Changeset 319 for trunk/dns.cgi
- Timestamp:
- 04/26/12 17:25:09 (13 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/dns.cgi
r318 r319 286 286 } # handle global webvar{action}s 287 287 288 # finally check if the user was disabled. we could just leave this for logout/session expiry, 289 # but if they keep the session active they'll continue to have access long after being disabled. :/ 290 # Treat it as a session expiry. 291 if ($session->param('uid') && !userStatus($dbh, $session->param('uid')) ) { 292 $sid = ''; 293 $session->delete; # force expiry of the session Right Away 294 $session->flush; # make sure it hits storage 295 changepage(page=> "login", sessexpired => 1); 296 } 297 288 298 # Misc Things To Do on most pages 289 299 initPermissions($dbh, $session->param('uid')); … … 1089 1099 $flag = 1 if isParent($dbh, $_, 'group', $webvar{id}, 'user'); 1090 1100 } 1091 if ($flag && ($permissions{admin} || $permissions{user_edit})) { 1101 if ($flag && ($permissions{admin} || $permissions{user_edit} || 1102 ($permissions{self_edit} && $webvar{id} == $session->param('uid')) )) { 1092 1103 my $stat = userStatus($dbh,$webvar{id},$webvar{userstatus}); 1093 1104 $page->param(resultmsg => $DNSDB::resultstr); … … 1202 1213 } else { 1203 1214 changepage(page => "useradmin", errmsg => "You do not have permission to edit users") 1204 unless $permissions{admin} || $permissions{user_edit}; 1215 unless $permissions{admin} || $permissions{user_edit} || 1216 ($permissions{self_edit} && $session->param('uid') == $webvar{uid}); 1205 1217 # security check - does the user have permission to access this entity? 1206 1218 if (!check_scope(id => $webvar{user}, type => 'user')) { … … 1259 1271 1260 1272 changepage(page => "useradmin", errmsg => "You do not have permission to edit users") 1261 unless $permissions{admin} || $permissions{user_edit}; 1273 unless $permissions{admin} || $permissions{user_edit} || 1274 ($permissions{self_edit} && $session->param('uid') == $webvar{user}); 1262 1275 1263 1276 # security check - does the user have permission to access this entity? … … 2082 2095 $row{bg} = ($rownum++)%2; 2083 2096 $row{sid} = $sid; 2084 $row{eduser} = ($permissions{admin} || $permissions{user_edit}); 2085 $row{deluser} = ($permissions{admin} || $permissions{user_delete}); 2097 $row{eduser} = ($permissions{admin} || 2098 ($permissions{user_edit} && $data[3] ne 'S') || 2099 ($permissions{self_edit} && $data[0] == $session->param('uid')) ); 2100 $row{deluser} = ($permissions{admin} || ($permissions{user_delete} && $data[3] ne 'S')); 2086 2101 push @userlist, \%row; 2087 2102 }
Note:
See TracChangeset
for help on using the changeset viewer.