private/nexus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

adasd
All checks were successful
Deploy / deploy-staging (push) Successful in 7s
Details
Deploy / deploy-production (push) Has been skipped
Details

Browse Source
This commit is contained in:
Lars Gebhardt-Kusche
2026-04-14 22:33:49 +02:00
parent 677f9314f5
commit da9a6841e4
4 changed files with 73 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

61
partials/landingpages/modules/access.php Normal file
View File

@@ -0,0 +1,61 @@
<?php
$moduleName = (string)($_GET['module'] ?? '');
$module = modules()->get($moduleName);
$notice = null;
require_admin();
if (!$module) {
http_response_code(404);
echo '<div class="card">Modul nicht gefunden.</div>';
return;
}
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
modules()->saveAuth($moduleName, [
'required' => isset($_POST['auth_required']),
'users' => (string)($_POST['auth_users'] ?? ''),
'groups' => (string)($_POST['auth_groups'] ?? ''),
]);
$notice = 'Zugriff gespeichert.';
$module = modules()->get($moduleName) ?: $module;
}
$authConfig = is_array($module['auth'] ?? null) ? $module['auth'] : ['required' => false, 'users' => [], 'groups' => []];
?>
<div class="card">
<div class="pill">Zugriff</div>
<h1 style="margin-top:.75rem;"><?= e($module['title']) ?> - Zugriffsrechte</h1>
<p class="muted">Diese Seite ist nur fuer eingeloggte Mitglieder der Gruppe <?= e(app()->config()->oidcAdminGroup) ?> verfuegbar.</p>
<?php if ($notice): ?>
<div class="card" style="margin-top:1rem; border-color:var(--accent-2);">
<?= e($notice) ?>
</div>
<?php endif; ?>
<form method="post" style="margin-top:1rem; display:grid; gap:14px; max-width:520px;">
<label class="muted" style="display:flex; align-items:center; gap:10px;">
<input type="checkbox" name="auth_required" value="1" <?= !empty($authConfig['required']) ? 'checked' : '' ?>>
<span>Login fuer dieses Modul erforderlich</span>
</label>
<label class="muted" style="display:grid; gap:6px;">
<span>Erlaubte Benutzer</span>
<textarea name="auth_users" rows="3" placeholder="Keycloak-Sub, Benutzername oder E-Mail, je Zeile oder Komma"><?= e(implode("\n", is_array($authConfig['users'] ?? null) ? $authConfig['users'] : [])) ?></textarea>
</label>
<label class="muted" style="display:grid; gap:6px;">
<span>Erlaubte Gruppen</span>
<textarea name="auth_groups" rows="3" placeholder="/admin oder mining-users, je Zeile oder Komma"><?= e(implode("\n", is_array($authConfig['groups'] ?? null) ? $authConfig['groups'] : [])) ?></textarea>
</label>
<small class="muted">Wenn Login aktiv ist und Benutzer/Gruppen leer bleiben, darf jeder eingeloggte Benutzer das Modul oeffnen.</small>
<div style="display:flex; gap:10px;">
<button class="cta-button" type="submit">Zugriff speichern</button>
<a class="nav-link" href="/modules/setup/<?= e($moduleName) ?>">Setup</a>
<a class="nav-link" href="/modules">Zurück</a>
</div>
</form>
</div>

1
partials/landingpages/modules/index.php
View File

@@ -51,6 +51,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
<div style="margin-top:.75rem; display:flex; gap:10px; flex-wrap:wrap;"> <div style="margin-top:.75rem; display:flex; gap:10px; flex-wrap:wrap;">
<a class="nav-link" href="/module/<?= e($module['name']) ?>">Öffnen</a> <a class="nav-link" href="/module/<?= e($module['name']) ?>">Öffnen</a>
<a class="nav-link" href="/modules/setup/<?= e($module['name']) ?>">Setup</a> <a class="nav-link" href="/modules/setup/<?= e($module['name']) ?>">Setup</a>
<a class="nav-link" href="/modules/access/<?= e($module['name']) ?>">Zugriff</a>
<form method="post" style="margin:0;"> <form method="post" style="margin:0;">
<input type="hidden" name="module" value="<?= e($module['name']) ?>"> <input type="hidden" name="module" value="<?= e($module['name']) ?>">
<button class="cta-button" name="action" value="disable" style="background:var(--panel); color:var(--text);">Deaktivieren</button> <button class="cta-button" name="action" value="disable" style="background:var(--panel); color:var(--text);">Deaktivieren</button>

