Add new permission to control access to system statistics

2025-01-31 05:20:30 +03:00 · 2018-01-11 23:26:13 +03:00 · 2018-01-11 23:26:13 +03:00 · 84e4de1e7a
commit 84e4de1e7a
parent 39309d1914
3 changed files with 15 additions and 3 deletions
--- a/src/mibew/configs/routing.yml
+++ b/src/mibew/configs/routing.yml
@ -679,7 +679,8 @@ statistics:
    defaults:
        type: "by-date"
        _controller: Mibew\Controller\StatisticsController::indexAction
-        _access_check: Mibew\AccessControl\Check\LoggedInCheck
+        _access_check: Mibew\AccessControl\Check\PermissionsCheck
+        _access_permissions: [CAN_VIEWSTATISTICS]
    requirements:
        type: by-date|by-operator|by-page

--- a/src/mibew/libs/classes/Mibew/AccessControl/Check/PermissionsCheck.php
+++ b/src/mibew/libs/classes/Mibew/AccessControl/Check/PermissionsCheck.php
@ -69,7 +69,7 @@ class PermissionsCheck extends LoggedInCheck
     *
     * @param string $permission_name Name of permission. Can be one of
     *   "CAN_ADMINISTRATE", "CAN_TAKEOVER", "CAN_VIEWTHREADS",
-     *   "CAN_MODIFYPROFILE".
+     *   "CAN_MODIFYPROFILE", "CAN_VIEWSTATISTICS".
     * @return int Permission code.
     * @throws \InvalidArgumentException
     */
@ -88,6 +88,9 @@ class PermissionsCheck extends LoggedInCheck
            case 'CAN_MODIFYPROFILE':
                $permission_code = CAN_MODIFYPROFILE;
                break;
+            case 'CAN_VIEWSTATISTICS':
+                $permission_code = CAN_VIEWSTATISTICS;
+                break;
            default:
                throw new \InvalidArgumentException(sprintf('Unknown permission "%s".', $permission_name));
        }
--- a/src/mibew/libs/operator.php
+++ b/src/mibew/libs/operator.php
@ -51,6 +51,12 @@ define('CAN_VIEWTHREADS', 2);
 */
 define('CAN_MODIFYPROFILE', 3);

+/**
+ * Operator can view system statistics
+ */
+define('CAN_VIEWSTATISTICS', 4);
+
+
 /** End of permissions constants */

 /**
@ -62,6 +68,7 @@ function permission_ids()
 {
    return array(
        CAN_ADMINISTRATE => "admin",
+        CAN_VIEWSTATISTICS => "statistics",
        CAN_TAKEOVER => "takeover",
        CAN_VIEWTHREADS => "viewthreads",
        CAN_MODIFYPROFILE => "modifyprofile",
@ -80,6 +87,7 @@ function permission_descriptions()
 {
    return array(
        CAN_ADMINISTRATE => getlocal('System administration: settings, operators management, button generation'),
+        CAN_VIEWSTATISTICS => getlocal('Ability to view system statistics'),
        CAN_TAKEOVER => getlocal('Take over chat thread'),
        CAN_VIEWTHREADS => getlocal('View another operator\'s chat thread'),
        CAN_MODIFYPROFILE => getlocal('Ability to modify profile'),
@ -693,7 +701,7 @@ function prepare_menu($operator, $has_right = true)
    $result['isOnline'] = is_operator_online($operator['operatorid']);
    if ($has_right) {
        $result['showban'] = Settings::get('enableban') == "1";
-        $result['showstat'] = Settings::get('enablestatistics') == "1";
+        $result['showstat'] = is_capable(CAN_VIEWSTATISTICS, $operator) && (Settings::get('enablestatistics') == "1");
        $result['showadmin'] = is_capable(CAN_ADMINISTRATE, $operator);
        $result['currentopid'] = $operator['operatorid'];
    }