summaryrefslogtreecommitdiff
path: root/app
diff options
context:
space:
mode:
authorDj Padzensky <djpadz@padz.net>2016-07-14 13:20:56 -0700
committerDj Padzensky <djpadz@padz.net>2016-07-14 13:20:56 -0700
commit5969eb8e3030c822333872f24daa23b9eac1f4f7 (patch)
tree3bacb341f515b214211676689d899172336cd52f /app
parent6e35d8f22aa828b9dcd72d749034754e1a00a525 (diff)
Added tighter access controls to profile section
Diffstat (limited to 'app')
-rw-r--r--app/Template/user_modification/show.php8
-rw-r--r--app/Template/user_view/sidebar.php68
2 files changed, 46 insertions, 30 deletions
diff --git a/app/Template/user_modification/show.php b/app/Template/user_modification/show.php
index 396d550d..506c9161 100644
--- a/app/Template/user_modification/show.php
+++ b/app/Template/user_modification/show.php
@@ -11,16 +11,16 @@
<?= $this->form->text('username', $values, $errors, array('required', isset($values['is_ldap_user']) && $values['is_ldap_user'] == 1 ? 'readonly' : '', 'maxlength="50"')) ?>
<?= $this->form->label(t('Name'), 'name') ?>
- <?= $this->form->text('name', $values, $errors) ?>
+ <?= $this->form->text('name', $values, $errors, array($this->user->hasAccess('UserModificationController', 'show/edit_name') ? '' : 'readonly')) ?>
<?= $this->form->label(t('Email'), 'email') ?>
- <?= $this->form->email('email', $values, $errors) ?>
+ <?= $this->form->email('email', $values, $errors, array($this->user->hasAccess('UserModificationController', 'show/edit_email') ? '' : 'readonly')) ?>
<?= $this->form->label(t('Timezone'), 'timezone') ?>
- <?= $this->form->select('timezone', $timezones, $values, $errors) ?>
+ <?= $this->form->select('timezone', $timezones, $values, $errors, array($this->user->hasAccess('UserModificationController', 'show/edit_timezone') ? '' : 'disabled')) ?>
<?= $this->form->label(t('Language'), 'language') ?>
- <?= $this->form->select('language', $languages, $values, $errors) ?>
+ <?= $this->form->select('language', $languages, $values, $errors, array($this->user->hasAccess('UserModificationController', 'show/edit_language') ? '' : 'disabled')) ?>
<?php if ($this->user->isAdmin()): ?>
<?= $this->form->label(t('Role'), 'role') ?>
diff --git a/app/Template/user_view/sidebar.php b/app/Template/user_view/sidebar.php
index d200a7f5..3dc6b7bc 100644
--- a/app/Template/user_view/sidebar.php
+++ b/app/Template/user_view/sidebar.php
@@ -12,18 +12,26 @@
</li>
<?php endif ?>
<?php if ($this->user->isAdmin() || $this->user->isCurrentUser($user['id'])): ?>
- <li <?= $this->app->checkMenuSelection('UserViewController', 'timesheet') ?>>
- <?= $this->url->link(t('Time tracking'), 'UserViewController', 'timesheet', array('user_id' => $user['id'])) ?>
- </li>
- <li <?= $this->app->checkMenuSelection('UserViewController', 'lastLogin') ?>>
- <?= $this->url->link(t('Last logins'), 'UserViewController', 'lastLogin', array('user_id' => $user['id'])) ?>
- </li>
- <li <?= $this->app->checkMenuSelection('UserViewController', 'sessions') ?>>
- <?= $this->url->link(t('Persistent connections'), 'UserViewController', 'sessions', array('user_id' => $user['id'])) ?>
- </li>
- <li <?= $this->app->checkMenuSelection('UserViewController', 'passwordReset') ?>>
- <?= $this->url->link(t('Password reset history'), 'UserViewController', 'passwordReset', array('user_id' => $user['id'])) ?>
- </li>
+ <?php if ($this->user->hasAccess('UserViewController', 'timesheet')): ?>
+ <li <?= $this->app->checkMenuSelection('UserViewController', 'timesheet') ?>>
+ <?= $this->url->link(t('Time tracking'), 'UserViewController', 'timesheet', array('user_id' => $user['id'])) ?>
+ </li>
+ <?php endif ?>
+ <?php if ($this->user->hasAccess('UserViewController', 'lastLogin')): ?>
+ <li <?= $this->app->checkMenuSelection('UserViewController', 'lastLogin') ?>>
