[dev] Patch for Permissions for Application/Menu/Preferences

Joel Vandal jvandal at infoteck.qc.ca
Sat Oct 4 12:29:51 PDT 2003 

Hi All,

This patch (using latest CVS version) allow to set basic permission (_PERMS_SHOW) by :

     - Application 
     - Menu Item on the Application
     - Preferences Group on the Application

With this patch, simply log as an administrator and create permissions like :

+  imp
    + menu
       - fetchmail
       - search
    + prefs
       - fetchmail
       - filters
+ gollem
+ kronolith
    + prefs
       - share 
   
Since permission system allow to create by users and groups, all applications/menu/prefs permission will be able to use these.

--
Joel Vandal
-------------- next part --------------
Index: lib/Menu.php
===================================================================
RCS file: /repository/horde/lib/Menu.php,v
retrieving revision 1.49
diff -u -r1.49 Menu.php
--- lib/Menu.php 29 Sep 2003 12:10:32 -0000 1.49
+++ lib/Menu.php 4 Oct 2003 19:18:09 -0000
@@ -100,6 +100,19 @@
     {
         global $conf, $prefs;
 
+ // Menu Item Permissions system.
+        require_once HORDE_BASE . '/lib/Perms.php';
+
+ $perms = &Perms::singleton();
+ $app = $GLOBALS['registry']->getApp();
+ if (preg_match("|/$app/(.*?)\.php|", $url, $matchs)) {
+     $perm = $GLOBALS['registry']->getApp() . ':menu:' . $matchs[1];
+ }
+
+ if (isset($perm) && $perms->exists($perm) && (!$perms->hasPermission($perm, Auth::GetAuth(), _PERMS_SHOW))) {
+            return '';
+ }
+
         if (is_null($cell_class)) {
             $c = parse_url($_SERVER['PHP_SELF']);
             $l = parse_url($url);
Index: lib/PrefsUI.php
===================================================================
RCS file: /repository/horde/lib/PrefsUI.php,v
retrieving revision 1.25
diff -u -r1.25 PrefsUI.php
--- lib/PrefsUI.php 21 Sep 2003 22:34:16 -0000 1.25
+++ lib/PrefsUI.php 4 Oct 2003 19:18:09 -0000
@@ -31,11 +31,20 @@
     {
         global $prefs, $prefGroups;
         static $results;
-
         if (!isset($results)) {
             $results = array();
         }
 
+ // Menu Item Permissions system.
+        require_once HORDE_BASE . '/lib/Perms.php';
+
+ $perms = &Perms::singleton();
+ $perm = $GLOBALS['registry']->getApp() . ':prefs:' . $group;
+
+ if (isset($perm) && $perms->exists($perm) && (!$perms->hasPermission($perm, Auth::GetAuth(), _PERMS_SHOW))) {
+            $results[$group] = false;
+ }
+
         if (!array_key_exists($group, $results)) {
             if (!empty($group['url'])) {
                 $results[$group] = true;
@@ -43,6 +52,7 @@
                 $results[$group] = false;
                 if (isset($prefGroups[$group]['members'])) {
                     foreach ($prefGroups[$group]['members'] as $pref) {
+
                         if (!$prefs->isLocked($pref)) {
                             $results[$group] = true;
                             return true;
@@ -197,6 +207,7 @@
         if (!empty($group) && PrefsUI::groupIsEditable($group)) {
             require $registry->getParam('templates', 'horde') . '/prefs/begin.inc';
             foreach ($prefGroups[$group]['members'] as $pref) {
+
                 if (!$prefs->isLocked($pref)) {
                     /* Get the help link. */
                     if (array_key_exists('help', $_prefs[$pref]) &&
Index: lib/Registry.php
===================================================================
RCS file: /repository/horde/lib/Registry.php,v
retrieving revision 1.167
diff -u -r1.167 Registry.php
--- lib/Registry.php 21 Sep 2003 22:34:16 -0000 1.167
+++ lib/Registry.php 4 Oct 2003 19:18:09 -0000
@@ -139,6 +139,10 @@
            any Auth:: checks in registry.php. */
         require_once HORDE_BASE . '/lib/Auth.php';
 
