Moved from to new permission management.

This commit is contained in:
Martin Edenhofer 2016-08-12 18:39:09 +02:00
parent 1d8b44c9a6
commit 81b48a2ef4
181 changed files with 2668 additions and 1117 deletions

View file

@ -172,13 +172,6 @@ class App.Controller extends Spine.Controller
element.css('position', 'relative') element.css('position', 'relative')
shakeMe(element, position, 20) shakeMe(element, position, 20)
isRole: (name) ->
roles = @Session.get('roles')
return false if !roles
for role in roles
return true if role.name is name
return false
# get all params of the form # get all params of the form
formParam: (form) -> formParam: (form) ->
App.ControllerForm.params(form) App.ControllerForm.params(form)
@ -214,28 +207,50 @@ class App.Controller extends Spine.Controller
callback: data.callback callback: data.callback
) )
authenticate: (checkOnly = false, role) -> permissionCheckRedirect: (key, closeTab = false) ->
return true if @permissionCheck(key)
# role check
if role && !@isRole(role)
return false if checkOnly
@navigate '#login'
return false
# return true if session exists
return true if @Session.get()
# remember requested url # remember requested url
if !checkOnly location = window.location.hash
location = window.location.hash if location && location isnt '#login' && location isnt '#logout' && location isnt '#keyboard_shortcuts'
if location && location isnt '#login' && location isnt '#logout' && location isnt '#keyboard_shortcuts' App.Config.set('requested_url', location)
@Config.set('requested_url', location)
return false if checkOnly if closeTab
App.TaskManager.remove(@task_key)
# redirect to login # redirect to login
@navigate '#login' @navigate '#login'
return false
throw "No permission for #{key}"
false
permissionCheck: (key) ->
user_id = App.Session.get('id')
return false if !user_id
user = App.User.find(user_id)
return false if !user
user.permission(key)
authenticateCheckRedirect: ->
return true if @authenticateCheck()
# remember requested url
location = window.location.hash
if location && location isnt '#login' && location isnt '#logout' && location isnt '#keyboard_shortcuts'
@Config.set('requested_url', location)
# redirect to login
@navigate '#login'
throw 'No exsisting session'
false
authenticateCheck: ->
# return true if session exists
return true if @Session.get()
false
frontendTime: (timestamp, row = {}) -> frontendTime: (timestamp, row = {}) ->
if !row['subclass'] if !row['subclass']
@ -264,7 +279,7 @@ class App.Controller extends Spine.Controller
ticketPopups: (position = 'right') -> ticketPopups: (position = 'right') ->
# open ticket in new task if curent user agent # open ticket in new task if curent user agent
if @isRole('Agent') if @permissionCheck('ticket.agent')
@$('div.ticket-popover, span.ticket-popover').bind('click', (e) => @$('div.ticket-popover, span.ticket-popover').bind('click', (e) =>
id = $(e.target).data('id') id = $(e.target).data('id')
if id if id
@ -308,7 +323,7 @@ class App.Controller extends Spine.Controller
userPopups: (position = 'right') -> userPopups: (position = 'right') ->
# open user in new task if current user is agent # open user in new task if current user is agent
return if !@isRole('Agent') return if !@permissionCheck('ticket.agent')
@$('div.user-popover, span.user-popover').bind('click', (e) => @$('div.user-popover, span.user-popover').bind('click', (e) =>
id = $(e.target).data('id') id = $(e.target).data('id')
if id if id
@ -365,7 +380,7 @@ class App.Controller extends Spine.Controller
organizationPopups: (position = 'right') -> organizationPopups: (position = 'right') ->
# open org in new task if current user agent # open org in new task if current user agent
return if !@isRole('Agent') return if !@permissionCheck('ticket.agent')
@$('div.organization-popover, span.organization-popover').bind('click', (e) => @$('div.organization-popover, span.organization-popover').bind('click', (e) =>
id = $(e.target).data('id') id = $(e.target).data('id')
@ -626,12 +641,22 @@ class App.Controller extends Spine.Controller
class App.ControllerPermanent extends App.Controller class App.ControllerPermanent extends App.Controller
constructor: -> constructor: ->
super super
# check authentication
if @requiredPermission
@permissionCheckRedirect(@requiredPermission, true)
$('.content').addClass('hide') $('.content').addClass('hide')
@navShow() @navShow()
class App.ControllerContent extends App.Controller class App.ControllerContent extends App.Controller
constructor: -> constructor: ->
super super
# check authentication
if @requiredPermission
@permissionCheckRedirect(@requiredPermission)
$('.content').addClass('hide') $('.content').addClass('hide')
$('#content').removeClass('hide') $('#content').removeClass('hide')
@navShow() @navShow()
@ -667,7 +692,7 @@ class App.ControllerModal extends App.Controller
super super
if @authenticateRequired if @authenticateRequired
return if !@authenticate() return if !@authenticateCheckRedirect()
# rerender view, e. g. on langauge change # rerender view, e. g. on langauge change
@bind('ui:rerender', => @bind('ui:rerender', =>

View file

@ -313,11 +313,16 @@ class App.ControllerDrox extends App.Controller
class App.ControllerTabs extends App.Controller class App.ControllerTabs extends App.Controller
events: events:
'click .nav-tabs [data-toggle="tab"]': 'tabRemember', 'click .nav-tabs [data-toggle="tab"]': 'tabRemember'
constructor: -> constructor: ->
super super
# check authentication
if @requiredPermission
if !@permissionCheckRedirect(@requiredPermission)
throw "No permission for #{@requiredPermission}"
render: -> render: ->
@html App.view('generic/tabs')( @html App.view('generic/tabs')(
header: @header header: @header
@ -359,27 +364,24 @@ class App.ControllerNavSidbar extends App.ControllerContent
@navupdate '' @navupdate ''
if @authenticateRequired if @authenticateRequired
return if !@authenticate() @authenticateCheckRedirect()
@params = params @params = params
# get accessable groups # get accessable groups
roles = App.Session.get('roles') user = App.User.find(App.Session.get('id'))
groups = App.Config.get(@configKey) groups = App.Config.get(@configKey)
groupsUnsorted = [] groupsUnsorted = []
for key, item of groups for key, item of groups
if !item.controller if !item.controller
if !item.role if !item.permission
groupsUnsorted.push item groupsUnsorted.push item
else else
match = _.include(item.role, 'Anybody') match = false
if !match for permissionName in item.permission
for role in roles if !match && user.permission(permissionName)
if !match match = true
match = _.include(item.role, role.name) groupsUnsorted.push item
if match
groupsUnsorted.push item
@groupsSorted = _.sortBy(groupsUnsorted, (item) -> return item.prio) @groupsSorted = _.sortBy(groupsUnsorted, (item) -> return item.prio)
# get items of group # get items of group
@ -389,16 +391,14 @@ class App.ControllerNavSidbar extends App.ControllerContent
for key, item of items for key, item of items
if item.parent is group.target if item.parent is group.target
if item.controller if item.controller
if !item.role if !item.permission
itemsUnsorted.push item itemsUnsorted.push item
else else
match = _.include(item.role, 'Anybody') match = false
if !match for permissionName in item.permission
for role in roles if !match && user && user.permission(permissionName)
if !match match = true
match = _.include(item.role, role.name) itemsUnsorted.push item
if match
itemsUnsorted.push item
group.items = _.sortBy(itemsUnsorted, (item) -> return item.prio) group.items = _.sortBy(itemsUnsorted, (item) -> return item.prio)

View file

@ -1,4 +1,5 @@
class App.ChannelChat extends App.Controller class App.ChannelChat extends App.ControllerContent
requiredPermission: 'admin.channel_chat'
events: events:
'change .js-params': 'updateParams' 'change .js-params': 'updateParams'
'input .js-params': 'updateParams' 'input .js-params': 'updateParams'
@ -358,7 +359,7 @@ class App.ChannelChat extends App.Controller
@paramsBlock.each (i, block) -> @paramsBlock.each (i, block) ->
hljs.highlightBlock block hljs.highlightBlock block
App.Config.set( 'Chat', { prio: 4000, name: 'Chat', parent: '#channels', target: '#channels/chat', controller: App.ChannelChat, role: ['Admin'] }, 'NavBarAdmin' ) App.Config.set('Chat', { prio: 4000, name: 'Chat', parent: '#channels', target: '#channels/chat', controller: App.ChannelChat, permission: ['admin.chat'] }, 'NavBarAdmin')
class Topics extends App.Controller class Topics extends App.Controller
events: events:

View file

@ -1,4 +1,5 @@
class App.ChannelEmail extends App.ControllerTabs class App.ChannelEmail extends App.ControllerTabs
requiredPermission: 'admin.channel_email'
header: 'Email' header: 'Email'
constructor: -> constructor: ->
super super
@ -919,4 +920,4 @@ class App.ChannelEmailNotificationWizard extends App.WizardModal
@enable(e) @enable(e)
) )
App.Config.set( 'Email', { prio: 3000, name: 'Email', parent: '#channels', target: '#channels/email', controller: App.ChannelEmail, role: ['Admin'] }, 'NavBarAdmin' ) App.Config.set('Email', { prio: 3000, name: 'Email', parent: '#channels', target: '#channels/email', controller: App.ChannelEmail, permission: ['admin.channel_email'] }, 'NavBarAdmin')

View file

@ -1,4 +1,5 @@
class Index extends App.ControllerContent class Index extends App.ControllerContent
requiredPermission: 'admin.channel_facebook'
events: events:
'click .js-new': 'new' 'click .js-new': 'new'
'click .js-edit': 'edit' 'click .js-edit': 'edit'
@ -7,7 +8,6 @@ class Index extends App.ControllerContent
constructor: -> constructor: ->
super super
return if !@authenticate(false, 'Admin')
#@interval(@load, 60000) #@interval(@load, 60000)
@load() @load()
@ -193,4 +193,4 @@ class Index extends App.ControllerContent
container: @el.closest('.content') container: @el.closest('.content')
) )
App.Config.set('Facebook', { prio: 5100, name: 'Facebook', parent: '#channels', target: '#channels/facebook', controller: Index, role: ['Admin'] }, 'NavBarAdmin') App.Config.set('Facebook', { prio: 5100, name: 'Facebook', parent: '#channels', target: '#channels/facebook', controller: Index, permission: ['admin.channel_facebook'] }, 'NavBarAdmin')

View file

@ -1,5 +1,6 @@
# coffeelint: disable=no_unnecessary_double_quotes # coffeelint: disable=no_unnecessary_double_quotes
class App.ChannelForm extends App.Controller class App.ChannelForm extends App.ControllerContent
requiredPermission: 'admin.channel_form'
events: events:
'change form.js-params': 'updateParams' 'change form.js-params': 'updateParams'
'keyup form.js-params': 'updateParams' 'keyup form.js-params': 'updateParams'
@ -52,4 +53,4 @@ class App.ChannelForm extends App.Controller
value = @formSetting.prop('checked') value = @formSetting.prop('checked')
App.Setting.set('form_ticket_create', value) App.Setting.set('form_ticket_create', value)
App.Config.set( 'Form', { prio: 2000, name: 'Form', parent: '#channels', target: '#channels/form', controller: App.ChannelForm, role: ['Admin'] }, 'NavBarAdmin' ) App.Config.set('Form', { prio: 2000, name: 'Form', parent: '#channels', target: '#channels/form', controller: App.ChannelForm, permission: ['admin.formular'] }, 'NavBarAdmin')

View file

@ -1,4 +1,5 @@
class Index extends App.ControllerContent class Index extends App.ControllerContent
requiredPermission: 'admin.channel_twitter'
events: events:
'click .js-new': 'new' 'click .js-new': 'new'
'click .js-edit': 'edit' 'click .js-edit': 'edit'
@ -7,7 +8,6 @@ class Index extends App.ControllerContent
constructor: -> constructor: ->
super super
return if !@authenticate(false, 'Admin')
#@interval(@load, 60000) #@interval(@load, 60000)
@load() @load()
@ -227,4 +227,4 @@ class Index extends App.ControllerContent
container: @el.closest('.content') container: @el.closest('.content')
) )
App.Config.set('Twitter', { prio: 5000, name: 'Twitter', parent: '#channels', target: '#channels/twitter', controller: Index, role: ['Admin'] }, 'NavBarAdmin') App.Config.set('Twitter', { prio: 5000, name: 'Twitter', parent: '#channels', target: '#channels/twitter', controller: Index, permission: ['admin.channel_twitter'] }, 'NavBarAdmin')

View file

@ -1,4 +1,5 @@
class App.ChannelWeb extends App.ControllerTabs class App.ChannelWeb extends App.ControllerTabs
requiredPermission: 'admin.channel_web'
header: 'Web' header: 'Web'
constructor: -> constructor: ->
super super
@ -15,4 +16,4 @@ class App.ChannelWeb extends App.ControllerTabs
@render() @render()
App.Config.set( 'Web', { prio: 1000, name: 'Web', parent: '#channels', target: '#channels/web', controller: App.ChannelWeb, role: ['Admin'] }, 'NavBarAdmin' ) App.Config.set('Web', { prio: 1000, name: 'Web', parent: '#channels', target: '#channels/web', controller: App.ChannelWeb, permission: ['admin.channel_web'] }, 'NavBarAdmin')

View file

@ -8,12 +8,11 @@ App.Config.set('User', {
return item return item
target: '#current_user', target: '#current_user',
class: 'user' class: 'user'
role: [ 'Agent', 'Customer' ]
}, 'NavBarRight' ) }, 'NavBarRight' )
App.Config.set( 'Admin', { prio: 9000, parent: '', name: 'Admin', translate: true, target: '#manage', icon: 'cog', role: ['Admin'] }, 'NavBarRight' ) App.Config.set('Admin', { prio: 9000, parent: '', name: 'Admin', translate: true, target: '#manage', icon: 'cog', permission: ['admin.*'] }, 'NavBarRight')
App.Config.set( 'New', { prio: 20000, parent: '', name: 'New', translate: true, target: '#new', class: 'add' }, 'NavBarRight' ) App.Config.set('New', { prio: 20000, parent: '', name: 'New', translate: true, target: '#new', class: 'add' }, 'NavBarRight')
App.Config.set( 'Misc', { prio: 90000, parent: '', name: 'Tools', translate: true, target: '#tools', child: true, class: 'tools' }, 'NavBar' ) App.Config.set('Misc', { prio: 90000, parent: '', name: 'Tools', translate: true, target: '#tools', child: true, class: 'tools' }, 'NavBar')
# only for testing # only for testing
#App.Config.set( 'Misc1', { prio: 1600, parent: '#tools', name: 'Test 1', target: '#test1', role: [ 'Admin' ] }, 'NavBar' ) #App.Config.set('Misc1', { prio: 1600, parent: '#tools', name: 'Test 1', target: '#test1', permission: ['admin'] }, 'NavBar')
#App.Config.set( 'Misc2', { prio: 1700, parent: '#tools', name: 'Test 2', target: '#test2', role: [ 'Admin' ] }, 'NavBar' ) #App.Config.set('Misc2', { prio: 1700, parent: '#tools', name: 'Test 2', target: '#test2', permission: ['admin'] }, 'NavBar')

View file

@ -13,7 +13,6 @@ class App.ControllerIntegrationBase extends App.Controller
constructor: -> constructor: ->
super super
return if !@authenticate(false, 'Admin')
@title @featureName, true @title @featureName, true
@initalRender = true @initalRender = true

View file

@ -29,9 +29,6 @@ class Form extends App.Controller
constructor: -> constructor: ->
super super
# check authentication
return if !@authenticate()
@subscribeId = App.Setting.subscribe(@render, initFetch: true, clear: false) @subscribeId = App.Setting.subscribe(@render, initFetch: true, clear: false)
currentConfig: -> currentConfig: ->

View file

@ -28,10 +28,6 @@ class Form extends App.Controller
constructor: -> constructor: ->
super super
# check authentication
return if !@authenticate()
@subscribeId = App.Setting.subscribe(@render, initFetch: true, clear: false) @subscribeId = App.Setting.subscribe(@render, initFetch: true, clear: false)
currentConfig: -> currentConfig: ->

View file

@ -24,10 +24,10 @@ class Index extends App.ControllerIntegrationBase
configureAttributes = [ configureAttributes = [
{ name: 'types', display: 'Trigger', tag: 'checkbox', options: options, 'null': false, class: 'vertical', note: 'Where notification is sent.' }, { name: 'types', display: 'Trigger', tag: 'checkbox', options: options, 'null': false, class: 'vertical', note: 'Where notification is sent.' },
{ name: 'group_id', display: 'Group', tag: 'select', relation: 'Group', multiple: true, 'null': false, note: 'Only for this groups.' }, { name: 'group_id', display: 'Group', tag: 'select', relation: 'Group', multiple: true, 'null': false, note: 'Only for this groups.' },
{ name: 'webhook', display: 'Webhook', tag: 'input', type: 'url', limit: 200, 'null': false, placeholder: 'https://hooks.slack.com/services/...' }, { name: 'webhook', display: 'Webhook', tag: 'input', type: 'url', limit: 200, 'null': false, placeholder: 'https://hooks.slack.com/services/...' },
{ name: 'username', display: 'Username', tag: 'input', type: 'text', limit: 100, 'null': false, placeholder: 'username' }, { name: 'username', display: 'Username', tag: 'input', type: 'text', limit: 100, 'null': false, placeholder: 'username' },
{ name: 'channel', display: 'Channel', tag: 'input', type: 'text', limit: 100, 'null': true, placeholder: '#channel' }, { name: 'channel', display: 'Channel', tag: 'input', type: 'text', limit: 100, 'null': true, placeholder: '#channel' },
{ name: 'icon_url', display: 'Icon Url', tag: 'input', type: 'url', limit: 200, 'null': true, placeholder: 'https://example.com/logo.png' }, { name: 'icon_url', display: 'Icon Url', tag: 'input', type: 'url', limit: 200, 'null': true, placeholder: 'https://example.com/logo.png' },
] ]
settings = [] settings = []

