Changeset 111
- Timestamp:
- 08/01/11 19:24:30 (13 years ago)
- Location:
- trunk
- Files:
-
- 4 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/DNSDB.pm
r108 r111 759 759 |c:\d+ # clone 760 760 # custom. no, the leading , is not a typo 761 |C:(?:,(?:group|user|domain|record|self)_(?:edit|create|delete)) +761 |C:(?:,(?:group|user|domain|record|self)_(?:edit|create|delete))* 762 762 )$/x; 763 763 # bleh. I'd call another function to do my dirty work, but we're in the middle of a transaction already. -
trunk/dns.cgi
r110 r111 265 265 } elsif ($webvar{page} eq 'reclist') { 266 266 267 $page->param(mayeditsoa => $permissions{admin} || $permissions{domain_edit}); 267 268 ##fixme: ACL needs pondering. Does "edit domain" interact with record add/remove/etc? 268 269 # Note this seems to be answered "no" in Vega. … … 439 440 440 441 } elsif ($webvar{page} eq 'delrec') { 442 443 # This is a complete separate segment since it uses a different template from add/edit records above 441 444 442 445 changepage(page => "reclist", errmsg => "You are not permitted to delete records", id => $webvar{parentid}) … … 488 491 } elsif ($webvar{page} eq 'editsoa') { 489 492 493 changepage(page => "reclist", errmsg => "You are not permitted to edit domain SOA records", id => $webvar{id}) 494 unless ($permissions{admin} || $permissions{domain_edit}); 495 490 496 fillsoa($webvar{defrec},$webvar{id}); 491 497 492 498 } elsif ($webvar{page} eq 'updatesoa') { 499 500 changepage(page => "reclist", errmsg => "You are not permitted to edit domain SOA records", id => $webvar{id}) 501 unless ($permissions{admin} || $permissions{domain_edit}); 493 502 494 503 my $sth; … … 527 536 528 537 } elsif ($webvar{page} eq 'newgrp') { 538 539 changepage(page => "grpman", errmsg => "You are not permitted to add groups", id => $webvar{parentid}) 540 unless ($permissions{admin} || $permissions{group_add}); 529 541 530 542 # do.. uhh.. stuff.. if we have no webvar{action} … … 557 569 } elsif ($webvar{page} eq 'delgrp') { 558 570 571 changepage(page => "grpman", errmsg => "You are not permitted to delete groups", id => $webvar{parentid}) 572 unless ($permissions{admin} || $permissions{group_delete}); 573 559 574 $page->param(id => $webvar{id}); 560 575 # first pass = confirm y/n (sorta) … … 588 603 } elsif ($webvar{page} eq 'edgroup') { 589 604 605 changepage(page => "grpman", errmsg => "You are not permitted to edit groups", id => $webvar{parentid}) 606 unless ($permissions{admin} || $permissions{group_edit}); 607 590 608 if ($webvar{action} eq 'updperms') { 591 609 # extra safety check; make sure user can't construct a URL to bypass ACLs … … 617 635 618 636 changepage(page => "domlist", errmsg => "You are not permitted to make bulk domain changes") 619 unless ($permissions{admin} || ($permissions{domain_edit} && $permissions{domain_create} && $permissions{domain_delete}));637 unless ($permissions{admin} || $permissions{domain_edit} || $permissions{domain_create} || $permissions{domain_delete}); 620 638 621 639 ##fixme … … 669 687 670 688 } elsif ($webvar{page} eq 'user') { 689 690 # All user add/edit actions fall through the same page, since there aren't 691 # really any hard differences between the templates 671 692 672 693 #fill_actypelist($webvar{accttype}); … … 990 1011 } elsif ($webvar{page} eq 'axfr') { 991 1012 1013 changepage(page => "domlist", errmsg => "You are not permitted to import domains") 1014 unless ($permissions{admin} || $permissions{domain_create}); 1015 992 1016 # don't need this while we've got the dropdown in the menu. hmm. 993 1017 #fill_grouplist; … … 1109 1133 $page->param(groupname => groupName($dbh,$curgroup)); 1110 1134 $page->param(logingrp => groupName($dbh,$logingroup)); 1135 1136 $page->param(mayimport => $permissions{admin} || $permissions{domain_create}); 1137 $page->param(maybulk => $permissions{admin} || $permissions{domain_edit} || $permissions{domain_create} || $permissions{domain_delete}); 1111 1138 1112 1139 # group tree. should go elsewhere, probably -
trunk/templates/menu.tmpl
r110 r111 7 7 <a href="dns.cgi?sid=<TMPL_VAR NAME=sid>&page=log">Log</a><br /> 8 8 <a href="dns.cgi?sid=<TMPL_VAR NAME=sid>&page=reclist&id=<TMPL_VAR NAME=group>&defrec=y">Default Records</a><br /> 9 < a href="dns.cgi?sid=<TMPL_VAR NAME=sid>&page=axfr">AXFR Import</a><br />10 < a href="dns.cgi?sid=<TMPL_VAR NAME=sid>&page=bulkdomain">Bulk Domain Operations</a><br />9 <TMPL_IF mayimport><a href="dns.cgi?sid=<TMPL_VAR NAME=sid>&page=axfr">AXFR Import</a><br /></TMPL_IF> 10 <TMPL_IF maybulk><a href="dns.cgi?sid=<TMPL_VAR NAME=sid>&page=bulkdomain">Bulk Domain Operations</a><br /></TMPL_IF> 11 11 <hr /> 12 12 Current group: -
trunk/templates/soadata.tmpl
r39 r111 2 2 <tr class="darkrowheader"> 3 3 <td align="left">SOA:</td> 4 <td align="right"><a href="dns.cgi?sid=<TMPL_VAR NAME=sid>&page=editsoa&id=<TMPL_VAR NAME=id>&recid=<TMPL_VAR NAME=recid>&defrec=<TMPL_VAR NAME=defrec>">edit</a></td> 4 <TMPL_IF mayeditsoa> 5 <td align="right"><a href="dns.cgi?sid=<TMPL_VAR NAME=sid>&page=editsoa&id=<TMPL_VAR NAME=id>&recid=<TMPL_VAR NAME=recid>&defrec=<TMPL_VAR NAME=defrec>">edit</a></td></TMPL_IF> 5 6 </tr> 6 7 </table>
Note:
See TracChangeset
for help on using the changeset viewer.