Index: trunk/dns.cgi =================================================================== --- trunk/dns.cgi (revision 371) +++ trunk/dns.cgi (revision 374) @@ -1344,6 +1344,6 @@ } elsif ($webvar{page} eq 'loclist') { -# changepage(page => "domlist", errmsg => "You are not allowed access to this function") -# unless $permissions{admin} || $permissions{ foo? }; + changepage(page => "domlist", errmsg => "You are not allowed access to this function") + unless $permissions{admin} || $permissions{location_view}; # security check - does the user have permission to access this entity? @@ -1354,9 +1354,60 @@ # Permissions! - $page->param(addloc => $permissions{admin} || $permissions{loc_create}); - $page->param(delloc => $permissions{admin} || $permissions{loc_delete}); + $page->param(addloc => $permissions{admin} || $permissions{location_create}); + $page->param(delloc => $permissions{admin} || $permissions{location_delete}); } elsif ($webvar{page} eq 'location') { + changepage(page => "domlist", errmsg => "You are not allowed access to this function") + unless $permissions{admin} || $permissions{location_view}; + + # security check - does the user have permission to access this entity? +# if (!check_scope(id => $webvar{id}, type => 'loc')) { +# changepage(page => "loclist", errmsg => "You are not permitted to the requested location/view"); +# } + + if ($webvar{locact} eq 'new') { + + } elsif ($webvar{locact} eq 'add') { + changepage(page => "loclist", errmsg => "You are not permitted to add locations/views", id => $webvar{parentid}) + unless ($permissions{admin} || $permissions{location_create}); + +##work + my ($code,$msg) = addLocation($dbh, $webvar{parentid}, $webvar{locname}, $webvar{iplist}); + + if ($code eq 'OK' || $code eq 'WARN') { + my %pageparams = (page => "loclist", id => $webvar{parentid}, + defrec => $webvar{defrec}, revrec => $webvar{revrec}); + $pageparams{warnmsg} = $msg."

\n".$DNSDB::resultstr if $code eq 'WARN'; + $pageparams{resultmsg} = $DNSDB::resultstr if $code eq 'OK'; + changepage(%pageparams); + } else { + $page->param(failed => 1); + $page->param(errmsg => $msg); + $page->param(wastrying => "adding"); + $page->param(todo => "Add location/view"); + $page->param(locact => "add"); + $page->param(parentid => $webvar{parentid}); + $page->param(id => $webvar{id}); + fill_recdata(); # populate the form... er, mostly. + } + + } elsif ($webvar{locact} eq 'edit') { + changepage(page => "loclist", errmsg => "You are not permitted to edit locations/views", id => $webvar{parentid}) + unless ($permissions{admin} || $permissions{location_edit}); + } elsif ($webvar{locact} eq 'update') { + changepage(page => "loclist", errmsg => "You are not permitted to edit locations/views", id => $webvar{parentid}) + unless ($permissions{admin} || $permissions{location_edit}); + } else { + changepage(page => "loclist", errmsg => "You are not permitted to add locations/views", id => $webvar{parentid}) + unless ($permissions{admin} || $permissions{location_create}); + + $page->param(todo => "Add location/view"); + $page->param(locact => "add"); + $page->param(parentid => $webvar{parentid}); + + $page->param(locname => ($webvar{locname} ? $webvar{locname} : '')); + $page->param(iplist => ($webvar{iplist} ? $webvar{iplist} : '')); + } } elsif ($webvar{page} eq 'dnsq') { @@ -1594,4 +1645,5 @@ ##common bits +# mostly things in the menu if ($webvar{page} ne 'login' && $webvar{page} ne 'badpage') { $page->param(username => $session->param("username")); @@ -1604,5 +1656,6 @@ ##fixme $page->param(mayrdns => 1); - $page->param(mayloc => 1); + + $page->param(mayloc => ($permissions{admin} || $permissions{loc_view})); $page->param(maydefrec => $permissions{admin});