Commit f3fb2d1a authored by Côme Chilliet's avatar Côme Chilliet

Fixes #5470 Added a blacklist system for plugins menu

parent 29ffe140
......@@ -367,6 +367,12 @@ attributetype ( 1.3.6.1.4.1.38414.8.18.8 NAME 'fdDefaultShell'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE)
attributetype ( 1.3.6.1.4.1.38414.8.18.9 NAME 'fdPluginsMenuBlacklist'
DESC 'FusionDirectory - Blacklist as groupdn|plugin or roledn|plugin'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
# Plugins
attributetype ( 1.3.6.1.4.1.38414.8.19.1 NAME 'fdOGroupRDN'
......@@ -548,6 +554,7 @@ objectclass ( 1.3.6.1.4.1.38414.8.2.1 NAME 'fusionDirectoryConf'
fdDisplayErrors $ fdLdapMaxQueryTime $ fdLdapStats $ fdDebugLevel $
fdEnableSnapshots $ fdSnapshotBase $
fdTabHook $ fdShells $ fdDefaultShell $ fdDisplayHookOutput $
fdPluginsMenuBlacklist $
fdAclTabOnObjects $ fdDepartmentCategories $
fdSslCaCertPath $ fdSslKeyPath $ fdSslCertPath $
fdCasActivated $ fdCasServerCaCertPath $ fdCasHost $ fdCasPort $ fdCasContext
......
......@@ -212,9 +212,20 @@ class pluglist {
*
* \return Boolean TRUE on success FALSE otherwise
*/
function check_access($aclname)
function check_access($infos)
{
global $ui;
if (isset($infos['CLASS']) && $ui->isBlacklisted($infos['CLASS'])) {
return FALSE;
}
if (!isset($infos['ACL'])) {
return FALSE;
}
$aclname = $infos['ACL'];
if (isset($this->silly_cache[$aclname])) {
return $this->silly_cache[$aclname];
}
......@@ -320,18 +331,15 @@ class pluglist {
/* Parse sub-plugins */
foreach ($config->data['MENU'][$section] as $info) {
if (!$this->check_access($info)) {
continue;
}
if (isset($info['CLASS']) && plugin_available($info['CLASS'])) {
if (!$this->check_access($info['ACL'])) {
continue;
}
$index = $this->get_index($info['CLASS']);
$this->allowed_plugins[$index] = $index;
list ($plHeadline, $plDescription, $href, ) = $this->get_infos($info['CLASS']);
$id = $info['CLASS'];
} elseif (!isset($info['CLASS'])) {
if (isset($info['ACL']) && !$this->check_access($info['ACL'])) {
continue;
}
$plHeadline = $info['TITLE'];
$plDescription = $info['DESCRIPTION'];
$href = $info['LINK'];
......@@ -388,17 +396,14 @@ class pluglist {
$menu .= $section_infos['NAME']."</h1>\n";
foreach ($config->data['MENU'][$section] as $info) {
if (!$this->check_access($info)) {
continue;
}
if (isset($info['CLASS']) && plugin_available($info['CLASS'])) {
if (!$this->check_access($info['ACL'])) {
continue;
}
/* Read information from class variable */
list ($plHeadline, $plDescription, $href, $plIcon) = $this->get_infos($info['CLASS']);
$id = $info['CLASS'];
} elseif (!isset($info['CLASS'])) {
if (isset($info['ACL']) && !$this->check_access($info['ACL'])) {
continue;
}
$plHeadline = $info['TITLE'];
$plDescription = $info['DESCRIPTION'];
$href = $info['LINK'];
......
......@@ -966,5 +966,23 @@ class userinfo
}
return ($this->get_permissions($config->current['BASE'], 'user/user') == 'rwcdm');
}
/* \brief Test if a plugin is blacklisted for this user (does not show up in the menu)
*/
function isBlacklisted($plugin)
{
global $config;
$blacklist = $config->get_cfg_value('PluginsMenuBlacklist', array());
foreach ($blacklist as $item) {
list ($group, $p) = explode('|', $item, 2);
if ($plugin == $p) {
if (in_array($group, $this->groups) || in_array($group, $this->roles)) {
return TRUE;
}
}
}
return FALSE;
}
}
?>
......@@ -376,6 +376,29 @@ class configInLdap extends simplePlugin
),
array()
),
new OrderedArrayAttribute(
new PipeSeparatedCompositeAttribute(
_('Use this to hide some menu entry to specific groups of users'),
'fdPluginsMenuBlacklist',
array(
new SelectAttribute(
'', _('Group or role'),
'blacklistGroup', TRUE,
array()
),
new SelectAttribute(
'', _('Plugin to blacklist'),
'blacklistPlugin', TRUE,
array()
),
),
'',
_('Plugin menu blacklist')
),
// no order
FALSE,
array()
)
)
),
'hooks' => array(
......@@ -425,6 +448,7 @@ class configInLdap extends simplePlugin
function __construct ($dn = NULL, $object = NULL, $parent = NULL, $mainTab = FALSE, $attributesInfo = NULL)
{
global $config;
$attributesInfo = static::getAttributesInfo();
/* Languages */
$languages = get_languages(TRUE);
......@@ -438,6 +462,42 @@ class configInLdap extends simplePlugin
$methods = $methods['name'];
$attributesInfo['password']['attrs'][0]->setChoices($methods);
$groupsAndRoles = array_merge(
array_map(
function ($group)
{
return sprintf(_('Group %s'), $group);
},
objects::ls('ogroup')
),
array_map(
function ($role)
{
return sprintf(_('Role %s'), $role);
},
objects::ls('role')
)
);
$attributesInfo['miscellaneous']['attrs'][3]->attribute->attributes[0]->setChoices(
array_keys($groupsAndRoles),
array_values($groupsAndRoles)
);
$menuPlugins = array();
$plist = session::global_get('plist');
foreach ($config->data['SECTIONS'] as $section => $section_infos) {
foreach ($config->data['MENU'][$section] as $info) {
if (isset($info['CLASS'])) {
list ($plHeadline, , , ) = $plist->get_infos($info['CLASS']);
$menuPlugins[$info['CLASS']] = $plHeadline;
}
}
}
asort($menuPlugins);
$attributesInfo['miscellaneous']['attrs'][3]->attribute->attributes[1]->setChoices(
array_keys($menuPlugins),
array_values($menuPlugins)
);
try {
parent::__construct($dn, $object, $parent, $mainTab, $attributesInfo);
} catch (NonExistingLdapNodeException $e) {
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment