From f9632a66af85bb482ec5a1253adaa37b2c25d856 Mon Sep 17 00:00:00 2001 From: Emmanuel Lacour Date: Mon, 7 Feb 2022 17:52:15 +0100 Subject: [PATCH] Check permissions before allowing users to use this import tool --- Changes | 3 ++ html/Admin/CustomFields/ImportValues.html | 6 ++- .../Elements/Tabs/Privileged | 5 ++- lib/RT/Extension/ImportCustomFieldValues.pm | 2 +- po/fr.po | 50 +++++++++++++--------- po/importcustomfieldvalues.pot | 50 +++++++++++++--------- 6 files changed, 71 insertions(+), 45 deletions(-) diff --git a/Changes b/Changes index c5d4bca..d3d1527 100644 --- a/Changes +++ b/Changes @@ -1,4 +1,7 @@ Revision history for RT-Extension-ImportCustomFieldValues +0.02 2022-02-07 + - Check permissions before allowing users to use this import tool + 0.01 2022-02-07 - Initial release diff --git a/html/Admin/CustomFields/ImportValues.html b/html/Admin/CustomFields/ImportValues.html index 9df496f..6a197e2 100644 --- a/html/Admin/CustomFields/ImportValues.html +++ b/html/Admin/CustomFields/ImportValues.html @@ -73,7 +73,11 @@ my ($title, @results, $values); my $CustomField = RT::CustomField->new( $session{'CurrentUser'} ); unless ( $CustomField->Load( $id ) ) { - Abort("CustomField not found"); + Abort(loc("CustomField not found")); +} +unless ( $session{CurrentUser}->HasRight( Right => 'AdminCustomFieldValues', Object => $CustomField ) + || $session{CurrentUser}->HasRight( Right => 'AdminCustomField', Object => $CustomField ) ) { + Abort(loc("No permissions to edit this customfield values")); } $title = loc( 'Importing values for CustomField [_1]', $CustomField->Name ); my $name = 'Import-'. $CustomField->Id . '-Values'; diff --git a/html/Callbacks/ImportCustomFieldValues/Elements/Tabs/Privileged b/html/Callbacks/ImportCustomFieldValues/Elements/Tabs/Privileged index 60a8d6f..528489f 100644 --- a/html/Callbacks/ImportCustomFieldValues/Elements/Tabs/Privileged +++ b/html/Callbacks/ImportCustomFieldValues/Elements/Tabs/Privileged @@ -4,7 +4,10 @@ if ( $request_path =~ qr{^/Admin/CustomFields/} && $m->request_args->{'id'} && my $tabs = PageMenu; my $CustomField = RT::CustomField->new( $session{'CurrentUser'} ); $CustomField->Load($m->request_args->{'id'}); - if ( $CustomField->Type && $CustomField->Type eq 'Select' ) { + if ( $CustomField->Type && $CustomField->Type eq 'Select' + && ( $session{CurrentUser}->HasRight( Right => 'AdminCustomFieldValues', Object => $CustomField ) + || $session{CurrentUser}->HasRight( Right => 'AdminCustomField', Object => $CustomField ) ) + ) { $tabs->child( 'cf-import-values' => title => loc('Import from CSV'), path => '/Admin/CustomFields/ImportValues.html?id=' . $m->request_args->{'id'} diff --git a/lib/RT/Extension/ImportCustomFieldValues.pm b/lib/RT/Extension/ImportCustomFieldValues.pm index 759381c..1d78311 100644 --- a/lib/RT/Extension/ImportCustomFieldValues.pm +++ b/lib/RT/Extension/ImportCustomFieldValues.pm @@ -2,7 +2,7 @@ use strict; use warnings; package RT::Extension::ImportCustomFieldValues; -our $VERSION = '0.01'; +our $VERSION = '0.02'; RT->AddStyleSheets('importcustomfieldvalues.css'); diff --git a/po/fr.po b/po/fr.po index 4cf9a31..906d066 100644 --- a/po/fr.po +++ b/po/fr.po @@ -5,35 +5,35 @@ msgstr "" "Content-Transfer-Encoding: 8bit\n" #. ($filename) -#: html/Admin/CustomFields/ImportValues.html:98 html/Admin/CustomFields/ImportValues.html~:97 +#: html/Admin/CustomFields/ImportValues.html:101 html/Admin/CustomFields/ImportValues.html~:101 msgid "%1: Wrong file format" msgstr "%1: mauvais format de fichier" -#: html/Admin/CustomFields/ImportValues.html:48 html/Admin/CustomFields/ImportValues.html~:47 +#: html/Admin/CustomFields/ImportValues.html:48 html/Admin/CustomFields/ImportValues.html~:48 msgid "- Column \"Name\" is mandatory, other columns may be empty but must exists" msgstr "- La colonne «Name» est obligatoire, les autre colonnes peuvent être vides mais doivent exister" -#: html/Admin/CustomFields/ImportValues.html:45 html/Admin/CustomFields/ImportValues.html~:44 +#: html/Admin/CustomFields/ImportValues.html:45 html/Admin/CustomFields/ImportValues.html~:45 msgid "- Fields separated by \";\"" msgstr "- Champs séparés par «;»" -#: html/Admin/CustomFields/ImportValues.html:44 +#: html/Admin/CustomFields/ImportValues.html:44 html/Admin/CustomFields/ImportValues.html~:44 msgid "- File encoding: UTF-8" msgstr "- Encodage du fichier: UTF-8" -#: html/Admin/CustomFields/ImportValues.html:46 html/Admin/CustomFields/ImportValues.html~:45 +#: html/Admin/CustomFields/ImportValues.html:46 html/Admin/CustomFields/ImportValues.html~:46 msgid "- No headers" msgstr "- Pas de ligne d'en-tête" -#: html/Admin/CustomFields/ImportValues.html:47 html/Admin/CustomFields/ImportValues.html~:46 +#: html/Admin/CustomFields/ImportValues.html:47 html/Admin/CustomFields/ImportValues.html~:47 msgid "- Using the following columns and order: SortOrder, Name, Description, Category" msgstr "- Utiliser les colonnes suivantes, dans l'order: SortOrder, Nom, Description, Catégorie" -#: html/Admin/CustomFields/ImportValues.html:52 html/Admin/CustomFields/ImportValues.html~:51 +#: html/Admin/CustomFields/ImportValues.html:52 html/Admin/CustomFields/ImportValues.html~:52 msgid "CSV file" msgstr "Fichier CSV" -#: html/Admin/CustomFields/ImportValues.html:38 html/Admin/CustomFields/ImportValues.html:66 html/Admin/CustomFields/ImportValues.html~:38 html/Admin/CustomFields/ImportValues.html~:65 +#: html/Admin/CustomFields/ImportValues.html:38 html/Admin/CustomFields/ImportValues.html:66 html/Admin/CustomFields/ImportValues.html~:38 html/Admin/CustomFields/ImportValues.html~:66 msgid "Cancel" msgstr "Annuler" @@ -45,7 +45,11 @@ msgstr "Catégorie" msgid "Confirm" msgstr "Confirmer" -#: html/Admin/CustomFields/ImportValues.html:56 html/Admin/CustomFields/ImportValues.html~:55 +#: html/Admin/CustomFields/ImportValues.html:76 +msgid "CustomField not found" +msgstr "Champs personalisé non trouvé" + +#: html/Admin/CustomFields/ImportValues.html:56 html/Admin/CustomFields/ImportValues.html~:56 msgid "Default is to add CSV values to existing ones" msgstr "Par défaut les valeurs importées sont ajoutées aux valeurs existantes" @@ -54,40 +58,40 @@ msgid "Description" msgstr "Description" #. ($value_id, $msg) -#: html/Admin/CustomFields/ImportValues.html:156 html/Admin/CustomFields/ImportValues.html~:155 +#: html/Admin/CustomFields/ImportValues.html:159 html/Admin/CustomFields/ImportValues.html~:159 msgid "Error deleting old value %1: %2" msgstr "Erreur lors de la suppression de l'ancienne valeur %1: %2" -#: html/Admin/CustomFields/ImportValues.html:23 html/Admin/CustomFields/ImportValues.html:68 html/Admin/CustomFields/ImportValues.html~:23 