Index: trunk/dns.cgi
===================================================================
--- trunk/dns.cgi	(revision 139)
+++ trunk/dns.cgi	(revision 141)
@@ -305,49 +305,58 @@
 } elsif ($webvar{page} eq 'reclist') {
 
-  $page->param(mayeditsoa => $permissions{admin} || $permissions{domain_edit});
+# hmm.  where do we send them?
+  if ($webvar{defrec} eq 'y' && !$permissions{admin}) {
+    $page->param(errmsg => "You are not permitted to edit default records");
+    $page->param(perm_err => 1);
+  } else {
+
+    $page->param(mayeditsoa => $permissions{admin} || $permissions{domain_edit});
 ##fixme:  ACL needs pondering.  Does "edit domain" interact with record add/remove/etc?
 # Note this seems to be answered "no" in Vega.
 # ACLs
-  $page->param(record_create	=> ($permissions{admin} || $permissions{record_create}) );
+    $page->param(record_create	=> ($permissions{admin} || $permissions{record_create}) );
 #  $page->param(record_edit	=> ($permissions{admin} || $permissions{record_edit}) );
-  $page->param(record_delete	=> ($permissions{admin} || $permissions{record_delete}) );
+    $page->param(record_delete	=> ($permissions{admin} || $permissions{record_delete}) );
 
   # Handle record list for both default records (per-group) and live domain records
 
-  $page->param(defrec => $webvar{defrec});
-  $page->param(id => $webvar{id});
-  $page->param(curpage => $webvar{page});
-
-  my $count = getRecCount($dbh, $webvar{defrec}, $webvar{id}, $filter);
-
-  $sortby = 'host';
+    $page->param(defrec => $webvar{defrec});
+    $page->param(id => $webvar{id});
+    $page->param(curpage => $webvar{page});
+
+    my $count = getRecCount($dbh, $webvar{defrec}, $webvar{id}, $filter);
+
+    $sortby = 'host';
 # sort/order
-  $session->param($webvar{page}.'sortby', $webvar{sortby}) if $webvar{sortby};
-  $session->param($webvar{page}.'order', $webvar{order}) if $webvar{order};
-
-  $sortby = $session->param($webvar{page}.'sortby') if $session->param($webvar{page}.'sortby');
-  $sortorder = $session->param($webvar{page}.'order') if $session->param($webvar{page}.'order');
+    $session->param($webvar{page}.'sortby', $webvar{sortby}) if $webvar{sortby};
+    $session->param($webvar{page}.'order', $webvar{order}) if $webvar{order};
+
+    $sortby = $session->param($webvar{page}.'sortby') if $session->param($webvar{page}.'sortby');
+    $sortorder = $session->param($webvar{page}.'order') if $session->param($webvar{page}.'order');
 
 # set up the headers
-  my @cols = ('host', 'type', 'val', 'distance', 'weight', 'port', 'ttl');
-  my %colheads = (host => 'Name', type => 'Type', val => 'Address',
+    my @cols = ('host', 'type', 'val', 'distance', 'weight', 'port', 'ttl');
+    my %colheads = (host => 'Name', type => 'Type', val => 'Address',
 	distance => 'Distance', weight => 'Weight', port => 'Port', ttl => 'TTL');
-  my %custom = (id => $webvar{id}, defrec => $webvar{defrec});
-  fill_colheads($sortby, $sortorder, \@cols, \%colheads, \%custom);
+    my %custom = (id => $webvar{id}, defrec => $webvar{defrec});
+    fill_colheads($sortby, $sortorder, \@cols, \%colheads, \%custom);
 
 # fill the page-count and first-previous-next-last-all details
-  fill_pgcount($count,"records",
+    fill_pgcount($count,"records",
 	($webvar{defrec} eq 'y' ? "group ".groupName($dbh,$webvar{id}) : domainName($dbh,$webvar{id})));
-  fill_fpnla($count);  # should put some params on this sub...
-
-  $page->param(defrec => $webvar{defrec});
-  if ($webvar{defrec} eq 'y') {
-    showdomain('y',$curgroup);
-  } else {
-    showdomain('n',$webvar{id});
-    $page->param(logdom => 1);
-  }
-
-  $page->param(errmsg => $webvar{errmsg}) if $webvar{errmsg};
+    fill_fpnla($count);  # should put some params on this sub...
+
+    $page->param(defrec => $webvar{defrec});
+    if ($webvar{defrec} eq 'y') {
+      showdomain('y',$curgroup);
+    } else {
+      showdomain('n',$webvar{id});
+##fixme:  permission for viewing logs?
+      $page->param(logdom => 1);
+    }
+
+    $page->param(errmsg => $webvar{errmsg}) if $webvar{errmsg};
+
+  } # close "you can't edit default records" check
 