View file

@ -1,12 +1,13 @@
class Branding extends App.ControllerTabs class Branding extends App.ControllerTabs
requiredPermission: 'admin.branding'
header: 'Branding' header: 'Branding'
constructor: -> constructor: ->
super super
return if !@authenticate(false, 'Admin')
@title 'Branding', true @title 'Branding', true
@tabs = [ @tabs = [
{ name: 'Base', 'target': 'base', controller: App.SettingsArea, params: { area: 'System::Branding' } } { name: 'Base', 'target': 'base', controller: App.SettingsArea, params: { area: 'System::Branding' } }
] ]
@render() @render()
App.Config.set('SettingBranding', { prio: 1200, parent: '#settings', name: 'Branding', target: '#settings/branding', controller: Branding, role: ['Admin'] }, 'NavBarAdmin') App.Config.set('SettingBranding', { prio: 1200, parent: '#settings', name: 'Branding', target: '#settings/branding', controller: Branding, permission: ['admin.branding'] }, 'NavBarAdmin')

View file

@ -1,13 +0,0 @@
class Import extends App.ControllerTabs
header: 'Import'
constructor: ->
super
return if !@authenticate(false, 'Admin')
@title 'Import', true
@tabs = [
{ name: 'Base', 'target': 'base', controller: App.SettingsArea, params: { area: 'Import::Base' } }
{ name: 'OTRS', 'target': 'otrs', controller: App.SettingsArea, params: { area: 'Import::OTRS' } }
]
@render()
App.Config.set('SettingImport', { prio: 1800, parent: '#settings', name: 'Import', target: '#settings/import', controller: Import, role: ['Admin'] }, 'NavBarAdmin')

View file

@ -1,15 +1,17 @@
class Security extends App.ControllerTabs class Security extends App.ControllerTabs
requiredPermission: 'admin.security'
header: 'Security' header: 'Security'
constructor: -> constructor: ->
super super
return if !@authenticate(false, 'Admin')
@title 'Security', true @title 'Security', true
@tabs = [ @tabs = [
{ name: 'Base', 'target': 'base', controller: App.SettingsArea, params: { area: 'Security::Base' } } { name: 'Base', 'target': 'base', controller: App.SettingsArea, params: { area: 'Security::Base' } }
# { name: 'Authentication', 'target': 'auth', controller: App.SettingsArea, params: { area: 'Security::Authentication' } }
{ name: 'Password', 'target': 'password', controller: App.SettingsArea, params: { area: 'Security::Password' } } { name: 'Password', 'target': 'password', controller: App.SettingsArea, params: { area: 'Security::Password' } }
{ name: 'Third-Party Applications', 'target': 'third_party_auth', controller: App.SettingsArea, params: { area: 'Security::ThirdPartyAuthentication' } } #{ name: 'Authentication', 'target': 'auth', controller: App.SettingsArea, params: { area: 'Security::Authentication' } }
{ name: 'Third-Party Applications', 'target': 'third_party_auth', controller: App.SettingsThirdPartyAuthentication, params: { area: 'Security::ThirdPartyAuthentication' } }
] ]
@render() @render()
App.Config.set('SettingSecurity', { prio: 1600, parent: '#settings', name: 'Security', target: '#settings/security', controller: Security, role: ['Admin'] }, 'NavBarAdmin') App.Config.set('SettingSecurity', { prio: 1600, parent: '#settings', name: 'Security', target: '#settings/security', controller: Security, permission: ['admin.security'] }, 'NavBarAdmin')

View file

@ -1,8 +1,9 @@
class System extends App.ControllerTabs class System extends App.ControllerTabs
requiredPermission: 'admin.setting_system'
header: 'System' header: 'System'
constructor: -> constructor: ->
super super
return if !@authenticate(false, 'Admin')
@title 'System', true @title 'System', true
@tabs = [] @tabs = []
if !App.Config.get('system_online_service') if !App.Config.get('system_online_service')
@ -13,4 +14,4 @@ class System extends App.ControllerTabs
@tabs.push { name: 'Frontend', 'target': 'ui', controller: App.SettingsArea, params: { area: 'System::UI' } } @tabs.push { name: 'Frontend', 'target': 'ui', controller: App.SettingsArea, params: { area: 'System::UI' } }
@render() @render()
App.Config.set('SettingSystem', { prio: 1400, parent: '#settings', name: 'System', target: '#settings/system', controller: System, role: ['Admin'] }, 'NavBarAdmin') App.Config.set('SettingSystem', { prio: 1400, parent: '#settings', name: 'System', target: '#settings/system', controller: System, permission: ['admin.setting_system'] }, 'NavBarAdmin')

View file

@ -1,8 +1,9 @@
class Ticket extends App.ControllerTabs class Ticket extends App.ControllerTabs
requiredPermission: 'admin.ticket'
header: 'Ticket' header: 'Ticket'
constructor: -> constructor: ->
super super
return if !@authenticate(false, 'Admin')
@title 'Ticket', true @title 'Ticket', true
@tabs = [ @tabs = [
{ name: 'Base', 'target': 'base', controller: App.SettingsArea, params: { area: 'Ticket::Base' } } { name: 'Base', 'target': 'base', controller: App.SettingsArea, params: { area: 'Ticket::Base' } }
@ -10,4 +11,4 @@ class Ticket extends App.ControllerTabs
] ]
@render() @render()
App.Config.set('SettingTicket', { prio: 1700, parent: '#settings', name: 'Ticket', target: '#settings/ticket', controller: Ticket, role: ['Admin'] }, 'NavBarAdmin') App.Config.set('SettingTicket', { prio: 1700, parent: '#settings', name: 'Ticket', target: '#settings/ticket', controller: Ticket, permission: ['admin.ticket'] }, 'NavBarAdmin')

View file

@ -1,4 +1,5 @@
class Index extends App.Controller class Index extends App.ControllerContent
requiredPermission: 'user_preferences.avatar'
elements: elements:
'.js-upload': 'fileInput' '.js-upload': 'fileInput'
'.avatar-gallery': 'avatarGallery' '.avatar-gallery': 'avatarGallery'
@ -11,7 +12,6 @@ class Index extends App.Controller
constructor: -> constructor: ->
super super
return if !@authenticate()
@title 'Avatar', true @title 'Avatar', true
@avatars = [] @avatars = []
@loadAvatarList() @loadAvatarList()
@ -143,7 +143,7 @@ class Index extends App.Controller
reader.readAsDataURL(@) reader.readAsDataURL(@)
App.Config.set('Avatar', { prio: 1100, name: 'Avatar', parent: '#profile', target: '#profile/avatar', controller: Index }, 'NavBarProfile') App.Config.set('Avatar', { prio: 1100, name: 'Avatar', parent: '#profile', target: '#profile/avatar', controller: Index, permission: ['user_preferences.avatar'] }, 'NavBarProfile')
class ImageCropper extends App.ControllerModal class ImageCropper extends App.ControllerModal
buttonClose: true buttonClose: true

View file

@ -1,4 +1,5 @@
class CalendarSubscriptions extends App.Controller class CalendarSubscriptions extends App.ControllerContent
requiredPermission: 'user_preferences.calendar+ticket.agent'
elements: elements:
'input[type=checkbox]': 'options' 'input[type=checkbox]': 'options'
'output': 'output' 'output': 'output'
@ -10,7 +11,6 @@ class CalendarSubscriptions extends App.Controller
constructor: -> constructor: ->
super super
return if !@authenticate()
@title 'Calendar', true @title 'Calendar', true
@translationTable = @translationTable =
@ -91,4 +91,4 @@ class CalendarSubscriptions extends App.Controller
msg: App.i18n.translateContent(data.message) msg: App.i18n.translateContent(data.message)
) )
App.Config.set('CalendarSubscriptions', { prio: 3000, name: 'Calendar', parent: '#profile', target: '#profile/calendar_subscriptions', role: ['Agent'], controller: CalendarSubscriptions }, 'NavBarProfile') App.Config.set('CalendarSubscriptions', { prio: 3000, name: 'Calendar', parent: '#profile', target: '#profile/calendar_subscriptions', permission: ['user_preferences.calendar+ticket.agent'], controller: CalendarSubscriptions }, 'NavBarProfile')

View file

@ -1,12 +1,11 @@
class Index extends App.Controller class Index extends App.ControllerContent
requiredPermission: 'user_preferences.device'
events: events:
'click [data-type=delete]': 'delete' 'click [data-type=delete]': 'delete'
constructor: -> constructor: ->
super super
return if !@authenticate()
@title 'Devices', true @title 'Devices', true
@load() @load()
@interval( @interval(
=> =>
@ -56,4 +55,4 @@ class Index extends App.Controller
msg: App.i18n.translateContent(data.message) msg: App.i18n.translateContent(data.message)
) )
App.Config.set('Devices', { prio: 3100, name: 'Devices', parent: '#profile', target: '#profile/devices', controller: Index }, 'NavBarProfile') App.Config.set('Devices', { prio: 3100, name: 'Devices', parent: '#profile', target: '#profile/devices', controller: Index, permission: ['user_preferences.device'] }, 'NavBarProfile')

View file

@ -1,10 +1,10 @@
class Index extends App.Controller class Index extends App.ControllerContent
requiredPermission: 'user_preferences.language'
events: events:
'submit form': 'update' 'submit form': 'update'
constructor: -> constructor: ->
super super
return if !@authenticate()
@title 'Language', true @title 'Language', true
@render() @render()
@ -40,7 +40,7 @@ class Index extends App.Controller
@ajax( @ajax(
id: 'preferences' id: 'preferences'
type: 'PUT' type: 'PUT'
url: @apiPath + '/users/preferences' url: "#{@apiPath}/users/preferences"
data: JSON.stringify({user:params}) data: JSON.stringify({user:params})
processData: true processData: true
success: @success success: @success
@ -69,4 +69,4 @@ class Index extends App.Controller
msg: App.i18n.translateContent(data.message) msg: App.i18n.translateContent(data.message)
) )
App.Config.set( 'Language', { prio: 1000, name: 'Language', parent: '#profile', target: '#profile/language', controller: Index }, 'NavBarProfile' ) App.Config.set('Language', { prio: 1000, name: 'Language', parent: '#profile', target: '#profile/language', controller: Index, permission: ['user_preferences.language'] }, 'NavBarProfile')

View file

@ -1,10 +1,10 @@
class Index extends App.Controller class Index extends App.ControllerContent
requiredPermission: 'user_preferences.linked_accounts'
events: events:
'click .js-remove': 'remove' 'click .js-remove': 'remove'
constructor: -> constructor: ->
super super
return if !@authenticate()
@title 'Linked Accounts', true @title 'Linked Accounts', true
@render() @render()
@ -78,4 +78,4 @@ class Index extends App.Controller
msg: App.i18n.translateContent(data.message) msg: App.i18n.translateContent(data.message)
) )
App.Config.set('LinkedAccounts', { prio: 4000, name: 'Linked Accounts', parent: '#profile', target: '#profile/linked', controller: Index }, 'NavBarProfile') App.Config.set('LinkedAccounts', { prio: 4000, name: 'Linked Accounts', parent: '#profile', target: '#profile/linked', controller: Index, permission: ['user_preferences.linked_accounts'] }, 'NavBarProfile')

View file

@ -1,4 +1,5 @@
class Index extends App.Controller class Index extends App.ControllerContent
requiredPermission: 'user_preferences.notifications+ticket.agent'
events: events:
'submit form': 'update' 'submit form': 'update'
'change .js-notificationSound': 'previewSound' 'change .js-notificationSound': 'previewSound'
@ -44,7 +45,6 @@ class Index extends App.Controller
constructor: -> constructor: ->
super super
return if !@authenticate(false, 'Agent')
@title 'Notifications', true @title 'Notifications', true
@render() @render()
@ -193,5 +193,4 @@ class Index extends App.Controller
return if !params.notification_sound.file return if !params.notification_sound.file
App.OnlineNotification.play(params.notification_sound.file) App.OnlineNotification.play(params.notification_sound.file)
App.Config.set('Notifications', { prio: 2600, name: 'Notifications', parent: '#profile', target: '#profile/notifications', permission: ['user_preferences.notifications+ticket.agent'], controller: Index }, 'NavBarProfile')
App.Config.set( 'Notifications', { prio: 2600, name: 'Notifications', parent: '#profile', target: '#profile/notifications', role: ['Agent'], controller: Index }, 'NavBarProfile' )

View file

@ -1,10 +1,10 @@
class Index extends App.Controller class Index extends App.ControllerContent
requiredPermission: 'user_preferences.password'
events: events:
'submit form': 'update' 'submit form': 'update'
constructor: -> constructor: ->
super super
return if !@authenticate()
@title 'Password', true @title 'Password', true
@render() @render()
@ -78,4 +78,4 @@ class Index extends App.Controller
removeAll: true removeAll: true
@formEnable( @$('form') ) @formEnable( @$('form') )
App.Config.set( 'Password', { prio: 2000, name: 'Password', parent: '#profile', target: '#profile/password', controller: Index }, 'NavBarProfile' ) App.Config.set('Password', { prio: 2000, name: 'Password', parent: '#profile', target: '#profile/password', controller: Index, permission: ['user_preferences.password'] }, 'NavBarProfile')

View file

@ -1,11 +1,11 @@
class Index extends App.Controller class Index extends App.ControllerContent
requiredPermission: 'user_preferences.access_token'
events: events:
'click [data-type=delete]': 'delete' 'click [data-type=delete]': 'delete'
'submit form.js-create': 'create' 'submit form.js-create': 'create'
constructor: -> constructor: ->
super super
return if !@authenticate()
@title 'Token Access', true @title 'Token Access', true
@load() @load()
@ -89,4 +89,4 @@ class Index extends App.Controller
msg: App.i18n.translateContent(data.message) msg: App.i18n.translateContent(data.message)
) )
App.Config.set('Token Access', { prio: 3200, name: 'Token Access', parent: '#profile', target: '#profile/token_access', controller: Index, role: [ 'Agent', 'Admin' ] }, 'NavBarProfile') App.Config.set('Token Access', { prio: 3200, name: 'Token Access', parent: '#profile', target: '#profile/token_access', controller: Index, permission: ['user_preferences.access_token'] }, 'NavBarProfile')

View file

@ -3,8 +3,7 @@ class App.SettingsArea extends App.Controller
super super
# check authentication # check authentication
return if !@authenticate() @authenticateCheckRedirect()
@subscribeId = App.Setting.subscribe(@render, initFetch: true, clear: false) @subscribeId = App.Setting.subscribe(@render, initFetch: true, clear: false)
render: => render: =>

View file

@ -6,7 +6,7 @@ class App.SettingsForm extends App.Controller
super super
# check authentication # check authentication
return if !@authenticate() @authenticateCheckRedirect()
@subscribeId = App.Setting.subscribe(@render, initFetch: true, clear: false) @subscribeId = App.Setting.subscribe(@render, initFetch: true, clear: false)

View file

@ -0,0 +1,40 @@
# coffeelint: disable=camel_case_classes
class App.UiElement.permission extends App.UiElement.ApplicationUiElement
@render: (attribute, params) ->
permissions = App.Permission.search(sortBy: 'name')
item = $( App.view('generic/permission')(
attribute: attribute
params: params
permissions: permissions
) )
# show/hide trees
item.find('[name=permission_ids]').bind('change', (e) ->
element = $(e.currentTarget)
checked = element.prop('checked')
permission_id = element.prop('value')
return if !permission_id
permission = App.Permission.find(permission_id)
return if !permission
if !permission.name.match(/\./)
# show/hide sub permissions
for localPermission in permissions
regexp = new RegExp("^#{permission.name}")
if localPermission.name.match(regexp)
localElement = item.find("[name=permission_ids][value=#{localPermission.id}]").closest('.js-subPermissionList')
if checked
localElement.addClass('hide')
else
localElement.removeClass('hide')
if checked && permission.preferences.not
for localPermission in permission.preferences.not
lookupPermission = App.Permission.findByAttribute('name', localPermission)
if lookupPermission
item.find("[name=permission_ids][value=#{lookupPermission.id}]").prop('checked', false)
)
item

