From 5969eb8e3030c822333872f24daa23b9eac1f4f7 Mon Sep 17 00:00:00 2001
From: Dj Padzensky <djpadz@padz.net>
Date: Thu, 14 Jul 2016 13:20:56 -0700
Subject: Added tighter access controls to profile section

---
 app/Template/user_modification/show.php |  8 ++--
 app/Template/user_view/sidebar.php      | 68 ++++++++++++++++++++-------------
 2 files changed, 46 insertions(+), 30 deletions(-)

diff --git a/app/Template/user_modification/show.php b/app/Template/user_modification/show.php
index 396d550d..506c9161 100644
--- a/app/Template/user_modification/show.php
+++ b/app/Template/user_modification/show.php
@@ -11,16 +11,16 @@
     <?= $this->form->text('username', $values, $errors, array('required', isset($values['is_ldap_user']) && $values['is_ldap_user'] == 1 ? 'readonly' : '', 'maxlength="50"')) ?>
 
     <?= $this->form->label(t('Name'), 'name') ?>
-    <?= $this->form->text('name', $values, $errors) ?>
+    <?= $this->form->text('name', $values, $errors, array($this->user->hasAccess('UserModificationController', 'show/edit_name') ? '' : 'readonly')) ?>
 
     <?= $this->form->label(t('Email'), 'email') ?>
-    <?= $this->form->email('email', $values, $errors) ?>
+    <?= $this->form->email('email', $values, $errors, array($this->user->hasAccess('UserModificationController', 'show/edit_email') ? '' : 'readonly')) ?>
 
     <?= $this->form->label(t('Timezone'), 'timezone') ?>
-    <?= $this->form->select('timezone', $timezones, $values, $errors) ?>
+    <?= $this->form->select('timezone', $timezones, $values, $errors, array($this->user->hasAccess('UserModificationController', 'show/edit_timezone') ? '' : 'disabled')) ?>
 
     <?= $this->form->label(t('Language'), 'language') ?>
-    <?= $this->form->select('language', $languages, $values, $errors) ?>
+    <?= $this->form->select('language', $languages, $values, $errors, array($this->user->hasAccess('UserModificationController', 'show/edit_language') ? '' : 'disabled')) ?>
 
     <?php if ($this->user->isAdmin()): ?>
         <?= $this->form->label(t('Role'), 'role') ?>
diff --git a/app/Template/user_view/sidebar.php b/app/Template/user_view/sidebar.php
index d200a7f5..3dc6b7bc 100644
--- a/app/Template/user_view/sidebar.php
+++ b/app/Template/user_view/sidebar.php
@@ -12,18 +12,26 @@
             </li>
         <?php endif ?>
         <?php if ($this->user->isAdmin() || $this->user->isCurrentUser($user['id'])): ?>
-            <li <?= $this->app->checkMenuSelection('UserViewController', 'timesheet') ?>>
-                <?= $this->url->link(t('Time tracking'), 'UserViewController', 'timesheet', array('user_id' => $user['id'])) ?>
-            </li>
-            <li <?= $this->app->checkMenuSelection('UserViewController', 'lastLogin') ?>>
-                <?= $this->url->link(t('Last logins'), 'UserViewController', 'lastLogin', array('user_id' => $user['id'])) ?>
-            </li>
-            <li <?= $this->app->checkMenuSelection('UserViewController', 'sessions') ?>>
-                <?= $this->url->link(t('Persistent connections'), 'UserViewController', 'sessions', array('user_id' => $user['id'])) ?>
-            </li>
-            <li <?= $this->app->checkMenuSelection('UserViewController', 'passwordReset') ?>>
-                <?= $this->url->link(t('Password reset history'), 'UserViewController', 'passwordReset', array('user_id' => $user['id'])) ?>
-            </li>
+            <?php if ($this->user->hasAccess('UserViewController', 'timesheet')): ?>
+                <li <?= $this->app->checkMenuSelection('UserViewController', 'timesheet') ?>>
+                    <?= $this->url->link(t('Time tracking'), 'UserViewController', 'timesheet', array('user_id' => $user['id'])) ?>
+                </li>
+            <?php endif ?>
+            <?php if ($this->user->hasAccess('UserViewController', 'lastLogin')): ?>
+                <li <?= $this->app->checkMenuSelection('UserViewController', 'lastLogin') ?>>
+                    <?= $this->url->link(t('Last logins'), 'UserViewController', 'lastLogin', array('user_id' => $user['id'])) ?>
+                </li>
+            <?php endif ?>
+            <?php if ($this->user->hasAccess('UserViewController', 'sessions')): ?>
+                <li <?= $this->app->checkMenuSelection('UserViewController', 'sessions') ?>>
+                    <?= $this->url->link(t('Persistent connections'), 'UserViewController', 'sessions', array('user_id' => $user['id'])) ?>
+                </li>
+            <?php endif ?>
+            <?php if ($this->user->hasAccess('UserViewController', 'passwordReset')): ?>
+                <li <?= $this->app->checkMenuSelection('UserViewController', 'passwordReset') ?>>
+                    <?= $this->url->link(t('Password reset history'), 'UserViewController', 'passwordReset', array('user_id' => $user['id'])) ?>
+                </li>
+            <?php endif ?>
         <?php endif ?>
 
