openrat-cms

Unnamed repository; edit this file 'description' to name the repository.
Log | Files | Refs | README
commit 6754432fc8d978f16e478c0846f651e47ed97f1d
parent b32fda426ce12634962bb5f4d25dd08c20c8984e
Author: dankert <openrat@jandankert.de>
Date:   Fri,  3 Dec 2021 22:14:36 +0100

Fix: Check rights for adding a project.

Diffstat:

Mmodules/cms/action/project/ProjectEditAction.class.php | 2+-


Mmodules/cms/ui/themes/default/html/views/projectlist/edit.php | 16+++++++++-------


Mmodules/cms/ui/themes/default/html/views/projectlist/edit.tpl.src.xml | 115+++++++++++++++++++++++++++++++++++++++++++------------------------------------


3 files changed, 72 insertions(+), 61 deletions(-)

diff --git a/modules/cms/action/project/ProjectEditAction.class.php b/modules/cms/action/project/ProjectEditAction.class.php
@@ -30,7 +30,7 @@ class ProjectEditAction extends ProjectAction implements Method {
 		$rootFolder = new Folder( $rootFolderId );
 		$rootFolder->load();
 
-		if   ( ! $rootFolder->hasRight( Permission::ACL_PROP )  )
+		if   ( ! $rootFolder->hasRight( Permission::ACL_READ )  )
 			throw new SecurityException();
 	}
 
diff --git a/modules/cms/ui/themes/default/html/views/projectlist/edit.php b/modules/cms/ui/themes/default/html/views/projectlist/edit.php
@@ -49,9 +49,11 @@
       </table>
     </div>
   </div>
-  <div class="<?php echo O::escapeHtml('or-act-clickable or-button-knob') ?>"><?php echo O::escapeHtml('') ?>
-    <a target="<?php echo O::escapeHtml('_self') ?>" data-type="<?php echo O::escapeHtml('dialog') ?>" data-action="<?php echo O::escapeHtml('') ?>" data-method="<?php echo O::escapeHtml('add') ?>" data-id="<?php echo O::escapeHtml('') ?>" data-extra="<?php echo O::escapeHtml('[]') ?>" href="<?php echo O::escapeHtml('') ?>" class="<?php echo O::escapeHtml('or-link') ?>"><?php echo O::escapeHtml('') ?>
-      <i class="<?php echo O::escapeHtml('or-image-icon or-image-icon--method-add') ?>"><?php echo O::escapeHtml('') ?></i>
-      <span><?php echo O::escapeHtml(''.@O::lang('add').'') ?></span>
-    </a>
-  </div>
-\ No newline at end of file
+  <?php $if2=($add); if($if2) {  ?>
+    <div class="<?php echo O::escapeHtml('or-act-clickable or-button-knob') ?>"><?php echo O::escapeHtml('') ?>
+      <a target="<?php echo O::escapeHtml('_self') ?>" data-type="<?php echo O::escapeHtml('dialog') ?>" data-action="<?php echo O::escapeHtml('') ?>" data-method="<?php echo O::escapeHtml('add') ?>" data-id="<?php echo O::escapeHtml('') ?>" data-extra="<?php echo O::escapeHtml('[]') ?>" href="<?php echo O::escapeHtml('') ?>" class="<?php echo O::escapeHtml('or-link') ?>"><?php echo O::escapeHtml('') ?>
+        <i class="<?php echo O::escapeHtml('or-image-icon or-image-icon--method-add') ?>"><?php echo O::escapeHtml('') ?></i>
+        <span><?php echo O::escapeHtml(''.@O::lang('add').'') ?></span>
+      </a>
+    </div>
+   <?php } ?>
+\ No newline at end of file
diff --git a/modules/cms/ui/themes/default/html/views/projectlist/edit.tpl.src.xml b/modules/cms/ui/themes/default/html/views/projectlist/edit.tpl.src.xml
@@ -1,58 +1,67 @@
-<output xmlns="http://www.openrat.de/template" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.openrat.de/template ../../../../../../../template_engine/components/template.xsd">
-  <table>
-    <row header="true">
-      <column header="true" class="table-column-auto">
-        <text value="${message:name}"/>
-      </column>
-		<column header="true" class="table-column-action" />
-    </row>
-    <list list="${projects}" extract="true">
-      <row class="data">
-        <column class="act-clickable">
-          <link type="open" id="${id}" name="${name}" action="project">
-            <image action="project"/>
-            <text value="${name}" maxlength="30"/>
-          </link>
-        </column>
-		  <column class="">
+<output xmlns="http://www.openrat.de/template" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+		xsi:schemaLocation="http://www.openrat.de/template ../../../../../../../template_engine/components/template.xsd">
+	<table>
+		<row header="true">
+			<column header="true" class="table-column-auto">
+				<text value="${message:name}"/>
+			</column>
+			<column header="true" class="table-column-action"/>
+		</row>
+		<list list="${projects}" extract="true">
+			<row class="data">
+				<column class="act-clickable">
+					<!-- Open the project -->
+					<link type="open" id="${id}" name="${name}" action="project">
+						<image action="project"/>
+						<text value="${name}" />
+					</link>
+				</column>
+				<column class="">
 