html/Admin/CustomFields/ImportValues.html~:67 +#: html/Admin/CustomFields/ImportValues.html:23 html/Admin/CustomFields/ImportValues.html:68 html/Admin/CustomFields/ImportValues.html~:23 html/Admin/CustomFields/ImportValues.html~:68 msgid "Import" msgstr "Importer" -#: html/Callbacks/ImportCustomFieldValues/Elements/Tabs/Privileged:9 +#: html/Callbacks/ImportCustomFieldValues/Elements/Tabs/Privileged:9 html/Callbacks/ImportCustomFieldValues/Elements/Tabs/Privileged~:9 msgid "Import from CSV" msgstr "Importer depuis un CSV" #. ($CustomField->Name) -#: html/Admin/CustomFields/ImportValues.html:78 html/Admin/CustomFields/ImportValues.html~:77 +#: html/Admin/CustomFields/ImportValues.html:81 html/Admin/CustomFields/ImportValues.html~:81 msgid "Importing values for CustomField %1" msgstr "Importer des valeus pour le champs personnalisé %1" #. ($i, loc("SortOrder")) -#: html/Admin/CustomFields/ImportValues.html:114 html/Admin/CustomFields/ImportValues.html~:113 +#: html/Admin/CustomFields/ImportValues.html:117 html/Admin/CustomFields/ImportValues.html~:117 msgid "Line %1: \"%2\" must be numerical" msgstr "Ligne %1: «%2» doit être numérique" #. ($i, $msg) -#: html/Admin/CustomFields/ImportValues.html:165 html/Admin/CustomFields/ImportValues.html~:164 +#: html/Admin/CustomFields/ImportValues.html:168 html/Admin/CustomFields/ImportValues.html~:168 msgid "Line %1: import error: %2" msgstr "Ligne %1: erreur d'importation: %2" #. ($i, "Name") -#: html/Admin/CustomFields/ImportValues.html:110 html/Admin/CustomFields/ImportValues.html~:109 +#: html/Admin/CustomFields/ImportValues.html:113 html/Admin/CustomFields/ImportValues.html~:113 msgid "Line %1: missing \"%2\"" msgstr "Ligne %1: «%2» manquant" #. ($i) -#: html/Admin/CustomFields/ImportValues.html:163 html/Admin/CustomFields/ImportValues.html~:162 +#: html/Admin/CustomFields/ImportValues.html:166 html/Admin/CustomFields/ImportValues.html~:166 msgid "Line %1: successfully imported" msgstr "Ligne %1: importée avec succès" @@ -95,12 +99,16 @@ msgstr "Ligne %1: importée avec succès" msgid "Name" msgstr "Nom" -#: html/Admin/CustomFields/ImportValues.html:146 html/Admin/CustomFields/ImportValues.html~:145 +#: html/Admin/CustomFields/ImportValues.html:79 +msgid "No permissions to edit this customfield values" +msgstr "Vous n'avez pas la permission de modifier les valeurs de ce champs personnalisé" + +#: html/Admin/CustomFields/ImportValues.html:149 html/Admin/CustomFields/ImportValues.html~:149 msgid "No values to import" msgstr "Aucune valeur à importer" #. ($value_id) -#: html/Admin/CustomFields/ImportValues.html:154 html/Admin/CustomFields/ImportValues.html~:153 +#: html/Admin/CustomFields/ImportValues.html:157 html/Admin/CustomFields/ImportValues.html~:157 msgid "Old value %1 deleted" msgstr "Ancienne valeur %1 supprimée" @@ -108,7 +116,7 @@ msgstr "Ancienne valeur %1 supprimée" msgid "Please select a file with needed values using following format:" msgstr "Veuillez sélectionner un fichier avec le valeurs souhaitées, en utilisant le format:" -#: html/Admin/CustomFields/ImportValues.html:55 html/Admin/CustomFields/ImportValues.html~:54 +#: html/Admin/CustomFields/ImportValues.html:55 html/Admin/CustomFields/ImportValues.html~:55 msgid "Replace?" msgstr "Remplacer?" @@ -124,7 +132,7 @@ msgstr "Les valeurs suivantes vont être