From 755f51082c9c9bf30fcb5cfc426c1f18eb0671a7 Mon Sep 17 00:00:00 2001 From: ingoj <120396930+ingoj@users.noreply.github.com> Date: Tue, 26 Mar 2024 15:41:20 +0100 Subject: [PATCH 1/9] Add function to check if access to config is allowed --- classes/class.ilUserDefaultsPlugin.php | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/classes/class.ilUserDefaultsPlugin.php b/classes/class.ilUserDefaultsPlugin.php index 422a3a4..f6d6ab9 100644 --- a/classes/class.ilUserDefaultsPlugin.php +++ b/classes/class.ilUserDefaultsPlugin.php @@ -174,7 +174,12 @@ public function getImagePath(string $imageName): string { return $this->getDirectory()."/templates/images/".$imageName; } - + public static function grantAccess():bool { + global $DIC; + // check if user is allowed to configure UserDefauts + // since major parts of the plugin assign roles to users the capability to assign roles in useradministration is checked + return ($DIC->rbac()->system()->checkAccess("edit_roleassignment",USER_FOLDER_ID); + } /** * @inheritDoc */ From 8bd95abe8a765feb23aa5d2d94044f41f7e8e8a2 Mon Sep 17 00:00:00 2001 From: ingoj <120396930+ingoj@users.noreply.github.com> Date: Tue, 26 Mar 2024 15:45:55 +0100 Subject: [PATCH 2/9] Change permission check to function in plugin --- classes/class.ilUserDefaultsConfigGUI.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/classes/class.ilUserDefaultsConfigGUI.php b/classes/class.ilUserDefaultsConfigGUI.php index 27e0139..4bfaa40 100644 --- a/classes/class.ilUserDefaultsConfigGUI.php +++ b/classes/class.ilUserDefaultsConfigGUI.php @@ -23,8 +23,8 @@ class ilUserDefaultsConfigGUI extends ilPluginConfigGUI { */ public function __construct() { global $DIC; - //is Admin? - if(in_array(2, $DIC->rbac()->review()->assignedGlobalRoles($DIC->user()->getId())) === false) { + //Access granted? + if(!ilUserDefaultsPlugin::grantAccess()) { echo "no Permission"; exit; }; From 33a0ed52a9b2d3984a9ed57e62c90a5c1692a0d3 Mon Sep 17 00:00:00 2001 From: ingoj <120396930+ingoj@users.noreply.github.com> Date: Tue, 26 Mar 2024 15:46:37 +0100 Subject: [PATCH 3/9] Improve error message if access not granted --- classes/class.ilUserDefaultsConfigGUI.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/classes/class.ilUserDefaultsConfigGUI.php b/classes/class.ilUserDefaultsConfigGUI.php index 4bfaa40..f497bdd 100644 --- a/classes/class.ilUserDefaultsConfigGUI.php +++ b/classes/class.ilUserDefaultsConfigGUI.php @@ -25,7 +25,7 @@ public function __construct() { global $DIC; //Access granted? if(!ilUserDefaultsPlugin::grantAccess()) { - echo "no Permission"; + echo "no Plugin Permission"; exit; }; From 9e4bae59665fb6ddefe17041de623fa2bd04284d Mon Sep 17 00:00:00 2001 From: ingoj <120396930+ingoj@users.noreply.github.com> Date: Tue, 26 Mar 2024 15:48:25 +0100 Subject: [PATCH 4/9] Update Access Check --- classes/UserSetting/class.UserSettingsGUI.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/classes/UserSetting/class.UserSettingsGUI.php b/classes/UserSetting/class.UserSettingsGUI.php index 8fb8a8a..2075845 100644 --- a/classes/UserSetting/class.UserSettingsGUI.php +++ b/classes/UserSetting/class.UserSettingsGUI.php @@ -55,9 +55,9 @@ class UserSettingsGUI public function __construct() { global $DIC; - //is Admin? - if(in_array(2, $DIC->rbac()->review()->assignedGlobalRoles($DIC->user()->getId())) === false) { - echo "no Permission"; + //is access granted + if(!ilUserDefaultsPlugin::grantAccess()) { + echo "no Settings Permission"; exit; }; @@ -445,4 +445,4 @@ protected function deleteMultiple(): void } $this->ctrl->redirect($this, self::CMD_INDEX); } -} \ No newline at end of file +} From a2adea4f4f1665eaec262b9697bea00b5cde3e49 Mon Sep 17 00:00:00 2001 From: ingoj <120396930+ingoj@users.noreply.github.com> Date: Tue, 26 Mar 2024 15:53:19 +0100 Subject: [PATCH 5/9] Update Access check --- classes/UserSearch/class.usrdefUserGUI.