **/ static function showMassiveActionsSubForm(MassiveAction $ma) { switch ($ma->getAction()) { diff --git a/src/Profile.php b/src/Profile.php new file mode 100644 index 0000000..48a6d69 --- /dev/null +++ b/src/Profile.php @@ -0,0 +1,85 @@ +. + * ------------------------------------------------------------------------- + * @copyright Copyright (C) 2006-2022 by Example plugin team. + * @license GPLv2 https://www.gnu.org/licenses/gpl-2.0.html + * @link https://github.com/pluginsGLPI/example + * ------------------------------------------------------------------------- + */ + +namespace GlpiPlugin\Example; + +use CommonGLPI; +use Html; +use Session; + +final class Profile extends \Profile +{ + public function getTabNameForItem(CommonGLPI $item, $withtemplate = 0) + { + return __('Example plugin'); + } + + public static function displayTabContentForItem(CommonGLPI $item, $tabnum = 1, $withtemplate = 0) + { + $profile = new self(); + $profile->showFormExample($item->getID()); + } + + public function showFormExample(int $profiles_id): void + { + if (!$this->can($profiles_id, READ)) { + return; + } + + echo "
"; + + $can_edit = Session::haveRight(self::$rightname, UPDATE); + if ($can_edit) { + echo "
"; + } + + $matrix_options = [ + 'canedit' => $can_edit, + ]; + $rights = [ + [ + 'itemtype' => Example::class, + 'label' => Example::getTypeName(Session::getPluralNumber()), + 'field' => Example::$rightname + ] + ]; + $matrix_options['title'] = self::getTypeName(1); + $this->displayRightsChoiceMatrix($rights, $matrix_options); + + if ($can_edit) { + echo "
"; + echo Html::hidden('id', ['value' => $profiles_id]); + echo Html::submit(_sx('button', 'Save'), ['name' => 'update']); + echo "
\n"; + Html::closeForm(); + } + echo '
'; + } +} diff --git a/stat.php b/stat.php index ee29e95..f81095d 100644 --- a/stat.php +++ b/stat.php @@ -40,7 +40,7 @@ define('GLPI_ROOT', '../..'); include (GLPI_ROOT . "/inc/includes.php"); -Session::checkRight("config", "w"); +Session::checkRight(Config::$rightname, UPDATE); Html::header("TITLE", $_SERVER['PHP_SELF'], "plugins");