31
partials/landingpages/modules/setup.php
View File

@@ -93,16 +93,10 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
} }
modules()->saveSettings($moduleName, $payload); modules()->saveSettings($moduleName, $payload);
modules()->saveAuth($moduleName, [
'required' => isset($_POST['auth_required']),
'users' => (string)($_POST['auth_users'] ?? ''),
'groups' => (string)($_POST['auth_groups'] ?? ''),
]);
$notice = 'Setup gespeichert.'; $notice = 'Setup gespeichert.';
$current = array_replace_recursive($current, $payload); $current = array_replace_recursive($current, $payload);
$module = modules()->get($moduleName) ?: $module; $module = modules()->get($moduleName) ?: $module;
} }
$authConfig = is_array($module['auth'] ?? null) ? $module['auth'] : ['required' => false, 'users' => [], 'groups' => []];
?> ?>
<div class="card"> <div class="card">
<div class="pill">Setup</div> <div class="pill">Setup</div>
@@ -127,6 +121,7 @@ $authConfig = is_array($module['auth'] ?? null) ? $module['auth'] : ['required'
$type = (string)($field['type'] ?? 'text'); $type = (string)($field['type'] ?? 'text');
$required = !empty($field['required']); $required = !empty($field['required']);
$help = (string)($field['help'] ?? $field['description'] ?? ''); $help = (string)($field['help'] ?? $field['description'] ?? '');
$postKey = str_replace('.', '_', $name);
$value = ''; $value = '';
if ($name === 'kea_auto_init') { if ($name === 'kea_auto_init') {
@@ -140,11 +135,11 @@ $authConfig = is_array($module['auth'] ?? null) ? $module['auth'] : ['required'
<label class="muted" style="display:grid; gap:6px;"> <label class="muted" style="display:grid; gap:6px;">
<span><?= e($label) ?></span> <span><?= e($label) ?></span>
<?php if ($type === 'textarea'): ?> <?php if ($type === 'textarea'): ?>
<textarea name="<?= e($name) ?>" rows="3" <?= $required ? 'required' : '' ?>><?= e($value) ?></textarea> <textarea name="<?= e($postKey) ?>" rows="3" <?= $required ? 'required' : '' ?>><?= e($value) ?></textarea>
<?php elseif ($type === 'checkbox'): ?> <?php elseif ($type === 'checkbox'): ?>
<input type="checkbox" name="<?= e($name) ?>" value="1" <?= $value === '1' ? 'checked' : '' ?>> <input type="checkbox" name="<?= e($postKey) ?>" value="1" <?= $value === '1' ? 'checked' : '' ?>>
<?php else: ?> <?php else: ?>
<input type="<?= e($type) ?>" name="<?= e($name) ?>" value="<?= e($value) ?>" <?= $required ? 'required' : '' ?>> <input type="<?= e($type) ?>" name="<?= e($postKey) ?>" value="<?= e($value) ?>" <?= $required ? 'required' : '' ?>>
<?php endif; ?> <?php endif; ?>
<?php if ($help !== ''): ?> <?php if ($help !== ''): ?>
<small class="muted"><?= e($help) ?></small> <small class="muted"><?= e($help) ?></small>
@@ -152,25 +147,9 @@ $authConfig = is_array($module['auth'] ?? null) ? $module['auth'] : ['required'
</label> </label>
<?php endforeach; ?> <?php endforeach; ?>
<div class="card" style="padding:14px; background:var(--panel-2); display:grid; gap:12px;">
<strong>Modulzugriff</strong>
<label class="muted" style="display:flex; align-items:center; gap:10px;">
<input type="checkbox" name="auth_required" value="1" <?= !empty($authConfig['required']) ? 'checked' : '' ?>>
<span>Login fuer dieses Modul erforderlich</span>
</label>
<label class="muted" style="display:grid; gap:6px;">
<span>Erlaubte Benutzer</span>
<textarea name="auth_users" rows="3" placeholder="Keycloak-Sub, Benutzername oder E-Mail, je Zeile oder Komma"><?= e(implode("\n", is_array($authConfig['users'] ?? null) ? $authConfig['users'] : [])) ?></textarea>
</label>
<label class="muted" style="display:grid; gap:6px;">
<span>Erlaubte Gruppen</span>
<textarea name="auth_groups" rows="3" placeholder="/admin oder mining-users, je Zeile oder Komma"><?= e(implode("\n", is_array($authConfig['groups'] ?? null) ? $authConfig['groups'] : [])) ?></textarea>
</label>
<small class="muted">Wenn Login aktiv ist und Benutzer/Gruppen leer bleiben, darf jeder eingeloggte Benutzer das Modul oeffnen.</small>
</div>
<div style="display:flex; gap:10px;"> <div style="display:flex; gap:10px;">
<button class="cta-button" type="submit">Speichern</button> <button class="cta-button" type="submit">Speichern</button>
<a class="nav-link" href="/modules/access/<?= e($moduleName) ?>">Zugriff verwalten</a>
<a class="nav-link" href="/modules">Zurück</a> <a class="nav-link" href="/modules">Zurück</a>
</div> </div>
</form> </form>

