- Timestamp:
- 12/02/11 15:37:10 (13 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/dns.cgi
r178 r179 766 766 } elsif ($webvar{page} eq 'newgrp') { 767 767 768 changepage(page => "grpman", errmsg => "You are not permitted to add groups" , id => $webvar{parentid})769 unless ($permissions{admin} || $permissions{group_ add});768 changepage(page => "grpman", errmsg => "You are not permitted to add groups") 769 unless ($permissions{admin} || $permissions{group_create}); 770 770 771 771 # do.. uhh.. stuff.. if we have no webvar{action} 772 772 if ($webvar{action} && $webvar{action} eq 'add') { 773 774 # security check - does the user have permission to access this entity? 775 if (!check_scope(id => $webvar{pargroup}, type => 'group')) { 776 changepage(page => "grpman", errmsg => "You are not permitted to add a group to the requested parent group"); 777 } 778 773 779 my %newperms; 780 my $alterperms = 0; 774 781 foreach (@permtypes) { 775 782 $newperms{$_} = 0; 776 $newperms{$_} = (defined($webvar{$_}) && $webvar{$_} eq 'on' ? 1 : 0); 783 if ($permissions{admin} || $permissions{$_}) { 784 $newperms{$_} = (defined($webvar{$_}) && $webvar{$_} eq 'on' ? 1 : 0); 785 } else { 786 $alterperms = 1; 787 } 777 788 } 778 789 # not gonna provide the 4th param: template-or-clone flag, just yet … … 780 791 if ($code eq 'OK') { 781 792 logaction(0, $session->param("username"), $webvar{pargroup}, "Added group $webvar{newgroup}"); 782 changepage(page => "grpman"); 793 if ($alterperms) { 794 changepage(page => "grpman", warnmsg => 795 "You can only grant permissions you hold. New group $webvar{newgroup} added with reduced access."); 796 } else { 797 changepage(page => "grpman", resultmsg => "Added group $webvar{newgroup}"); 798 } 783 799 } 784 800 # no point in doing extra work … … 801 817 unless ($permissions{admin} || $permissions{group_delete}); 802 818 819 # security check - does the user have permission to access this entity? 820 if (!check_scope(id => $webvar{id}, type => 'group')) { 821 changepage(page => "grpman", errmsg => "You are not permitted to delete the requested group"); 822 } 823 803 824 $page->param(id => $webvar{id}); 804 825 # first pass = confirm y/n (sorta) … … 839 860 changepage(page => "grpman", errmsg => "You are not permitted to edit groups") 840 861 unless ($permissions{admin} || $permissions{group_edit}); 862 863 # security check - does the user have permission to access this entity? 864 if (!check_scope(id => $webvar{gid}, type => 'group')) { 865 changepage(page => "grpman", errmsg => "You are not permitted to edit the requested group"); 866 } 841 867 842 868 if ($webvar{action} eq 'updperms') {
Note:
See TracChangeset
for help on using the changeset viewer.