mirror of
https://github.com/ZoneMinder/zoneminder.git
synced 2026-03-25 09:11:53 -04:00
4e60cb96a7
Add a User Roles system where roles define reusable permission templates. When a user has a role assigned, the role provides fallback permissions (user's direct permissions take precedence; role is used when user has 'None'). Database changes: - Add User_Roles table with same permission fields as Users - Add Role_Groups_Permissions table for per-role group overrides - Add Role_Monitors_Permissions table for per-role monitor overrides - Add RoleId foreign key to Users table Permission resolution order: 1. User's direct Monitor/Group permissions (if not 'Inherit') 2. Role's Monitor/Group permissions (if user has role) 3. Role's base permission (if user's is 'None') 4. User's base permission (fallback) Includes: - PHP models: User_Role, Role_Group_Permission, Role_Monitor_Permission - Role management UI in Options > Roles tab - Role selector in user edit form - REST API endpoints for roles CRUD - Translation strings for en_gb Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
178 lines
3.9 KiB
PHP
178 lines
3.9 KiB
PHP
<?php
|
|
App::uses('AppController', 'Controller');
|
|
/**
|
|
* Roles Controller
|
|
*
|
|
* @property Role $Role
|
|
*/
|
|
class RolesController extends AppController {
|
|
|
|
/**
|
|
* Components
|
|
*
|
|
* @var array
|
|
*/
|
|
public $components = array('Paginator', 'RequestHandler');
|
|
|
|
public function beforeFilter() {
|
|
parent::beforeFilter();
|
|
|
|
global $user;
|
|
# We already tested for auth in appController, so we just need to test for specific permission
|
|
$canView = (!$user) || ($user->System() != 'None');
|
|
if (!$canView) {
|
|
throw new UnauthorizedException(__('Insufficient Privileges'));
|
|
return;
|
|
}
|
|
}
|
|
|
|
/**
|
|
* index method
|
|
*
|
|
* @return void
|
|
*/
|
|
public function index() {
|
|
$this->Role->recursive = 0;
|
|
|
|
global $user;
|
|
if ($user->System() == 'None') {
|
|
throw new UnauthorizedException(__('Insufficient Privileges'));
|
|
return;
|
|
}
|
|
$roles = $this->Paginator->paginate('Role');
|
|
|
|
$this->set(compact('roles'));
|
|
}
|
|
|
|
/**
|
|
* view method
|
|
*
|
|
* @throws NotFoundException
|
|
* @param string $id
|
|
* @return void
|
|
*/
|
|
public function view($id = null) {
|
|
$this->Role->recursive = 1;
|
|
|
|
global $user;
|
|
if ($user->System() == 'None') {
|
|
throw new UnauthorizedException(__('Insufficient Privileges'));
|
|
return;
|
|
}
|
|
|
|
if (!$this->Role->exists($id)) {
|
|
throw new NotFoundException(__('Invalid role'));
|
|
}
|
|
|
|
$options = array('conditions' => array('Role.' . $this->Role->primaryKey => $id));
|
|
$role = $this->Role->find('first', $options);
|
|
|
|
$this->set(array(
|
|
'role' => $role,
|
|
'_serialize' => array('role')
|
|
));
|
|
}
|
|
|
|
/**
|
|
* add method
|
|
*
|
|
* @return void
|
|
*/
|
|
public function add() {
|
|
if ($this->request->is('post')) {
|
|
global $user;
|
|
if ($user->System() != 'Edit') {
|
|
throw new UnauthorizedException(__('Insufficient Privileges'));
|
|
return;
|
|
}
|
|
|
|
$this->Role->create();
|
|
if ($this->Role->save($this->request->data)) {
|
|
$message = 'Saved';
|
|
} else {
|
|
$message = 'Error';
|
|
// if there is a validation message, use it
|
|
if (!$this->Role->validates()) {
|
|
$message = $this->Role->validationErrors;
|
|
}
|
|
}
|
|
} else {
|
|
$message = 'Add without post data';
|
|
}
|
|
$this->set(array(
|
|
'role' => $this->Role,
|
|
'message' => $message,
|
|
'_serialize' => array('message')
|
|
));
|
|
}
|
|
|
|
/**
|
|
* edit method
|
|
*
|
|
* @throws NotFoundException
|
|
* @param string $id
|
|
* @return void
|
|
*/
|
|
public function edit($id = null) {
|
|
$this->Role->id = $id;
|
|
|
|
global $user;
|
|
if ($user->System() != 'Edit') {
|
|
throw new UnauthorizedException(__('Insufficient Privileges'));
|
|
return;
|
|
}
|
|
|
|
if (!$this->Role->exists($id)) {
|
|
throw new NotFoundException(__('Invalid role'));
|
|
}
|
|
|
|
if ($this->request->is('post') || $this->request->is('put')) {
|
|
if ($this->Role->save($this->request->data)) {
|
|
$message = 'Saved';
|
|
} else {
|
|
$message = 'Error';
|
|
if (!$this->Role->validates()) {
|
|
$message = $this->Role->validationErrors;
|
|
}
|
|
}
|
|
} else {
|
|
$this->request->data = $this->Role->read(null, $id);
|
|
}
|
|
|
|
$this->set(array(
|
|
'message' => $message,
|
|
'_serialize' => array('message')
|
|
));
|
|
}
|
|
|
|
/**
|
|
* delete method
|
|
*
|
|
* @throws NotFoundException
|
|
* @param string $id
|
|
* @return void
|
|
*/
|
|
public function delete($id = null) {
|
|
$this->Role->id = $id;
|
|
|
|
global $user;
|
|
if ($user->System() != 'Edit') {
|
|
throw new UnauthorizedException(__('Insufficient Privileges'));
|
|
return;
|
|
}
|
|
if (!$this->Role->exists()) {
|
|
throw new NotFoundException(__('Invalid role'));
|
|
}
|
|
$this->request->allowMethod('post', 'delete');
|
|
if ($this->Role->delete()) {
|
|
$message = 'The role has been deleted.';
|
|
} else {
|
|
$message = 'The role could not be deleted. Please, try again.';
|
|
}
|
|
$this->set(array(
|
|
'message' => $message,
|
|
'_serialize' => array('message')
|
|
));
|
|
}
|
|
} # end class RolesController
|