View file

@ -3,6 +3,25 @@ class App.UiElement.user_permission
@render: (attribute, params = {}) -> @render: (attribute, params = {}) ->
attribute.options = {} attribute.options = {}
# take defaults users selected, select all groups
if _.isEmpty(params) && !_.isEmpty(attribute.value)
params.role_ids = attribute.value
selectAllGroups = false
for localRoleId in params.role_ids
role = App.Role.find(localRoleId)
if role
for permission_id in role.permission_ids
localPermission = App.Permission.find(permission_id)
if localPermission
if localPermission.name is 'ticket.agent'
selectAllGroups = true
break
if selectAllGroups
params.group_ids = []
groupsRaw = App.Group.search(sortBy: 'name')
for group in groupsRaw
params.group_ids.push group.id
# get selectable roles and selected roles # get selectable roles and selected roles
roles = [] roles = []
rolesSelected = {} rolesSelected = {}
@ -32,30 +51,14 @@ class App.UiElement.user_permission
if groups.length <= 1 if groups.length <= 1
hideGroups = true hideGroups = true
if attribute.hideMode # get roles with group plugin
if attribute.hideMode.rolesSelected rolesWithGroupPlugin = {}
roles = [] for role in rolesRaw
rolesSelected = {} if role.active
for roleName in attribute.hideMode.rolesSelected for permission_id in role.permission_ids
role = App.Role.findByAttribute('name', roleName) localPermission = App.Permission.find(permission_id)
if role if localPermission && localPermission.preferences && _.contains(localPermission.preferences.plugin, 'groups')
roles.push role rolesWithGroupPlugin[role.id] = 'group'
rolesSelected[role.id] = true
if attribute.hideMode.rolesNot
for roleRaw in rolesRaw
hit = false
for roleName in attribute.hideMode.rolesNot
if roleRaw.active && roleRaw.name is roleName
hit = true
if !hit
roles.push roleRaw
# if agent is on new users selected, select all groups
if _.isEmpty(attribute.value)
agentRole = App.Role.findByAttribute('name', 'Agent')
if rolesSelected[agentRole.id]
for group in groups
groupsSelected[group.id] = true
# uniq and sort roles # uniq and sort roles
roles = _.indexBy(roles, 'name') roles = _.indexBy(roles, 'name')
@ -71,19 +74,6 @@ class App.UiElement.user_permission
hideGroups: hideGroups hideGroups: hideGroups
) ) ) )
getCurrentRoles = ->
currentRoles = []
item.find('[name=role_ids]').each( ->
element = $(@)
checked = element.prop('checked')
return if !checked
role_id = element.prop('value')
role = App.Role.find(role_id)
return if !role
currentRoles.push role
)
currentRoles
# if customer, remove admin and agent # if customer, remove admin and agent
item.find('[name=role_ids]').bind('change', (e) -> item.find('[name=role_ids]').bind('change', (e) ->
element = $(e.currentTarget) element = $(e.currentTarget)
@ -92,34 +82,34 @@ class App.UiElement.user_permission
return if !role_id return if !role_id
role = App.Role.find(role_id) role = App.Role.find(role_id)
return if !role return if !role
triggers = []
# if agent got deselected # deselect conflicting roles
# - hide groups if checked
if role && role.preferences && role.preferences.not
for notRole in role.preferences.not
localRole = App.Role.findByAttribute('name', notRole)
if localRole
localElement = item.find("[name=role_ids][value=#{localRole.id}]")
if localElement.prop('checked')
if !confirm(App.i18n.translateInline('Role %s is conflicting with role %s, do you to continue?', role.name, localRole.name, localRole.name))
item.find("[name=role_ids][value=#{role_id}]").prop('checked', false)
return
item.find("[name=role_ids][value=#{localRole.id}]").prop('checked', false)
triggers.push item.find("[name=role_ids][value=#{localRole.id}]")
# if role with groups plugin is deselected, hide group selection
if !checked if !checked
if role.name is 'Agent' if rolesWithGroupPlugin[role_id] is 'group'
item.find('.js-groupList').addClass('hidden') item.find('.js-groupList').addClass('hidden')
return return
# if agent is selected # if role with groups plugin is selected, show group selection
# - show groups if rolesWithGroupPlugin[role_id] is 'group'
if role.name is 'Agent'
item.find('.js-groupList:not(.js-groupListHide)').removeClass('hidden') item.find('.js-groupList:not(.js-groupListHide)').removeClass('hidden')
# if role customer is selected for trigger in triggers
# - deselect agent & admin trigger.trigger('change')
# - hide groups
if role.name is 'Customer'
for currentRole in getCurrentRoles()
if currentRole.name is 'Admin' || currentRole.name is 'Agent'
item.find("[name=role_ids][value=#{currentRole.id}]").prop('checked', false)
item.find('.js-groupList').addClass('hidden')
# if role agent or admin is selected
# - deselect customer
else if role.name is 'Agent' || role.name is 'Admin'
for currentRole in getCurrentRoles()
if currentRole.name is 'Customer'
item.find("[name=role_ids][value=#{currentRole.id}]").prop('checked', false)
) )
item item

View file

@ -10,11 +10,6 @@ class App.TicketCreate extends App.Controller
constructor: (params) -> constructor: (params) ->
super super
# check authentication
if !@authenticate(false, 'Agent')
App.TaskManager.remove(@task_key)
return
# define default type # define default type
@default_type = 'phone-in' @default_type = 'phone-in'
@ -36,7 +31,7 @@ class App.TicketCreate extends App.Controller
# rerender view, e. g. on langauge change # rerender view, e. g. on langauge change
@bind 'ui:rerender', => @bind 'ui:rerender', =>
return if !@authenticate(true) return if !@authenticateCheck()
@render() @render()
release: => release: =>
@ -137,7 +132,10 @@ class App.TicketCreate extends App.Controller
autosaveStart: => autosaveStart: =>
if !@autosaveLast if !@autosaveLast
@autosaveLast = App.TaskManager.get(@task_key).state || {} state = App.TaskManager.get(@task_key)
if !state
state = {}
@autosaveLast = state || {}
update = => update = =>
data = @formParam(@$('.ticket-create')) data = @formParam(@$('.ticket-create'))
return if _.isEmpty(data) return if _.isEmpty(data)
@ -213,8 +211,8 @@ class App.TicketCreate extends App.Controller
@html App.view('agent_ticket_create')( @html App.view('agent_ticket_create')(
head: 'New Ticket' head: 'New Ticket'
agent: @isRole('Agent') agent: @permissionCheck('ticket.agent')
admin: @isRole('Admin') admin: @permissionCheck('admin')
form_id: @form_id form_id: @form_id
) )
@ -593,6 +591,7 @@ class Sidebar extends App.Controller
) )
class Router extends App.ControllerPermanent class Router extends App.ControllerPermanent
requiredPermission: 'ticket.agent'
constructor: (params) -> constructor: (params) ->
super super
@ -631,4 +630,4 @@ App.Config.set('ticket/create/:ticket_id/:article_id', Router, 'Routes')
App.Config.set('ticket/create/id/:id/:ticket_id/:article_id', Router, 'Routes') App.Config.set('ticket/create/id/:id/:ticket_id/:article_id', Router, 'Routes')
# set new actions # set new actions
App.Config.set('TicketCreate', { prio: 8003, parent: '#new', name: 'New Ticket', translate: true, target: '#ticket/create', role: ['Agent'], divider: true }, 'NavBarRight') App.Config.set('TicketCreate', { prio: 8003, parent: '#new', name: 'New Ticket', translate: true, target: '#ticket/create', permission: ['ticket.agent'], divider: true }, 'NavBarRight')

View file

@ -1,4 +1,5 @@
class Index extends App.ControllerContent class Index extends App.ControllerContent
requiredPermission: 'admin.calendar'
events: events:
'click .js-new': 'new' 'click .js-new': 'new'
'click .js-edit': 'edit' 'click .js-edit': 'edit'
@ -8,10 +9,6 @@ class Index extends App.ControllerContent
constructor: -> constructor: ->
super super
# check authentication
return if !@authenticate(false, 'Admin')
@subscribeId = App.Calendar.subscribe(@render) @subscribeId = App.Calendar.subscribe(@render)
callback = (data) => callback = (data) =>
@ -127,4 +124,4 @@ class Index extends App.ControllerContent
container: @el.closest('.content') container: @el.closest('.content')
) )
App.Config.set( 'Calendars', { prio: 2400, name: 'Calendars', parent: '#manage', target: '#manage/calendars', controller: Index, role: ['Admin'] }, 'NavBarAdmin' ) App.Config.set('Calendars', { prio: 2400, name: 'Calendars', parent: '#manage', target: '#manage/calendars', controller: Index, permission: ['admin.calendar'] }, 'NavBarAdmin')

View file

@ -61,7 +61,7 @@ class App.CustomerChat extends App.Controller
# rerender view, e. g. on langauge change # rerender view, e. g. on langauge change
@bind('ui:rerender chat:rerender', => @bind('ui:rerender chat:rerender', =>
return if !@authenticate(true) return if !@authenticateCheck()
for session_id, chat of @chatWindows for session_id, chat of @chatWindows
chat.el.remove() chat.el.remove()
@chatWindows = {} @chatWindows = {}
@ -90,7 +90,7 @@ class App.CustomerChat extends App.Controller
false false
render: -> render: ->
if !@isRole('Chat') if !@permissionCheck('chat.agent')
@renderScreenUnauthorized(objectName: 'Chat') @renderScreenUnauthorized(objectName: 'Chat')
return return
if !@Config.get('chat') if !@Config.get('chat')
@ -319,12 +319,10 @@ class App.CustomerChat extends App.Controller
@idleTimeoutId = undefined @idleTimeoutId = undefined
class CustomerChatRouter extends App.ControllerPermanent class CustomerChatRouter extends App.ControllerPermanent
requiredPermission: 'chat.agent'
constructor: (params) -> constructor: (params) ->
super super
# check authentication
return if !@authenticate(false, 'Chat')
App.TaskManager.execute( App.TaskManager.execute(
key: 'CustomerChat' key: 'CustomerChat'
controller: 'CustomerChat' controller: 'CustomerChat'
@ -771,6 +769,6 @@ class Setting extends App.ControllerModal
msg: App.i18n.translateContent(data.message) msg: App.i18n.translateContent(data.message)
) )
App.Config.set( 'customer_chat', CustomerChatRouter, 'Routes' ) App.Config.set('customer_chat', CustomerChatRouter, 'Routes')
App.Config.set( 'CustomerChat', { controller: 'CustomerChat', authentication: true }, 'permanentTask' ) App.Config.set('CustomerChat', { controller: 'CustomerChat', authentication: true }, 'permanentTask')
App.Config.set( 'CustomerChat', { prio: 1200, parent: '', name: 'Customer Chat', target: '#customer_chat', key: 'CustomerChat', shown: false, role: ['Chat'], class: 'chat' }, 'NavBar' ) App.Config.set('CustomerChat', { prio: 1200, parent: '', name: 'Customer Chat', target: '#customer_chat', key: 'CustomerChat', shown: false, permission: ['chat.agent'], class: 'chat' }, 'NavBar')

View file

@ -5,8 +5,6 @@ class App.CTI extends App.Controller
constructor: -> constructor: ->
super super
return if !@isRole('CTI')
@list = [] @list = []
@backends = [] @backends = []
@meta = @meta =
@ -84,11 +82,12 @@ class App.CTI extends App.Controller
title: title title: title
) )
featureActive: -> featureActive: =>
true return true if @Config.get('sipgate_integration')
false
render: -> render: ->
if !@isRole('CTI') if !@permissionCheck('cti.agent')
@renderScreenUnauthorized(objectName: 'CTI') @renderScreenUnauthorized(objectName: 'CTI')
return return
@ -100,7 +99,7 @@ class App.CTI extends App.Controller
if !backendEnabled if !backendEnabled
@html App.view('cti/not_configured')( @html App.view('cti/not_configured')(
backends: @backends backends: @backends
isAdmin: @isRole('Admin') isAdmin: @permissionCheck('admin.integration')
) )
@updateNavMenu() @updateNavMenu()
return return
@ -193,12 +192,10 @@ class App.CTI extends App.Controller
) )
class CTIRouter extends App.ControllerPermanent class CTIRouter extends App.ControllerPermanent
requiredPermission: 'cti.agent'
constructor: (params) -> constructor: (params) ->
super super
# check authentication
return if !@authenticate(false, 'CTI')
App.TaskManager.execute( App.TaskManager.execute(
key: 'CTI' key: 'CTI'
controller: 'CTI' controller: 'CTI'
@ -209,4 +206,4 @@ class CTIRouter extends App.ControllerPermanent
App.Config.set('cti', CTIRouter, 'Routes') App.Config.set('cti', CTIRouter, 'Routes')
App.Config.set('CTI', { controller: 'CTI', authentication: true }, 'permanentTask') App.Config.set('CTI', { controller: 'CTI', authentication: true }, 'permanentTask')
App.Config.set('CTI', { prio: 1300, parent: '', name: 'Phone', target: '#cti', key: 'CTI', shown: false, role: ['CTI'], class: 'phone' }, 'NavBar') App.Config.set('CTI', { prio: 1300, parent: '', name: 'Phone', target: '#cti', key: 'CTI', shown: false, permission: ['cti.agent'], class: 'phone' }, 'NavBar')

View file

@ -1,4 +1,5 @@
class Index extends App.ControllerContent class Index extends App.ControllerContent
requiredPermission: 'ticket.customer'
events: events:
'submit form': 'submit', 'submit form': 'submit',
'click .submit': 'submit', 'click .submit': 'submit',
@ -7,9 +8,6 @@ class Index extends App.ControllerContent
constructor: (params) -> constructor: (params) ->
super super
# check authentication
return if !@authenticate(false, 'Customer')
# set title # set title
@title 'New Ticket' @title 'New Ticket'
@form_id = App.ControllerForm.formId() @form_id = App.ControllerForm.formId()
@ -184,5 +182,5 @@ class Index extends App.ControllerContent
ui.formEnable(e) ui.formEnable(e)
) )
App.Config.set( 'customer_ticket_new', Index, 'Routes' ) App.Config.set('customer_ticket_new', Index, 'Routes')
App.Config.set( 'CustomerTicketNew', { prio: 8003, parent: '#new', name: 'New Ticket', translate: true, target: '#customer_ticket_new', role: ['Customer'], divider: true }, 'NavBarRight' ) App.Config.set('CustomerTicketNew', { prio: 8003, parent: '#new', name: 'New Ticket', translate: true, target: '#customer_ticket_new', permission: ['ticket.customer'], divider: true }, 'NavBarRight')

View file

@ -7,7 +7,7 @@ class App.Dashboard extends App.Controller
constructor: -> constructor: ->
super super
if @isRole('Customer') if @permissionCheck('ticket.customer')
@clueAccess = false @clueAccess = false
return return
@ -16,7 +16,7 @@ class App.Dashboard extends App.Controller
# rerender view, e. g. on language change # rerender view, e. g. on language change
@bind 'ui:rerender', => @bind 'ui:rerender', =>
return if !@authenticate(true) return if !@authenticateCheck()
@render() @render()
@mayBeClues() @mayBeClues()
@ -25,7 +25,7 @@ class App.Dashboard extends App.Controller
localEl = $( App.view('dashboard')( localEl = $( App.view('dashboard')(
head: 'Dashboard' head: 'Dashboard'
isAdmin: @isRole('Admin') isAdmin: @permissionCheck('admin')
) ) ) )
new App.DashboardStats( new App.DashboardStats(
@ -69,7 +69,7 @@ class App.Dashboard extends App.Controller
show: (params) => show: (params) =>
if @isRole('Customer') if @permissionCheck('ticket.customer')
@navigate '#', true @navigate '#', true
return return
@ -97,7 +97,7 @@ class DashboardRouter extends App.ControllerPermanent
super super
# check authentication # check authentication
return if !@authenticate() @authenticateCheckRedirect()
App.TaskManager.execute( App.TaskManager.execute(
key: 'Dashboard' key: 'Dashboard'
@ -108,5 +108,5 @@ class DashboardRouter extends App.ControllerPermanent
) )
App.Config.set('dashboard', DashboardRouter, 'Routes') App.Config.set('dashboard', DashboardRouter, 'Routes')
App.Config.set('Dashboard', { prio: 100, parent: '', name: 'Dashboard', target: '#dashboard', key: 'Dashboard', role: ['Agent'], class: 'dashboard' }, 'NavBar') App.Config.set('Dashboard', { prio: 100, parent: '', name: 'Dashboard', target: '#dashboard', key: 'Dashboard', permission: ['ticket.agent'], class: 'dashboard' }, 'NavBar')
App.Config.set('Dashboard', { controller: 'Dashboard', authentication: true }, 'permanentTask') App.Config.set('Dashboard', { controller: 'Dashboard', authentication: true }, 'permanentTask')

View file

@ -18,7 +18,7 @@ class DefaultRouter extends App.Controller
return return
# check role # check role
if @isRole('Customer') if @permissionCheck('ticket.customer')
@navigate '#ticket/view/my_tickets', true @navigate '#ticket/view/my_tickets', true
return return

View file

@ -1,14 +1,14 @@
class Index extends App.Controller class Index extends App.Controller
constructor: -> constructor: ->
super super
return if !@authenticate() @authenticateCheckRedirect()
@verifyCall() @verifyCall()
verifyCall: => verifyCall: =>
@ajax( @ajax(
id: 'email_verify' id: 'email_verify'
type: 'POST' type: 'POST'
url: @apiPath + '/users/email_verify' url: "#{@apiPath}/users/email_verify"
data: JSON.stringify(token: @token) data: JSON.stringify(token: @token)
processData: true processData: true
success: @success success: @success

