Changeset 140 for trunk


Ignore:
Timestamp:
10/13/11 17:13:36 (13 years ago)
Author:
Kris Deugau
Message:

/trunk

ACL fixups:

  • Default Records are only viewable by an admin
  • Remove links for group operations user is not permitted to access, also rename "Manage groups" to "View groups" if the user does not have any of group add/edit/delete permissions

Lightly tweak error message handling for group operations to
more easily overload it for different errors
TODO note and fixme notes about deleting groups with stuff
still in them

Location:
trunk
Files:
5 edited

Legend:

Unmodified
Added
Removed
  • trunk/dns.cgi

    r139 r140  
    305305} elsif ($webvar{page} eq 'reclist') {
    306306
    307   $page->param(mayeditsoa => $permissions{admin} || $permissions{domain_edit});
     307# hmm.  where do we send them?
     308  if ($webvar{defrec} eq 'y' && !$permissions{admin}) {
     309    $page->param(errmsg => "You are not permitted to edit default records");
     310    $page->param(perm_err => 1);
     311  } else {
     312
     313    $page->param(mayeditsoa => $permissions{admin} || $permissions{domain_edit});
    308314##fixme:  ACL needs pondering.  Does "edit domain" interact with record add/remove/etc?
    309315# Note this seems to be answered "no" in Vega.
    310316# ACLs
    311   $page->param(record_create    => ($permissions{admin} || $permissions{record_create}) );
     317    $page->param(record_create  => ($permissions{admin} || $permissions{record_create}) );
    312318#  $page->param(record_edit     => ($permissions{admin} || $permissions{record_edit}) );
    313   $page->param(record_delete    => ($permissions{admin} || $permissions{record_delete}) );
     319    $page->param(record_delete  => ($permissions{admin} || $permissions{record_delete}) );
    314320
    315321  # Handle record list for both default records (per-group) and live domain records
    316322
    317   $page->param(defrec => $webvar{defrec});
    318   $page->param(id => $webvar{id});
    319   $page->param(curpage => $webvar{page});
    320 
    321   my $count = getRecCount($dbh, $webvar{defrec}, $webvar{id}, $filter);
    322 
    323   $sortby = 'host';
     323    $page->param(defrec => $webvar{defrec});
     324    $page->param(id => $webvar{id});
     325    $page->param(curpage => $webvar{page});
     326
     327    my $count = getRecCount($dbh, $webvar{defrec}, $webvar{id}, $filter);
     328
     329    $sortby = 'host';
    324330# sort/order
    325   $session->param($webvar{page}.'sortby', $webvar{sortby}) if $webvar{sortby};
    326   $session->param($webvar{page}.'order', $webvar{order}) if $webvar{order};
    327 
    328   $sortby = $session->param($webvar{page}.'sortby') if $session->param($webvar{page}.'sortby');
    329   $sortorder = $session->param($webvar{page}.'order') if $session->param($webvar{page}.'order');
     331    $session->param($webvar{page}.'sortby', $webvar{sortby}) if $webvar{sortby};
     332    $session->param($webvar{page}.'order', $webvar{order}) if $webvar{order};
     333
     334    $sortby = $session->param($webvar{page}.'sortby') if $session->param($webvar{page}.'sortby');
     335    $sortorder = $session->param($webvar{page}.'order') if $session->param($webvar{page}.'order');
    330336
    331337# set up the headers
    332   my @cols = ('host', 'type', 'val', 'distance', 'weight', 'port', 'ttl');
    333   my %colheads = (host => 'Name', type => 'Type', val => 'Address',
     338    my @cols = ('host', 'type', 'val', 'distance', 'weight', 'port', 'ttl');
     339    my %colheads = (host => 'Name', type => 'Type', val => 'Address',
    334340        distance => 'Distance', weight => 'Weight', port => 'Port', ttl => 'TTL');
    335   my %custom = (id => $webvar{id}, defrec => $webvar{defrec});
    336   fill_colheads($sortby, $sortorder, \@cols, \%colheads, \%custom);
     341    my %custom = (id => $webvar{id}, defrec => $webvar{defrec});
     342    fill_colheads($sortby, $sortorder, \@cols, \%colheads, \%custom);
    337343
    338344# fill the page-count and first-previous-next-last-all details
    339   fill_pgcount($count,"records",
     345    fill_pgcount($count,"records",
    340346        ($webvar{defrec} eq 'y' ? "group ".groupName($dbh,$webvar{id}) : domainName($dbh,$webvar{id})));
    341   fill_fpnla($count);  # should put some params on this sub...
    342 
    343   $page->param(defrec => $webvar{defrec});
    344   if ($webvar{defrec} eq 'y') {
    345     showdomain('y',$curgroup);
    346   } else {
    347     showdomain('n',$webvar{id});
    348     $page->param(logdom => 1);
    349   }
    350 
    351   $page->param(errmsg => $webvar{errmsg}) if $webvar{errmsg};
     347    fill_fpnla($count);  # should put some params on this sub...
     348
     349    $page->param(defrec => $webvar{defrec});
     350    if ($webvar{defrec} eq 'y') {
     351      showdomain('y',$curgroup);
     352    } else {
     353      showdomain('n',$webvar{id});
     354##fixme:  permission for viewing logs?
     355      $page->param(logdom => 1);
     356    }
     357
     358    $page->param(errmsg => $webvar{errmsg}) if $webvar{errmsg};
     359
     360  } # close "you can't edit default records" check
    352361
    353362} elsif ($webvar{page} eq 'record') {
     
