Sutty/trabajo-afectivo
5
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Moved from to new permission management.

Browse source
This commit is contained in:
Martin Edenhofer 2016-08-12 18:39:09 +02:00
parent 1d8b44c9a6
commit 81b48a2ef4
181 changed files with 2668 additions and 1117 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

75
app/assets/javascripts/app/controllers/_application_controller.coffee
View file

@ -172,13 +172,6 @@ class App.Controller extends Spine.Controller
element.css('position', 'relative')
shakeMe(element, position, 20)
isRole: (name) ->
roles = @Session.get('roles')
return false if !roles
for role in roles
return true if role.name is name
return false
# get all params of the form
formParam: (form) ->
App.ControllerForm.params(form)
@ -214,28 +207,50 @@ class App.Controller extends Spine.Controller
callback: data.callback
)
authenticate: (checkOnly = false, role) ->
# role check
if role && !@isRole(role)
return false if checkOnly
@navigate '#login'
return false
# return true if session exists
return true if @Session.get()
permissionCheckRedirect: (key, closeTab = false) ->
return true if @permissionCheck(key)
# remember requested url
location = window.location.hash
if location && location isnt '#login' && location isnt '#logout' && location isnt '#keyboard_shortcuts'
App.Config.set('requested_url', location)
if closeTab
App.TaskManager.remove(@task_key)
# redirect to login
@navigate '#login'
throw "No permission for #{key}"
false
permissionCheck: (key) ->
user_id = App.Session.get('id')
return false if !user_id
user = App.User.find(user_id)
return false if !user
user.permission(key)
authenticateCheckRedirect: ->
return true if @authenticateCheck()
# remember requested url
if !checkOnly
location = window.location.hash
if location && location isnt '#login' && location isnt '#logout' && location isnt '#keyboard_shortcuts'
@Config.set('requested_url', location)
return false if checkOnly
# redirect to login
@navigate '#login'
return false
throw 'No exsisting session'
false
authenticateCheck: ->
# return true if session exists
return true if @Session.get()
false
frontendTime: (timestamp, row = {}) ->
if !row['subclass']
@ -264,7 +279,7 @@ class App.Controller extends Spine.Controller
ticketPopups: (position = 'right') ->
# open ticket in new task if curent user agent
if @isRole('Agent')
if @permissionCheck('ticket.agent')
@$('div.ticket-popover, span.ticket-popover').bind('click', (e) =>
id = $(e.target).data('id')
if id
@ -308,7 +323,7 @@ class App.Controller extends Spine.Controller
userPopups: (position = 'right') ->
# open user in new task if current user is agent
return if !@isRole('Agent')
return if !@permissionCheck('ticket.agent')
@$('div.user-popover, span.user-popover').bind('click', (e) =>
id = $(e.target).data('id')
if id
@ -365,7 +380,7 @@ class App.Controller extends Spine.Controller
organizationPopups: (position = 'right') ->
# open org in new task if current user agent
return if !@isRole('Agent')
return if !@permissionCheck('ticket.agent')
@$('div.organization-popover, span.organization-popover').bind('click', (e) =>
id = $(e.target).data('id')
@ -626,12 +641,22 @@ class App.Controller extends Spine.Controller
class App.ControllerPermanent extends App.Controller
constructor: ->
super
# check authentication
if @requiredPermission
@permissionCheckRedirect(@requiredPermission, true)
$('.content').addClass('hide')
@navShow()
class App.ControllerContent extends App.Controller
constructor: ->
super
# check authentication
if @requiredPermission
@permissionCheckRedirect(@requiredPermission)
$('.content').addClass('hide')
$('#content').removeClass('hide')
@navShow()
@ -667,7 +692,7 @@ class App.ControllerModal extends App.Controller
super
if @authenticateRequired
return if !@authenticate()
return if !@authenticateCheckRedirect()
# rerender view, e. g. on langauge change
@bind('ui:rerender', =>

36
app/assets/javascripts/app/controllers/_application_controller_generic.coffee
View file

@ -313,11 +313,16 @@ class App.ControllerDrox extends App.Controller
class App.ControllerTabs extends App.Controller
events:
'click .nav-tabs [data-toggle="tab"]': 'tabRemember',
'click .nav-tabs [data-toggle="tab"]': 'tabRemember'
constructor: ->
super
# check authentication
if @requiredPermission
if !@permissionCheckRedirect(@requiredPermission)
throw "No permission for #{@requiredPermission}"
render: ->
@html App.view('generic/tabs')(
header: @header
@ -359,27 +364,24 @@ class App.ControllerNavSidbar extends App.ControllerContent
@navupdate ''
if @authenticateRequired
return if !@authenticate()
@authenticateCheckRedirect()
@params = params
# get accessable groups
roles = App.Session.get('roles')
user = App.User.find(App.Session.get('id'))
groups = App.Config.get(@configKey)
groupsUnsorted = []
for key, item of groups
if !item.controller
if !item.role
if !item.permission
groupsUnsorted.push item
else
match = _.include(item.role, 'Anybody')
if !match
for role in roles
if !match
match = _.include(item.role, role.name)
if match
match = false
for permissionName in item.permission
if !match && user.permission(permissionName)
match = true
groupsUnsorted.push item
@groupsSorted = _.sortBy(groupsUnsorted, (item) -> return item.prio)
# get items of group
@ -389,15 +391,13 @@ class App.ControllerNavSidbar extends App.ControllerContent
for key, item of items
if item.parent is group.target
if item.controller
if !item.role
if !item.permission
itemsUnsorted.push item
else
match = _.include(item.role, 'Anybody')
if !match
for role in roles
if !match
match = _.include(item.role, role.name)
if match
match = false
for permissionName in item.permission
if !match && user && user.permission(permissionName)
match = true
itemsUnsorted.push item
group.items = _.sortBy(itemsUnsorted, (item) -> return item.prio)

5
app/assets/javascripts/app/controllers/_channel/chat.coffee
View file

@ -1,4 +1,5 @@
class App.ChannelChat extends App.Controller
class App.ChannelChat extends App.ControllerContent
requiredPermission: 'admin.channel_chat'
events:
'change .js-params': 'updateParams'
'input .js-params': 'updateParams'
@ -358,7 +359,7 @@ class App.ChannelChat extends App.Controller
@paramsBlock.each (i, block) ->
hljs.highlightBlock block
App.Config.set( 'Chat', { prio: 4000, name: 'Chat', parent: '#channels', target: '#channels/chat', controller: App.ChannelChat, role: ['Admin'] }, 'NavBarAdmin' )
App.Config.set('Chat', { prio: 4000, name: 'Chat', parent: '#channels', target: '#channels/chat', controller: App.ChannelChat, permission: ['admin.chat'] }, 'NavBarAdmin')
class Topics extends App.Controller
events:

3
app/assets/javascripts/app/controllers/_channel/email.coffee
View file

@ -1,4 +1,5 @@
class App.ChannelEmail extends App.ControllerTabs
requiredPermission: 'admin.channel_email'
header: 'Email'
constructor: ->
super
@ -919,4 +920,4 @@ class App.ChannelEmailNotificationWizard extends App.WizardModal
@enable(e)
)
App.Config.set( 'Email', { prio: 3000, name: 'Email', parent: '#channels', target: '#channels/email', controller: App.ChannelEmail, role: ['Admin'] }, 'NavBarAdmin' )
App.Config.set('Email', { prio: 3000, name: 'Email', parent: '#channels', target: '#channels/email', controller: App.ChannelEmail, permission: ['admin.channel_email'] }, 'NavBarAdmin')

4
app/assets/javascripts/app/controllers/_channel/facebook.coffee
View file

@ -1,4 +1,5 @@
class Index extends App.ControllerContent
requiredPermission: 'admin.channel_facebook'
events:
'click .js-new': 'new'
'click .js-edit': 'edit'
@ -7,7 +8,6 @@ class Index extends App.ControllerContent
constructor: ->
super
return if !@authenticate(false, 'Admin')
#@interval(@load, 60000)
@load()
@ -193,4 +193,4 @@ class Index extends App.ControllerContent
container: @el.closest('.content')
)
App.Config.set('Facebook', { prio: 5100, name: 'Facebook', parent: '#channels', target: '#channels/facebook', controller: Index, role: ['Admin'] }, 'NavBarAdmin')
App.Config.set('Facebook', { prio: 5100, name: 'Facebook', parent: '#channels', target: '#channels/facebook', controller: Index, permission: ['admin.channel_facebook'] }, 'NavBarAdmin')

5
app/assets/javascripts/app/controllers/_channel/form.coffee
View file

@ -1,5 +1,6 @@
# coffeelint: disable=no_unnecessary_double_quotes
class App.ChannelForm extends App.Controller
class App.ChannelForm extends App.ControllerContent
requiredPermission: 'admin.channel_form'
events:
'change form.js-params': 'updateParams'
'keyup form.js-params': 'updateParams'
@ -52,4 +53,4 @@ class App.ChannelForm extends App.Controller
value = @formSetting.prop('checked')
App.Setting.set('form_ticket_create', value)
App.Config.set( 'Form', { prio: 2000, name: 'Form', parent: '#channels', target: '#channels/form', controller: App.ChannelForm, role: ['Admin'] }, 'NavBarAdmin' )
App.Config.set('Form', { prio: 2000, name: 'Form', parent: '#channels', target: '#channels/form', controller: App.ChannelForm, permission: ['admin.formular'] }, 'NavBarAdmin')

4
app/assets/javascripts/app/controllers/_channel/twitter.coffee
View file

@ -1,4 +1,5 @@
class Index extends App.ControllerContent
requiredPermission: 'admin.channel_twitter'
events:
'click .js-new': 'new'
'click .js-edit': 'edit'
@ -7,7 +8,6 @@ class Index extends App.ControllerContent
constructor: ->
super
return if !@authenticate(false, 'Admin')
#@interval(@load, 60000)
@load()
@ -227,4 +227,4 @@ class Index extends App.ControllerContent
container: @el.closest('.content')
)
App.Config.set('Twitter', { prio: 5000, name: 'Twitter', parent: '#channels', target: '#channels/twitter', controller: Index, role: ['Admin'] }, 'NavBarAdmin')
App.Config.set('Twitter', { prio: 5000, name: 'Twitter', parent: '#channels', target: '#channels/twitter', controller: Index, permission: ['admin.channel_twitter'] }, 'NavBarAdmin')

3
app/assets/javascripts/app/controllers/_channel/web.coffee
View file

@ -1,4 +1,5 @@
class App.ChannelWeb extends App.ControllerTabs
requiredPermission: 'admin.channel_web'
header: 'Web'
constructor: ->
super
@ -15,4 +16,4 @@ class App.ChannelWeb extends App.ControllerTabs
@render()
App.Config.set( 'Web', { prio: 1000, name: 'Web', parent: '#channels', target: '#channels/web', controller: App.ChannelWeb, role: ['Admin'] }, 'NavBarAdmin' )
App.Config.set('Web', { prio: 1000, name: 'Web', parent: '#channels', target: '#channels/web', controller: App.ChannelWeb, permission: ['admin.channel_web'] }, 'NavBarAdmin')

11
app/assets/javascripts/app/controllers/_default_navbar.coffee
View file

@ -8,12 +8,11 @@ App.Config.set('User', {
return item
target: '#current_user',
class: 'user'
role: [ 'Agent', 'Customer' ]
}, 'NavBarRight' )
App.Config.set( 'Admin', { prio: 9000, parent: '', name: 'Admin', translate: true, target: '#manage', icon: 'cog', role: ['Admin'] }, 'NavBarRight' )
App.Config.set( 'New', { prio: 20000, parent: '', name: 'New', translate: true, target: '#new', class: 'add' }, 'NavBarRight' )
App.Config.set( 'Misc', { prio: 90000, parent: '', name: 'Tools', translate: true, target: '#tools', child: true, class: 'tools' }, 'NavBar' )
App.Config.set('Admin', { prio: 9000, parent: '', name: 'Admin', translate: true, target: '#manage', icon: 'cog', permission: ['admin.*'] }, 'NavBarRight')
App.Config.set('New', { prio: 20000, parent: '', name: 'New', translate: true, target: '#new', class: 'add' }, 'NavBarRight')
App.Config.set('Misc', { prio: 90000, parent: '', name: 'Tools', translate: true, target: '#tools', child: true, class: 'tools' }, 'NavBar')
# only for testing
#App.Config.set( 'Misc1', { prio: 1600, parent: '#tools', name: 'Test 1', target: '#test1', role: [ 'Admin' ] }, 'NavBar' )
#App.Config.set( 'Misc2', { prio: 1700, parent: '#tools', name: 'Test 2', target: '#test2', role: [ 'Admin' ] }, 'NavBar' )
#App.Config.set('Misc1', { prio: 1600, parent: '#tools', name: 'Test 1', target: '#test1', permission: ['admin'] }, 'NavBar')
#App.Config.set('Misc2', { prio: 1700, parent: '#tools', name: 'Test 2', target: '#test2', permission: ['admin'] }, 'NavBar')

1
app/assets/javascripts/app/controllers/_integration/_base.coffee
View file

@ -13,7 +13,6 @@ class App.ControllerIntegrationBase extends App.Controller
constructor: ->
super
return if !@authenticate(false, 'Admin')
@title @featureName, true
@initalRender = true

3
app/assets/javascripts/app/controllers/_integration/clearbit.coffee
View file

@ -29,9 +29,6 @@ class Form extends App.Controller
constructor: ->
super
# check authentication
return if !@authenticate()
@subscribeId = App.Setting.subscribe(@render, initFetch: true, clear: false)
currentConfig: ->

4
app/assets/javascripts/app/controllers/_integration/sipgate_io.coffee
View file

@ -28,10 +28,6 @@ class Form extends App.Controller
constructor: ->
super
# check authentication
return if !@authenticate()
@subscribeId = App.Setting.subscribe(@render, initFetch: true, clear: false)
currentConfig: ->

5
app/assets/javascripts/app/controllers/_manage/branding.coffee
View file

@ -1,12 +1,13 @@
class Branding extends App.ControllerTabs
requiredPermission: 'admin.branding'
header: 'Branding'
constructor: ->
super
return if !@authenticate(false, 'Admin')
@title 'Branding', true
@tabs = [
{ name: 'Base', 'target': 'base', controller: App.SettingsArea, params: { area: 'System::Branding' } }
]
@render()
App.Config.set('SettingBranding', { prio: 1200, parent: '#settings', name: 'Branding', target: '#settings/branding', controller: Branding, role: ['Admin'] }, 'NavBarAdmin')
App.Config.set('SettingBranding', { prio: 1200, parent: '#settings', name: 'Branding', target: '#settings/branding', controller: Branding, permission: ['admin.branding'] }, 'NavBarAdmin')

