Changeset 65 for trunk/dns.cgi

Timestamp:

11/25/10 16:26:08 (13 years ago)

Author:

Kris Deugau

Message:

/trunk

checkpoint, adding permissions/ACL support

File:

• trunk/dns.cgi (modified) (13 diffs)

trunk/dns.cgi

@@ -104 +104 @@
 if ($webvar{action}) {
   if ($webvar{action} eq 'login') {
+    # Snag ACL/permissions here too
     my $sth = $dbh->prepare("SELECT user_id,group_id,password,firstname,lastname FROM users WHERE username=?");
     $sth->execute($webvar{username});
@@ -118 +119 @@
     $session->param('logingroup',$gid);
     $session->param('curgroup',$gid);
+    $session->param('uid',$uid);
     $session->param('username',$webvar{username});
 
@@ -139 +141 @@
 } # handle global webvar{action}s
 
+initPermissions($dbh,$session->param('uid'));
 
 ## Default page is a login page
@@ -521 +524 @@
   $page->param(delgroupname => groupName($dbh, $webvar{id}));
 
+} elsif ($webvar{page} eq 'edgroup') {
+
+  if ($webvar{action} eq 'updperms') {
+    # extra safety check;  make sure user can't construct a URL to bypass ACLs
+    my %curperms;
+    getPermissions($dbh, 'group', $webvar{gid}, \%curperms);
+    foreach (('group_edit','group_create','group_delete',
+                'user_edit','user_create','user_delete',
+                'domain_edit','domain_create','domain_delete',
+                'record_edit','record_create','record_delete',
+                'self_edit')
+                ) {
+      $webvar{$_} = 0 if !defined($webvar{$_});
+      $webvar{$_} = 1 if $webvar{$_} eq 'on';
+push @debugbits, "$_ has changed: '$curperms{$_}' => '$webvar{$_}'<br>\n" if $curperms{$_} ne $webvar{$_};
+      if ($permissions{admin} || $permissions{$_}) {
+        if (($webvar{$_} eq 'on' && !$curperms{$_}) or
+                (!$webvar{$_} && $curperms{$_})) {
+          push @debugbits, '&nbsp;&nbsp;'."may update $_<br>\n";
+        }
+      }
+    }
+  }
+  $page->param(gid => $webvar{gid});
+  $page->param(grpmeddle => groupName($dbh, $webvar{gid}));
+  my %grpperms;
+  getPermissions($dbh, 'group', $webvar{gid}, \%grpperms);
+#  unless (0) {
+  foreach (('group_edit','group_create','group_delete',
+                'user_edit','user_create','user_delete',
+                'domain_edit','domain_create','domain_delete',
+                'record_edit','record_create','record_delete',
+                'self_edit')
+                ) {
+#push @debugbits, "$_ => admin? '$permissions{admin}' may_$_? '$permissions{$_}' group? '$grpperms{$_}'<br>\n";
+    $page->param("may_$_" => ($permissions{admin} || $permissions{$_}));
+    $page->param($_ => $grpperms{$_});
+  }
+#  }
+#  my %grpperms = getPermissions('group',$webvar{group});
+
 } elsif ($webvar{page} eq 'useradmin') {
 
@@ -535 +579 @@
   # foo?
   fill_actypelist();
+  fill_clonemelist();
 
 } elsif ($webvar{page} eq 'adduser') {
@@ -544 +589 @@
     $msg = "Passwords don't match";
   } else {
+# assemble a permission string - far simpler than trying to pass an
+# indeterminate set of permission flags individually
+my $permstring;
+if ($webvar{perms_type} eq 'custom') {
+  $permstring = 'C:,g:,u:,d:,r:';
+  $page->param(perm_custom => 1);
+} elsif ($webvar{perms_type} eq 'clone') {
+  $permstring = 'c:';
+  $page->param(perm_clone => 1);
+} else {
+  $permstring = 'i';
+#  $page->param(perm_inherit => 1);
+}
     ($code,$msg) = addUser($dbh,$webvar{uname}, $webvar{group}, $webvar{pass1},
         ($webvar{makeactive} eq 'on' ? 1 : 0), $webvar{accttype}, 
@@ -565 +623 @@
     $page->param(errmsg => $msg);
     fill_actypelist();
+    fill_clonemelist();
   }
 
@@ -585 +644 @@
       list_users($curgroup);
     } else {
-      # success.  go back to the domain list, do not pass "GO"
+      # success.  go back to the user list, do not pass "GO"
 ##log
       logaction(0, $session->param("username"), $webvar{group}, "Added domain $webvar{domain}");
@@ -594 +653 @@
     changepage(page => "useradmin");
   }
+
+} elsif ($webvar{page} eq 'edituser') {
 
 } elsif ($webvar{page} eq 'dnsq') {
@@ -781 +842 @@
   my $tmpgrplist = fill_grptree($logingroup,$curgroup);
   $page->param(grptree => $tmpgrplist);
-
+  $page->param(subs => ($tmpgrplist ? 1 : 0));  # probably not useful to pass gobs of data in for a boolean
   $page->param(inlogingrp => $curgroup == $logingroup);
 
@@ -848 +909 @@
   return if $#childlist == -1;
   my @grouplist;
+  my $foome = 0;
   foreach (@childlist) {
     my %row;
@@ -853 +915 @@
     $row{grpname} = "<b>$row{grpname}</b>" if $_ == $cur;
     $row{subs} = fill_grptree($_,$cur);
+    $row{last} = 1 if ++$foome > $#childlist;
     push @grouplist, \%row;
   }
@@ -990 +1053 @@
 
   $page->param(actypelist       => \@actypes);
+}
+
+sub fill_clonemelist {
+  my $sth = $dbh->prepare("SELECT username,user_id FROM users WHERE group_id=$curgroup");
+  $sth->execute;
+
+  my @clonesrc;
+  while (my ($username,$uid) = $sth->fetchrow_array) {
+    my %row = (
+        username => $username,
+        uid => $uid,
+        selected => ($webvar{clonesrc} == $uid ? 1 : 0)
+        );
+    push @clonesrc, \%row;
+  }
+  $page->param(clonesrc => \@clonesrc);
 }