ajoutées aux valeurs existantes:" msgid "The following values will replace existing ones:" msgstr "Les valeurs suivantes vont remplacer les valeurs existantes:" -#: html/Admin/CustomFields/ImportValues.html:125 html/Admin/CustomFields/ImportValues.html~:124 +#: html/Admin/CustomFields/ImportValues.html:128 html/Admin/CustomFields/ImportValues.html~:128 msgid "Unable to read file" msgstr "Impossible de lire le fichier" diff --git a/po/importcustomfieldvalues.pot b/po/importcustomfieldvalues.pot index c431b3f..cb0d9dc 100644 --- a/po/importcustomfieldvalues.pot +++ b/po/importcustomfieldvalues.pot @@ -1,33 +1,33 @@ #. ($filename) -#: html/Admin/CustomFields/ImportValues.html:98 html/Admin/CustomFields/ImportValues.html~:97 +#: html/Admin/CustomFields/ImportValues.html:101 html/Admin/CustomFields/ImportValues.html~:101 msgid "%1: Wrong file format" msgstr "" -#: html/Admin/CustomFields/ImportValues.html:48 html/Admin/CustomFields/ImportValues.html~:47 +#: html/Admin/CustomFields/ImportValues.html:48 html/Admin/CustomFields/ImportValues.html~:48 msgid "- Column \"Name\" is mandatory, other columns may be empty but must exists" msgstr "" -#: html/Admin/CustomFields/ImportValues.html:45 html/Admin/CustomFields/ImportValues.html~:44 +#: html/Admin/CustomFields/ImportValues.html:45 html/Admin/CustomFields/ImportValues.html~:45 msgid "- Fields separated by \";\"" msgstr "" -#: html/Admin/CustomFields/ImportValues.html:44 +#: html/Admin/CustomFields/ImportValues.html:44 html/Admin/CustomFields/ImportValues.html~:44 msgid "- File encoding: UTF-8" msgstr "" -#: html/Admin/CustomFields/ImportValues.html:46 html/Admin/CustomFields/ImportValues.html~:45 +#: html/Admin/CustomFields/ImportValues.html:46 html/Admin/CustomFields/ImportValues.html~:46 msgid "- No headers" msgstr "" -#: html/Admin/CustomFields/ImportValues.html:47 html/Admin/CustomFields/ImportValues.html~:46 +#: html/Admin/CustomFields/ImportValues.html:47 html/Admin/CustomFields/ImportValues.html~:47 msgid "- Using the following columns and order: SortOrder, Name, Description, Category" msgstr "" -#: html/Admin/CustomFields/ImportValues.html:52 html/Admin/CustomFields/ImportValues.html~:51 +#: html/Admin/CustomFields/ImportValues.html:52 html/Admin/CustomFields/ImportValues.html~:52 msgid "CSV file" msgstr "" -#: html/Admin/CustomFields/ImportValues.html:38 html/Admin/CustomFields/ImportValues.html:66 html/Admin/CustomFields/ImportValues.html~:38 html/Admin/CustomFields/ImportValues.html~:65 +#: html/Admin/CustomFields/ImportValues.html:38 html/Admin/CustomFields/ImportValues.html:66 html/Admin/CustomFields/ImportValues.html~:38 html/Admin/CustomFields/ImportValues.html~:66 msgid "Cancel" msgstr "" @@ -39,7 +39,11 @@ msgstr "" msgid "Confirm" msgstr "" -#: html/Admin/CustomFields/ImportValues.html:56 html/Admin/CustomFields/ImportValues.html~:55 +#: html/Admin/CustomFields/ImportValues.html:76 +msgid "CustomField not found" +msgstr "" + +#: html/Admin/CustomFields/ImportValues.html:56 html/Admin/CustomFields/ImportValues.html~:56 msgid "Default is to add CSV values to existing ones" msgstr "" @@ -48,40 +52,40 @@ msgid "Description" msgstr "" #. ($value_id, $msg) -#: html/Admin/CustomFields/ImportValues.html:156 html/Admin/CustomFields/ImportValues.html~:155 +#: html/Admin/CustomFields/ImportValues.html:159 