Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
fusiondirectory
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
50
Issues
50
List
Boards
Labels
Service Desk
Milestones
Operations
Operations
Incidents
Packages & Registries
Packages & Registries
Container Registry
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
fusiondirectory
fusiondirectory
Commits
f3fb2d1a
Commit
f3fb2d1a
authored
Apr 06, 2017
by
Côme Chilliet
1
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Fixes
#5470
Added a blacklist system for plugins menu
parent
29ffe140
Changes
4
Hide whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
103 additions
and
13 deletions
+103
-13
contrib/openldap/core-fd-conf.schema
contrib/openldap/core-fd-conf.schema
+7
-0
include/class_pluglist.inc
include/class_pluglist.inc
+18
-13
include/class_userinfo.inc
include/class_userinfo.inc
+18
-0
plugins/config/class_configInLdap.inc
plugins/config/class_configInLdap.inc
+60
-0
No files found.
contrib/openldap/core-fd-conf.schema
View file @
f3fb2d1a
...
...
@@ -367,6 +367,12 @@ attributetype ( 1.3.6.1.4.1.38414.8.18.8 NAME 'fdDefaultShell'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE)
attributetype ( 1.3.6.1.4.1.38414.8.18.9 NAME 'fdPluginsMenuBlacklist'
DESC 'FusionDirectory - Blacklist as groupdn|plugin or roledn|plugin'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
# Plugins
attributetype ( 1.3.6.1.4.1.38414.8.19.1 NAME 'fdOGroupRDN'
...
...
@@ -548,6 +554,7 @@ objectclass ( 1.3.6.1.4.1.38414.8.2.1 NAME 'fusionDirectoryConf'
fdDisplayErrors $ fdLdapMaxQueryTime $ fdLdapStats $ fdDebugLevel $
fdEnableSnapshots $ fdSnapshotBase $
fdTabHook $ fdShells $ fdDefaultShell $ fdDisplayHookOutput $
fdPluginsMenuBlacklist $
fdAclTabOnObjects $ fdDepartmentCategories $
fdSslCaCertPath $ fdSslKeyPath $ fdSslCertPath $
fdCasActivated $ fdCasServerCaCertPath $ fdCasHost $ fdCasPort $ fdCasContext
...
...
include/class_pluglist.inc
View file @
f3fb2d1a
...
...
@@ -212,9 +212,20 @@ class pluglist {
*
* \return Boolean TRUE on success FALSE otherwise
*/
function
check_access
(
$
aclname
)
function
check_access
(
$
infos
)
{
global
$ui
;
if
(
isset
(
$infos
[
'CLASS'
])
&&
$ui
->
isBlacklisted
(
$infos
[
'CLASS'
]))
{
return
FALSE
;
}
if
(
!
isset
(
$infos
[
'ACL'
]))
{
return
FALSE
;
}
$aclname
=
$infos
[
'ACL'
];
if
(
isset
(
$this
->
silly_cache
[
$aclname
]))
{
return
$this
->
silly_cache
[
$aclname
];
}
...
...
@@ -320,18 +331,15 @@ class pluglist {
/* Parse sub-plugins */
foreach
(
$config
->
data
[
'MENU'
][
$section
]
as
$info
)
{
if
(
!
$this
->
check_access
(
$info
))
{
continue
;
}
if
(
isset
(
$info
[
'CLASS'
])
&&
plugin_available
(
$info
[
'CLASS'
]))
{
if
(
!
$this
->
check_access
(
$info
[
'ACL'
]))
{
continue
;
}
$index
=
$this
->
get_index
(
$info
[
'CLASS'
]);
$this
->
allowed_plugins
[
$index
]
=
$index
;
list
(
$plHeadline
,
$plDescription
,
$href
,
)
=
$this
->
get_infos
(
$info
[
'CLASS'
]);
$id
=
$info
[
'CLASS'
];
}
elseif
(
!
isset
(
$info
[
'CLASS'
]))
{
if
(
isset
(
$info
[
'ACL'
])
&&
!
$this
->
check_access
(
$info
[
'ACL'
]))
{
continue
;
}
$plHeadline
=
$info
[
'TITLE'
];
$plDescription
=
$info
[
'DESCRIPTION'
];
$href
=
$info
[
'LINK'
];
...
...
@@ -388,17 +396,14 @@ class pluglist {
$menu
.
=
$section_infos
[
'NAME'
]
.
"</h1>
\n
"
;
foreach
(
$config
->
data
[
'MENU'
][
$section
]
as
$info
)
{
if
(
!
$this
->
check_access
(
$info
))
{
continue
;
}
if
(
isset
(
$info
[
'CLASS'
])
&&
plugin_available
(
$info
[
'CLASS'
]))
{
if
(
!
