Changeset 144 for trunk


Ignore:
Timestamp:
10/14/11 17:32:26 (13 years ago)
Author:
Kris Deugau
Message:

/trunk

ACL checks on users almost complete
Removed obsolete ($webvar{page} eq 'newuser') block and commented
($webvar{page} eq 'adduser') block
Added warning and result CSS definitions; should probably make the
domains and groups use these for consistency with user management

Location:
trunk
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • trunk/dns.cgi

    r142 r144  
    832832  $page->param(deluser => $permissions{admin} || $permissions{user_delete});
    833833
     834  $page->param(resultmsg => $webvar{resultmsg}) if $webvar{resultmsg};
     835  $page->param(warnmsg => $webvar{warnmsg}) if $webvar{warnmsg};
    834836  $page->param(errmsg => $webvar{errmsg}) if $webvar{errmsg};
    835837  $page->param(curpage => $webvar{page});
     
    881883        getPermissions($dbh, 'group', $curgroup, \%grpperms);
    882884        my $ret = comparePermissions(\%permissions, \%grpperms);
    883         if ($ret ne '<' && $ret ne '!') {
     885        if ($ret eq '<' || $ret eq '!') {
    884886          # User's permissions are not a superset or equivalent to group.  Can't inherit
    885887          # (and include access user doesn't currently have), so we force custom.
     
    907909      }
    908910      if ($webvar{action} eq 'add') {
     911        changepage(page => "useradmin", errmsg => "You do not have permission to add new users")
     912                unless $permissions{admin} || $permissions{user_create};
    909913        ($code,$msg) = addUser($dbh, $webvar{uname}, $curgroup, $webvar{pass1},
    910914                ($webvar{makeactive} eq 'on' ? 1 : 0), $webvar{accttype}, $permstring,
     
    913917                if $code eq 'OK';
    914918      } else {
     919        changepage(page => "useradmin", errmsg => "You do not have permission to edit users")
     920                unless $permissions{admin} || $permissions{user_edit};
    915921# User update is icky.  I'd really like to do this in one atomic
    916922# operation, but that would duplicate a **lot** of code in DNSDB.pm
     
    935941                ($webvar{action} eq 'add' ? 'added' : 'updated')." with reduced access.");
    936942      } else {
    937         changepage(page => "useradmin");
     943        changepage(page => "useradmin", resultmsg => "Successfully ".
     944                ($webvar{action} eq 'add' ? 'added' : 'updated')." user $webvar{uname}");
    938945      }
    939946
     
    964971  } elsif ($webvar{action} eq 'edit') {
    965972
     973    changepage(page => "useradmin", errmsg => "You do not have permission to edit users")
     974        unless $permissions{admin} || $permissions{user_edit};
     975
    966976    $page->param(set_permgroup => 1);
    967977    $page->param(action => 'update');
     
    9901000#  } elsif ($webvar{action} eq 'update') {
    9911001  } else {
     1002    changepage(page => "useradmin", errmsg => "You are not allowed to add new users")
     1003        unless $permissions{admin} || $permissions{user_create};
    9921004    # default is "new"
    9931005    $page->param(add => 1);
     
