Changeset 140 for trunk/dns.cgi

Timestamp:

10/13/11 17:13:36 (13 years ago)

Author:

Kris Deugau

Message:

/trunk

ACL fixups:

• Default Records are only viewable by an admin
• Remove links for group operations user is not permitted to access, also rename "Manage groups" to "View groups" if the user does not have any of group add/edit/delete permissions

Lightly tweak error message handling for group operations to
more easily overload it for different errors
TODO note and fixme notes about deleting groups with stuff
still in them

File:

• trunk/dns.cgi (modified) (10 diffs)

trunk/dns.cgi

@@ -305 +305 @@
 } elsif ($webvar{page} eq 'reclist') {
 
-  $page->param(mayeditsoa => $permissions{admin} || $permissions{domain_edit});
+# hmm.  where do we send them?
+  if ($webvar{defrec} eq 'y' && !$permissions{admin}) {
+    $page->param(errmsg => "You are not permitted to edit default records");
+    $page->param(perm_err => 1);
+  } else {
+
+    $page->param(mayeditsoa => $permissions{admin} || $permissions{domain_edit});
 ##fixme:  ACL needs pondering.  Does "edit domain" interact with record add/remove/etc?
 # Note this seems to be answered "no" in Vega.
 # ACLs
-  $page->param(record_create    => ($permissions{admin} || $permissions{record_create}) );
+    $page->param(record_create  => ($permissions{admin} || $permissions{record_create}) );
 #  $page->param(record_edit     => ($permissions{admin} || $permissions{record_edit}) );
-  $page->param(record_delete    => ($permissions{admin} || $permissions{record_delete}) );
+    $page->param(record_delete  => ($permissions{admin} || $permissions{record_delete}) );
 
   # Handle record list for both default records (per-group) and live domain records
 
-  $page->param(defrec => $webvar{defrec});
-  $page->param(id => $webvar{id});
-  $page->param(curpage => $webvar{page});
-
-  my $count = getRecCount($dbh, $webvar{defrec}, $webvar{id}, $filter);
-
-  $sortby = 'host';
+    $page->param(defrec => $webvar{defrec});
+    $page->param(id => $webvar{id});
+    $page->param(curpage => $webvar{page});
+
+    my $count = getRecCount($dbh, $webvar{defrec}, $webvar{id}, $filter);
+
+    $sortby = 'host';
 # sort/order
-  $session->param($webvar{page}.'sortby', $webvar{sortby}) if $webvar{sortby};
-  $session->param($webvar{page}.'order', $webvar{order}) if $webvar{order};
-
-  $sortby = $session->param($webvar{page}.'sortby') if $session->param($webvar{page}.'sortby');
-  $sortorder = $session->param($webvar{page}.'order') if $session->param($webvar{page}.'order');
+    $session->param($webvar{page}.'sortby', $webvar{sortby}) if $webvar{sortby};
+    $session->param($webvar{page}.'order', $webvar{order}) if $webvar{order};
+
+    $sortby = $session->param($webvar{page}.'sortby') if $session->param($webvar{page}.'sortby');
+    $sortorder = $session->param($webvar{page}.'order') if $session->param($webvar{page}.'order');
 
 # set up the headers
-  my @cols = ('host', 'type', 'val', 'distance', 'weight', 'port', 'ttl');
-  my %colheads = (host => 'Name', type => 'Type', val => 'Address',
+    my @cols = ('host', 'type', 'val', 'distance', 'weight', 'port', 'ttl');
+    my %colheads = (host => 'Name', type => 'Type', val => 'Address',
         distance => 'Distance', weight => 'Weight', port => 'Port', ttl => 'TTL');
-  my %custom = (id => $webvar{id}, defrec => $webvar{defrec});
-  fill_colheads($sortby, $sortorder, \@cols, \%colheads, \%custom);
+    my %custom = (id => $webvar{id}, defrec => $webvar{defrec});
+    fill_colheads($sortby, $sortorder, \@cols, \%colheads, \%custom);
 
 # fill the page-count and first-previous-next-last-all details
-  fill_pgcount($count,"records",
+    fill_pgcount($count,"records",
         ($webvar{defrec} eq 'y' ? "group ".groupName($dbh,$webvar{id}) : domainName($dbh,$webvar{id})));
-  fill_fpnla($count);  # should put some params on this sub...
-
-  $page->param(defrec => $webvar{defrec});
-  if ($webvar{defrec} eq 'y') {
-    showdomain('y',$curgroup);
-  } else {
-    showdomain('n',$webvar{id});
-    $page->param(logdom => 1);
-  }
-
-  $page->param(errmsg => $webvar{errmsg}) if $webvar{errmsg};
+    fill_fpnla($count);  # should put some params on this sub...
+
+    $page->param(defrec => $webvar{defrec});
+    if ($webvar{defrec} eq 'y') {
+      showdomain('y',$curgroup);
+    } else {
+      showdomain('n',$webvar{id});
+##fixme:  permission for viewing logs?
+      $page->param(logdom => 1);
+    }
+
+    $page->param(errmsg => $webvar{errmsg}) if $webvar{errmsg};
+
+  } # close "you can't edit default records" check
 
