- Timestamp:
- 11/03/11 18:06:41 (13 years ago)
- Location:
- trunk
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/dns.cgi
r160 r162 299 299 unless ($permissions{admin} || $permissions{domain_create}); 300 300 301 ##fixme: scope check on $webvar{group} 301 # security check - does the user have permission to access this entity? 302 if (!check_scope($webvar{group}, 'group')) { 303 changepage(page => "newdomain", add_failed => 1, domain => $webvar{domain}, 304 errmsg => "You do not have permission to add a domain to the requested group"); 305 } 306 302 307 my ($code,$msg) = addDomain($dbh,$webvar{domain},$webvar{group},($webvar{makeactive} eq 'on' ? 1 : 0)); 303 308 … … 315 320 unless ($permissions{admin} || $permissions{domain_delete}); 316 321 317 ##fixme: scope check on $webvar{id} 322 # security check - does the user have permission to access this entity? 323 if (!check_scope($webvar{id}, 'domain')) { 324 changepage(page => "domlist", errmsg => "You do not have permission to delete the requested domain"); 325 } 326 318 327 $page->param(id => $webvar{id}); 319 328 … … 325 334 326 335 } elsif ($webvar{del} eq 'ok') { 327 328 336 my $pargroup = parentID($webvar{id}, 'dom', 'group'); 329 337 my $dom = domainName($dbh, $webvar{id}); … … 344 352 } elsif ($webvar{page} eq 'reclist') { 345 353 346 # security check - does the user have permission to view this entity? 347 my $flag = 0; 348 foreach (@viewablegroups) { 349 $flag = 1 if isParent($dbh, $_, 'group', $webvar{id}, ($webvar{defrec} eq 'y' ? 'group' : 'domain')); 350 } 351 if (!$flag) { 354 # security check - does the user have permission to view this entity? 355 if (!check_scope($webvar{id}, ($webvar{defrec} eq 'y' ? 'group' : 'domain'))) { 352 356 $page->param(errmsg => "You are not permitted to view or change the requested ". 353 357 ($webvar{defrec} eq 'y' ? "group's default records" : "domain's records")); 354 358 $page->param(perm_err => 1); # this causes the template to skip the record listing output. 355 ##fixme: we could skip down to the end of the $webvar{page} eq 'reclist' block... 356 } 357 359 goto DONERECLIST; # and now we skip filling in the content which is not printed due to perm_err above 360 } 361 358 362 # hmm. where do we send them? 359 363 if ($webvar{defrec} eq 'y' && !$permissions{admin}) { 360 364 $page->param(errmsg => "You are not permitted to edit default records"); 361 365 $page->param(perm_err => 1); 362 } els if ($flag) { # $flag carries the scope check results366 } else { 363 367 364 368 $page->param(mayeditsoa => $permissions{admin} || $permissions{domain_edit}); … … 412 416 413 417 } # close "you can't edit default records" check 418 419 # Yes, this is a GOTO target. PTBHTTT. 420 DONERECLIST: ; 414 421 415 422 } elsif ($webvar{page} eq 'record') { … … 621 628 } elsif ($webvar{page} eq 'editsoa') { 622 629 630 # security check - does the user have permission to view this entity? 631 if (!check_scope($webvar{id}, ($webvar{defrec} eq 'y' ? 'group' : 'domain'))) { 632 changepage(page => 'domlist', errmsg => "You do not have permission to edit the ". 633 ($webvar{defrec} eq 'y' ? 'default ' : '')."SOA record for the requested ". 634 ($webvar{defrec} eq 'y' ? 