Nemcio/Grav-Admin-Plugin
1
0
Fork 0
mirror of https://github.com/getgrav/grav-plugin-admin.git synced 2025-10-26 00:36:31 +02:00
Code Issues Packages Projects Releases Activity

Fixed ACL for Configuration tabs [#771]

Browse Source
This commit is contained in:
Matias Griese
2021-02-10 15:26:02 +02:00
parent 417d82769b
commit a8983a003d
7 changed files with 72 additions and 49 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@@ -14,6 +14,7 @@
* Fixed HTML Entities in titles [#2028](https://github.com/getgrav/grav-plugin-admin/issues/2028)
* Fixed deleting list field options completely, didn't save changes [#2056](https://github.com/getgrav/grav-plugin-admin/issues/2056)
* Fixed `onAdminAfterAddMedia` and `onAdminAfterDelMedia` events always pointing to the home page
* Fixed ACL for Configuration tabs [#771](https://github.com/getgrav/grav-plugin-admin/issues/771)
# v1.10.3
## 02/01/2021

3
admin.php
View File

@@ -858,6 +858,9 @@ class AdminPlugin extends Plugin
'authorize' => [
'admin.configuration.system',
'admin.configuration.site',
'admin.configuration.media',
'admin.configuration.security',
'admin.configuration.info',
'admin.super'],
'priority' => 9
];

49
classes/plugin/Admin.php
View File

@@ -246,23 +246,62 @@ class Admin
/**
* Return the found configuration blueprints
*
* @param bool $checkAccess
* @return array
*/
public static function configurations()
public static function configurations(bool $checkAccess = false): array
{
$configurations = [];
$grav = Grav::instance();
/** @var Admin $admin */
$admin = $grav['admin'];
/** @var UniformResourceIterator $iterator */
$iterator = Grav::instance()['locator']->getIterator('blueprints://config');
$iterator = $grav['locator']->getIterator('blueprints://config');
// Find all main level configuration files.
$configurations = [];
foreach ($iterator as $file) {
if ($file->isDir() || !preg_match('/^[^.].*.yaml$/', $file->getFilename())) {
continue;
}
$configurations[] = $file->getBasename('.yaml');
$name = $file->getBasename('.yaml');
// Check that blueprint exists and is not hidden.
$data = $admin->data('config/'. $name);
if (!is_callable([$data, 'blueprints'])) {
continue;
}
$blueprint = $data->blueprints();
if (!$blueprint) {
continue;
}
$test = $blueprint->toArray();
if (empty($test['form']['hidden']) && (!empty($test['form']['field']) || !empty($test['form']['fields']))) {
$configurations[$name] = true;
}
}
return $configurations;
// Remove scheduler and backups configs (they belong to the tools).
unset($configurations['scheduler'], $configurations['backups']);
// Sort configurations.
ksort($configurations);
$configurations = ['system' => true, 'site' => true] + $configurations + ['info' => true];
if ($checkAccess) {
// ACL checks.
foreach ($configurations as $name => $value) {
if (!$admin->authorize(['admin.configuration.' . $name, 'admin.super'])) {
unset($configurations[$name]);
}
}
}
return array_keys($configurations);
}
/**

3
languages/en.yaml
View File

@@ -1088,4 +1088,5 @@ PLUGIN_ADMIN:
RES_MAX_HEIGHT_HELP: "The maximum height allowed for an image to be added"
RESIZE_QUALITY: "Resize Quality"
RESIZE_QUALITY_HELP: "The quality to use when resizing an image. Between 0 and 1 value."
PIXELS: "pixels"
PIXELS: "pixels"
ACCESS_ADMIN_CONFIGURATION_SECURITY: "Manage Security Configuration"

4
pages/admin/config.md
View File

@@ -3,7 +3,5 @@ title: Config
expires: 0
access:
admin.configuration.system: true
admin.configuration.site: true
admin.super: true
admin.login: true
---

2
permissions.yaml
View File

@@ -24,6 +24,8 @@ actions:
label: PLUGIN_ADMIN.ACCESS_ADMIN_CONFIGURATION_SITE
media:
label: PLUGIN_ADMIN.ACCESS_ADMIN_CONFIGURATION_MEDIA
security:
label: PLUGIN_ADMIN.ACCESS_ADMIN_CONFIGURATION_SECURITY
info:
label: PLUGIN_ADMIN.ACCESS_ADMIN_CONFIGURATION_INFO
pages:

