Add policy to allow users to delete history logs

Kristan Kenney · Kristan Kenney · commit c927d2cb1dfe · 2021-03-28T23:39:59.000-03:00
diff --git a/bin/v-list-sys-config b/bin/v-list-sys-config
@@ -77,7 +77,8 @@ json_list() {
         "API_ALLOWED_IP": "'$API_ALLOWED_IP'",
         "RESTRICTED_ADMIN": "'$RESTRICTED_ADMIN'",
         "HIDE_ADMIN_ACCOUNT": "'$HIDE_ADMIN_ACCOUNT'",
-        "POLICY_USER_EDIT_DETAILS": "'$POLICY_USER_EDIT_DETAILS'"
+        "POLICY_USER_EDIT_DETAILS": "'$POLICY_USER_EDIT_DETAILS'",
+        "POLICY_USER_DELETE_LOGS": "'$POLICY_USER_DELETE_LOGS'"
     }
     }'
 }
diff --git a/web/templates/admin/list_log.html b/web/templates/admin/list_log.html
@@ -17,19 +17,21 @@
     <? if (($_SESSION['userContext'] === 'admin') && ($_SESSION['user'] !== 'admin') && ($_SESSION['RESTRICTED_ADMIN'] === 'yes')) {?>
       <!-- Hide delete buttons-->
     <? } else { ?>
-      <div class="actions-panel display-inline-block" key-action="js">
-        <a class="data-controls do_delete ui-button danger cancel">
-          <i class="do_delete fas fa-times-circle status-icon red"></i><?=_('Delete')?>
-          <? if (($_SESSION['userContext'] === 'admin') && ($_GET['user'] === 'admin')) {?>
-            <input type="hidden" name="delete_url" value="/delete/log/?user=admin&token=<?=$_SESSION['token']?>" />
-          <? } else { ?>
-            <input type="hidden" name="delete_url" value="/delete/log/?token=<?=$_SESSION['token']?>" />
-          <? } ?>
-            <div class="confirmation-text-delete hidden" title="<?=_('Confirmation')?>">
-              <p class="confirmation"><?=_('DELETE_LOGS_CONFIRMATION')?></p>
-            </div>
-          </a>
-        </div>
+      <? if (($_SESSION['userContext'] === 'admin') || (($_SESSION['userContext'] === 'user') && ($_SESSION['POLICY_USER_DELETE_LOGS'] === 'yes'))) {?>
+        <div class="actions-panel display-inline-block" key-action="js">
+          <a class="data-controls do_delete ui-button danger cancel">
+            <i class="do_delete fas fa-times-circle status-icon red"></i><?=_('Delete')?>
+            <? if (($_SESSION['userContext'] === 'admin') && ($_GET['user'] === 'admin')) {?>
+              <input type="hidden" name="delete_url" value="/delete/log/?user=admin&token=<?=$_SESSION['token']?>" />
+            <? } else { ?>
+              <input type="hidden" name="delete_url" value="/delete/log/?token=<?=$_SESSION['token']?>" />
+            <? } ?>
+              <div class="confirmation-text-delete hidden" title="<?=_('Confirmation')?>">
+                <p class="confirmation"><?=_('DELETE_LOGS_CONFIRMATION')?></p>
+              </div>
+            </a>
+          </div>
+        <? } ?>
       <? } ?>
     </div>
   </div>
diff --git a/web/templates/admin/list_log_auth.html b/web/templates/admin/list_log_auth.html
@@ -8,15 +8,17 @@
       <? if (($_SESSION['userContext'] === 'admin') && ($_SESSION['look'] === 'admin') && ($_SESSION['RESTRICTED_ADMIN'] === 'yes')) {?>
               <!-- Hide delete buttons-->
       <? } else { ?>
-        <div class="actions-panel display-inline-block" key-action="js">
-          <a class="data-controls do_delete ui-button danger cancel">
-            <i class="do_delete fas fa-times-circle status-icon red"></i><?=_('Delete')?>
-            <input type="hidden" name="delete_url" value="/delete/log/auth/?token=<?=$_SESSION['token']?>" />
-              <div class="confirmation-text-delete hidden" title="<?=_('Confirmation')?>">