    414423        unless ($permissions{admin} || $permissions{record_edit});
    415424
     425# check perms to see if the record is "out of scope" for the user
    416426    $page->param(todo           => "Update record");
    417427    $page->param(recact         => "update");
     
    573583
    574584  listgroups();
     585
     586# Permissions!
     587  $page->param(addgrp => $permissions{admin} || $permissions{group_create});
     588  $page->param(edgrp => $permissions{admin} || $permissions{group_edit});
     589  $page->param(delgrp => $permissions{admin} || $permissions{group_delete});
     590
     591  $page->param(errmsg => $webvar{errmsg}) if $webvar{errmsg};
    575592  $page->param(curpage => $webvar{page});
    576593
     
    616633  if (!defined($webvar{del})) {
    617634    $page->param(del_getconf => 1);
     635
     636##fixme
     637# do a check for "group has stuff in it", and splatter a big warning
     638# up along with an unchecked-by-default check box to YES DAMMIT DELETE THE WHOLE THING
     639
    618640#    $page->param(groupname => groupName($dbh,$webvar{id}));
    619641# print some neato things?
     
    628650# need to find failure mode
    629651      logaction(0, $session->param("username"), $webvar{curgroup}, "Failure deleting group $deleteme: $msg");
    630       changepage(page => "grpman", del_failed => 1, errmsg => $msg);
     652      changepage(page => "grpman", errmsg => "Error deleting group $deleteme: $msg");
    631653    } else {
    632654##fixme: need to clean up log when deleting a major container
     
    643665} elsif ($webvar{page} eq 'edgroup') {
    644666
    645   changepage(page => "grpman", errmsg => "You are not permitted to edit groups", id => $webvar{parentid})
     667  changepage(page => "grpman", errmsg => "You are not permitted to edit groups")
    646668        unless ($permissions{admin} || $permissions{group_edit});
    647669
     
    12541276  $page->param(logingrp_num => $logingroup);
    12551277
     1278  $page->param(maydefrec => $permissions{admin});
    12561279  $page->param(mayimport => $permissions{admin} || $permissions{domain_create});
    12571280  $page->param(maybulk => $permissions{admin} || $permissions{domain_edit} || $permissions{domain_create} || $permissions{domain_delete});
     1281
     1282  $page->param(chggrps => ($permissions{admin} || $permissions{group_create} || $permissions{group_edit} || $permissions{group_delete}));
    12581283
    12591284  # group tree.  should go elsewhere, probably
     