    9961008    fill_actypelist();
    9971009  }
    998 
    999 } elsif ($webvar{page} eq 'newuser') {
    1000 
    1001   # foo?
    1002   fill_actypelist();
    1003   fill_clonemelist();
    1004 
    1005   my %grpperms;
    1006   getPermissions($dbh, 'group', $curgroup, \%grpperms);
    1007   fill_permissions($page, \%grpperms);
    1008 
    1009   my $grppermlist = new HTML::Template(filename => "$templatedir/permlist.tmpl");
    1010   my %noaccess;
    1011   fill_permissions($grppermlist, \%grpperms, \%noaccess);
    1012   $grppermlist->param(info => 1);
    1013   $page->param(grpperms => $grppermlist->output);
    1014 
    1015 #} elsif ($webvar{page} eq 'adduser') {
    1016 #
    1017 #  my ($code,$msg);
    1018 
    1019 #  if ($webvar{pass1} ne $webvar{pass2}) {
    1020 #    $code = 'FAIL';
    1021 #    $msg = "Passwords don't match";
    1022 #  } else {
    1023 ## assemble a permission string - far simpler than trying to pass an
    1024 ## indeterminate set of permission flags individually
    1025 #my $permstring;
    1026 #if ($webvar{perms_type} eq 'custom') {
    1027 #  $permstring = 'C:,g:,u:,d:,r:';
    1028 #  $page->param(perm_custom => 1);
    1029 #} elsif ($webvar{perms_type} eq 'clone') {
    1030 #  $permstring = 'c:';
    1031 #  $page->param(perm_clone => 1);
    1032 #} else {
    1033 #  $permstring = 'i';
    1034 ##  $page->param(perm_inherit => 1);
    1035 #}
    1036 #    ($code,$msg) = addUser($dbh,$webvar{uname}, $webvar{group}, $webvar{pass1},
    1037 #       ($webvar{makeactive} eq 'on' ? 1 : 0), $webvar{accttype},
    1038 #       $webvar{fname}, $webvar{lname}, $webvar{phone});
    1039 #  }
    1040 #
    1041 ## hokay, a bit of magic to decide which page we hit.
    1042 #  if ($code eq 'OK') {
    1043 ###log
    1044 #    logaction(0, $session->param("username"), $webvar{group},
    1045 #       "Added user $webvar{uname} ($webvar{fname} $webvar{lname})");
    1046 #    changepage(page => "useradmin");
    1047 #  } else {
    1048 ## oddity - apparently, xhtml 1.0 strict swallows username as an HTML::Template var.  O_o
    1049 #    $page->param(add_failed => 1);
    1050 #    $page->param(uname => $webvar{uname});
    1051 #    $page->param(fname => $webvar{fname});
    1052 #    $page->param(lname => $webvar{lname});
    1053 #    $page->param(pass1 => $webvar{pass1});
    1054 #    $page->param(pass2 => $webvar{pass2});
    1055 #    $page->param(errmsg => $msg);
    1056 #    fill_actypelist($webvar{accttype});
    1057 #    fill_clonemelist();
    1058 #  }
    1059 #
    1060 ##  $page->param(add_failed => 1);
    1061 #
    10621010
    10631011} elsif ($webvar{page} eq 'deluser') {
  • trunk/templates/dns.css

    r128 r144  
    164164
    165165/* general classes */
     166.result {
     167        border: solid 1px #00CC00;
     168        color: #000000;
     169        background-color: #f0f0f0;
     170        text-align: center;
     171        padding: 5px;
     172        width: 50%;
     173}
     174.warning {
     175        border: solid 2px #FFFF00;
     176        color: #333300;
     177        background-color: #e0e0e0;
     178        text-align: center;
     179        padding: 5px;
     180        width: 70%;
     181}
    166182.errmsg {
    167183        font-weight: bold;
  • trunk/templates/useradmin.tmpl

    r142 r144  
    33<TMPL_INCLUDE NAME="menu.tmpl">
    44
    5 <td class="main">
     5<td align="center" valign="top">
    66
     7<TMPL_IF resultmsg>
     8<div class="result"><TMPL_VAR NAME=resultmsg></div>
     9</TMPL_IF>
    710<TMPL_IF warnmsg>
    811<div class="warning">Warning: <TMPL_VAR NAME=warnmsg></div>
    912</TMPL_IF>
    1013<TMPL_IF errmsg>
    11 <div class='errmsg'><TMPL_VAR NAME=errmsg></div>
     14<div class="errmsg"><TMPL_VAR NAME=errmsg></div>
    1215</TMPL_IF>
    1316
Note: See TracChangeset for help on using the changeset viewer.