13
app/assets/javascripts/app/controllers/_manage/import.coffee
View file

@ -1,13 +0,0 @@
class Import extends App.ControllerTabs
header: 'Import'
constructor: ->
super
return if !@authenticate(false, 'Admin')
@title 'Import', true
@tabs = [
{ name: 'Base', 'target': 'base', controller: App.SettingsArea, params: { area: 'Import::Base' } }
{ name: 'OTRS', 'target': 'otrs', controller: App.SettingsArea, params: { area: 'Import::OTRS' } }
]
@render()
App.Config.set('SettingImport', { prio: 1800, parent: '#settings', name: 'Import', target: '#settings/import', controller: Import, role: ['Admin'] }, 'NavBarAdmin')

10
app/assets/javascripts/app/controllers/_manage/security.coffee
View file

@ -1,15 +1,17 @@
class Security extends App.ControllerTabs
requiredPermission: 'admin.security'
header: 'Security'
constructor: ->
super
return if !@authenticate(false, 'Admin')
@title 'Security', true
@tabs = [
{ name: 'Base', 'target': 'base', controller: App.SettingsArea, params: { area: 'Security::Base' } }
# { name: 'Authentication', 'target': 'auth', controller: App.SettingsArea, params: { area: 'Security::Authentication' } }
{ name: 'Password', 'target': 'password', controller: App.SettingsArea, params: { area: 'Security::Password' } }
{ name: 'Third-Party Applications', 'target': 'third_party_auth', controller: App.SettingsArea, params: { area: 'Security::ThirdPartyAuthentication' } }
#{ name: 'Authentication', 'target': 'auth', controller: App.SettingsArea, params: { area: 'Security::Authentication' } }
{ name: 'Third-Party Applications', 'target': 'third_party_auth', controller: App.SettingsThirdPartyAuthentication, params: { area: 'Security::ThirdPartyAuthentication' } }
]
@render()
App.Config.set('SettingSecurity', { prio: 1600, parent: '#settings', name: 'Security', target: '#settings/security', controller: Security, role: ['Admin'] }, 'NavBarAdmin')
App.Config.set('SettingSecurity', { prio: 1600, parent: '#settings', name: 'Security', target: '#settings/security', controller: Security, permission: ['admin.security'] }, 'NavBarAdmin')

5
app/assets/javascripts/app/controllers/_manage/system.coffee
View file

@ -1,8 +1,9 @@
class System extends App.ControllerTabs
requiredPermission: 'admin.setting_system'
header: 'System'
constructor: ->
super
return if !@authenticate(false, 'Admin')
@title 'System', true
@tabs = []
if !App.Config.get('system_online_service')
@ -13,4 +14,4 @@ class System extends App.ControllerTabs
@tabs.push { name: 'Frontend', 'target': 'ui', controller: App.SettingsArea, params: { area: 'System::UI' } }
@render()
App.Config.set('SettingSystem', { prio: 1400, parent: '#settings', name: 'System', target: '#settings/system', controller: System, role: ['Admin'] }, 'NavBarAdmin')
App.Config.set('SettingSystem', { prio: 1400, parent: '#settings', name: 'System', target: '#settings/system', controller: System, permission: ['admin.setting_system'] }, 'NavBarAdmin')

5
app/assets/javascripts/app/controllers/_manage/ticket.coffee
View file

@ -1,8 +1,9 @@
class Ticket extends App.ControllerTabs
requiredPermission: 'admin.ticket'
header: 'Ticket'
constructor: ->
super
return if !@authenticate(false, 'Admin')
@title 'Ticket', true
@tabs = [
{ name: 'Base', 'target': 'base', controller: App.SettingsArea, params: { area: 'Ticket::Base' } }
@ -10,4 +11,4 @@ class Ticket extends App.ControllerTabs
]
@render()
App.Config.set('SettingTicket', { prio: 1700, parent: '#settings', name: 'Ticket', target: '#settings/ticket', controller: Ticket, role: ['Admin'] }, 'NavBarAdmin')
App.Config.set('SettingTicket', { prio: 1700, parent: '#settings', name: 'Ticket', target: '#settings/ticket', controller: Ticket, permission: ['admin.ticket'] }, 'NavBarAdmin')

6
app/assets/javascripts/app/controllers/_profile/avatar.coffee
View file

@ -1,4 +1,5 @@
class Index extends App.Controller
class Index extends App.ControllerContent
requiredPermission: 'user_preferences.avatar'
elements:
'.js-upload': 'fileInput'
'.avatar-gallery': 'avatarGallery'
@ -11,7 +12,6 @@ class Index extends App.Controller
constructor: ->
super
return if !@authenticate()
@title 'Avatar', true
@avatars = []
@loadAvatarList()
@ -143,7 +143,7 @@ class Index extends App.Controller
reader.readAsDataURL(@)
App.Config.set('Avatar', { prio: 1100, name: 'Avatar', parent: '#profile', target: '#profile/avatar', controller: Index }, 'NavBarProfile')
App.Config.set('Avatar', { prio: 1100, name: 'Avatar', parent: '#profile', target: '#profile/avatar', controller: Index, permission: ['user_preferences.avatar'] }, 'NavBarProfile')
class ImageCropper extends App.ControllerModal
buttonClose: true

6
app/assets/javascripts/app/controllers/_profile/calendar_subscriptions.coffee
View file

@ -1,4 +1,5 @@
class CalendarSubscriptions extends App.Controller
class CalendarSubscriptions extends App.ControllerContent
requiredPermission: 'user_preferences.calendar+ticket.agent'
elements:
'input[type=checkbox]': 'options'
'output': 'output'
@ -10,7 +11,6 @@ class CalendarSubscriptions extends App.Controller
constructor: ->
super
return if !@authenticate()
@title 'Calendar', true
@translationTable =
@ -91,4 +91,4 @@ class CalendarSubscriptions extends App.Controller
msg: App.i18n.translateContent(data.message)
)
App.Config.set('CalendarSubscriptions', { prio: 3000, name: 'Calendar', parent: '#profile', target: '#profile/calendar_subscriptions', role: ['Agent'], controller: CalendarSubscriptions }, 'NavBarProfile')
App.Config.set('CalendarSubscriptions', { prio: 3000, name: 'Calendar', parent: '#profile', target: '#profile/calendar_subscriptions', permission: ['user_preferences.calendar+ticket.agent'], controller: CalendarSubscriptions }, 'NavBarProfile')

7
app/assets/javascripts/app/controllers/_profile/devices.coffee
View file

@ -1,12 +1,11 @@
class Index extends App.Controller
class Index extends App.ControllerContent
requiredPermission: 'user_preferences.device'
events:
'click [data-type=delete]': 'delete'
constructor: ->
super
return if !@authenticate()
@title 'Devices', true
@load()
@interval(
=>
@ -56,4 +55,4 @@ class Index extends App.Controller
msg: App.i18n.translateContent(data.message)
)
App.Config.set('Devices', { prio: 3100, name: 'Devices', parent: '#profile', target: '#profile/devices', controller: Index }, 'NavBarProfile')
App.Config.set('Devices', { prio: 3100, name: 'Devices', parent: '#profile', target: '#profile/devices', controller: Index, permission: ['user_preferences.device'] }, 'NavBarProfile')

8
app/assets/javascripts/app/controllers/_profile/language.coffee
View file

@ -1,10 +1,10 @@
class Index extends App.Controller
class Index extends App.ControllerContent
requiredPermission: 'user_preferences.language'
events:
'submit form': 'update'
constructor: ->
super
return if !@authenticate()
@title 'Language', true
@render()
@ -40,7 +40,7 @@ class Index extends App.Controller
@ajax(
id: 'preferences'
type: 'PUT'
url: @apiPath + '/users/preferences'
url: "#{@apiPath}/users/preferences"
data: JSON.stringify({user:params})
processData: true
success: @success
@ -69,4 +69,4 @@ class Index extends App.Controller
msg: App.i18n.translateContent(data.message)
)
App.Config.set( 'Language', { prio: 1000, name: 'Language', parent: '#profile', target: '#profile/language', controller: Index }, 'NavBarProfile' )
App.Config.set('Language', { prio: 1000, name: 'Language', parent: '#profile', target: '#profile/language', controller: Index, permission: ['user_preferences.language'] }, 'NavBarProfile')

6
app/assets/javascripts/app/controllers/_profile/linked_accounts.coffee
View file

@ -1,10 +1,10 @@
class Index extends App.Controller
class Index extends App.ControllerContent
requiredPermission: 'user_preferences.linked_accounts'
events:
'click .js-remove': 'remove'
constructor: ->
super
return if !@authenticate()
@title 'Linked Accounts', true
@render()
@ -78,4 +78,4 @@ class Index extends App.Controller
msg: App.i18n.translateContent(data.message)
)
App.Config.set('LinkedAccounts', { prio: 4000, name: 'Linked Accounts', parent: '#profile', target: '#profile/linked', controller: Index }, 'NavBarProfile')
App.Config.set('LinkedAccounts', { prio: 4000, name: 'Linked Accounts', parent: '#profile', target: '#profile/linked', controller: Index, permission: ['user_preferences.linked_accounts'] }, 'NavBarProfile')

7
app/assets/javascripts/app/controllers/_profile/notification.coffee
View file

@ -1,4 +1,5 @@
class Index extends App.Controller
class Index extends App.ControllerContent
requiredPermission: 'user_preferences.notifications+ticket.agent'
events:
'submit form': 'update'
'change .js-notificationSound': 'previewSound'
@ -44,7 +45,6 @@ class Index extends App.Controller
constructor: ->
super
return if !@authenticate(false, 'Agent')
@title 'Notifications', true
@render()
@ -193,5 +193,4 @@ class Index extends App.Controller
return if !params.notification_sound.file
App.OnlineNotification.play(params.notification_sound.file)
App.Config.set( 'Notifications', { prio: 2600, name: 'Notifications', parent: '#profile', target: '#profile/notifications', role: ['Agent'], controller: Index }, 'NavBarProfile' )
App.Config.set('Notifications', { prio: 2600, name: 'Notifications', parent: '#profile', target: '#profile/notifications', permission: ['user_preferences.notifications+ticket.agent'], controller: Index }, 'NavBarProfile')

6
app/assets/javascripts/app/controllers/_profile/password.coffee
View file

@ -1,10 +1,10 @@
class Index extends App.Controller
class Index extends App.ControllerContent
requiredPermission: 'user_preferences.password'
events:
'submit form': 'update'
constructor: ->
super
return if !@authenticate()
@title 'Password', true
@render()
@ -78,4 +78,4 @@ class Index extends App.Controller
removeAll: true
@formEnable( @$('form') )
App.Config.set( 'Password', { prio: 2000, name: 'Password', parent: '#profile', target: '#profile/password', controller: Index }, 'NavBarProfile' )
App.Config.set('Password', { prio: 2000, name: 'Password', parent: '#profile', target: '#profile/password', controller: Index, permission: ['user_preferences.password'] }, 'NavBarProfile')

6
app/assets/javascripts/app/controllers/_profile/token_access.coffee
View file

@ -1,11 +1,11 @@
class Index extends App.Controller
class Index extends App.ControllerContent
requiredPermission: 'user_preferences.access_token'
events:
'click [data-type=delete]': 'delete'
'submit form.js-create': 'create'
constructor: ->
super
return if !@authenticate()
@title 'Token Access', true
@load()
@ -89,4 +89,4 @@ class Index extends App.Controller
msg: App.i18n.translateContent(data.message)
)
App.Config.set('Token Access', { prio: 3200, name: 'Token Access', parent: '#profile', target: '#profile/token_access', controller: Index, role: [ 'Agent', 'Admin' ] }, 'NavBarProfile')
App.Config.set('Token Access', { prio: 3200, name: 'Token Access', parent: '#profile', target: '#profile/token_access', controller: Index, permission: ['user_preferences.access_token'] }, 'NavBarProfile')

3
app/assets/javascripts/app/controllers/_settings/area.coffee
View file

@ -3,8 +3,7 @@ class App.SettingsArea extends App.Controller
super
# check authentication
return if !@authenticate()
@authenticateCheckRedirect()
@subscribeId = App.Setting.subscribe(@render, initFetch: true, clear: false)
render: =>

2
app/assets/javascripts/app/controllers/_settings/form.coffee
View file

@ -6,7 +6,7 @@ class App.SettingsForm extends App.Controller
super
# check authentication
return if !@authenticate()
@authenticateCheckRedirect()
@subscribeId = App.Setting.subscribe(@render, initFetch: true, clear: false)

40
app/assets/javascripts/app/controllers/_ui_element/permission.coffee Normal file
View file

@ -0,0 +1,40 @@
# coffeelint: disable=camel_case_classes
class App.UiElement.permission extends App.UiElement.ApplicationUiElement
@render: (attribute, params) ->
permissions = App.Permission.search(sortBy: 'name')
item = $( App.view('generic/permission')(
attribute: attribute
params: params
permissions: permissions
) )
# show/hide trees
item.find('[name=permission_ids]').bind('change', (e) ->
element = $(e.currentTarget)
checked = element.prop('checked')
permission_id = element.prop('value')
return if !permission_id
permission = App.Permission.find(permission_id)
return if !permission
if !permission.name.match(/\./)
# show/hide sub permissions
for localPermission in permissions
regexp = new RegExp("^#{permission.name}")
if localPermission.name.match(regexp)
localElement = item.find("[name=permission_ids][value=#{localPermission.id}]").closest('.js-subPermissionList')
if checked
localElement.addClass('hide')
else
localElement.removeClass('hide')
if checked && permission.preferences.not
for localPermission in permission.preferences.not
lookupPermission = App.Permission.findByAttribute('name', localPermission)
if lookupPermission
item.find("[name=permission_ids][value=#{lookupPermission.id}]").prop('checked', false)
)
item

106
app/assets/javascripts/app/controllers/_ui_element/user_permission.coffee
View file

