- Fixed messages and comments in PermissionLib

- JobsQueueManager->addNewJobsToQueue now checks permission to write new jobs in the queue
- Added statuses for system.tbl_jobstatuses in system/dbupdate_3.3.php
- Added permission access type (read/write) in configuration file application/config/jqm.php

application/config/jqm.php

@@ -2,15 +2,12 @@
 
 if (! defined('BASEPATH')) exit('No direct script access allowed');
 
-// White list of permissions that are able to store a spcific job type in database
+// White list of permissions (write mode have to be set) that are able to store a specific job type in database
 $config['job_type_permissions_white_list'] = array(
 	'SAPStammdatenUpdate' => array(
-		'admin'
+		'admin:rw',
+		'developer:rw'
 	),
-	'OEHPayment' => array(
-		'admin'
-	),
-	'SAPPayment' => array(
-		'admin'
-	)
+	'OEHPayment' => 'developer:rw',
+	'SAPPayment' => 'developer:rw'
 );

application/controllers/system/jq/JobsQueueManager.php

@@ -8,6 +8,9 @@ if (!defined('BASEPATH')) exit('No direct script access allowed');
  */
 class JobsQueueManager extends Auth_Controller
 {
+	// Config entry name for White list of permissions...
+	const JOB_TYPE_PERMISSIONS_WHITE_LIST = 'job_type_permissions_white_list';
+
 	/**
 	 * Constructor
 	 */
@@ -15,7 +18,7 @@ class JobsQueueManager extends Auth_Controller
 	{
 		parent::__construct(
 			array(
-				'getJobsByType' => 'admin:r',
+				'getLastJobs' => 'admin:r',
 				'addNewJobsToQueue' => 'admin:rw'
 			)
 		);
@@ -46,6 +49,18 @@ class JobsQueueManager extends Auth_Controller
 		$type = $this->input->post(JobsQueueLib::PARAM_JOB_TYPE);
 		$jobs = $this->input->post(JobsQueueLib::PARAM_JOBS);
 
-		$this->outputJson($this->jobsqueuelib->addNewJobsToQueue($type, $jobs));
+		// Loads permission lib
+		$this->load->library('PermissionLib');
+
+		// Checks if the caller has the permissions to add new jobs with the given type in the queue
+		if (!$this->permissionlib->isEntitled($this->config->item(self::JOB_TYPE_PERMISSIONS_WHITE_LIST), $type))
+		{
+			// Permissions NOT valid
+			$this->outputJsonError('You are not allowed to access to this content');
+		}
+		else // Otherwise call JobsQueueLib library
+		{
+			$this->outputJson($this->jobsqueuelib->addNewJobsToQueue($type, $jobs));
+		}
 	}
 }

application/libraries/PermissionLib.php

@@ -147,7 +147,7 @@ class PermissionLib
 
 								$accessType = '';
 
-								// Checks if the required access type is compliant with the HTTP method (GET => r, POST => w)
+								// Set the access type
 								if (strpos($requiredAccessType, PermissionLib::READ_RIGHT) !== false)
 								{
 									$accessType = PermissionLib::SELECT_RIGHT; // S
@@ -184,12 +184,12 @@ class PermissionLib
 			}
 			else
 			{
-				show_error('The given permission array does not contain the called method or is not correctly set');
+				show_error('The given permission array does not contain the given method or is not correctly set');
 			}
 		}
 		else
 		{
-			show_error('You must give the permissions array as parameter to the constructor of the controller');
+			show_error('The given permissions is not a valid array or it is an empty one');
 		}
 
 		return $checkPermissions;

system/dbupdate_3.3.php

@@ -3853,6 +3853,11 @@ if (!$result = @$db->db_query('SELECT 1 FROM system.tbl_jobstatuses LIMIT 1'))
 			COMMENT ON COLUMN system.tbl_jobstatuses.status IS \'Job status value and primary key\';
 
 			ALTER TABLE ONLY system.tbl_jobstatuses ADD CONSTRAINT pk_jobstatuses PRIMARY KEY (status);
+
+			INSERT INTO system.tbl_jobstatuses(status) VALUES('new');
+			INSERT INTO system.tbl_jobstatuses(status) VALUES('running');
+			INSERT INTO system.tbl_jobstatuses(status) VALUES('done');
+			INSERT INTO system.tbl_jobstatuses(status) VALUES('failed');
 		';
 
 	if (!$db->db_query($qry))