Changeset 66 for trunk/DNSDB.pm


Ignore:
Timestamp:
11/26/10 17:43:34 (13 years ago)
Author:
Kris Deugau
Message:

/trunk

Basic group permissions editing functional - enforcing is trivial

  • add group now adds the permissions entry. TBD: permission inheritance
  • edit group Does The Right Thing(TM) - either editing the existing entry, or converting an inherited permission group to a separate one. still needs to rewrite subgroup and contained user inherited permissions
  • the HTML permissions table rows have been moved. edit-user should pick this up, and will require calling the template explicitly so as to show both the default and custom permissions.
  • the list of individual permissions have been moved to a list in DNSDB.pm code that refers to this should not assume any given length - this makes adding new permission types (somewhat) easier

Tweak menu group-tree CSS (again) add some (broken) images

  • this should probalby revert to an earlier setup that uses an image as the <li> bullet point rather than pushing the text to the right, since many (most?) nodes will usually be leaf nodes

HTML changes not validated

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/DNSDB.pm

    r65 r66  
    2525@ISA            = qw(Exporter);
    2626@EXPORT_OK      = qw(
    27         &initGlobals &initPermissions &getPermissions
     27        &initGlobals &initPermissions &getPermissions &changePermissions
    2828        &connectDB &finish
    2929        &addDomain &delDomain &domainName
     
    3434        &domStatus &importAXFR
    3535        %typemap %reverse_typemap
    36         %permissions
     36        %permissions @permtypes $permlist
    3737        );
    3838
    3939@EXPORT         = (); # Export nothing by default.
    4040%EXPORT_TAGS    = ( ALL => [qw(
    41                 &initGlobals &initPermissions &getPermissions
     41                &initGlobals &initPermissions &getPermissions &changePermissions
    4242                &connectDB &finish
    4343                &addDomain &delDomain &domainName
     
    4848                &domStatus &importAXFR
    4949                %typemap %reverse_typemap
    50                 %permissions
     50                %permissions @permtypes $permlist
    5151                )]
    5252        );
     
    6666        ttl     10800
    6767);
     68
     69# Arguably defined wholly in the db, but little reason to change without supporting code changes
     70our @permtypes = qw (
     71        group_edit      group_create    group_delete
     72        user_edit       user_create     user_delete
     73        domain_edit     domain_create   domain_delete
     74        record_edit     record_create   record_delete
     75        self_edit       admin
     76);
     77our $permlist = join(',',@permtypes);
    6878
    6979# DNS record type map and reverse map.
     
    235245  my $newperms = shift;
    236246
     247my $failmsg = '';
     248
    237249  # see if we're switching from inherited to custom
    238   my $sth = $dbh->prepare("SELECT (u.permission_id=g.permission_id) AS was_inherited".
     250  my $sth = $dbh->prepare("SELECT (u.permission_id=g.permission_id) AS was_inherited,u.permission_id".
    239251        " FROM ".($type eq 'user' ? 'users' : 'groups')." u ".
    240         " JOIN groups g ON u.group_id=g.group_id ".
     252        " JOIN groups g ON u.".($type eq 'user' ? '' : 'parent_')."group_id=g.group_id ".
    241253        " WHERE u.".($type eq 'user' ? 'user' : 'group')."_id=?");
    242254  $sth->execute($id);
     255
     256  my ($wasinherited,$permid) = $sth->fetchrow_array;
     257
     258  local $dbh->{AutoCommit} = 0;
     259  local $dbh->{RaiseError} = 1;
     260
     261  # Wrap all the SQL in a transaction
     262  eval {
     263    if ($wasinherited) {
     264$failmsg = "wasinherited: '$wasinherited'";
     265die "don't wanna add perms where we don't need to";
     266##fixme: need to add semirecursive bit to properly munge inherited permission ID on subgroups and users
     267## FIXME:  need to fiddle permissions table to track back to users or groups table
     268      my $sql = "INSERT INTO permissions ($permlist) ".
     269        "SELECT $permlist FROM permissions WHERE permission_id=?";
     270      $sth = $dbh->prepare($sql);
     271      $sth->execute($permid);
     272      $sth = $dbh->prepare("SELECT permission_id FROM ".($type eq 'user' ? 'users' : 'groups').
     273        " WHERE ".($type eq 'user' ? 'user' : 'group')."_id=?");
     274      $sth->execute($id);
     275      ($permid) = $sth->fetchrow_array;
     276    }
     277    foreach (@permtypes) {
     278      if (defined ($newperms->{$_})) {
     279        $sth = $dbh->prepare("UPDATE permissions SET $_=? WHERE permission_id=?");
     280        $sth->execute($newperms->{$_},$permid);
     281      }
     282    }
     283    $dbh->commit;
     284  }; # end eval
     285  if ($@) {
     286    my $msg = $@;
     287    eval { $dbh->rollback; };
     288    return ('FAIL',"$failmsg: $msg");
     289  } else {
     290    return ('OK',$permid);
     291  }
    243292
    244293} # end changePermissions()
     
    379428## DNSDB::addGroup()
    380429# Add a group
    381 # Takes a database handle, group name, parent group, and template-vs-cloneme flag
     430# Takes a database handle, group name, parent group, hashref for permissions,
     431# and optional template-vs-cloneme flag
    382432# Returns a status code and message
    383433sub addGroup {
     
    386436  my $groupname = shift;
    387437  my $pargroup = shift;
    388 
    389   # 0 indicates "template", hardcoded.
     438  my $permissions = shift;
     439
     440  # 0 indicates "custom", hardcoded.
    390441  # Any other value clones that group's default records, if it exists.
    391   my $torc = shift || 0;       
     442  my $inherit = shift || 0;     
     443##fixme:  need a flag to indicate clone records or <?> ?
    392444
    393445  # Allow transactions, and raise an exception on errors so we can catch it later.
     
    414466    my ($groupid) = $sth->fetchrow_array();
    415467
     468# Permissions
     469    if ($inherit) {
     470    } else {
     471      my @permvals;
     472      foreach (@permtypes) {
     473        if (!defined ($permissions->{$_})) {
     474          push @permvals, 0;
     475        } else {
     476          push @permvals, $permissions->{$_};
     477        }
     478      }
     479
     480      $sth = $dbh->prepare("INSERT INTO permissions (group_id,$permlist) values (?".',?'x($#permtypes+1).")");
     481      $sth->execute($groupid,@permvals);
     482
     483      $sth = $dbh->prepare("SELECT permission_id FROM permissions WHERE group_id=?");
     484      $sth->execute($groupid);
     485      my ($permid) = $sth->fetchrow_array();
     486
     487      $dbh->do("UPDATE groups SET permission_id=$permid WHERE group_id=$groupid");
     488    } # done permission fiddling
     489
     490# Default records
    416491    $sth = $dbh->prepare("INSERT INTO default_records (group_id,host,type,val,distance,weight,port,ttl) ".
    417492        "VALUES ($groupid,?,?,?,?,?,?,?)");
    418     if ($torc) {
     493    if ($inherit) {
     494##fixme:  fixme!
    419495      my $sth2 = $dbh->prepare("SELECT host,type,val,distance,weight,port,ttl FROM default_records WHERE group_id=?");
    420496      while (my @clonedata = $sth2->fetchrow_array) {
     
    422498      }
    423499    } else {
     500##fixme: Hardcoding is Bad, mmmmkaaaay?
    424501      # reasonable basic defaults for SOA, MX, NS, and minimal hosting
    425502      # could load from a config file, but somewhere along the line we need hardcoded bits.
Note: See TracChangeset for help on using the changeset viewer.