Changeset 244 for trunk/dns.cgi
- Timestamp:
- 02/24/12 17:59:45 (13 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/dns.cgi
r243 r244 429 429 430 430 # security check - does the user have permission to view this entity? 431 if (!check_scope(id => $webvar{id}, type => ($webvar{defrec} eq 'y' ? 'group' : 'domain'))) { 431 if (!check_scope(id => $webvar{id}, type => 432 ($webvar{defrec} eq 'y' ? 'group' : ($webvar{revrec} eq 'y' ? 'revzone' : 'domain')))) { 432 433 $page->param(errmsg => "You are not permitted to view or change the requested ". 433 ($webvar{defrec} eq 'y' ? "group's default records" : "domain's records")); 434 ($webvar{defrec} eq 'y' ? "group's default records" : 435 ($webvar{revrec} eq 'y' ? "reverse zone's records" : "domain's records"))); 434 436 $page->param(perm_err => 1); # this causes the template to skip the record listing output. 435 437 goto DONERECLIST; # and now we skip filling in the content which is not printed due to perm_err above … … 520 522 521 523 # security check - does the user have permission to access this entity? 522 if (!check_scope(id => $webvar{id}, type => ($webvar{defrec} eq 'y' ? 'defrec' : 'record'))) { 524 if (!check_scope(id => $webvar{id}, type => 525 ($webvar{defrec} eq 'y' ? ($webvar{revrec eq 'y' ? 'defrevrec' : 'defrec') : 'record'))) { 523 526 $page->param(perm_err => "You are not permitted to edit the requested record"); 524 527 goto DONEREC; 525 528 } 526 529 # round 2, check the parent. 527 if (!check_scope(id => $webvar{parentid}, type => ($webvar{defrec} eq 'y' ? 'group' : 'domain'))) { 530 if (!check_scope(id => $webvar{parentid}, type => 531 ($webvar{defrec} eq 'y' ? 'group' : ($webvar{revrec} eq 'y' ? 'revzone' : 'domain')))) { 528 532 my $msg = ($webvar{defrec} eq 'y' ? 529 533 "You are not permitted to add or edit default records in the requested group" : 530 "You are not permitted to add or edit records in the requested domain ");534 "You are not permitted to add or edit records in the requested domain/zone"); 531 535 $page->param(perm_err => $msg); 532 536 goto DONEREC; … … 696 700 697 701 changepage(page => "reclist", errmsg => "You are not permitted to delete records", id => $webvar{parentid}, 698 revrec => $webvar{revrec})702 defrec => $webvar{defrec}, revrec => $webvar{revrec}) 699 703 unless ($permissions{admin} || $permissions{record_delete}); 700 704 701 if (!check_scope(id => $webvar{id}, type => ($webvar{defrec} eq 'y' ? 'group' : 'domain'))) { 705 if (!check_scope(id => $webvar{id}, type => 706 ($webvar{defrec} eq 'y' ? ($webvar{revrec} eq 'y' ? 'defrevrec' : 'defrec') : 'record'))) { 707 # redirect to domlist because we don't have permission for the entity requested 702 708 changepage(page => 'domlist', errmsg => "You do not have permission to delete records in the requested ". 703 709 ($webvar{defrec} eq 'y' ? 'group' : 'domain')); … … 753 759 754 760 # security check - does the user have permission to view this entity? 755 if (!check_scope(id => $webvar{id}, type => ($webvar{defrec} eq 'y' ? 'group' : 'domain'))) { 761 # id is domain/revzone/group id 762 if (!check_scope(id => $webvar{id}, type => 763 ($webvar{defrec} eq 'y' ? 'group' : ($webvar{revrec} eq 'y' ? 'revzone' : 'domain'))) { 756 764 changepage(page => 'domlist', errmsg => "You do not have permission to edit the ". 757 765 ($webvar{defrec} eq 'y' ? 'default ' : '')."SOA record for the requested ". … … 773 781 # security check - does the user have permission to view this entity? 774 782 # pass 1, record ID 775 if (!check_scope(id => $webvar{recid}, type => ($webvar{defrec} eq 'y' ? 'defrec' : 'record'))) { 783 if (!check_scope(id => $webvar{recid}, type => 784 ($webvar{defrec} eq 'y' ? ($webvar{revrec} eq 'y' ? 'defrevrec' : 'defrec') : 'record'))) { 776 785 changepage(page => 'domlist', errmsg => "You do not have permission to edit the requested SOA record"); 777 786 } 778 787 # pass 2, parent (group or domain) ID 779 if (!check_scope(id => $webvar{id}, type => ($webvar{defrec} eq 'y' ? 'group' : 'domain'))) { 788 if (!check_scope(id => $webvar{id}, type => 789 ($webvar{defrec} eq 'y' ? 'group' : ($webvar{revrec} eq 'y' ? 'revzone' : 'domain')))) { 780 790 changepage(page => 'domlist', errmsg => "You do not have permission to edit the ". 781 791 ($webvar{defrec} eq 'y' ? 'default ' : '')."SOA record for the requested ".
Note:
See TracChangeset
for help on using the changeset viewer.