Browse Source

[UPDATE] admin user access

experimental
Georgi Hristov 2 years ago
parent
commit
222e9b2c34
4 changed files with 78 additions and 57 deletions
  1. +3
    -10
      modules/Base/Admin/AdminCommon_0.php
  2. +59
    -12
      modules/Base/User/Administrator/AdministratorCommon_0.php
  3. +1
    -1
      modules/CRM/Contacts/ContactsCommon_0.php
  4. +15
    -34
      modules/CRM/Contacts/Contacts_0.php

+ 3
- 10
modules/Base/Admin/AdminCommon_0.php View File

@@ -36,7 +36,7 @@ class Base_AdminCommon extends ModuleCommon {
}
public static function get_access($module, $section='', $force_check=false) {
if (!$force_check && Base_AclCommon::i_am_sa()) return true;
if (!$force_check && Acl::i_am_sa()) return true;
static $cache = array();
if (!isset($cache[$module])) {
$cache[$module] = array();
@@ -47,21 +47,14 @@ class Base_AdminCommon extends ModuleCommon {
if ($raws==false) {
$defaults[''] = $raws;
} else {
$defaults[''] = 1;
if (is_array($raws))
foreach ($raws as $s=>$v) {
if (isset($v['default']))
$defaults[$s] = $v['default'];
else
$defaults[$s] = 0;
$defaults[$s] = $v['default']?? 0;
}
}
}
foreach($defaults as $s=>$v)
if (isset($ret[$s]))
$cache[$module][$s] = $ret[$s];
else
$cache[$module][$s] = $v;
$cache[$module][$s] = $ret[$s]?? $v;
}
return $cache[$module][$section];
}


+ 59
- 12
modules/Base/User/Administrator/AdministratorCommon_0.php View File

@@ -14,29 +14,76 @@ defined("_VALID_ACCESS") || die('Direct access forbidden');

class Base_User_AdministratorCommon extends Base_AdminModuleCommon {
public static function user_settings() {
if(Base_AclCommon::i_am_user()) return array(__('Account')=>'body');
return array();
return Acl::i_am_user() ? [
__('Account') => 'body'
]: [];
}
public static function admin_caption() {
return array('label'=>__('Manage users'), 'section'=>__('User Management'));
return [
'label' => __('Manage users'),
'section' => __('User Management')
];
}
public static function admin_access() {
return DEMO_MODE?false:true;
return !DEMO_MODE;
}

public static function admin_access_levels() {
return array(
'log_as_user' => array('label' => __('Allow admin to login as user'), 'default' => 1),
'log_as_admin' => array('label' => __('Allow admin to login as other admin'), 'default' => 0),
'manage_ban' => array('label' => __('Allow admin to manage ban options and autologin'), 'default' => 0)
);
}
return [
'log_as_user' => [
'label' => __('Allow admin to login as user'),
'default' => 1
],
'log_as_admin' => [
'label' => __('Allow admin to login as other admin'),
'default' => 0
],
'manage_ban' => [
'label' => __('Allow admin to manage ban options and autologin'),
'default' => 0
]
];
}
public static function menu() {
if (!Base_AclCommon::check_permission('Advanced User Settings'))
return array(_M('My settings')=>array('__weight__'=>10,'__submenu__'=>1,_M('Change password')=>array()));
if (! Acl::check_permission('Advanced User Settings')) return [
_M('My settings') => [
'__weight__' => 10,
'__submenu__' => 1,
_M('Change password') => []
]
];
}
public static function get_admin_access($level) {
if (!Acl::i_am_admin()) return false;
if (Acl::i_am_sa()) return true;
if (!in_array($level, array_keys(self::admin_access_levels()))) return false;
return Base_AdminCommon::get_access(Base_User_Administrator::class, $level);
}
public static function get_log_as_user_access($user) {
static $admin_levels = false;
static $my_level = false;
if (!Acl::i_am_admin()) return false;
if (Acl::i_am_sa()) return true;
if ($admin_levels === false)
$admin_levels = DB::GetAssoc('SELECT id, admin FROM user_login');
if ($my_level === false)
$my_level = $admin_levels[Acl::get_user()]?? 0;
$user_level = $admin_levels[$user]?? 0;
return $user_level == 0 && self::get_admin_access('log_as_user') || // contact is user and I can login as user
$user_level == 1 && self::get_admin_access('log_as_admin');
}
}
?>

