Changeset 66
- Timestamp:
- 11/26/10 17:43:34 (14 years ago)
- Location:
- trunk
- Files:
-
- 4 added
- 7 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/DNSDB.pm
r65 r66 25 25 @ISA = qw(Exporter); 26 26 @EXPORT_OK = qw( 27 &initGlobals &initPermissions &getPermissions 27 &initGlobals &initPermissions &getPermissions &changePermissions 28 28 &connectDB &finish 29 29 &addDomain &delDomain &domainName … … 34 34 &domStatus &importAXFR 35 35 %typemap %reverse_typemap 36 %permissions 36 %permissions @permtypes $permlist 37 37 ); 38 38 39 39 @EXPORT = (); # Export nothing by default. 40 40 %EXPORT_TAGS = ( ALL => [qw( 41 &initGlobals &initPermissions &getPermissions 41 &initGlobals &initPermissions &getPermissions &changePermissions 42 42 &connectDB &finish 43 43 &addDomain &delDomain &domainName … … 48 48 &domStatus &importAXFR 49 49 %typemap %reverse_typemap 50 %permissions 50 %permissions @permtypes $permlist 51 51 )] 52 52 ); … … 66 66 ttl 10800 67 67 ); 68 69 # Arguably defined wholly in the db, but little reason to change without supporting code changes 70 our @permtypes = qw ( 71 group_edit group_create group_delete 72 user_edit user_create user_delete 73 domain_edit domain_create domain_delete 74 record_edit record_create record_delete 75 self_edit admin 76 ); 77 our $permlist = join(',',@permtypes); 68 78 69 79 # DNS record type map and reverse map. … … 235 245 my $newperms = shift; 236 246 247 my $failmsg = ''; 248 237 249 # see if we're switching from inherited to custom 238 my $sth = $dbh->prepare("SELECT (u.permission_id=g.permission_id) AS was_inherited ".250 my $sth = $dbh->prepare("SELECT (u.permission_id=g.permission_id) AS was_inherited,u.permission_id". 239 251 " FROM ".($type eq 'user' ? 'users' : 'groups')." u ". 240 " JOIN groups g ON u. group_id=g.group_id ".252 " JOIN groups g ON u.".($type eq 'user' ? '' : 'parent_')."group_id=g.group_id ". 241 253 " WHERE u.".($type eq 'user' ? 'user' : 'group')."_id=?"); 242 254 $sth->execute($id); 255 256 my ($wasinherited,$permid) = $sth->fetchrow_array; 257 258 local $dbh->{AutoCommit} = 0; 259 local $dbh->{RaiseError} = 1; 260 261 # Wrap all the SQL in a transaction 262 eval { 263 if ($wasinherited) { 264 $failmsg = "wasinherited: '$wasinherited'"; 265 die "don't wanna add perms where we don't need to"; 266 ##fixme: need to add semirecursive bit to properly munge inherited permission ID on subgroups and users 267 ## FIXME: need to fiddle permissions table to track back to users or groups table 268 my $sql = "INSERT INTO permissions ($permlist) ". 269 "SELECT $permlist FROM permissions WHERE permission_id=?"; 270 $sth = $dbh->prepare($sql); 271 $sth->execute($permid); 272 $sth = $dbh->prepare("SELECT permission_id FROM ".($type eq 'user' ? 'users' : 'groups'). 273 " WHERE ".($type eq 'user' ? 'user' : 'group')."_id=?"); 274 $sth->execute($id); 275 ($permid) = $sth->fetchrow_array; 276 } 277 foreach (@permtypes) { 278 if (defined ($newperms->{$_})) { 279 $sth = $dbh->prepare("UPDATE permissions SET $_=? WHERE permission_id=?"); 280 $sth->execute($newperms->{$_},$permid); 281 } 282 } 283 $dbh->commit; 284 }; # end eval 285 if ($@) { 286 my $msg = $@; 287 eval { $dbh->rollback; }; 288 return ('FAIL',"$failmsg: $msg"); 289 } else { 290 return ('OK',$permid); 291 } 243 292 244 293 } # end changePermissions() … … 379 428 ## DNSDB::addGroup() 380 429 # Add a group 381 # Takes a database handle, group name, parent group, and template-vs-cloneme flag 430 # Takes a database handle, group name, parent group, hashref for permissions, 431 # and optional template-vs-cloneme flag 382 432 # Returns a status code and message 383 433 sub addGroup { … … 386 436 my $groupname = shift; 387 437 my $pargroup = shift; 388 389 # 0 indicates "template", hardcoded. 438 my $permissions = shift; 439 440 # 0 indicates "custom", hardcoded. 390 441 # Any other value clones that group's default records, if it exists. 391 my $torc = shift || 0; 442 my $inherit = shift || 0; 443 ##fixme: need a flag to indicate clone records or <?> ? 392 444 393 445 # Allow transactions, and raise an exception on errors so we can catch it later. … … 414 466 my ($groupid) = $sth->fetchrow_array(); 415 467 468 # Permissions 469 if ($inherit) { 470 } else { 471 my @permvals; 472 foreach (@permtypes) { 473 if (!defined ($permissions->{$_})) { 474 push @permvals, 0; 475 } else { 476 push @permvals, $permissions->{$_}; 477 } 478 } 479 480 $sth = $dbh->prepare("INSERT INTO permissions (group_id,$permlist) values (?".',?'x($#permtypes+1).")"); 481 $sth->execute($groupid,@permvals); 482 483 $sth = $dbh->prepare("SELECT permission_id FROM permissions WHERE group_id=?"); 484 $sth->execute($groupid); 485 my ($permid) = $sth->fetchrow_array(); 486 487 $dbh->do("UPDATE groups SET permission_id=$permid WHERE group_id=$groupid"); 488 } # done permission fiddling 489 490 # Default records 416 491 $sth = $dbh->prepare("INSERT INTO default_records (group_id,host,type,val,distance,weight,port,ttl) ". 417 492 "VALUES ($groupid,?,?,?,?,?,?,?)"); 418 if ($torc) { 493 if ($inherit) { 494 ##fixme: fixme! 419 495 my $sth2 = $dbh->prepare("SELECT host,type,val,distance,weight,port,ttl FROM default_records WHERE group_id=?"); 420 496 while (my @clonedata = $sth2->fetchrow_array) { … … 422 498 } 423 499 } else { 500 ##fixme: Hardcoding is Bad, mmmmkaaaay? 424 501 # reasonable basic defaults for SOA, MX, NS, and minimal hosting 425 502 # could load from a config file, but somewhere along the line we need hardcoded bits. -
trunk/dns.cgi
r65 r66 476 476 if ($webvar{action} && $webvar{action} eq 'add') { 477 477 # not gonna provide the 4th param: template-or-clone flag, just yet 478 my ($code,$msg) = addGroup($dbh, $webvar{newgroup}, $webvar{pargroup}); 478 my %newperms; 479 foreach (@permtypes) { 480 $newperms{$_} = 0; 481 $newperms{$_} = 1 if $webvar{$_} eq 'on'; 482 } 483 my ($code,$msg) = addGroup($dbh, $webvar{newgroup}, $webvar{pargroup}, \%newperms); 479 484 if ($code eq 'OK') { 480 485 logaction(0, $session->param("username"), $webvar{pargroup}, "Added group $webvar{newgroup}"); 481 486 changepage(page => "grpman"); 482 487 } 488 # no point in doing extra work 489 fill_permissions($page, \%newperms); 483 490 $page->param(add_failed => 1); 484 491 $page->param(errmsg => $msg); 485 492 $page->param(newgroup => $webvar{newgroup}); 486 493 fill_grouplist('pargroup',$webvar{pargroup}); 487 494 } else { 488 495 # $page->param 489 fill_grouplist('pargroup',$curgroup); 490 496 fill_grouplist('pargroup',$curgroup); 497 # fill default permissions with immediate parent's current ones 498 my %parperms; 499 getPermissions($dbh, 'group', $curgroup, \%parperms); 500 fill_permissions($page, \%parperms); 491 501 } 492 502 … … 530 540 my %curperms; 531 541 getPermissions($dbh, 'group', $webvar{gid}, \%curperms); 532 foreach (('group_edit','group_create','group_delete', 533 'user_edit','user_create','user_delete', 534 'domain_edit','domain_create','domain_delete', 535 'record_edit','record_create','record_delete', 536 'self_edit') 537 ) { 542 my %chperms; 543 foreach (@permtypes) { 538 544 $webvar{$_} = 0 if !defined($webvar{$_}); 539 545 $webvar{$_} = 1 if $webvar{$_} eq 'on'; 540 push @debugbits, "$_ has changed: '$curperms{$_}' => '$webvar{$_}'<br>\n" if $curperms{$_} ne $webvar{$_}; 541 if ($permissions{admin} || $permissions{$_}) { 542 if (($webvar{$_} eq 'on' && !$curperms{$_}) or 543 (!$webvar{$_} && $curperms{$_})) { 544 push @debugbits, ' '."may update $_<br>\n"; 545 } 546 } 547 } 546 $chperms{$_} = $webvar{$_} if $curperms{$_} ne $webvar{$_}; 547 } 548 my ($code,$msg) = changePermissions($dbh, 'group', $webvar{gid}, \%chperms); 549 if ($code eq 'OK') { 550 logaction(0, $session->param("username"), $webvar{gid}, "Changed default permissions in group $webvar{gid}"); 551 changepage(page => "grpman"); 552 } 553 # no point in doing extra work 554 fill_permissions($page, \%chperms); 555 $page->param(errmsg => $msg); 548 556 } 549 557 $page->param(gid => $webvar{gid}); … … 551 559 my %grpperms; 552 560 getPermissions($dbh, 'group', $webvar{gid}, \%grpperms); 553 # unless (0) { 554 foreach (('group_edit','group_create','group_delete', 555 'user_edit','user_create','user_delete', 556 'domain_edit','domain_create','domain_delete', 557 'record_edit','record_create','record_delete', 558 'self_edit') 559 ) { 560 #push @debugbits, "$_ => admin? '$permissions{admin}' may_$_? '$permissions{$_}' group? '$grpperms{$_}'<br>\n"; 561 $page->param("may_$_" => ($permissions{admin} || $permissions{$_})); 562 $page->param($_ => $grpperms{$_}); 563 } 564 # } 565 # my %grpperms = getPermissions('group',$webvar{group}); 561 fill_permissions($page, \%grpperms); 566 562 567 563 } elsif ($webvar{page} eq 'useradmin') { … … 1450 1446 ##fixme: really need to do a little more error handling, I think 1451 1447 } # end parentID() 1448 1449 # we have to do this in a variety of places; let's make it consistent 1450 sub fill_permissions { 1451 my $template = shift; # may need to do several sets on a single page 1452 my $permset = shift; # hashref to permissions on object 1453 1454 foreach (@permtypes) { 1455 $template->param("may_$_" => ($permissions{admin} || $permissions{$_})); 1456 $template->param($_ => $permset->{$_}); 1457 } 1458 } -
trunk/templates/addgroup.tmpl
r18 r66 1 1 <TMPL_IF add_failed> 2 <TMPL_INCLUDE NAME="new domain.tmpl">2 <TMPL_INCLUDE NAME="newgrp.tmpl"> 3 3 <TMPL_ELSE> 4 4 <TMPL_INCLUDE NAME="grpman.tmpl"> -
trunk/templates/dns.css
r65 r66 164 164 /* Need to find a way to vertically centre the plus image on the text. >:( */ 165 165 li.hassub { 166 background-image: url('../images/ fwd.png');166 background-image: url('../images/plus.png'); 167 167 background-repeat: no-repeat; 168 168 background-position: 0px 1px; 169 padding-left: 1 0px;169 padding-left: 14px; 170 170 //list-style: none outside url('../images/fwd.png'); 171 margin-left: 0px;171 margin-left: -12px; 172 172 } 173 173 li.leaf { 174 174 //list-style: none outside none; 175 175 //margin-left: 0px; 176 } 177 li.lastinlvl { 178 background-image: url('../images/ASC.png'); 176 background-image: url('../images/midleaf.png'); 179 177 background-repeat: no-repeat; 180 178 background-position: 0px 1px; 181 padding-left: 10px; 182 //list-style: none outside url('../images/fwd.png'); 183 margin-left: 0px; 179 padding-left: 14px; 180 margin-left: -12px; 181 } 182 li.lastinlvl { 183 background-image: url('../images/lastleaf.png'); 184 background-repeat: no-repeat; 185 background-position: 0px 1px; 186 padding-left: 14px; 187 //list-style: none outside url('../images/lastleaf.png'); 188 margin-left: -12px; 184 189 } 185 190 ul.grptree { 186 191 list-style-type: none; 187 192 padding: 0px; 188 margin : 0px;193 margin-left: 14px; 189 194 } 190 195 #grptree { … … 246 251 border-right: thin solid #000000; 247 252 margin-right: 5px; 248 padding: 3px;253 padding: 5px; 249 254 } 250 255 #soadetail { -
trunk/templates/edgroup.tmpl
r65 r66 4 4 5 5 <td align="center"> 6 7 <TMPL_IF msg>8 </TMPL_IF>9 6 10 7 <form action="dns.cgi" method="post"> … … 16 13 17 14 <table class="border" border="0" cellspacing="5" cellpadding="0"> 15 <TMPL_IF errmsg><tr> 16 <td class="errhead" colspan="4">Error updating group <TMPL_VAR NAME=grpmeddle>: <TMPL_VAR NAME=errmsg></td> 17 </tr></TMPL_IF> 18 18 <tr> 19 19 <th align="center" colspan="5">Default permissions for group <TMPL_VAR NAME=grpmeddle></th> … … 22 22 <td align="center" colspan="5" class="border">By default, users of this group will inherit the following privileges:</td> 23 23 </tr> 24 <tr> 25 <td align="right">Group:</td> 26 <td<TMPL_UNLESS may_group_edit> class="noaccess"</TMPL_UNLESS>><input type="checkbox" name="group_edit"<TMPL_IF group_edit> checked="checked"</TMPL_IF><TMPL_UNLESS may_group_edit> disabled="disabled"</TMPL_UNLESS> /> Edit</td> 27 <td<TMPL_UNLESS may_group_create> class="noaccess"</TMPL_UNLESS>><input type="checkbox" name="group_create"<TMPL_IF group_create> checked="checked"</TMPL_IF><TMPL_UNLESS may_group_create> disabled="disabled"</TMPL_UNLESS> /> Create</td> 28 <td<TMPL_UNLESS may_group_delete> class="noaccess"</TMPL_UNLESS>><input type="checkbox" name="group_delete"<TMPL_IF group_delete> checked="checked"</TMPL_IF><TMPL_UNLESS may_group_delete> disabled="disabled"</TMPL_UNLESS> /> Delete</td> </tr> 29 <tr> 30 <td align="right">User:</td> 31 <td<TMPL_UNLESS may_user_edit> class="noaccess"</TMPL_UNLESS>><input type="checkbox" name="user_edit"<TMPL_IF user_edit> checked="checked"</TMPL_IF><TMPL_UNLESS may_user_edit> disabled="disabled"</TMPL_UNLESS> /> Edit</td> 32 <td<TMPL_UNLESS may_user_create> class="noaccess"</TMPL_UNLESS>><input type="checkbox" name="user_create"<TMPL_IF user_create> checked="checked"</TMPL_IF><TMPL_UNLESS may_user_create> disabled="disabled"</TMPL_UNLESS> /> Create</td> 33 <td<TMPL_UNLESS may_user_delete> class="noaccess"</TMPL_UNLESS>><input type="checkbox" name="user_delete"<TMPL_IF user_delete> checked="checked"</TMPL_IF><TMPL_UNLESS may_user_delete> disabled="disabled"</TMPL_UNLESS> /> Delete</td> 34 </tr> 35 <tr> 36 <td align="right">Domain:</td> 37 <td<TMPL_UNLESS may_domain_edit> class="noaccess"</TMPL_UNLESS>><input type="checkbox" name="domain_edit"<TMPL_IF domain_edit> checked="checked"</TMPL_IF><TMPL_UNLESS may_domain_edit> disabled="disabled"</TMPL_UNLESS> /> Edit</td> 38 <td<TMPL_UNLESS may_domain_create> class="noaccess"</TMPL_UNLESS>><input type="checkbox" name="domain_create"<TMPL_IF domain_create> checked="checked"</TMPL_IF><TMPL_UNLESS may_domain_create> disabled="disabled"</TMPL_UNLESS> /> Create</td> 39 <td<TMPL_UNLESS may_domain_delete> class="noaccess"</TMPL_UNLESS>><input type="checkbox" name="domain_delete"<TMPL_IF domain_delete> checked="checked"</TMPL_IF><TMPL_UNLESS may_domain_delete> disabled="disabled"</TMPL_UNLESS> /> Delete</td> 40 <!-- td class="noaccess"> - Delegate [fixme: WTF?]