From 4a81b0ce7b5297f26801f379edb9db8b279435f4 Mon Sep 17 00:00:00 2001
From: Ben Roberts <ben@sihnon.net>
Date: Tue, 20 Dec 2011 01:44:05 +0000
Subject: [PATCH] Restrict access to the admin pages using fine-grained
 permissions

---
 source/lib/StatusBoard/Permission.class.php | 12 ++++++++++++
 source/webui/pages/admin.php                |  4 ++++
 source/webui/pages/admin/incident.php       |  7 ++++++-
 source/webui/pages/admin/service.php        |  7 ++++++-
 source/webui/pages/admin/settings.php       |  5 +++++
 source/webui/pages/admin/site.php           |  7 ++++++-
 6 files changed, 39 insertions(+), 3 deletions(-)
 create mode 100644 source/lib/StatusBoard/Permission.class.php

diff --git a/source/lib/StatusBoard/Permission.class.php b/source/lib/StatusBoard/Permission.class.php
new file mode 100644
index 0000000..d4f9166
--- /dev/null
+++ b/source/lib/StatusBoard/Permission.class.php
@@ -0,0 +1,12 @@
+<?php
+
+class StatusBoard_Permission {
+    
+    const PERM_Administrator      = 1;
+    const PERM_UpdateStatusBoards = 2;
+    const PERM_UpdateIncidents    = 3;
+    const PERM_ViewStatusBoards   = 4;
+    
+}
+
+?>
\ No newline at end of file
diff --git a/source/webui/pages/admin.php b/source/webui/pages/admin.php
index 310f7ca..735a60e 100644
--- a/source/webui/pages/admin.php
+++ b/source/webui/pages/admin.php
@@ -4,6 +4,10 @@ $main = StatusBoard_Main::instance();
 $auth = $main->auth();
 $config = $main->config();
 
+if ( ! $auth->isAuthenticated() || ! $auth->hasPermission(StatusBoard_Permission::PERM_Administrator)) {
+    throw new StatusBoard_Exception_NotAuthorised();
+}
+
 $services = StatusBoard_Service::all();
 $this->smarty->assign('services', $services);
 
diff --git a/source/webui/pages/admin/incident.php b/source/webui/pages/admin/incident.php
index 12ff4dd..4b6f090 100644
--- a/source/webui/pages/admin/incident.php
+++ b/source/webui/pages/admin/incident.php
@@ -2,6 +2,11 @@
 
 $main = StatusBoard_Main::instance();
 $request = $main->request();
+$auth = $main->auth();
+
+if ( ! $auth->isAuthenticated() || ! $auth->hasPermission(StatusBoard_Permission::PERM_UpdateIncidents)) {
+    throw new StatusBoard_Exception_NotAuthorised();
+}
 
 $service_id = $request->get('service', 'Sihnon_Exception_InvalidParameters');
 $site_id = $request->get('site', 'Sihnon_Exception_InvalidParameters'); 
@@ -16,7 +21,7 @@ try {
     $site = StatusBoard_Site::fromId($site_id);
     $incident = StatusBoard_Incident::fromId($incident_id);
 } catch (Sihnon_Exception_ResultCountMismatch $e) {
-    StatusBoard_Page::redirect('errors/404');
+    throw new StatusBoard_Exception_FileNotFound();
 }
 
 $statuses = $incident->statusChanges();
diff --git a/source/webui/pages/admin/service.php b/source/webui/pages/admin/service.php
index 560c11c..b8e5a74 100644
--- a/source/webui/pages/admin/service.php
+++ b/source/webui/pages/admin/service.php
@@ -2,13 +2,18 @@
 
 $main = StatusBoard_Main::instance();
 $request = $main->request();
+$auth = $main->auth();
+
+if ( ! $auth->isAuthenticated() || ! $auth->hasPermission(StatusBoard_Permission::PERM_UpdateStatusBoards)) {
+    throw new StatusBoard_Exception_NotAuthorised();
+}
 
 $service_id = $request->get('id', 'Sihnon_Exception_InvalidParameters');
 $service = null;
 try {
     $service = StatusBoard_Service::fromId($service_id);
 } catch (Sihnon_Exception_ResultCountMismatch $e) {
-    StatusBoard_Page::redirect('errors/404');
+    throw new StatusBoard_Exception_FileNotFound();
 }
 
 $sites = $service->sites();
diff --git a/source/webui/pages/admin/settings.php b/source/webui/pages/admin/settings.php
index 2e64d32..d5add27 100644
--- a/source/webui/pages/admin/settings.php
+++ b/source/webui/pages/admin/settings.php
@@ -4,4 +4,9 @@ $main = StatusBoard_Main::instance();
 $auth = $main->auth();
 $config = $main->config();
 
+if ( ! $auth->isAuthenticated() || ! $auth->hasPermission(StatusBoard_Permission::PERM_Administrator)) {
+    throw new StatusBoard_Exception_NotAuthorised();
+}
+
+
 ?>
\ No newline at end of file
diff --git a/source/webui/pages/admin/site.php b/source/webui/pages/admin/site.php
index 48fbbbb..99c34e6 100644
--- a/source/webui/pages/admin/site.php
+++ b/source/webui/pages/admin/site.php
@@ -2,6 +2,11 @@
 
 $main = StatusBoard_Main::instance();
 $request = $main->request();
+$auth = $main->auth();
+
+if ( ! $auth->isAuthenticated() || ! $auth->hasPermission(StatusBoard_Permission::PERM_UpdateStatusBoards)) {
+    throw new StatusBoard_Exception_NotAuthorised();
+}
 
 $service_id = $request->get('service', 'Sihnon_Exception_InvalidParameters');
 $site_id = $request->get('id', 'Sihnon_Exception_InvalidParameters'); 
@@ -13,7 +18,7 @@ try {
     $service = StatusBoard_Service::fromId($service_id);
     $site = StatusBoard_Site::fromId($site_id);
 } catch (Sihnon_Exception_ResultCountMismatch $e) {
-    StatusBoard_Page::redirect('errors/404');
+    throw new StatusBoard_Exception_FileNotFound();
 }
 
 $open_incidents = $site->openIncidents();