@ -3,6 +3,25 @@ class App.UiElement.user_permission
@render: (attribute, params = {}) ->
attribute.options = {}
# take defaults users selected, select all groups
if _.isEmpty(params) && !_.isEmpty(attribute.value)
params.role_ids = attribute.value
selectAllGroups = false
for localRoleId in params.role_ids
role = App.Role.find(localRoleId)
if role
for permission_id in role.permission_ids
localPermission = App.Permission.find(permission_id)
if localPermission
if localPermission.name is 'ticket.agent'
selectAllGroups = true
break
if selectAllGroups
params.group_ids = []
groupsRaw = App.Group.search(sortBy: 'name')
for group in groupsRaw
params.group_ids.push group.id
# get selectable roles and selected roles
roles = []
rolesSelected = {}
@ -32,30 +51,14 @@ class App.UiElement.user_permission
if groups.length <= 1
hideGroups = true
if attribute.hideMode
if attribute.hideMode.rolesSelected
roles = []
rolesSelected = {}
for roleName in attribute.hideMode.rolesSelected
role = App.Role.findByAttribute('name', roleName)
if role
roles.push role
rolesSelected[role.id] = true
if attribute.hideMode.rolesNot
for roleRaw in rolesRaw
hit = false
for roleName in attribute.hideMode.rolesNot
if roleRaw.active && roleRaw.name is roleName
hit = true
if !hit
roles.push roleRaw
# if agent is on new users selected, select all groups
if _.isEmpty(attribute.value)
agentRole = App.Role.findByAttribute('name', 'Agent')
if rolesSelected[agentRole.id]
for group in groups
groupsSelected[group.id] = true
# get roles with group plugin
rolesWithGroupPlugin = {}
for role in rolesRaw
if role.active
for permission_id in role.permission_ids
localPermission = App.Permission.find(permission_id)
if localPermission && localPermission.preferences && _.contains(localPermission.preferences.plugin, 'groups')
rolesWithGroupPlugin[role.id] = 'group'
# uniq and sort roles
roles = _.indexBy(roles, 'name')
@ -71,19 +74,6 @@ class App.UiElement.user_permission
hideGroups: hideGroups
) )
getCurrentRoles = ->
currentRoles = []
item.find('[name=role_ids]').each( ->
element = $(@)
checked = element.prop('checked')
return if !checked
role_id = element.prop('value')
role = App.Role.find(role_id)
return if !role
currentRoles.push role
)
currentRoles
# if customer, remove admin and agent
item.find('[name=role_ids]').bind('change', (e) ->
element = $(e.currentTarget)
@ -92,34 +82,34 @@ class App.UiElement.user_permission
return if !role_id
role = App.Role.find(role_id)
return if !role
triggers = []
# if agent got deselected
# - hide groups
# deselect conflicting roles
if checked
if role && role.preferences && role.preferences.not
for notRole in role.preferences.not
localRole = App.Role.findByAttribute('name', notRole)
if localRole
localElement = item.find("[name=role_ids][value=#{localRole.id}]")
if localElement.prop('checked')
if !confirm(App.i18n.translateInline('Role %s is conflicting with role %s, do you to continue?', role.name, localRole.name, localRole.name))
item.find("[name=role_ids][value=#{role_id}]").prop('checked', false)
return
item.find("[name=role_ids][value=#{localRole.id}]").prop('checked', false)
triggers.push item.find("[name=role_ids][value=#{localRole.id}]")
# if role with groups plugin is deselected, hide group selection
if !checked
if role.name is 'Agent'
if rolesWithGroupPlugin[role_id] is 'group'
item.find('.js-groupList').addClass('hidden')
return
# if agent is selected
# - show groups
if role.name is 'Agent'
# if role with groups plugin is selected, show group selection
if rolesWithGroupPlugin[role_id] is 'group'
item.find('.js-groupList:not(.js-groupListHide)').removeClass('hidden')
# if role customer is selected
# - deselect agent & admin
# - hide groups
if role.name is 'Customer'
for currentRole in getCurrentRoles()
if currentRole.name is 'Admin' || currentRole.name is 'Agent'
item.find("[name=role_ids][value=#{currentRole.id}]").prop('checked', false)
item.find('.js-groupList').addClass('hidden')
# if role agent or admin is selected
# - deselect customer
else if role.name is 'Agent' || role.name is 'Admin'
for currentRole in getCurrentRoles()
if currentRole.name is 'Customer'
item.find("[name=role_ids][value=#{currentRole.id}]").prop('checked', false)
for trigger in triggers
trigger.trigger('change')
)
item

19
app/assets/javascripts/app/controllers/agent_ticket_create.coffee
View file

@ -10,11 +10,6 @@ class App.TicketCreate extends App.Controller
constructor: (params) ->
super
# check authentication
if !@authenticate(false, 'Agent')
App.TaskManager.remove(@task_key)
return
# define default type
@default_type = 'phone-in'
@ -36,7 +31,7 @@ class App.TicketCreate extends App.Controller
# rerender view, e. g. on langauge change
@bind 'ui:rerender', =>
return if !@authenticate(true)
return if !@authenticateCheck()
@render()
release: =>
@ -137,7 +132,10 @@ class App.TicketCreate extends App.Controller
autosaveStart: =>
if !@autosaveLast
@autosaveLast = App.TaskManager.get(@task_key).state || {}
state = App.TaskManager.get(@task_key)
if !state
state = {}
@autosaveLast = state || {}
update = =>
data = @formParam(@$('.ticket-create'))
return if _.isEmpty(data)
@ -213,8 +211,8 @@ class App.TicketCreate extends App.Controller
@html App.view('agent_ticket_create')(
head: 'New Ticket'
agent: @isRole('Agent')
admin: @isRole('Admin')
agent: @permissionCheck('ticket.agent')
admin: @permissionCheck('admin')
form_id: @form_id
)
@ -593,6 +591,7 @@ class Sidebar extends App.Controller
)
class Router extends App.ControllerPermanent
requiredPermission: 'ticket.agent'
constructor: (params) ->
super
@ -631,4 +630,4 @@ App.Config.set('ticket/create/:ticket_id/:article_id', Router, 'Routes')
App.Config.set('ticket/create/id/:id/:ticket_id/:article_id', Router, 'Routes')
# set new actions
App.Config.set('TicketCreate', { prio: 8003, parent: '#new', name: 'New Ticket', translate: true, target: '#ticket/create', role: ['Agent'], divider: true }, 'NavBarRight')
App.Config.set('TicketCreate', { prio: 8003, parent: '#new', name: 'New Ticket', translate: true, target: '#ticket/create', permission: ['ticket.agent'], divider: true }, 'NavBarRight')

7
app/assets/javascripts/app/controllers/calendar.coffee
View file

@ -1,4 +1,5 @@
class Index extends App.ControllerContent
requiredPermission: 'admin.calendar'
events:
'click .js-new': 'new'
'click .js-edit': 'edit'
@ -8,10 +9,6 @@ class Index extends App.ControllerContent
constructor: ->
super
# check authentication
return if !@authenticate(false, 'Admin')
@subscribeId = App.Calendar.subscribe(@render)
callback = (data) =>
@ -127,4 +124,4 @@ class Index extends App.ControllerContent
container: @el.closest('.content')
)
App.Config.set( 'Calendars', { prio: 2400, name: 'Calendars', parent: '#manage', target: '#manage/calendars', controller: Index, role: ['Admin'] }, 'NavBarAdmin' )
App.Config.set('Calendars', { prio: 2400, name: 'Calendars', parent: '#manage', target: '#manage/calendars', controller: Index, permission: ['admin.calendar'] }, 'NavBarAdmin')

14
app/assets/javascripts/app/controllers/chat.coffee
View file

@ -61,7 +61,7 @@ class App.CustomerChat extends App.Controller
# rerender view, e. g. on langauge change
@bind('ui:rerender chat:rerender', =>
return if !@authenticate(true)
return if !@authenticateCheck()
for session_id, chat of @chatWindows
chat.el.remove()
@chatWindows = {}
@ -90,7 +90,7 @@ class App.CustomerChat extends App.Controller
false
render: ->
if !@isRole('Chat')
if !@permissionCheck('chat.agent')
@renderScreenUnauthorized(objectName: 'Chat')
return
if !@Config.get('chat')
@ -319,12 +319,10 @@ class App.CustomerChat extends App.Controller
@idleTimeoutId = undefined
class CustomerChatRouter extends App.ControllerPermanent
requiredPermission: 'chat.agent'
constructor: (params) ->
super
# check authentication
return if !@authenticate(false, 'Chat')
App.TaskManager.execute(
key: 'CustomerChat'
controller: 'CustomerChat'
@ -771,6 +769,6 @@ class Setting extends App.ControllerModal
msg: App.i18n.translateContent(data.message)
)
App.Config.set( 'customer_chat', CustomerChatRouter, 'Routes' )
App.Config.set( 'CustomerChat', { controller: 'CustomerChat', authentication: true }, 'permanentTask' )
App.Config.set( 'CustomerChat', { prio: 1200, parent: '', name: 'Customer Chat', target: '#customer_chat', key: 'CustomerChat', shown: false, role: ['Chat'], class: 'chat' }, 'NavBar' )
App.Config.set('customer_chat', CustomerChatRouter, 'Routes')
App.Config.set('CustomerChat', { controller: 'CustomerChat', authentication: true }, 'permanentTask')
App.Config.set('CustomerChat', { prio: 1200, parent: '', name: 'Customer Chat', target: '#customer_chat', key: 'CustomerChat', shown: false, permission: ['chat.agent'], class: 'chat' }, 'NavBar')

17
app/assets/javascripts/app/controllers/cti.coffee
View file

@ -5,8 +5,6 @@ class App.CTI extends App.Controller
constructor: ->
super
return if !@isRole('CTI')
@list = []
@backends = []
@meta =
@ -84,11 +82,12 @@ class App.CTI extends App.Controller
title: title
)
featureActive: ->
true
featureActive: =>
return true if @Config.get('sipgate_integration')
false
render: ->
if !@isRole('CTI')
if !@permissionCheck('cti.agent')
@renderScreenUnauthorized(objectName: 'CTI')
return
@ -100,7 +99,7 @@ class App.CTI extends App.Controller
if !backendEnabled
@html App.view('cti/not_configured')(
backends: @backends
isAdmin: @isRole('Admin')
isAdmin: @permissionCheck('admin.integration')
)
@updateNavMenu()
return
@ -193,12 +192,10 @@ class App.CTI extends App.Controller
)
class CTIRouter extends App.ControllerPermanent
requiredPermission: 'cti.agent'
constructor: (params) ->
super
# check authentication
return if !@authenticate(false, 'CTI')
App.TaskManager.execute(
key: 'CTI'
controller: 'CTI'
@ -209,4 +206,4 @@ class CTIRouter extends App.ControllerPermanent
App.Config.set('cti', CTIRouter, 'Routes')
App.Config.set('CTI', { controller: 'CTI', authentication: true }, 'permanentTask')
App.Config.set('CTI', { prio: 1300, parent: '', name: 'Phone', target: '#cti', key: 'CTI', shown: false, role: ['CTI'], class: 'phone' }, 'NavBar')
App.Config.set('CTI', { prio: 1300, parent: '', name: 'Phone', target: '#cti', key: 'CTI', shown: false, permission: ['cti.agent'], class: 'phone' }, 'NavBar')

8
app/assets/javascripts/app/controllers/customer_ticket_create.coffee
View file

@ -1,4 +1,5 @@
class Index extends App.ControllerContent
requiredPermission: 'ticket.customer'
events:
'submit form': 'submit',
'click .submit': 'submit',
@ -7,9 +8,6 @@ class Index extends App.ControllerContent
constructor: (params) ->
super
# check authentication
return if !@authenticate(false, 'Customer')
# set title
@title 'New Ticket'
@form_id = App.ControllerForm.formId()
@ -184,5 +182,5 @@ class Index extends App.ControllerContent
ui.formEnable(e)
)
App.Config.set( 'customer_ticket_new', Index, 'Routes' )
App.Config.set( 'CustomerTicketNew', { prio: 8003, parent: '#new', name: 'New Ticket', translate: true, target: '#customer_ticket_new', role: ['Customer'], divider: true }, 'NavBarRight' )
App.Config.set('customer_ticket_new', Index, 'Routes')
App.Config.set('CustomerTicketNew', { prio: 8003, parent: '#new', name: 'New Ticket', translate: true, target: '#customer_ticket_new', permission: ['ticket.customer'], divider: true }, 'NavBarRight')

12
app/assets/javascripts/app/controllers/dashboard.coffee
View file

@ -7,7 +7,7 @@ class App.Dashboard extends App.Controller
constructor: ->
super
if @isRole('Customer')
if @permissionCheck('ticket.customer')
@clueAccess = false
return
@ -16,7 +16,7 @@ class App.Dashboard extends App.Controller
# rerender view, e. g. on language change
@bind 'ui:rerender', =>
return if !@authenticate(true)
return if !@authenticateCheck()
@render()
@mayBeClues()
@ -25,7 +25,7 @@ class App.Dashboard extends App.Controller
localEl = $( App.view('dashboard')(
head: 'Dashboard'
isAdmin: @isRole('Admin')
isAdmin: @permissionCheck('admin')
) )
new App.DashboardStats(
@ -69,7 +69,7 @@ class App.Dashboard extends App.Controller
show: (params) =>
if @isRole('Customer')
if @permissionCheck('ticket.customer')
@navigate '#', true
return
@ -97,7 +97,7 @@ class DashboardRouter extends App.ControllerPermanent
super
# check authentication
return if !@authenticate()
@authenticateCheckRedirect()
App.TaskManager.execute(
key: 'Dashboard'
@ -108,5 +108,5 @@ class DashboardRouter extends App.ControllerPermanent
)
App.Config.set('dashboard', DashboardRouter, 'Routes')
App.Config.set('Dashboard', { prio: 100, parent: '', name: 'Dashboard', target: '#dashboard', key: 'Dashboard', role: ['Agent'], class: 'dashboard' }, 'NavBar')
App.Config.set('Dashboard', { prio: 100, parent: '', name: 'Dashboard', target: '#dashboard', key: 'Dashboard', permission: ['ticket.agent'], class: 'dashboard' }, 'NavBar')
App.Config.set('Dashboard', { controller: 'Dashboard', authentication: true }, 'permanentTask')

2
app/assets/javascripts/app/controllers/default_route.coffee
View file

@ -18,7 +18,7 @@ class DefaultRouter extends App.Controller
return
# check role
if @isRole('Customer')
if @permissionCheck('ticket.customer')
@navigate '#ticket/view/my_tickets', true
return

4
app/assets/javascripts/app/controllers/email_verify.coffee
View file

@ -1,14 +1,14 @@
class Index extends App.Controller
constructor: ->
super
return if !@authenticate()
@authenticateCheckRedirect()
@verifyCall()
verifyCall: =>
@ajax(
id: 'email_verify'
type: 'POST'
url: @apiPath + '/users/email_verify'
url: "#{@apiPath}/users/email_verify"
data: JSON.stringify(token: @token)
processData: true
success: @success