+ 1
- 1
modules/CRM/Contacts/ContactsCommon_0.php View File

@@ -853,7 +853,7 @@ class CRM_ContactsCommon extends ModuleCommon {
if (!Base_AclCommon::i_am_admin()) return;
if ($mode=='view') {
if (!$default) return;
if(Base_AclCommon::i_am_sa()) {
if(Base_User_AdministratorCommon::get_log_as_user_access($default)) {
Base_ActionBarCommon::add('settings', __('Log as user'), Module::create_href(array('log_as_user'=>$default)));
if (isset($_REQUEST['log_as_user']) && $_REQUEST['log_as_user']==$default) {
Acl::set_user($default, true); //tag who is logged


+ 15
- 34
modules/CRM/Contacts/Contacts_0.php View File

@@ -119,47 +119,28 @@ class CRM_Contacts extends Module {

public function change_email_header() {
$adm = $this->init_module('Base_User_Administrator');
$back = $adm->is_back();
if ($back) {
Base_BoxCommon::pop_main();
return false;
if ($adm->is_back()) {
return Base_BoxCommon::pop_main();
}
$result = $this->display_module($adm, array(), 'change_email_header');
$this->display_module($adm, array(), 'change_email_header');
print('<span style="display:none;">'.microtime(true).'</span>');
return true;
}
public function user_actions($r, $gb_row) {
static $admin_levels = false;
static $my_level = false;
if ($admin_levels === false)
$admin_levels = DB::GetAssoc('SELECT id,admin FROM user_login');
if ($my_level === false)
$my_level = isset($admin_levels[Base_AclCommon::get_user()])
? $admin_levels[Base_AclCommon::get_user()] : 0;

$mod = 'Base_User_Administrator';
$log_as_user = Base_AdminCommon::get_access($mod, 'log_as_user');
$log_as_admin = Base_AdminCommon::get_access($mod, 'log_as_admin');
public function user_actions($contact, $gb_row) {
if (!Base_User_AdministratorCommon::get_log_as_user_access($contact['login'])) return;
$user_level = isset($admin_levels[$r['login']]) ? $admin_levels[$r['login']] : 0;
// 2 is superadmin, 1 admin, 0 user
if ($my_level == 2 || // i am super admin or...
$my_level == 1 && // i am admin and...
($user_level == 0 && $log_as_user || // contact is user and I can login as user
$user_level == 1 && $log_as_admin)) { // contact is admin and I can login as admin
if (Base_UserCommon::is_active($r['login'])) {
$gb_row->add_action($this->create_callback_href(array($this, 'change_user_active_state'), array($r['login'], false)), 'Deactivate user', null, Base_ThemeCommon::get_template_file('Utils_GenericBrowser', 'active-on.png'));
$gb_row->add_action(Module::create_href(array('log_as_user' => $r['login'])), 'Log as user', null, Base_ThemeCommon::get_template_file('Utils_GenericBrowser', 'restore.png'));
// action!
if (isset($_REQUEST['log_as_user']) && $_REQUEST['log_as_user'] == $r['login']) {
Acl::set_user($r['login'], true);
Epesi::redirect();
return;
}
} else {
$gb_row->add_action($this->create_callback_href(array($this, 'change_user_active_state'), array($r['login'], true)), 'Activate user', null, Base_ThemeCommon::get_template_file('Utils_GenericBrowser', 'active-off.png'));
if (Base_UserCommon::is_active($contact['login'])) {
$gb_row->add_action($this->create_callback_href(array($this, 'change_user_active_state'), array($contact['login'], false)), __('Deactivate user'), null, Base_ThemeCommon::get_template_file('Utils_GenericBrowser', 'active-on.png'));
$gb_row->add_action(Module::create_href(array('log_as_user' => $contact['login'])), __('Log as user'), null, Base_ThemeCommon::get_template_file('Utils_GenericBrowser', 'restore.png'));
// action!
if (isset($_REQUEST['log_as_user']) && $_REQUEST['log_as_user'] == $contact['login']) {
Acl::set_user($contact['login'], true);
Epesi::redirect();
return;
}
} else {
$gb_row->add_action($this->create_callback_href(array($this, 'change_user_active_state'), array($contact['login'], true)), 'Activate user', null, Base_ThemeCommon::get_template_file('Utils_GenericBrowser', 'active-off.png'));
}
}
public function change_user_active_state($user, $state) {


Loading…
Cancel
Save