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/classes/UserSearch/class.usrdefUserGUI.php b/classes/UserSearch/class.usrdefUserGUI.php index 349cdce..841e4d6 100644 --- a/classes/UserSearch/class.usrdefUserGUI.php +++ b/classes/UserSearch/class.usrdefUserGUI.php @@ -32,9 +32,9 @@ class usrdefUserGUI public function __construct() { global $DIC; - //is Admin? - if(in_array(2, $DIC->rbac()->review()->assignedGlobalRoles($DIC->user()->getId())) === false) { - echo "no Permission"; + //Check Access + if(!ilUserDefaultsPlugin::grantAccess()) { + echo "no Search Permission"; exit; }; @@ -142,4 +142,4 @@ protected function selectUser(): void $this->tpl->setOnScreenMessage('success', $this->pl->txt('userdef_users_assigned', "", [count($usr_ids)]), true); $this->ctrl->redirect($this, self::CMD_INDEX); } -} \ No newline at end of file +} From 1db13af6b9a7b3f3b32d55d683a2b1e3c9ecf9e3 Mon Sep 17 00:00:00 2001 From: ingoj <120396930+ingoj@users.noreply.github.com> Date: Tue, 26 Mar 2024 15:57:20 +0100 Subject: [PATCH 6/9] Update Access Check --- classes/UDFCheck/class.UDFCheckGUI.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/classes/UDFCheck/class.UDFCheckGUI.php b/classes/UDFCheck/class.UDFCheckGUI.php index 6cfa23b..b76201b 100644 --- a/classes/UDFCheck/class.UDFCheckGUI.php +++ b/classes/UDFCheck/class.UDFCheckGUI.php @@ -40,9 +40,9 @@ class UDFCheckGUI { */ public function __construct(UserSettingsGUI|UDFCheckGUI $parent_gui) { global $DIC; - //is Admin? - if(in_array(2, $DIC->rbac()->review()->assignedGlobalRoles($DIC->user()->getId())) === false) { - echo "no Permission"; + //check Access + if(!ilUserDefaultsPlugin::grantAccess()) { + echo "no UDFCheck Permission"; exit; }; @@ -165,4 +165,4 @@ protected function getObject(): ?UDFCheck { return UDFCheck::getCheckById((int) filter_input(INPUT_GET, UDFCheckGUI::IDENTIFIER_CATEGORY), (int) filter_input(INPUT_GET, UDFCheckGUI::IDENTIFIER)); } -} \ No newline at end of file +} From 10a6ca8985cb6987b3f34bec1817484a37b80319 Mon Sep 17 00:00:00 2001 From: ingoj <120396930+ingoj@users.noreply.github.com> Date: Tue, 26 Mar 2024 16:31:31 +0100 Subject: [PATCH 7/9] Update class.ilUserDefaultsPlugin.php --- classes/class.ilUserDefaultsPlugin.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/classes/class.ilUserDefaultsPlugin.php b/classes/class.ilUserDefaultsPlugin.php index f6d6ab9..d0c5241 100644 --- a/classes/class.ilUserDefaultsPlugin.php +++ b/classes/class.ilUserDefaultsPlugin.php @@ -178,7 +178,7 @@ public static function grantAccess():bool { global $DIC; // check if user is allowed to configure UserDefauts // since major parts of the plugin assign roles to users the capability to assign roles in useradministration is checked - return ($DIC->rbac()->system()->checkAccess("edit_roleassignment",USER_FOLDER_ID); + return ($DIC->rbac()->system()->checkAccess("edit_roleassignment",USER_FOLDER_ID)); } /** * @inheritDoc From 54f7fd6927a2a7d38984c7cef3a519ff87c28165 Mon Sep 17 00:00:00 2001 From: ingoj <120396930+ingoj@users.noreply.github.com> Date: Tue, 26 Mar 2024 16:35:20 +0100 Subject: [PATCH 8/9] fix typo --- classes/class.ilUserDefaultsPlugin.php | 1 + 1 file changed, 1 insertion(+) diff --git a/classes/class.ilUserDefaultsPlugin.php b/classes/class.ilUserDefaultsPlugin.php index d0c5241..93f6315 100644 --- a/classes/class.ilUserDefaultsPlugin.php +++ b/classes/class.ilUserDefaultsPlugin.php @@ -178,6 +178,7 @@ public static function grantAccess():bool { global $DIC; // check if user is allowed to configure UserDefauts // since major parts of the plugin assign roles to users the capability to assign roles in useradministration is checked + // write would check if user can edit settings return ($DIC->rbac()->system()->checkAccess("edit_roleassignment",USER_FOLDER_ID)); } /** From 31ed43ecafb2f77b3c9da5655e14a66a082b8885 Mon Sep 17 00:00:00 2001 From: ingoj <120396930+ingoj@users.noreply.github.com> Date: Wed, 15 May 2024 15:13:48 +0200 Subject: [PATCH 9/9] fix permissions --- classes/class.ilUserDefaultsRestApiGUI.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/classes/class.ilUserDefaultsRestApiGUI.php b/classes/class.ilUserDefaultsRestApiGUI.php index df508e8..9c5beb0 100644 --- a/classes/class.ilUserDefaultsRestApiGUI.php +++ b/classes/class.ilUserDefaultsRestApiGUI.php @@ -36,8 +36,8 @@ public function __construct() { global $DIC; $this->ctrl = $DIC->ctrl(); - //is Admin? - if(in_array(2, $DIC->rbac()->review()->assignedGlobalRoles($DIC->user()->getId())) === false) { + // fix DH: Has permission + if (!ilUserDefaultsPlugin::grantAccess()) { echo "no Permission"; exit; }; @@ -115,4 +115,4 @@ public function executeCommand(): void echo json_encode($this->userDefaultsApi->studyProgrammes->findAll()); exit; } -} \ No newline at end of file +}