File horde-finer-grained-admin-privileges.patch of Package horde3
Index: admin/alarms.php
===================================================================
--- admin/alarms.php.orig
+++ admin/alarms.php
@@ -16,7 +16,7 @@ require_once 'Horde/Alarm.php';
require_once 'Horde/Form.php';
require_once 'Horde/Variables.php';
-if (!Auth::isAdmin()) {
+if (!Auth::isAdmin() && !$GLOBALS['perms']->hasPermission('horde:administration:admin_alarms', Auth::getAuth(), true)) {
Horde::fatal('Forbidden.', __FILE__, __LINE__);
}
Index: admin/cmdshell.php
===================================================================
--- admin/cmdshell.php.orig
+++ admin/cmdshell.php
@@ -13,7 +13,7 @@
@define('HORDE_BASE', dirname(__FILE__) . '/..');
require_once HORDE_BASE . '/lib/base.php';
-if (!Auth::isAdmin()) {
+if ((!Auth::isAdmin()) && (!$GLOBALS['perms']->hasPermission('horde:administration:admin_cmdshell', Auth::getAuth(), true))) {
Horde::fatal('Forbidden.', __FILE__, __LINE__);
}
Index: admin/datatree.php
===================================================================
--- admin/datatree.php.orig
+++ admin/datatree.php
@@ -33,7 +33,7 @@ require_once HORDE_BASE . '/lib/base.php
require_once 'Horde/Tree.php';
require_once 'Horde/DataTree.php';
-if (!Auth::isAdmin()) {
+if ((!Auth::isAdmin()) && (!$GLOBALS['perms']->hasPermission('horde:administration:admin_datatree', Auth::getAuth(), true))) {
Horde::fatal('Forbidden.', __FILE__, __LINE__);
}
Index: admin/groups.php
===================================================================
--- admin/groups.php.orig
+++ admin/groups.php
@@ -15,7 +15,7 @@ require_once HORDE_BASE . '/lib/base.php
require_once 'Horde/Group.php';
require_once 'Horde/Tree.php';
-if (!Auth::isAdmin()) {
+if ((!Auth::isAdmin()) && (!$GLOBALS['perms']->hasPermission('horde:administration:admin_groups', Auth::getAuth(), true))) {
Horde::fatal('Forbidden.', __FILE__, __LINE__);
}
Index: admin/perms/addchild.php
===================================================================
--- admin/perms/addchild.php.orig
+++ admin/perms/addchild.php
@@ -14,7 +14,7 @@
@define('HORDE_BASE', dirname(__FILE__) . '/../..');
require_once HORDE_BASE . '/lib/base.php';
-if (!Auth::isAdmin()) {
+if ((!Auth::isAdmin()) && (!$GLOBALS['perms']->hasPermission('horde:administration:admin_perms', Auth::getAuth(), true))) {
Horde::fatal('Forbidden.', __FILE__, __LINE__);
}
Index: admin/perms/delete.php
===================================================================
--- admin/perms/delete.php.orig
+++ admin/perms/delete.php
@@ -14,7 +14,7 @@
@define('HORDE_BASE', dirname(__FILE__) . '/../..');
require_once HORDE_BASE . '/lib/base.php';
-if (!Auth::isAdmin()) {
+if ((!Auth::isAdmin()) && (!$GLOBALS['perms']->hasPermission('horde:administration:admin_perms', Auth::getAuth(), true))) {
Horde::fatal('Forbidden.', __FILE__, __LINE__);
}
Index: admin/perms/edit.php
===================================================================
--- admin/perms/edit.php.orig
+++ admin/perms/edit.php
@@ -14,7 +14,7 @@
@define('HORDE_BASE', dirname(__FILE__) . '/../..');
require_once HORDE_BASE . '/lib/base.php';
-if (!Auth::isAdmin()) {
+if ((!Auth::isAdmin()) && !$GLOBALS['perms']->hasPermission('horde:administration:admin_perms', Auth::getAuth(), true))) {
Horde::fatal('Forbidden.', __FILE__, __LINE__);
}
Index: admin/perms/index.php
===================================================================
--- admin/perms/index.php.orig
+++ admin/perms/index.php
@@ -14,7 +14,7 @@
@define('HORDE_BASE', dirname(__FILE__) . '/../..');
require_once HORDE_BASE . '/lib/base.php';
-if (!Auth::isAdmin()) {
+if ((!Auth::isAdmin()) && (!$GLOBALS['perms']->hasPermission('horde:administration:admin_perms', Auth::getAuth(), true))) {
Horde::fatal('Forbidden.', __FILE__, __LINE__);
}
Index: admin/phpshell.php
===================================================================
--- admin/phpshell.php.orig
+++ admin/phpshell.php
@@ -13,7 +13,7 @@
@define('HORDE_BASE', dirname(__FILE__) . '/..');
require_once HORDE_BASE . '/lib/base.php';
-if (!Auth::isAdmin()) {
+if ((!Auth::isAdmin()) && (!$GLOBALS['perms']->hasPermission('horde:administration:admin_phpshell', Auth::getAuth(), true))) {
Horde::fatal('Forbidden.', __FILE__, __LINE__);
}
Index: admin/sessions.php
===================================================================
--- admin/sessions.php.orig
+++ admin/sessions.php
@@ -14,7 +14,7 @@
require_once HORDE_BASE . '/lib/base.php';
require_once 'Horde/SessionHandler.php';
-if (!Auth::isAdmin()) {
+if ((!Auth::isAdmin() && (!$GLOBALS['perms']->hasPermission('horde:administration:admin_sessions', Auth::getAuth(), true))) {
Horde::fatal('Forbidden.', __FILE__, __LINE__);
}
Index: admin/setup/config.php
===================================================================
--- admin/setup/config.php.orig
+++ admin/setup/config.php
@@ -18,7 +18,7 @@ require_once 'Horde/Form/Renderer.php';
require_once 'Horde/Config.php';
require_once 'Horde/Variables.php';
-if (!Auth::isAdmin()) {
+if ((!Auth::isAdmin()) && (!$GLOBALS['perms']->hasPermission('horde:administration:admin_configuration', Auth::getAuth(), true))) {
Horde::fatal('Forbidden.', __FILE__, __LINE__);
}
Index: admin/setup/diff.php
===================================================================
--- admin/setup/diff.php.orig
+++ admin/setup/diff.php
@@ -19,7 +19,7 @@ require_once 'Horde/Template.php';
include_once 'Text/Diff.php';
include_once 'Text/Diff/Renderer.php';
-if (!Auth::isAdmin()) {
+if ((!Auth::isAdmin()) && (!$GLOBALS['perms']->hasPermission('horde:administration:admin_configuration', Auth::getAuth(), true))) {
Horde::fatal('Forbidden.', __FILE__, __LINE__);
}
Index: admin/setup/index.php
===================================================================
--- admin/setup/index.php.orig
+++ admin/setup/index.php
@@ -15,7 +15,7 @@ require_once HORDE_BASE . '/lib/base.php
require_once 'Horde/Template.php';
require_once 'Horde/Form/Renderer.php';
-if (!Auth::isAdmin()) {
+if ((!Auth::isAdmin()) && (!$GLOBALS['perms']->hasPermission('horde:administration:admin_configuration', Auth::getAuth(), true))) {
Horde::fatal('Forbidden.', __FILE__, __LINE__);
}
Index: admin/sqlshell.php
===================================================================
--- admin/sqlshell.php.orig
+++ admin/sqlshell.php
@@ -14,7 +14,7 @@
require_once HORDE_BASE . '/lib/base.php';
require_once 'DB.php';
-if (!Auth::isAdmin()) {
+if ((!Auth::isAdmin()) && (!$GLOBALS['perms']->hasPermission('horde:administration:admin_sqlshell', Auth::getAuth(), true))) {
Horde::fatal('Forbidden.', __FILE__, __LINE__);
}
Index: admin/user.php
===================================================================
--- admin/user.php.orig
+++ admin/user.php
@@ -17,9 +17,10 @@ require_once 'Horde/Variables.php';
require_once 'Horde/Form/Renderer.php';
require_once 'Horde/Variables.php';
-if (!Auth::isAdmin()) {
+if ((!Auth::isAdmin()) && (!$GLOBALS['perms']->hasPermission('horde:administration:admin_users', Auth::getAuth(), true))) {
Horde::fatal('Forbidden.', __FILE__, __LINE__);
}
+
$auth = &Auth::singleton($conf['auth']['driver']);
if ($conf['signup']['allow'] && $conf['signup']['approve']) {
Index: services/portal/sidebar.php
===================================================================
--- services/portal/sidebar.php.orig
+++ services/portal/sidebar.php
@@ -113,15 +113,13 @@ function buildMenu()
$menu[$app] = $params;
}
- // Add the administration menu if the user is an admin.
- if (Auth::isAdmin()) {
- $menu['administration'] = array('name' => _("Administration"),
- 'icon' => $registry->getImageDir() . '/administration.png',
- 'status' => 'heading');
-
- $list = $registry->callByPackage('horde', 'admin_list');
- if (!is_a($list, 'PEAR_Error')) {
- foreach ($list as $method => $vals) {
+ // determine which administration modules belong into the list of administration links
+ $list = $registry->callByPackage('horde', 'admin_list');
+ $count_links = 0;
+ if (!is_a($list, 'PEAR_Error')) {
+ foreach ($list as $method => $vals) {
+ if ((Auth::isAdmin()) || ($GLOBALS['perms']->hasPermission('horde:administration:admin_' . $method, Auth::getAuth(), true))) {
+ $count_links++;
$name = Horde::stripAccessKey($vals['name']);
$icon = isset($vals['icon']) ? $registry->getImageDir() . '/' . $vals['icon'] : $registry->get('icon');
@@ -135,6 +133,13 @@ function buildMenu()
}
}
}
+ // only show administration heading when there are links to display (implies isAdmin or user has some admin privilege
+ if ($count_links) {
+ $menu['administration'] = array('name' => _("Administration"),
+ 'icon' => $registry->getImageDir() . '/administration.png',
+ 'status' => 'heading');
+ }
+
if (Horde::showService('options') &&
$conf['prefs']['driver'] != '' && $conf['prefs']['driver'] != 'none') {
Index: templates/admin/menu.inc
===================================================================
--- templates/admin/menu.inc.orig
+++ templates/admin/menu.inc
@@ -4,9 +4,11 @@
$menu = new Menu(HORDE_MENU_MASK_NONE);
$list = $registry->callByPackage('horde', 'admin_list');
if (!is_a($list, 'PEAR_Error')) {
- foreach ($list as $vals) {
- $img = isset($vals['icon']) ? $registry->getImageDir() . '/' . $vals['icon'] : $registry->get('icon');
- $menu->add(Horde::url($registry->applicationWebPath($vals['link'])), $vals['name'], $img, '');
+ foreach ($list as $key => $vals) {
+ if ((Auth::isAdmin()) || ($GLOBALS['perms']->hasPermission('horde:administration:admin_' . $key, Auth::getAuth(), true))) {
+ $img = isset($vals['icon']) ? $registry->getImageDir() . '/' . $vals['icon'] : $registry->get('icon');
+ $menu->add(Horde::url($registry->applicationWebPath($vals['link'])), $vals['name'], $img, '');
+ }
}
}
echo $menu->render();