 } elsif ($webvar{page} eq 'record') {
@@ -414,4 +423,5 @@
 	unless ($permissions{admin} || $permissions{record_edit});
 
+# check perms to see if the record is "out of scope" for the user
     $page->param(todo		=> "Update record");
     $page->param(recact		=> "update");
@@ -573,4 +583,11 @@
 
   listgroups();
+
+# Permissions!
+  $page->param(addgrp => $permissions{admin} || $permissions{group_create});
+  $page->param(edgrp => $permissions{admin} || $permissions{group_edit});
+  $page->param(delgrp => $permissions{admin} || $permissions{group_delete});
+
+  $page->param(errmsg => $webvar{errmsg}) if $webvar{errmsg};
   $page->param(curpage => $webvar{page});
 
@@ -616,4 +633,9 @@
   if (!defined($webvar{del})) {
     $page->param(del_getconf => 1);
+
+##fixme
+# do a check for "group has stuff in it", and splatter a big warning
+# up along with an unchecked-by-default check box to YES DAMMIT DELETE THE WHOLE THING
+
 #    $page->param(groupname => groupName($dbh,$webvar{id}));
 # print some neato things?
@@ -628,5 +650,5 @@
 # need to find failure mode
       logaction(0, $session->param("username"), $webvar{curgroup}, "Failure deleting group $deleteme: $msg");
-      changepage(page => "grpman", del_failed => 1, errmsg => $msg);
+      changepage(page => "grpman", errmsg => "Error deleting group $deleteme: $msg");
     } else {
 ##fixme: need to clean up log when deleting a major container
@@ -643,5 +665,5 @@
 } elsif ($webvar{page} eq 'edgroup') {
 
-  changepage(page => "grpman", errmsg => "You are not permitted to edit groups", id => $webvar{parentid})
+  changepage(page => "grpman", errmsg => "You are not permitted to edit groups")
 	unless ($permissions{admin} || $permissions{group_edit});
 
@@ -1254,6 +1276,9 @@
   $page->param(logingrp_num => $logingroup);
 
+  $page->param(maydefrec => $permissions{admin});
   $page->param(mayimport => $permissions{admin} || $permissions{domain_create});
   $page->param(maybulk => $permissions{admin} || $permissions{domain_edit} || $permissions{domain_create} || $permissions{domain_delete});
+
+  $page->param(chggrps => ($permissions{admin} || $permissions{group_create} || $permissions{group_edit} || $permissions{group_delete}));
 
   # group tree.  should go elsewhere, probably
@@ -1640,8 +1665,8 @@
 
   my @childgroups;
-  getChildren($dbh, $logingroup, \@childgroups, 'all') if $searchsubs;
+  getChildren($dbh, $curgroup, \@childgroups, 'all') if $searchsubs;
   my $childlist = join(',',@childgroups);
 
-  my $sql = "SELECT count(*) FROM groups WHERE parent_group_id IN ($logingroup".($childlist ? ",$childlist" : '').")".
+  my $sql = "SELECT count(*) FROM groups WHERE parent_group_id IN ($curgroup".($childlist ? ",$childlist" : '').")".
 	($startwith ? " AND group_name ~* '^[$startwith]'" : '').
 	($filter ? " AND group_name ~* '$filter'" : '');
@@ -1687,5 +1712,5 @@
 	"LEFT OUTER JOIN users u ON u.group_id=g.group_id ".
 	"LEFT OUTER JOIN domains d ON d.group_id=g.group_id ".
-	"WHERE g.parent_group_id IN ($logingroup".($childlist ? ",$childlist" : '').") ".
+	"WHERE g.parent_group_id IN ($curgroup".($childlist ? ",$childlist" : '').") ".
 ##fixme:  don't do variable subs in SQL, use placeholders and params in ->execute()
 	($startwith ? " AND g.group_name ~* '^[$startwith]'" : '').
@@ -1706,4 +1731,6 @@
     $row{bg} = ($rownum++)%2;
     $row{sid} = $sid;
+    $row{edgrp} = ($permissions{admin} || $permissions{group_edit});
+    $row{delgrp} = ($permissions{admin} || $permissions{group_delete});
     push @grouplist, \%row;
   }