From c6542c0698c882f51ca23f7585bbfd3e6d286492 Mon Sep 17 00:00:00 2001 From: yuri Date: Mon, 27 Jul 2015 11:02:42 +0300 Subject: [PATCH] restrictedMode --- application/Espo/Controllers/Admin.php | 12 +++++++++- application/Espo/Controllers/Extension.php | 24 +++++++++++++++---- application/Espo/Core/defaults/config.php | 1 + .../Espo/Core/defaults/systemConfig.php | 3 ++- .../metadata/entityDefs/Settings.json | 4 ++++ .../Resources/metadata/entityDefs/User.json | 8 ++++++- application/Espo/SelectManagers/User.php | 3 +++ application/Espo/Services/User.php | 13 ++++++++++ frontend/client/res/templates/admin/index.tpl | 2 +- frontend/client/src/views/admin/index.js | 4 +++- 10 files changed, 64 insertions(+), 10 deletions(-) diff --git a/application/Espo/Controllers/Admin.php b/application/Espo/Controllers/Admin.php index b4b087d9de..3f58f189a9 100644 --- a/application/Espo/Controllers/Admin.php +++ b/application/Espo/Controllers/Admin.php @@ -57,6 +57,11 @@ class Admin extends \Espo\Core\Controllers\Base public function actionUploadUpgradePackage($params, $data) { + if ($this->getConfig('restrictedMode')) { + if (!$this->getUser()->get('isSuperAdmin')) { + throw new Forbidden(); + } + } $upgradeManager = new \Espo\Core\UpgradeManager($this->getContainer()); $upgradeId = $upgradeManager->upload($data); @@ -70,8 +75,13 @@ class Admin extends \Espo\Core\Controllers\Base public function actionRunUpgrade($params, $data) { - $upgradeManager = new \Espo\Core\UpgradeManager($this->getContainer()); + if ($this->getConfig('restrictedMode')) { + if (!$this->getUser()->get('isSuperAdmin')) { + throw new Forbidden(); + } + } + $upgradeManager = new \Espo\Core\UpgradeManager($this->getContainer()); $upgradeManager->install($data); return true; diff --git a/application/Espo/Controllers/Extension.php b/application/Espo/Controllers/Extension.php index d431b2a0f7..cbc240f493 100644 --- a/application/Espo/Controllers/Extension.php +++ b/application/Espo/Controllers/Extension.php @@ -58,6 +58,11 @@ class Extension extends \Espo\Core\Controllers\Record if (!$request->isPost()) { throw new Forbidden(); } + if ($this->getConfig('restrictedMode')) { + if (!$this->getUser()->get('isSuperAdmin')) { + throw new Forbidden(); + } + } $manager = new \Espo\Core\ExtensionManager($this->getContainer()); @@ -71,11 +76,14 @@ class Extension extends \Espo\Core\Controllers\Record if (!$request->isPost()) { throw new Forbidden(); } + if ($this->getConfig('restrictedMode')) { + if (!$this->getUser()->get('isSuperAdmin')) { + throw new Forbidden(); + } + } $manager = new \Espo\Core\ExtensionManager($this->getContainer()); - $manager->uninstall($data); - return true; } @@ -99,12 +107,18 @@ class Extension extends \Espo\Core\Controllers\Record throw new Forbidden(); } - public function actionDelete($params) + public function actionDelete($params, $data, $request) { + if (!$request->isDelete()) { + throw BadRequest(); + } + if ($this->getConfig('restrictedMode')) { + if (!$this->getUser()->get('isSuperAdmin')) { + throw new Forbidden(); + } + } $manager = new \Espo\Core\ExtensionManager($this->getContainer()); - $manager->delete($params); - return true; } diff --git a/application/Espo/Core/defaults/config.php b/application/Espo/Core/defaults/config.php index c4da432771..358246646c 100644 --- a/application/Espo/Core/defaults/config.php +++ b/application/Espo/Core/defaults/config.php @@ -101,6 +101,7 @@ return array ( 'maxEmailAccountCount' => 2, 'followCreatedEntities' => false, 'b2cMode' => false, + 'restrictedMode' => false, 'isInstalled' => false, ); diff --git a/application/Espo/Core/defaults/systemConfig.php b/application/Espo/Core/defaults/systemConfig.php index ffcbaff116..5253a72fcf 100644 --- a/application/Espo/Core/defaults/systemConfig.php +++ b/application/Espo/Core/defaults/systemConfig.php @@ -84,7 +84,8 @@ return array ( 'permissionMap', 'permissionRules', 'passwordSalt', - 'cryptKey' + 'cryptKey', + 'restrictedMode' ), 'adminItems' => array ( diff --git a/application/Espo/Resources/metadata/entityDefs/Settings.json b/application/Espo/Resources/metadata/entityDefs/Settings.json index 7110f076a7..2160b72173 100644 --- a/application/Espo/Resources/metadata/entityDefs/Settings.json +++ b/application/Espo/Resources/metadata/entityDefs/Settings.json @@ -232,6 +232,10 @@ "type": "bool", "default": false, "tooltip": true + }, + "restrictedMode": { + "type": "bool", + "default": false } } } diff --git a/application/Espo/Resources/metadata/entityDefs/User.json b/application/Espo/Resources/metadata/entityDefs/User.json index 96174751eb..5ab99430db 100644 --- a/application/Espo/Resources/metadata/entityDefs/User.json +++ b/application/Espo/Resources/metadata/entityDefs/User.json @@ -18,7 +18,8 @@ "password": { "type": "password", "maxLength": 150, - "internal": true + "internal": true, + "disabled": true }, "salutationName": { "type": "enum", @@ -40,6 +41,11 @@ "tooltip": true, "default": true }, + "isSuperAdmin": { + "type": "bool", + "default": false, + "disabled": true + }, "title": { "type": "varchar", "maxLength": 100 diff --git a/application/Espo/SelectManagers/User.php b/application/Espo/SelectManagers/User.php index f240474fac..c3100eef46 100644 --- a/application/Espo/SelectManagers/User.php +++ b/application/Espo/SelectManagers/User.php @@ -32,6 +32,9 @@ class User extends \Espo\Core\SelectManagers\Base 'isActive' => true ); } + $result['whereClause'][] = array( + 'isSuperAdmin' => false + ); } protected function filterActive(&$result) diff --git a/application/Espo/Services/User.php b/application/Espo/Services/User.php index 6095bf9089..38e7f1f7fc 100644 --- a/application/Espo/Services/User.php +++ b/application/Espo/Services/User.php @@ -61,6 +61,9 @@ class User extends Record } $entity = parent::getEntity($id); + if ($entity->get('isSuperAdmin') && !$this->getUser()->get('isSuperAdmin')) { + throw new Forbidden(); + } return $entity; } @@ -86,6 +89,10 @@ class User extends Record throw new NotFound(); } + if ($user->get('isSuperAdmin') && !$this->getUser()->get('isSuperAdmin')) { + throw new Forbidden(); + } + if (empty($password)) { throw new Error('Password can\'t be empty.'); } @@ -196,6 +203,9 @@ class User extends Record $newPassword = $data['password']; $data['password'] = $this->hashPassword($data['password']); } + if (!$this->getUser()->get('isSuperAdmin')) { + unset($data['isSuperAdmin']); + } $user = parent::createEntity($data); if (!is_null($newPassword)) { @@ -221,6 +231,9 @@ class User extends Record if ($id == $this->getUser()->id) { unset($data['isActive']); } + if (!$this->getUser()->get('isSuperAdmin')) { + unset($data['isSuperAdmin']); + } $user = parent::updateEntity($id, $data); if (!is_null($newPassword)) { diff --git a/frontend/client/res/templates/admin/index.tpl b/frontend/client/res/templates/admin/index.tpl index 8cbfdb1b4e..5da550055e 100644 --- a/frontend/client/res/templates/admin/index.tpl +++ b/frontend/client/res/templates/admin/index.tpl @@ -17,7 +17,7 @@ {{/each}}
- +
diff --git a/frontend/client/src/views/admin/index.js b/frontend/client/src/views/admin/index.js index ccd470c3b3..d534b20cf1 100644 --- a/frontend/client/src/views/admin/index.js +++ b/frontend/client/src/views/admin/index.js @@ -26,12 +26,14 @@ Espo.define('views/admin/index', 'view', function (Dep) { data: function () { return { - links: this.links + links: this.links, + iframeUrl: this.iframeUrl }; }, setup: function () { this.links = this.getMetadata().get('app.adminPanel'); + this.iframeUrl = '//espocrm.com/news'; }, updatePageTitle: function () {