From 84e4de1e7a02ee96a4dcb7482fb96df9983eec51 Mon Sep 17 00:00:00 2001 From: "Fedor A. Fetisov" Date: Thu, 11 Jan 2018 23:26:13 +0300 Subject: [PATCH 1/3] Add new permission to control access to system statistics --- src/mibew/configs/routing.yml | 3 ++- .../Mibew/AccessControl/Check/PermissionsCheck.php | 5 ++++- src/mibew/libs/operator.php | 10 +++++++++- 3 files changed, 15 insertions(+), 3 deletions(-) diff --git a/src/mibew/configs/routing.yml b/src/mibew/configs/routing.yml index bcb01c0a..c6b33890 100644 --- a/src/mibew/configs/routing.yml +++ b/src/mibew/configs/routing.yml @@ -679,7 +679,8 @@ statistics: defaults: type: "by-date" _controller: Mibew\Controller\StatisticsController::indexAction - _access_check: Mibew\AccessControl\Check\LoggedInCheck + _access_check: Mibew\AccessControl\Check\PermissionsCheck + _access_permissions: [CAN_VIEWSTATISTICS] requirements: type: by-date|by-operator|by-page diff --git a/src/mibew/libs/classes/Mibew/AccessControl/Check/PermissionsCheck.php b/src/mibew/libs/classes/Mibew/AccessControl/Check/PermissionsCheck.php index 99895bf7..70ffb8c9 100644 --- a/src/mibew/libs/classes/Mibew/AccessControl/Check/PermissionsCheck.php +++ b/src/mibew/libs/classes/Mibew/AccessControl/Check/PermissionsCheck.php @@ -69,7 +69,7 @@ class PermissionsCheck extends LoggedInCheck * * @param string $permission_name Name of permission. Can be one of * "CAN_ADMINISTRATE", "CAN_TAKEOVER", "CAN_VIEWTHREADS", - * "CAN_MODIFYPROFILE". + * "CAN_MODIFYPROFILE", "CAN_VIEWSTATISTICS". * @return int Permission code. * @throws \InvalidArgumentException */ @@ -88,6 +88,9 @@ class PermissionsCheck extends LoggedInCheck case 'CAN_MODIFYPROFILE': $permission_code = CAN_MODIFYPROFILE; break; + case 'CAN_VIEWSTATISTICS': + $permission_code = CAN_VIEWSTATISTICS; + break; default: throw new \InvalidArgumentException(sprintf('Unknown permission "%s".', $permission_name)); } diff --git a/src/mibew/libs/operator.php b/src/mibew/libs/operator.php index 43dae914..16fe0338 100644 --- a/src/mibew/libs/operator.php +++ b/src/mibew/libs/operator.php @@ -51,6 +51,12 @@ define('CAN_VIEWTHREADS', 2); */ define('CAN_MODIFYPROFILE', 3); +/** + * Operator can view system statistics + */ +define('CAN_VIEWSTATISTICS', 4); + + /** End of permissions constants */ /** @@ -62,6 +68,7 @@ function permission_ids() { return array( CAN_ADMINISTRATE => "admin", + CAN_VIEWSTATISTICS => "statistics", CAN_TAKEOVER => "takeover", CAN_VIEWTHREADS => "viewthreads", CAN_MODIFYPROFILE => "modifyprofile", @@ -80,6 +87,7 @@ function permission_descriptions() { return array( CAN_ADMINISTRATE => getlocal('System administration: settings, operators management, button generation'), + CAN_VIEWSTATISTICS => getlocal('Ability to view system statistics'), CAN_TAKEOVER => getlocal('Take over chat thread'), CAN_VIEWTHREADS => getlocal('View another operator\'s chat thread'), CAN_MODIFYPROFILE => getlocal('Ability to modify profile'), @@ -693,7 +701,7 @@ function prepare_menu($operator, $has_right = true) $result['isOnline'] = is_operator_online($operator['operatorid']); if ($has_right) { $result['showban'] = Settings::get('enableban') == "1"; - $result['showstat'] = Settings::get('enablestatistics') == "1"; + $result['showstat'] = is_capable(CAN_VIEWSTATISTICS, $operator) && (Settings::get('enablestatistics') == "1"); $result['showadmin'] = is_capable(CAN_ADMINISTRATE, $operator); $result['currentopid'] = $operator['operatorid']; } From 8ced21fe868ad66c061087c10de6ffd546ec0c54 Mon Sep 17 00:00:00 2001 From: "Fedor A. Fetisov" Date: Thu, 11 Jan 2018 23:35:13 +0300 Subject: [PATCH 2/3] Hide system information from anyone but admins --- .../Mibew/Controller/AboutController.php | 4 +- .../server_side/about.handlebars | 66 ++++++++++--------- 2 files changed, 37 insertions(+), 33 deletions(-) diff --git a/src/mibew/libs/classes/Mibew/Controller/AboutController.php b/src/mibew/libs/classes/Mibew/Controller/AboutController.php index 6badacb7..6ed659df 100644 --- a/src/mibew/libs/classes/Mibew/Controller/AboutController.php +++ b/src/mibew/libs/classes/Mibew/Controller/AboutController.php @@ -35,8 +35,10 @@ class AboutController extends AbstractController */ public function indexAction(Request $request) { + $operator = $this->getOperator(); $page = array_merge( array( + 'showSystemInfo' => is_capable(CAN_ADMINISTRATE, $operator), 'localizations' => get_available_locales(), 'phpVersion' => phpversion(), 'extensions' => $this->getExtensionsInfo(), @@ -45,7 +47,7 @@ class AboutController extends AbstractController 'menuid' => 'about', 'availableUpdates' => $this->getAvailableUpdates(), ), - prepare_menu($this->getOperator()) + prepare_menu($operator) ); return $this->render('about', $page); diff --git a/src/mibew/styles/pages/default/templates_src/server_side/about.handlebars b/src/mibew/styles/pages/default/templates_src/server_side/about.handlebars index 74678f92..429e4058 100644 --- a/src/mibew/styles/pages/default/templates_src/server_side/about.handlebars +++ b/src/mibew/styles/pages/default/templates_src/server_side/about.handlebars @@ -14,43 +14,45 @@

