From 01eff99db91b2b982bd46d05dcf8b9ef915f1892 Mon Sep 17 00:00:00 2001 From: Borja Rubio Date: Fri, 8 Nov 2013 11:22:55 +0100 Subject: [PATCH 1/2] Added new permission for operators to see Notifications --- src/mibew/libs/operator.php | 9 ++++++--- src/mibew/locales/en/properties | 1 + src/mibew/operator/notifications.php | 2 +- src/mibew/view/inc_menu.php | 2 ++ 4 files changed, 10 insertions(+), 4 deletions(-) diff --git a/src/mibew/libs/operator.php b/src/mibew/libs/operator.php index 8d5646cc..4aa9cc8a 100644 --- a/src/mibew/libs/operator.php +++ b/src/mibew/libs/operator.php @@ -21,14 +21,16 @@ $can_administrate = 0; $can_takeover = 1; $can_viewthreads = 2; $can_modifyprofile = 3; +$can_viewnotifications = 4; -$can_count = 4; +$can_count = 5; $permission_ids = array( $can_administrate => "admin", $can_takeover => "takeover", $can_viewthreads => "viewthreads", - $can_modifyprofile => "modifyprofile" + $can_modifyprofile => "modifyprofile", + $can_viewnotifications => "viewnotifications" ); function operator_by_login($login) @@ -356,13 +358,14 @@ function is_capable($perm, $operator) function prepare_menu($operator, $hasright = true) { - global $page, $settings, $can_administrate; + global $page, $settings, $can_administrate,$can_viewnotifications; $page['operator'] = topage(get_operator_name($operator)); if ($hasright) { loadsettings(); $page['showban'] = $settings['enableban'] == "1"; $page['showgroups'] = $settings['enablegroups'] == "1"; $page['showstat'] = $settings['enablestatistics'] == "1"; + $page['shownotifications'] = is_capable($can_viewnotifications, $operator); $page['showadmin'] = is_capable($can_administrate, $operator); $page['currentopid'] = $operator['operatorid']; } diff --git a/src/mibew/locales/en/properties b/src/mibew/locales/en/properties index bc4d4639..73d823ba 100644 --- a/src/mibew/locales/en/properties +++ b/src/mibew/locales/en/properties @@ -415,6 +415,7 @@ permission.admin=System administration: settings, operators management, button g permission.modifyprofile=Ability to modify profile permission.takeover=Take over chat thread permission.viewthreads=View another operator's chat thread +permission.viewnotifications=View clients notifications permissions.intro=Change restrictions and available features for this operator. permissions.title=Permissions presurvey.department=Choose Department: diff --git a/src/mibew/operator/notifications.php b/src/mibew/operator/notifications.php index aa478c9c..833a30ea 100644 --- a/src/mibew/operator/notifications.php +++ b/src/mibew/operator/notifications.php @@ -25,7 +25,7 @@ $operator = check_login(); $page = array(); $errors = array(); -if (!is_capable($can_administrate, $operator)) { +if (!is_capable($can_administrate, $operator) && !is_capable($can_viewnotifications, $operator)) { die("Permission denied."); } diff --git a/src/mibew/view/inc_menu.php b/src/mibew/view/inc_menu.php index 1914c25d..4a03689d 100644 --- a/src/mibew/view/inc_menu.php +++ b/src/mibew/view/inc_menu.php @@ -58,6 +58,8 @@ function tpl_menu() { global $page, $mibewroot, $errors; > > > + + > From 85c4caefdd09399448ebff7a0a0c6cf6987eaadc Mon Sep 17 00:00:00 2001 From: Borja Rubio Date: Wed, 11 Dec 2013 19:20:52 +0100 Subject: [PATCH 2/2] Fixed problem with security constants --- src/mibew/libs/operator.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/mibew/libs/operator.php b/src/mibew/libs/operator.php index 4aa9cc8a..a7d10d4e 100644 --- a/src/mibew/libs/operator.php +++ b/src/mibew/libs/operator.php @@ -21,9 +21,10 @@ $can_administrate = 0; $can_takeover = 1; $can_viewthreads = 2; $can_modifyprofile = 3; -$can_viewnotifications = 4; +$can_count = 4; +$can_viewnotifications = 5; + -$can_count = 5; $permission_ids = array( $can_administrate => "admin",