Project

General

Profile

« Previous | Next » 

Revision 8559c9d9

Added by Jim Pingle over 9 years ago

Fix Dashboard privilege edge case and show full Help menu to users with the Help privilege. Fixes #5909

View differences:

src/etc/inc/authgui.inc
74 74 
/*
75 75 
 * redirect to first allowed page if requesting a wrong url
76 76 
 */
77 

  		




  
  78
  
    
/* Fix this up otherwise the privilege check will fail. See Redmine #5909. */


  		




  
  79
  
    
if ($_SERVER['REQUEST_URI'] == "/") {


  		




  
  80
  
    
	$_SERVER['REQUEST_URI'] = "/index.php";


  		




  
  81
  
    
}


  		




  
  82
  
    

  		




  77
  83
  
    
if (!isAllowedPage($_SERVER['REQUEST_URI'])) {


  		




  78
  84
  
    
	if (count($allowedpages) > 0) {


  		




  79
  85
  
    
		$page = str_replace('*', '', $allowedpages[0]);


  		












  

    
      src/etc/inc/priv/user.priv.inc
    
  





  8
  8
  
    

  		




  9
  9
  
    
$priv_list['page-help-all'] = array();


  		




  10
  10
  
    
$priv_list['page-help-all']['name'] = gettext("WebCfg - Help pages");


  		




  11
  
  
    
$priv_list['page-help-all']['descr'] = gettext("Show all items on help menu");


  		




  
  11
  
    
$priv_list['page-help-all']['descr'] = gettext("Show all items on help menu and allow access to Help shortcut links");


  		




  12
  12
  
    
$priv_list['page-help-all']['match'] = array();


  		




  13
  13
  
    
$priv_list['page-help-all']['match'][] = "*help.php";


  		




  14
  14
  
    

  		












  

    
      src/usr/local/www/head.inc
    
  





  179
  179
  
    
	return $extarray;


  		




  180
  180
  
    
}


  		




  181
  181
  
    

  		




  182
  
  
    
function output_menu($arrayitem, $target = null) {


  		




  
  182
  
    
function output_menu($arrayitem, $target = null, $section = "") {


  		




  183
  183
  
    
	foreach ($arrayitem as $item) {


  		




  184
  
  
    
		if (isAllowedPage($item[1]) || $item[1] == "/index.php?logout") {


  		




  
  184
  
    
		/* If the user has access to help pages, also show the full help menu. See #5909 */


  		




  
  185
  
    
		if (isAllowedPage($item[1]) || $item[1] == "/index.php?logout" || (($section = "Help") && isAllowedPage("help.php"))) {


  		




  185
  186
  
    
			$attr = sprintf("href=\"%s\"", htmlentities($item[1]));


  		




  186
  187
  
    
			if ($target) {


  		




  187
  188
  
    
				$attr .= sprintf(" target=\"%s\"", htmlentities($target));


  		




  ......




  431
  432
  
    
						<?=gettext($item['name'])?>


  		




  432
  433
  
    
						<span class="caret"></span>


  		




  433
  434
  
    
					</a>


  		




  434
  
  
    
					<ul class="dropdown-menu" role="menu"><?=output_menu($item['menu'], $item['href'])?></ul>


  		




  
  435
  
    
					<ul class="dropdown-menu" role="menu"><?=output_menu($item['menu'], $item['href'], $item['name'])?></ul>


  		




  435
  436
  
    
				</li>


  		




  436
  437
  
    
			<?php endforeach?>


  		




  437
  438
  
    
			</ul>


  		












Also available in:  Unified diff