Tickets :: [#9350] Finer grained Admin privileges through permission api

unknown

5/19/25

Summary	Finer grained Admin privileges through permission api
Queue	Horde Base
Queue Version	Git master
Type	Enhancement
State	Resolved
Priority	1. Low
Owners	Horde Developers (at)
Requester	ralf.lang (at) ralf-lang (dot) de
Created	10/29/2010 (5316 days ago)
Due
Updated	06/14/2011 (5088 days ago)
Assigned	04/12/2011 (5151 days ago)
Resolved	06/14/2011 (5088 days ago)
Milestone	4.1
Patch	Yes

06/14/2011 02:58:29 PM	Ralf Lang	Comment #15 State ⇒ Resolved	Reply to this comment
This went into horde 4.0.6

06/03/2011 08:31:57 PM	Git Commit	Comment #14	Reply to this comment
Changes have been made in Git for this ticket: Show specific admin privileges a user has permission to (~~Enhancement #9350~~) 3 files changed, 5 insertions(+), 2 deletions(-) http://git.horde.org/horde-git/-/commit/2496dd30a15424a9b4a8947a5785bbbb155e89d1

06/03/2011 07:47:56 PM	Git Commit	Comment #13	Reply to this comment
Changes have been made in Git for this ticket: [#9350] Finer grained Admin privileges through permission api 20 files changed, 139 insertions(+), 34 deletions(-) http://git.horde.org/horde-git/-/commit/732460138f14dce101fcb82011f2035607f0aa6b

05/23/2011 02:11:11 PM	Ralf Lang	Comment #12 New Attachment: horde4-finer-graind-admin.patch	Reply to this comment
This patch is against Horde 4, 82e759e1813871b65962aa70a8900da5c96729c7

05/22/2011 05:15:46 PM	Jan Schneider	Comment #11	Reply to this comment
1) would work without having to change the API and adding BC checks.

05/18/2011 08:36:22 AM	Ralf Lang	Comment #10	Reply to this comment
If you want to be able to actually assign these new permissions to users/groups in Horde, i.e. via Administration->Permissions, then they have to be added to the permission tree of the horde application. You can do that by applying the attached patch to lib/api.php. The patch was created for horde 3.3.8. You might need some fuziness when applying it to other versions of horde. I have discussed this with Jan on LinuxTag and it looks like porting finer grained Admin to Horde4 would require some change: Either 1) we need AppInit without the admin flag and then manually check if admin flag OR a specific permission is set or 2) we enhance AppInit and allow it to check for the required permission. Provided there is a decision which way to go, I would volunteer.

04/12/2011 05:42:51 PM	Jan Schneider	Version ⇒ Git master State ⇒ Assigned Assigned to Horde Developers Milestone ⇒ 4.1

03/24/2011 11:45:48 AM	admin (at) oscardijkhoff (dot) nl	Comment #9 New Attachment: horde-finer-grained-admin-privileges-tree.patch	Reply to this comment
If you want to be able to actually assign these new permissions to users/groups in Horde, i.e. via Administration->Permissions, then they have to be added to the permission tree of the horde application. You can do that by applying the attached patch to lib/api.php. The patch was created for horde 3.3.8. You might need some fuziness when applying it to other versions of horde.

03/24/2011 11:36:21 AM	admin (at) oscardijkhoff (dot) nl	Comment #8 New Attachment: horde-finer-grained-admin-privileges-3.3.11-corrected.patch	Reply to this comment
There is an opening bracket missing in horde-finer-grained-admin-privileges-3.3.11.patch on line 88 just before !$GLOBALS['perms']. This causes a blank frame when trying to edit permissions. I have attached a corrected version of the patch.

12/16/2010 11:56:51 AM	lang (at) b1-systems (dot) de	Comment #7 New Attachment: horde-finer-grained-admin-privileges-3.3.11.patch	Reply to this comment
Dropped the CVS clutter from the patch - I'm sorry, didn't notice

12/16/2010 10:56:20 AM	lang (at) b1-systems (dot) de	Comment #6 New Attachment: horde-finer-grained-admin-privileges[2].patch	Reply to this comment
2nd file horde-finer-grained-admin-privileges.patch

12/16/2010 10:55:43 AM	lang (at) b1-systems (dot) de	Comment #5 New Attachment: horde-fatal-on-admin-3.3.11.patch	Reply to this comment
Apply horde-fatal-on-admin-3.3.11.patch first, then apply horde-finer-grained-admin-privileges.patch Works smoothly against 3.3.11 without fuzz

12/16/2010 10:51:21 AM	Jan Schneider	Deleted Original Message

12/16/2010 10:50:55 AM	Jan Schneider	Deleted Original Message

12/16/2010 10:50:50 AM	Jan Schneider	Deleted Original Message

12/03/2010 09:24:17 AM	lang (at) b1-systems (dot) de	Comment #4 New Attachment: horde-finer-grained-admin-privileges[1].patch	Reply to this comment
Please read the CODING_STANDARDS, e.g. no double quote, spaces after commas, no "and". No "and" was not so obvious from the doc. I replaced them with () && () as in your examples. Doublequotes to quotes, spaces added, inline variables to concats

11/25/2010 05:59:12 PM	Jan Schneider	Comment #3 State ⇒ Feedback	Reply to this comment
Please read the CODING_STANDARDS, e.g. no double quote, spaces after commas, no "and".

11/02/2010 09:46:10 AM	Ralf Lang	Comment #2 New Attachment: horde-fatal-on-admin-3.3.10.patch	Reply to this comment
horde-fatal-on-admin-3.3.10.patch adds conversion of Horde::authenticationFailureRedirect() to Horde::Fatal Patch built against a clean 3.3.10, but also is applicable with -F3 against a version with the original patch of this ticket.

10/29/2010 02:03:08 PM	Ralf Lang	Comment #1 Priority ⇒ 1. Low State ⇒ New New Attachment: horde-finer-grained-admin-privileges.patch Patch ⇒ Yes Milestone ⇒ 3.3.11 Queue ⇒ Horde Base Summary ⇒ Finer grained Admin privileges through permission api Type ⇒ Enhancement	Reply to this comment
As a result of the thread [dev] H3 User/Group Administration for moderator type users (see http://lists.horde.org/archives/dev/Week-of-Mon-20101025/025396.html) I created a patch for horde 3.3.10 which allows finer grained admin privileges, for example only access to user and group administration but not to the SQL shell and the permission admin screen. I took this one step further and added modification to the code drawing the sidebar and the top menu of the administration screens.