diff --git a/MEMORY.md b/MEMORY.md index 0fed6c0..b686ebb 100644 --- a/MEMORY.md +++ b/MEMORY.md @@ -312,8 +312,11 @@ Il test del pulsante "Test API" continua a restituire 403 Forbidden quando acces - `prepareInputForUpdate()` normalizza anche valori vuoti **File modificati**: -- `src/Server.php`: `showFormFields()`, `showMissingClientsTab()`, `getCachedName()` fix, `getAssetGroupName()`, `getAssetIp()`, `getCachedLocationName()`, `prepareInputForAdd/Update` default fix, icona menu `ti-hard-drives` +- `src/Server.php`: `showFormFields()`, `showMissingClientsTab()`, `getCachedName()` fix, `getAssetGroupName()`, `getAssetIp()`, `getCachedLocationName()`, `prepareInputForAdd/Update` default fix, icona `ti-cloud-up` - `front/server.form.php`: Tab laterali, tab hash JS, breadcrumb admin, navigazione server -- `front/server.php`: Breadcrumb admin, rimosso pulsante "Add" manuale (GLPI lo genera) -- `src/Profile.php`: Icona profilo `ti-hard-drives` -- `src/AssetTab.php`: Icona tab asset `ti-hard-drives` +- `front/server.php`: Breadcrumb admin, rimosso pulsante "Add" manuale +- `src/Profile.php`: Icona `ti-cloud-up` +- `src/AssetTab.php`: Icona `ti-cloud-up` +- **Permessi**: `front/server.form.php` ora usa READ invece di UPDATE per accesso form; View search option + pulsanti Connect nascosti per READ; API username/password nascosti per READ +- **i18n**: aggiunte 17 stringhe mancanti con dominio `urbackup` a tutti i file e .po/.mo (it, en, de) +- **Bug fix**: ServerAsset colonne rimosse, asset.form.php usa disconnectAsset(), `declare(strict_types=1)` in 11 file diff --git a/front/server.form.php b/front/server.form.php index 4dc9b20..f812d15 100644 --- a/front/server.form.php +++ b/front/server.form.php @@ -12,7 +12,7 @@ if (!defined('GLPI_ROOT')) { include_once GLPI_ROOT . "/inc/includes.php"; -if (!Profile::canCurrentUser(UPDATE)) { +if (!Profile::canCurrentUser(READ)) { Html::displayRightError(); } diff --git a/src/AssetTab.php b/src/AssetTab.php index 37fd1b2..077591f 100644 --- a/src/AssetTab.php +++ b/src/AssetTab.php @@ -326,15 +326,19 @@ class AssetTab extends CommonDBTM ): void { echo "
"; + $canWrite = Session::haveRight(self::$rightname, UPDATE) || Session::haveRight(self::$rightname, CREATE); + echo '
'; - echo '
'; - self::showActionsSection($item, $server, $link, $api_data); - echo '
'; + if ($canWrite) { + echo '
'; + self::showActionsSection($item, $server, $link, $api_data); + echo '
'; + } echo '
'; self::showInfoLogSection($api_data); @@ -450,17 +456,6 @@ class AssetTab extends CommonDBTM echo ""; echo ""; - if (!Profile::canCurrentUser(UPDATE) && !Profile::canCurrentUser(CREATE)) { - echo ""; - echo ""; - echo ""; - echo "
" . htmlspecialchars(__('Available actions', 'urbackup')) . "
"; - echo htmlspecialchars(__('You do not have permission for UrBackup actions.', 'urbackup')); - echo "
"; - - return; - } - if (!$api_data['client_found'] && Profile::canCurrentUser(CREATE)) { echo ""; echo "" . htmlspecialchars(__('Create client in UrBackup', 'urbackup')) . ""; diff --git a/src/Server.php b/src/Server.php index faf40b1..0935704 100644 --- a/src/Server.php +++ b/src/Server.php @@ -297,15 +297,17 @@ class Server extends CommonDBTM 'datatype' => 'datetime', ]; - $tab[] = [ - 'id' => 13, - 'table' => self::getTable(), - 'field' => 'id', - 'name' => __('View', 'urbackup'), - 'massiveaction' => false, - 'datatype' => 'raw', - 'searchtype' => 'view', - ]; + if (Session::haveRight(self::$rightname, UPDATE)) { + $tab[] = [ + 'id' => 13, + 'table' => self::getTable(), + 'field' => 'id', + 'name' => __('View', 'urbackup'), + 'massiveaction' => false, + 'datatype' => 'raw', + 'searchtype' => 'view', + ]; + } return $tab; } @@ -431,21 +433,31 @@ class Server extends CommonDBTM echo ""; echo ""; + $canUpdate = Session::haveRight(self::$rightname, UPDATE); + echo ""; echo "" . htmlspecialchars(__('API username', 'urbackup')) . ""; echo ""; - echo Html::input('api_username', [ - 'value' => $this->fields['api_username'] ?? '', - 