'group' : 'domain')); 635 } 636 637 if ($webvar{defrec} eq 'y') { 638 changepage(page => "domlist", errmsg => "You are not permitted to edit default records") 639 unless $permissions{admin}; 640 } else { 641 changepage(page => "reclist", errmsg => "You are not permitted to edit domain SOA records", id => $webvar{id}) 642 unless ($permissions{admin} || $permissions{domain_edit}); 643 } 644 645 fillsoa($webvar{defrec},$webvar{id}); 646 647 } elsif ($webvar{page} eq 'updatesoa') { 648 649 # security check - does the user have permission to view this entity? 650 # pass 1, record ID 651 if (!check_scope($webvar{recid}, ($webvar{defrec} eq 'y' ? 'defrec' : 'record'))) { 652 changepage(page => 'domlist', errmsg => "You do not have permission to edit the requested SOA record"); 653 } 654 # pass 2, parent (group or domain) ID 655 if (!check_scope($webvar{id}, ($webvar{defrec} eq 'y' ? 'group' : 'domain'))) { 656 changepage(page => 'domlist', errmsg => "You do not have permission to edit the ". 657 ($webvar{defrec} eq 'y' ? 'default ' : '')."SOA record for the requested ". 658 ($webvar{defrec} eq 'y' ? 'group' : 'domain')); 659 } 660 623 661 changepage(page => "reclist", errmsg => "You are not permitted to edit domain SOA records", id => $webvar{id}) 624 662 unless ($permissions{admin} || $permissions{domain_edit}); 625 663 626 fillsoa($webvar{defrec},$webvar{id}); 627 628 } elsif ($webvar{page} eq 'updatesoa') { 629 630 changepage(page => "reclist", errmsg => "You are not permitted to edit domain SOA records", id => $webvar{id}) 631 unless ($permissions{admin} || $permissions{domain_edit}); 664 # get old SOA for log 665 my %soa = getSOA($dbh,$webvar{defrec},$webvar{id}); 632 666 633 667 my $sth; 634 my $sql = ''; 668 ##fixme: push SQL into DNSDB.pm 669 ##fixme: data validation: make sure {recid} is really the SOA for {id} 635 670 # no domain ID, so we're editing the default SOA for a group (we don't care which one here) 636 671 # plus a bit of magic to update the appropriate table 637 $sql = "update ".($webvar{defrec} eq 'y' ? "default_records" : "records"). 638 " set host='$webvar{prins}:$webvar{contact}',". 639 " val='$webvar{refresh}:$webvar{retry}:$webvar{expire}:$webvar{minttl}',". 640 " ttl=$webvar{ttl} where record_id=$webvar{recid}"; 672 my $sql = "UPDATE ".($webvar{defrec} eq 'y' ? "default_records" : "records"). 673 " SET host=?, val=?, ttl=? WHERE record_id=?"; 641 674 $sth = $dbh->prepare($sql); 642 $sth->execute; 675 $sth->execute("$webvar{prins}:$webvar{contact}", 676 "$webvar{refresh}:$webvar{retry}:$webvar{expire}:$webvar{minttl}", 677 $webvar{ttl}, 678 $webvar{recid}); 643 679 644 680 if ($sth->err) { … … 648 684 } else { 649 685 650 ##fixme! need to set group ID properly here 651 # SELECT group_id FROM domains WHERE domain_id=? 652 # $sth->execute($webvar{id}); 653 ##log 654 logaction(0, $session->param("username"), $webvar{group}, 655 "Updated SOA (ns $webvar{prins}, contact $webvar{contact}, refresh $webvar{refresh},". 