Add POLICY_SYSTEM_HIDE_SERVICES

Kristan Kenney · Kristan Kenney · commit 30703236eefb · 2021-04-03T12:09:36.000-03:00
diff --git a/bin/v-list-sys-config b/bin/v-list-sys-config
@@ -78,6 +78,7 @@ json_list() {
         "UPDATE_AVAILABLE": "'$UPDATE_AVAILABLE'",
         "POLICY_SYSTEM_PROTECTED_ADMIN": "'$POLICY_SYSTEM_PROTECTED_ADMIN'",
         "POLICY_SYSTEM_HIDE_ADMIN": "'$POLICY_SYSTEM_HIDE_ADMIN'",
+        "POLICY_SYSTEM_HIDE_SERVICES": "'$POLICY_SYSTEM_HIDE_SERVICES'",
         "POLICY_SYSTEM_PASSWORD_RESET": "'$POLICY_SYSTEM_PASSWORD_RESET'",
         "POLICY_USER_EDIT_DETAILS": "'$POLICY_USER_EDIT_DETAILS'",
         "POLICY_USER_DELETE_LOGS": "'$POLICY_USER_DELETE_LOGS'",
diff --git a/web/edit/server/index.php b/web/edit/server/index.php
@@ -778,6 +778,18 @@
         }
     }
 
+
+    // Change POLICY_SYSTEM_HIDE_SERVICES
+    if (empty($_SESSION['error_msg'])) {
+        if ($_POST['v_policy_system_hide_services'] != $_SESSION['POLICY_SYSTEM_HIDE_SERVICES']) {
+            exec (HESTIA_CMD."v-change-sys-config-value POLICY_SYSTEM_HIDE_SERVICES ".escapeshellarg($_POST['v_policy_system_hide_services']), $output, $return_var);
+            check_return_code($return_var,$output);
+            unset($output);
+            if (empty($_SESSION['error_msg'])) $v_policy_system_hide_services = $_POST['v_policy_system_hide_services'];
+            $v_security_adv = 'yes';
+        }
+    }
+
     // Change login style
     if (empty($_SESSION['error_msg'])) {
         if ($_POST['v_login_style'] != $_SESSION['LOGIN_STYLE']) {
diff --git a/web/templates/includes/panel.html b/web/templates/includes/panel.html
@@ -48,10 +48,13 @@
 					</a>
 				</div>
 			<? } ?>
-			<? if (($_SESSION['userContext'] === 'admin') && ($_SESSION['look'] === 'admin')) {?>
-				<!-- Hide 'Server Settings' button when impersonating 'admin' or other users -->
-			<? } else if (($_SESSION['userContext'] === 'admin') && (!isset($_SESSION['look']))) { ?>				
-				<div class="l-menu__item <?php if($TAB == 'SERVER' ) echo 'l-menu__item--active' ?> <?php if($TAB == 'IP' ) echo 'l-menu__item--active' ?> <?php if($TAB == 'RRD' ) echo 'l-menu__item--active' ?> <?php if($TAB == 'FIREWALL' ) echo 'l-menu__item--active' ?>"><a href="/list/server/" class="l-profile__serversettings" title="<?=_('Server')?>"><i class="fas fa-cog"></i></a></div>
+
+			<? if (($_SESSION['userContext'] === 'admin') && ($_SESSION['POLICY_SYSTEM_HIDE_SERVICES'] !== 'yes') || ($_SESSION['user'] === 'admin')) {?>
+				<? if (($_SESSION['userContext'] === 'admin') && (!empty($_SESSION['look']))) {?>
+					<!-- Hide 'Server Settings' button when impersonating 'admin' or other users -->
+				<? } else { ?>				
+					<div class="l-menu__item <?php if($TAB == 'SERVER' ) echo 'l-menu__item--active' ?> <?php if($TAB == 'IP' ) echo 'l-menu__item--active' ?> <?php if($TAB == 'RRD' ) echo 'l-menu__item--active' ?> <?php if($TAB == 'FIREWALL' ) echo 'l-menu__item--active' ?>"><a href="/list/server/" class="l-profile__serversettings" title="<?=_('Server')?>"><i class="fas fa-cog"></i></a></div>
+				<? } ?>
 			<? } ?>
 			<? if (($_SESSION['userContext'] === 'admin') && (isset($_SESSION['look']) && ($user == 'admin'))) {?>
 				<!-- Hide 'edit user' entry point from other administrators for default 'admin' account-->
diff --git a/web/templates/pages/edit_server.html b/web/templates/pages/edit_server.html
@@ -1045,7 +1045,7 @@
                                                         </tr>
                                                         <tr>
                                                             <td class="vst-text input-label">
-                                                                <?php print _('Disable access and hide account from other administrators');?>
+                                                                <?php print _('Hide account from other administrators');?>
                                                             </td>
                                                         </tr>
                                                         <tr>
@@ -1057,6 +1057,20 @@
                                                                 <br><br>
                                                             </td>
                                                         </tr>
+                                                        <tr>
+                                                            <td class="vst-text input-label">
+                                                                <?php print _('Disable Server Settings access for other administrators');?>
+                                                            </td>
+                                                        </tr>
+                                                        <tr>
+                                                            <td>
+                                                                <select class="vst-list" name="v_policy_system_hide_services">
+                                                                    <option value='yes'><?php print _('yes'); ?></option>
+                                                                    <option value='no' <?php if($_SESSION['POLICY_SYSTEM_HIDE_SERVICES'] !== 'yes') echo 'selected' ?>><?php print _('no'); ?></option>
+                                                                </select>
+                                                                <br><br>
+                                                            </td>
+                                                        </tr>
                                                     </table>
                                                 </td>
                                             </tr>
