Skip to content
Snippets Groups Projects
Commit 641199de authored by Jared Hancock's avatar Jared Hancock
Browse files

role: Add a `permissions` field to manage pems locally

parent 8d7d7b11
No related branches found
No related tags found
No related merge requests found
......@@ -79,9 +79,11 @@ class Role extends RoleModel {
var $_perm;
function getPermission() {
if (!$this->_perm)
$this->_perm = new RolePermission('role.'.$this->getId());
if (!$this->_perm) {
$this->_perm = new RolePermission(
isset($this->permissions) ? $this->permissions : array()
);
}
return $this->_perm;
}
......@@ -125,13 +127,13 @@ class Role extends RoleModel {
private function updatePerms($vars, &$errors=array()) {
$config = array();
$permissions = $this->getPermission();
foreach (RolePermission::allPermissions() as $g => $perms) {
foreach($perms as $k => $v)
$config[$k] = in_array($k, $vars) ? 1 : 0;
foreach($perms as $k => $v) {
$permissions->set($k, in_array($k, $vars) ? 1 : 0);
}
}
$this->getPermission()->updateAll($config);
$this->getPermission()->load();
$this->permissions = $permissions->toJson();
}
function update($vars, &$errors) {
......@@ -149,11 +151,12 @@ class Role extends RoleModel {
$this->name = $vars['name'];
$this->notes = $vars['notes'];
if (!$this->save(true))
return false;
$this->updatePerms($vars['perms'], $errors);
if (!$this->save(true))
return false;
return true;
}
......@@ -179,9 +182,6 @@ class Role extends RoleModel {
->filter(array('role_id'=>$this->getId()))
->update(array('role_id' => 0));
// Delete permission settings
$this->getPermission()->destroy();
return true;
}
......@@ -193,10 +193,10 @@ class Role extends RoleModel {
static function __create($vars, &$errors) {
$role = self::create($vars);
$role->save();
if ($vars['permissions'])
$role->updatePerms($vars['permissions']);
$role->save();
return $role;
}
......@@ -252,7 +252,7 @@ class Role extends RoleModel {
}
class RolePermission extends Config {
class RolePermission {
static $_permissions = array(
/* @trans */ 'Tickets' => array(
......@@ -296,46 +296,75 @@ class RolePermission extends Config {
),
);
var $perms;
static function allPermissions() {
return static::$_permissions;
}
function get($var) {
return (bool) parent::get($var);
function __construct($perms) {
$this->perms = $perms;
if (is_string($this->perms))
$this->perms = JsonDataParser::parse($this->perms);
elseif (!$this->perms)
$this->perms = array();
}
function has($perm) {
return (bool) $this->get($perm);
}
function get($perm) {
return @$this->perms[$perm];
}
function set($perm, $value) {
if (!$value)
unset($this->perms[$perm]);
else
$this->perms[$perm] = $value;
}
function toJson() {
return JsonDataEncoder::encode($this->perms);
}
function getInfo() {
return $this->perms;
}
/* tickets */
function canCreateTickets() {
return ($this->get('ticket.create'));
return ($this->has('ticket.create'));
}
function canEditTickets() {
return ($this->get('ticket.edit'));
return ($this->has('ticket.edit'));
}
function canAssignTickets() {
return ($this->get('ticket.assign'));
return ($this->has('ticket.assign'));
}
function canTransferTickets() {
return ($this->get('ticket.transfer'));
return ($this->has('ticket.transfer'));
}
function canPostReply() {
return ($this->get('ticket.reply'));
return ($this->has('ticket.reply'));
}
function canCloseTickets() {
return ($this->get('ticket.close'));
return ($this->has('ticket.close'));
}
function canDeleteTickets() {
return ($this->get('ticket.delete'));
return ($this->has('ticket.delete'));
}
/* Knowledge base */
function canManagePremade() {
return ($this->get('kb.premade'));
return ($this->has('kb.premade'));
}
function canManageCannedResponses() {
......@@ -343,7 +372,7 @@ class RolePermission extends Config {
}
function canManageFAQ() {
return ($this->get('kb.faq'));
return ($this->has('kb.faq'));
}
function canManageFAQs() {
......@@ -352,12 +381,12 @@ class RolePermission extends Config {
/* stats */
function canViewStaffStats() {
return ($this->get('stats.agents'));
return ($this->has('stats.agents'));
}
/* email */
function canBanEmails() {
return ($this->get('emails.banlist'));
return ($this->has('emails.banlist'));
}
}
?>
......@@ -53,6 +53,7 @@ implements AuthenticatedUser {
var $passwd_change;
var $_roles = null;
var $_teams = null;
var $_perms = null;
function __onload() {
// WE have to patch info here to support upgrading from old versions.
......@@ -285,18 +286,16 @@ implements AuthenticatedUser {
}
function hasPermission($perm) {
static $perms = null;
if (!isset($perms[$perm])) {
$perms[$perm] = false;
foreach($this->getDepartments() as $deptId) {
if (($role=$this->getRole($deptId))
&& $role->getPermission()
&& $role->getPermission()->get($perm))
$perms[$perm] = true;
if (!isset($this->_perms)) {
foreach ($this->getDepartments() as $deptId) {
if (($role = $this->getRole($deptId))) {
foreach ($role->getPermission()->getInfo() as $perm=>$v) {
$this->_perms[$perm] |= $v;
}
}
}
}
return $perms[$perm];
return @$this->_perms[$perm];
}
function canCreateTickets() {
......
c7c828356c88b462ba2e3e1437dca0df
e9b05c1970a94c63220bdc6a3bee1c7d
/**
* @signature c7c828356c88b462ba2e3e1437dca0df
* @signature e9b05c1970a94c63220bdc6a3bee1c7d
* @version v1.9.6
* @title Add role-based access
*
......@@ -11,6 +11,7 @@ CREATE TABLE `%TABLE_PREFIX%role` (
`id` int(11) unsigned NOT NULL AUTO_INCREMENT,
`flags` int(10) unsigned NOT NULL DEFAULT '1',
`name` varchar(64) DEFAULT NULL,
`permissions` text,
`notes` text,
`created` datetime NOT NULL,
`updated` datetime NOT NULL,
......@@ -38,5 +39,5 @@ ALTER TABLE `%TABLE_PREFIX%department`
-- Finished with patch
UPDATE `%TABLE_PREFIX%config`
SET `value`='c7c828356c88b462ba2e3e1437dca0df'
SET `value`='e9b05c1970a94c63220bdc6a3bee1c7d'
WHERE `key` = 'schema_signature' AND `namespace` = 'core';
......@@ -42,6 +42,7 @@ if ($_POST) {
case 'add':
$_role = Role::create();
if ($_role->update($_POST, $errors)) {
unset($_REQUEST['a']);
$msg = sprintf(__('Successfully added %s'),
__('role'));
} elseif ($errors) {
......
......@@ -406,6 +406,7 @@ CREATE TABLE `%TABLE_PREFIX%role` (
`id` int(11) unsigned NOT NULL AUTO_INCREMENT,
`flags` int(10) unsigned NOT NULL DEFAULT '1',
`name` varchar(64) DEFAULT NULL,
`permissions` text,
`notes` text,
`created` datetime NOT NULL,
`updated` datetime NOT NULL,
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment