Merge branch 'patch-skip-irrelevant-dashlets' into 'stable-3.1'

Marius Burkard · Marius Burkard · commit 0113a3f37c8a · 2020-03-02T15:35:31.000+01:00
Show harddisk and database quota dashlet only when user has access

See merge request ispconfig/ispconfig3!964
diff --git a/interface/lib/classes/auth.inc.php b/interface/lib/classes/auth.inc.php
@@ -141,12 +141,18 @@ public function remove_group_from_user($userid, $groupid) {
 		}
 	}
 
-	public function check_module_permissions($module) {
+
+       /**
+        * Check that the user has access to the given module.
+        *
+        * @return boolean
+        */
+       public function verify_module_permissions($module)  {
 		// Check if the current user has the permissions to access this module
 		$module = trim(preg_replace('@\s+@', '', $module));
 		$user_modules = explode(',',$_SESSION["s"]["user"]["modules"]);
+               $can_use_module = false;
 		if(strpos($module, ',') !== false){
-			$can_use_module = false;
 			$tmp_modules = explode(',', $module);
 			if(is_array($tmp_modules) && !empty($tmp_modules)){
 				foreach($tmp_modules as $tmp_module){
@@ -158,17 +164,21 @@ public function check_module_permissions($module) {
 					}
 				}
 			}
-			if(!$can_use_module){
-				// echo "LOGIN_REDIRECT:/index.php";
-				header("Location: /index.php");
-				exit;
-			}
-		} else {
-			if(!in_array($module,$user_modules)) {
-				// echo "LOGIN_REDIRECT:/index.php";
-				header("Location: /index.php");
-				exit;
-			}
+               }
+               elseif(in_array($module,$user_modules)) {
+                       $can_use_module = true;
+               }
+               return $can_use_module;
+       }
+
+       /**
+        * Check that the user has access to the given module, redirect and exit on failure.
+        */
+       public function check_module_permissions($module)  {
+               if(!$this->verify_module_permissions($module)) {
+                       // echo "LOGIN_REDIRECT:/index.php";
+                       header("Location: /index.php");
+                       exit;
 		}
 	}
 	
diff --git a/interface/web/dashboard/dashlets/databasequota.php b/interface/web/dashboard/dashlets/databasequota.php
@@ -7,6 +7,9 @@ function show() {
 
 		//* Loading Template
 		$app->uses('tpl,quota_lib');
+               if (!$app->auth->verify_module_permissions('sites')) {
+                       return;
+               }
 
 		$tpl = new tpl;
 		$tpl->newTemplate("dashlets/templates/databasequota.htm");
diff --git a/interface/web/dashboard/dashlets/quota.php b/interface/web/dashboard/dashlets/quota.php
@@ -7,6 +7,9 @@ function show() {
 
 		//* Loading Template
 		$app->uses('tpl,quota_lib');
+               if (!$app->auth->verify_module_permissions('sites')) {
+                       return;
+               }
 
 		$tpl = new tpl;
 		$tpl->newTemplate("dashlets/templates/quota.htm");
