Ticket #3514 (new Feature Requests)

Opened 3 years ago

Last modified 8 months ago

Option in Admin Access ACL list to restrict access to CDR Reports

Reported by: taupehat Assigned to:
Priority: minor Milestone: Undetermined
Component: Reports Version:
Keywords: RFE Cc:
Confirmation: Unreviewed SVN Revision (if applicable):
Backend Engine: All Backend Engine Version:

Description

Right now I have to put an .htaccess in front of reports.php to restrict access to CDR reports. Would love to see this handled in a way that's consistent with regular ACL settings.

Change History

02/04/09 15:33:11 changed by taupehat

(offtopic: I cannot believe I created a title with "ACL list" in it. I blame my flaky NIC card)

08/23/09 18:24:25 changed by p_lindheimer

  • version deleted.
  • type changed from Bugs to Feature Requests.
  • milestone changed from 2.6 to 2.7.

12/03/10 13:45:57 changed by splante

I made these changes to control access from the Administrators setup page. All files are relative to /var/www/html/admin.

First, to ./modules/core/page.ampusers.php I made the following change to add a "Reports" option near the bottom of the list with the other hard-coded entries: 

*** ./modules/core/page.ampusers.php00  2010-05-30 00:19:18.000000000 -0400
--- ./modules/core/page.ampusers.php    2010-12-03 13:32:33.000000000 -0500
***************
*** 245,250 ****
--- 245,255 ----
                                }
                                echo "</optgroup>\n";

+                                 // for builtin URL /admin/reports.php
+                                 echo "<option value=\"/reports\"";
+                                 if (in_array("/reports", $sections)) echo " SELECTED";
+                               echo ">"._("Reports")."</option>\n";
+
                                // Apply Changes Bar
                                echo "<option value=\"99\"";
                                if (in_array("99", $sections)) echo " SELECTED";

Next, to control whether to show the "Reports" tab along the top, I made the following change to ./views/freepbx.php: 

*** ./views/freepbx.php00       2010-11-02 12:01:11.000000000 -0400
--- ./views/freepbx.php 2010-12-03 14:15:39.000000000 -0500
***************
*** 210,216 ****
        //print_sub_tool( _("Home"), "index.php"  ,$currentFile=='index.php');
        print_sub_tool( _("Management"), "manage.php" , $currentFile=='manage.php' );
        print_sub_tool( _("Admin")   , "config.php", $currentFile=='config.php' );
!       print_sub_tool( _("Reports")   , "reports.php", $currentFile=='reports.php' );
        if(!$amp_conf["FOPDISABLE"]) {
                print_sub_tool( _("Panel"), "panel.php", $currentFile=='panel.php' );
        }
--- 210,218 ----
        //print_sub_tool( _("Home"), "index.php"  ,$currentFile=='index.php');
        print_sub_tool( _("Management"), "manage.php" , $currentFile=='manage.php' );
        print_sub_tool( _("Admin")   , "config.php", $currentFile=='config.php' );
!       if ($_SESSION["AMP_user"]->checkSection("/reports")) {
!         print_sub_tool( _("Reports")   , "reports.php", $currentFile=='reports.php' );
!       }
        if(!$amp_conf["FOPDISABLE"]) {
                print_sub_tool( _("Panel"), "panel.php", $currentFile=='panel.php' );
        }

And finally, in case someone went directly to the URL, I made this change to reports.php: 

*** reports.php00       2010-11-02 12:01:11.000000000 -0400
--- reports.php 2010-12-03 14:22:16.000000000 -0500
***************
*** 15,20 ****
--- 15,24 ----

  include 'header.php';

+ if (!$_SESSION["AMP_user"]->checkSection("/reports")) {
+   die("No Access");
+ }
+
  $title=_("FreePBX: Call Detail Reports");
  $message=_("Call Detail Reports");

These changes were made to FreePBX 2.8.0.4, on a recent AsteriskNOW installation.

Scott

02/26/11 13:01:45 changed by p_lindheimer

  • milestone changed from Cut Line to 2.10.

09/17/11 19:50:04 changed by mbrevda

  • milestone changed from 2.10 to Undetermined.