</td --> 41 </tr> 42 <tr> 43 <td align="right">Domain Record:</td> 44 <td<TMPL_UNLESS may_record_edit> class="noaccess"</TMPL_UNLESS>><input type="checkbox" name="record_edit"<TMPL_IF record_edit> checked="checked"</TMPL_IF><TMPL_UNLESS may_record_edit> disabled="disabled"</TMPL_UNLESS> /> Edit</td> 45 <td<TMPL_UNLESS may_record_create> class="noaccess"</TMPL_UNLESS>><input type="checkbox" name="record_create"<TMPL_IF record_create> checked="checked"</TMPL_IF><TMPL_UNLESS may_record_create> disabled="disabled"</TMPL_UNLESS> /> Create</td> 46 <td<TMPL_UNLESS may_record_delete> class="noaccess"</TMPL_UNLESS>><input type="checkbox" name="record_delete"<TMPL_IF record_delete> checked="checked"</TMPL_IF><TMPL_UNLESS may_record_delete> disabled="disabled"</TMPL_UNLESS> /> Delete</td> 47 <!-- td class="noaccess"> - Delegate</td --> 48 </tr> 49 <tr> 50 <td align="right">Self:</td> 51 <td<TMPL_UNLESS may_self_edit> class="noaccess"</TMPL_UNLESS>><input type="checkbox" name="self_edit"<TMPL_IF self_edit> checked="checked"</TMPL_IF><TMPL_UNLESS may_self_edit> disabled="disabled"</TMPL_UNLESS> /> Edit</td> 52 </tr> 24 <TMPL_INCLUDE name="permlist.tmpl"> 53 25 <tr> 54 26 <td colspan="6" align="center"><input type="submit" value="edit" /></td> -
trunk/templates/grptree.tmpl
r65 r66 1 1 <ul> 2 <TMPL_LOOP NAME=treelvl><li class="<TMPL_IF NAME=subs>hassub<TMPL_ELSE>leaf</TMPL_IF><TMPL_IF last> lastinlvl</TMPL_IF>"><TMPL_VAR NAME=grpname>2 <TMPL_LOOP NAME=treelvl><li class="<TMPL_IF last>lastinlvl </TMPL_IF><TMPL_IF NAME=subs>hassub<TMPL_ELSE>leaf</TMPL_IF>"><TMPL_VAR NAME=grpname> 3 3 <TMPL_VAR NAME=subs></li> 4 4 </TMPL_LOOP></ul> -
trunk/templates/newgrp.tmpl
r38 r66 15 15 <tr><td> 16 16 <table border="0" cellspacing="2" cellpadding="2" width="100%"> 17 <TMPL_IF add_failed> <tr><td class="errhead" colspan=" 2">Error adding group <TMPL_VAR NAME=newgroup>: <TMPL_VAR NAME=errmsg></td></tr></TMPL_IF>18 <tr class="darkrowheader"><td colspan=" 2" align="center">Add Group</td></tr>17 <TMPL_IF add_failed> <tr><td class="errhead" colspan="4">Error adding group <TMPL_VAR NAME=newgroup>: <TMPL_VAR NAME=errmsg></td></tr></TMPL_IF> 18 <tr class="darkrowheader"><td colspan="4" align="center">Add Group</td></tr> 19 19 20 20 <tr class="datalinelight"> 21 <td >Group Name:</td>22 <td align="left" ><input type="text" name="newgroup" value="<TMPL_VAR NAME=newgroup>" /></td>21 <td colspan=2>Group Name:</td> 22 <td align="left" colspan=2><input type="text" name="newgroup" value="<TMPL_VAR NAME=newgroup>" /></td> 23 23 </tr> 24 24 <tr class="datalinelight"> 25 <td >Add as subgroup of:</td>26 <td ><select name="pargroup">25 <td colspan=2>Add as subgroup of:</td> 26 <td colspan=2><select name="pargroup"> 27 27 <TMPL_LOOP name=pargroup> <option value="<TMPL_VAR NAME=groupval>"<TMPL_IF groupactive> selected="selected"</TMPL_IF>><TMPL_VAR name=groupname></option> 28 28 </TMPL_LOOP> 29 29 </select></td> 30 30 </tr> 31 <tr><td colspan="2" align="center"><input type="submit" value="Add group" /></td></tr> 32 <tr><td colspan="2">tmp note: radio button select "group template" vs "clone group"?</td></tr> 31 <tr class="darkrowheader border"> 32 <td colspan="4" align="center">Default permissions for users created in this group:</td> 33 </tr> 34 <TMPL_INCLUDE name="permlist.tmpl"> 35 <tr class="darkrowheader"> 36 <td colspan="4" align="center"><input type="submit" value="Add group" /></td> 37 </tr> 38 <tr><td colspan="4">tmp note: radio button select "group template" vs "clone group"?</td></tr> 33 39 </table> 34 40 </td>
Note:
See TracChangeset
for help on using the changeset viewer.