diff options
-rw-r--r-- | config/global.ini.php | 4 | ||||
-rw-r--r-- | lang/en.json | 3 | ||||
-rw-r--r-- | plugins/SegmentEditor/API.php | 44 | ||||
-rw-r--r-- | plugins/SegmentEditor/SegmentSelectorControl.php | 7 | ||||
-rw-r--r-- | plugins/SegmentEditor/javascripts/Segmentation.js | 4 | ||||
-rw-r--r-- | plugins/SegmentEditor/templates/_segmentSelector.twig | 7 |
6 files changed, 60 insertions, 9 deletions
diff --git a/config/global.ini.php b/config/global.ini.php index cc143225d7..1b8179e7c6 100644 --- a/config/global.ini.php +++ b/config/global.ini.php @@ -431,6 +431,10 @@ enable_auto_update = 1 ; If set to 0 it also disables the "sent plugin update emails" feature in general and the related setting in the UI. enable_update_communication = 1 +; Change the following value to set the required access level for creating, editing and removing segments +; Possible values are "view", "admin" and "superadmin" +segment_editor_required_access = "view" + [Tracker] ; Piwik uses first party cookies by default. If set to 1, ; the visit ID cookie will be set on the Piwik server domain as well diff --git a/lang/en.json b/lang/en.json index d61adda9f0..f8dc74aa86 100644 --- a/lang/en.json +++ b/lang/en.json @@ -1572,7 +1572,8 @@ "VisibleToAllUsers": "all users", "VisibleToMe": "me", "YouMayChangeSetting": "Alternatively you may change the setting in the config file (%s), or edit this Segment and choose '%s'.", - "YouMustBeLoggedInToCreateSegments": "You must be logged in to create and edit custom visitor segments." + "YouMustBeLoggedInToCreateSegments": "You must be logged in to create and edit custom visitor segments.", + "YouDontHaveAccessToCreateSegments": "You don't have the required access level to create and edit segments." }, "SEO": { "AlexaRank": "Alexa Rank", diff --git a/plugins/SegmentEditor/API.php b/plugins/SegmentEditor/API.php index 37e2d880a5..3911e9f9db 100644 --- a/plugins/SegmentEditor/API.php +++ b/plugins/SegmentEditor/API.php @@ -13,6 +13,8 @@ use Piwik\Common; use Piwik\Date; use Piwik\Db; use Piwik\Piwik; +use Piwik\Config; +use Piwik\Plugins\UsersManager\UsersManager; use Piwik\Segment; /** @@ -110,6 +112,39 @@ class API extends \Piwik\Plugin\API } } + protected function checkUserCanEditSegment($siteid = false) + { + if($this->isUserCanEditSegment($siteid) == false) { + throw new Exception(Piwik::translate('SegmentEditor_YouDontHaveAccessToCreateSegments')); + } + } + + public function isUserCanEditSegment($siteid = false) + { + $requiredAccess = Config::getInstance()->General['segment_editor_required_access']; + + return ($this->checkSuperAdminAccess($requiredAccess) || + $this->checkViewAccess($requiredAccess, $siteid) || + $this->checkAdminAccess($requiredAccess, $siteid)); + } + + private function checkSuperAdminAccess($requiredAccess) + { + return ($requiredAccess == 'superadmin' && Piwik::hasUserSuperUserAccess()); + } + + private function checkViewAccess($requiredAccess, $siteid) + { + return ($requiredAccess == 'view' && ( + Piwik::isUserHasViewAccess($siteid) || ($siteid === 0 && Piwik::isUserHasSomeViewAccess()))); + } + + private function checkAdminAccess($requiredAccess, $siteid) + { + return ($requiredAccess == 'admin' && ( + Piwik::isUserHasAdminAccess($siteid) || ($siteid === 0 && Piwik::isUserHasSomeAdminAccess()))); + } + protected function checkUserCanModifySegment($segment) { if(Piwik::hasUserSuperUserAccess()) { @@ -128,7 +163,10 @@ class API extends \Piwik\Plugin\API */ public function delete($idSegment) { - $this->checkUserIsNotAnonymous(); + $segment = $this->get($idSegment); + $idSite = $segment['enable_only_idsite']; + + $this->checkUserCanEditSegment($idSite); $segment = $this->getSegmentOrFail($idSegment); @@ -155,7 +193,7 @@ class API extends \Piwik\Plugin\API */ public function update($idSegment, $name, $definition, $idSite = false, $autoArchive = false, $enabledAllUsers = false) { - $this->checkUserIsNotAnonymous(); + $this->checkUserCanEditSegment($idSite); $segment = $this->getSegmentOrFail($idSegment); $this->checkUserCanModifySegment($segment); @@ -200,7 +238,7 @@ class API extends \Piwik\Plugin\API */ public function add($name, $definition, $idSite = false, $autoArchive = false, $enabledAllUsers = false) { - $this->checkUserIsNotAnonymous(); + $this->checkUserCanEditSegment($idSite); $idSite = $this->checkIdSite($idSite); $this->checkSegmentName($name); $definition = $this->checkSegmentValue($definition, $idSite); diff --git a/plugins/SegmentEditor/SegmentSelectorControl.php b/plugins/SegmentEditor/SegmentSelectorControl.php index 4db714fe83..a7a3aac063 100644 --- a/plugins/SegmentEditor/SegmentSelectorControl.php +++ b/plugins/SegmentEditor/SegmentSelectorControl.php @@ -13,6 +13,7 @@ use Piwik\Config; use Piwik\Piwik; use Piwik\Plugins\API\API as APIMetadata; use Piwik\View\UIControl; +use Piwik\Plugins\SegmentEditor\API as SegmentEditorAPI; /** * Generates the HTML for the segment selector control (which includes the segment editor). @@ -67,7 +68,8 @@ class SegmentSelectorControl extends UIControl } } - $this->authorizedToCreateSegments = !Piwik::isUserIsAnonymous(); + $this->authorizedToCreateSegments = SegmentEditorAPI::getInstance()->isUserCanEditSegment($idSite); + $this->isUserAnonymous = Piwik::isUserIsAnonymous(); $this->segmentTranslations = $this->getTranslations(); } @@ -76,7 +78,8 @@ class SegmentSelectorControl extends UIControl return array('availableSegments', 'segmentTranslations', 'isSegmentNotAppliedBecauseBrowserArchivingIsDisabled', - 'selectedSegment'); + 'selectedSegment', + 'authorizedToCreateSegments'); } private function wouldApplySegment($savedSegment) diff --git a/plugins/SegmentEditor/javascripts/Segmentation.js b/plugins/SegmentEditor/javascripts/Segmentation.js index a4b6e5a21b..352eef552e 100644 --- a/plugins/SegmentEditor/javascripts/Segmentation.js +++ b/plugins/SegmentEditor/javascripts/Segmentation.js @@ -1177,10 +1177,12 @@ $(document).ready(function() { segmentFromRequest = decodeURIComponent(segmentFromRequest); } + var userSegmentAccess = (this.props.authorizedToCreateSegments) ? "write" : "read"; + this.impl = new Segmentation({ "target" : this.$element.find(".segmentListContainer"), "editorTemplate": $('.SegmentEditor', self.$element), - "segmentAccess" : "write", + "segmentAccess" : userSegmentAccess, "availableSegments" : this.props.availableSegments, "addMethod": addSegment, "updateMethod": updateSegment, diff --git a/plugins/SegmentEditor/templates/_segmentSelector.twig b/plugins/SegmentEditor/templates/_segmentSelector.twig index 04981e520c..952af12b3e 100644 --- a/plugins/SegmentEditor/templates/_segmentSelector.twig +++ b/plugins/SegmentEditor/templates/_segmentSelector.twig @@ -15,8 +15,11 @@ <a class="add_new_segment">{{ 'SegmentEditor_AddNewSegment'|translate }}</a> {% else %} <ul class="submenu"> - <li> <span class='youMustBeLoggedIn'>{{ 'SegmentEditor_YouMustBeLoggedInToCreateSegments'|translate }} - <br/>› <a href='index.php?module={{ loginModule }}'>{{ 'Login_LogIn'|translate }}</a> </span> + <li> + {% if isUserAnonymous %} + <span class='youMustBeLoggedIn'>{{ 'SegmentEditor_YouMustBeLoggedInToCreateSegments'|translate }} + <br/>› <a href='index.php?module={{ loginModule }}'>{{ 'Login_LogIn'|translate }}</a> </span> + {% endif %} </li> </ul> {% endif %} |