View file

@ -2,7 +2,7 @@ class Index extends App.WizardFullScreen
constructor: -> constructor: ->
super super
if @authenticate(true, 'Admin') if !@permissionCheck('admin.wizard')
@navigate '#' @navigate '#'
return return
@ -63,7 +63,7 @@ class AutoWizard extends App.WizardFullScreen
super super
# if already logged in, got to # # if already logged in, got to #
if @authenticate(true, 'Admin') if !@permissionCheck('admin.wizard')
@navigate '#' @navigate '#'
return return
@ -139,7 +139,7 @@ class Admin extends App.WizardFullScreen
constructor: -> constructor: ->
super super
if @authenticate(true, 'Admin') if !@permissionCheck('admin.wizard')
@navigate '#' @navigate '#'
return return
@ -257,7 +257,7 @@ class Base extends App.WizardFullScreen
super super
# redirect if we are not admin # redirect if we are not admin
if !@authenticate(true, 'Admin') if !@permissionCheck('admin.wizard')
@navigate '#' @navigate '#'
return return
@ -389,7 +389,7 @@ class EmailNotification extends App.WizardFullScreen
super super
# redirect if we are not admin # redirect if we are not admin
if !@authenticate(true, 'Admin') if !@permissionCheck('admin.wizard')
@navigate '#' @navigate '#'
return return
@ -504,7 +504,7 @@ class Channel extends App.WizardFullScreen
super super
# redirect if we are not admin # redirect if we are not admin
if !@authenticate(true, 'Admin') if !@permissionCheck('admin.wizard')
@navigate '#' @navigate '#'
return return
@ -555,7 +555,7 @@ class ChannelEmailPreConfigured extends App.WizardFullScreen
super super
# redirect if we are not admin # redirect if we are not admin
if !@authenticate(true, 'Admin') if !@permissionCheck('admin.wizard')
@navigate '#' @navigate '#'
return return
@ -605,7 +605,7 @@ class ChannelEmail extends App.WizardFullScreen
super super
# redirect if we are not admin # redirect if we are not admin
if !@authenticate(true, 'Admin') if !@permissionCheck('admin.wizard')
@navigate '#' @navigate '#'
return return
@ -890,12 +890,10 @@ class Agent extends App.WizardFullScreen
constructor: -> constructor: ->
super super
@authenticateCheckRedirect()
return if !@authenticate()
# set title # set title
@title 'Invite Agents' @title 'Invite Agents'
@fetch() @fetch()
release: => release: =>
@ -986,12 +984,10 @@ App.Config.set('getting_started/agents', Agent, 'Routes')
class Channel extends App.WizardFullScreen class Channel extends App.WizardFullScreen
constructor: -> constructor: ->
super super
@authenticateCheckRedirect()
return if !@authenticate()
# set title # set title
@title 'Setup Finished' @title 'Setup Finished'
@render() @render()
release: => release: =>

View file

@ -1,10 +1,8 @@
class Index extends App.ControllerContent class Index extends App.ControllerContent
requiredPermission: 'admin.group'
constructor: -> constructor: ->
super super
# check authentication
return if !@authenticate(false, 'Admin')
new App.ControllerGenericIndex( new App.ControllerGenericIndex(
el: @el el: @el
id: @id id: @id
@ -19,9 +17,9 @@ class Index extends App.ControllerContent
'Groups are ...' 'Groups are ...'
] ]
buttons: [ buttons: [
{ name: 'New Group', 'data-type': 'new', class: 'btn--success' }, { name: 'New Group', 'data-type': 'new', class: 'btn--success' }
] ]
container: @el.closest('.content') container: @el.closest('.content')
) )
App.Config.set( 'Group', { prio: 1500, name: 'Groups', parent: '#manage', target: '#manage/groups', controller: Index, role: ['Admin'] }, 'NavBarAdmin' ) App.Config.set('Group', { prio: 1500, name: 'Groups', parent: '#manage', target: '#manage/groups', controller: Index, permission: ['admin.group'] }, 'NavBarAdmin')

View file

@ -1,10 +1,8 @@
class Index extends App.ControllerContent class Index extends App.ControllerContent
requiredPermission: 'admin.integration'
constructor: -> constructor: ->
super super
# check authentication
return if !@authenticate(false, 'Admin')
@title 'Integrations', true @title 'Integrations', true
@integrationItems = App.Config.get('NavBarIntegrations') @integrationItems = App.Config.get('NavBarIntegrations')
@ -38,4 +36,4 @@ class Index extends App.ControllerContent
if @subscribeId if @subscribeId
App.Setting.unsubscribe(@subscribeId) App.Setting.unsubscribe(@subscribeId)
App.Config.set('Integration', { prio: 1000, name: 'Integrations', parent: '#system', target: '#system/integration', controller: Index, role: ['Admin'] }, 'NavBarAdmin') App.Config.set('Integration', { prio: 1000, name: 'Integrations', parent: '#system', target: '#system/integration', controller: Index, permission: ['admin.integration'] }, 'NavBarAdmin')

View file

@ -1,10 +1,8 @@
class Index extends App.ControllerContent class Index extends App.ControllerContent
requiredPermission: 'admin.scheduler'
constructor: -> constructor: ->
super super
# check authentication
return if !@authenticate(false, 'Admin')
new App.ControllerGenericIndex( new App.ControllerGenericIndex(
el: @el el: @el
id: @id id: @id
@ -26,4 +24,4 @@ class Index extends App.ControllerContent
large: true large: true
) )
App.Config.set('Job', { prio: 3400, name: 'Scheduler', parent: '#manage', target: '#manage/job', controller: Index, role: ['Admin'] }, 'NavBarAdmin') App.Config.set('Job', { prio: 3400, name: 'Scheduler', parent: '#manage', target: '#manage/job', controller: Index, permission: ['admin.scheduler'] }, 'NavBarAdmin')

View file

@ -3,4 +3,4 @@ class Index
new App.KeyboardShortcutModal() new App.KeyboardShortcutModal()
App.Config.set('keyboard_shortcuts', Index, 'Routes') App.Config.set('keyboard_shortcuts', Index, 'Routes')
App.Config.set('KeyboardShortcuts', { prio: 1700, parent: '#current_user', name: 'Keyboard Shortcuts', translate: true, target: '#keyboard_shortcuts', role: [ 'Admin', 'Agent' ] }, 'NavBarRight') App.Config.set('KeyboardShortcuts', { prio: 1700, parent: '#current_user', name: 'Keyboard Shortcuts', translate: true, target: '#keyboard_shortcuts', permission: ['admin', 'ticket.agent'] }, 'NavBarRight')

View file

@ -1897,7 +1897,7 @@ class CustomerChatRef extends App.Controller
# super # super
# # check authentication # # check authentication
# return if !@authenticate() # @authenticateCheckRedirect()
# App.TaskManager.execute( # App.TaskManager.execute(
# key: 'CustomerChatRef' # key: 'CustomerChatRef'
@ -2226,7 +2226,5 @@ class ChatToTicketRef extends App.ControllerContent
y1: y1 y1: y1
y2: y1 + @attachments.outerHeight() y2: y1 + @attachments.outerHeight()
App.Config.set( 'layout_ref/chat_to_ticket', ChatToTicketRef, 'Routes' ) App.Config.set('layout_ref/chat_to_ticket', ChatToTicketRef, 'Routes')
App.Config.set('LayoutRef', { prio: 1600, parent: '#current_user', name: 'Layout Reference', translate: true, target: '#layout_ref', permission: [ 'admin' ] }, 'NavBarRight')
App.Config.set( 'LayoutRef', { prio: 1600, parent: '#current_user', name: 'Layout Reference', translate: true, target: '#layout_ref', role: [ 'Admin' ] }, 'NavBarRight' )

View file

@ -1,10 +1,8 @@
class Index extends App.ControllerContent class Index extends App.ControllerContent
requiredPermission: 'admin.macro'
constructor: -> constructor: ->
super super
# check authentication
return if !@authenticate(false, 'Admin')
new App.ControllerGenericIndex( new App.ControllerGenericIndex(
el: @el el: @el
id: @id id: @id
@ -24,4 +22,4 @@ class Index extends App.ControllerContent
container: @el.closest('.content') container: @el.closest('.content')
) )
App.Config.set( 'Macros', { prio: 2310, name: 'Macros', parent: '#manage', target: '#manage/macros', controller: Index, role: ['Admin'] }, 'NavBarAdmin' ) App.Config.set('Macros', { prio: 2310, name: 'Macros', parent: '#manage', target: '#manage/macros', controller: Index, permission: ['admin.macro'] }, 'NavBarAdmin')

View file

@ -1,4 +1,5 @@
class Index extends App.ControllerContent class Index extends App.ControllerContent
requiredPermission: 'admin.maintenance'
events: events:
'change .js-modeSetting input': 'setMode' 'change .js-modeSetting input': 'setMode'
'change .js-loginSetting input': 'setLogin' 'change .js-loginSetting input': 'setLogin'
@ -12,9 +13,6 @@ class Index extends App.ControllerContent
constructor: -> constructor: ->
super super
# check authentication
return if !@authenticate(false, 'Admin')
@title 'Maintenance', true @title 'Maintenance', true
@subscribeId = App.Setting.subscribe(@render, initFetch: true, clear: false) @subscribeId = App.Setting.subscribe(@render, initFetch: true, clear: false)
@ -76,4 +74,4 @@ class Index extends App.ControllerContent
removeAll: true removeAll: true
@render() @render()
App.Config.set('Maintenance', { prio: 3600, name: 'Maintenance', parent: '#system', target: '#system/maintenance', controller: Index, role: ['Admin'] }, 'NavBarAdmin') App.Config.set('Maintenance', { prio: 3600, name: 'Maintenance', parent: '#system', target: '#system/maintenance', controller: Index, permission: ['admin.maintenance'] }, 'NavBarAdmin')

View file

@ -72,7 +72,7 @@ class App.Navigation extends App.ControllerWidgetPermanent
@notificationWidget = undefined @notificationWidget = undefined
renderMenu: => renderMenu: =>
items = @getItems( navbar: @Config.get('NavBar') ) items = @getItems(navbar: @Config.get('NavBar'))
# apply counter and switch info from persistant controllers (if exists) # apply counter and switch info from persistant controllers (if exists)
activeTab = {} activeTab = {}
@ -124,7 +124,7 @@ class App.Navigation extends App.ControllerWidgetPermanent
renderPersonal: => renderPersonal: =>
@recentViewNavbarItemsRebuild() @recentViewNavbarItemsRebuild()
items = @getItems( navbar: @Config.get( 'NavBarRight' ) ) items = @getItems(navbar: @Config.get('NavBarRight'))
# get open tabs to repopen on rerender # get open tabs to repopen on rerender
open_tab = {} open_tab = {}
@ -305,7 +305,9 @@ class App.Navigation extends App.ControllerWidgetPermanent
level1 = [] level1 = []
dropdown = {} dropdown = {}
roles = App.Session.get('roles') user = undefined
if App.Session.get('id')
user = App.User.find(App.Session.get('id'))
for item in navbar for item in navbar
if typeof item.callback is 'function' if typeof item.callback is 'function'
@ -313,16 +315,12 @@ class App.Navigation extends App.ControllerWidgetPermanent
for key, value of data for key, value of data
item[key] = value item[key] = value
if !item.parent if !item.parent
match = 0 match = true
if !item.role if item.permission
match = 1 match = false
if !roles && item.role for permissionName in item.permission
match = _.include(item.role, 'Anybody') if !match && user && user.permission(permissionName)
if roles match = true
for role in roles
if !match
match = _.include(item.role, role.name)
if match if match
level1.push item level1.push item
@ -333,16 +331,12 @@ class App.Navigation extends App.ControllerWidgetPermanent
# find all childs and order # find all childs and order
for itemSub in navbar for itemSub in navbar
if itemSub.parent is item.parent if itemSub.parent is item.parent
match = 0 match = true
if !itemSub.role if itemSub.permission
match = 1 match = false
if !roles for permissionName in itemSub.permission
match = _.include(itemSub.role, 'Anybody') if !match && user && user.permission(permissionName)
if roles match = true
for role in roles
if !match
match = _.include(itemSub.role, role.name)
if match if match
dropdown[ item.parent ].push itemSub dropdown[ item.parent ].push itemSub

View file

@ -1,12 +1,10 @@
# coffeelint: disable=duplicate_key # coffeelint: disable=duplicate_key
class Index extends App.ControllerTabs class Index extends App.ControllerTabs
requiredPermission: 'admin.object'
header: 'Object Manager' header: 'Object Manager'
constructor: -> constructor: ->
super super
# check authentication
return if !@authenticate(false, 'Admin')
@title 'Objects', true @title 'Objects', true
# get data # get data
@ -44,10 +42,6 @@ class Items extends App.ControllerContent
constructor: -> constructor: ->
super super
# check authentication
return if !@authenticate()
@subscribeId = App.ObjectManagerAttribute.subscribe(@render) @subscribeId = App.ObjectManagerAttribute.subscribe(@render)
App.ObjectManagerAttribute.fetch() App.ObjectManagerAttribute.fetch()
@ -225,4 +219,4 @@ class Edit extends App.ControllerGenericEdit
ui.controller.showAlert(details.error_human || details.error || 'Unable to update object!') ui.controller.showAlert(details.error_human || details.error || 'Unable to update object!')
) )
App.Config.set( 'SystemObject', { prio: 1700, parent: '#system', name: 'Objects', target: '#system/object_manager', controller: Index, role: ['Admin'] }, 'NavBarAdmin' ) App.Config.set('SystemObject', { prio: 1700, parent: '#system', name: 'Objects', target: '#system/object_manager', controller: Index, permission: ['admin.object'] }, 'NavBarAdmin')

View file

@ -2,10 +2,7 @@ class App.OrganizationProfile extends App.Controller
constructor: (params) -> constructor: (params) ->
super super
# check authentication @authenticateCheckRedirect(true)
if !@authenticate()
App.TaskManager.remove(@task_key)
return
# fetch new data if needed # fetch new data if needed
App.Organization.full(@organization_id, @render) App.Organization.full(@organization_id, @render)
@ -194,6 +191,7 @@ class Member extends App.ObserverController
) )
class Router extends App.ControllerPermanent class Router extends App.ControllerPermanent
requiredPermission: 'ticket.agent'
constructor: (params) -> constructor: (params) ->
super super
@ -202,7 +200,7 @@ class Router extends App.ControllerPermanent
organization_id: params.organization_id organization_id: params.organization_id
App.TaskManager.execute( App.TaskManager.execute(
key: 'Organization-' + @organization_id key: "Organization-#{@organization_id}"
controller: 'OrganizationProfile' controller: 'OrganizationProfile'
params: clean_params params: clean_params
show: true show: true

View file

@ -1,10 +1,8 @@
class Index extends App.ControllerContent class Index extends App.ControllerContent
requiredPermission: 'admin.organization'
constructor: -> constructor: ->
super super
# check authentication
return if !@authenticate()
new App.ControllerGenericIndex( new App.ControllerGenericIndex(
el: @el el: @el
id: @id id: @id
@ -24,4 +22,4 @@ class Index extends App.ControllerContent
container: @el.closest('.content') container: @el.closest('.content')
) )
App.Config.set( 'Organization', { prio: 2000, name: 'Organizations', parent: '#manage', target: '#manage/organizations', controller: Index, role: ['Admin'] }, 'NavBarAdmin' ) App.Config.set('Organization', { prio: 2000, name: 'Organizations', parent: '#manage', target: '#manage/organizations', controller: Index, permission: ['admin.organization'] }, 'NavBarAdmin')

View file

@ -1,10 +1,8 @@
class Index extends App.ControllerContent class Index extends App.ControllerContent
requiredPermission: 'admin.overview'
constructor: -> constructor: ->
super super
# check authentication
return if !@authenticate(false, 'Admin')
new App.ControllerGenericIndex( new App.ControllerGenericIndex(
el: @el el: @el
id: @id id: @id
@ -38,4 +36,4 @@ class Index extends App.ControllerContent
overview.save() overview.save()
) )
App.Config.set( 'Overview', { prio: 2300, name: 'Overviews', parent: '#manage', target: '#manage/overviews', controller: Index, role: ['Admin'] }, 'NavBarAdmin' ) App.Config.set('Overview', { prio: 2300, name: 'Overviews', parent: '#manage', target: '#manage/overviews', controller: Index, permission: ['admin.overview'] }, 'NavBarAdmin')

View file

@ -1,15 +1,11 @@
class Index extends App.ControllerContent class Index extends App.ControllerContent
requiredPermission: 'admin.package'
events: events:
'click .action': 'action' 'click .action': 'action'
constructor: -> constructor: ->
super super
# check authentication
return if !@authenticate(false, 'Admin')
@title 'Packages', true @title 'Packages', true
@load() @load()
load: -> load: ->
@ -58,4 +54,4 @@ class Index extends App.ControllerContent
@load() @load()
) )
App.Config.set('Packages', { prio: 3600, name: 'Packages', parent: '#system', target: '#system/package', controller: Index, role: ['Admin'] }, 'NavBarAdmin') App.Config.set('Packages', { prio: 3600, name: 'Packages', parent: '#system', target: '#system/package', controller: Index, permission: ['admin.package'] }, 'NavBarAdmin')