+ <?= $this->url->link(t('Last logins'), 'UserViewController', 'lastLogin', array('user_id' => $user['id'])) ?>
+ </li>
+ <?php endif ?>
+ <?php if ($this->user->hasAccess('UserViewController', 'sessions')): ?>
+ <li <?= $this->app->checkMenuSelection('UserViewController', 'sessions') ?>>
+ <?= $this->url->link(t('Persistent connections'), 'UserViewController', 'sessions', array('user_id' => $user['id'])) ?>
+ </li>
+ <?php endif ?>
+ <?php if ($this->user->hasAccess('UserViewController', 'passwordReset')): ?>
+ <li <?= $this->app->checkMenuSelection('UserViewController', 'passwordReset') ?>>
+ <?= $this->url->link(t('Password reset history'), 'UserViewController', 'passwordReset', array('user_id' => $user['id'])) ?>
+ </li>
+ <?php endif ?>
<?php endif ?>
<?= $this->hook->render('template:user:sidebar:information', array('user' => $user)) ?>
@@ -42,13 +50,13 @@
</li>
<?php endif ?>
- <?php if ($user['is_ldap_user'] == 0): ?>
+ <?php if ($user['is_ldap_user'] == 0 && $this->user->hasAccess('UserCredentialController', 'changePassword')): ?>
<li <?= $this->app->checkMenuSelection('UserCredentialController', 'changePassword') ?>>
<?= $this->url->link(t('Change password'), 'UserCredentialController', 'changePassword', array('user_id' => $user['id'])) ?>
</li>
<?php endif ?>
- <?php if ($this->user->isCurrentUser($user['id'])): ?>
+ <?php if ($this->user->isCurrentUser($user['id']) && $this->user->hasAccess('TwoFactorController', 'index')): ?>
<li <?= $this->app->checkMenuSelection('TwoFactorController', 'index') ?>>
<?= $this->url->link(t('Two factor authentication'), 'TwoFactorController', 'index', array('user_id' => $user['id'])) ?>
</li>
@@ -58,18 +66,26 @@
</li>
<?php endif ?>
- <li <?= $this->app->checkMenuSelection('UserViewController', 'share') ?>>
- <?= $this->url->link(t('Public access'), 'UserViewController', 'share', array('user_id' => $user['id'])) ?>
- </li>
- <li <?= $this->app->checkMenuSelection('UserViewController', 'notifications') ?>>
- <?= $this->url->link(t('Notifications'), 'UserViewController', 'notifications', array('user_id' => $user['id'])) ?>
- </li>
- <li <?= $this->app->checkMenuSelection('UserViewController', 'external') ?>>
- <?= $this->url->link(t('External accounts'), 'UserViewController', 'external', array('user_id' => $user['id'])) ?>
- </li>
- <li <?= $this->app->checkMenuSelection('UserViewController', 'integrations') ?>>
- <?= $this->url->link(t('Integrations'), 'UserViewController', 'integrations', array('user_id' => $user['id'])) ?>
- </li>
+ <?php if ($this->user->hasAccess('UserViewController', 'share')): ?>
+ <li <?= $this->app->checkMenuSelection('UserViewController', 'share') ?>>
+ <?= $this->url->link(t('Public access'), 'UserViewController', 'share', array('user_id' => $user['id'])) ?>
+ </li>
+ <?php endif ?>
+ <?php if ($this->user->hasAccess('UserViewController', 'notifications')): ?>
+ <li <?= $this->app->checkMenuSelection('UserViewController', 'notifications') ?>>
+ <?= $this->url->link(t('Notifications'), 'UserViewController', 'notifications', array('user_id' => $user['id'])) ?>
+ </li>
+ <?php endif ?>
+ <?php if ($this->user->hasAccess('UserViewController', 'external')): ?>
+ <li <?= $this->app->checkMenuSelection('UserViewController', 'external') ?>>
+ <?= $this->url->link(t('External accounts'), 'UserViewController', 'external', array('user_id' => $user['id'])) ?>
+ </li>
+ <?php endif ?>
+ <?php if ($this->user->hasAccess('UserViewController', 'integrations')): ?>
+ <li <?= $this->app->checkMenuSelection('UserViewController', 'integrations') ?>>
+ <?= $this->url->link(t('Integrations'), 'UserViewController', 'integrations', array('user_id' => $user['id'])) ?>
+ </li>
+ <?php endif ?>
<?php endif ?>
<?php if ($this->user->hasAccess('UserCredentialController', 'changeAuthentication')): ?>