24
app/assets/javascripts/app/controllers/getting_started.coffee
View file

@ -2,7 +2,7 @@ class Index extends App.WizardFullScreen
constructor: ->
super
if @authenticate(true, 'Admin')
if !@permissionCheck('admin.wizard')
@navigate '#'
return
@ -63,7 +63,7 @@ class AutoWizard extends App.WizardFullScreen
super
# if already logged in, got to #
if @authenticate(true, 'Admin')
if !@permissionCheck('admin.wizard')
@navigate '#'
return
@ -139,7 +139,7 @@ class Admin extends App.WizardFullScreen
constructor: ->
super
if @authenticate(true, 'Admin')
if !@permissionCheck('admin.wizard')
@navigate '#'
return
@ -257,7 +257,7 @@ class Base extends App.WizardFullScreen
super
# redirect if we are not admin
if !@authenticate(true, 'Admin')
if !@permissionCheck('admin.wizard')
@navigate '#'
return
@ -389,7 +389,7 @@ class EmailNotification extends App.WizardFullScreen
super
# redirect if we are not admin
if !@authenticate(true, 'Admin')
if !@permissionCheck('admin.wizard')
@navigate '#'
return
@ -504,7 +504,7 @@ class Channel extends App.WizardFullScreen
super
# redirect if we are not admin
if !@authenticate(true, 'Admin')
if !@permissionCheck('admin.wizard')
@navigate '#'
return
@ -555,7 +555,7 @@ class ChannelEmailPreConfigured extends App.WizardFullScreen
super
# redirect if we are not admin
if !@authenticate(true, 'Admin')
if !@permissionCheck('admin.wizard')
@navigate '#'
return
@ -605,7 +605,7 @@ class ChannelEmail extends App.WizardFullScreen
super
# redirect if we are not admin
if !@authenticate(true, 'Admin')
if !@permissionCheck('admin.wizard')
@navigate '#'
return
@ -890,12 +890,10 @@ class Agent extends App.WizardFullScreen
constructor: ->
super
return if !@authenticate()
@authenticateCheckRedirect()
# set title
@title 'Invite Agents'
@fetch()
release: =>
@ -986,12 +984,10 @@ App.Config.set('getting_started/agents', Agent, 'Routes')
class Channel extends App.WizardFullScreen
constructor: ->
super
return if !@authenticate()
@authenticateCheckRedirect()
# set title
@title 'Setup Finished'
@render()
release: =>

8
app/assets/javascripts/app/controllers/groups.coffee
View file

@ -1,10 +1,8 @@
class Index extends App.ControllerContent
requiredPermission: 'admin.group'
constructor: ->
super
# check authentication
return if !@authenticate(false, 'Admin')
new App.ControllerGenericIndex(
el: @el
id: @id
@ -19,9 +17,9 @@ class Index extends App.ControllerContent
'Groups are ...'
]
buttons: [
{ name: 'New Group', 'data-type': 'new', class: 'btn--success' },
{ name: 'New Group', 'data-type': 'new', class: 'btn--success' }
]
container: @el.closest('.content')
)
App.Config.set( 'Group', { prio: 1500, name: 'Groups', parent: '#manage', target: '#manage/groups', controller: Index, role: ['Admin'] }, 'NavBarAdmin' )
App.Config.set('Group', { prio: 1500, name: 'Groups', parent: '#manage', target: '#manage/groups', controller: Index, permission: ['admin.group'] }, 'NavBarAdmin')

6
app/assets/javascripts/app/controllers/integrations.coffee
View file

@ -1,10 +1,8 @@
class Index extends App.ControllerContent
requiredPermission: 'admin.integration'
constructor: ->
super
# check authentication
return if !@authenticate(false, 'Admin')
@title 'Integrations', true
@integrationItems = App.Config.get('NavBarIntegrations')
@ -38,4 +36,4 @@ class Index extends App.ControllerContent
if @subscribeId
App.Setting.unsubscribe(@subscribeId)
App.Config.set('Integration', { prio: 1000, name: 'Integrations', parent: '#system', target: '#system/integration', controller: Index, role: ['Admin'] }, 'NavBarAdmin')
App.Config.set('Integration', { prio: 1000, name: 'Integrations', parent: '#system', target: '#system/integration', controller: Index, permission: ['admin.integration'] }, 'NavBarAdmin')

6
app/assets/javascripts/app/controllers/job.coffee
View file

@ -1,10 +1,8 @@
class Index extends App.ControllerContent
requiredPermission: 'admin.scheduler'
constructor: ->
super
# check authentication
return if !@authenticate(false, 'Admin')
new App.ControllerGenericIndex(
el: @el
id: @id
@ -26,4 +24,4 @@ class Index extends App.ControllerContent
large: true
)
App.Config.set('Job', { prio: 3400, name: 'Scheduler', parent: '#manage', target: '#manage/job', controller: Index, role: ['Admin'] }, 'NavBarAdmin')
App.Config.set('Job', { prio: 3400, name: 'Scheduler', parent: '#manage', target: '#manage/job', controller: Index, permission: ['admin.scheduler'] }, 'NavBarAdmin')

2
app/assets/javascripts/app/controllers/keyboard_shortcurs.coffee
View file

@ -3,4 +3,4 @@ class Index
new App.KeyboardShortcutModal()
App.Config.set('keyboard_shortcuts', Index, 'Routes')
App.Config.set('KeyboardShortcuts', { prio: 1700, parent: '#current_user', name: 'Keyboard Shortcuts', translate: true, target: '#keyboard_shortcuts', role: [ 'Admin', 'Agent' ] }, 'NavBarRight')
App.Config.set('KeyboardShortcuts', { prio: 1700, parent: '#current_user', name: 'Keyboard Shortcuts', translate: true, target: '#keyboard_shortcuts', permission: ['admin', 'ticket.agent'] }, 'NavBarRight')

8
app/assets/javascripts/app/controllers/layout_ref.coffee
View file

@ -1897,7 +1897,7 @@ class CustomerChatRef extends App.Controller
# super
# # check authentication
# return if !@authenticate()
# @authenticateCheckRedirect()
# App.TaskManager.execute(
# key: 'CustomerChatRef'
@ -2226,7 +2226,5 @@ class ChatToTicketRef extends App.ControllerContent
y1: y1
y2: y1 + @attachments.outerHeight()
App.Config.set( 'layout_ref/chat_to_ticket', ChatToTicketRef, 'Routes' )
App.Config.set( 'LayoutRef', { prio: 1600, parent: '#current_user', name: 'Layout Reference', translate: true, target: '#layout_ref', role: [ 'Admin' ] }, 'NavBarRight' )
App.Config.set('layout_ref/chat_to_ticket', ChatToTicketRef, 'Routes')
App.Config.set('LayoutRef', { prio: 1600, parent: '#current_user', name: 'Layout Reference', translate: true, target: '#layout_ref', permission: [ 'admin' ] }, 'NavBarRight')

6
app/assets/javascripts/app/controllers/macro.coffee
View file

@ -1,10 +1,8 @@
class Index extends App.ControllerContent
requiredPermission: 'admin.macro'
constructor: ->
super
# check authentication
return if !@authenticate(false, 'Admin')
new App.ControllerGenericIndex(
el: @el
id: @id
@ -24,4 +22,4 @@ class Index extends App.ControllerContent
container: @el.closest('.content')
)
App.Config.set( 'Macros', { prio: 2310, name: 'Macros', parent: '#manage', target: '#manage/macros', controller: Index, role: ['Admin'] }, 'NavBarAdmin' )
App.Config.set('Macros', { prio: 2310, name: 'Macros', parent: '#manage', target: '#manage/macros', controller: Index, permission: ['admin.macro'] }, 'NavBarAdmin')

6
app/assets/javascripts/app/controllers/maintenance.coffee
View file

@ -1,4 +1,5 @@
class Index extends App.ControllerContent
requiredPermission: 'admin.maintenance'
events:
'change .js-modeSetting input': 'setMode'
'change .js-loginSetting input': 'setLogin'
@ -12,9 +13,6 @@ class Index extends App.ControllerContent
constructor: ->
super
# check authentication
return if !@authenticate(false, 'Admin')
@title 'Maintenance', true
@subscribeId = App.Setting.subscribe(@render, initFetch: true, clear: false)
@ -76,4 +74,4 @@ class Index extends App.ControllerContent
removeAll: true
@render()
App.Config.set('Maintenance', { prio: 3600, name: 'Maintenance', parent: '#system', target: '#system/maintenance', controller: Index, role: ['Admin'] }, 'NavBarAdmin')
App.Config.set('Maintenance', { prio: 3600, name: 'Maintenance', parent: '#system', target: '#system/maintenance', controller: Index, permission: ['admin.maintenance'] }, 'NavBarAdmin')

40
app/assets/javascripts/app/controllers/navigation.coffee
View file

@ -72,7 +72,7 @@ class App.Navigation extends App.ControllerWidgetPermanent
@notificationWidget = undefined
renderMenu: =>
items = @getItems( navbar: @Config.get('NavBar') )
items = @getItems(navbar: @Config.get('NavBar'))
# apply counter and switch info from persistant controllers (if exists)
activeTab = {}
@ -124,7 +124,7 @@ class App.Navigation extends App.ControllerWidgetPermanent
renderPersonal: =>
@recentViewNavbarItemsRebuild()
items = @getItems( navbar: @Config.get( 'NavBarRight' ) )
items = @getItems(navbar: @Config.get('NavBarRight'))
# get open tabs to repopen on rerender
open_tab = {}
@ -305,7 +305,9 @@ class App.Navigation extends App.ControllerWidgetPermanent
level1 = []
dropdown = {}
roles = App.Session.get('roles')
user = undefined
if App.Session.get('id')
user = App.User.find(App.Session.get('id'))
for item in navbar
if typeof item.callback is 'function'
@ -313,16 +315,12 @@ class App.Navigation extends App.ControllerWidgetPermanent
for key, value of data
item[key] = value
if !item.parent
match = 0
if !item.role
match = 1
if !roles && item.role
match = _.include(item.role, 'Anybody')
if roles
for role in roles
if !match
match = _.include(item.role, role.name)
match = true
if item.permission
match = false
for permissionName in item.permission
if !match && user && user.permission(permissionName)
match = true
if match
level1.push item
@ -333,16 +331,12 @@ class App.Navigation extends App.ControllerWidgetPermanent
# find all childs and order
for itemSub in navbar
if itemSub.parent is item.parent
match = 0
if !itemSub.role
match = 1
if !roles
match = _.include(itemSub.role, 'Anybody')
if roles
for role in roles
if !match
match = _.include(itemSub.role, role.name)
match = true
if itemSub.permission
match = false
for permissionName in itemSub.permission
if !match && user && user.permission(permissionName)
match = true
if match
dropdown[ item.parent ].push itemSub

10
app/assets/javascripts/app/controllers/object_manager.coffee
View file

@ -1,12 +1,10 @@
# coffeelint: disable=duplicate_key
class Index extends App.ControllerTabs
requiredPermission: 'admin.object'
header: 'Object Manager'
constructor: ->
super
# check authentication
return if !@authenticate(false, 'Admin')
@title 'Objects', true
# get data
@ -44,10 +42,6 @@ class Items extends App.ControllerContent
constructor: ->
super
# check authentication
return if !@authenticate()
@subscribeId = App.ObjectManagerAttribute.subscribe(@render)
App.ObjectManagerAttribute.fetch()
@ -225,4 +219,4 @@ class Edit extends App.ControllerGenericEdit
ui.controller.showAlert(details.error_human || details.error || 'Unable to update object!')
)
App.Config.set( 'SystemObject', { prio: 1700, parent: '#system', name: 'Objects', target: '#system/object_manager', controller: Index, role: ['Admin'] }, 'NavBarAdmin' )
App.Config.set('SystemObject', { prio: 1700, parent: '#system', name: 'Objects', target: '#system/object_manager', controller: Index, permission: ['admin.object'] }, 'NavBarAdmin')

8
app/assets/javascripts/app/controllers/organization_profile.coffee
View file

@ -2,10 +2,7 @@ class App.OrganizationProfile extends App.Controller
constructor: (params) ->
super
# check authentication
if !@authenticate()
App.TaskManager.remove(@task_key)
return
@authenticateCheckRedirect(true)
# fetch new data if needed
App.Organization.full(@organization_id, @render)
@ -194,6 +191,7 @@ class Member extends App.ObserverController
)
class Router extends App.ControllerPermanent
requiredPermission: 'ticket.agent'
constructor: (params) ->
super
@ -202,7 +200,7 @@ class Router extends App.ControllerPermanent
organization_id: params.organization_id
App.TaskManager.execute(
key: 'Organization-' + @organization_id
key: "Organization-#{@organization_id}"
controller: 'OrganizationProfile'
params: clean_params
show: true

6
app/assets/javascripts/app/controllers/organizations.coffee
View file

@ -1,10 +1,8 @@
class Index extends App.ControllerContent
requiredPermission: 'admin.organization'
constructor: ->
super
# check authentication
return if !@authenticate()
new App.ControllerGenericIndex(
el: @el
id: @id
@ -24,4 +22,4 @@ class Index extends App.ControllerContent
container: @el.closest('.content')
)
App.Config.set( 'Organization', { prio: 2000, name: 'Organizations', parent: '#manage', target: '#manage/organizations', controller: Index, role: ['Admin'] }, 'NavBarAdmin' )
App.Config.set('Organization', { prio: 2000, name: 'Organizations', parent: '#manage', target: '#manage/organizations', controller: Index, permission: ['admin.organization'] }, 'NavBarAdmin')

6
app/assets/javascripts/app/controllers/overview.coffee
View file

@ -1,10 +1,8 @@
class Index extends App.ControllerContent
requiredPermission: 'admin.overview'
constructor: ->
super
# check authentication
return if !@authenticate(false, 'Admin')
new App.ControllerGenericIndex(
el: @el
id: @id
@ -38,4 +36,4 @@ class Index extends App.ControllerContent
overview.save()
)
App.Config.set( 'Overview', { prio: 2300, name: 'Overviews', parent: '#manage', target: '#manage/overviews', controller: Index, role: ['Admin'] }, 'NavBarAdmin' )
App.Config.set('Overview', { prio: 2300, name: 'Overviews', parent: '#manage', target: '#manage/overviews', controller: Index, permission: ['admin.overview'] }, 'NavBarAdmin')

8
app/assets/javascripts/app/controllers/package.coffee
View file

@ -1,15 +1,11 @@
class Index extends App.ControllerContent
requiredPermission: 'admin.package'
events:
'click .action': 'action'
constructor: ->
super
# check authentication
return if !@authenticate(false, 'Admin')
@title 'Packages', true
@load()
load: ->
@ -58,4 +54,4 @@ class Index extends App.ControllerContent
@load()
)
App.Config.set('Packages', { prio: 3600, name: 'Packages', parent: '#system', target: '#system/package', controller: Index, role: ['Admin'] }, 'NavBarAdmin')
App.Config.set('Packages', { prio: 3600, name: 'Packages', parent: '#system', target: '#system/package', controller: Index, permission: ['admin.package'] }, 'NavBarAdmin')