View file

@ -13,9 +13,7 @@ class Index extends App.ControllerContent
return return
# if we are logged in, no passwort reset is wanted, redirect to app # if we are logged in, no passwort reset is wanted, redirect to app
if @authenticate(true) @authenticateCheckRedirect()
@navigate '#'
return
@navHide() @navHide()
@ -27,7 +25,7 @@ class Index extends App.ControllerContent
render: (params) -> render: (params) ->
configure_attributes = [ configure_attributes = [
{ name: 'username', display: 'Enter your username or email address', tag: 'input', type: 'text', limit: 100, null: false, class: 'input span4', }, { name: 'username', display: 'Enter your username or email address', tag: 'input', type: 'text', limit: 100, null: false, class: 'input span4' }
] ]
@html App.view('password/reset')(params) @html App.view('password/reset')(params)
@ -51,7 +49,7 @@ class Index extends App.ControllerContent
@ajax( @ajax(
id: 'password_reset' id: 'password_reset'
type: 'POST' type: 'POST'
url: @apiPath + '/users/password_reset' url: "#{@apiPath}/users/password_reset"
data: JSON.stringify(params) data: JSON.stringify(params)
processData: true processData: true
success: @success success: @success
@ -71,7 +69,7 @@ class Index extends App.ControllerContent
@$('[name=username]').val('') @$('[name=username]').val('')
@notify( @notify(
type: 'error' type: 'error'
msg: App.i18n.translateContent( 'Username or email address invalid, please try again.' ) msg: App.i18n.translateContent('Username or email address invalid, please try again.')
) )
@formEnable( @el.find('.form-password') ) @formEnable( @el.find('.form-password') )
@ -86,9 +84,7 @@ class Verify extends App.ControllerContent
super super
# if we are logged in, no passwort reset is wanted, redirect to app # if we are logged in, no passwort reset is wanted, redirect to app
if @authenticate(true) @authenticateCheckRedirect()
@navigate '#'
return
@navHide() @navHide()
@ -102,7 +98,7 @@ class Verify extends App.ControllerContent
@ajax( @ajax(
id: 'password_reset_verify' id: 'password_reset_verify'
type: 'POST' type: 'POST'
url: @apiPath + '/users/password_reset_verify' url: "#{@apiPath}/users/password_reset_verify"
data: JSON.stringify(params) data: JSON.stringify(params)
processData: true processData: true
success: @renderChange success: @renderChange
@ -111,7 +107,7 @@ class Verify extends App.ControllerContent
renderChange: (data) => renderChange: (data) =>
if data.message is 'ok' if data.message is 'ok'
configure_attributes = [ configure_attributes = [
{ name: 'password', display: 'Password', tag: 'input', type: 'password', limit: 100, null: false, class: 'input', }, { name: 'password', display: 'Password', tag: 'input', type: 'password', limit: 100, null: false, class: 'input' }
] ]
@html App.view('password/reset_change')() @html App.view('password/reset_change')()
@ -158,7 +154,7 @@ class Verify extends App.ControllerContent
@ajax( @ajax(
id: 'password_reset_verify' id: 'password_reset_verify'
type: 'POST' type: 'POST'
url: @apiPath + '/users/password_reset_verify' url: "#{@apiPath}/users/password_reset_verify"
data: JSON.stringify(params) data: JSON.stringify(params)
processData: true processData: true
success: @renderChanged success: @renderChanged

View file

@ -2,9 +2,8 @@ class Index extends App.ControllerNavSidbar
authenticateRequired: true authenticateRequired: true
configKey: 'NavBarProfile' configKey: 'NavBarProfile'
App.Config.set( 'profile', Index, 'Routes' ) App.Config.set('profile', Index, 'Routes')
App.Config.set( 'profile/:target', Index, 'Routes' ) App.Config.set('profile/:target', Index, 'Routes')
App.Config.set( 'Profile', { prio: 1000, name: 'Profile', target: '#profile' }, 'NavBarProfile' ) App.Config.set('Profile', { prio: 1000, name: 'Profile', target: '#profile' }, 'NavBarProfile')
App.Config.set('Profile', { prio: 1700, parent: '#current_user', name: 'Profile', target: '#profile', translate: true }, 'NavBarRight')
App.Config.set( 'Profile', { prio: 1700, parent: '#current_user', name: 'Profile', target: '#profile', translate: true, role: [ 'Agent', 'Customer' ] }, 'NavBarRight' )

View file

@ -1,17 +1,15 @@
class Index extends App.ControllerContent class Index extends App.ControllerContent
requiredPermission: 'report'
constructor: -> constructor: ->
super super
# check authentication
return if !@authenticate()
@title 'Reporting' @title 'Reporting'
@navupdate '#report' @navupdate '#report'
@startLoading() @startLoading()
@ajax( @ajax(
type: 'GET', type: 'GET'
url: @apiPath + '/reports/config', url: "#{@apiPath}/reports/config"
processData: true, processData: true
success: (data) => success: (data) =>
@stopLoading() @stopLoading()
@config = data.config @config = data.config
@ -131,7 +129,7 @@ class Graph extends App.ControllerContent
ui: @ui ui: @ui
) )
url = @apiPath + '/reports/generate' url = "#{@apiPath}/reports/generate"
interval = 5 * 60000 interval = 5 * 60000
if @params.timeRange is 'year' if @params.timeRange is 'year'
interval = 5 * 60000 interval = 5 * 60000
@ -519,4 +517,4 @@ class Sidebar extends App.Controller
@ui.storeParams() @ui.storeParams()
App.Config.set('report', Index, 'Routes') App.Config.set('report', Index, 'Routes')
App.Config.set('Reporting', { prio: 8000, parent: '', name: 'Reporing', translate: true, target: '#report', icon: 'report', role: ['Report'] }, 'NavBarRight') App.Config.set('Reporting', { prio: 8000, parent: '', name: 'Reporing', translate: true, target: '#report', icon: 'report', permission: ['report'] }, 'NavBarRight')

View file

@ -1,10 +1,8 @@
class Index extends App.ControllerContent class Index extends App.ControllerContent
requiredPermission: 'admin.report_profile'
constructor: -> constructor: ->
super super
# check authentication
return if !@authenticate()
new App.ControllerGenericIndex( new App.ControllerGenericIndex(
el: @el el: @el
id: @id id: @id
@ -24,4 +22,4 @@ class Index extends App.ControllerContent
container: @el.closest('.content') container: @el.closest('.content')
) )
App.Config.set( 'ReportProfile', { prio: 8000, name: 'Report Profiles', parent: '#manage', target: '#manage/report_profiles', controller: Index, role: ['Admin'] }, 'NavBarAdmin' ) App.Config.set('ReportProfile', { prio: 8000, name: 'Report Profiles', parent: '#manage', target: '#manage/report_profiles', controller: Index, permission: ['admin.report_profile'] }, 'NavBarAdmin')

View file

@ -14,9 +14,7 @@ class App.Search extends App.Controller
super super
# check authentication # check authentication
if !@authenticate(false) @authenticateCheckRedirect(true)
App.TaskManager.remove(@task_key)
return
current = App.TaskManager.get(@task_key).state current = App.TaskManager.get(@task_key).state
if current && current.query if current && current.query

View file

@ -1,15 +1,11 @@
class Index extends App.ControllerContent class Index extends App.ControllerContent
requiredPermission: 'admin.session'
events: events:
'click .js-delete': 'destroy' 'click .js-delete': 'destroy'
constructor: -> constructor: ->
super super
# check authentication
return if !@authenticate(false, 'Admin')
@title 'Sessions', true @title 'Sessions', true
@load() @load()
@interval( @interval(
=> =>
@ -23,7 +19,7 @@ class Index extends App.ControllerContent
@ajax( @ajax(
id: 'sessions' id: 'sessions'
type: 'GET' type: 'GET'
url: @apiPath + '/sessions' url: "#{@apiPath}/sessions"
success: (data) => success: (data) =>
@stopLoading() @stopLoading()
App.Collection.loadAssets(data.assets) App.Collection.loadAssets(data.assets)
@ -46,11 +42,11 @@ class Index extends App.ControllerContent
e.preventDefault() e.preventDefault()
sessionId = $(e.target ).closest('a').data('session-id') sessionId = $(e.target ).closest('a').data('session-id')
@ajax( @ajax(
id: 'sessions/' + sessionId id: "sessions/#{sessionId}"
type: 'DELETE' type: 'DELETE'
url: @apiPath + '/sessions/' + sessionId url: "#{@apiPath}/sessions/#{sessionId}"
success: (data) => success: (data) =>
@load() @load()
) )
App.Config.set('Session', { prio: 3800, name: 'Sessions', parent: '#system', target: '#system/sessions', controller: Index, role: ['Admin'] }, 'NavBarAdmin' ) App.Config.set('Session', { prio: 3800, name: 'Sessions', parent: '#system', target: '#system/sessions', controller: Index, permission: ['admin.session'] }, 'NavBarAdmin' )

View file

@ -1,4 +1,5 @@
class Index extends App.ControllerContent class Index extends App.ControllerContent
requiredPermission: 'admin.sla'
events: events:
'click .js-new': 'new' 'click .js-new': 'new'
'click .js-edit': 'edit' 'click .js-edit': 'edit'
@ -7,10 +8,6 @@ class Index extends App.ControllerContent
constructor: -> constructor: ->
super super
# check authentication
return if !@authenticate(false, 'Admin')
@subscribeCalendarId = App.Calendar.subscribe(@render) @subscribeCalendarId = App.Calendar.subscribe(@render)
@subscribeSlaId = App.Sla.subscribe(@render) @subscribeSlaId = App.Sla.subscribe(@render)
@ -114,4 +111,4 @@ class Index extends App.ControllerContent
"#{hours}:#{minutes}" "#{hours}:#{minutes}"
App.Config.set( 'Sla', { prio: 2900, name: 'SLAs', parent: '#manage', target: '#manage/slas', controller: Index, role: ['Admin'] }, 'NavBarAdmin' ) App.Config.set('Sla', { prio: 2900, name: 'SLAs', parent: '#manage', target: '#manage/slas', controller: Index, permission: ['admin.sla'] }, 'NavBarAdmin')

View file

@ -1,4 +1,5 @@
class Index extends App.ControllerContent class Index extends App.ControllerContent
requiredPermission: 'admin.tag'
events: events:
'change .js-newTagSetting input': 'setTagNew' 'change .js-newTagSetting input': 'setTagNew'
'submit .js-create': 'create' 'submit .js-create': 'create'
@ -8,12 +9,7 @@ class Index extends App.ControllerContent
constructor: -> constructor: ->
super super
# check authentication
return if !@authenticate(false, 'Admin')
@title 'Tags', true @title 'Tags', true
@subscribeId = App.Setting.subscribe(@render, initFetch: true, clear: false) @subscribeId = App.Setting.subscribe(@render, initFetch: true, clear: false)
release: => release: =>
@ -154,4 +150,4 @@ class DestroyConfirm extends App.ControllerModal
@close() @close()
) )
App.Config.set('Tags', { prio: 2320, name: 'Tags', parent: '#manage', target: '#manage/tags', controller: Index, role: ['Admin'] }, 'NavBarAdmin') App.Config.set('Tags', { prio: 2320, name: 'Tags', parent: '#manage', target: '#manage/tags', controller: Index, permission: ['admin.tag'] }, 'NavBarAdmin')

View file

@ -1,10 +1,8 @@
class Index extends App.ControllerContent class Index extends App.ControllerContent
requiredPermission: 'admin.text_module'
constructor: -> constructor: ->
super super
# check authentication
return if !@authenticate()
new App.ControllerGenericIndex( new App.ControllerGenericIndex(
el: @el el: @el
id: @id id: @id
@ -24,4 +22,4 @@ class Index extends App.ControllerContent
container: @el.closest('.content') container: @el.closest('.content')
) )
App.Config.set( 'TextModule', { prio: 2300, name: 'TextModules', parent: '#manage', target: '#manage/text_modules', controller: Index, role: ['Admin'] }, 'NavBarAdmin' ) App.Config.set('TextModule', { prio: 2300, name: 'TextModules', parent: '#manage', target: '#manage/text_modules', controller: Index, permission: ['admin.text_module'] }, 'NavBarAdmin')

View file

@ -132,7 +132,7 @@ class Navbar extends App.Controller
items = App.OverviewIndexCollection.get() items = App.OverviewIndexCollection.get()
@html App.view("agent_ticket_view/navbar#{ if @vertical then '_vertical' }") @html App.view("agent_ticket_view/navbar#{ if @vertical then '_vertical' }")
items: items items: items
isAgent: @isRole('Agent') isAgent: @permissionCheck('ticket.agent')
while @clone.width() > @tabsHolder.width() while @clone.width() > @tabsHolder.width()
@tabClone.not('.hide').last().addClass('hide') @tabClone.not('.hide').last().addClass('hide')
@ -203,7 +203,7 @@ class Table extends App.Controller
# rerender view, e. g. on langauge change # rerender view, e. g. on langauge change
@bind 'ui:rerender', => @bind 'ui:rerender', =>
return if !@authenticate(true) return if !@authenticateCheck()
@render(App.OverviewListCollection.get(@view)) @render(App.OverviewListCollection.get(@view))
release: => release: =>
@ -237,7 +237,7 @@ class Table extends App.Controller
ticket_list_show.push App.Ticket.fullLocal(ticket.id) ticket_list_show.push App.Ticket.fullLocal(ticket.id)
# if customer and no ticket exists, show the following message only # if customer and no ticket exists, show the following message only
if !ticket_list_show[0] && @isRole('Customer') if !ticket_list_show[0] && @permissionCheck('ticket.customer')
@html App.view('customer_not_ticket_exists')() @html App.view('customer_not_ticket_exists')()
return return
@ -249,9 +249,9 @@ class Table extends App.Controller
# render init page # render init page
checkbox = true checkbox = true
edit = false edit = false
if @isRole('Admin') if @permissionCheck('admin')
edit = true edit = true
if @isRole('Customer') if @permissionCheck('ticket.customer')
checkbox = false checkbox = false
edit = false edit = false
view_modes = [ view_modes = [
@ -266,7 +266,7 @@ class Table extends App.Controller
class: 'active' if @view_mode is 'm' class: 'active' if @view_mode is 'm'
} }
] ]
if @isRole('Customer') if @permissionCheck('ticket.customer')
view_modes = [] view_modes = []
html = App.view('agent_ticket_view/content')( html = App.view('agent_ticket_view/content')(
overview: @overview overview: @overview
@ -768,12 +768,11 @@ class App.OverviewSettings extends App.ControllerModal
) )
class TicketOverviewRouter extends App.ControllerPermanent class TicketOverviewRouter extends App.ControllerPermanent
requiredPermission: ['ticket.agent', 'ticket.customer']
constructor: (params) -> constructor: (params) ->
super super
# check authentication
return if !@authenticate()
# cleanup params # cleanup params
clean_params = clean_params =
view: params.view view: params.view
@ -789,4 +788,4 @@ class TicketOverviewRouter extends App.ControllerPermanent
App.Config.set('ticket/view', TicketOverviewRouter, 'Routes') App.Config.set('ticket/view', TicketOverviewRouter, 'Routes')
App.Config.set('ticket/view/:view', TicketOverviewRouter, 'Routes') App.Config.set('ticket/view/:view', TicketOverviewRouter, 'Routes')
App.Config.set('TicketOverview', { controller: 'TicketOverview', authentication: true }, 'permanentTask') App.Config.set('TicketOverview', { controller: 'TicketOverview', authentication: true }, 'permanentTask')
App.Config.set('TicketOverview', { prio: 1000, parent: '', name: 'Overviews', target: '#ticket/view', key: 'TicketOverview', role: ['Agent', 'Customer'], class: 'overviews' }, 'NavBar') App.Config.set('TicketOverview', { prio: 1000, parent: '', name: 'Overviews', target: '#ticket/view', key: 'TicketOverview', permission: ['ticket.agent', 'ticket.customer'], class: 'overviews' }, 'NavBar')

View file

@ -14,9 +14,7 @@ class App.TicketZoom extends App.Controller
super super
# check authentication # check authentication
if !@authenticate() @authenticateCheckRedirect(true)
App.TaskManager.remove(@task_key)
return
@formMeta = undefined @formMeta = undefined
@ticket_id = params.ticket_id @ticket_id = params.ticket_id
@ -344,7 +342,7 @@ class App.TicketZoom extends App.Controller
elLocal = $(App.view('ticket_zoom') elLocal = $(App.view('ticket_zoom')
ticket: @ticket ticket: @ticket
nav: @nav nav: @nav
isCustomer: @isRole('Customer') isCustomer: @permissionCheck('ticket.customer')
scrollbarWidth: App.Utils.getScrollBarWidth() scrollbarWidth: App.Utils.getScrollBarWidth()
) )
@ -523,7 +521,7 @@ class App.TicketZoom extends App.Controller
internal: 'true' internal: 'true'
in_reply_to: '' in_reply_to: ''
if @isRole('Customer') if @permissionCheck('ticket.customer')
currentStore.article.internal = '' currentStore.article.internal = ''
currentStore currentStore
@ -653,7 +651,7 @@ class App.TicketZoom extends App.Controller
ticket[attributes[1]] = content.value ticket[attributes[1]] = content.value
# set defaults # set defaults
if !@isRole('Customer') if !@permissionCheck('ticket.customer')
if !ticket['owner_id'] if !ticket['owner_id']
ticket['owner_id'] = 1 ticket['owner_id'] = 1
@ -811,6 +809,7 @@ class App.TicketZoom extends App.Controller
App.TaskManager.update(@task_key, { 'state': @localTaskData }) App.TaskManager.update(@task_key, { 'state': @localTaskData })
class TicketZoomRouter extends App.ControllerPermanent class TicketZoomRouter extends App.ControllerPermanent
requiredPermission: ['ticket.agent', 'ticket.customer']
constructor: (params) -> constructor: (params) ->
super super

View file

@ -45,7 +45,7 @@ class App.TicketZoomArticleActions extends App.Controller
@render() @render()
actionRow: (article) -> actionRow: (article) ->
if @isRole('Customer') if @permissionCheck('ticket.customer')
return [] return []
actions = [] actions = []

View file

@ -103,7 +103,7 @@ class App.TicketZoomArticleNew extends App.Controller
features: ['attachment'] features: ['attachment']
} }
if @isRole('Customer') if @permissionCheck('ticket.customer')
@type = 'note' @type = 'note'
@articleTypes = [ @articleTypes = [
{ {
@ -177,7 +177,7 @@ class App.TicketZoomArticleNew extends App.Controller
articleTypes: @articleTypes articleTypes: @articleTypes
article: @defaults article: @defaults
form_id: @form_id form_id: @form_id
isCustomer: @isRole('Customer') isCustomer: @permissionCheck('ticket.customer')
) )
@setArticleType(@type) @setArticleType(@type)
@ -254,7 +254,7 @@ class App.TicketZoomArticleNew extends App.Controller
) )
# show text module UI # show text module UI
if !@isRole('Customer') if !@permissionCheck('ticket.customer')
textModule = new App.WidgetTextModule( textModule = new App.WidgetTextModule(
el: @$('.js-textarea').parent() el: @$('.js-textarea').parent()
data: data:
@ -281,7 +281,7 @@ class App.TicketZoomArticleNew extends App.Controller
if !params['internal'] if !params['internal']
params['internal'] = false params['internal'] = false
if @isRole('Customer') if @permissionCheck('ticket.customer')
sender = App.TicketArticleSender.findByAttribute('name', 'Customer') sender = App.TicketArticleSender.findByAttribute('name', 'Customer')
type = App.TicketArticleType.findByAttribute('name', 'web') type = App.TicketArticleType.findByAttribute('name', 'web')
params.type_id = type.id params.type_id = type.id