html/Admin/CustomFields/ImportValues.html~:159 msgid "Error deleting old value %1: %2" msgstr "" -#: html/Admin/CustomFields/ImportValues.html:23 html/Admin/CustomFields/ImportValues.html:68 html/Admin/CustomFields/ImportValues.html~:23 html/Admin/CustomFields/ImportValues.html~:67 +#: html/Admin/CustomFields/ImportValues.html:23 html/Admin/CustomFields/ImportValues.html:68 html/Admin/CustomFields/ImportValues.html~:23 html/Admin/CustomFields/ImportValues.html~:68 msgid "Import" msgstr "" -#: html/Callbacks/ImportCustomFieldValues/Elements/Tabs/Privileged:9 +#: html/Callbacks/ImportCustomFieldValues/Elements/Tabs/Privileged:9 html/Callbacks/ImportCustomFieldValues/Elements/Tabs/Privileged~:9 msgid "Import from CSV" msgstr "" #. ($CustomField->Name) -#: html/Admin/CustomFields/ImportValues.html:78 html/Admin/CustomFields/ImportValues.html~:77 +#: html/Admin/CustomFields/ImportValues.html:81 html/Admin/CustomFields/ImportValues.html~:81 msgid "Importing values for CustomField %1" msgstr "" #. ($i, loc("SortOrder")) -#: html/Admin/CustomFields/ImportValues.html:114 html/Admin/CustomFields/ImportValues.html~:113 +#: html/Admin/CustomFields/ImportValues.html:117 html/Admin/CustomFields/ImportValues.html~:117 msgid "Line %1: \"%2\" must be numerical" msgstr "" #. ($i, $msg) -#: html/Admin/CustomFields/ImportValues.html:165 html/Admin/CustomFields/ImportValues.html~:164 +#: html/Admin/CustomFields/ImportValues.html:168 html/Admin/CustomFields/ImportValues.html~:168 msgid "Line %1: import error: %2" msgstr "" #. ($i, "Name") -#: html/Admin/CustomFields/ImportValues.html:110 html/Admin/CustomFields/ImportValues.html~:109 +#: html/Admin/CustomFields/ImportValues.html:113 html/Admin/CustomFields/ImportValues.html~:113 msgid "Line %1: missing \"%2\"" msgstr "" #. ($i) -#: html/Admin/CustomFields/ImportValues.html:163 html/Admin/CustomFields/ImportValues.html~:162 +#: html/Admin/CustomFields/ImportValues.html:166 html/Admin/CustomFields/ImportValues.html~:166 msgid "Line %1: successfully imported" msgstr "" @@ -89,12 +93,16 @@ msgstr "" msgid "Name" msgstr "" -#: html/Admin/CustomFields/ImportValues.html:146 html/Admin/CustomFields/ImportValues.html~:145 +#: html/Admin/CustomFields/ImportValues.html:79 +msgid "No permissions to edit this customfield values" +msgstr "" + +#: html/Admin/CustomFields/ImportValues.html:149 html/Admin/CustomFields/ImportValues.html~:149 msgid "No values to import" msgstr "" #. ($value_id) -#: html/Admin/CustomFields/ImportValues.html:154 html/Admin/CustomFields/ImportValues.html~:153 +#: html/Admin/CustomFields/ImportValues.html:157 html/Admin/CustomFields/ImportValues.html~:157 msgid "Old value %1 deleted" msgstr "" @@ -102,7 +110,7 @@ msgstr "" msgid "Please select a file with needed values using following format:" msgstr "" -#: html/Admin/CustomFields/ImportValues.html:55 html/Admin/CustomFields/ImportValues.html~:54 +#: html/Admin/CustomFields/ImportValues.html:55 html/Admin/CustomFields/ImportValues.html~:55 msgid "Replace?" msgstr "" @@ -118,7 +126,7 @@ msgstr "" msgid "The following values will replace existing ones:" msgstr "" -#: html/Admin/CustomFields/ImportValues.html:125 html/Admin/CustomFields/ImportValues.html~:124 +#: html/Admin/CustomFields/ImportValues.html:128 html/Admin/CustomFields/ImportValues.html~:128 msgid "Unable to read file" msgstr "" -- 2.11.0