Changeset 65 for trunk/dns.cgi


Ignore:
Timestamp:
11/25/10 16:26:08 (14 years ago)
Author:
Kris Deugau
Message:

/trunk

checkpoint, adding permissions/ACL support

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/dns.cgi

    r64 r65  
    104104if ($webvar{action}) {
    105105  if ($webvar{action} eq 'login') {
     106    # Snag ACL/permissions here too
    106107    my $sth = $dbh->prepare("SELECT user_id,group_id,password,firstname,lastname FROM users WHERE username=?");
    107108    $sth->execute($webvar{username});
     
    118119    $session->param('logingroup',$gid);
    119120    $session->param('curgroup',$gid);
     121    $session->param('uid',$uid);
    120122    $session->param('username',$webvar{username});
    121123
     
    139141} # handle global webvar{action}s
    140142
     143initPermissions($dbh,$session->param('uid'));
    141144
    142145## Default page is a login page
     
    521524  $page->param(delgroupname => groupName($dbh, $webvar{id}));
    522525
     526} elsif ($webvar{page} eq 'edgroup') {
     527
     528  if ($webvar{action} eq 'updperms') {
     529    # extra safety check;  make sure user can't construct a URL to bypass ACLs
     530    my %curperms;
     531    getPermissions($dbh, 'group', $webvar{gid}, \%curperms);
     532    foreach (('group_edit','group_create','group_delete',
     533                'user_edit','user_create','user_delete',
     534                'domain_edit','domain_create','domain_delete',
     535                'record_edit','record_create','record_delete',
     536                'self_edit')
     537                ) {
     538      $webvar{$_} = 0 if !defined($webvar{$_});
     539      $webvar{$_} = 1 if $webvar{$_} eq 'on';
     540push @debugbits, "$_ has changed: '$curperms{$_}' => '$webvar{$_}'<br>\n" if $curperms{$_} ne $webvar{$_};
     541      if ($permissions{admin} || $permissions{$_}) {
     542        if (($webvar{$_} eq 'on' && !$curperms{$_}) or
     543                (!$webvar{$_} && $curperms{$_})) {
     544          push @debugbits, '&nbsp;&nbsp;'."may update $_<br>\n";
     545        }
     546      }
     547    }
     548  }
     549  $page->param(gid => $webvar{gid});
     550  $page->param(grpmeddle => groupName($dbh, $webvar{gid}));
     551  my %grpperms;
     552  getPermissions($dbh, 'group', $webvar{gid}, \%grpperms);
     553#  unless (0) {
     554  foreach (('group_edit','group_create','group_delete',
     555                'user_edit','user_create','user_delete',
     556                'domain_edit','domain_create','domain_delete',
     557                'record_edit','record_create','record_delete',
     558                'self_edit')
     559                ) {
     560#push @debugbits, "$_ => admin? '$permissions{admin}' may_$_? '$permissions{$_}' group? '$grpperms{$_}'<br>\n";
     561    $page->param("may_$_" => ($permissions{admin} || $permissions{$_}));
     562    $page->param($_ => $grpperms{$_});
     563  }
     564#  }
     565#  my %grpperms = getPermissions('group',$webvar{group});
     566
    523567} elsif ($webvar{page} eq 'useradmin') {
    524568
     
    535579  # foo?
    536580  fill_actypelist();
     581  fill_clonemelist();
    537582
    538583} elsif ($webvar{page} eq 'adduser') {
     
    544589    $msg = "Passwords don't match";
    545590  } else {
     591# assemble a permission string - far simpler than trying to pass an
     592# indeterminate set of permission flags individually
     593my $permstring;
     594if ($webvar{perms_type} eq 'custom') {
     595  $permstring = 'C:,g:,u:,d:,r:';
     596  $page->param(perm_custom => 1);
     597} elsif ($webvar{perms_type} eq 'clone') {
     598  $permstring = 'c:';
     599  $page->param(perm_clone => 1);
     600} else {
     601  $permstring = 'i';
     602#  $page->param(perm_inherit => 1);
     603}
    546604    ($code,$msg) = addUser($dbh,$webvar{uname}, $webvar{group}, $webvar{pass1},
    547605        ($webvar{makeactive} eq 'on' ? 1 : 0), $webvar{accttype},
     
    565623    $page->param(errmsg => $msg);
    566624    fill_actypelist();
     625    fill_clonemelist();
    567626  }
    568627
     
    585644      list_users($curgroup);
    586645    } else {
    587       # success.  go back to the domain list, do not pass "GO"
     646      # success.  go back to the user list, do not pass "GO"
    588647##log
    589648      logaction(0, $session->param("username"), $webvar{group}, "Added domain $webvar{domain}");
     
    594653    changepage(page => "useradmin");
    595654  }
     655
     656} elsif ($webvar{page} eq 'edituser') {
    596657
    597658} elsif ($webvar{page} eq 'dnsq') {
     
    781842  my $tmpgrplist = fill_grptree($logingroup,$curgroup);
    782843  $page->param(grptree => $tmpgrplist);
    783 
     844  $page->param(subs => ($tmpgrplist ? 1 : 0));  # probably not useful to pass gobs of data in for a boolean
    784845  $page->param(inlogingrp => $curgroup == $logingroup);
    785846
     
    848909  return if $#childlist == -1;
    849910  my @grouplist;
     911  my $foome = 0;
    850912  foreach (@childlist) {
    851913    my %row;
     
    853915    $row{grpname} = "<b>$row{grpname}</b>" if $_ == $cur;
    854916    $row{subs} = fill_grptree($_,$cur);
     917    $row{last} = 1 if ++$foome > $#childlist;
    855918    push @grouplist, \%row;
    856919  }
     
    9901053
    9911054  $page->param(actypelist       => \@actypes);
     1055}
     1056
     1057sub fill_clonemelist {
     1058  my $sth = $dbh->prepare("SELECT username,user_id FROM users WHERE group_id=$curgroup");
     1059  $sth->execute;
     1060
     1061  my @clonesrc;
     1062  while (my ($username,$uid) = $sth->fetchrow_array) {
     1063    my %row = (
     1064        username => $username,
     1065        uid => $uid,
     1066        selected => ($webvar{clonesrc} == $uid ? 1 : 0)
     1067        );
     1068    push @clonesrc, \%row;
     1069  }
     1070  $page->param(clonesrc => \@clonesrc);
    9921071}
    9931072
Note: See TracChangeset for help on using the changeset viewer.