View file

@ -125,7 +125,7 @@ class ArticleViewItem extends App.ObserverController
@html App.view('ticket_zoom/article_view_delivery_failed')( @html App.view('ticket_zoom/article_view_delivery_failed')(
ticket: @ticket ticket: @ticket
article: article article: article
isCustomer: @isRole('Customer') isCustomer: @permissionCheck('ticket.customer')
) )
return return
if article.sender.name is 'System' if article.sender.name is 'System'
@ -133,13 +133,13 @@ class ArticleViewItem extends App.ObserverController
@html App.view('ticket_zoom/article_view_system')( @html App.view('ticket_zoom/article_view_system')(
ticket: @ticket ticket: @ticket
article: article article: article
isCustomer: @isRole('Customer') isCustomer: @permissionCheck('ticket.customer')
) )
return return
@html App.view('ticket_zoom/article_view')( @html App.view('ticket_zoom/article_view')(
ticket: @ticket ticket: @ticket
article: article article: article
isCustomer: @isRole('Customer') isCustomer: @permissionCheck('ticket.customer')
) )
new App.WidgetAvatar( new App.WidgetAvatar(

View file

@ -37,7 +37,7 @@ class App.TicketZoomAttributeBar extends App.Controller
macros = App.Macro.all() macros = App.Macro.all()
@macroLastUpdated = App.Macro.lastUpdatedAt() @macroLastUpdated = App.Macro.lastUpdatedAt()
if _.isEmpty(macros) || !@isRole('Agent') if _.isEmpty(macros) || !@permissionCheck('ticket.agent')
macroDisabled = true macroDisabled = true
localeEl = $(App.view('ticket_zoom/attribute_bar')( localeEl = $(App.view('ticket_zoom/attribute_bar')(

View file

@ -36,7 +36,7 @@ class App.TicketZoomHighlighter extends App.Controller
constructor: -> constructor: ->
super super
return if !@isRole('Agent') return if !@permissionCheck('ticket.agent')
@currentHighlights = {} @currentHighlights = {}
@ -93,7 +93,7 @@ class App.TicketZoomHighlighter extends App.Controller
# for testing purposes the highlights get stored in atrticle preferences # for testing purposes the highlights get stored in atrticle preferences
loadHighlights: (ticket_article_id) -> loadHighlights: (ticket_article_id) ->
return if !@isRole('Agent') return if !@permissionCheck('ticket.agent')
article = App.TicketArticle.find(ticket_article_id) article = App.TicketArticle.find(ticket_article_id)
return if !article.preferences return if !article.preferences
return if !article.preferences.highlight return if !article.preferences.highlight

View file

@ -8,5 +8,5 @@ class App.TicketZoomMeta extends App.ObserverController
render: (ticket) => render: (ticket) =>
@html App.view('ticket_zoom/meta')( @html App.view('ticket_zoom/meta')(
ticket: ticket ticket: ticket
isCustomer: @isRole('Customer') isCustomer: @permissionCheck('ticket.customer')
) )

View file

@ -53,7 +53,7 @@ class App.TicketZoomSidebar extends App.ObserverController
markForm: @markForm markForm: @markForm
) )
if !@isRole('Customer') if !@permissionCheck('ticket.customer')
@tagWidget = new App.WidgetTag( @tagWidget = new App.WidgetTag(
el: @el.find('.tags') el: @el.find('.tags')
object_type: 'Ticket' object_type: 'Ticket'
@ -91,7 +91,7 @@ class App.TicketZoomSidebar extends App.ObserverController
callback: editTicket callback: editTicket
} }
] ]
if !@isRole('Customer') if !@permissionCheck('ticket.customer')
@sidebarItems[0]['actions'] = [ @sidebarItems[0]['actions'] = [
{ {
name: 'ticket-history' name: 'ticket-history'
@ -109,7 +109,7 @@ class App.TicketZoomSidebar extends App.ObserverController
callback: changeCustomer callback: changeCustomer
}, },
] ]
if !@isRole('Customer') if !@permissionCheck('ticket.customer')
editCustomer = (e, el) => editCustomer = (e, el) =>
new App.ControllerGenericEdit( new App.ControllerGenericEdit(
id: ticket.customer_id id: ticket.customer_id

View file

@ -1,4 +1,5 @@
class Index extends App.ControllerContent class Index extends App.ControllerContent
requiredPermission: 'admin.translation'
events: events:
'click .js-pushChanges': 'pushChanges' 'click .js-pushChanges': 'pushChanges'
'click .js-resetChanges': 'resetChanges' 'click .js-resetChanges': 'resetChanges'
@ -7,9 +8,6 @@ class Index extends App.ControllerContent
constructor: -> constructor: ->
super super
# check authentication
return if !@authenticate(false, 'Admin')
@title 'Translations', true @title 'Translations', true
@locale = App.i18n.get() @locale = App.i18n.get()
@render() @render()
@ -337,4 +335,4 @@ class TranslationList extends App.Controller
reset.addClass('hidden') reset.addClass('hidden')
reset.closest('tr').removeClass('warning') reset.closest('tr').removeClass('warning')
App.Config.set('Translation', { prio: 1800, parent: '#system', name: 'Translations', target: '#system/translation', controller: Index, role: ['Admin'] }, 'NavBarAdmin' ) App.Config.set('Translation', { prio: 1800, parent: '#system', name: 'Translations', target: '#system/translation', controller: Index, permission: ['admin.translation'] }, 'NavBarAdmin' )

View file

@ -1,10 +1,8 @@
class Index extends App.ControllerContent class Index extends App.ControllerContent
requiredPermission: 'admin.trigger'
constructor: -> constructor: ->
super super
# check authentication
return if !@authenticate(false, 'Admin')
new App.ControllerGenericIndex( new App.ControllerGenericIndex(
el: @el el: @el
id: @id id: @id
@ -26,4 +24,4 @@ class Index extends App.ControllerContent
large: true large: true
) )
App.Config.set('Trigger', { prio: 3300, name: 'Trigger', parent: '#manage', target: '#manage/trigger', controller: Index, role: ['Admin'] }, 'NavBarAdmin') App.Config.set('Trigger', { prio: 3300, name: 'Trigger', parent: '#manage', target: '#manage/trigger', controller: Index, permission: ['admin.trigger'] }, 'NavBarAdmin')

View file

@ -3,9 +3,7 @@ class App.UserProfile extends App.Controller
super super
# check authentication # check authentication
if !@authenticate() @authenticateCheckRedirect(true)
App.TaskManager.remove(@task_key)
return
# fetch new data if needed # fetch new data if needed
App.User.full(@user_id, @render) App.User.full(@user_id, @render)
@ -188,6 +186,7 @@ class Organization extends App.ObserverController
) )
class Router extends App.ControllerPermanent class Router extends App.ControllerPermanent
requiredPermission: 'ticket.agent'
constructor: (params) -> constructor: (params) ->
super super

View file

@ -1,4 +1,5 @@
class Index extends App.Controller class Index extends App.ControllerContent
requiredPermission: 'admin.user'
elements: elements:
'.js-search': 'searchInput' '.js-search': 'searchInput'
events: events:
@ -7,9 +8,6 @@ class Index extends App.Controller
constructor: -> constructor: ->
super super
# check authentication
return if !@authenticate()
# set title # set title
@title 'Users', true @title 'Users', true
@ -167,7 +165,7 @@ class Index extends App.Controller
App.Ajax.request( App.Ajax.request(
id: 'search' id: 'search'
type: 'GET' type: 'GET'
url: @apiPath + '/users/recent' url: "#{@apiPath}/users/recent"
data: data:
limit: 40 limit: 40
role_ids: role_ids role_ids: role_ids
@ -194,4 +192,4 @@ class Index extends App.Controller
callback: @recent callback: @recent
) )
App.Config.set( 'User', { prio: 1000, name: 'Users', parent: '#manage', target: '#manage/users', controller: Index, role: ['Admin'] }, 'NavBarAdmin' ) App.Config.set( 'User', { prio: 1000, name: 'Users', parent: '#manage', target: '#manage/users', controller: Index, permission: ['admin.user'] }, 'NavBarAdmin' )

View file

@ -41,7 +41,7 @@ class Widget extends App.Controller
maintanaceMode: (data = {}) => maintanaceMode: (data = {}) =>
return if data.on isnt true return if data.on isnt true
return if !@authenticate(true) @authenticateCheckRedirect()
@navigate '#logout' @navigate '#logout'
#App.Event.trigger('maintenance', {type:'restart_auto'}) #App.Event.trigger('maintenance', {type:'restart_auto'})

View file

@ -20,7 +20,7 @@ class App.TicketStats extends App.Controller
# rerender view, e. g. on langauge change # rerender view, e. g. on langauge change
@bind 'ui:rerender', => @bind 'ui:rerender', =>
return if !@authenticate(true) return if !@authenticateCheck()
@render() @render()
release: => release: =>

View file

@ -9,7 +9,7 @@ class Widget extends App.Controller
$(document).off('keydown.translation') $(document).off('keydown.translation')
# only admins can do this # only admins can do this
return if !@isRole('Admin') return if !@permissionCheck('admin.translation')
# bind on key down # bind on key down
# if ctrl+alt+t is pressed, enable translation_inline and fire ui:rerender # if ctrl+alt+t is pressed, enable translation_inline and fire ui:rerender

View file

@ -11,7 +11,7 @@ class TranslationSupport extends App.Controller
return if !App.i18n.notTranslatedFeatureEnabled(App.i18n.get()) return if !App.i18n.notTranslatedFeatureEnabled(App.i18n.get())
# only show for admins # only show for admins
return if !@isRole('Admin') return if !@permissionCheck('admin.translation')
# do not show in setup screens # do not show in setup screens
return if window.location.hash.toString().match(/getting/) return if window.location.hash.toString().match(/getting/)

View file

@ -0,0 +1,4 @@
class App.Permission extends App.Model
@configure 'Role', 'name', 'note', 'active', 'updated_at'
@extend Spine.Model.Ajax
@url: @apiPath + '/permissions'

View file

@ -1,18 +1,20 @@
class App.Role extends App.Model class App.Role extends App.Model
@configure 'Role', 'name', 'note', 'active', 'updated_at' @configure 'Role', 'name', 'permission_ids', 'default_at_signup', 'note', 'active', 'updated_at'
@extend Spine.Model.Ajax @extend Spine.Model.Ajax
@url: @apiPath + '/roles' @url: @apiPath + '/roles'
@configure_attributes = [ @configure_attributes = [
{ name: 'name', display: 'Name', tag: 'input', type: 'text', limit: 100, null: false }, { name: 'name', display: 'Name', tag: 'input', type: 'text', limit: 100, null: false },
{ name: 'note', display: 'Note', tag: 'textarea', note: 'Notes are visible to agents only, never to customers.', limit: 250, null: true }, { name: 'permission_ids', display: 'Permissions', tag: 'permission', item_class: 'checkbox' },
{ name: 'active', display: 'Active', tag: 'active', default: true }, { name: 'default_at_signup', display: 'Default at Signup', tag: 'boolean', default: false, translate: true },
{ name: 'created_by_id', display: 'Created by', relation: 'User', readonly: 1 }, { name: 'note', display: 'Note', tag: 'textarea', note: 'Notes are visible to agents only, never to customers.', limit: 250, null: true },
{ name: 'created_at', display: 'Created', tag: 'datetime', readonly: 1 }, { name: 'active', display: 'Active', tag: 'active', default: true },
{ name: 'updated_by_id', display: 'Updated by', relation: 'User', readonly: 1 }, { name: 'created_by_id', display: 'Created by', relation: 'User', readonly: 1 },
{ name: 'updated_at', display: 'Updated', tag: 'datetime', readonly: 1 }, { name: 'created_at', display: 'Created', tag: 'datetime', readonly: 1 },
{ name: 'updated_by_id', display: 'Updated by', relation: 'User', readonly: 1 },
{ name: 'updated_at', display: 'Updated', tag: 'datetime', readonly: 1 },
] ]
@configure_overview = [ @configure_overview = [
'name', 'name', 'default_at_signup',
] ]
activityMessage: (item) -> activityMessage: (item) ->
@ -21,3 +23,14 @@ class App.Role extends App.Model
else if item.type is 'update' else if item.type is 'update'
return App.i18n.translateContent('%s updated Role |%s|', item.created_by.displayName(), item.title) return App.i18n.translateContent('%s updated Role |%s|', item.created_by.displayName(), item.title)
return "Unknow action for (#{@objectDisplayName()}/#{item.type}), extend activityMessage() of model." return "Unknow action for (#{@objectDisplayName()}/#{item.type}), extend activityMessage() of model."
@_fillUp: (data) ->
if data['permission_ids']
data['permissions'] = []
for permission_id in data['permission_ids']
if App.Permission.exists(permission_id)
permission = App.Permission.find(permission_id)
data['permissions'].push permission
data

View file

@ -125,25 +125,25 @@ class App.User extends App.Model
if data['role_ids'] if data['role_ids']
data['roles'] = [] data['roles'] = []
for role_id in data['role_ids'] for role_id in data['role_ids']
if App.Role.exists( role_id ) if App.Role.exists(role_id)
role = App.Role.find( role_id ) role = App.Role.find(role_id)
data['roles'].push role data['roles'].push role
if data['group_ids'] if data['group_ids']
data['groups'] = [] data['groups'] = []
for group_id in data['group_ids'] for group_id in data['group_ids']
if App.Group.exists( group_id ) if App.Group.exists(group_id)
group = App.Group.find( group_id ) group = App.Group.find(group_id)
data['groups'].push group data['groups'].push group
data data
searchResultAttributes: -> searchResultAttributes: ->
display: "#{@displayName()}" display: "#{@displayName()}"
id: @id id: @id
class: 'user user-popover' class: 'user user-popover'
url: @uiUrl() url: @uiUrl()
icon: 'user' icon: 'user'
activityMessage: (item) -> activityMessage: (item) ->
if item.type is 'create' if item.type is 'create'
@ -163,3 +163,50 @@ class App.User extends App.Model
to = item.objectNative.displayName() to = item.objectNative.displayName()
return App.i18n.translateContent('%s ended switch to |%s|!', item.created_by.displayName(), to) return App.i18n.translateContent('%s ended switch to |%s|!', item.created_by.displayName(), to)
return "Unknow action for (#{@objectDisplayName()}/#{item.type}), extend activityMessage() of model." return "Unknow action for (#{@objectDisplayName()}/#{item.type}), extend activityMessage() of model."
###
user = App.User.find(3)
result = user.permission('ticket.agent') # access to certain permission key
result = user.permission(['ticket.agent', 'ticket.customer']) # access to one of permission keys
result = user.permission('user_preferences.calendar+ticket.agent') # access must have two permission keys
returns
true|false
###
permission: (key) ->
keys = key
if !_.isArray(key)
keys = [key]
# get all permissions of user
permissions = {}
for role_id in @role_ids
role = App.Role.find(role_id)
for permission_id in role.permission_ids
permission = App.Permission.find(permission_id)
permissions[permission.name] = true
for localKey in keys
requiredPermissions = localKey.split('+')
access = false
for requiredPermission in requiredPermissions
localAccess = false
partString = ''
for part in requiredPermission.split('.')
if partString isnt ''
partString += '.'
partString += part
if permissions[partString]
localAccess = true
if localAccess
access = true
else
access = false
break
return access if access
false

View file

@ -0,0 +1,21 @@
<div class="checkbox <%= @attribute.class %> checkbox">
<% for permission in @permissions: %>
<% if !permission.name.match(/\./): %>
<label class="inline-label checkbox-replacement">
<input type="checkbox" value="<%= permission.id %>" name="permission_ids" <% if _.contains(@params.permission_ids, permission.id): %>checked<% end %> <% if permission.preferences.disabled: %>disabled<% end %>/>
<%- @Icon('checkbox', 'icon-unchecked') %>
<%- @Icon('checkbox-checked', 'icon-checked') %>
<span class="label-text"><%= permission.displayName() %> - <span class="help-text"><%- @T(permission.note) %></span></span>
</label>
<% else: %>
<div style="padding-left: 20px;" class="js-subPermissionList">
<label class="inline-label checkbox-replacement">
<input type="checkbox" value="<%= permission.id %>" name="permission_ids" <% if _.contains(@params.permission_ids, permission.id): %>checked<% end %> <% if permission.preferences.disabled: %>disabled<% end %>/>
<%- @Icon('checkbox', 'icon-unchecked') %>
<%- @Icon('checkbox-checked', 'icon-checked') %>
<span class="label-text"><%= permission.displayName().replace(/^.+?\./, '') %> - <span class="help-text"><%- @T(permission.note) %></span></span>
</label>
</div>
<% end %>
<% end %>
</div>

