From 3bfe1cdeea79322d4d0c4b52264d24ddd2307250 Mon Sep 17 00:00:00 2001 From: Paolo Date: Thu, 5 Mar 2020 18:48:26 +0100 Subject: [PATCH] - Fixed messages and comments in PermissionLib - JobsQueueManager->addNewJobsToQueue now checks permission to write new jobs in the queue - Added statuses for system.tbl_jobstatuses in system/dbupdate_3.3.php - Added permission access type (read/write) in configuration file application/config/jqm.php --- application/config/jqm.php | 13 +++++-------- .../system/jq/JobsQueueManager.php | 19 +++++++++++++++++-- application/libraries/PermissionLib.php | 6 +++--- system/dbupdate_3.3.php | 5 +++++ 4 files changed, 30 insertions(+), 13 deletions(-) diff --git a/application/config/jqm.php b/application/config/jqm.php index 579fc6987..77d9bb35d 100644 --- a/application/config/jqm.php +++ b/application/config/jqm.php @@ -2,15 +2,12 @@ if (! defined('BASEPATH')) exit('No direct script access allowed'); -// White list of permissions that are able to store a spcific job type in database +// White list of permissions (write mode have to be set) that are able to store a specific job type in database $config['job_type_permissions_white_list'] = array( 'SAPStammdatenUpdate' => array( - 'admin' + 'admin:rw', + 'developer:rw' ), - 'OEHPayment' => array( - 'admin' - ), - 'SAPPayment' => array( - 'admin' - ) + 'OEHPayment' => 'developer:rw', + 'SAPPayment' => 'developer:rw' ); diff --git a/application/controllers/system/jq/JobsQueueManager.php b/application/controllers/system/jq/JobsQueueManager.php index 4e82ff44e..9275fa845 100644 --- a/application/controllers/system/jq/JobsQueueManager.php +++ b/application/controllers/system/jq/JobsQueueManager.php @@ -8,6 +8,9 @@ if (!defined('BASEPATH')) exit('No direct script access allowed'); */ class JobsQueueManager extends Auth_Controller { + // Config entry name for White list of permissions... + const JOB_TYPE_PERMISSIONS_WHITE_LIST = 'job_type_permissions_white_list'; + /** * Constructor */ @@ -15,7 +18,7 @@ class JobsQueueManager extends Auth_Controller { parent::__construct( array( - 'getJobsByType' => 'admin:r', + 'getLastJobs' => 'admin:r', 'addNewJobsToQueue' => 'admin:rw' ) ); @@ -46,6 +49,18 @@ class JobsQueueManager extends Auth_Controller $type = $this->input->post(JobsQueueLib::PARAM_JOB_TYPE); $jobs = $this->input->post(JobsQueueLib::PARAM_JOBS); - $this->outputJson($this->jobsqueuelib->addNewJobsToQueue($type, $jobs)); + // Loads permission lib + $this->load->library('PermissionLib'); + + // Checks if the caller has the permissions to add new jobs with the given type in the queue + if (!$this->permissionlib->isEntitled($this->config->item(self::JOB_TYPE_PERMISSIONS_WHITE_LIST), $type)) + { + // Permissions NOT valid + $this->outputJsonError('You are not allowed to access to this content'); + } + else // Otherwise call JobsQueueLib library + { + $this->outputJson($this->jobsqueuelib->addNewJobsToQueue($type, $jobs)); + } } } diff --git a/application/libraries/PermissionLib.php b/application/libraries/PermissionLib.php index 348c8b87b..09f89abee 100644 --- a/application/libraries/PermissionLib.php +++ b/application/libraries/PermissionLib.php @@ -147,7 +147,7 @@ class PermissionLib $accessType = ''; - // Checks if the required access type is compliant with the HTTP method (GET => r, POST => w) + // Set the access type if (strpos($requiredAccessType, PermissionLib::READ_RIGHT) !== false) { $accessType = PermissionLib::SELECT_RIGHT; // S @@ -184,12 +184,12 @@ class PermissionLib } else { - show_error('The given permission array does not contain the called method or is not correctly set'); + show_error('The given permission array does not contain the given method or is not correctly set'); } } else { - show_error('You must give the permissions array as parameter to the constructor of the controller'); + show_error('The given permissions is not a valid array or it is an empty one'); } return $checkPermissions; diff --git a/system/dbupdate_3.3.php b/system/dbupdate_3.3.php index 0440ee5ff..42a1b531a 100644 --- a/system/dbupdate_3.3.php +++ b/system/dbupdate_3.3.php @@ -3853,6 +3853,11 @@ if (!$result = @$db->db_query('SELECT 1 FROM system.tbl_jobstatuses LIMIT 1')) COMMENT ON COLUMN system.tbl_jobstatuses.status IS \'Job status value and primary key\'; ALTER TABLE ONLY system.tbl_jobstatuses ADD CONSTRAINT pk_jobstatuses PRIMARY KEY (status); + + INSERT INTO system.tbl_jobstatuses(status) VALUES('new'); + INSERT INTO system.tbl_jobstatuses(status) VALUES('running'); + INSERT INTO system.tbl_jobstatuses(status) VALUES('done'); + INSERT INTO system.tbl_jobstatuses(status) VALUES('failed'); '; if (!$db->db_query($qry))