patch

lbr38 · lbr38 · commit 26305e3af0bd · 2026-04-17T16:39:04.000+02:00
diff --git a/documentation/docs/usage/hosts.md b/documentation/docs/usage/hosts.md
@@ -76,7 +76,7 @@ From the **HOSTS** tab:
 
 [![Select host](https://assets.repomanager.net/repomanager/usage/hosts/select-host.png)](https://assets.repomanager.net/repomanager/usage/hosts/select-host.png)
 
-**Step 2:** Use the `Request packages information` button.
+**Step 2:** Use the `Request package information` button.
 
 It can take some minutes to be sent depending on the number of packages installed on the host.
 
diff --git a/www/controllers/Group/Group.php b/www/controllers/Group/Group.php
@@ -95,10 +95,6 @@ public function exists(string $name = '')
      */
     public function new(string $name) : void
     {
-        if (!IS_ADMIN) {
-            throw new Exception('You are not allowed to perform this action');
-        }
-
         $name = Validate::string($name);
 
         /**
@@ -141,10 +137,6 @@ public function new(string $name) : void
      */
     public function edit(int $id, string $name, array $data) : void
     {
-        if (!IS_ADMIN) {
-            throw new Exception('You are not allowed to perform this action');
-        }
-
         /**
          *  Check if group exists
          */
@@ -197,10 +189,6 @@ public function edit(int $id, string $name, array $data) : void
      */
     public function delete(array $groups) : void
     {
-        if (!IS_ADMIN) {
-            throw new Exception('You are not allowed to perform this action');
-        }
-
         foreach ($groups as $id) {
             // Check if group exists
             if (!$this->existsId($id)) {
diff --git a/www/controllers/Host.php b/www/controllers/Host.php
@@ -2,6 +2,7 @@
 
 namespace Controllers;
 
+use Controllers\User\Permission\Host as HostPermission;
 use Controllers\Host\Package\Package as HostPackage;
 use Controllers\Host\Request as HostRequest;
 use Controllers\Group\Host as HostGroup;
@@ -102,8 +103,12 @@ public function getHostWithProfile(string $profile) : array
     /**
      *  Edit the display settings on the hosts page
      */
-    public function setSettings(string $packagesConsideredOutdated, string $packagesConsideredCritical) : void
+    public function setSettings(int $packagesConsideredOutdated, int $packagesConsideredCritical) : void
     {
+        if (!HostPermission::allowedAction('edit-settings')) {
+            throw new Exception('You are not allowed to perform this action');
+        }
+
         if (!is_numeric($packagesConsideredOutdated) or !is_numeric($packagesConsideredCritical)) {
             throw new Exception('Parameters must be numeric');
         }
diff --git a/www/controllers/Layout/Panel/vars/hosts/groups/list.vars.inc.php b/www/controllers/Layout/Panel/vars/hosts/groups/list.vars.inc.php
@@ -1,5 +1,8 @@
 <?php
-if (!IS_ADMIN) {
+use Controllers\User\Permission\Host as HostPermission;
+
+// If the user does not have permission to edit host groups, prevent access to this panel
+if (!HostPermission::allowedAction('edit-groups')) {
     throw new Exception('You are not allowed to access this panel');
 }
 
diff --git a/www/controllers/Layout/Panel/vars/hosts/settings.vars.inc.php b/www/controllers/Layout/Panel/vars/hosts/settings.vars.inc.php
@@ -1,5 +1,7 @@
 <?php
-if (!IS_ADMIN) {
+use \Controllers\User\Permission\Host as HostPermission;
+
+if (!HostPermission::allowedAction('edit-settings')) {
     throw new Exception('You are not allowed to access this panel');
 }
 
diff --git a/www/controllers/Layout/Panel/vars/repos/groups/list.vars.inc.php b/www/controllers/Layout/Panel/vars/repos/groups/list.vars.inc.php
@@ -1,5 +1,8 @@
 <?php
-if (!IS_ADMIN) {
+use Controllers\User\Permission\Repo as RepoPermission;
+
+// If the user does not have permission to edit repository groups, prevent access to this panel
+if (!RepoPermission::allowedAction('edit-groups')) {
     throw new Exception('You are not allowed to access this panel');
 }
 