    16401665
    16411666  my @childgroups;
    1642   getChildren($dbh, $logingroup, \@childgroups, 'all') if $searchsubs;
     1667  getChildren($dbh, $curgroup, \@childgroups, 'all') if $searchsubs;
    16431668  my $childlist = join(',',@childgroups);
    16441669
    1645   my $sql = "SELECT count(*) FROM groups WHERE parent_group_id IN ($logingroup".($childlist ? ",$childlist" : '').")".
     1670  my $sql = "SELECT count(*) FROM groups WHERE parent_group_id IN ($curgroup".($childlist ? ",$childlist" : '').")".
    16461671        ($startwith ? " AND group_name ~* '^[$startwith]'" : '').
    16471672        ($filter ? " AND group_name ~* '$filter'" : '');
     
    16871712        "LEFT OUTER JOIN users u ON u.group_id=g.group_id ".
    16881713        "LEFT OUTER JOIN domains d ON d.group_id=g.group_id ".
    1689         "WHERE g.parent_group_id IN ($logingroup".($childlist ? ",$childlist" : '').") ".
     1714        "WHERE g.parent_group_id IN ($curgroup".($childlist ? ",$childlist" : '').") ".
    16901715##fixme:  don't do variable subs in SQL, use placeholders and params in ->execute()
    16911716        ($startwith ? " AND g.group_name ~* '^[$startwith]'" : '').
     
    17061731    $row{bg} = ($rownum++)%2;
    17071732    $row{sid} = $sid;
     1733    $row{edgrp} = ($permissions{admin} || $permissions{group_edit});
     1734    $row{delgrp} = ($permissions{admin} || $permissions{group_delete});
    17081735    push @grouplist, \%row;
    17091736  }
  • trunk/templates/grpman.tmpl

    r100 r140  
    55<td align="center" valign="top">
    66
    7  <TMPL_IF del_failed>
    8   <div class='errmsg'>Error deleting group <TMPL_VAR NAME=delgroupname>: <TMPL_VAR NAME=errmsg></div>
     7 <TMPL_IF errmsg>
     8  <div class='errmsg'><TMPL_VAR NAME=errmsg></div>
    99 </TMPL_IF>
    1010
    1111<table width="98%">
    12 <tr><th colspan="3"><div class="center maintitle">Manage groups</div></th></tr>
     12<tr><th colspan="3"><div class="center maintitle"><TMPL_IF chggrps>Manage<TMPL_ELSE>View</TMPL_IF> groups</div></th></tr>
    1313<tr>
    1414<td class="leftthird"><TMPL_INCLUDE NAME="pgcount.tmpl"></td>
     
    1818<tr><td colspan="3" align="center"><TMPL_INCLUDE NAME="lettsearch.tmpl"></td></tr>
    1919<tr>
    20         <td colspan="2"><a href="dns.cgi?sid=<TMPL_VAR NAME=sid>&amp;page=edgroup&amp;gid=<TMPL_VAR NAME=gid>">Edit Current Group</a></td>
    21         <td align="right"><a href="dns.cgi?sid=<TMPL_VAR NAME=sid>&amp;page=newgrp">New Group</a></td>
     20        <td colspan="2"><TMPL_IF edgrp><a href="dns.cgi?sid=<TMPL_VAR NAME=sid>&amp;page=edgroup&amp;gid=<TMPL_VAR NAME=gid>">Edit Current Group</a></TMPL_IF></td>
     21        <td align="right"><TMPL_IF addgrp><a href="dns.cgi?sid=<TMPL_VAR NAME=sid>&amp;page=newgrp">New Group</a></TMPL_IF>
     22</td>
    2223</tr>
    2324</table>
     