656 " retry $webvar{retry}, expire $webvar{expire}, minTTL $webvar{minttl}, TTL $webvar{ttl}"); 657 changepage(page => "reclist", id => $webvar{id}, defrec => $webvar{defrec}); 658 # $page->param(update_failed => 0); 659 # showdomain('y',1); 686 # do this in the order of "default to most common case" 687 my $loggroup; 688 my $logdomain = $webvar{id}; 689 if ($webvar{defrec} eq 'y') { 690 $loggroup = $webvar{id}; 691 $logdomain = 0; 692 } else { 693 $loggroup = parentID($logdomain, 'dom', 'group', $webvar{defrec}); 694 } 695 696 logaction($logdomain, $session->param("username"), $loggroup, 697 "Updated ".($webvar{defrec} eq 'y' ? 'default ' : '')."SOA for ". 698 ($webvar{defrec} eq 'y' ? groupName($dbh, $webvar{id}) : domainName($dbh, $webvar{id}) ). 699 ": (ns $soa{prins}, contact $soa{contact}, refresh $soa{refresh},". 700 " retry $soa{retry}, expire $soa{expire}, minTTL $soa{minttl}, TTL $soa{ttl}) to ". 701 "(ns $webvar{prins}, contact $webvar{contact}, refresh $webvar{refresh},". 702 " retry $webvar{retry}, expire $webvar{expire}, minTTL $webvar{minttl}, TTL $webvar{ttl})"); 703 changepage(page => "reclist", id => $webvar{id}, defrec => $webvar{defrec}, 704 resultmsg => "SOA record updated"); 660 705 } 661 706 … … 1118 1163 $page->param(perm_custom => 1); 1119 1164 } 1120 ##work1121 # } elsif ($webvar{action} eq 'update') {1122 1165 } else { 1123 1166 changepage(page => "useradmin", errmsg => "You are not allowed to add new users") … … 1247 1290 $webvar{doit} = '' if !defined($webvar{doit}); 1248 1291 1249 # security check - does the user have permission to access this entity?1250 if (!check_scope($webvar{group}, 'group')) {1251 $page->param(errmsg => "You are not permitted to import domains into the requested group");1252 goto DONEAXFR;1253 }1254 1255 1292 if ($webvar{doit} eq 'y' && !$webvar{ifrom}) { 1256 1293 $page->param(errmsg => "Need to set host to import from"); … … 1258 1295 $page->param(errmsg => "Need domains to import"); 1259 1296 } elsif ($webvar{doit} eq 'y') { 1297 1298 # security check - does the user have permission to access this entity? 1299 if (!check_scope($webvar{group}, 'group')) { 1300 $page->param(errmsg => "You are not permitted to import domains into the requested group"); 1301 goto DONEAXFR; 1302 } 1303 1260 1304 my @domlist = split /\s+/, $webvar{importdoms}; 1261 1305 my @results; … … 1502 1546 my %soa = getSOA($dbh,$def,$id); 1503 1547 1504 $page->param(recid => $soa{recid});1505 1548 $page->param(contact => $soa{contact}); 1506 1549 $page->param(prins => $soa{prins}); … … 1871 1914 1872 1915 # fill page count and first-previous-next-last-all bits 1873 ##fixme - hardcoded group bit1874 1916 fill_pgcount($count,"users",''); 1875 1917 fill_fpnla($count); … … 2040 2082 # so simple when defined as a sub instead of inline. O_o 2041 2083 sub check_scope { 2042 my $entity = shift ;2043 my $entype = shift ;2084 my $entity = shift || ''; 2085 my $entype = shift || ''; 2044 2086 2045 2087 if ($entype eq 'group') { -
trunk/templates/soadata.tmpl
r111 r162 3 3 <td align="left">SOA:</td> 4 4 <TMPL_IF mayeditsoa> 5 <td align="right"><a href="dns.cgi?sid=<TMPL_VAR NAME=sid>&page=editsoa&id=<TMPL_VAR NAME=id>& recid=<TMPL_VAR NAME=recid>&defrec=<TMPL_VAR NAME=defrec>">edit</a></td></TMPL_IF>5 <td align="right"><a href="dns.cgi?sid=<TMPL_VAR NAME=sid>&page=editsoa&id=<TMPL_VAR NAME=id>&defrec=<TMPL_VAR NAME=defrec>">edit</a></td></TMPL_IF> 6 6 </tr> 7 7 </table>
Note:
See TracChangeset
for help on using the changeset viewer.