diff --git a/www/controllers/Layout/Panel/vars/repos/sources/list.vars.inc.php b/www/controllers/Layout/Panel/vars/repos/sources/list.vars.inc.php
@@ -0,0 +1,7 @@
+<?php
+use Controllers\User\Permission\Repo as RepoPermission;
+
+// If the user does not have permission to edit source repositories, prevent access to this panel.
+if (!RepoPermission::allowedAction('edit-source')) {
+    throw new Exception('You are not allowed to access this panel');
+}
diff --git a/www/controllers/Profile.php b/www/controllers/Profile.php
@@ -3,6 +3,7 @@
 namespace Controllers;
 
 use Exception;
+use Controllers\User\Permission\Host as HostPermission;
 use Controllers\History\Save as History;
 use Controllers\Utils\Validate;
 
@@ -202,7 +203,7 @@ public function countHosts(string $profile)
      */
     public function new(string $name)
     {
-        if (!IS_ADMIN) {
+        if (!HostPermission::allowedAction('edit-profiles')) {
             throw new Exception('You are not allowed to perform this action');
         }
 
@@ -232,7 +233,7 @@ public function new(string $name)
      */
     public function duplicate(string $id)
     {
-        if (!IS_ADMIN) {
+        if (!HostPermission::allowedAction('edit-profiles')) {
             throw new Exception('You are not allowed to perform this action');
         }
 
@@ -303,7 +304,7 @@ public function duplicate(string $id)
      */
     public function delete(array $profilesId) : void
     {
-        if (!IS_ADMIN) {
+        if (!HostPermission::allowedAction('edit-profiles')) {
             throw new Exception('You are not allowed to perform this action');
         }
 
@@ -328,7 +329,7 @@ public function delete(array $profilesId) : void
      */
     public function configure(int $id, string $name, array $reposIds, array $packagesExcluded, array $packagesMajorExcluded, array $serviceNeedReload, array $serviceNeedRestart, string $notes)
     {
-        if (!IS_ADMIN) {
+        if (!HostPermission::allowedAction('edit-profiles')) {
             throw new Exception('You are not allowed to perform this action');
         }
 
diff --git a/www/controllers/User/Permission.php b/www/controllers/User/Permission.php
@@ -137,7 +137,7 @@ public function set(int $id, array $reposView, array $reposActions, array $tasks
         if (!empty($reposActions)) {
             foreach (array_filter($reposActions) as $action) {
                 // Check that action is valid
-                if (!in_array($action, ['create', 'update', 'duplicate', 'rebuild', 'rename', 'edit', 'delete', 'env', 'removeEnv', 'browse', 'upload-package', 'delete-package', 'view-stats'])) {
+                if (!in_array($action, ['create', 'update', 'duplicate', 'rebuild', 'rename', 'edit', 'delete', 'env', 'removeEnv', 'browse', 'edit-source', 'edit-groups', 'upload-package', 'delete-package', 'view-stats'])) {
                     throw new Exception('Invalid action: ' . $action);
                 }
 
@@ -167,7 +167,7 @@ public function set(int $id, array $reposView, array $reposActions, array $tasks
         if (!empty($hostsActions)) {
             foreach (array_filter($hostsActions) as $action) {
                 // Check that action is valid
-                if (!in_array($action, ['request-general-infos', 'request-packages-infos', 'update-packages', 'reset', 'delete'])) {
+                if (!in_array($action, ['request-general-infos', 'request-packages-infos', 'update-packages', 'reset', 'delete', 'edit-profiles', 'edit-groups', 'edit-settings'])) {
                     throw new Exception('Invalid action: ' . $action);
                 }
 