View file

@ -6,7 +6,9 @@
<%- @Icon('checkbox-checked', 'icon-checked') %> <%- @Icon('checkbox-checked', 'icon-checked') %>
<span class="label-text"><%= role.displayName() %> <% if role.note: %>- <span class="help-text"><%= role.note %></span><% end %></span> <span class="label-text"><%= role.displayName() %> <% if role.note: %>- <span class="help-text"><%= role.note %></span><% end %></span>
</label> </label>
<% if role.name is 'Agent': %> <% if role.permissions: %>
<% for permission in role.permissions: %>
<% if _.contains(permission.preferences.plugin, 'groups'): %>
<div style="padding-left: 20px;" class="js-groupList <% if @hideGroups: %>js-groupListHide hidden<% end %>"> <div style="padding-left: 20px;" class="js-groupList <% if @hideGroups: %>js-groupListHide hidden<% end %>">
<% for group in @groups: %> <% for group in @groups: %>
<label class="inline-label checkbox-replacement"> <label class="inline-label checkbox-replacement">
@ -17,6 +19,9 @@
</label> </label>
<% end %> <% end %>
</div> </div>
<% break %>
<% end %>
<% end %>
<% end %> <% end %>
<% end %> <% end %>
</div> </div>

View file

@ -8,7 +8,6 @@ class ApplicationController < ActionController::Base
:authentication_check, :authentication_check,
:config_frontend, :config_frontend,
:http_log_config, :http_log_config,
:role?,
:model_create_render, :model_create_render,
:model_update_render, :model_update_render,
:model_restory_render, :model_restory_render,
@ -171,6 +170,7 @@ class ApplicationController < ActionController::Base
switched_from_user_id = ENV['SWITCHED_FROM_USER_ID'] || session[:switched_from_user_id] switched_from_user_id = ENV['SWITCHED_FROM_USER_ID'] || session[:switched_from_user_id]
return true if switched_from_user_id return true if switched_from_user_id
return true if !user return true if !user
return true if !user.permissions?('user_preferences.device')
time_to_check = true time_to_check = true
user_device_updated_at = session[:user_device_updated_at] user_device_updated_at = session[:user_device_updated_at]
@ -223,7 +223,6 @@ class ApplicationController < ActionController::Base
end end
def authentication_check_only(auth_param) def authentication_check_only(auth_param)
#logger.debug 'authentication_check' #logger.debug 'authentication_check'
#logger.debug params.inspect #logger.debug params.inspect
#logger.debug session.inspect #logger.debug session.inspect
@ -233,38 +232,16 @@ class ApplicationController < ActionController::Base
if session.id && session[:user_id] if session.id && session[:user_id]
logger.debug 'session based auth check' logger.debug 'session based auth check'
user = User.lookup(id: session[:user_id]) user = User.lookup(id: session[:user_id])
return authentication_check_prerequesits(user, 'session', auth_param) if user
# check scopes / permission check
# auth_param[:permission]
#if auth_param[:permission] && !user.permission?(auth_param[:permission])
# return {
# auth: false,
# message: 'No permission!',
# }
#end
current_user_set(user)
logger.debug "session based auth for '#{user.login}'"
return {
auth: true
}
end end
error_message = 'authentication failed'
# check sso based authentication # check sso based authentication
sso_user = User.sso(params) sso_user = User.sso(params)
if sso_user if sso_user
if check_maintenance_only(sso_user) if authentication_check_prerequesits(sso_user, 'session', auth_param)
return { session[:persistent] = true
auth: false, return sso_user
message: 'Maintenance mode enabled!',
}
end end
session[:persistent] = true
return {
auth: true
}
end end
# check http basic based authentication # check http basic based authentication
@ -272,50 +249,10 @@ class ApplicationController < ActionController::Base
request.session_options[:skip] = true # do not send a session cookie request.session_options[:skip] = true # do not send a session cookie
logger.debug "http basic auth check '#{username}'" logger.debug "http basic auth check '#{username}'"
if Setting.get('api_password_access') == false if Setting.get('api_password_access') == false
return { raise Exceptions::NotAuthorized, 'API password access disabled!'
auth: false,
message: 'API password access disabled!',
}
end end
user = User.authenticate(username, password) user = User.authenticate(username, password)
next if !user return authentication_check_prerequesits(user, 'basic_auth', auth_param) if user
if check_maintenance_only(user)
return {
auth: false,
message: 'Maintenance mode enabled!',
}
end
current_user_set(user)
user_device_log(user, 'basic_auth')
logger.debug "http basic auth for '#{user.login}'"
return {
auth: true
}
end
# check http token action based authentication
if auth_param[:token_action]
authenticate_with_http_token do |token, _options|
request.session_options[:skip] = true # do not send a session cookie
logger.debug "http token action auth check '#{token}'"
user = Token.check(
action: auth_param[:token_action],
name: token,
)
next if !user
if check_maintenance_only(user)
return {
auth: false,
message: 'Maintenance mode enabled!',
}
end
current_user_set(user)
user_device_log(user, 'token_auth')
logger.debug "http token action auth for '#{user.login}'"
return {
auth: true
}
end
end end
# check http token based authentication # check http token based authentication
@ -323,31 +260,16 @@ class ApplicationController < ActionController::Base
logger.debug "http token auth check '#{token}'" logger.debug "http token auth check '#{token}'"
request.session_options[:skip] = true # do not send a session cookie request.session_options[:skip] = true # do not send a session cookie
if Setting.get('api_token_access') == false if Setting.get('api_token_access') == false
return { raise Exceptions::NotAuthorized, 'API token access disabled!'
auth: false,
message: 'API token access disabled!',
}
end end
user = Token.check( user = Token.check(
action: 'api', action: 'api',
name: token, name: token,
permission: auth_param[:permission],
inactive_user: true,
) )
next if !user @_token_auth = token # remember for permission_check
if check_maintenance_only(user) return authentication_check_prerequesits(user, 'token_auth', auth_param) if user
return {
auth: false,
message: 'Maintenance mode enabled!',
}
end
# permission check
# auth_param[:permission]
current_user_set(user)
user_device_log(user, 'token_auth')
logger.debug "http token auth for '#{user.login}'"
return {
auth: true
}
end end
=begin =begin
@ -360,73 +282,57 @@ class ApplicationController < ActionController::Base
# check expire # check expire
if access_token.expires_in && (access_token.created_at + access_token.expires_in) < Time.zone.now if access_token.expires_in && (access_token.created_at + access_token.expires_in) < Time.zone.now
return { raise Exceptions::NotAuthorized, 'OAuth2 token is expired!'
auth: false, end
message: 'OAuth2 token is expired!',
} if access_token.scopes.empty?
raise Exceptions::NotAuthorized, 'OAuth2 scope missing for token!'
end end
user = User.find(access_token.resource_owner_id) user = User.find(access_token.resource_owner_id)
if !user || user.active == false return authentication_check_prerequesits(user, 'token_auth', auth_param) if user
return {
auth: false,
message: 'OAuth2 resource owner inactive!',
}
end
if check_maintenance_only(user)
return {
auth: false,
message: 'Maintenance mode enabled!',
}
end
# check scopes / permission check
# auth_param[:permission]
if access_token.scopes.empty?
return {
auth: false,
message: 'OAuth2 scope missing for token!',
}
end
current_user_set(user)
user_device_log(user, 'token_auth')
logger.debug "oauth token auth for '#{user.login}'"
return {
auth: true
}
end end
=end =end
logger.debug error_message false
{ end
auth: false,
message: error_message, def authentication_check_prerequesits(user, auth_type, auth_param)
} if check_maintenance_only(user)
raise Exceptions::NotAuthorized, 'Maintenance mode enabled!'
end
if user.active == false
raise Exceptions::NotAuthorized, 'User is inactive!'
end
# check scopes / permission check
if auth_param[:permission] && !user.permissions?(auth_param[:permission])
raise Exceptions::NotAuthorized, 'No permission!'
end
current_user_set(user)
user_device_log(user, auth_type)
logger.debug "#{auth_type} for '#{user.login}'"
true
end end
def authentication_check(auth_param = {}) def authentication_check(auth_param = {})
result = authentication_check_only(auth_param) user = authentication_check_only(auth_param)
# check if basic_auth fallback is possible # check if basic_auth fallback is possible
if auth_param[:basic_auth_promt] && result[:auth] == false if auth_param[:basic_auth_promt] && !user
return request_http_basic_authentication return request_http_basic_authentication
end end
# return auth not ok # return auth not ok
if result[:auth] == false if !user
raise Exceptions::NotAuthorized, result[:message] raise Exceptions::NotAuthorized, 'authentication failed'
end end
# return auth ok # return auth ok
true true
end end
def role?(role_name)
return false if !current_user
current_user.role?(role_name)
end
def ticket_permission(ticket) def ticket_permission(ticket)
return true if ticket.permission(current_user: current_user) return true if ticket.permission(current_user: current_user)
raise Exceptions::NotAuthorized raise Exceptions::NotAuthorized
@ -438,9 +344,19 @@ class ApplicationController < ActionController::Base
raise Exceptions::NotAuthorized raise Exceptions::NotAuthorized
end end
def deny_if_not_role(role_name) def permission_check(key)
return false if role?(role_name) if @_token_auth
raise Exceptions::NotAuthorized user = Token.check(
action: 'api',
name: @_token_auth,
permission: key,
)
return false if user
raise Exceptions::NotAuthorized, 'No permission!'
end
return false if current_user && current_user.permissions?(key)
raise Exceptions::NotAuthorized, 'No permission!'
end end
def valid_session_with_user def valid_session_with_user
@ -683,7 +599,7 @@ class ApplicationController < ActionController::Base
# check maintenance mode # check maintenance mode
def check_maintenance_only(user) def check_maintenance_only(user)
return false if Setting.get('maintenance_mode') != true return false if Setting.get('maintenance_mode') != true
return false if user.role?('Admin') return false if user.permissions?('admin.maintenance')
Rails.logger.info "Maintenance mode enabled, denied login for user #{user.login}, it's no admin user." Rails.logger.info "Maintenance mode enabled, denied login for user #{user.login}, it's no admin user."
true true
end end

View file

@ -1,10 +1,9 @@
# Copyright (C) 2012-2014 Zammad Foundation, http://zammad-foundation.org/ # Copyright (C) 2012-2014 Zammad Foundation, http://zammad-foundation.org/
class CalendarsController < ApplicationController class CalendarsController < ApplicationController
before_action :authentication_check before_action { authentication_check(permission: 'admin.calendar') }
def index def index
deny_if_not_role(Z_ROLENAME_ADMIN)
# calendars # calendars
assets = {} assets = {}
@ -25,22 +24,19 @@ class CalendarsController < ApplicationController
end end
def show def show
deny_if_not_role(Z_ROLENAME_ADMIN)
model_show_render(Calendar, params) model_show_render(Calendar, params)
end end
def create def create
deny_if_not_role(Z_ROLENAME_ADMIN)
model_create_render(Calendar, params) model_create_render(Calendar, params)
end end
def update def update
deny_if_not_role(Z_ROLENAME_ADMIN)
model_update_render(Calendar, params) model_update_render(Calendar, params)
end end
def destroy def destroy
deny_if_not_role(Z_ROLENAME_ADMIN)
model_destory_render(Calendar, params) model_destory_render(Calendar, params)
end end
end end

View file

@ -17,7 +17,7 @@ curl http://localhost/api/v1/group/channels.json -v -u #{login}:#{password} -H "
=end =end
def group_update def group_update
deny_if_not_role(Z_ROLENAME_ADMIN) permission_check('admin')
check_access check_access
channel = Channel.find(params[:id]) channel = Channel.find(params[:id])
@ -40,12 +40,13 @@ curl http://localhost/api/v1/channels.json -v -u #{login}:#{password} -H "Conten
=end =end
def destroy def destroy
deny_if_not_role(Z_ROLENAME_ADMIN) permission_check('admin')
check_access check_access
model_destory_render(Channel, params) model_destory_render(Channel, params)
end end
def twitter_index def twitter_index
permission_check('admin.channel_twitter')
assets = {} assets = {}
ExternalCredential.where(name: 'twitter').each { |external_credential| ExternalCredential.where(name: 'twitter').each { |external_credential|
assets = external_credential.assets(assets) assets = external_credential.assets(assets)
@ -64,11 +65,12 @@ curl http://localhost/api/v1/channels.json -v -u #{login}:#{password} -H "Conten
end end
def twitter_verify def twitter_verify
deny_if_not_role(Z_ROLENAME_ADMIN) permission_check('admin.channel_twitter')
model_update_render(Channel, params) model_update_render(Channel, params)
end end
def facebook_index def facebook_index
permission_check('admin.channel_facebook')
assets = {} assets = {}
ExternalCredential.where(name: 'facebook').each { |external_credential| ExternalCredential.where(name: 'facebook').each { |external_credential|
assets = external_credential.assets(assets) assets = external_credential.assets(assets)
@ -87,12 +89,12 @@ curl http://localhost/api/v1/channels.json -v -u #{login}:#{password} -H "Conten
end end
def facebook_verify def facebook_verify
deny_if_not_role(Z_ROLENAME_ADMIN) permission_check('admin.channel_facebook')
model_update_render(Channel, params) model_update_render(Channel, params)
end end
def email_index def email_index
deny_if_not_role(Z_ROLENAME_ADMIN) permission_check('admin.channel_email')
system_online_service = Setting.get('system_online_service') system_online_service = Setting.get('system_online_service')
account_channel_ids = [] account_channel_ids = []
notification_channel_ids = [] notification_channel_ids = []
@ -143,7 +145,7 @@ curl http://localhost/api/v1/channels.json -v -u #{login}:#{password} -H "Conten
def email_probe def email_probe
# check admin permissions # check admin permissions
deny_if_not_role(Z_ROLENAME_ADMIN) permission_check('admin.channel_email')
# probe settings based on email and password # probe settings based on email and password
result = EmailHelper::Probe.full( result = EmailHelper::Probe.full(
@ -163,7 +165,7 @@ curl http://localhost/api/v1/channels.json -v -u #{login}:#{password} -H "Conten
def email_outbound def email_outbound
# check admin permissions # check admin permissions
deny_if_not_role(Z_ROLENAME_ADMIN) permission_check('admin.channel_email')
# verify access # verify access
return if params[:channel_id] && !check_access(params[:channel_id]) return if params[:channel_id] && !check_access(params[:channel_id])
@ -175,7 +177,7 @@ curl http://localhost/api/v1/channels.json -v -u #{login}:#{password} -H "Conten
def email_inbound def email_inbound
# check admin permissions # check admin permissions
deny_if_not_role(Z_ROLENAME_ADMIN) permission_check('admin.channel_email')
# verify access # verify access
return if params[:channel_id] && !check_access(params[:channel_id]) return if params[:channel_id] && !check_access(params[:channel_id])
@ -192,7 +194,7 @@ curl http://localhost/api/v1/channels.json -v -u #{login}:#{password} -H "Conten
def email_verify def email_verify
# check admin permissions # check admin permissions
deny_if_not_role(Z_ROLENAME_ADMIN) permission_check('admin.channel_email')
email = params[:email] || params[:meta][:email] email = params[:email] || params[:meta][:email]
email = email.downcase email = email.downcase
@ -287,7 +289,7 @@ curl http://localhost/api/v1/channels.json -v -u #{login}:#{password} -H "Conten
check_online_service check_online_service
# check admin permissions # check admin permissions
deny_if_not_role(Z_ROLENAME_ADMIN) permission_check('admin.channel_email')
adapter = params[:adapter].downcase adapter = params[:adapter].downcase

View file

@ -1,10 +1,9 @@
# Copyright (C) 2012-2014 Zammad Foundation, http://zammad-foundation.org/ # Copyright (C) 2012-2014 Zammad Foundation, http://zammad-foundation.org/
class ChatsController < ApplicationController class ChatsController < ApplicationController
before_action :authentication_check before_action { authentication_check(permission: 'admin.chat') }
def index def index
deny_if_not_role(Z_ROLENAME_ADMIN)
chat_ids = [] chat_ids = []
assets = {} assets = {}
Chat.order(:id).each { |chat| Chat.order(:id).each { |chat|
@ -20,22 +19,19 @@ class ChatsController < ApplicationController
end end
def show def show
deny_if_not_role(Z_ROLENAME_ADMIN)
model_show_render(Chat, params) model_show_render(Chat, params)
end end
def create def create
deny_if_not_role(Z_ROLENAME_ADMIN)
model_create_render(Chat, params) model_create_render(Chat, params)
end end
def update def update
deny_if_not_role(Z_ROLENAME_ADMIN)
model_update_render(Chat, params) model_update_render(Chat, params)
end end
def destroy def destroy
deny_if_not_role(Z_ROLENAME_ADMIN)
model_destory_render(Chat, params) model_destory_render(Chat, params)
end end
end end

View file

@ -1,12 +1,10 @@
# Copyright (C) 2012-2014 Zammad Foundation, http://zammad-foundation.org/ # Copyright (C) 2012-2014 Zammad Foundation, http://zammad-foundation.org/
class CtiController < ApplicationController class CtiController < ApplicationController
before_action :authentication_check before_action { authentication_check(permission: 'cti.agent') }
# list current caller log # list current caller log
def index def index
deny_if_not_role('CTI')
backends = [ backends = [
{ {
name: 'sipgate.io', name: 'sipgate.io',
@ -22,7 +20,6 @@ class CtiController < ApplicationController
# set caller log to done # set caller log to done
def done def done
deny_if_not_role('CTI')
log = Cti::Log.find(params['id']) log = Cti::Log.find(params['id'])
log.done = params['done'] log.done = params['done']
log.save log.save