20
app/assets/javascripts/app/controllers/password_reset.coffee
View file

@ -13,9 +13,7 @@ class Index extends App.ControllerContent
return
# if we are logged in, no passwort reset is wanted, redirect to app
if @authenticate(true)
@navigate '#'
return
@authenticateCheckRedirect()
@navHide()
@ -27,7 +25,7 @@ class Index extends App.ControllerContent
render: (params) ->
configure_attributes = [
{ name: 'username', display: 'Enter your username or email address', tag: 'input', type: 'text', limit: 100, null: false, class: 'input span4', },
{ name: 'username', display: 'Enter your username or email address', tag: 'input', type: 'text', limit: 100, null: false, class: 'input span4' }
]
@html App.view('password/reset')(params)
@ -51,7 +49,7 @@ class Index extends App.ControllerContent
@ajax(
id: 'password_reset'
type: 'POST'
url: @apiPath + '/users/password_reset'
url: "#{@apiPath}/users/password_reset"
data: JSON.stringify(params)
processData: true
success: @success
@ -71,7 +69,7 @@ class Index extends App.ControllerContent
@$('[name=username]').val('')
@notify(
type: 'error'
msg: App.i18n.translateContent( 'Username or email address invalid, please try again.' )
msg: App.i18n.translateContent('Username or email address invalid, please try again.')
)
@formEnable( @el.find('.form-password') )
@ -86,9 +84,7 @@ class Verify extends App.ControllerContent
super
# if we are logged in, no passwort reset is wanted, redirect to app
if @authenticate(true)
@navigate '#'
return
@authenticateCheckRedirect()
@navHide()
@ -102,7 +98,7 @@ class Verify extends App.ControllerContent
@ajax(
id: 'password_reset_verify'
type: 'POST'
url: @apiPath + '/users/password_reset_verify'
url: "#{@apiPath}/users/password_reset_verify"
data: JSON.stringify(params)
processData: true
success: @renderChange
@ -111,7 +107,7 @@ class Verify extends App.ControllerContent
renderChange: (data) =>
if data.message is 'ok'
configure_attributes = [
{ name: 'password', display: 'Password', tag: 'input', type: 'password', limit: 100, null: false, class: 'input', },
{ name: 'password', display: 'Password', tag: 'input', type: 'password', limit: 100, null: false, class: 'input' }
]
@html App.view('password/reset_change')()
@ -158,7 +154,7 @@ class Verify extends App.ControllerContent
@ajax(
id: 'password_reset_verify'
type: 'POST'
url: @apiPath + '/users/password_reset_verify'
url: "#{@apiPath}/users/password_reset_verify"
data: JSON.stringify(params)
processData: true
success: @renderChanged

9
app/assets/javascripts/app/controllers/profile.coffee
View file

@ -2,9 +2,8 @@ class Index extends App.ControllerNavSidbar
authenticateRequired: true
configKey: 'NavBarProfile'
App.Config.set( 'profile', Index, 'Routes' )
App.Config.set( 'profile/:target', Index, 'Routes' )
App.Config.set('profile', Index, 'Routes')
App.Config.set('profile/:target', Index, 'Routes')
App.Config.set( 'Profile', { prio: 1000, name: 'Profile', target: '#profile' }, 'NavBarProfile' )
App.Config.set( 'Profile', { prio: 1700, parent: '#current_user', name: 'Profile', target: '#profile', translate: true, role: [ 'Agent', 'Customer' ] }, 'NavBarRight' )
App.Config.set('Profile', { prio: 1000, name: 'Profile', target: '#profile' }, 'NavBarProfile')
App.Config.set('Profile', { prio: 1700, parent: '#current_user', name: 'Profile', target: '#profile', translate: true }, 'NavBarRight')

16
app/assets/javascripts/app/controllers/report.js.coffee
View file

@ -1,17 +1,15 @@
class Index extends App.ControllerContent
requiredPermission: 'report'
constructor: ->
super
# check authentication
return if !@authenticate()
@title 'Reporting'
@navupdate '#report'
@startLoading()
@ajax(
type: 'GET',
url: @apiPath + '/reports/config',
processData: true,
type: 'GET'
url: "#{@apiPath}/reports/config"
processData: true
success: (data) =>
@stopLoading()
@config = data.config
@ -131,7 +129,7 @@ class Graph extends App.ControllerContent
ui: @ui
)
url = @apiPath + '/reports/generate'
url = "#{@apiPath}/reports/generate"
interval = 5 * 60000
if @params.timeRange is 'year'
interval = 5 * 60000
@ -519,4 +517,4 @@ class Sidebar extends App.Controller
@ui.storeParams()
App.Config.set('report', Index, 'Routes')
App.Config.set('Reporting', { prio: 8000, parent: '', name: 'Reporing', translate: true, target: '#report', icon: 'report', role: ['Report'] }, 'NavBarRight')
App.Config.set('Reporting', { prio: 8000, parent: '', name: 'Reporing', translate: true, target: '#report', icon: 'report', permission: ['report'] }, 'NavBarRight')

6
app/assets/javascripts/app/controllers/report_profile.js.coffee
View file

@ -1,10 +1,8 @@
class Index extends App.ControllerContent
requiredPermission: 'admin.report_profile'
constructor: ->
super
# check authentication
return if !@authenticate()
new App.ControllerGenericIndex(
el: @el
id: @id
@ -24,4 +22,4 @@ class Index extends App.ControllerContent
container: @el.closest('.content')
)
App.Config.set( 'ReportProfile', { prio: 8000, name: 'Report Profiles', parent: '#manage', target: '#manage/report_profiles', controller: Index, role: ['Admin'] }, 'NavBarAdmin' )
App.Config.set('ReportProfile', { prio: 8000, name: 'Report Profiles', parent: '#manage', target: '#manage/report_profiles', controller: Index, permission: ['admin.report_profile'] }, 'NavBarAdmin')

4
app/assets/javascripts/app/controllers/search.coffee
View file

@ -14,9 +14,7 @@ class App.Search extends App.Controller
super
# check authentication
if !@authenticate(false)
App.TaskManager.remove(@task_key)
return
@authenticateCheckRedirect(true)
current = App.TaskManager.get(@task_key).state
if current && current.query

14
app/assets/javascripts/app/controllers/session.coffee
View file

@ -1,15 +1,11 @@
class Index extends App.ControllerContent
requiredPermission: 'admin.session'
events:
'click .js-delete': 'destroy'
constructor: ->
super
# check authentication
return if !@authenticate(false, 'Admin')
@title 'Sessions', true
@load()
@interval(
=>
@ -23,7 +19,7 @@ class Index extends App.ControllerContent
@ajax(
id: 'sessions'
type: 'GET'
url: @apiPath + '/sessions'
url: "#{@apiPath}/sessions"
success: (data) =>
@stopLoading()
App.Collection.loadAssets(data.assets)
@ -46,11 +42,11 @@ class Index extends App.ControllerContent
e.preventDefault()
sessionId = $(e.target ).closest('a').data('session-id')
@ajax(
id: 'sessions/' + sessionId
id: "sessions/#{sessionId}"
type: 'DELETE'
url: @apiPath + '/sessions/' + sessionId
url: "#{@apiPath}/sessions/#{sessionId}"
success: (data) =>
@load()
)
App.Config.set('Session', { prio: 3800, name: 'Sessions', parent: '#system', target: '#system/sessions', controller: Index, role: ['Admin'] }, 'NavBarAdmin' )
App.Config.set('Session', { prio: 3800, name: 'Sessions', parent: '#system', target: '#system/sessions', controller: Index, permission: ['admin.session'] }, 'NavBarAdmin' )

7
app/assets/javascripts/app/controllers/sla.coffee
View file

@ -1,4 +1,5 @@
class Index extends App.ControllerContent
requiredPermission: 'admin.sla'
events:
'click .js-new': 'new'
'click .js-edit': 'edit'
@ -7,10 +8,6 @@ class Index extends App.ControllerContent
constructor: ->
super
# check authentication
return if !@authenticate(false, 'Admin')
@subscribeCalendarId = App.Calendar.subscribe(@render)
@subscribeSlaId = App.Sla.subscribe(@render)
@ -114,4 +111,4 @@ class Index extends App.ControllerContent
"#{hours}:#{minutes}"
App.Config.set( 'Sla', { prio: 2900, name: 'SLAs', parent: '#manage', target: '#manage/slas', controller: Index, role: ['Admin'] }, 'NavBarAdmin' )
App.Config.set('Sla', { prio: 2900, name: 'SLAs', parent: '#manage', target: '#manage/slas', controller: Index, permission: ['admin.sla'] }, 'NavBarAdmin')

8
app/assets/javascripts/app/controllers/tag.coffee
View file

@ -1,4 +1,5 @@
class Index extends App.ControllerContent
requiredPermission: 'admin.tag'
events:
'change .js-newTagSetting input': 'setTagNew'
'submit .js-create': 'create'
@ -8,12 +9,7 @@ class Index extends App.ControllerContent
constructor: ->
super
# check authentication
return if !@authenticate(false, 'Admin')
@title 'Tags', true
@subscribeId = App.Setting.subscribe(@render, initFetch: true, clear: false)
release: =>
@ -154,4 +150,4 @@ class DestroyConfirm extends App.ControllerModal
@close()
)
App.Config.set('Tags', { prio: 2320, name: 'Tags', parent: '#manage', target: '#manage/tags', controller: Index, role: ['Admin'] }, 'NavBarAdmin')
App.Config.set('Tags', { prio: 2320, name: 'Tags', parent: '#manage', target: '#manage/tags', controller: Index, permission: ['admin.tag'] }, 'NavBarAdmin')

6
app/assets/javascripts/app/controllers/text_module.coffee
View file

@ -1,10 +1,8 @@
class Index extends App.ControllerContent
requiredPermission: 'admin.text_module'
constructor: ->
super
# check authentication
return if !@authenticate()
new App.ControllerGenericIndex(
el: @el
id: @id
@ -24,4 +22,4 @@ class Index extends App.ControllerContent
container: @el.closest('.content')
)
App.Config.set( 'TextModule', { prio: 2300, name: 'TextModules', parent: '#manage', target: '#manage/text_modules', controller: Index, role: ['Admin'] }, 'NavBarAdmin' )
App.Config.set('TextModule', { prio: 2300, name: 'TextModules', parent: '#manage', target: '#manage/text_modules', controller: Index, permission: ['admin.text_module'] }, 'NavBarAdmin')

19
app/assets/javascripts/app/controllers/ticket_overview.coffee
View file

@ -132,7 +132,7 @@ class Navbar extends App.Controller
items = App.OverviewIndexCollection.get()
@html App.view("agent_ticket_view/navbar#{ if @vertical then '_vertical' }")
items: items
isAgent: @isRole('Agent')
isAgent: @permissionCheck('ticket.agent')
while @clone.width() > @tabsHolder.width()
@tabClone.not('.hide').last().addClass('hide')
@ -203,7 +203,7 @@ class Table extends App.Controller
# rerender view, e. g. on langauge change
@bind 'ui:rerender', =>
return if !@authenticate(true)
return if !@authenticateCheck()
@render(App.OverviewListCollection.get(@view))
release: =>
@ -237,7 +237,7 @@ class Table extends App.Controller
ticket_list_show.push App.Ticket.fullLocal(ticket.id)
# if customer and no ticket exists, show the following message only
if !ticket_list_show[0] && @isRole('Customer')
if !ticket_list_show[0] && @permissionCheck('ticket.customer')
@html App.view('customer_not_ticket_exists')()
return
@ -249,9 +249,9 @@ class Table extends App.Controller
# render init page
checkbox = true
edit = false
if @isRole('Admin')
if @permissionCheck('admin')
edit = true
if @isRole('Customer')
if @permissionCheck('ticket.customer')
checkbox = false
edit = false
view_modes = [
@ -266,7 +266,7 @@ class Table extends App.Controller
class: 'active' if @view_mode is 'm'
}
]
if @isRole('Customer')
if @permissionCheck('ticket.customer')
view_modes = []
html = App.view('agent_ticket_view/content')(
overview: @overview
@ -768,12 +768,11 @@ class App.OverviewSettings extends App.ControllerModal
)
class TicketOverviewRouter extends App.ControllerPermanent
requiredPermission: ['ticket.agent', 'ticket.customer']
constructor: (params) ->
super
# check authentication
return if !@authenticate()
# cleanup params
clean_params =
view: params.view
@ -789,4 +788,4 @@ class TicketOverviewRouter extends App.ControllerPermanent
App.Config.set('ticket/view', TicketOverviewRouter, 'Routes')
App.Config.set('ticket/view/:view', TicketOverviewRouter, 'Routes')
App.Config.set('TicketOverview', { controller: 'TicketOverview', authentication: true }, 'permanentTask')
App.Config.set('TicketOverview', { prio: 1000, parent: '', name: 'Overviews', target: '#ticket/view', key: 'TicketOverview', role: ['Agent', 'Customer'], class: 'overviews' }, 'NavBar')
App.Config.set('TicketOverview', { prio: 1000, parent: '', name: 'Overviews', target: '#ticket/view', key: 'TicketOverview', permission: ['ticket.agent', 'ticket.customer'], class: 'overviews' }, 'NavBar')

11
app/assets/javascripts/app/controllers/ticket_zoom.coffee
View file

@ -14,9 +14,7 @@ class App.TicketZoom extends App.Controller
super
# check authentication
if !@authenticate()
App.TaskManager.remove(@task_key)
return
@authenticateCheckRedirect(true)
@formMeta = undefined
@ticket_id = params.ticket_id
@ -344,7 +342,7 @@ class App.TicketZoom extends App.Controller
elLocal = $(App.view('ticket_zoom')
ticket: @ticket
nav: @nav
isCustomer: @isRole('Customer')
isCustomer: @permissionCheck('ticket.customer')
scrollbarWidth: App.Utils.getScrollBarWidth()
)
@ -523,7 +521,7 @@ class App.TicketZoom extends App.Controller
internal: 'true'
in_reply_to: ''
if @isRole('Customer')
if @permissionCheck('ticket.customer')
currentStore.article.internal = ''
currentStore
@ -653,7 +651,7 @@ class App.TicketZoom extends App.Controller
ticket[attributes[1]] = content.value
# set defaults
if !@isRole('Customer')
if !@permissionCheck('ticket.customer')
if !ticket['owner_id']
ticket['owner_id'] = 1
@ -811,6 +809,7 @@ class App.TicketZoom extends App.Controller
App.TaskManager.update(@task_key, { 'state': @localTaskData })
class TicketZoomRouter extends App.ControllerPermanent
requiredPermission: ['ticket.agent', 'ticket.customer']
constructor: (params) ->
super

2
app/assets/javascripts/app/controllers/ticket_zoom/article_actions.coffee
View file

@ -45,7 +45,7 @@ class App.TicketZoomArticleActions extends App.Controller
@render()
actionRow: (article) ->
if @isRole('Customer')
if @permissionCheck('ticket.customer')
return []
actions = []

8
app/assets/javascripts/app/controllers/ticket_zoom/article_new.coffee
View file