'size' => 40, - 'autocomplete' => 'off', - ]); + if ($canUpdate) { + echo Html::input('api_username', [ + 'value' => $this->fields['api_username'] ?? '', + 'size' => 40, + 'autocomplete' => 'off', + ]); + } else { + echo htmlspecialchars($this->fields['api_username'] ?? ''); + } echo ""; echo "" . htmlspecialchars(__('API password', 'urbackup')) . ""; echo ""; - echo ""; + if ($canUpdate) { + echo ""; + } else { + echo '******'; + } echo ""; echo ""; @@ -992,6 +1004,8 @@ class Server extends CommonDBTM } } + $canWrite = Session::haveRight(self::$rightname, UPDATE) || Session::haveRight(self::$rightname, CREATE); + echo ''; echo ''; echo ''; @@ -1000,7 +1014,9 @@ class Server extends CommonDBTM echo ''; echo ''; echo ''; - echo ''; + if ($canWrite) { + echo ''; + } echo ''; echo ''; echo ''; @@ -1025,23 +1041,25 @@ class Server extends CommonDBTM echo ''; echo ''; echo ''; - echo ''; } - echo ''; echo ''; } @@ -1053,6 +1071,8 @@ class Server extends CommonDBTM { global $DB; + $canWrite = Session::haveRight(self::$rightname, UPDATE) || Session::haveRight(self::$rightname, CREATE); + $apiStatus = (int) ($server->fields['last_api_status'] ?? 0); if ($apiStatus !== 1) { echo '
'; @@ -1196,7 +1216,9 @@ class Server extends CommonDBTM echo '
'; echo ''; echo ''; - echo ''; + if ($canWrite) { + echo ''; + } echo ''; echo ''; @@ -1222,17 +1244,19 @@ class Server extends CommonDBTM echo ''; echo ''; echo ''; - echo ''; + if ($canWrite) { + echo ''; + } echo ''; }
' . htmlspecialchars(__('Status', 'urbackup')) . '' . htmlspecialchars(__('Last backup', 'urbackup')) . '' . htmlspecialchars(__('IP address', 'urbackup')) . '' . htmlspecialchars(__('Actions', 'urbackup')) . '' . htmlspecialchars(__('Actions', 'urbackup')) . '
' . $statusHtml . '' . htmlspecialchars($lastBackup ?: '-') . '' . htmlspecialchars($clientIp ?: '-') . ''; - if (isset($linkableAssets[$clientNameLower])) { - $match = $linkableAssets[$clientNameLower]; - $formAction = PLUGIN_URBACKUP_WEB_DIR . '/front/server.form.php'; - echo '
'; - echo Html::hidden('_glpi_csrf_token', ['value' => Session::getNewCSRFToken()]); - echo Html::hidden('itemtype', ['value' => $match['itemtype']]); - echo Html::hidden('items_id', ['value' => $match['items_id']]); - echo Html::hidden('id', ['value' => (int) $server->fields['id']]); - echo ''; - Html::closeForm(); - } else { - echo ''; + if ($canWrite) { + echo '
'; + if (isset($linkableAssets[$clientNameLower])) { + $match = $linkableAssets[$clientNameLower]; + $formAction = PLUGIN_URBACKUP_WEB_DIR . '/front/server.form.php'; + echo ''; + echo Html::hidden('_glpi_csrf_token', ['value' => Session::getNewCSRFToken()]); + echo Html::hidden('itemtype', ['value' => $match['itemtype']]); + echo Html::hidden('items_id', ['value' => $match['items_id']]); + echo Html::hidden('id', ['value' => (int) $server->fields['id']]); + echo ''; + Html::closeForm(); + } else { + echo ''; + } + echo '
' . htmlspecialchars(State::getTypeName(1)) . ' ' . htmlspecialchars(User::getTypeName(1)) . ' ' . htmlspecialchars(Group::getTypeName(1)) . ' ' . htmlspecialchars(__('Actions', 'urbackup')) . '' . htmlspecialchars(__('Actions', 'urbackup')) . '
' . htmlspecialchars($asset['state']) . '' . htmlspecialchars($asset['user']) . '' . htmlspecialchars($asset['group']) . ''; - echo ''; - echo Html::hidden('_glpi_csrf_token', ['value' => Session::getNewCSRFToken()]); - echo Html::hidden('itemtype', ['value' => $asset['itemtype']]); - echo Html::hidden('items_id', ['value' => $asset['items_id']]); - echo Html::hidden('id', ['value' => (int) $server->fields['id']]); - echo ''; - Html::closeForm(); - echo ''; + echo ''; + echo Html::hidden('_glpi_csrf_token', ['value' => Session::getNewCSRFToken()]); + echo Html::hidden('itemtype', ['value' => $asset['itemtype']]); + echo Html::hidden('items_id', ['value' => $asset['items_id']]); + echo Html::hidden('id', ['value' => (int) $server->fields['id']]); + echo ''; + Html::closeForm(); + echo '