diff --git a/www/public/resources/js/classes/Host.js b/www/public/resources/js/classes/Host.js
@@ -61,7 +61,7 @@ class Host
         if (allowedActions.includes('request-packages-infos')) {
             buttons.push(
                 {
-                    'text': 'Request packages information',
+                    'text': 'Request package information',
                     'color': 'blue-alt',
                     'callback': function () {
                         executeAction('request-packages-infos', hosts);
diff --git a/www/public/resources/js/events/host/actions.js b/www/public/resources/js/events/host/actions.js
@@ -497,7 +497,7 @@ $(document).on('click','#host-request-btn',function () {
     if (allowedActions.includes('request-packages-infos')) {
         buttons.push(
             {
-                'text': 'Request packages information',
+                'text': 'Request package information',
                 'color': 'blue-alt',
                 'callback': function () {
                     executeAction('request-packages-infos', [id]);
diff --git a/www/views/includes/containers/hosts/list.inc.php b/www/views/includes/containers/hosts/list.inc.php
@@ -1,3 +1,6 @@
+<?php
+use \Controllers\User\Permission\Host as HostPermission; ?>
+
 <section class="section-main reloadable-container" container="hosts/list">
     <div class="flex justify-space-between margin-top-50 margin-bottom-40">
         <h3 class="margin-0">HOSTS</h3>
@@ -23,28 +26,29 @@
                 endif;
             endif;
 
-            if (IS_ADMIN) : ?>
+            if (HostPermission::allowedAction('edit-profiles')) : ?>
                 <div class="slide-btn get-panel-btn mediumopacity" panel="hosts/profiles" title="Manage hosts profiles">
                     <img src="/assets/icons/profile.svg" />
                     <span>Profiles</span>
                 </div>
                 <?php
             endif;
 
-            if ($totalHosts > 0) :
-                if (IS_ADMIN) : ?>
-                    <div class="slide-btn get-panel-btn mediumopacity" panel="hosts/groups/list" title="Manage hosts groups">
-                        <img src="/assets/icons/folder.svg" />
-                        <span>Groups</span>
-                    </div>
+            if (HostPermission::allowedAction('edit-groups')) : ?>
+                <div class="slide-btn get-panel-btn mediumopacity" panel="hosts/groups/list" title="Manage hosts groups">
+                    <img src="/assets/icons/folder.svg" />
+                    <span>Groups</span>
+                </div>
+                <?php
+            endif;
 
-                    <div class="slide-btn get-panel-btn mediumopacity" panel="hosts/settings" title="Edit display settings">
-                        <img src="/assets/icons/cog.svg" />
-                        <span>Settings</span>
-                    </div>
-                    <?php
-                endif;
-            endif ?>
+            if (HostPermission::allowedAction('edit-settings')) : ?>
+                <div class="slide-btn get-panel-btn mediumopacity" panel="hosts/settings" title="Edit display settings">
+                    <img src="/assets/icons/cog.svg" />
+                    <span>Settings</span>
+                </div>
+                <?php
+            endif ?>      
         </div>
     </div>
 
@@ -452,7 +456,7 @@
                                                                     }
                                                                     if ($request == 'request-packages-infos') {
                                                                         $requestTitle = 'Requested the host to send its packages informations';
-                                                                        $requestTitleShort = 'Request packages information';
+                                                                        $requestTitleShort = 'Request package information';
                                                                     }
                                                                     if ($request == 'request-packages-update') {
                                                                         $requestTitle = 'Request to install a list of package(s)';
diff --git a/www/views/includes/containers/repos/list.inc.php b/www/views/includes/containers/repos/list.inc.php
@@ -76,12 +76,15 @@
 
             <div class="flex align-item-center">
                 <?php
-                if (IS_ADMIN) : ?>
+                if (RepoPermission::allowedAction('edit-groups')) : ?>
                     <div class="slide-btn get-panel-btn mediumopacity" panel="repos/groups/list" title="Manage repos groups">
                         <img src="/assets/icons/folder.svg" />
                         <span>Groups</span>
                     </div>
+                    <?php
+                endif ;
 