         <?= $this->hook->render('template:user:sidebar:information', array('user' => $user)) ?>
@@ -42,13 +50,13 @@
                 </li>
             <?php endif ?>
 
-            <?php if ($user['is_ldap_user'] == 0): ?>
+            <?php if ($user['is_ldap_user'] == 0 && $this->user->hasAccess('UserCredentialController', 'changePassword')): ?>
                 <li <?= $this->app->checkMenuSelection('UserCredentialController', 'changePassword') ?>>
                     <?= $this->url->link(t('Change password'), 'UserCredentialController', 'changePassword', array('user_id' => $user['id'])) ?>
                 </li>
             <?php endif ?>
 
-            <?php if ($this->user->isCurrentUser($user['id'])): ?>
+            <?php if ($this->user->isCurrentUser($user['id']) && $this->user->hasAccess('TwoFactorController', 'index')): ?>
                 <li <?= $this->app->checkMenuSelection('TwoFactorController', 'index') ?>>
                     <?= $this->url->link(t('Two factor authentication'), 'TwoFactorController', 'index', array('user_id' => $user['id'])) ?>
                 </li>
@@ -58,18 +66,26 @@
                 </li>
             <?php endif ?>
 
-            <li <?= $this->app->checkMenuSelection('UserViewController', 'share') ?>>
-                <?= $this->url->link(t('Public access'), 'UserViewController', 'share', array('user_id' => $user['id'])) ?>
-            </li>
-            <li <?= $this->app->checkMenuSelection('UserViewController', 'notifications') ?>>
-                <?= $this->url->link(t('Notifications'), 'UserViewController', 'notifications', array('user_id' => $user['id'])) ?>
-            </li>
-            <li <?= $this->app->checkMenuSelection('UserViewController', 'external') ?>>
-                <?= $this->url->link(t('External accounts'), 'UserViewController', 'external', array('user_id' => $user['id'])) ?>
-            </li>
-            <li <?= $this->app->checkMenuSelection('UserViewController', 'integrations') ?>>
-                <?= $this->url->link(t('Integrations'), 'UserViewController', 'integrations', array('user_id' => $user['id'])) ?>
-            </li>
+            <?php if ($this->user->hasAccess('UserViewController', 'share')): ?>
+                <li <?= $this->app->checkMenuSelection('UserViewController', 'share') ?>>
+                    <?= $this->url->link(t('Public access'), 'UserViewController', 'share', array('user_id' => $user['id'])) ?>
+                </li>
+            <?php endif ?>
+            <?php if ($this->user->hasAccess('UserViewController', 'notifications')): ?>
+                <li <?= $this->app->checkMenuSelection('UserViewController', 'notifications') ?>>
+                    <?= $this->url->link(t('Notifications'), 'UserViewController', 'notifications', array('user_id' => $user['id'])) ?>
+                </li>
+            <?php endif ?>
+            <?php if ($this->user->hasAccess('UserViewController', 'external')): ?>
+                <li <?= $this->app->checkMenuSelection('UserViewController', 'external') ?>>
+                    <?= $this->url->link(t('External accounts'), 'UserViewController', 'external', array('user_id' => $user['id'])) ?>
+                </li>
+            <?php endif ?>
+            <?php if ($this->user->hasAccess('UserViewController', 'integrations')): ?>
+                <li <?= $this->app->checkMenuSelection('UserViewController', 'integrations') ?>>
+                    <?= $this->url->link(t('Integrations'), 'UserViewController', 'integrations', array('user_id' => $user['id'])) ?>
+                </li>
+            <?php endif ?>
         <?php endif ?>
 
         <?php if ($this->user->hasAccess('UserCredentialController', 'changeAuthentication')): ?>
-- 
cgit v1.2.3