Permissions per keywords.

kiarn · kiarn · commit 9c802d5223f8 · 2026-03-08T20:53:38.000+01:00
diff --git a/usr/lib/linuxmuster-webui/etc/default_permissions_keywords.yml b/usr/lib/linuxmuster-webui/etc/default_permissions_keywords.yml
@@ -0,0 +1,228 @@
+lm:globalsettings:
+- roles: globaladministrator
+- users: null
+- groups: null
+lm:schoolsettings:
+- roles: globaladministrator,schooladministrator
+- users: null
+- groups: null
+lm:sync:list:
+- roles: globaladministrator,schooladministrator
+- users: null
+- groups: null
+lm:sync:online:
+- roles: globaladministrator,schooladministrator
+- users: null
+- groups: null
+lm:sync:sync:
+- roles: globaladministrator,schooladministrator
+- users: null
+- groups: null
+lm:crontab:read:
+- roles: globaladministrator
+- users: null
+- groups: null
+lm:crontab:write:
+- roles: globaladministrator
+- users: null
+- groups: null
+lm:quotas:apply:
+- roles: globaladministrator,schooladministrator
+- users: null
+- groups: null
+lm:quotas:configure:
+- roles: globaladministrator,schooladministrator
+- users: null
+- groups: null
+lm:quotas:ldap-search:
+- roles: globaladministrator,schooladministrator
+- users: null
+- groups: null
+lmn:session:trans:
+- roles: teacher
+- users: null
+- groups: null
+lm:users:apply:
+- roles: globaladministrator,schooladministrator
+- users: null
+- groups: null
+lm:users:check:
+- roles: globaladministrator,schooladministrator
+- users: null
+- groups: null
+lm:users:customfields:read:
+- roles: globaladministrator,schooladministrator,teacher,student,parent,staff
+- users: null
+- groups: null
+lm:users:customfields:write:
+- roles: globaladministrator,schooladministrator,teacher,student,parent,staff
+- users: null
+- groups: null
+lm:users:extraclasses:read:
+- roles: globaladministrator,schooladministrator
+- users: null
+- groups: null
+lm:users:extraclasses:write:
+- roles: globaladministrator,schooladministrator
+- users: null
+- groups: null
+lm:users:extrastudents:read:
+- roles: globaladministrator,schooladministrator
+- users: null
+- groups: null
+lm:users:extrastudents:write:
+- roles: globaladministrator,schooladministrator
+- users: null
+- groups: null
+lm:users:globaladmins:create:
+- roles: globaladministrator
+- users: null
+- groups: null
+lm:users:globaladmins:delete:
+- roles: globaladministrator
+- users: null
+- groups: null
+lm:users:globaladmins:read:
+- roles: globaladministrator
+- users: null
+- groups: null
+lm:users:passwords:
+- roles: globaladministrator,schooladministrator,teacher
+- users: null
+- groups: null
+lm:users:schooladmins:create:
+- roles: globaladministrator
+- users: null
+- groups: null
+lm:users:schooladmins:delete:
+- roles: globaladministrator
+- users: null
+- groups: null
+lm:users:schooladmins:read:
+- roles: globaladministrator
+- users: null
+- groups: null
+lm:users:students:read:
+- roles: globaladministrator,schooladministrator,teacher
+- users: null
+- groups: null
+lm:users:students:write:
+- roles: globaladministrator,schooladministrator,teacher
+- users: null
+- groups: null
+lm:users:parents:read:
+- roles: globaladministrator,schooladministrator
+- users: null
+- groups: null
+lm:users:parents:write:
+- roles: globaladministrator,schooladministrator
+- users: null
+- groups: null
+lm:users:staff:read:
+- roles: globaladministrator,schooladministrator
+- users: null
+- groups: null
+lm:users:staff:write:
+- roles: globaladministrator,schooladministrator
+- users: null
+- groups: null
+lm:users:teachers:list:
+- roles: globaladministrator,schooladministrator,teacher
+- users: null
+- groups: null
+lm:users:teachers:read:
+- roles: globaladministrator,schooladministrator
+- users: null
+- groups: null
+lm:users:teachers:write:
+- roles: globaladministrator,schooladministrator
+- users: null
+- groups: null
+lm:users:users:delete:
+- roles: globaladministrator,schooladministrator
+- users: null
+- groups: null
+lmn:groupmembership:
+- roles: globaladministrator,schooladministrator,teacher
+- users: null
+- groups: null
+lmn:groupmemberships:write:
+- roles: globaladministrator,schooladministrator,teacher
+- users: null
+- groups: null
+lm:devices:
+- roles: globaladministrator,schooladministrator
+- users: null
+- groups: null
+lm:devices:import:
+- roles: globaladministrator,schooladministrator
+- users: null
+- groups: null
+lm:linbo:configs:
+- roles: globaladministrator,schooladministrator
+- users: null
+- groups: null
+lm:linbo:examples:
+- roles: globaladministrator,schooladministrator
+- users: null
+- groups: null
+lm:linbo:icons:
+- roles: globaladministrator,schooladministrator
+- users: null
+- groups: null
+lm:linbo:images:
+- roles: globaladministrator,schooladministrator
+- users: null
+- groups: null
+lm:docker:change:
+- roles: globaladministrator,schooladministrator
+- users: null
+- groups: null
+lm:docker:list:
+- roles: globaladministrator,schooladministrator
+- users: null
+- groups: null
+lm:samba_dns:read:
+- roles: globaladministrator,schooladministrator
+- users: null
+- groups: null
+lm:samba_dns:write:
+- roles: globaladministrator,schooladministrator
+- users: null
+- groups: null
+core:config:read:
+- roles: globaladministrator,schooladministrator,teacher
+- users: null
+- groups: null
+core:config:write:
+- roles: globaladministrator,schooladministrator,teacher
+- users: null
+- groups: null
+filesystem:read:
+- roles: globaladministrator,schooladministrator
+- users: null
+- groups: null
+filesystem:write:
+- roles: globaladministrator,schooladministrator,teacher
+- users: null
+- groups: null
+network:configure:
+- roles: globaladministrator
+- users: null
+- groups: null
+network:updown:
+- roles: globaladministrator
+- users: null
+- groups: null
+lmn:clients:config:
+- roles: globaladministrator,schooladministrator
+- users: null
+- groups: null
+lm:device-manager:read:
+- roles: globaladministrator,schooladministrator
+- users: null
+- groups: null
+lm:device-manager:modify:
+- roles: globaladministrator,schooladministrator
+- users: null
+- groups: null
diff --git a/usr/lib/linuxmuster-webui/etc/update_scripts/list-permissions.py b/usr/lib/linuxmuster-webui/etc/update_scripts/list-permissions.py
@@ -0,0 +1,45 @@
+#! /usr/bin/env python3
+
+import os
+import yaml
+
+
+PLUGIN_PATH = '/usr/lib/linuxmuster-webui/plugins'
+PERMISSIONS_TARGET = '/usr/lib/linuxmuster-webui/etc/default_permissions_keywords.yml'
+
+permissions = {
+    'globaladministrator': [],
+    'schooladministrator': [],
+    'teacher': [],
+    'student': [],
+    'parent': [],
+    'staff': []
+}
+
+keywords = []
+
+for plugin in os.listdir(PLUGIN_PATH):
+    permissions_path = os.path.join(PLUGIN_PATH, plugin, 'permissions.yml')
+    if os.path.isfile(permissions_path):
+        with open(permissions_path) as tmp_data:
+            tmp_permissions = yaml.load(tmp_data, Loader=yaml.SafeLoader)
+        for role in tmp_permissions:
+            perms = tmp_permissions.get(role, None)
+            if perms:
+                permissions[role].extend(perms)
+
+            for perm in perms:
+                keyword = perm.split(': ')[0]
+                if keyword not in keywords and 'sidebar' not in keyword:
+                    keywords.append(keyword)
+
+with open(PERMISSIONS_TARGET, 'w') as target:
+    for keyword in keywords:
+        target.write(f"{keyword}:\n")
+        authorized_roles = []
+        for role in permissions.keys():
+            if f'{keyword}: true' in permissions[role]:
+                authorized_roles.append(role)
+        target.write(f"- roles: {','.join(authorized_roles)}\n")
+        target.write("- users: null\n")
+        target.write("- groups: null\n")