@ -103,7 +103,7 @@ class App.TicketZoomArticleNew extends App.Controller
features: ['attachment']
}
if @isRole('Customer')
if @permissionCheck('ticket.customer')
@type = 'note'
@articleTypes = [
{
@ -177,7 +177,7 @@ class App.TicketZoomArticleNew extends App.Controller
articleTypes: @articleTypes
article: @defaults
form_id: @form_id
isCustomer: @isRole('Customer')
isCustomer: @permissionCheck('ticket.customer')
)
@setArticleType(@type)
@ -254,7 +254,7 @@ class App.TicketZoomArticleNew extends App.Controller
)
# show text module UI
if !@isRole('Customer')
if !@permissionCheck('ticket.customer')
textModule = new App.WidgetTextModule(
el: @$('.js-textarea').parent()
data:
@ -281,7 +281,7 @@ class App.TicketZoomArticleNew extends App.Controller
if !params['internal']
params['internal'] = false
if @isRole('Customer')
if @permissionCheck('ticket.customer')
sender = App.TicketArticleSender.findByAttribute('name', 'Customer')
type = App.TicketArticleType.findByAttribute('name', 'web')
params.type_id = type.id

6
app/assets/javascripts/app/controllers/ticket_zoom/article_view.coffee
View file

@ -125,7 +125,7 @@ class ArticleViewItem extends App.ObserverController
@html App.view('ticket_zoom/article_view_delivery_failed')(
ticket: @ticket
article: article
isCustomer: @isRole('Customer')
isCustomer: @permissionCheck('ticket.customer')
)
return
if article.sender.name is 'System'
@ -133,13 +133,13 @@ class ArticleViewItem extends App.ObserverController
@html App.view('ticket_zoom/article_view_system')(
ticket: @ticket
article: article
isCustomer: @isRole('Customer')
isCustomer: @permissionCheck('ticket.customer')
)
return
@html App.view('ticket_zoom/article_view')(
ticket: @ticket
article: article
isCustomer: @isRole('Customer')
isCustomer: @permissionCheck('ticket.customer')
)
new App.WidgetAvatar(

2
app/assets/javascripts/app/controllers/ticket_zoom/attribute_bar.coffee
View file

@ -37,7 +37,7 @@ class App.TicketZoomAttributeBar extends App.Controller
macros = App.Macro.all()
@macroLastUpdated = App.Macro.lastUpdatedAt()
if _.isEmpty(macros) || !@isRole('Agent')
if _.isEmpty(macros) || !@permissionCheck('ticket.agent')
macroDisabled = true
localeEl = $(App.view('ticket_zoom/attribute_bar')(

4
app/assets/javascripts/app/controllers/ticket_zoom/higlighter.coffee
View file

@ -36,7 +36,7 @@ class App.TicketZoomHighlighter extends App.Controller
constructor: ->
super
return if !@isRole('Agent')
return if !@permissionCheck('ticket.agent')
@currentHighlights = {}
@ -93,7 +93,7 @@ class App.TicketZoomHighlighter extends App.Controller
# for testing purposes the highlights get stored in atrticle preferences
loadHighlights: (ticket_article_id) ->
return if !@isRole('Agent')
return if !@permissionCheck('ticket.agent')
article = App.TicketArticle.find(ticket_article_id)
return if !article.preferences
return if !article.preferences.highlight

2
app/assets/javascripts/app/controllers/ticket_zoom/meta.coffee
View file

@ -8,5 +8,5 @@ class App.TicketZoomMeta extends App.ObserverController
render: (ticket) =>
@html App.view('ticket_zoom/meta')(
ticket: ticket
isCustomer: @isRole('Customer')
isCustomer: @permissionCheck('ticket.customer')
)

6
app/assets/javascripts/app/controllers/ticket_zoom/sidebar.coffee
View file

@ -53,7 +53,7 @@ class App.TicketZoomSidebar extends App.ObserverController
markForm: @markForm
)
if !@isRole('Customer')
if !@permissionCheck('ticket.customer')
@tagWidget = new App.WidgetTag(
el: @el.find('.tags')
object_type: 'Ticket'
@ -91,7 +91,7 @@ class App.TicketZoomSidebar extends App.ObserverController
callback: editTicket
}
]
if !@isRole('Customer')
if !@permissionCheck('ticket.customer')
@sidebarItems[0]['actions'] = [
{
name: 'ticket-history'
@ -109,7 +109,7 @@ class App.TicketZoomSidebar extends App.ObserverController
callback: changeCustomer
},
]
if !@isRole('Customer')
if !@permissionCheck('ticket.customer')
editCustomer = (e, el) =>
new App.ControllerGenericEdit(
id: ticket.customer_id

6
app/assets/javascripts/app/controllers/translation.coffee
View file

@ -1,4 +1,5 @@
class Index extends App.ControllerContent
requiredPermission: 'admin.translation'
events:
'click .js-pushChanges': 'pushChanges'
'click .js-resetChanges': 'resetChanges'
@ -7,9 +8,6 @@ class Index extends App.ControllerContent
constructor: ->
super
# check authentication
return if !@authenticate(false, 'Admin')
@title 'Translations', true
@locale = App.i18n.get()
@render()
@ -337,4 +335,4 @@ class TranslationList extends App.Controller
reset.addClass('hidden')
reset.closest('tr').removeClass('warning')
App.Config.set('Translation', { prio: 1800, parent: '#system', name: 'Translations', target: '#system/translation', controller: Index, role: ['Admin'] }, 'NavBarAdmin' )
App.Config.set('Translation', { prio: 1800, parent: '#system', name: 'Translations', target: '#system/translation', controller: Index, permission: ['admin.translation'] }, 'NavBarAdmin' )

6
app/assets/javascripts/app/controllers/trigger.coffee
View file

@ -1,10 +1,8 @@
class Index extends App.ControllerContent
requiredPermission: 'admin.trigger'
constructor: ->
super
# check authentication
return if !@authenticate(false, 'Admin')
new App.ControllerGenericIndex(
el: @el
id: @id
@ -26,4 +24,4 @@ class Index extends App.ControllerContent
large: true
)
App.Config.set('Trigger', { prio: 3300, name: 'Trigger', parent: '#manage', target: '#manage/trigger', controller: Index, role: ['Admin'] }, 'NavBarAdmin')
App.Config.set('Trigger', { prio: 3300, name: 'Trigger', parent: '#manage', target: '#manage/trigger', controller: Index, permission: ['admin.trigger'] }, 'NavBarAdmin')

5
app/assets/javascripts/app/controllers/user_profile.coffee
View file

@ -3,9 +3,7 @@ class App.UserProfile extends App.Controller
super
# check authentication
if !@authenticate()
App.TaskManager.remove(@task_key)
return
@authenticateCheckRedirect(true)
# fetch new data if needed
App.User.full(@user_id, @render)
@ -188,6 +186,7 @@ class Organization extends App.ObserverController
)
class Router extends App.ControllerPermanent
requiredPermission: 'ticket.agent'
constructor: (params) ->
super

10
app/assets/javascripts/app/controllers/users.coffee
View file

@ -1,4 +1,5 @@
class Index extends App.Controller
class Index extends App.ControllerContent
requiredPermission: 'admin.user'
elements:
'.js-search': 'searchInput'
events:
@ -7,9 +8,6 @@ class Index extends App.Controller
constructor: ->
super
# check authentication
return if !@authenticate()
# set title
@title 'Users', true
@ -167,7 +165,7 @@ class Index extends App.Controller
App.Ajax.request(
id: 'search'
type: 'GET'
url: @apiPath + '/users/recent'
url: "#{@apiPath}/users/recent"
data:
limit: 40
role_ids: role_ids
@ -194,4 +192,4 @@ class Index extends App.Controller
callback: @recent
)
App.Config.set( 'User', { prio: 1000, name: 'Users', parent: '#manage', target: '#manage/users', controller: Index, role: ['Admin'] }, 'NavBarAdmin' )
App.Config.set( 'User', { prio: 1000, name: 'Users', parent: '#manage', target: '#manage/users', controller: Index, permission: ['admin.user'] }, 'NavBarAdmin' )

2
app/assets/javascripts/app/controllers/widget/maintenance.coffee
View file

@ -41,7 +41,7 @@ class Widget extends App.Controller
maintanaceMode: (data = {}) =>
return if data.on isnt true
return if !@authenticate(true)
@authenticateCheckRedirect()
@navigate '#logout'
#App.Event.trigger('maintenance', {type:'restart_auto'})

2
app/assets/javascripts/app/controllers/widget/ticket_stats.coffee
View file

@ -20,7 +20,7 @@ class App.TicketStats extends App.Controller
# rerender view, e. g. on langauge change
@bind 'ui:rerender', =>
return if !@authenticate(true)
return if !@authenticateCheck()
@render()
release: =>

2
app/assets/javascripts/app/controllers/widget/translation_inline.coffee
View file

@ -9,7 +9,7 @@ class Widget extends App.Controller
$(document).off('keydown.translation')
# only admins can do this
return if !@isRole('Admin')
return if !@permissionCheck('admin.translation')
# bind on key down
# if ctrl+alt+t is pressed, enable translation_inline and fire ui:rerender

2
app/assets/javascripts/app/controllers/widget/translation_support.coffee
View file

@ -11,7 +11,7 @@ class TranslationSupport extends App.Controller
return if !App.i18n.notTranslatedFeatureEnabled(App.i18n.get())
# only show for admins
return if !@isRole('Admin')
return if !@permissionCheck('admin.translation')
# do not show in setup screens
return if window.location.hash.toString().match(/getting/)

4
app/assets/javascripts/app/models/permission.coffee Normal file
View file

@ -0,0 +1,4 @@
class App.Permission extends App.Model
@configure 'Role', 'name', 'note', 'active', 'updated_at'
@extend Spine.Model.Ajax
@url: @apiPath + '/permissions'

17
app/assets/javascripts/app/models/role.coffee
View file

@ -1,9 +1,11 @@
class App.Role extends App.Model
@configure 'Role', 'name', 'note', 'active', 'updated_at'
@configure 'Role', 'name', 'permission_ids', 'default_at_signup', 'note', 'active', 'updated_at'
@extend Spine.Model.Ajax
@url: @apiPath + '/roles'
@configure_attributes = [
{ name: 'name', display: 'Name', tag: 'input', type: 'text', limit: 100, null: false },
{ name: 'permission_ids', display: 'Permissions', tag: 'permission', item_class: 'checkbox' },
{ name: 'default_at_signup', display: 'Default at Signup', tag: 'boolean', default: false, translate: true },
{ name: 'note', display: 'Note', tag: 'textarea', note: 'Notes are visible to agents only, never to customers.', limit: 250, null: true },
{ name: 'active', display: 'Active', tag: 'active', default: true },
{ name: 'created_by_id', display: 'Created by', relation: 'User', readonly: 1 },
@ -12,7 +14,7 @@ class App.Role extends App.Model
{ name: 'updated_at', display: 'Updated', tag: 'datetime', readonly: 1 },
]
@configure_overview = [
'name',
'name', 'default_at_signup',
]
activityMessage: (item) ->
@ -21,3 +23,14 @@ class App.Role extends App.Model
else if item.type is 'update'
return App.i18n.translateContent('%s updated Role |%s|', item.created_by.displayName(), item.title)
return "Unknow action for (#{@objectDisplayName()}/#{item.type}), extend activityMessage() of model."
@_fillUp: (data) ->
if data['permission_ids']
data['permissions'] = []
for permission_id in data['permission_ids']
if App.Permission.exists(permission_id)
permission = App.Permission.find(permission_id)
data['permissions'].push permission
data

55
app/assets/javascripts/app/models/user.coffee
View file

@ -125,15 +125,15 @@ class App.User extends App.Model
if data['role_ids']
data['roles'] = []
for role_id in data['role_ids']
if App.Role.exists( role_id )
role = App.Role.find( role_id )
if App.Role.exists(role_id)
role = App.Role.find(role_id)
data['roles'].push role
if data['group_ids']
data['groups'] = []
for group_id in data['group_ids']
if App.Group.exists( group_id )
group = App.Group.find( group_id )
if App.Group.exists(group_id)
group = App.Group.find(group_id)
data['groups'].push group
data
@ -163,3 +163,50 @@ class App.User extends App.Model
to = item.objectNative.displayName()
return App.i18n.translateContent('%s ended switch to |%s|!', item.created_by.displayName(), to)
return "Unknow action for (#{@objectDisplayName()}/#{item.type}), extend activityMessage() of model."
###
user = App.User.find(3)
result = user.permission('ticket.agent') # access to certain permission key
result = user.permission(['ticket.agent', 'ticket.customer']) # access to one of permission keys
result = user.permission('user_preferences.calendar+ticket.agent') # access must have two permission keys
returns
true|false
###
permission: (key) ->
keys = key
if !_.isArray(key)
keys = [key]
# get all permissions of user
permissions = {}
for role_id in @role_ids
role = App.Role.find(role_id)
for permission_id in role.permission_ids
permission = App.Permission.find(permission_id)
permissions[permission.name] = true
for localKey in keys
requiredPermissions = localKey.split('+')
access = false
for requiredPermission in requiredPermissions
localAccess = false
partString = ''
for part in requiredPermission.split('.')
if partString isnt ''
partString += '.'
partString += part
if permissions[partString]
localAccess = true
if localAccess
access = true
else
access = false
break
return access if access
false

21
app/assets/javascripts/app/views/generic/permission.jst.eco Normal file
View file

@ -0,0 +1,21 @@
<div class="checkbox <%= @attribute.class %> checkbox">
<% for permission in @permissions: %>
<% if !permission.name.match(/\./): %>
<label class="inline-label checkbox-replacement">
<input type="checkbox" value="<%= permission.id %>" name="permission_ids" <% if _.contains(@params.permission_ids, permission.id): %>checked<% end %> <% if permission.preferences.disabled: %>disabled<% end %>/>
<%- @Icon('checkbox', 'icon-unchecked') %>
<%- @Icon('checkbox-checked', 'icon-checked') %>
<span class="label-text"><%= permission.displayName() %> - <span class="help-text"><%- @T(permission.note) %></span></span>
</label>
<% else: %>
<div style="padding-left: 20px;" class="js-subPermissionList">
<label class="inline-label checkbox-replacement">
<input type="checkbox" value="<%= permission.id %>" name="permission_ids" <% if _.contains(@params.permission_ids, permission.id): %>checked<% end %> <% if permission.preferences.disabled: %>disabled<% end %>/>
<%- @Icon('checkbox', 'icon-unchecked') %>
<%- @Icon('checkbox-checked', 'icon-checked') %>
<span class="label-text"><%= permission.displayName().replace(/^.+?\./, '') %> - <span class="help-text"><%- @T(permission.note) %></span></span>
</label>
</div>
<% end %>
<% end %>
</div>