    2728<TMPL_LOOP NAME=colheads>
    2829        <td class="datahead_<TMPL_IF firstcol>l<TMPL_ELSE>s</TMPL_IF>"><a href="dns.cgi?sid=<TMPL_VAR NAME=sid>&amp;page=<TMPL_VAR NAME=page><TMPL_IF NAME=offset>&amp;offset=<TMPL_VAR NAME=offset></TMPL_IF>&amp;sortby=<TMPL_VAR NAME=sortby>&amp;order=<TMPL_VAR NAME=order>"><TMPL_VAR NAME=colname></a><TMPL_IF NAME=sortorder>&nbsp;<img alt="<TMPL_VAR NAME=sortorder>" src="images/<TMPL_VAR NAME=sortorder>.png" /></TMPL_IF></td></TMPL_LOOP>
     30<TMPL_IF delgrp>
    2931        <td class="datahead_s">Delete</td>
     32</TMPL_IF>
    3033</tr>
    3134<TMPL_IF name=grouptable>
    3235<TMPL_LOOP name=grouptable>
    3336<tr class="row<TMPL_VAR name=bg>">
    34         <td align="left"><a href="dns.cgi?sid=<TMPL_VAR NAME=sid>&amp;page=edgroup&amp;gid=<TMPL_VAR NAME=groupid>"><TMPL_VAR NAME=groupname></a></td>
     37        <td align="left"><TMPL_IF edgrp><a href="dns.cgi?sid=<TMPL_VAR NAME=sid>&amp;page=edgroup&amp;gid=<TMPL_VAR NAME=groupid>"><TMPL_VAR NAME=groupname></a><TMPL_ELSE><TMPL_VAR NAME=groupname></TMPL_IF></td>
    3538        <td><TMPL_VAR name=pgroup></td>
    3639        <td><TMPL_VAR name=nusers></td>
    3740        <td><TMPL_VAR name=ndomains></td>
     41<TMPL_IF delgrp>
    3842        <td align="center"><a href="dns.cgi?sid=<TMPL_VAR NAME=sid>&amp;page=delgrp&amp;id=<TMPL_VAR NAME=groupid>"><img src="images/trash2.png" alt="[ Delete ]" /></a></td>
     43</TMPL_IF>
    3944</tr>
    4045</TMPL_LOOP>
  • trunk/templates/grptree.tmpl

    r117 r140  
    11<TMPL_VAR NAME=indent><ul class="grptree">
    22<TMPL_LOOP NAME=treelvl><TMPL_VAR NAME=indent>  <li class="<TMPL_IF NAME=subs>hassub<TMPL_ELSE>leaf</TMPL_IF>">
    3 <TMPL_IF name=subs><TMPL_VAR NAME=indent>    <label for="grp_<TMPL_VAR NAME=grpname>"<TMPL_IF curgrp> class="curgrp"</TMPL_IF>><a href="<TMPL_VAR NAME=whereami>&group=<TMPL_VAR NAME=grpnum>&action=chgroup"><TMPL_VAR NAME=grpname></a></label>
    4 <TMPL_VAR NAME=indent>    <input type="checkbox" class="grptreebox" <TMPL_IF expanded> checked="checked" </TMPL_IF>id="grp_<TMPL_VAR NAME=grpname>" /><TMPL_ELSE><TMPL_VAR NAME=indent>    <a href="<TMPL_VAR NAME=whereami>&group=<TMPL_VAR NAME=grpnum>&action=chgroup"><TMPL_IF curgrp><span class="curgrp"><TMPL_VAR NAME=grpname></span><TMPL_ELSE><TMPL_VAR NAME=grpname></TMPL_IF></a></TMPL_IF>
     3<TMPL_IF name=subs><TMPL_VAR NAME=indent>    <label for="grp_<TMPL_VAR NAME=grpname>"<TMPL_IF curgrp> class="curgrp"</TMPL_IF>><a href="<TMPL_VAR NAME=whereami>&amp;group=<TMPL_VAR NAME=grpnum>&amp;action=chgroup"><TMPL_VAR NAME=grpname></a></label>
     4<TMPL_VAR NAME=indent>    <input type="checkbox" class="grptreebox" <TMPL_IF expanded> checked="checked" </TMPL_IF>id="grp_<TMPL_VAR NAME=grpname>" /><TMPL_ELSE><TMPL_VAR NAME=indent>    <a href="<TMPL_VAR NAME=whereami>&amp;group=<TMPL_VAR NAME=grpnum>&amp;action=chgroup"><TMPL_IF curgrp><span class="curgrp"><TMPL_VAR NAME=grpname></span><TMPL_ELSE><TMPL_VAR NAME=grpname></TMPL_IF></a></TMPL_IF>
    55<TMPL_VAR NAME=subs><TMPL_VAR NAME=indent>  </li>
    66</TMPL_LOOP><TMPL_VAR NAME=indent></ul>
  • trunk/templates/menu.tmpl

