Changeset 144 for trunk

Timestamp:

10/14/11 17:32:26 (13 years ago)

Author:

Kris Deugau

Message:

/trunk

ACL checks on users almost complete
Removed obsolete ($webvar{page} eq 'newuser') block and commented
($webvar{page} eq 'adduser') block
Added warning and result CSS definitions; should probably make the
domains and groups use these for consistency with user management

Location:

trunk

Files:

• dns.cgi (modified) (8 diffs)
• templates/dns.css (modified) (1 diff)
• templates/useradmin.tmpl (modified) (1 diff)

trunk/dns.cgi

@@ -832 +832 @@
   $page->param(deluser => $permissions{admin} || $permissions{user_delete});
 
+  $page->param(resultmsg => $webvar{resultmsg}) if $webvar{resultmsg};
+  $page->param(warnmsg => $webvar{warnmsg}) if $webvar{warnmsg};
   $page->param(errmsg => $webvar{errmsg}) if $webvar{errmsg};
   $page->param(curpage => $webvar{page});
@@ -881 +883 @@
         getPermissions($dbh, 'group', $curgroup, \%grpperms);
         my $ret = comparePermissions(\%permissions, \%grpperms);
-        if ($ret ne '<' && $ret ne '!') {
+        if ($ret eq '<' || $ret eq '!') {
           # User's permissions are not a superset or equivalent to group.  Can't inherit
           # (and include access user doesn't currently have), so we force custom.
@@ -907 +909 @@
       }
       if ($webvar{action} eq 'add') {
+        changepage(page => "useradmin", errmsg => "You do not have permission to add new users")
+                unless $permissions{admin} || $permissions{user_create};
         ($code,$msg) = addUser($dbh, $webvar{uname}, $curgroup, $webvar{pass1},
                 ($webvar{makeactive} eq 'on' ? 1 : 0), $webvar{accttype}, $permstring,
@@ -913 +917 @@
                 if $code eq 'OK';
       } else {
+        changepage(page => "useradmin", errmsg => "You do not have permission to edit users")
+                unless $permissions{admin} || $permissions{user_edit};
 # User update is icky.  I'd really like to do this in one atomic
 # operation, but that would duplicate a **lot** of code in DNSDB.pm
@@ -935 +941 @@
                 ($webvar{action} eq 'add' ? 'added' : 'updated')." with reduced access.");
       } else {
-        changepage(page => "useradmin");
+        changepage(page => "useradmin", resultmsg => "Successfully ".
+                ($webvar{action} eq 'add' ? 'added' : 'updated')." user $webvar{uname}");
       }
 
@@ -964 +971 @@
   } elsif ($webvar{action} eq 'edit') {
 
+    changepage(page => "useradmin", errmsg => "You do not have permission to edit users")
+        unless $permissions{admin} || $permissions{user_edit};
+
     $page->param(set_permgroup => 1);
     $page->param(action => 'update');
@@ -990 +1000 @@
 #  } elsif ($webvar{action} eq 'update') {
   } else {
+    changepage(page => "useradmin", errmsg => "You are not allowed to add new users")
+        unless $permissions{admin} || $permissions{user_create};
     # default is "new"
     $page->param(add => 1);
@@ -996 +1008 @@
     fill_actypelist();
   }
-
-} elsif ($webvar{page} eq 'newuser') {
-
-  # foo?
-  fill_actypelist();
-  fill_clonemelist();
-
-  my %grpperms;
-  getPermissions($dbh, 'group', $curgroup, \%grpperms);
-  fill_permissions($page, \%grpperms);
-
-  my $grppermlist = new HTML::Template(filename => "$templatedir/permlist.tmpl");
-  my %noaccess;
-  fill_permissions($grppermlist, \%grpperms, \%noaccess);
-  $grppermlist->param(info => 1);
-  $page->param(grpperms => $grppermlist->output);
-
-#} elsif ($webvar{page} eq 'adduser') {
-#
-#  my ($code,$msg);
-#  
-#  if ($webvar{pass1} ne $webvar{pass2}) {
-#    $code = 'FAIL';
-#    $msg = "Passwords don't match";
-#  } else {
-## assemble a permission string - far simpler than trying to pass an
-## indeterminate set of permission flags individually
-#my $permstring;
-#if ($webvar{perms_type} eq 'custom') {
-#  $permstring = 'C:,g:,u:,d:,r:';
-#  $page->param(perm_custom => 1);
-#} elsif ($webvar{perms_type} eq 'clone') {
-#  $permstring = 'c:';
-#  $page->param(perm_clone => 1);
-#} else {
-#  $permstring = 'i';
-##  $page->param(perm_inherit => 1);
-#}
-#    ($code,$msg) = addUser($dbh,$webvar{uname}, $webvar{group}, $webvar{pass1},
-#       ($webvar{makeactive} eq 'on' ? 1 : 0), $webvar{accttype}, 
-#       $webvar{fname}, $webvar{lname}, $webvar{phone});
-#  }
-#
-## hokay, a bit of magic to decide which page we hit.
-#  if ($code eq 'OK') {
-###log
-#    logaction(0, $session->param("username"), $webvar{group},
-#       "Added user $webvar{uname} ($webvar{fname} $webvar{lname})");
-#    changepage(page => "useradmin");
-#  } else {
-## oddity - apparently, xhtml 1.0 strict swallows username as an HTML::Template var.  O_o
-#    $page->param(add_failed => 1);
-#    $page->param(uname => $webvar{uname});
-#    $page->param(fname => $webvar{fname});
-#    $page->param(lname => $webvar{lname});
-#    $page->param(pass1 => $webvar{pass1});
-#    $page->param(pass2 => $webvar{pass2});
-#    $page->param(errmsg => $msg);
-#    fill_actypelist($webvar{accttype});
-#    fill_clonemelist();
-#  }
-#
-##  $page->param(add_failed => 1);
-#
 
 } elsif ($webvar{page} eq 'deluser') {

trunk/templates/dns.css

@@ -164 +164 @@
 
 /* general classes */
+.result {
+        border: solid 1px #00CC00;
+        color: #000000;
+        background-color: #f0f0f0;
+        text-align: center;
+        padding: 5px;
+        width: 50%;
+}
+.warning {
+        border: solid 2px #FFFF00;
+        color: #333300;
+        background-color: #e0e0e0;
+        text-align: center;
+        padding: 5px;
+        width: 70%;
+}
 .errmsg {
         font-weight: bold;

trunk/templates/useradmin.tmpl

@@ -3 +3 @@
 <TMPL_INCLUDE NAME="menu.tmpl">
 
-<td class="main">
+<td align="center" valign="top">
 
+<TMPL_IF resultmsg>
+<div class="result"><TMPL_VAR NAME=resultmsg></div>
+</TMPL_IF>
 <TMPL_IF warnmsg>
 <div class="warning">Warning: <TMPL_VAR NAME=warnmsg></div>
 </TMPL_IF>
 <TMPL_IF errmsg>
-<div class='errmsg'><TMPL_VAR NAME=errmsg></div>
+<div class="errmsg"><TMPL_VAR NAME=errmsg></div>
 </TMPL_IF>