From b78cd7d4439d64e505d6cc9dc6f7035534153f94 Mon Sep 17 00:00:00 2001 From: mgbaybay Date: Tue, 15 Oct 2024 01:29:14 +0800 Subject: [PATCH 1/2] Display: Non-destructive feature should include send command --- lib/Controller/Display.php | 126 +++++++++++++++++--------------- lib/Controller/DisplayGroup.php | 1 + 2 files changed, 67 insertions(+), 60 deletions(-) diff --git a/lib/Controller/Display.php b/lib/Controller/Display.php index d2b92941aa..bc1cb40c89 100644 --- a/lib/Controller/Display.php +++ b/lib/Controller/Display.php @@ -1177,20 +1177,24 @@ public function grid(Request $request, Response $response) ]; } - if ($this->getUser()->featureEnabled('displays.modify') - && $this->getUser()->checkEditable($display) + // Check if limited view access is allowed + if (($this->getUser()->featureEnabled('displays.modify') && $this->getUser()->checkEditable($display)) + || $this->getUser()->featureEnabled('displays.limitedView') ) { if ($this->getUser()->checkPermissionsModifyable($display)) { $display->buttons[] = ['divider' => true]; } - // Wake On LAN - $display->buttons[] = array( - 'id' => 'display_button_wol', - 'url' => $this->urlFor($request, 'display.wol.form', ['id' => $display->displayId]), - 'text' => __('Wake on LAN') - ); + if ($this->getUser()->checkEditable($display)) { + // Wake On LAN + $display->buttons[] = array( + 'id' => 'display_button_wol', + 'url' => $this->urlFor($request, 'display.wol.form', ['id' => $display->displayId]), + 'text' => __('Wake on LAN') + ); + } + // Send Command $display->buttons[] = [ 'id' => 'displaygroup_button_command', 'url' => $this->urlFor($request, 'displayGroup.command.form', ['id' => $display->displayGroupId]), @@ -1214,62 +1218,64 @@ public function grid(Request $request, Response $response) ] ]; - $display->buttons[] = ['divider' => true]; - - $display->buttons[] = [ - 'id' => 'display_button_move_cms', - 'url' => $this->urlFor($request, 'display.moveCms.form', ['id' => $display->displayId]), - 'text' => __('Transfer to another CMS'), - 'multi-select' => true, - 'dataAttributes' => [ - [ - 'name' => 'commit-url', - 'value' => $this->urlFor( - $request, - 'display.moveCms', - ['id' => $display->displayId] - ) - ], - ['name' => 'commit-method', 'value' => 'put'], - ['name' => 'id', 'value' => 'display_button_move_cms'], - ['name' => 'text', 'value' => __('Transfer to another CMS')], - ['name' => 'sort-group', 'value' => 5], - ['name' => 'rowtitle', 'value' => $display->display], - ['name' => 'form-callback', 'value' => 'setMoveCmsMultiSelectFormOpen'] - ] - ]; + if ($this->getUser()->checkEditable($display)) { + $display->buttons[] = ['divider' => true]; - $display->buttons[] = [ - 'multi-select' => true, - 'multiSelectOnly' => true, // Show button only on multi-select menu - 'id' => 'display_button_set_bandwidth', - 'dataAttributes' => [ - [ - 'name' => 'commit-url', - 'value' => $this->urlFor( - $request, - 'display.setBandwidthLimitMultiple' - ) - ], - ['name' => 'commit-method', 'value' => 'post'], - ['name' => 'id', 'value' => 'display_button_set_bandwidth'], - ['name' => 'text', 'value' => __('Set Bandwidth')], - ['name' => 'rowtitle', 'value' => $display->display], - ['name' => 'custom-handler', 'value' => 'XiboMultiSelectPermissionsFormOpen'], - [ - 'name' => 'custom-handler-url', - 'value' => $this->urlFor($request, 'display.setBandwidthLimitMultiple.form') - ], - ['name' => 