Skip to content
GitLab
Unverified Commit b058eea5 authored by Côme Chilliet's avatar Côme Chilliet
Browse files

:ambulance: fix(argonaut) Check ACL when validating argonaut action 

issue #6131
parent baed6f5e
dev 6231-give-the-ability-to-the-webservice-to-notice-if-an-attribute-is-monovalued-or-multivalued 6237-add-requiredattrs-array-to-the-webservice-informations 6245-adapt-the-ci-to-the-reorganisation-of-the-dev-tools-and-fixing-the-trigger-downstream-pipelines 6250-supann-configuration-backend-requires-account-life-cycle-section 6280-plugins-update-plugins-to-take-into-consideration-the-new-directory-of-core-structure 6310-tasks-reminder-error-in-the-schema-duplicate-attribute-id 6311-put-the-version-1-5-in-all-yaml-for-fusiondirectory-1-5 6322-template-issue-when-creating-a-template-with-empty-password-error-message-should-not-be-seen-2 6332-zimbra-allows-update-of-data-for-unknown-domain-name-for-specific-individual-aliases 6337-webservice-issue-with-archiving-post-request-not-responding-but-successfully-archiving-user 6341-supann-extract-resources-states-sub-states-from-backend-configuration-to-their-own-objects 6346-lifecycle-adaptation-to-select-supann-resources-and-related-states-via-regex-mechanism master fusiondirectory-1.5 fusiondirectory-1.4
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 57 additions and 4 deletions
+57 -4
argonaut/addons/argonaut/class_argonautAction.inc
+ 57
4
View file @ b058eea5
...@@ -18,6 +18,42 @@ ...@@ -18,6 +18,42 @@
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
*/ */
class ArgonautTargetsAttribute extends SystemsAttribute
{
/**
* @var array<string|null>
*/
protected $valueDns = [];
public function __construct (string $label, string $description, string $ldapName, bool $required, array $objectTypes = ['terminal', 'workstation', 'server'], array $defaultValue = [], string $store_attr = 'macAddress', string $display_attr = 'cn', array $filterElementDefinitions = NULL, string $acl = '')
{
parent::__construct($label, $description, $ldapName, $required, $objectTypes, $defaultValue, $store_attr, $display_attr, $filterElementDefinitions, $acl);
}
protected function fillDisplayValueFrom ($i, $attrs)
{
parent::fillDisplayValueFrom($i, $attrs);
$this->valueDns[$i] = ($attrs['dn'] ?? NULL);
}
public function setValue ($value)
{
$this->valueDns = [];
parent::setValue($value);
}
protected function removeValue ($row)
{
parent::removeValue($row);
unset($this->valueDns[$row]);
}
public function getDnList(): array
{
return $this->valueDns;
}
}
class argonautAction extends ManagementDialog class argonautAction extends ManagementDialog
{ {
protected $post_cancel = 'abort_event_dialog'; protected $post_cancel = 'abort_event_dialog';
...@@ -95,11 +131,9 @@ class argonautAction extends ManagementDialog ...@@ -95,11 +131,9 @@ class argonautAction extends ManagementDialog
'targets' => [ 'targets' => [
'name' => _('Targets'), 'name' => _('Targets'),
'attrs' => [ 'attrs' => [
new SystemsAttribute( new ArgonautTargetsAttribute(
'', _('Targets for this task'), '', _('Targets for this task'),
'targets', TRUE, 'targets', TRUE
['terminal', 'workstation', 'server'], [],
'macAddress'
) )
] ]
] ]
...@@ -147,6 +181,22 @@ class argonautAction extends ManagementDialog ...@@ -147,6 +181,22 @@ class argonautAction extends ManagementDialog
parent::loadAttributes(); parent::loadAttributes();
} }
public function check (): array
{
$errors = parent::check();
foreach ($this->attributesAccess['targets']->getDnList() as $dn) {
if (!$this->acl_is_createable($dn)) {
$errors[] = new SimplePluginPermissionError(
$this->attributesAccess['targets'],
htmlescape(sprintf(_('Not enough permission to schedule an action for %s'), $dn))
);
}
}
return $errors;
}
protected function handleFinish () protected function handleFinish ()
{ {
$msgs = $this->check(); $msgs = $this->check();
...@@ -162,6 +212,9 @@ class argonautAction extends ManagementDialog ...@@ -162,6 +212,9 @@ class argonautAction extends ManagementDialog
$error->display(); $error->display();
} }
$this->parent->closeDialogs(); $this->parent->closeDialogs();
} else {
$error = new FusionDirectoryError(_('Could not send action to argonaut server'));
$error->display();
} }
} }
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment