Drive/roundcubemail-plugins-kolab
0
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add option to define list of tasks to which an admin has access (#3444)

Browse source 
E.g. allow admins (using "Login as" feature) to see only user settings.
This commit is contained in:
Aleksander Machniak 2014-08-25 14:27:23 -04:00
parent 89f65253bd
commit fbaa3f865e
2 changed files with 49 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
plugins/kolab_auth/config.inc.php.dist
View file

@ -50,6 +50,11 @@ $config['kolab_auth_role_value'] = '';
// which adds privilege to login as another user. // which adds privilege to login as another user.
$config['kolab_auth_group'] = ''; $config['kolab_auth_group'] = '';
// List of tasks to which admin has access when logged in as another user.
// To limit usage to Settings only use: array('settings'). Default: array() - all tasks.
// When defined all non-authorized requests will be redirected to first task on the list.
$config['kolab_auth_allowed_tasks'] = array();
// Enable plugins on a role-by-role basis. In this example, the 'acl' plugin // Enable plugins on a role-by-role basis. In this example, the 'acl' plugin
// is enabled for people with a 'cn=professional-user,dc=mykolab,dc=ch' role. // is enabled for people with a 'cn=professional-user,dc=mykolab,dc=ch' role.
// //

44
plugins/kolab_auth/kolab_auth.php
View file

@ -83,8 +83,30 @@ class kolab_auth extends rcube_plugin
} }
} }
/**
* Startup hook handler
*/
public function startup($args) public function startup($args)
{ {
$rcmail = rcube::get_instance();
// Check access rights when logged in as another user
if (!empty($_SESSION['kolab_auth_admin']) && $rcmail->task != 'login' && $rcmail->task != 'logout') {
$tasks = $rcmail->config->get('kolab_auth_allowed_tasks');
// access to specified task is forbidden,
// redirect to the first task on the list
if (!empty($tasks)) {
if (!in_array($rcmail->task, (array) $tasks)) {
header('Location: ?_task=' . array_shift($tasks));
die;
}
// add script that will remove disabled taskbar buttons
$this->add_hook('render_page', array($this, 'render_page'));
}
}
// load per-user settings
$this->load_user_role_plugins_and_settings(); $this->load_user_role_plugins_and_settings();
return $args; return $args;
@ -633,6 +655,28 @@ class kolab_auth extends rcube_plugin
return $args; return $args;
} }
/**
* Action executed before the page is rendered to add an onload script
* that will remove all taskbar buttons for disabled tasks
*/
public function render_page($args)
{
$rcmail = rcube::get_instance();
$tasks = $rcmail->config->get('kolab_auth_allowed_tasks');
$tasks[] = 'logout';
// disable buttons in taskbar
$script = "
\$('a').filter(function() {
var ev = \$(this).attr('onclick');
return ev && ev.match(/'switch-task','([a-z]+)'/)
&& \$.inArray(RegExp.\$1, " . json_encode($tasks) . ") < 0;
}).remove();
";
$rcmail->output->add_script($script, 'docready');
}
/** /**
* Initializes LDAP object and connects to LDAP server * Initializes LDAP object and connects to LDAP server
*/ */