 } elsif ($webvar{page} eq 'record') {
@@ -414 +423 @@
         unless ($permissions{admin} || $permissions{record_edit});
 
+# check perms to see if the record is "out of scope" for the user
     $page->param(todo           => "Update record");
     $page->param(recact         => "update");
@@ -573 +583 @@
 
   listgroups();
+
+# Permissions!
+  $page->param(addgrp => $permissions{admin} || $permissions{group_create});
+  $page->param(edgrp => $permissions{admin} || $permissions{group_edit});
+  $page->param(delgrp => $permissions{admin} || $permissions{group_delete});
+
+  $page->param(errmsg => $webvar{errmsg}) if $webvar{errmsg};
   $page->param(curpage => $webvar{page});
 
@@ -616 +633 @@
   if (!defined($webvar{del})) {
     $page->param(del_getconf => 1);
+
+##fixme
+# do a check for "group has stuff in it", and splatter a big warning
+# up along with an unchecked-by-default check box to YES DAMMIT DELETE THE WHOLE THING
+
 #    $page->param(groupname => groupName($dbh,$webvar{id}));
 # print some neato things?
@@ -628 +650 @@
 # need to find failure mode
       logaction(0, $session->param("username"), $webvar{curgroup}, "Failure deleting group $deleteme: $msg");
-      changepage(page => "grpman", del_failed => 1, errmsg => $msg);
+      changepage(page => "grpman", errmsg => "Error deleting group $deleteme: $msg");
     } else {
 ##fixme: need to clean up log when deleting a major container
@@ -643 +665 @@
 } elsif ($webvar{page} eq 'edgroup') {
 
-  changepage(page => "grpman", errmsg => "You are not permitted to edit groups", id => $webvar{parentid})
+  changepage(page => "grpman", errmsg => "You are not permitted to edit groups")
         unless ($permissions{admin} || $permissions{group_edit});
 
@@ -1254 +1276 @@
   $page->param(logingrp_num => $logingroup);
 
+  $page->param(maydefrec => $permissions{admin});
   $page->param(mayimport => $permissions{admin} || $permissions{domain_create});
   $page->param(maybulk => $permissions{admin} || $permissions{domain_edit} || $permissions{domain_create} || $permissions{domain_delete});
+
+  $page->param(chggrps => ($permissions{admin} || $permissions{group_create} || $permissions{group_edit} || $permissions{group_delete}));
 
   # group tree.  should go elsewhere, probably
@@ -1640 +1665 @@
 
   my @childgroups;
-  getChildren($dbh, $logingroup, \@childgroups, 'all') if $searchsubs;
+  getChildren($dbh, $curgroup, \@childgroups, 'all') if $searchsubs;
   my $childlist = join(',',@childgroups);
 
-  my $sql = "SELECT count(*) FROM groups WHERE parent_group_id IN ($logingroup".($childlist ? ",$childlist" : '').")".
+  my $sql = "SELECT count(*) FROM groups WHERE parent_group_id IN ($curgroup".($childlist ? ",$childlist" : '').")".
         ($startwith ? " AND group_name ~* '^[$startwith]'" : '').
         ($filter ? " AND group_name ~* '$filter'" : '');
@@ -1687 +1712 @@
         "LEFT OUTER JOIN users u ON u.group_id=g.group_id ".
         "LEFT OUTER JOIN domains d ON d.group_id=g.group_id ".
-        "WHERE g.parent_group_id IN ($logingroup".($childlist ? ",$childlist" : '').") ".
+        "WHERE g.parent_group_id IN ($curgroup".($childlist ? ",$childlist" : '').") ".
 ##fixme:  don't do variable subs in SQL, use placeholders and params in ->execute()
         ($startwith ? " AND g.group_name ~* '^[$startwith]'" : '').
@@ -1706 +1731 @@
     $row{bg} = ($rownum++)%2;
     $row{sid} = $sid;
+    $row{edgrp} = ($permissions{admin} || $permissions{group_edit});
+    $row{delgrp} = ($permissions{admin} || $permissions{group_delete});
     push @grouplist, \%row;
   }