diff options
| author | Dave Arter <davea@mysociety.org> | 2016-08-04 15:13:19 +0100 |
|---|---|---|
| committer | Dave Arter <davea@mysociety.org> | 2016-08-17 15:38:08 +0100 |
| commit | 82bb11cae220072581a809d1b4a1131f7267c0a2 (patch) | |
| tree | bc1a359487954bc811480efb36ab65b167335956 /perllib/FixMyStreet | |
| parent | d2a00747fc56342ed262804d8f268335e6ec1dfa (diff) | |
Restrict admin config/stats pages
The config page is only accessible by superusers.
The stats page only shows figures for the user’s from_body unless superuser.
Diffstat (limited to 'perllib/FixMyStreet')
| -rw-r--r-- | perllib/FixMyStreet/App/Controller/Admin.pm | 30 | ||||
| -rw-r--r-- | perllib/FixMyStreet/Cobrand/Default.pm | 28 |
2 files changed, 36 insertions, 22 deletions
diff --git a/perllib/FixMyStreet/App/Controller/Admin.pm b/perllib/FixMyStreet/App/Controller/Admin.pm index c8432df0c..17425ad77 100644 --- a/perllib/FixMyStreet/App/Controller/Admin.pm +++ b/perllib/FixMyStreet/App/Controller/Admin.pm @@ -1273,7 +1273,13 @@ sub stats_fix_rate : Path('stats/fix-rate') : Args(0) { sub stats : Path('stats') : Args(0) { my ( $self, $c ) = @_; - $c->forward('fetch_all_bodies'); + my $selected_body; + if ( $c->user->is_superuser ) { + $c->forward('fetch_all_bodies'); + $selected_body = $c->get_param('body'); + } else { + $selected_body = $c->user->from_body->id; + } if ( $c->cobrand->moniker eq 'seesomething' || $c->cobrand->moniker eq 'zurich' ) { return $c->cobrand->admin_stats(); @@ -1303,7 +1309,7 @@ sub stats : Path('stats') : Args(0) { my $bymonth = $c->get_param('bymonth'); $c->stash->{bymonth} = $bymonth; - $c->stash->{selected_body} = $c->get_param('body'); + $c->stash->{selected_body} = $selected_body; my $field = 'confirmed'; @@ -1332,7 +1338,7 @@ sub stats : Path('stats') : Args(0) { ); } - my $p = $c->cobrand->problems->to_body($c->get_param('body'))->search( + my $p = $c->cobrand->problems->to_body($selected_body)->search( { -AND => [ $field => { '>=', $start_date}, @@ -1362,24 +1368,6 @@ sub set_allowed_pages : Private { my $pages = $c->cobrand->admin_pages; - if( !$pages ) { - $pages = { - 'summary' => [_('Summary'), 0], - 'bodies' => [_('Bodies'), 1], - 'reports' => [_('Reports'), 2], - 'timeline' => [_('Timeline'), 3], - 'users' => [_('Users'), 5], - 'flagged' => [_('Flagged'), 6], - 'stats' => [_('Stats'), 7], - 'config' => [ _('Configuration'), 8], - 'user_edit' => [undef, undef], - 'body' => [undef, undef], - 'report_edit' => [undef, undef], - 'update_edit' => [undef, undef], - 'abuse_edit' => [undef, undef], - } - } - my @allowed_links = sort {$pages->{$a}[1] <=> $pages->{$b}[1]} grep {$pages->{$_}->[0] } keys %$pages; $c->stash->{allowed_pages} = $pages; diff --git a/perllib/FixMyStreet/Cobrand/Default.pm b/perllib/FixMyStreet/Cobrand/Default.pm index 326919654..043d0b8e6 100644 --- a/perllib/FixMyStreet/Cobrand/Default.pm +++ b/perllib/FixMyStreet/Cobrand/Default.pm @@ -637,7 +637,33 @@ List of names of pages to display on the admin interface =cut -sub admin_pages { 0 } +sub admin_pages { + my $self = shift; + + my $user = $self->{c}->user; + + my $pages = { + 'summary' => [_('Summary'), 0], + 'bodies' => [_('Bodies'), 1], + 'reports' => [_('Reports'), 2], + 'timeline' => [_('Timeline'), 3], + 'users' => [_('Users'), 5], + 'flagged' => [_('Flagged'), 6], + 'stats' => [_('Stats'), 7], + 'user_edit' => [undef, undef], + 'body' => [undef, undef], + 'report_edit' => [undef, undef], + 'update_edit' => [undef, undef], + 'abuse_edit' => [undef, undef], + }; + + # There are some pages that only super users can see + if ( $user->is_superuser ) { + $pages->{config} = [ _('Configuration'), 8]; + }; + + return $pages; +} =head2 admin_show_creation_graph |