Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CRM-20743 - Check tag permissions in UI and BAO #10522

Merged
merged 3 commits into from
Jun 18, 2017
Merged

CRM-20743 - Check tag permissions in UI and BAO #10522

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
592dd7d
CRM-20743 - Check tag permissions in UI and BAO
colemanw Jun 17, 2017
b421c13
CRM-20743 - Check tag permissions in form layer
colemanw Jun 17, 2017
b8a1965
Remove stray semicolon
colemanw Jun 17, 2017
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 14 additions & 0 deletions CRM/Core/BAO/Tag.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -413,6 +413,20 @@ public static function add(&$params, $ids = array()) {
return NULL;
}

// Check permission to create or modify reserved tag
if (!empty($params['check_permissions']) && !CRM_Core_Permission::check('administer reserved tags')) {
if (!empty($params['is_reserved']) || ($id && CRM_Core_DAO::getFieldValue('CRM_Core_DAO_Tag', $id, 'is_reserved'))) {
throw new CRM_Core_Exception('Insufficient permission to administer reserved tag.');
}
}

// Check permission to create or modify tagset
if (!empty($params['check_permissions']) && !CRM_Core_Permission::check('administer Tagsets')) {
if (!empty($params['is_tagset']) || ($id && CRM_Core_DAO::getFieldValue('CRM_Core_DAO_Tag', $id, 'is_tagset'))) {
throw new CRM_Core_Exception('Insufficient permission to administer tagset.');
}
}

$tag = new CRM_Core_DAO_Tag();

// if parent id is set then inherit used for and is hidden properties
Expand Down
2 changes: 1 addition & 1 deletion CRM/Core/Permission.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -127,7 +127,7 @@ public static function check($permissions) {
foreach ($permission as $orPerm) {
if (self::check($orPerm)) {
//one of our 'or' permissions has succeeded - stop checking this permission
return TRUE;;
return TRUE;
}
}
//none of our our conditions was met
Expand Down
30 changes: 18 additions & 12 deletions CRM/Tag/Form/Edit.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -54,38 +54,47 @@ public function preProcess() {
* Build the form object.
*/
public function buildQuickForm() {
$bounceUrl = CRM_Utils_System::url('civicrm/tag');
if ($this->_action == CRM_Core_Action::DELETE) {
$url = CRM_Utils_System::url('civicrm/tag');
if (!$this->_id) {
$this->_id = explode(',', CRM_Utils_Request::retrieve('id', 'String'));
}
$this->_id = (array) $this->_id;
if (!$this->_id) {
CRM_Core_Error::statusBounce(ts("Unknown tag."), $url);
CRM_Core_Error::statusBounce(ts("Unknown tag."), $bounceUrl);
}
foreach ($this->_id as $id) {
if (!CRM_Utils_Rule::positiveInteger($id)) {
CRM_Core_Error::statusBounce(ts("Unknown tag."), $url);
CRM_Core_Error::statusBounce(ts("Unknown tag."), $bounceUrl);
}
if ($tag = CRM_Core_DAO::getFieldValue('CRM_Core_DAO_Tag', $id, 'name', 'parent_id')) {
CRM_Core_Error::statusBounce(ts("This tag cannot be deleted. You must delete all its child tags ('%1', etc) prior to deleting this tag.", array(1 => $tag)), $url);
CRM_Core_Error::statusBounce(ts("This tag cannot be deleted. You must delete all its child tags ('%1', etc) prior to deleting this tag.", array(1 => $tag)), $bounceUrl);
}
if (!CRM_Core_Permission::check('administer reserved tags') && CRM_Core_DAO::getFieldValue('CRM_Core_DAO_Tag', $id, 'is_reserved')) {
CRM_Core_Error::statusBounce(ts("You do not have sufficient permission to delete this reserved tag."), $url);
CRM_Core_Error::statusBounce(ts("You do not have sufficient permission to delete this reserved tag."), $bounceUrl);
}
}
if (count($this->_id) > 1) {
$this->assign('delName', ts('%1 tags', array(1 => count($this->_id))));
}
}
else {
$adminTagset = CRM_Core_Permission::check('administer Tagsets');
$adminReservedTags = CRM_Core_Permission::check('administer reserved tags');

