Changeset 169 for trunk/dns.cgi
- Timestamp:
- 11/22/11 17:26:26 (13 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/dns.cgi
r168 r169 310 310 311 311 # security check - does the user have permission to access this entity? 312 if (!check_scope( $webvar{group},'group')) {312 if (!check_scope(id => $webvar{group}, type => 'group')) { 313 313 changepage(page => "newdomain", add_failed => 1, domain => $webvar{domain}, 314 314 errmsg => "You do not have permission to add a domain to the requested group"); … … 331 331 332 332 # security check - does the user have permission to access this entity? 333 if (!check_scope( $webvar{id},'domain')) {333 if (!check_scope(id => $webvar{id}, type => 'domain')) { 334 334 changepage(page => "domlist", errmsg => "You do not have permission to delete the requested domain"); 335 335 } … … 363 363 364 364 # security check - does the user have permission to view this entity? 365 if (!check_scope( $webvar{id},($webvar{defrec} eq 'y' ? 'group' : 'domain'))) {365 if (!check_scope(id => $webvar{id}, type => ($webvar{defrec} eq 'y' ? 'group' : 'domain'))) { 366 366 $page->param(errmsg => "You are not permitted to view or change the requested ". 367 367 ($webvar{defrec} eq 'y' ? "group's default records" : "domain's records")); … … 433 433 434 434 # security check - does the user have permission to access this entity? 435 if (!check_scope( $webvar{id},($webvar{defrec} eq 'y' ? 'defrec' : 'record'))) {435 if (!check_scope(id => $webvar{id}, type => ($webvar{defrec} eq 'y' ? 'defrec' : 'record'))) { 436 436 $page->param(perm_err => "You are not permitted to edit the requested record"); 437 437 goto DONEREC; 438 438 } 439 439 # round 2, check the parent. 440 if (!check_scope( $webvar{parentid},($webvar{defrec} eq 'y' ? 'group' : 'domain'))) {440 if (!check_scope(id => $webvar{parentid}, type => ($webvar{defrec} eq 'y' ? 'group' : 'domain'))) { 441 441 my $msg = ($webvar{defrec} eq 'y' ? 442 442 "You are not permitted to add or edit default records in the requested group" : … … 639 639 640 640 # security check - does the user have permission to view this entity? 641 if (!check_scope( $webvar{id},($webvar{defrec} eq 'y' ? 'group' : 'domain'))) {641 if (!check_scope(id => $webvar{id}, type => ($webvar{defrec} eq 'y' ? 'group' : 'domain'))) { 642 642 changepage(page => 'domlist', errmsg => "You do not have permission to edit the ". 643 643 ($webvar{defrec} eq 'y' ? 'default ' : '')."SOA record for the requested ". … … 659 659 # security check - does the user have permission to view this entity? 660 660 # pass 1, record ID 661 if (!check_scope( $webvar{recid},($webvar{defrec} eq 'y' ? 'defrec' : 'record'))) {661 if (!check_scope(id => $webvar{recid}, type => ($webvar{defrec} eq 'y' ? 'defrec' : 'record'))) { 662 662 changepage(page => 'domlist', errmsg => "You do not have permission to edit the requested SOA record"); 663 663 } 664 664 # pass 2, parent (group or domain) ID 665 if (!check_scope( $webvar{id},($webvar{defrec} eq 'y' ? 'group' : 'domain'))) {665 if (!check_scope(id => $webvar{id}, type => ($webvar{defrec} eq 'y' ? 'group' : 'domain'))) { 666 666 changepage(page => 'domlist', errmsg => "You do not have permission to edit the ". 667 667 ($webvar{defrec} eq 'y' ? 'default ' : '')."SOA record for the requested ". … … 877 877 878 878 # security check - does the user have permission to access this entity? 879 if (!check_scope( $webvar{destgroup},'group')) {879 if (!check_scope(id => $webvar{destgroup}, type => 'group')) { 880 880 $page->param(errmsg => "You are not permitted to make bulk changes in the requested group"); 881 881 goto DONEBULK; … … 895 895 next unless $_ =~ /^dom_\d+$/; 896 896 # second security check - does the user have permission to meddle with this domain? 897 if (!check_scope( $webvar{$_},'domain')) {897 if (!check_scope(id => $webvar{$_}, type => 'domain')) { 898 898 $row{domerr} = "You are not permitted to make changes to the requested domain"; 899 899 $row{domain} = $webvar{$_}; … … 925 925 next unless $_ =~ /^dom_\d+$/; 926 926 # second security check - does the user have permission to meddle with this domain? 927 if (!check_scope( $webvar{$_},'domain')) {927 if (!check_scope(id => $webvar{$_}, type => 'domain')) { 928 928 $row{domerr} = "You are not permitted to make changes to the requested domain"; 929 929 $row{domain} = $webvar{$_}; … … 952 952 next unless $_ =~ /^dom_\d+$/; 953 953 # second security check - does the user have permission to meddle with this domain? 954 if (!check_scope( $webvar{$_},'domain')) {954 if (!check_scope(id => $webvar{$_}, type => 'domain')) { 955 955 $row{domerr} = "You are not permitted to make changes to the requested domain"; 956 956 $row{domain} = $webvar{$_}; … … 1304 1304 1305 1305 # security check - does the user have permission to access this entity? 1306 if (!check_scope( $webvar{group},'group')) {1306 if (!check_scope(id => $webvar{group}, type => 'group')) { 1307 1307 $page->param(errmsg => "You are not permitted to import domains into the requested group"); 1308 1308 goto DONEAXFR; … … 2090 2090 # so simple when defined as a sub instead of inline. O_o 2091 2091 sub check_scope { 2092 my $entity = shift || ''; 2093 my $entype = shift || ''; 2092 my %args = @_; 2093 my $entity = $args{id} || 0; # prevent the shooting of feet with SQL "... intcolumn = '' ..." 2094 my $entype = $args{type} || ''; 2094 2095 2095 2096 if ($entype eq 'group') {
Note:
See TracChangeset
for help on using the changeset viewer.