    r126 r140  
    66<a href="dns.cgi?sid=<TMPL_VAR NAME=sid>&amp;page=useradmin">Users</a><br />
    77<a href="dns.cgi?sid=<TMPL_VAR NAME=sid>&amp;page=log">Log</a><br />
    8 <a href="dns.cgi?sid=<TMPL_VAR NAME=sid>&amp;page=reclist&amp;id=<TMPL_VAR NAME=group>&amp;defrec=y">Default Records</a><br />
     8<TMPL_IF maydefrec><a href="dns.cgi?sid=<TMPL_VAR NAME=sid>&amp;page=reclist&amp;id=<TMPL_VAR NAME=group>&amp;defrec=y">Default Records</a><br /></TMPL_IF>
    99<TMPL_IF mayimport><a href="dns.cgi?sid=<TMPL_VAR NAME=sid>&amp;page=axfr">AXFR Import</a><br /></TMPL_IF>
    1010<TMPL_IF maybulk><a href="dns.cgi?sid=<TMPL_VAR NAME=sid>&amp;page=bulkdomain">Bulk Domain Operations</a><br /></TMPL_IF>
    1111<hr />
    12 <a href="dns.cgi?sid=<TMPL_VAR NAME=sid>&amp;page=grpman">Manage groups</a><br />
     12<a href="dns.cgi?sid=<TMPL_VAR NAME=sid>&amp;page=grpman"><TMPL_IF chggrps>Manage<TMPL_ELSE>View</TMPL_IF> groups</a><br />
    1313<div id="grptree">
    1414
    1515<ul class="grptree">
    1616  <li class="<TMPL_IF NAME=subs>hassub<TMPL_ELSE>leaf</TMPL_IF>">
    17 <TMPL_IF name=subs>    <label for="<TMPL_VAR NAME=logingrp>"<TMPL_IF inlogingrp> class="curgrp"</TMPL_IF>><a href="<TMPL_VAR NAME=whereami>&group=<TMPL_VAR NAME=logingrp_num>&action=chgroup"><TMPL_VAR NAME=logingrp></a></label>
     17<TMPL_IF name=subs>    <label for="<TMPL_VAR NAME=logingrp>"<TMPL_IF inlogingrp> class="curgrp"</TMPL_IF>><a href="<TMPL_VAR NAME=whereami>&amp;group=<TMPL_VAR NAME=logingrp_num>&amp;action=chgroup"><TMPL_VAR NAME=logingrp></a></label>
    1818    <input type="checkbox" checked="checked" id="<TMPL_VAR NAME=logingrp>" /><TMPL_ELSE>
    1919    <!-- span<TMPL_IF inlogingrp> class="curgrp"</TMPL_IF> -->
  • trunk/templates/reclist.tmpl

    r137 r140  
    99 </TMPL_IF>
    1010
     11<TMPL_UNLESS perm_err>
    1112<!-- FIXME:  long data in records causes record list table to overflow one or another container -->
    1213
     
    7778</td></tr></table>
    7879<!-- /div -->
     80</TMPL_UNLESS>
    7981
    8082</td>
Note: See TracChangeset for help on using the changeset viewer.