allow admin user to copy dashboards (#13605)

* allow admin user to copy dashboards * Update API.php * fix test
author: Thomas Steur <tsteur@users.noreply.github.com> 2018-11-29 05:48:31 +0300
committer: GitHub <noreply@github.com> 2018-11-29 05:48:31 +0300
commit: 039e62dd87fead33238ea93a2c4fbef1d91cab71 (patch)
tree: 631e69be10c9b4280880d7d1478a3fd3aeb5d221 /plugins/Dashboard
parent: c60176ec1e8ad60133f0a0eada159106bc33d3cf (diff)
5 files changed, 25 insertions, 2 deletions
diff --git a/plugins/Dashboard/API.php b/plugins/Dashboard/API.php
index e646499f48..d00d27d8ba 100644
--- a/plugins/Dashboard/API.php
+++ b/plugins/Dashboard/API.php
@@ -7,6 +7,7 @@
  */
 namespace Piwik\Plugins\Dashboard;
 
+use Piwik\API\Request;
 use Piwik\Piwik;
 
 /**
@@ -112,7 +113,21 @@ class API extends \Piwik\Plugin\API
      */
     public function copyDashboardToUser($idDashboard, $copyToUser, $dashboardName = '')
     {
-        Piwik::checkUserHasSuperUserAccess();
+        Piwik::checkUserHasSomeAdminAccess();
+
+        // get users only returns users of sites the current user has at least admin access to
+        $users = Request::processRequest('UsersManager.getUsers');
+        $userFound = false;
+        foreach ($users as $user) {
+            if ($user['login'] === $copyToUser) {
+                $userFound = true;
+                break;
+            }
+        }
+
+        if (!$userFound) {
+            throw new \Exception(sprintf('Cannot copy dashboard to user %s, user not found or user does not have access to same site.', $copyToUser));
+        }
 
         $login  = Piwik::getCurrentUserLogin();
         $layout = $this->dashboard->getLayoutForUser($login, $idDashboard);
diff --git a/plugins/Dashboard/Controller.php b/plugins/Dashboard/Controller.php
index ceddd90e07..5efef84535 100644
--- a/plugins/Dashboard/Controller.php
+++ b/plugins/Dashboard/Controller.php
@@ -39,6 +39,7 @@ class Controller extends \Piwik\Plugin\Controller
         $this->setGeneralVariablesView($view);
 
         $view->availableLayouts = $this->getAvailableLayouts();
+        $view->hasSomeAdminAccess = Piwik::isUserHasSomeAdminAccess();
 
         $view->dashboardId = Common::getRequestVar('idDashboard', 1, 'int');
 
@@ -57,6 +58,7 @@ class Controller extends \Piwik\Plugin\Controller
     {
         $view = $this->_getDashboardView('@Dashboard/index');
         $view->dashboardSettingsControl = new DashboardManagerControl();
+        $view->hasSomeAdminAccess = Piwik::isUserHasSomeAdminAccess();
         $view->dashboards = array();
         if (!Piwik::isUserIsAnonymous()) {
             $login = Piwik::getCurrentUserLogin();
diff --git a/plugins/Dashboard/DashboardManagerControl.php b/plugins/Dashboard/DashboardManagerControl.php
index df573903b3..c2bb466596 100644
--- a/plugins/Dashboard/DashboardManagerControl.php
+++ b/plugins/Dashboard/DashboardManagerControl.php
@@ -7,6 +7,8 @@
  */
 namespace Piwik\Plugins\Dashboard;
 
+use Piwik\Piwik;
+
 /**
  * Generates the HTML for the dashboard manager control.
  */
@@ -37,6 +39,8 @@ class DashboardManagerControl extends DashboardSettingsControlBase
 
             if ($this->isSuperUser) {
                 $this->dashboardActions['setAsDefaultWidgets'] = 'Dashboard_SetAsDefaultWidgets';
+            }
+            if (Piwik::isUserHasSomeAdminAccess()) {
                 $this->dashboardActions['copyDashboardToUser'] = 'Dashboard_CopyDashboardToUser';
             }
         }
diff --git a/plugins/Dashboard/templates/embeddedIndex.twig b/plugins/Dashboard/templates/embeddedIndex.twig
index 30afedc709..d5c3c52411 100644
--- a/plugins/Dashboard/templates/embeddedIndex.twig
+++ b/plugins/Dashboard/templates/embeddedIndex.twig
@@ -53,7 +53,7 @@
         <input role="cancel" type="button" value="{{ 'General_Cancel'|translate }}"/>
     </div>
 
-    {% if isSuperUser %}
+    {% if hasSomeAdminAccess %}
         <div class="ui-confirm" id="copyDashboardToUserConfirm">
             <h2>{{ 'Dashboard_CopyDashboardToUser'|translate }}</h2>
 
diff --git a/plugins/Dashboard/tests/Integration/APITest.php b/plugins/Dashboard/tests/Integration/APITest.php
index 30e7614986..b2fb0a758a 100644
--- a/plugins/Dashboard/tests/Integration/APITest.php
+++ b/plugins/Dashboard/tests/Integration/APITest.php
@@ -10,6 +10,7 @@ namespace Piwik\Plugins\Dashboard\tests\Integration;
 
 use Piwik\Plugins\Dashboard\API;
 use Piwik\Plugins\Dashboard\Model;
+use Piwik\Plugins\UsersManager;
 use Piwik\Tests\Framework\Fixture;
 use Piwik\Tests\Framework\Mock\FakeAccess;
 use Piwik\Tests\Framework\TestCase\IntegrationTestCase;
@@ -37,6 +38,7 @@ class APITest extends IntegrationTestCase
         parent::setUp();
 
         Fixture::createSuperUser();
+        UsersManager\API::getInstance()->addUser('eva', '12345.3m2', 'eva@example.com');
 
         $this->model = new Model();
         $this->api = API::getInstance();
author	Thomas Steur <tsteur@users.noreply.github.com>	2018-11-29 05:48:31 +0300
committer	GitHub <noreply@github.com>	2018-11-29 05:48:31 +0300
commit	039e62dd87fead33238ea93a2c4fbef1d91cab71 (patch)
tree	631e69be10c9b4280880d7d1478a3fd3aeb5d221 /plugins/Dashboard
parent	c60176ec1e8ad60133f0a0eada159106bc33d3cf (diff)