7
app/assets/javascripts/app/views/generic/user_permission.jst.eco
View file

@ -6,7 +6,9 @@
<%- @Icon('checkbox-checked', 'icon-checked') %>
<span class="label-text"><%= role.displayName() %> <% if role.note: %>- <span class="help-text"><%= role.note %></span><% end %></span>
</label>
<% if role.name is 'Agent': %>
<% if role.permissions: %>
<% for permission in role.permissions: %>
<% if _.contains(permission.preferences.plugin, 'groups'): %>
<div style="padding-left: 20px;" class="js-groupList <% if @hideGroups: %>js-groupListHide hidden<% end %>">
<% for group in @groups: %>
<label class="inline-label checkbox-replacement">
@ -17,6 +19,9 @@
</label>
<% end %>
</div>
<% break %>
<% end %>
<% end %>
<% end %>
<% end %>
</div>

184
app/controllers/application_controller.rb
View file

@ -8,7 +8,6 @@ class ApplicationController < ActionController::Base
:authentication_check,
:config_frontend,
:http_log_config,
:role?,
:model_create_render,
:model_update_render,
:model_restory_render,
@ -171,6 +170,7 @@ class ApplicationController < ActionController::Base
switched_from_user_id = ENV['SWITCHED_FROM_USER_ID'] || session[:switched_from_user_id]
return true if switched_from_user_id
return true if !user
return true if !user.permissions?('user_preferences.device')
time_to_check = true
user_device_updated_at = session[:user_device_updated_at]
@ -223,7 +223,6 @@ class ApplicationController < ActionController::Base
end
def authentication_check_only(auth_param)
#logger.debug 'authentication_check'
#logger.debug params.inspect
#logger.debug session.inspect
@ -233,38 +232,16 @@ class ApplicationController < ActionController::Base
if session.id && session[:user_id]
logger.debug 'session based auth check'
user = User.lookup(id: session[:user_id])
# check scopes / permission check
# auth_param[:permission]
#if auth_param[:permission] && !user.permission?(auth_param[:permission])
# return {
# auth: false,
# message: 'No permission!',
# }
#end
current_user_set(user)
logger.debug "session based auth for '#{user.login}'"
return {
auth: true
}
return authentication_check_prerequesits(user, 'session', auth_param) if user
end
error_message = 'authentication failed'
# check sso based authentication
sso_user = User.sso(params)
if sso_user
if check_maintenance_only(sso_user)
return {
auth: false,
message: 'Maintenance mode enabled!',
}
end
if authentication_check_prerequesits(sso_user, 'session', auth_param)
session[:persistent] = true
return {
auth: true
}
return sso_user
end
end
# check http basic based authentication
@ -272,50 +249,10 @@ class ApplicationController < ActionController::Base
request.session_options[:skip] = true # do not send a session cookie
logger.debug "http basic auth check '#{username}'"
if Setting.get('api_password_access') == false
return {
auth: false,
message: 'API password access disabled!',
}
raise Exceptions::NotAuthorized, 'API password access disabled!'
end
user = User.authenticate(username, password)
next if !user
if check_maintenance_only(user)
return {
auth: false,
message: 'Maintenance mode enabled!',
}
end
current_user_set(user)
user_device_log(user, 'basic_auth')
logger.debug "http basic auth for '#{user.login}'"
return {
auth: true
}
end
# check http token action based authentication
if auth_param[:token_action]
authenticate_with_http_token do |token, _options|
request.session_options[:skip] = true # do not send a session cookie
logger.debug "http token action auth check '#{token}'"
user = Token.check(
action: auth_param[:token_action],
name: token,
)
next if !user
if check_maintenance_only(user)
return {
auth: false,
message: 'Maintenance mode enabled!',
}
end
current_user_set(user)
user_device_log(user, 'token_auth')
logger.debug "http token action auth for '#{user.login}'"
return {
auth: true
}
end
return authentication_check_prerequesits(user, 'basic_auth', auth_param) if user
end
# check http token based authentication
@ -323,31 +260,16 @@ class ApplicationController < ActionController::Base
logger.debug "http token auth check '#{token}'"
request.session_options[:skip] = true # do not send a session cookie
if Setting.get('api_token_access') == false
return {
auth: false,
message: 'API token access disabled!',
}
raise Exceptions::NotAuthorized, 'API token access disabled!'
end
user = Token.check(
action: 'api',
name: token,
permission: auth_param[:permission],
inactive_user: true,
)
next if !user
if check_maintenance_only(user)
return {
auth: false,
message: 'Maintenance mode enabled!',
}
end
# permission check
# auth_param[:permission]
current_user_set(user)
user_device_log(user, 'token_auth')
logger.debug "http token auth for '#{user.login}'"
return {
auth: true
}
@_token_auth = token # remember for permission_check
return authentication_check_prerequesits(user, 'token_auth', auth_param) if user
end
=begin
@ -360,73 +282,57 @@ class ApplicationController < ActionController::Base
# check expire
if access_token.expires_in && (access_token.created_at + access_token.expires_in) < Time.zone.now
return {
auth: false,
message: 'OAuth2 token is expired!',
}
raise Exceptions::NotAuthorized, 'OAuth2 token is expired!'
end
if access_token.scopes.empty?
raise Exceptions::NotAuthorized, 'OAuth2 scope missing for token!'
end
user = User.find(access_token.resource_owner_id)
if !user || user.active == false
return {
auth: false,
message: 'OAuth2 resource owner inactive!',
}
return authentication_check_prerequesits(user, 'token_auth', auth_param) if user
end
=end
false
end
def authentication_check_prerequesits(user, auth_type, auth_param)
if check_maintenance_only(user)
return {
auth: false,
message: 'Maintenance mode enabled!',
}
raise Exceptions::NotAuthorized, 'Maintenance mode enabled!'
end
if user.active == false
raise Exceptions::NotAuthorized, 'User is inactive!'
end
# check scopes / permission check
# auth_param[:permission]
if access_token.scopes.empty?
return {
auth: false,
message: 'OAuth2 scope missing for token!',
}
if auth_param[:permission] && !user.permissions?(auth_param[:permission])
raise Exceptions::NotAuthorized, 'No permission!'
end
current_user_set(user)
user_device_log(user, 'token_auth')
logger.debug "oauth token auth for '#{user.login}'"
return {
auth: true
}
end
=end
logger.debug error_message
{
auth: false,
message: error_message,
}
user_device_log(user, auth_type)
logger.debug "#{auth_type} for '#{user.login}'"
true
end
def authentication_check(auth_param = {})
result = authentication_check_only(auth_param)
user = authentication_check_only(auth_param)
# check if basic_auth fallback is possible
if auth_param[:basic_auth_promt] && result[:auth] == false
if auth_param[:basic_auth_promt] && !user
return request_http_basic_authentication
end
# return auth not ok
if result[:auth] == false
raise Exceptions::NotAuthorized, result[:message]
if !user
raise Exceptions::NotAuthorized, 'authentication failed'
end
# return auth ok
true
end
def role?(role_name)
return false if !current_user
current_user.role?(role_name)
end
def ticket_permission(ticket)
return true if ticket.permission(current_user: current_user)
raise Exceptions::NotAuthorized
@ -438,9 +344,19 @@ class ApplicationController < ActionController::Base
raise Exceptions::NotAuthorized
end
def deny_if_not_role(role_name)
return false if role?(role_name)
raise Exceptions::NotAuthorized
def permission_check(key)
if @_token_auth
user = Token.check(
action: 'api',
name: @_token_auth,
permission: key,
)
return false if user
raise Exceptions::NotAuthorized, 'No permission!'
end
return false if current_user && current_user.permissions?(key)
raise Exceptions::NotAuthorized, 'No permission!'
end
def valid_session_with_user
@ -683,7 +599,7 @@ class ApplicationController < ActionController::Base
# check maintenance mode
def check_maintenance_only(user)
return false if Setting.get('maintenance_mode') != true
return false if user.role?('Admin')
return false if user.permissions?('admin.maintenance')
Rails.logger.info "Maintenance mode enabled, denied login for user #{user.login}, it's no admin user."
true
end

8
app/controllers/calendars_controller.rb
View file

@ -1,10 +1,9 @@
# Copyright (C) 2012-2014 Zammad Foundation, http://zammad-foundation.org/
class CalendarsController < ApplicationController
before_action :authentication_check
before_action { authentication_check(permission: 'admin.calendar') }
def index
deny_if_not_role(Z_ROLENAME_ADMIN)
# calendars
assets = {}
@ -25,22 +24,19 @@ class CalendarsController < ApplicationController
end
def show
deny_if_not_role(Z_ROLENAME_ADMIN)
model_show_render(Calendar, params)
end
def create
deny_if_not_role(Z_ROLENAME_ADMIN)
model_create_render(Calendar, params)
end
def update
deny_if_not_role(Z_ROLENAME_ADMIN)
model_update_render(Calendar, params)
end
def destroy
deny_if_not_role(Z_ROLENAME_ADMIN)
model_destory_render(Calendar, params)
end
end

22
app/controllers/channels_controller.rb
View file

@ -17,7 +17,7 @@ curl http://localhost/api/v1/group/channels.json -v -u #{login}:#{password} -H "
=end
def group_update
deny_if_not_role(Z_ROLENAME_ADMIN)
permission_check('admin')
check_access
channel = Channel.find(params[:id])
@ -40,12 +40,13 @@ curl http://localhost/api/v1/channels.json -v -u #{login}:#{password} -H "Conten
=end
def destroy
deny_if_not_role(Z_ROLENAME_ADMIN)
permission_check('admin')
check_access
model_destory_render(Channel, params)
end
def twitter_index
permission_check('admin.channel_twitter')
assets = {}
ExternalCredential.where(name: 'twitter').each { |external_credential|
assets = external_credential.assets(assets)
@ -64,11 +65,12 @@ curl http://localhost/api/v1/channels.json -v -u #{login}:#{password} -H "Conten
end
def twitter_verify
deny_if_not_role(Z_ROLENAME_ADMIN)
permission_check('admin.channel_twitter')
model_update_render(Channel, params)
end
def facebook_index
permission_check('admin.channel_facebook')
assets = {}
ExternalCredential.where(name: 'facebook').each { |external_credential|
assets = external_credential.assets(assets)
@ -87,12 +89,12 @@ curl http://localhost/api/v1/channels.json -v -u #{login}:#{password} -H "Conten
end
def facebook_verify
deny_if_not_role(Z_ROLENAME_ADMIN)
permission_check('admin.channel_facebook')
model_update_render(Channel, params)
end
def email_index
deny_if_not_role(Z_ROLENAME_ADMIN)
permission_check('admin.channel_email')
system_online_service = Setting.get('system_online_service')
account_channel_ids = []
notification_channel_ids = []
@ -143,7 +145,7 @@ curl http://localhost/api/v1/channels.json -v -u #{login}:#{password} -H "Conten
def email_probe
# check admin permissions
deny_if_not_role(Z_ROLENAME_ADMIN)
permission_check('admin.channel_email')
# probe settings based on email and password
result = EmailHelper::Probe.full(
@ -163,7 +165,7 @@ curl http://localhost/api/v1/channels.json -v -u #{login}:#{password} -H "Conten
def email_outbound
# check admin permissions
deny_if_not_role(Z_ROLENAME_ADMIN)
permission_check('admin.channel_email')
# verify access
return if params[:channel_id] && !check_access(params[:channel_id])
@ -175,7 +177,7 @@ curl http://localhost/api/v1/channels.json -v -u #{login}:#{password} -H "Conten
def email_inbound
# check admin permissions
deny_if_not_role(Z_ROLENAME_ADMIN)
permission_check('admin.channel_email')
# verify access
return if params[:channel_id] && !check_access(params[:channel_id])
@ -192,7 +194,7 @@ curl http://localhost/api/v1/channels.json -v -u #{login}:#{password} -H "Conten
def email_verify
# check admin permissions
deny_if_not_role(Z_ROLENAME_ADMIN)
permission_check('admin.channel_email')
email = params[:email] || params[:meta][:email]
email = email.downcase
@ -287,7 +289,7 @@ curl http://localhost/api/v1/channels.json -v -u #{login}:#{password} -H "Conten
check_online_service
# check admin permissions
deny_if_not_role(Z_ROLENAME_ADMIN)
permission_check('admin.channel_email')
adapter = params[:adapter].downcase

8
app/controllers/chats_controller.rb
View file

@ -1,10 +1,9 @@
# Copyright (C) 2012-2014 Zammad Foundation, http://zammad-foundation.org/
class ChatsController < ApplicationController
before_action :authentication_check
before_action { authentication_check(permission: 'admin.chat') }
def index
deny_if_not_role(Z_ROLENAME_ADMIN)
chat_ids = []
assets = {}
Chat.order(:id).each { |chat|
@ -20,22 +19,19 @@ class ChatsController < ApplicationController
end
def show
deny_if_not_role(Z_ROLENAME_ADMIN)
model_show_render(Chat, params)
end
def create
deny_if_not_role(Z_ROLENAME_ADMIN)
model_create_render(Chat, params)
end
def update
deny_if_not_role(Z_ROLENAME_ADMIN)
model_update_render(Chat, params)
end
def destroy
deny_if_not_role(Z_ROLENAME_ADMIN)
model_destory_render(Chat, params)
end
end

5
app/controllers/cti_controller.rb
View file

@ -1,12 +1,10 @@
# Copyright (C) 2012-2014 Zammad Foundation, http://zammad-foundation.org/
class CtiController < ApplicationController
before_action :authentication_check
before_action { authentication_check(permission: 'cti.agent') }
# list current caller log
def index
deny_if_not_role('CTI')
backends = [
{
name: 'sipgate.io',
@ -22,7 +20,6 @@ class CtiController < ApplicationController
# set caller log to done
def done
deny_if_not_role('CTI')
log = Cti::Log.find(params['id'])
log.done = params['done']
log.save

8
app/controllers/email_addresses_controller.rb
View file

@ -46,6 +46,7 @@ curl http://localhost/api/v1/email_addresses.json -v -u #{login}:#{password}
=end
def index
permission_check(['admin.channel_email', 'ticket.agent'])
model_index_render(EmailAddress, params)
end
@ -67,6 +68,7 @@ curl http://localhost/api/v1/email_addresses/#{id}.json -v -u #{login}:#{passwor
=end
def show
permission_check(['admin.channel_email', 'ticket.agent'])
model_show_render(EmailAddress, params)
end
@ -97,7 +99,7 @@ curl http://localhost/api/v1/email_addresses.json -v -u #{login}:#{password} -H
=end
def create
deny_if_not_role(Z_ROLENAME_ADMIN)
permission_check('admin.channel_email')
model_create_render(EmailAddress, params)
end
@ -128,7 +130,7 @@ curl http://localhost/api/v1/email_addresses/#{id}.json -v -u #{login}:#{passwor
=end
def update
deny_if_not_role(Z_ROLENAME_ADMIN)
permission_check('admin.channel_email')
model_update_render(EmailAddress, params)
end
@ -146,7 +148,7 @@ curl http://localhost/api/v1/email_addresses/#{id}.json -v -u #{login}:#{passwor
=end
def destroy
deny_if_not_role(Z_ROLENAME_ADMIN)
permission_check('admin.channel_email')
model_destory_render(EmailAddress, params)
end
end