{{{l10n "Copyright © {0} Contributors of the Mibew Messenger project." "2005-2017"}}}

{{{l10n "For more information visit the official site of the project: https://mibew.org/"}}}

-

+ {{#if showSystemInfo}} +

-

{{l10n "System information"}}

-

{{l10n "You are using:"}}

-
{{version}}
+

{{l10n "System information"}}

+

{{l10n "You are using:"}}

+
{{version}}
-
+
-

{{l10n "Installed localizations:"}}

- {{#each localizations}} - {{this}} - {{/each}} - -

- -

{{l10n "Environment:"}}

- PHP {{phpVersion}} {{#each extensions}}{{@key}}{{#if loaded}}{{#if version}}/{{version}}{{/if}}{{else}}/absent{{/if}} {{/each}} - -

- -

{{l10n "Available updates"}}

- {{#if availableUpdates}} - {{#each availableUpdates}} -

{{title}} ({{version}})

- {{#if description}} -
{{description}}
- {{/if}} -
- {{l10n "Download"}} -
- -
+

{{l10n "Installed localizations:"}}

+ {{#each localizations}} + {{this}} {{/each}} - {{else}} - {{l10n "There is no available updates."}}

+ +

+ +

{{l10n "Environment:"}}

+ PHP {{phpVersion}} {{#each extensions}}{{@key}}{{#if loaded}}{{#if version}}/{{version}}{{/if}}{{else}}/absent{{/if}} {{/each}} + +

+ +

{{l10n "Available updates"}}

+ {{#if availableUpdates}} + {{#each availableUpdates}} +

{{title}} ({{version}})

+ {{#if description}} +
{{description}}
+ {{/if}} +
+ {{l10n "Download"}} +
+ +
+ {{/each}} + {{else}} + {{l10n "There is no available updates."}}