+ /* Make sure we've included the Perms library in case there are
+    any Perms:: checks in registry.php. */
+        require_once HORDE_BASE . '/lib/Perms.php';
+
         /* Read the registry configuration file. */
         require_once HORDE_BASE . '/config/registry.php';
 
@@ -616,7 +620,14 @@
      */
     function pushApp($app)
     {
-        if ($app == $this->_currentApp) {
+ 
+ // Application Permissions system.
+ $perms = &Perms::singleton();
+ if ($perms->exists($app) && (!$perms->hasPermission($app, Auth::GetAuth(), _PERMS_SHOW))) {
+            return PEAR::raiseError(sprintf(_("Permission denied for %s/%s."), $app, Auth::GetAuth()));
+ }
+ 
+ if ($app == $this->_currentApp) {
             return false;
         }
 
Index: services/portal/menu.php
===================================================================
RCS file: /repository/horde/services/portal/menu.php,v
retrieving revision 2.46
diff -u -r2.46 menu.php
--- services/portal/menu.php 3 Oct 2003 01:39:17 -0000 2.46
+++ services/portal/menu.php 4 Oct 2003 19:18:44 -0000
@@ -15,7 +15,7 @@
  */
 function sortByMenu()
 {
-    global $registry;
+    global $registry, $perms;
 
     $children = array();
     foreach ($registry->applications as $app => $params) {
@@ -37,6 +37,10 @@
                     ($cparams['status'] == 'admin' && Auth::isAdmin())) {
                     $active = true;
                 }
+ if ($perms->exists($capp) &&
+     !$perms->hasPermission($capp, Auth::GetAuth(), _PERMS_SHOW)) {
+     $active = false;
+ }
             }
             if (!$active) {
                 unset($tmp[$app]);
@@ -64,6 +68,9 @@
 }
 require HORDE_TEMPLATES . '/common-header.inc';
 
+require_once HORDE_BASE . '/lib/Perms.php';
+$perms = &Perms::singleton();
+
 // Sort the array so we have parents and children all lined up.
 sortByMenu();
 
@@ -75,6 +82,9 @@
 
 foreach ($registry->applications as $app => $params) {
     $params['name'] = _($params['name']);
+    if ($perms->exists($app) && !$perms->hasPermission($app, Auth::GetAuth(), _PERMS_SHOW)) {
+ $params['status'] = 'inactive';
+    }
     if ($params['status'] == 'active' || $params['status'] == 'heading' ||
         ($params['status'] == 'admin' && Auth::isAdmin())) {
         $i++;
Index: services/portal/mozbar.php
===================================================================
RCS file: /repository/horde/services/portal/mozbar.php,v
retrieving revision 1.4
diff -u -r1.4 mozbar.php
--- services/portal/mozbar.php 2 Oct 2003 19:58:52 -0000 1.4
+++ services/portal/mozbar.php 4 Oct 2003 19:18:44 -0000
@@ -15,7 +15,7 @@
  */
 function sortByMenu()
 {
-    global $registry;
+    global $registry, $perms;
 
     $children = array();
     foreach ($registry->applications as $app => $params) {
@@ -37,6 +37,10 @@
                     ($cparams['status'] == 'admin' && Auth::isAdmin())) {
                     $active = true;
                 }
+ if ($perms->exists($capp) &&
+     !$perms->hasPermission($capp, Auth::GetAuth(), _PERMS_SHOW)) {
+     $active = false;
+ }
             }
             if (!$active) {
                 unset($tmp[$app]);
@@ -65,6 +69,9 @@
 $bodyClass = 'nomargin';
 require HORDE_TEMPLATES . '/common-header.inc';
 
+require_once HORDE_BASE . '/lib/Perms.php';
+$perms = &Perms::singleton();
+
 // Sort the array so we have parents and children all lined up.
 sortByMenu();
 
@@ -76,6 +83,9 @@
 
 foreach ($registry->applications as $app => $params) {
     $params['name'] = gettext($params['name']);
+    if ($perms->exists($app) && !$perms->hasPermission($app, Auth::GetAuth(), _PERMS_SHOW)) {
+ $params['status'] = 'inactive';
+    }
     if ($params['status'] == 'active' || $params['status'] == 'heading' ||
         ($params['status'] == 'admin' && Auth::isAdmin())) {
         $i++;

More information about the dev mailing list