9
app/controllers/external_credentials_controller.rb
View file

@ -1,30 +1,25 @@
# Copyright (C) 2012-2014 Zammad Foundation, http://zammad-foundation.org/
class ExternalCredentialsController < ApplicationController
before_action :authentication_check
before_action { authentication_check(permission: ['admin.channel_twitter', 'admin.channel_facebook']) }
def index
deny_if_not_role(Z_ROLENAME_ADMIN)
model_index_render(ExternalCredential, params)
end
def show
deny_if_not_role(Z_ROLENAME_ADMIN)
model_show_render(ExternalCredential, params)
end
def create
deny_if_not_role(Z_ROLENAME_ADMIN)
model_create_render(ExternalCredential, params)
end
def update
deny_if_not_role(Z_ROLENAME_ADMIN)
model_update_render(ExternalCredential, params)
end
def destroy
deny_if_not_role(Z_ROLENAME_ADMIN)
model_destory_render(ExternalCredential, params)
end
@ -37,7 +32,6 @@ class ExternalCredentialsController < ApplicationController
end
def link_account
deny_if_not_role(Z_ROLENAME_ADMIN)
provider = params[:provider].downcase
attributes = ExternalCredential.request_account_to_link(provider)
session[:request_token] = attributes[:request_token]
@ -45,7 +39,6 @@ class ExternalCredentialsController < ApplicationController
end
def callback
deny_if_not_role(Z_ROLENAME_ADMIN)
provider = params[:provider].downcase
channel = ExternalCredential.link_account(provider, session[:request_token], params)
session[:request_token] = nil

4
app/controllers/first_steps_controller.rb
View file

@ -44,7 +44,7 @@ class FirstStepsController < ApplicationController
macro_active = true
end
if current_user.role?('Admin')
if current_user.permissions?('admin')
result = [
{
@ -225,7 +225,7 @@ class FirstStepsController < ApplicationController
end
def access?
return true if current_user.role?(%w(Agent Admin))
return true if current_user.permissions?(['admin', 'ticket.agent'])
render json: []
false
end

4
app/controllers/form_controller.rb
View file

@ -74,14 +74,14 @@ class FormController < ApplicationController
customer = User.find_by(email: email)
if !customer
roles = Role.where(name: 'Customer')
role_ids = Role.signup_role_ids
customer = User.create(
firstname: name,
lastname: '',
email: email,
password: '',
active: true,
roles: roles,
role_ids: role_ids,
updated_by_id: 1,
created_by_id: 1,
)

2
app/controllers/getting_started_controller.rb
View file

@ -110,7 +110,7 @@ curl http://localhost/api/v1/getting_started -v -u #{login}:#{password}
def base
# check admin permissions
deny_if_not_role(Z_ROLENAME_ADMIN)
permission_check('admin.wizard')
# validate url
messages = {}

5
app/controllers/groups_controller.rb
View file

@ -1,7 +1,7 @@
# Copyright (C) 2012-2014 Zammad Foundation, http://zammad-foundation.org/
class GroupsController < ApplicationController
before_action :authentication_check
before_action { authentication_check(permission: 'admin.group') }
=begin
@ -101,7 +101,6 @@ curl http://localhost/api/v1/groups -v -u #{login}:#{password} -H "Content-Type:
=end
def create
deny_if_not_role(Z_ROLENAME_ADMIN)
model_create_render(Group, params)
end
@ -133,7 +132,6 @@ curl http://localhost/api/v1/groups -v -u #{login}:#{password} -H "Content-Type:
=end
def update
deny_if_not_role(Z_ROLENAME_ADMIN)
model_update_render(Group, params)
end
@ -151,7 +149,6 @@ curl http://localhost/api/v1/groups/{id} -v -u #{login}:#{password} -H "Content-
=end
def destroy
deny_if_not_role(Z_ROLENAME_ADMIN)
model_destory_render(Group, params)
end
end

4
app/controllers/http_logs_controller.rb
View file

@ -5,7 +5,7 @@ class HttpLogsController < ApplicationController
# GET /http_logs/:facility
def index
deny_if_not_role(Z_ROLENAME_ADMIN)
permission_check('admin.*')
list = if params[:facility]
HttpLog.where(facility: params[:facility]).order('created_at DESC').limit(params[:limit] || 50)
else
@ -16,7 +16,7 @@ class HttpLogsController < ApplicationController
# POST /http_logs
def create
deny_if_not_role(Z_ROLENAME_ADMIN)
permission_check('admin.*')
model_create_render(HttpLog, params)
end

8
app/controllers/jobs_controller.rb
View file

@ -1,30 +1,26 @@
# Copyright (C) 2012-2014 Zammad Foundation, http://zammad-foundation.org/
class JobsController < ApplicationController
before_action :authentication_check
before_action { authentication_check(permission: 'admin.scheduler') }
def index
deny_if_not_role(Z_ROLENAME_ADMIN)
model_index_render(Job, params)
end
def show
deny_if_not_role(Z_ROLENAME_ADMIN)
model_show_render(Job, params)
end
def create
deny_if_not_role(Z_ROLENAME_ADMIN)
model_create_render(Job, params)
end
def update
deny_if_not_role(Z_ROLENAME_ADMIN)
model_update_render(Job, params)
end
def destroy
deny_if_not_role(Z_ROLENAME_ADMIN)
model_destory_render(Job, params)
end
end

10
app/controllers/object_manager_attributes_controller.rb
View file

@ -1,11 +1,10 @@
# Copyright (C) 2012-2014 Zammad Foundation, http://zammad-foundation.org/
class ObjectManagerAttributesController < ApplicationController
before_action :authentication_check
before_action { authentication_check(permission: 'admin.object') }
# GET /object_manager_attributes_list
def list
deny_if_not_role(Z_ROLENAME_ADMIN)
render json: {
objects: ObjectManager.list_frontend_objects,
}
@ -13,19 +12,16 @@ class ObjectManagerAttributesController < ApplicationController
# GET /object_manager_attributes
def index
deny_if_not_role(Z_ROLENAME_ADMIN)
render json: ObjectManager::Attribute.list_full
end
# GET /object_manager_attributes/1
def show
deny_if_not_role(Z_ROLENAME_ADMIN)
model_show_render(ObjectManager::Attribute, params)
end
# POST /object_manager_attributes
def create
deny_if_not_role(Z_ROLENAME_ADMIN)
check_params
# check if attribute already exists
@ -55,7 +51,6 @@ class ObjectManagerAttributesController < ApplicationController
# PUT /object_manager_attributes/1
def update
deny_if_not_role(Z_ROLENAME_ADMIN)
check_params
begin
object_manager_attribute = ObjectManager::Attribute.add(
@ -77,7 +72,6 @@ class ObjectManagerAttributesController < ApplicationController
# DELETE /object_manager_attributes/1
def destroy
deny_if_not_role(Z_ROLENAME_ADMIN)
object_manager_attribute = ObjectManager::Attribute.find(params[:id])
ObjectManager::Attribute.remove(
object_lookup_id: object_manager_attribute.object_lookup_id,
@ -88,14 +82,12 @@ class ObjectManagerAttributesController < ApplicationController
# POST /object_manager_attributes_discard_changes
def discard_changes
deny_if_not_role(Z_ROLENAME_ADMIN)
ObjectManager::Attribute.discard_changes
render json: {}, status: :ok
end
# POST /object_manager_attributes_execute_migrations
def execute_migrations
deny_if_not_role(Z_ROLENAME_ADMIN)
ObjectManager::Attribute.migration_execute
render json: {}, status: :ok
end

15
app/controllers/organizations_controller.rb
View file

@ -57,7 +57,7 @@ curl http://localhost/api/v1/organizations -v -u #{login}:#{password}
# only allow customer to fetch his own organization
organizations = []
if role?(Z_ROLENAME_CUSTOMER) && !role?(Z_ROLENAME_ADMIN) && !role?(Z_ROLENAME_AGENT)
if !current_user.permissions?('admin.organization') && !current_user.permissions?('ticket.agent')
if current_user.organization_id
organizations = Organization.where(id: current_user.organization_id).offset(offset).limit(per_page)
end
@ -111,7 +111,7 @@ curl http://localhost/api/v1/organizations/#{id} -v -u #{login}:#{password}
def show
# only allow customer to fetch his own organization
if role?(Z_ROLENAME_CUSTOMER) && !role?(Z_ROLENAME_ADMIN) && !role?(Z_ROLENAME_AGENT)
if !current_user.permissions?('admin.organization') && !current_user.permissions?('ticket.agent')
if !current_user.organization_id
render json: {}
return
@ -160,7 +160,8 @@ curl http://localhost/api/v1/organizations -v -u #{login}:#{password} -H "Conten
=end
def create
deny_if_not_role(Z_ROLENAME_AGENT)
permission_check('ticket.agent')
#permission_check('admin.organization')
model_create_render(Organization, params)
end
@ -191,7 +192,7 @@ curl http://localhost/api/v1/organizations -v -u #{login}:#{password} -H "Conten
=end
def update
deny_if_not_role(Z_ROLENAME_AGENT)
permission_check('ticket.agent')
model_update_render(Organization, params)
end
@ -209,7 +210,7 @@ curl http://localhost/api/v1/organization/{id} -v -u #{login}:#{password} -H "Co
=end
def destroy
deny_if_not_role(Z_ROLENAME_AGENT)
permission_check('ticket.agent')
model_references_check(Organization, params)
model_destory_render(Organization, params)
end
@ -217,7 +218,7 @@ curl http://localhost/api/v1/organization/{id} -v -u #{login}:#{password} -H "Co
# GET /api/v1/organizations/search
def search
if role?(Z_ROLENAME_CUSTOMER) && !role?(Z_ROLENAME_ADMIN) && !role?(Z_ROLENAME_AGENT)
if !current_user.permissions?('admin.organization') && !current_user.permissions?('ticket.agent')
raise Exceptions::NotAuthorized
end
@ -284,7 +285,7 @@ curl http://localhost/api/v1/organization/{id} -v -u #{login}:#{password} -H "Co
def history
# permission check
if !role?(Z_ROLENAME_ADMIN) && !role?(Z_ROLENAME_AGENT)
if !current_user.permissions?('admin.organization') && !current_user.permissions?('ticket.agent')
raise Exceptions::NotAuthorized
end

7
app/controllers/overviews_controller.rb
View file

@ -1,7 +1,7 @@
# Copyright (C) 2012-2014 Zammad Foundation, http://zammad-foundation.org/
class OverviewsController < ApplicationController
before_action :authentication_check
before_action { authentication_check(permission: 'admin.overview') }
=begin
@ -52,7 +52,6 @@ curl http://localhost/api/v1/overviews.json -v -u #{login}:#{password}
=end
def index
deny_if_not_role(Z_ROLENAME_ADMIN)
model_index_render(Overview, params)
end
@ -74,7 +73,6 @@ curl http://localhost/api/v1/overviews/#{id}.json -v -u #{login}:#{password}
=end
def show
deny_if_not_role(Z_ROLENAME_ADMIN)
model_show_render(Overview, params)
end
@ -108,7 +106,6 @@ curl http://localhost/api/v1/overviews.json -v -u #{login}:#{password} -H "Conte
=end
def create
deny_if_not_role(Z_ROLENAME_ADMIN)
model_create_render(Overview, params)
end
@ -142,7 +139,6 @@ curl http://localhost/api/v1/overviews.json -v -u #{login}:#{password} -H "Conte
=end
def update
deny_if_not_role(Z_ROLENAME_ADMIN)
model_update_render(Overview, params)
end
@ -160,7 +156,6 @@ curl http://localhost/api/v1/overviews/#{id}.json -v -u #{login}:#{password} -H
=end
def destroy
deny_if_not_role(Z_ROLENAME_ADMIN)
model_destory_render(Overview, params)
end
end

10
app/controllers/packages_controller.rb
View file

@ -1,11 +1,10 @@
# Copyright (C) 2012-2014 Zammad Foundation, http://zammad-foundation.org/
class PackagesController < ApplicationController
before_action :authentication_check
before_action { authentication_check(permission: 'admin.package') }
# GET /api/v1/packages
def index
deny_if_not_role(Z_ROLENAME_ADMIN)
packages = Package.all().order('name')
render json: {
packages: packages
@ -14,21 +13,14 @@ class PackagesController < ApplicationController
# POST /api/v1/packages
def install
deny_if_not_role(Z_ROLENAME_ADMIN)
Package.install(string: params[:file_upload].read)
redirect_to '/#system/package'
end
# DELETE /api/v1/packages
def uninstall
deny_if_not_role(Z_ROLENAME_ADMIN)
package = Package.find(params[:id])
Package.uninstall(name: package.name, version: package.version)
render json: {
success: true
}

7
app/controllers/postmaster_filters_controller.rb
View file

@ -1,7 +1,7 @@
# Copyright (C) 2012-2014 Zammad Foundation, http://zammad-foundation.org/
class PostmasterFiltersController < ApplicationController
before_action :authentication_check
before_action { authentication_check(permission: 'admin.channel_email') }
=begin
@ -54,7 +54,6 @@ curl http://localhost/api/v1/postmaster_filters.json -v -u #{login}:#{password}
=end
def index
deny_if_not_role(Z_ROLENAME_ADMIN)
model_index_render(PostmasterFilter, params)
end
@ -76,7 +75,6 @@ curl http://localhost/api/v1/postmaster_filters/#{id}.json -v -u #{login}:#{pass
=end
def show
deny_if_not_role(Z_ROLENAME_ADMIN)
model_show_render(PostmasterFilter, params)
end
@ -121,7 +119,6 @@ curl http://localhost/api/v1/postmaster_filters.json -v -u #{login}:#{password}
=end
def create
deny_if_not_role(Z_ROLENAME_ADMIN)
model_create_render(PostmasterFilter, params)
end
@ -164,7 +161,6 @@ curl http://localhost/api/v1/postmaster_filters.json -v -u #{login}:#{password}
=end
def update
deny_if_not_role(Z_ROLENAME_ADMIN)
model_update_render(PostmasterFilter, params)
end
@ -179,7 +175,6 @@ Test:
=end
def destroy
deny_if_not_role(Z_ROLENAME_ADMIN)
model_destory_render(PostmasterFilter, params)
end
end

Some files were not shown because too many files have changed in this diff Show more