+                if (RepoPermission::allowedAction('edit-source')) : ?>
                     <div class="slide-btn get-panel-btn mediumopacity" panel="repos/sources/list" title="Manage source repositories">
                         <img src="/assets/icons/internet.svg" />
                         <span>Source repositories</span>
diff --git a/www/views/includes/panels/settings/user/permissions.inc.php b/www/views/includes/panels/settings/user/permissions.inc.php
@@ -35,6 +35,8 @@
         <option value="rename" <?= isset($permissions['repositories']['allowed-actions']) && in_array('rename', $permissions['repositories']['allowed-actions']) ? 'selected' : '' ?>>Rename repositories</option>
         <option value="edit" <?= isset($permissions['repositories']['allowed-actions']) && in_array('edit', $permissions['repositories']['allowed-actions']) ? 'selected' : '' ?>>Edit repositories</option>
         <option value="browse" <?= isset($permissions['repositories']['allowed-actions']) && in_array('browse', $permissions['repositories']['allowed-actions']) ? 'selected' : '' ?>>Browse repositories</option>
+        <option value="edit-source" <?= isset($permissions['repositories']['allowed-actions']) && in_array('edit-source', $permissions['repositories']['allowed-actions']) ? 'selected' : '' ?>>Edit source repositories</option>
+        <option value="edit-groups" <?= isset($permissions['repositories']['allowed-actions']) && in_array('edit-groups', $permissions['repositories']['allowed-actions']) ? 'selected' : '' ?>>Edit repository groups</option>
         <option value="upload-package" <?= isset($permissions['repositories']['allowed-actions']) && in_array('upload-package', $permissions['repositories']['allowed-actions']) ? 'selected' : '' ?>>Upload packages to repositories</option> 
         <option value="delete-package" <?= isset($permissions['repositories']['allowed-actions']) && in_array('delete-package', $permissions['repositories']['allowed-actions']) ? 'selected' : '' ?>>Delete packages from repositories</option>
         <option value="env" <?= isset($permissions['repositories']['allowed-actions']) && in_array('env', $permissions['repositories']['allowed-actions']) ? 'selected' : '' ?>>Point environment to repository</option>
@@ -59,10 +61,13 @@
     <h6>ALLOW ACTIONS ON HOSTS</h6>
     <select id="user-permissions-hosts-actions" user-id="<?= $userId ?>" multiple>
         <option value="request-general-infos" <?= isset($permissions['hosts']['allowed-actions']) && in_array('request-general-infos', $permissions['hosts']['allowed-actions']) ? 'selected' : '' ?>>Request general information</option>
-        <option value="request-packages-infos" <?= isset($permissions['hosts']['allowed-actions']) && in_array('request-packages-infos', $permissions['hosts']['allowed-actions']) ? 'selected' : '' ?>>Request packages information</option>
+        <option value="request-packages-infos" <?= isset($permissions['hosts']['allowed-actions']) && in_array('request-packages-infos', $permissions['hosts']['allowed-actions']) ? 'selected' : '' ?>>Request package information</option>
         <option value="update-packages" <?= isset($permissions['hosts']['allowed-actions']) && in_array('update-packages', $permissions['hosts']['allowed-actions']) ? 'selected' : '' ?>>Update packages on hosts</option>
         <option value="reset" <?= isset($permissions['hosts']['allowed-actions']) && in_array('reset', $permissions['hosts']['allowed-actions']) ? 'selected' : '' ?>>Reset hosts</option>
         <option value="delete" <?= isset($permissions['hosts']['allowed-actions']) && in_array('delete', $permissions['hosts']['allowed-actions']) ? 'selected' : '' ?>>Delete hosts</option>
+        <option value="edit-profiles" <?= isset($permissions['hosts']['allowed-actions']) && in_array('edit-profiles', $permissions['hosts']['allowed-actions']) ? 'selected' : '' ?>>Edit host profiles</option>
+        <option value="edit-groups" <?= isset($permissions['hosts']['allowed-actions']) && in_array('edit-groups', $permissions['hosts']['allowed-actions']) ? 'selected' : '' ?>>Edit host groups</option>
+        <option value="edit-settings" <?= isset($permissions['hosts']['allowed-actions']) && in_array('edit-settings', $permissions['hosts']['allowed-actions']) ? 'selected' : '' ?>>Edit display settings</option>
     </select>
 
