6.0.0-git
2018-12-15

[#9350] Finer grained Admin privileges through permission api
Summary Finer grained Admin privileges through permission api
Queue Horde Base
Queue Version Git master
Type Enhancement
State Resolved
Priority 1. Low
Owners Horde Developers (at)
Requester lang (at) b1-systems (dot) de
Created 2010-10-29 (2969 days ago)
Due
Updated 2011-06-14 (2741 days ago)
Assigned 2011-04-12 (2804 days ago)
Resolved 2011-06-14 (2741 days ago)
Milestone 4.1
Patch Yes

History
2011-06-14 14:58:29 Ralf Lang (B1 Systems GmbH) Comment #15
State ⇒ Resolved
Reply to this comment
This went into horde 4.0.6
2011-06-03 20:31:57 Git Commit Comment #14 Reply to this comment
Changes have been made in Git for this ticket:

Show specific admin privileges a user has permission to (Enhancement #9350)

  3 files changed, 5 insertions(+), 2 deletions(-)
http://git.horde.org/horde-git/-/commit/2496dd30a15424a9b4a8947a5785bbbb155e89d1
2011-06-03 19:47:56 Git Commit Comment #13 Reply to this comment
Changes have been made in Git for this ticket:

[#9350] Finer grained Admin privileges through permission api

  20 files changed, 139 insertions(+), 34 deletions(-)
http://git.horde.org/horde-git/-/commit/732460138f14dce101fcb82011f2035607f0aa6b
2011-05-23 14:11:11 Ralf Lang (B1 Systems GmbH) Comment #12
New Attachment: horde4-finer-graind-admin.patch Download
Reply to this comment
This patch is against Horde 4, 82e759e1813871b65962aa70a8900da5c96729c7
2011-05-22 17:15:46 Jan Schneider Comment #11 Reply to this comment
1) would work without having to change the API and adding BC checks.
2011-05-18 08:36:22 Ralf Lang (B1 Systems GmbH) Comment #10 Reply to this comment
If you want to be able to actually assign these new permissions to 
users/groups in Horde, i.e. via Administration->Permissions, then 
they have to be added to the permission tree of the horde 
application. You can do that by applying the attached patch to 
lib/api.php. The patch was created for horde 3.3.8. You might need 
some fuziness when applying it to other versions of horde.
I have discussed this with Jan on LinuxTag and it looks like porting 
finer grained Admin to Horde4 would require some change:
Either
1) we need AppInit without the admin flag and then manually check if 
admin flag OR a specific permission is set
or
2) we enhance AppInit and allow it to check for the required permission.

Provided there is a decision which way to go, I would volunteer.
2011-04-12 17:42:51 Jan Schneider Assigned to Horde DevelopersHorde Developers
State ⇒ Assigned
Version ⇒ Git master
Milestone ⇒ 4.1
 
2011-03-24 11:45:48 admin (at) oscardijkhoff (dot) nl Comment #9
New Attachment: horde-finer-grained-admin-privileges-tree.patch Download
Reply to this comment
If you want to be able to actually assign these new permissions to 
users/groups in Horde, i.e. via Administration->Permissions, then they 
have to be added to the permission tree of the horde application. You 
can do that by applying the attached patch to lib/api.php. The patch 
was created for horde 3.3.8. You might need some fuziness when 
applying it to other versions of horde.

2011-03-24 11:36:21 admin (at) oscardijkhoff (dot) nl Comment #8
New Attachment: horde-finer-grained-admin-privileges-3.3.11-corrected.patch Download
Reply to this comment
There is an opening bracket missing in 
horde-finer-grained-admin-privileges-3.3.11.patch on line 88 just 
before !$GLOBALS['perms']. This causes a blank frame when trying to 
edit permissions. I have attached a corrected version of the patch.
2010-12-16 11:56:51 lang (at) b1-systems (dot) de Comment #7
New Attachment: horde-finer-grained-admin-privileges-3.3.11.patch Download
Reply to this comment
Dropped the CVS clutter from the patch - I'm sorry, didn't notice
2010-12-16 10:56:20 lang (at) b1-systems (dot) de Comment #6
New Attachment: horde-finer-grained-admin-privileges[2].patch Download
Reply to this comment
2nd file
horde-finer-grained-admin-privileges.patch

2010-12-16 10:55:43 lang (at) b1-systems (dot) de Comment #5
New Attachment: horde-fatal-on-admin-3.3.11.patch Download
Reply to this comment
Apply
horde-fatal-on-admin-3.3.11.patch first,
then apply
horde-finer-grained-admin-privileges.patch

Works smoothly against 3.3.11 without fuzz
2010-12-16 10:51:21 Jan Schneider Deleted Original Message
 
2010-12-16 10:50:55 Jan Schneider Deleted Original Message
 
2010-12-16 10:50:50 Jan Schneider Deleted Original Message
 
2010-12-03 09:24:17 lang (at) b1-systems (dot) de Comment #4
New Attachment: horde-finer-grained-admin-privileges[1].patch
Reply to this comment
Please read the CODING_STANDARDS, e.g. no double quote, spaces after 
commas, no "and".
No "and" was not so obvious from the doc.
I replaced them with () && () as in your examples.
Doublequotes to quotes, spaces added, inline variables to concats
2010-11-25 17:59:12 Jan Schneider Comment #3
State ⇒ Feedback
Reply to this comment
Please read the CODING_STANDARDS, e.g. no double quote, spaces after 
commas, no "and".
2010-11-02 09:46:10 Ralf Lang (B1 Systems GmbH) Comment #2
New Attachment: horde-fatal-on-admin-3.3.10.patch
Reply to this comment
horde-fatal-on-admin-3.3.10.patch adds conversion of 
Horde::authenticationFailureRedirect() to Horde::Fatal

Patch built against a clean 3.3.10, but also is applicable with -F3 
against a version with the original patch of this ticket.
2010-10-29 14:03:08 Ralf Lang (B1 Systems GmbH) Comment #1
Type ⇒ Enhancement
State ⇒ New
Priority ⇒ 1. Low
Summary ⇒ Finer grained Admin privileges through permission api
Queue ⇒ Horde Base
Milestone ⇒ 3.3.11
Patch ⇒ Yes
New Attachment: horde-finer-grained-admin-privileges.patch
Reply to this comment
As a result of the thread

[dev] H3 User/Group Administration for moderator type users (see
http://lists.horde.org/archives/dev/Week-of-Mon-20101025/025396.html)

I created a patch for horde 3.3.10 which allows finer grained admin 
privileges, for example only access to user and group administration 
but not to the SQL shell and the permission admin screen.

I took this one step further and added modification to the code 
drawing the sidebar and the top menu of the administration screens.

Saved Queries