$this
->
check_access
(
$info
[
'ACL'
]))
{
continue
;
}
/* Read information from class variable */
list
(
$plHeadline
,
$plDescription
,
$href
,
$plIcon
)
=
$this
->
get_infos
(
$info
[
'CLASS'
]);
$id
=
$info
[
'CLASS'
];
}
elseif
(
!
isset
(
$info
[
'CLASS'
]))
{
if
(
isset
(
$info
[
'ACL'
])
&&
!
$this
->
check_access
(
$info
[
'ACL'
]))
{
continue
;
}
$plHeadline
=
$info
[
'TITLE'
];
$plDescription
=
$info
[
'DESCRIPTION'
];
$href
=
$info
[
'LINK'
];
...
...
include/class_userinfo.inc
View file @
f3fb2d1a
...
...
@@ -966,5 +966,23 @@ class userinfo
}
return
(
$this
->
get_permissions
(
$config
->
current
[
'BASE'
],
'user/user'
)
==
'rwcdm'
);
}
/* \brief Test if a plugin is blacklisted for this user (does not show up in the menu)
*/
function
isBlacklisted
(
$plugin
)
{
global
$config
;
$blacklist
=
$config
->
get_cfg_value
(
'PluginsMenuBlacklist'
,
array
());
foreach
(
$blacklist
as
$item
)
{
list
(
$group
,
$p
)
=
explode
(
'|'
,
$item
,
2
);
if
(
$plugin
==
$p
)
{
if
(
in_array
(
$group
,
$this
->
groups
)
||
in_array
(
$group
,
$this
->
roles
))
{
return
TRUE
;
}
}
}
return
FALSE
;
}
}
?>
plugins/config/class_configInLdap.inc
View file @
f3fb2d1a
...
...
@@ -376,6 +376,29 @@ class configInLdap extends simplePlugin
),
array
()
),
new
OrderedArrayAttribute
(
new
PipeSeparatedCompositeAttribute
(
_
(
'Use this to hide some menu entry to specific groups of users'
),
'fdPluginsMenuBlacklist'
,
array
(
new
SelectAttribute
(
''
,
_
(
'Group or role'
),
'blacklistGroup'
,
TRUE
,
array
()
),
new
SelectAttribute
(
''
,
_
(
'Plugin to blacklist'
),
'blacklistPlugin'
,
TRUE
,
array
()
),
),
''
,
_
(
'Plugin menu blacklist'
)
),
// no order
FALSE
,
array
()
)
)
),
'hooks'
=>
array
(
...
...
@@ -425,6 +448,7 @@ class configInLdap extends simplePlugin
function
__construct
(
$dn
=
NULL
,
$object
=
NULL
,
$parent
=
NULL
,
$mainTab
=
FALSE
,
$attributesInfo
=
NULL
)
{
global
$config
;
$attributesInfo
=
static
::
getAttributesInfo
();
/* Languages */
$languages
=
get_languages
(
TRUE
);
...
...
@@ -438,6 +462,42 @@ class configInLdap extends simplePlugin
$methods
=
$methods
[
'name'
];
$attributesInfo
[
'password'
][
'attrs'
][
0
]
->
setChoices
(
$methods
);
$groupsAndRoles
=
array_merge
(
array_map
(
function
(
$group
)
{
return
sprintf
(
_
(
'Group %s'
),
$group
);
},
objects
::
ls
(
'ogroup'
)
),
array_map
(
function
(
$role
)
{
return
sprintf
(
_
(
'Role %s'
),
$role
);
},
objects
::
ls
(
'role'
)
)
);
$attributesInfo
[
'miscellaneous'
][
'attrs'
][
3
]
->
attribute
->
attributes
[
0
]
->
setChoices
(
array_keys
(
$groupsAndRoles
),
array_values
(
$groupsAndRoles
)
);
$menuPlugins
=
array
();
$plist
=
session
::
global_get
(
'plist'
);
foreach
(
$config
->
data
[
'SECTIONS'
]
as
$section
=>
$section_infos
)
{
foreach
(
$config
->
data
[
'MENU'
][
$section
]
as
$info
)
{
if
(
isset
(
$info
[
'CLASS'
]))
{
list
(
$plHeadline
,
,
,
)
=
$plist
->
get_infos
(
$info
[
'CLASS'
]);
$menuPlugins
[
$info
[
'CLASS'
]]
=
$plHeadline
;
}
}
}
asort
(
$menuPlugins
);
$attributesInfo
[
'miscellaneous'
][
'attrs'
][
3
]
->
attribute
->
attributes
[
1
]
->
setChoices
(
array_keys
(
$menuPlugins
),
array_values
(
$menuPlugins
)
);
try
{
parent
::
__construct
(
$dn
,
$object
,
$parent
,
$mainTab
,
$attributesInfo
);
}
catch
(
NonExistingLdapNodeException
$e
)
{
...
...
jbecot
@jbecot
mentioned in issue
#1746 (closed)
·
Sep 02, 2017
mentioned in issue
#1746 (closed)
mentioned in issue #1746
Toggle commit list
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment