From: Marcin Haba Date: Thu, 29 Jun 2023 10:02:13 +0000 (+0200) Subject: baculum: Add support for ALL action in console ACL X-Git-Tag: Release-13.0.4~52 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1577caf3f70e145cfcc6cd90500f59a25f381437;p=thirdparty%2Fbacula.git baculum: Add support for ALL action in console ACL --- diff --git a/gui/baculum/protected/API/Modules/BaculaConfigACL.php b/gui/baculum/protected/API/Modules/BaculaConfigACL.php index aeb198cc7..c6b65e8eb 100644 --- a/gui/baculum/protected/API/Modules/BaculaConfigACL.php +++ b/gui/baculum/protected/API/Modules/BaculaConfigACL.php @@ -31,6 +31,11 @@ namespace Baculum\API\Modules; */ class BaculaConfigACL extends APIModule { + /** + * Super-user command ACL. It replaces all other keywords and acctions. + */ + const ROOT_ACL_COMMAND = 'ALL'; + /** * Special config ACL action names. */ @@ -40,6 +45,17 @@ class BaculaConfigACL extends APIModule 'UPDATE', 'DELETE' ]; + + /** + * Check if action is root ACL action. + * + * @param string $action action name + * @return boolean true if action is root type, otherwise false + */ + private function isRootACLAction($action) { + return ($action === self::ROOT_ACL_COMMAND); + } + /** * Validate if request command is allowed. * @@ -56,7 +72,7 @@ class BaculaConfigACL extends APIModule if ($this->validateAction($action)) { $command_acls = $this->getCommandACLs($user_id); for ($i = 0; $i < count($command_acls); $i++) { - if ($command_acls[$i]['action'] === $action && $command_acls[$i]['keyword'] === $resource) { + if (($command_acls[$i]['action'] === $action && $command_acls[$i]['keyword'] === $resource) || $this->isRootACLAction($command_acls[$i]['action'])) { $valid = true; break; } @@ -112,10 +128,17 @@ class BaculaConfigACL extends APIModule for ($i = 0; $i < count($commands); $i++) { // @TODO: Propose using commands in form _ or __ if (preg_match('/^(?P(READ|CREATE|UPDATE|DELETE))_(?P[A-Z]+)$/', $commands[$i], $match) === 1) { + // normal action $command_acls[] = [ 'keyword' => $match['keyword'], 'action' => $match['action'] ]; + } elseif ($this->isRootACLAction($commands[$i])) { + // root action + $command_acls[] = [ + 'keyword' => self::ROOT_ACL_COMMAND, + 'action' => self::ROOT_ACL_COMMAND + ]; } } return $command_acls;