59
themes/grav/templates/config.html.twig
View File

@@ -1,18 +1,17 @@
{% extends 'partials/base.html.twig' %}
{% set configurations = admin.configurations(true) %}
{% set config_slug = uri.basename %}
{% if config_slug == 'config' %}
{% set config_slug = authorize(['admin.configuration.system', 'admin.super']) ? 'system' : 'site' %}
{% set config_slug = configurations|first %}
{% endif %}
{% set isInfo = (config_slug == 'info') %}
{% set tab_title_string = "PLUGIN_ADMIN." ~ config_slug|upper %}
{% set tab_title = (tab_title_string|tu == tab_title_string ? config_slug|capitalize : tab_title_string|tu) %}
{% set tab_title = (tab_title_string|tu == tab_title_string ? config_slug|capitalize : tab_title_string|tu) ?: 'Not Found' %}
{% set title = "PLUGIN_ADMIN.CONFIGURATION"|tu ~ ": " ~ tab_title %}
{% set config_ignores = ['scheduler', 'backups'] %}
{% if not isInfo %}
{% if config_slug and not isInfo %}
{% set data = admin.data('config/' ~ config_slug) %}
{% endif %}
@@ -36,49 +35,24 @@
{% endblock %}
{% block content_top %}
{% if data.file.filename %}
{% if authorize('admin.super') and data.file.filename %}
<div class="alert notice">{{ "PLUGIN_ADMIN.SAVE_LOCATION"|tu }}: <b>{{ data.file.filename|replace({(base_path):''}) }}</b></div>
{% endif %}
<div class="form-tabs">
<div class="tabs-nav">
{% if authorize(['admin.configuration.system', 'admin.super']) %}
<a {% if config_slug == 'system' %}class="active"{% endif %} href="{{ admin_route('/config/system') }}">
<span>{{ "PLUGIN_ADMIN.SYSTEM"|tu }}</span>
</a>
{% endif %}
{% if authorize(['admin.configuration.site', 'admin.super']) %}
<a {% if config_slug == 'site' %}class="active"{% endif %} href="{{ admin_route('/config/site') }}">
<span>{{ "PLUGIN_ADMIN.SITE"|tu }}</span>
</a>
{% endif %}
{% for configuration in admin.configurations if (configuration not in config_ignores) %}
{% if authorize(['admin.configuration.' ~ configuration, 'admin.configuration_' ~ configuration, 'admin.super']) %}
{% set current_blueprints = admin.data('config/' ~ configuration).blueprints.toArray() %}
{% if configuration != 'system' and configuration != 'site' and not current_blueprints.form.hidden and (current_blueprints.form.fields is not empty or current_blueprints.form.field is not empty) %}
<a {% if config_slug == configuration %}class="active"{% endif %} href="{{ admin_route('/config/' ~ configuration) }}">
{% set configuration_string = "PLUGIN_ADMIN." ~ configuration|upper %}
<span>{{ (configuration_string|tu == configuration_string ? configuration|capitalize : configuration_string|tu) }}</span>
</a>
{% endif %}
{% endif %}
{% for configuration in configurations %}
<a {% if config_slug == configuration %}class="active"{% endif %} href="{{ admin_route('/config/' ~ configuration) }}">
{% set configuration_string = "PLUGIN_ADMIN." ~ configuration|upper %}
<span>{{ (configuration_string|tu == configuration_string ? configuration|capitalize : configuration_string|tu) }}</span>
</a>
{% endfor %}
{% if authorize(['admin.configuration.info', 'admin.super']) %}
<a {% if config_slug == 'info' %}class="active"{% endif %} href="{{ admin_route('/config/info') }}">
<span>{{ "PLUGIN_ADMIN.INFO"|tu }}</span>
</a>
{% endif %}
</div>
</div>
{% endblock %}
{% block content %}
{% if authorize(['admin.configuration.' ~ config_slug, 'admin.configuration_' ~ config_slug, 'admin.super']) %}
{% if config_slug in configurations %}
{% if isInfo %}
<div id="phpinfo">
<div style="margin-left:1.5rem">
@@ -87,11 +61,16 @@
{{ admin.phpinfo|raw }}
</div>
{% else %}
<div class="config-wrapper-{{ config_slug }}">
<div class="config-wrapper-{{ config_slug }}">
{% include 'partials/blueprints.html.twig' with { blueprints: data.blueprints, data: data } %}
</div>
{% endif %}
{% include 'partials/modal-changes-detected.html.twig' %}
{% include 'partials/modal-changelog.html.twig' %}
{% else %}
{% do page.modifyHeader('http_response_code', 404) %}
<div class="config-wrapper">
<h2>Not found</h2>
</div>
{% endif %}
{% include 'partials/modal-changes-detected.html.twig' %}
{% include 'partials/modal-changelog.html.twig' %}
{% endblock %}