     <br><br>

Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,8 @@`
`1`	`1`	`<?php`
`2`		`-if (!IS_ADMIN) {`
	`2`	`+use Controllers\User\Permission\Host as HostPermission;`
	`3`	`+`
	`4`	`+// If the user does not have permission to edit host groups, prevent access to this panel`
	`5`	`+if (!HostPermission::allowedAction('edit-groups')) {`
`3`	`6`	`throw new Exception('You are not allowed to access this panel');`
`4`	`7`	`}`
`5`	`8`
Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,7 @@`
`1`	`1`	`<?php`
`2`		`-if (!IS_ADMIN) {`
	`2`	`+use \Controllers\User\Permission\Host as HostPermission;`
	`3`	`+`
	`4`	`+if (!HostPermission::allowedAction('edit-settings')) {`
`3`	`5`	`throw new Exception('You are not allowed to access this panel');`
`4`	`6`	`}`
`5`	`7`
Original file line number	Diff line number	Diff line change
`@@ -3,6 +3,7 @@`
`3`	`3`	`namespace Controllers;`
`4`	`4`
`5`	`5`	`use Exception;`
	`6`	`+use Controllers\User\Permission\Host as HostPermission;`
`6`	`7`	`use Controllers\History\Save as History;`
`7`	`8`	`use Controllers\Utils\Validate;`
`8`	`9`
`@@ -202,7 +203,7 @@ public function countHosts(string $profile)`
`202`	`203`	`*/`
`203`	`204`	`public function new(string $name)`
`204`	`205`	`{`
`205`		`- if (!IS_ADMIN) {`
	`206`	`+ if (!HostPermission::allowedAction('edit-profiles')) {`
`206`	`207`	`throw new Exception('You are not allowed to perform this action');`
`207`	`208`	`}`
`208`	`209`
`@@ -232,7 +233,7 @@ public function new(string $name)`
`232`	`233`	`*/`
`233`	`234`	`public function duplicate(string $id)`
`234`	`235`	`{`
`235`		`- if (!IS_ADMIN) {`
	`236`	`+ if (!HostPermission::allowedAction('edit-profiles')) {`
`236`	`237`	`throw new Exception('You are not allowed to perform this action');`
`237`	`238`	`}`
`238`	`239`
`@@ -303,7 +304,7 @@ public function duplicate(string $id)`
`303`	`304`	`*/`
`304`	`305`	`public function delete(array $profilesId) : void`
`305`	`306`	`{`
`306`		`- if (!IS_ADMIN) {`
	`307`	`+ if (!HostPermission::allowedAction('edit-profiles')) {`
`307`	`308`	`throw new Exception('You are not allowed to perform this action');`
`308`	`309`	`}`
`309`	`310`
`@@ -328,7 +329,7 @@ public function delete(array $profilesId) : void`
`328`	`329`	`*/`
`329`	`330`	`public function configure(int $id, string $name, array $reposIds, array $packagesExcluded, array $packagesMajorExcluded, array $serviceNeedReload, array $serviceNeedRestart, string $notes)`
`330`	`331`	`{`
`331`		`- if (!IS_ADMIN) {`
	`332`	`+ if (!HostPermission::allowedAction('edit-profiles')) {`
`332`	`333`	`throw new Exception('You are not allowed to perform this action');`
`333`	`334`	`}`
`334`	`335`
Original file line number	Diff line number	Diff line change
`@@ -61,7 +61,7 @@ class Host`
`61`	`61`	`if (allowedActions.includes('request-packages-infos')) {`
`62`	`62`	`buttons.push(`
`63`	`63`	`{`
`64`		`- 'text': 'Request packages information',`
	`64`	`+ 'text': 'Request package information',`
`65`	`65`	`'color': 'blue-alt',`
`66`	`66`	`'callback': function () {`
`67`	`67`	`executeAction('request-packages-infos', hosts);`