View file

@ -46,6 +46,7 @@ curl http://localhost/api/v1/email_addresses.json -v -u #{login}:#{password}
=end =end
def index def index
permission_check(['admin.channel_email', 'ticket.agent'])
model_index_render(EmailAddress, params) model_index_render(EmailAddress, params)
end end
@ -67,6 +68,7 @@ curl http://localhost/api/v1/email_addresses/#{id}.json -v -u #{login}:#{passwor
=end =end
def show def show
permission_check(['admin.channel_email', 'ticket.agent'])
model_show_render(EmailAddress, params) model_show_render(EmailAddress, params)
end end
@ -97,7 +99,7 @@ curl http://localhost/api/v1/email_addresses.json -v -u #{login}:#{password} -H
=end =end
def create def create
deny_if_not_role(Z_ROLENAME_ADMIN) permission_check('admin.channel_email')
model_create_render(EmailAddress, params) model_create_render(EmailAddress, params)
end end
@ -128,7 +130,7 @@ curl http://localhost/api/v1/email_addresses/#{id}.json -v -u #{login}:#{passwor
=end =end
def update def update
deny_if_not_role(Z_ROLENAME_ADMIN) permission_check('admin.channel_email')
model_update_render(EmailAddress, params) model_update_render(EmailAddress, params)
end end
@ -146,7 +148,7 @@ curl http://localhost/api/v1/email_addresses/#{id}.json -v -u #{login}:#{passwor
=end =end
def destroy def destroy
deny_if_not_role(Z_ROLENAME_ADMIN) permission_check('admin.channel_email')
model_destory_render(EmailAddress, params) model_destory_render(EmailAddress, params)
end end
end end

View file

@ -1,30 +1,25 @@
# Copyright (C) 2012-2014 Zammad Foundation, http://zammad-foundation.org/ # Copyright (C) 2012-2014 Zammad Foundation, http://zammad-foundation.org/
class ExternalCredentialsController < ApplicationController class ExternalCredentialsController < ApplicationController
before_action :authentication_check before_action { authentication_check(permission: ['admin.channel_twitter', 'admin.channel_facebook']) }
def index def index
deny_if_not_role(Z_ROLENAME_ADMIN)
model_index_render(ExternalCredential, params) model_index_render(ExternalCredential, params)
end end
def show def show
deny_if_not_role(Z_ROLENAME_ADMIN)
model_show_render(ExternalCredential, params) model_show_render(ExternalCredential, params)
end end
def create def create
deny_if_not_role(Z_ROLENAME_ADMIN)
model_create_render(ExternalCredential, params) model_create_render(ExternalCredential, params)
end end
def update def update
deny_if_not_role(Z_ROLENAME_ADMIN)
model_update_render(ExternalCredential, params) model_update_render(ExternalCredential, params)
end end
def destroy def destroy
deny_if_not_role(Z_ROLENAME_ADMIN)
model_destory_render(ExternalCredential, params) model_destory_render(ExternalCredential, params)
end end
@ -37,7 +32,6 @@ class ExternalCredentialsController < ApplicationController
end end
def link_account def link_account
deny_if_not_role(Z_ROLENAME_ADMIN)
provider = params[:provider].downcase provider = params[:provider].downcase
attributes = ExternalCredential.request_account_to_link(provider) attributes = ExternalCredential.request_account_to_link(provider)
session[:request_token] = attributes[:request_token] session[:request_token] = attributes[:request_token]
@ -45,7 +39,6 @@ class ExternalCredentialsController < ApplicationController
end end
def callback def callback
deny_if_not_role(Z_ROLENAME_ADMIN)
provider = params[:provider].downcase provider = params[:provider].downcase
channel = ExternalCredential.link_account(provider, session[:request_token], params) channel = ExternalCredential.link_account(provider, session[:request_token], params)
session[:request_token] = nil session[:request_token] = nil

View file

@ -44,7 +44,7 @@ class FirstStepsController < ApplicationController
macro_active = true macro_active = true
end end
if current_user.role?('Admin') if current_user.permissions?('admin')
result = [ result = [
{ {
@ -225,7 +225,7 @@ class FirstStepsController < ApplicationController
end end
def access? def access?
return true if current_user.role?(%w(Agent Admin)) return true if current_user.permissions?(['admin', 'ticket.agent'])
render json: [] render json: []
false false
end end

View file

@ -74,14 +74,14 @@ class FormController < ApplicationController
customer = User.find_by(email: email) customer = User.find_by(email: email)
if !customer if !customer
roles = Role.where(name: 'Customer') role_ids = Role.signup_role_ids
customer = User.create( customer = User.create(
firstname: name, firstname: name,
lastname: '', lastname: '',
email: email, email: email,
password: '', password: '',
active: true, active: true,
roles: roles, role_ids: role_ids,
updated_by_id: 1, updated_by_id: 1,
created_by_id: 1, created_by_id: 1,
) )

View file

@ -110,7 +110,7 @@ curl http://localhost/api/v1/getting_started -v -u #{login}:#{password}
def base def base
# check admin permissions # check admin permissions
deny_if_not_role(Z_ROLENAME_ADMIN) permission_check('admin.wizard')
# validate url # validate url
messages = {} messages = {}

View file

@ -1,7 +1,7 @@
# Copyright (C) 2012-2014 Zammad Foundation, http://zammad-foundation.org/ # Copyright (C) 2012-2014 Zammad Foundation, http://zammad-foundation.org/
class GroupsController < ApplicationController class GroupsController < ApplicationController
before_action :authentication_check before_action { authentication_check(permission: 'admin.group') }
=begin =begin
@ -101,7 +101,6 @@ curl http://localhost/api/v1/groups -v -u #{login}:#{password} -H "Content-Type:
=end =end
def create def create
deny_if_not_role(Z_ROLENAME_ADMIN)
model_create_render(Group, params) model_create_render(Group, params)
end end
@ -133,7 +132,6 @@ curl http://localhost/api/v1/groups -v -u #{login}:#{password} -H "Content-Type:
=end =end
def update def update
deny_if_not_role(Z_ROLENAME_ADMIN)
model_update_render(Group, params) model_update_render(Group, params)
end end
@ -151,7 +149,6 @@ curl http://localhost/api/v1/groups/{id} -v -u #{login}:#{password} -H "Content-
=end =end
def destroy def destroy
deny_if_not_role(Z_ROLENAME_ADMIN)
model_destory_render(Group, params) model_destory_render(Group, params)
end end
end end

View file

@ -5,7 +5,7 @@ class HttpLogsController < ApplicationController
# GET /http_logs/:facility # GET /http_logs/:facility
def index def index
deny_if_not_role(Z_ROLENAME_ADMIN) permission_check('admin.*')
list = if params[:facility] list = if params[:facility]
HttpLog.where(facility: params[:facility]).order('created_at DESC').limit(params[:limit] || 50) HttpLog.where(facility: params[:facility]).order('created_at DESC').limit(params[:limit] || 50)
else else
@ -16,7 +16,7 @@ class HttpLogsController < ApplicationController
# POST /http_logs # POST /http_logs
def create def create
deny_if_not_role(Z_ROLENAME_ADMIN) permission_check('admin.*')
model_create_render(HttpLog, params) model_create_render(HttpLog, params)
end end

View file

@ -1,30 +1,26 @@
# Copyright (C) 2012-2014 Zammad Foundation, http://zammad-foundation.org/ # Copyright (C) 2012-2014 Zammad Foundation, http://zammad-foundation.org/
class JobsController < ApplicationController class JobsController < ApplicationController
before_action :authentication_check before_action { authentication_check(permission: 'admin.scheduler') }
def index def index
deny_if_not_role(Z_ROLENAME_ADMIN)
model_index_render(Job, params) model_index_render(Job, params)
end end
def show def show
deny_if_not_role(Z_ROLENAME_ADMIN)
model_show_render(Job, params) model_show_render(Job, params)
end end
def create def create
deny_if_not_role(Z_ROLENAME_ADMIN)
model_create_render(Job, params) model_create_render(Job, params)
end end
def update def update
deny_if_not_role(Z_ROLENAME_ADMIN)
model_update_render(Job, params) model_update_render(Job, params)
end end
def destroy def destroy
deny_if_not_role(Z_ROLENAME_ADMIN)
model_destory_render(Job, params) model_destory_render(Job, params)
end end
end end

View file

@ -1,11 +1,10 @@
# Copyright (C) 2012-2014 Zammad Foundation, http://zammad-foundation.org/ # Copyright (C) 2012-2014 Zammad Foundation, http://zammad-foundation.org/
class ObjectManagerAttributesController < ApplicationController class ObjectManagerAttributesController < ApplicationController
before_action :authentication_check before_action { authentication_check(permission: 'admin.object') }
# GET /object_manager_attributes_list # GET /object_manager_attributes_list
def list def list
deny_if_not_role(Z_ROLENAME_ADMIN)
render json: { render json: {
objects: ObjectManager.list_frontend_objects, objects: ObjectManager.list_frontend_objects,
} }
@ -13,19 +12,16 @@ class ObjectManagerAttributesController < ApplicationController
# GET /object_manager_attributes # GET /object_manager_attributes
def index def index
deny_if_not_role(Z_ROLENAME_ADMIN)
render json: ObjectManager::Attribute.list_full render json: ObjectManager::Attribute.list_full
end end
# GET /object_manager_attributes/1 # GET /object_manager_attributes/1
def show def show
deny_if_not_role(Z_ROLENAME_ADMIN)
model_show_render(ObjectManager::Attribute, params) model_show_render(ObjectManager::Attribute, params)
end end
# POST /object_manager_attributes # POST /object_manager_attributes
def create def create
deny_if_not_role(Z_ROLENAME_ADMIN)
check_params check_params
# check if attribute already exists # check if attribute already exists
@ -55,7 +51,6 @@ class ObjectManagerAttributesController < ApplicationController
# PUT /object_manager_attributes/1 # PUT /object_manager_attributes/1
def update def update
deny_if_not_role(Z_ROLENAME_ADMIN)
check_params check_params
begin begin
object_manager_attribute = ObjectManager::Attribute.add( object_manager_attribute = ObjectManager::Attribute.add(
@ -77,7 +72,6 @@ class ObjectManagerAttributesController < ApplicationController
# DELETE /object_manager_attributes/1 # DELETE /object_manager_attributes/1
def destroy def destroy
deny_if_not_role(Z_ROLENAME_ADMIN)
object_manager_attribute = ObjectManager::Attribute.find(params[:id]) object_manager_attribute = ObjectManager::Attribute.find(params[:id])
ObjectManager::Attribute.remove( ObjectManager::Attribute.remove(
object_lookup_id: object_manager_attribute.object_lookup_id, object_lookup_id: object_manager_attribute.object_lookup_id,
@ -88,14 +82,12 @@ class ObjectManagerAttributesController < ApplicationController
# POST /object_manager_attributes_discard_changes # POST /object_manager_attributes_discard_changes
def discard_changes def discard_changes
deny_if_not_role(Z_ROLENAME_ADMIN)
ObjectManager::Attribute.discard_changes ObjectManager::Attribute.discard_changes
render json: {}, status: :ok render json: {}, status: :ok
end end
# POST /object_manager_attributes_execute_migrations # POST /object_manager_attributes_execute_migrations
def execute_migrations def execute_migrations
deny_if_not_role(Z_ROLENAME_ADMIN)
ObjectManager::Attribute.migration_execute ObjectManager::Attribute.migration_execute
render json: {}, status: :ok render json: {}, status: :ok
end end

View file

@ -57,7 +57,7 @@ curl http://localhost/api/v1/organizations -v -u #{login}:#{password}
# only allow customer to fetch his own organization # only allow customer to fetch his own organization
organizations = [] organizations = []
if role?(Z_ROLENAME_CUSTOMER) && !role?(Z_ROLENAME_ADMIN) && !role?(Z_ROLENAME_AGENT) if !current_user.permissions?('admin.organization') && !current_user.permissions?('ticket.agent')
if current_user.organization_id if current_user.organization_id
organizations = Organization.where(id: current_user.organization_id).offset(offset).limit(per_page) organizations = Organization.where(id: current_user.organization_id).offset(offset).limit(per_page)
end end
@ -111,7 +111,7 @@ curl http://localhost/api/v1/organizations/#{id} -v -u #{login}:#{password}
def show def show
# only allow customer to fetch his own organization # only allow customer to fetch his own organization
if role?(Z_ROLENAME_CUSTOMER) && !role?(Z_ROLENAME_ADMIN) && !role?(Z_ROLENAME_AGENT) if !current_user.permissions?('admin.organization') && !current_user.permissions?('ticket.agent')
if !current_user.organization_id if !current_user.organization_id
render json: {} render json: {}
return return
@ -160,7 +160,8 @@ curl http://localhost/api/v1/organizations -v -u #{login}:#{password} -H "Conten
=end =end
def create def create
deny_if_not_role(Z_ROLENAME_AGENT) permission_check('ticket.agent')
#permission_check('admin.organization')
model_create_render(Organization, params) model_create_render(Organization, params)
end end
@ -191,7 +192,7 @@ curl http://localhost/api/v1/organizations -v -u #{login}:#{password} -H "Conten
=end =end
def update def update
deny_if_not_role(Z_ROLENAME_AGENT) permission_check('ticket.agent')
model_update_render(Organization, params) model_update_render(Organization, params)
end end
@ -209,7 +210,7 @@ curl http://localhost/api/v1/organization/{id} -v -u #{login}:#{password} -H "Co
=end =end
def destroy def destroy
deny_if_not_role(Z_ROLENAME_AGENT) permission_check('ticket.agent')
model_references_check(Organization, params) model_references_check(Organization, params)
model_destory_render(Organization, params) model_destory_render(Organization, params)
end end
@ -217,7 +218,7 @@ curl http://localhost/api/v1/organization/{id} -v -u #{login}:#{password} -H "Co
# GET /api/v1/organizations/search # GET /api/v1/organizations/search
def search def search
if role?(Z_ROLENAME_CUSTOMER) && !role?(Z_ROLENAME_ADMIN) && !role?(Z_ROLENAME_AGENT) if !current_user.permissions?('admin.organization') && !current_user.permissions?('ticket.agent')
raise Exceptions::NotAuthorized raise Exceptions::NotAuthorized
end end
@ -284,7 +285,7 @@ curl http://localhost/api/v1/organization/{id} -v -u #{login}:#{password} -H "Co
def history def history
# permission check # permission check
if !role?(Z_ROLENAME_ADMIN) && !role?(Z_ROLENAME_AGENT) if !current_user.permissions?('admin.organization') && !current_user.permissions?('ticket.agent')
raise Exceptions::NotAuthorized raise Exceptions::NotAuthorized
end end

View file

@ -1,7 +1,7 @@
# Copyright (C) 2012-2014 Zammad Foundation, http://zammad-foundation.org/ # Copyright (C) 2012-2014 Zammad Foundation, http://zammad-foundation.org/
class OverviewsController < ApplicationController class OverviewsController < ApplicationController
before_action :authentication_check before_action { authentication_check(permission: 'admin.overview') }
=begin =begin
@ -52,7 +52,6 @@ curl http://localhost/api/v1/overviews.json -v -u #{login}:#{password}
=end =end
def index def index
deny_if_not_role(Z_ROLENAME_ADMIN)
model_index_render(Overview, params) model_index_render(Overview, params)
end end
@ -74,7 +73,6 @@ curl http://localhost/api/v1/overviews/#{id}.json -v -u #{login}:#{password}
=end =end
def show def show
deny_if_not_role(Z_ROLENAME_ADMIN)
model_show_render(Overview, params) model_show_render(Overview, params)
end end
@ -108,7 +106,6 @@ curl http://localhost/api/v1/overviews.json -v -u #{login}:#{password} -H "Conte
=end =end
def create def create
deny_if_not_role(Z_ROLENAME_ADMIN)
model_create_render(Overview, params) model_create_render(Overview, params)
end end
@ -142,7 +139,6 @@ curl http://localhost/api/v1/overviews.json -v -u #{login}:#{password} -H "Conte
=end =end
def update def update
deny_if_not_role(Z_ROLENAME_ADMIN)
model_update_render(Overview, params) model_update_render(Overview, params)
end end
@ -160,7 +156,6 @@ curl http://localhost/api/v1/overviews/#{id}.json -v -u #{login}:#{password} -H
=end =end
def destroy def destroy
deny_if_not_role(Z_ROLENAME_ADMIN)
model_destory_render(Overview, params) model_destory_render(Overview, params)
end end
end end

View file

@ -1,11 +1,10 @@
# Copyright (C) 2012-2014 Zammad Foundation, http://zammad-foundation.org/ # Copyright (C) 2012-2014 Zammad Foundation, http://zammad-foundation.org/
class PackagesController < ApplicationController class PackagesController < ApplicationController
before_action :authentication_check before_action { authentication_check(permission: 'admin.package') }
# GET /api/v1/packages # GET /api/v1/packages
def index def index
deny_if_not_role(Z_ROLENAME_ADMIN)
packages = Package.all().order('name') packages = Package.all().order('name')
render json: { render json: {
packages: packages packages: packages
@ -14,21 +13,14 @@ class PackagesController < ApplicationController
# POST /api/v1/packages # POST /api/v1/packages
def install def install
deny_if_not_role(Z_ROLENAME_ADMIN)
Package.install(string: params[:file_upload].read) Package.install(string: params[:file_upload].read)
redirect_to '/#system/package' redirect_to '/#system/package'
end end
# DELETE /api/v1/packages # DELETE /api/v1/packages
def uninstall def uninstall
deny_if_not_role(Z_ROLENAME_ADMIN)
package = Package.find(params[:id]) package = Package.find(params[:id])
Package.uninstall(name: package.name, version: package.version) Package.uninstall(name: package.name, version: package.version)
render json: { render json: {
success: true success: true
} }

Some files were not shown because too many files have changed in this diff Show more