-                <p class="confirmation"><?=_('DELETE_LOGS_CONFIRMATION')?></p>
-              </div>
-          </a>
-        </div>
+        <? if (($_SESSION['userContext'] === 'admin') || (($_SESSION['userContext'] === 'user') && ($_SESSION['POLICY_USER_DELETE_LOGS'] === 'yes'))) {?>
+          <div class="actions-panel display-inline-block" key-action="js">
+            <a class="data-controls do_delete ui-button danger cancel">
+              <i class="do_delete fas fa-times-circle status-icon red"></i><?=_('Delete')?>
+              <input type="hidden" name="delete_url" value="/delete/log/auth/?token=<?=$_SESSION['token']?>" />
+                <div class="confirmation-text-delete hidden" title="<?=_('Confirmation')?>">
+                  <p class="confirmation"><?=_('DELETE_LOGS_CONFIRMATION')?></p>
+                </div>
+            </a>
+          </div>
+        <? } ?>
       <? } ?>
     </div>
   </div>
diff --git a/web/templates/user/list_log.html b/web/templates/user/list_log.html
@@ -6,6 +6,17 @@
     </div>
     <div class="l-unit-toolbar__buttonstrip float-right">
       <a href="javascript:location.reload();" class="ui-button cancel" dir="ltr"><i class="fas fa-redo status-icon green"></i><?=_('Refresh')?></a>
+      <? if (($_SESSION['userContext'] === 'user') && ($_SESSION['POLICY_USER_DELETE_LOGS'] === 'yes')) {?>
+        <div class="actions-panel display-inline-block" key-action="js">
+          <a class="data-controls do_delete ui-button danger cancel">
+            <i class="do_delete fas fa-times-circle status-icon red"></i><?=_('Delete')?>
+              <input type="hidden" name="delete_url" value="/delete/log/?token=<?=$_SESSION['token']?>" />
+              <div class="confirmation-text-delete hidden" title="<?=_('Confirmation')?>">
+                <p class="confirmation"><?=_('DELETE_LOGS_CONFIRMATION')?></p>
+              </div>
+            </a>
+          </div>
+        <? } ?>
     </div>
   </div>
 </div>
diff --git a/web/templates/user/list_log_auth.html b/web/templates/user/list_log_auth.html
@@ -5,6 +5,17 @@
     </div>
     <div class="l-unit-toolbar__buttonstrip float-right">
       <a href="javascript:location.reload();" class="ui-button cancel" dir="ltr"><i class="fas fa-redo status-icon green"></i><?=_('Refresh')?></a>
+      <? if (($_SESSION['userContext'] === 'user') && ($_SESSION['POLICY_USER_DELETE_LOGS'] === 'yes')) {?>
+        <div class="actions-panel display-inline-block" key-action="js">
+          <a class="data-controls do_delete ui-button danger cancel">
+            <i class="do_delete fas fa-times-circle status-icon red"></i><?=_('Delete')?>
+              <input type="hidden" name="delete_url" value="/delete/log/auth/?token=<?=$_SESSION['token']?>" />
+              <div class="confirmation-text-delete hidden" title="<?=_('Confirmation')?>">
+                <p class="confirmation"><?=_('DELETE_LOGS_CONFIRMATION')?></p>
+              </div>
+            </a>
+          </div>
+        <? } ?>
     </div>
   </div>
 </div>

Original file line number	Diff line number	Diff line change
`@@ -77,7 +77,8 @@ json_list() {`
`77`	`77`	`"API_ALLOWED_IP": "'$API_ALLOWED_IP'",`
`78`	`78`	`"RESTRICTED_ADMIN": "'$RESTRICTED_ADMIN'",`
`79`	`79`	`"HIDE_ADMIN_ACCOUNT": "'$HIDE_ADMIN_ACCOUNT'",`
`80`		`- "POLICY_USER_EDIT_DETAILS": "'$POLICY_USER_EDIT_DETAILS'"`
	`80`	`+ "POLICY_USER_EDIT_DETAILS": "'$POLICY_USER_EDIT_DETAILS'",`
	`81`	`+ "POLICY_USER_DELETE_LOGS": "'$POLICY_USER_DELETE_LOGS'"`
`81`	`82`	`}`
`82`	`83`	`}'`
`83`	`84`	`}`