'content-id-name', 'value' => 'displayId'] - ] - ]; + $display->buttons[] = [ + 'id' => 'display_button_move_cms', + 'url' => $this->urlFor($request, 'display.moveCms.form', ['id' => $display->displayId]), + 'text' => __('Transfer to another CMS'), + 'multi-select' => true, + 'dataAttributes' => [ + [ + 'name' => 'commit-url', + 'value' => $this->urlFor( + $request, + 'display.moveCms', + ['id' => $display->displayId] + ) + ], + ['name' => 'commit-method', 'value' => 'put'], + ['name' => 'id', 'value' => 'display_button_move_cms'], + ['name' => 'text', 'value' => __('Transfer to another CMS')], + ['name' => 'sort-group', 'value' => 5], + ['name' => 'rowtitle', 'value' => $display->display], + ['name' => 'form-callback', 'value' => 'setMoveCmsMultiSelectFormOpen'] + ] + ]; - if ($display->getUnmatchedProperty('isCmsTransferInProgress', false)) { $display->buttons[] = [ - 'id' => 'display_button_move_cancel', - 'url' => $this->urlFor($request, 'display.moveCmsCancel.form', ['id' => $display->displayId]), - 'text' => __('Cancel CMS Transfer'), + 'multi-select' => true, + 'multiSelectOnly' => true, // Show button only on multi-select menu + 'id' => 'display_button_set_bandwidth', + 'dataAttributes' => [ + [ + 'name' => 'commit-url', + 'value' => $this->urlFor( + $request, + 'display.setBandwidthLimitMultiple' + ) + ], + ['name' => 'commit-method', 'value' => 'post'], + ['name' => 'id', 'value' => 'display_button_set_bandwidth'], + ['name' => 'text', 'value' => __('Set Bandwidth')], + ['name' => 'rowtitle', 'value' => $display->display], + ['name' => 'custom-handler', 'value' => 'XiboMultiSelectPermissionsFormOpen'], + [ + 'name' => 'custom-handler-url', + 'value' => $this->urlFor($request, 'display.setBandwidthLimitMultiple.form') + ], + ['name' => 'content-id-name', 'value' => 'displayId'] + ] ]; + + if ($display->getUnmatchedProperty('isCmsTransferInProgress', false)) { + $display->buttons[] = [ + 'id' => 'display_button_move_cancel', + 'url' => $this->urlFor($request, 'display.moveCmsCancel.form', ['id' => $display->displayId]), + 'text' => __('Cancel CMS Transfer'), + ]; + } } } } diff --git a/lib/Controller/DisplayGroup.php b/lib/Controller/DisplayGroup.php index 7de67df679..7a338c8ad3 100644 --- a/lib/Controller/DisplayGroup.php +++ b/lib/Controller/DisplayGroup.php @@ -2445,6 +2445,7 @@ public function commandForm(Request $request, Response $response, $id) if ( !$this->getUser()->checkEditable($displayGroup) && !$this->getUser()->featureEnabled('displaygroup.limitedView') + && !$this->getUser()->featureEnabled('displays.limitedView') ) { throw new AccessDeniedException(); } From 8d93d3e5b36800d349bddd5c16dad9d06775d77f Mon Sep 17 00:00:00 2001 From: mgbaybay Date: Tue, 15 Oct 2024 14:52:46 +0800 Subject: [PATCH 2/2] Display: Add validation in command function --- lib/Controller/DisplayGroup.php | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/Controller/DisplayGroup.php b/lib/Controller/DisplayGroup.php index 7a338c8ad3..06ef929780 100644 --- a/lib/Controller/DisplayGroup.php +++ b/lib/Controller/DisplayGroup.php @@ -2511,6 +2511,7 @@ public function command(Request $request, Response $response, $id) if ( !$this->getUser()->checkEditable($displayGroup) && !$this->getUser()->featureEnabled('displaygroup.limitedView') + && !$this->getUser()->featureEnabled('displays.limitedView') ) { throw new AccessDeniedException(); }