-			  <part class="button,button--active-on-hover,toolbar-icon,row--on-hover">
-				  <image class="menu-icon" menu="more"/>
-				  <part class="dropdown,button-value">
-				  <part
-					  class="dropdown-entry,act-clickable">
-					  <link type="dialog" id="${id}" title="${message:menu_info_desc}" action="project" subaction="info">
-						  <image method="info"/>
-						  <text class="dropdown-text" value="${message:menu_info}"/>
-					  </link>
-				  </part>
-				  <part
-					  class="dropdown-entry,act-clickable">
-					  <link type="dialog" id="${id}" title="${message:menu_prop_desc}" action="project"  subaction="prop">
-						  <image method="prop"/>
-						  <text class="dropdown-text" value="${message:menu_prop}"/>
-					  </link>
-				  </part>
-				  <part
-					  class="dropdown-entry,act-clickable">
-					  <link type="dialog" id="${id}" title="${message:menu_history_desc}" action="project"  subaction="history">
-						  <image method="history"/>
-						  <text class="dropdown-text" value="${message:menu_history}"/>
-					  </link>
-				  </part>
-				  </part>
-			  </part>
+					<part class="button,button--active-on-hover,toolbar-icon,row--on-hover">
+						<image class="menu-icon" menu="more"/>
+						<part class="dropdown,button-value">
+							<part
+								class="dropdown-entry,act-clickable">
+								<link type="dialog" id="${id}" title="${message:menu_info_desc}" action="project"
+									  subaction="info">
+									<image method="info"/>
+									<text class="dropdown-text" value="${message:menu_info}"/>
+								</link>
+							</part>
+							<part
+								class="dropdown-entry,act-clickable">
+								<link type="dialog" id="${id}" title="${message:menu_prop_desc}" action="project"
+									  subaction="prop">
+									<image method="prop"/>
+									<text class="dropdown-text" value="${message:menu_prop}"/>
+								</link>
+							</part>
+							<part
+								class="dropdown-entry,act-clickable">
+								<link type="dialog" id="${id}" title="${message:menu_history_desc}" action="project"
+									  subaction="history">
+									<image method="history"/>
+									<text class="dropdown-text" value="${message:menu_history}"/>
+								</link>
+							</part>
+						</part>
+					</part>
 
-		  </column>
-      </row>
-    </list>
-  </table>
+				</column>
+			</row>
+		</list>
+	</table>
 
-	<part class="act-clickable,button-knob">
-		<link type="dialog" subaction="add">
-			<image method="add"/>
-			<text value="${message:add}"/>
-		</link>
-	</part>
+	<if value="${add}"><!-- Is it allowed to add a new project? -->
+
+		<!-- Add a new project -->
+		<part class="act-clickable,button-knob">
+			<link type="dialog" subaction="add">
+				<image method="add"/>
+				<text value="${message:add}"/>
+			</link>
+		</part>
+	</if>
 
 </output>