+ {{/if}} + {{l10n "Check for available updates"}} {{/if}} - {{l10n "Check for available updates"}}
From 3179d5b66938ab22dde33e053009f364a30da194 Mon Sep 17 00:00:00 2001 From: "Fedor A. Fetisov" Date: Fri, 12 Jan 2018 00:32:18 +0300 Subject: [PATCH 3/3] Disable management of canned messages for all but admins --- src/mibew/configs/routing.yml | 18 +++++++++++------ .../server_side/_menu.handlebars | 16 +++++++-------- .../server_side/index.handlebars | 20 +++++++++---------- 3 files changed, 30 insertions(+), 24 deletions(-) diff --git a/src/mibew/configs/routing.yml b/src/mibew/configs/routing.yml index c6b33890..6d960d26 100644 --- a/src/mibew/configs/routing.yml +++ b/src/mibew/configs/routing.yml @@ -187,21 +187,24 @@ canned_message_add: path: /operator/canned-message/add defaults: _controller: Mibew\Controller\CannedMessageController::showEditFormAction - _access_check: Mibew\AccessControl\Check\LoggedInCheck + _access_check: Mibew\AccessControl\Check\PermissionsCheck + _access_permissions: [CAN_ADMINISTRATE] methods: [GET] canned_message_add_save: path: /operator/canned-message/add defaults: _controller: Mibew\Controller\CannedMessageController::submitEditFormAction - _access_check: Mibew\AccessControl\Check\LoggedInCheck + _access_check: Mibew\AccessControl\Check\PermissionsCheck + _access_permissions: [CAN_ADMINISTRATE] methods: [POST] canned_message_delete: path: /operator/canned-message/{message_id}/delete defaults: _controller: Mibew\Controller\CannedMessageController::deleteAction - _access_check: Mibew\AccessControl\Check\LoggedInCheck + _access_check: Mibew\AccessControl\Check\PermissionsCheck + _access_permissions: [CAN_ADMINISTRATE] requirements: message_id: \d{1,10} @@ -209,7 +212,8 @@ canned_message_edit: path: /operator/canned-message/{message_id}/edit defaults: _controller: Mibew\Controller\CannedMessageController::showEditFormAction - _access_check: Mibew\AccessControl\Check\LoggedInCheck + _access_check: Mibew\AccessControl\Check\PermissionsCheck + _access_permissions: [CAN_ADMINISTRATE] requirements: message_id: \d{1,10} methods: [GET] @@ -218,7 +222,8 @@ canned_message_edit_save: path: /operator/canned-message/{message_id}/edit defaults: _controller: Mibew\Controller\CannedMessageController::submitEditFormAction - _access_check: Mibew\AccessControl\Check\LoggedInCheck + _access_check: Mibew\AccessControl\Check\PermissionsCheck + _access_permissions: [CAN_ADMINISTRATE] requirements: message_id: \d{1,10} methods: [POST] @@ -227,7 +232,8 @@ canned_messages: path: /operator/canned-message defaults: _controller: Mibew\Controller\CannedMessageController::indexAction - _access_check: Mibew\AccessControl\Check\LoggedInCheck + _access_check: Mibew\AccessControl\Check\PermissionsCheck + _access_permissions: [CAN_ADMINISTRATE] ## Groups group_add: diff --git a/src/mibew/styles/pages/default/templates_src/server_side/_menu.handlebars b/src/mibew/styles/pages/default/templates_src/server_side/_menu.handlebars index ba46f701..89e64942 100644 --- a/src/mibew/styles/pages/default/templates_src/server_side/_menu.handlebars +++ b/src/mibew/styles/pages/default/templates_src/server_side/_menu.handlebars @@ -22,11 +22,11 @@ {{/if}} -
  • -

    {{l10n "Administration"}}

    - +
    • + {{/if}}

  • {{l10n "Other"}}

      diff --git a/src/mibew/styles/pages/default/templates_src/server_side/index.handlebars b/src/mibew/styles/pages/default/templates_src/server_side/index.handlebars index 01a95e7a..24665d99 100644 --- a/src/mibew/styles/pages/default/templates_src/server_side/index.handlebars +++ b/src/mibew/styles/pages/default/templates_src/server_side/index.handlebars @@ -65,17 +65,17 @@
    • {{/if}} -
    -
    - - - {{l10n "Canned Messages"}} - - {{l10n "Edit messages that you frequently type into the chat."}} -
    -
    - {{#if showadmin}} +
    +
    + + + {{l10n "Canned Messages"}} + + {{l10n "Edit messages that you frequently type into the chat."}} +
    +
    +