8
public/index.php
View File

@@ -25,7 +25,8 @@ $publicPaths = [
'module/pi_control/terminal_info', 'module/pi_control/terminal_info',
]; ];
$requiresGlobalAuth = in_array($uriPath, ['settings', 'users', 'modules', 'modules/install', 'modules/sql-import', 'debug', 'exports/database.sql'], true) $requiresGlobalAuth = in_array($uriPath, ['settings', 'users', 'modules', 'modules/install', 'modules/sql-import', 'debug', 'exports/database.sql'], true)
|| str_starts_with($uriPath, 'modules/setup/'); || str_starts_with($uriPath, 'modules/setup/')
|| str_starts_with($uriPath, 'modules/access/');
if (defined('APP_AUTH_ENABLED') && APP_AUTH_ENABLED && $requiresGlobalAuth && !in_array($uriPath, $publicPaths, true)) { if (defined('APP_AUTH_ENABLED') && APP_AUTH_ENABLED && $requiresGlobalAuth && !in_array($uriPath, $publicPaths, true)) {
$user = auth_user(); $user = auth_user();
if (!$user) { if (!$user) {
@@ -94,7 +95,7 @@ if (preg_match('~^api/module-auth/([a-zA-Z0-9_-]+)$~', $uriPath, $moduleAuthMatc
echo json_encode(['error' => 'auth_required'], JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES); echo json_encode(['error' => 'auth_required'], JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES);
exit; exit;
} }
if (!$auth->canAccessModule($moduleMeta)) { if (!auth_is_admin()) {
http_response_code(403); http_response_code(403);
header('Content-Type: application/json; charset=utf-8'); header('Content-Type: application/json; charset=utf-8');
echo json_encode(['error' => 'forbidden'], JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES); echo json_encode(['error' => 'forbidden'], JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES);
@@ -200,6 +201,9 @@ if (str_starts_with($uriPath, 'modules/install')) {
} elseif (str_starts_with($uriPath, 'modules/setup/')) { } elseif (str_starts_with($uriPath, 'modules/setup/')) {
$_GET['module'] = trim(substr($uriPath, strlen('modules/setup/')), '/'); $_GET['module'] = trim(substr($uriPath, strlen('modules/setup/')), '/');
$target = $pagesBase . '/modules/setup.php'; $target = $pagesBase . '/modules/setup.php';
} elseif (str_starts_with($uriPath, 'modules/access/')) {
$_GET['module'] = trim(substr($uriPath, strlen('modules/access/')), '/');
$target = $pagesBase . '/modules/access.php';
} elseif ($uriPath === 'modules/sql-import') { } elseif ($uriPath === 'modules/sql-import') {
$target = $pagesBase . '/modules/sql_import.php'; $target = $pagesBase . '/modules/sql_import.php';
} elseif ($uriPath === 'auth/login') { } elseif ($uriPath === 'auth/login') {