$this->_isTagSet = CRM_Utils_Request::retrieve('tagset', 'Positive', $this);

if (!$this->_isTagSet && $this->_id &&
CRM_Core_DAO::getFieldValue('CRM_Core_DAO_Tag', $this->_id, 'is_tagset')
) {
$this->_isTagSet = TRUE;
}
if ($this->_isTagSet && !$adminTagset) {
CRM_Core_Error::statusBounce(ts("You do not have sufficient permission to edit this tagset."), $bounceUrl);
}
if ($this->_id && !$adminReservedTags && CRM_Core_DAO::getFieldValue('CRM_Core_DAO_Tag', $this->_id, 'is_reserved')) {
CRM_Core_Error::statusBounce(ts("You do not have sufficient permission to edit this reserved tag."), $bounceUrl);
}

if ($this->_id) {
$parentId = CRM_Core_DAO::getFieldValue('CRM_Core_DAO_Tag', $this->_id, 'parent_id');
Expand Down Expand Up @@ -133,16 +142,10 @@ public function buildQuickForm() {
$this->addSelect('used_for', array('multiple' => TRUE, 'option_url' => NULL));
}

$adminTagset = TRUE;
if (!CRM_Core_Permission::check('administer Tagsets')) {
$adminTagset = FALSE;
}
$this->assign('adminTagset', $adminTagset);

$adminReservedTags = TRUE;
if (!CRM_Core_Permission::check('administer reserved tags')) {
if (!$adminReservedTags) {
$isReserved->freeze();
$adminReservedTags = FALSE;
}
$this->assign('adminReservedTags', $adminReservedTags);
}
Expand All @@ -162,6 +165,9 @@ public function setDefaultValues() {
$params = array('id' => $cloneFrom);
CRM_Core_BAO_Tag::retrieve($params, $this->_values);
$this->_values['name'] .= ' (' . ts('copy') . ')';
if (!empty($this->_values['is_reserved']) && !CRM_Core_Permission::check('administer reserved tags')) {
$this->_values['is_reserved'] = 0;
}
$defaults = $this->_values;
}
if (empty($defaults['color'])) {
Expand Down
13 changes: 8 additions & 5 deletions templates/CRM/Tag/Page/Tag.tpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -389,6 +389,9 @@
div.tag-info input[type=color] {
cursor: pointer;
}
div.tag-info input[disabled] {
cursor: default;
}
div.tag-info .tdl {
font-weight: bold;
color: #999;
Expand Down Expand Up @@ -432,15 +435,15 @@
<script type="text/template" id="oneSelectedTpl">
<div class="crm-entity" data-entity="Tag" data-id="<%= id %>">
<h4>
<input type="color" value="<%= data.color %>" title="{ts}Select color{/ts}"/>
<span class="crm-editable" data-field="name"><%- text %></span>
<input type="color" value="<%= data.color %>" <% if (!data.is_reserved || adminReserved) {ldelim} %>title="{ts}Select color{/ts}" <% {rdelim} else {ldelim} %>disabled<% {rdelim} %> />
<span class="<% if (!data.is_reserved || adminReserved) {ldelim} %>crm-editable<% {rdelim} %>" data-field="name"><%- text %></span>
</h4>
<hr />
<div><span class="tdl">{ts}Description:{/ts}</span>
<span class="crm-editable" data-field="description"><%- data.description %></span>
<span class="<% if (!data.is_reserved || adminReserved) {ldelim} %>crm-editable<% {rdelim} %>" data-field="description"><%- data.description %></span>
</div>
<div><span class="tdl">{ts}Selectable:{/ts}</span>
<span class="crm-editable" data-field="is_selectable" data-type="select"><% if (data.is_selectable) {ldelim} %> {ts}Yes{/ts} <% {rdelim} else {ldelim} %> {ts}No{/ts} <% {rdelim} %></span>
<span class="<% if (!data.is_reserved || adminReserved) {ldelim} %>crm-editable<% {rdelim} %>" data-field="is_selectable" data-type="select"><% if (data.is_selectable) {ldelim} %> {ts}Yes{/ts} <% {rdelim} else {ldelim} %> {ts}No{/ts} <% {rdelim} %></span>
</div>
<div><span class="tdl">{ts}Reserved:{/ts}</span>
<span class="<% if (adminReserved) {ldelim} %>crm-editable<% {rdelim} %>" data-field="is_reserved" data-type="select"><% if (data.is_reserved) {ldelim} %> {ts}Yes{/ts} <% {rdelim} else {ldelim} %> {ts}No{/ts} <% {rdelim} %></span>
Expand All @@ -449,7 +452,7 @@
<div>
<span class="tdl">{ts}Used For:{/ts}</span>
{literal}
<span class="crm-editable-enabled used-for-toggle">
<span class="<% if (!data.is_reserved || adminReserved) { %>crm-editable-enabled used-for-toggle<% } %>">
<% if (!data.used_for.length) { %><i class="crm-i fa-pencil crm-editable-placeholder"></i><% } %>
<% _.forEach(data.used_for, function(key, i) { %><%- (i ? ', ' : '') + usedFor[key] %><% }) %>
</span>
Expand Down