Changeset 66 for trunk/dns.cgi

Timestamp:

11/26/10 17:43:34 (13 years ago)

Author:

Kris Deugau

Message:

/trunk

Basic group permissions editing functional - enforcing is trivial

• add group now adds the permissions entry. TBD: permission inheritance
• edit group Does The Right Thing(TM) - either editing the existing entry, or converting an inherited permission group to a separate one. still needs to rewrite subgroup and contained user inherited permissions
• the HTML permissions table rows have been moved. edit-user should pick this up, and will require calling the template explicitly so as to show both the default and custom permissions.
• the list of individual permissions have been moved to a list in DNSDB.pm code that refers to this should not assume any given length - this makes adding new permission types (somewhat) easier

Tweak menu group-tree CSS (again) add some (broken) images

• this should probalby revert to an earlier setup that uses an image as the <li> bullet point rather than pushing the text to the right, since many (most?) nodes will usually be leaf nodes

HTML changes not validated

File:

• trunk/dns.cgi (modified) (4 diffs)

trunk/dns.cgi

@@ -476 +476 @@
   if ($webvar{action} && $webvar{action} eq 'add') {
         # not gonna provide the 4th param: template-or-clone flag, just yet
-    my ($code,$msg) = addGroup($dbh, $webvar{newgroup}, $webvar{pargroup});
+    my %newperms;
+    foreach (@permtypes) {
+      $newperms{$_} = 0;
+      $newperms{$_} = 1 if $webvar{$_} eq 'on';
+    }
+    my ($code,$msg) = addGroup($dbh, $webvar{newgroup}, $webvar{pargroup}, \%newperms);
     if ($code eq 'OK') {
       logaction(0, $session->param("username"), $webvar{pargroup}, "Added group $webvar{newgroup}");
       changepage(page => "grpman");
     }
+    # no point in doing extra work
+    fill_permissions($page, \%newperms);
     $page->param(add_failed => 1);
     $page->param(errmsg => $msg);
     $page->param(newgroup => $webvar{newgroup});
-     fill_grouplist('pargroup',$webvar{pargroup});
+    fill_grouplist('pargroup',$webvar{pargroup});
   } else {
 #    $page->param
-     fill_grouplist('pargroup',$curgroup);
-
+    fill_grouplist('pargroup',$curgroup);
+  # fill default permissions with immediate parent's current ones
+    my %parperms;
+    getPermissions($dbh, 'group', $curgroup, \%parperms);
+    fill_permissions($page, \%parperms);
   }
 
@@ -530 +540 @@
     my %curperms;
     getPermissions($dbh, 'group', $webvar{gid}, \%curperms);
-    foreach (('group_edit','group_create','group_delete',
-                'user_edit','user_create','user_delete',
-                'domain_edit','domain_create','domain_delete',
-                'record_edit','record_create','record_delete',
-                'self_edit')
-                ) {
+    my %chperms;
+    foreach (@permtypes) {
       $webvar{$_} = 0 if !defined($webvar{$_});
       $webvar{$_} = 1 if $webvar{$_} eq 'on';
-push @debugbits, "$_ has changed: '$curperms{$_}' => '$webvar{$_}'<br>\n" if $curperms{$_} ne $webvar{$_};
-      if ($permissions{admin} || $permissions{$_}) {
-        if (($webvar{$_} eq 'on' && !$curperms{$_}) or
-                (!$webvar{$_} && $curperms{$_})) {
-          push @debugbits, '&nbsp;&nbsp;'."may update $_<br>\n";
-        }
-      }
-    }
+      $chperms{$_} = $webvar{$_} if $curperms{$_} ne $webvar{$_};
+    }
+    my ($code,$msg) = changePermissions($dbh, 'group', $webvar{gid}, \%chperms);
+    if ($code eq 'OK') {
+      logaction(0, $session->param("username"), $webvar{gid}, "Changed default permissions in group $webvar{gid}");
+      changepage(page => "grpman");
+    }
+    # no point in doing extra work
+    fill_permissions($page, \%chperms);
+    $page->param(errmsg => $msg);
   }
   $page->param(gid => $webvar{gid});
@@ -551 +559 @@
   my %grpperms;
   getPermissions($dbh, 'group', $webvar{gid}, \%grpperms);
-#  unless (0) {
-  foreach (('group_edit','group_create','group_delete',
-                'user_edit','user_create','user_delete',
-                'domain_edit','domain_create','domain_delete',
-                'record_edit','record_create','record_delete',
-                'self_edit')
-                ) {
-#push @debugbits, "$_ => admin? '$permissions{admin}' may_$_? '$permissions{$_}' group? '$grpperms{$_}'<br>\n";
-    $page->param("may_$_" => ($permissions{admin} || $permissions{$_}));
-    $page->param($_ => $grpperms{$_});
-  }
-#  }
-#  my %grpperms = getPermissions('group',$webvar{group});
+  fill_permissions($page, \%grpperms);
 
 } elsif ($webvar{page} eq 'useradmin') {
@@ -1450 +1446 @@
   ##fixme:  really need to do a little more error handling, I think
 } # end parentID()
+
+# we have to do this in a variety of places;  let's make it consistent
+sub fill_permissions {
+  my $template = shift; # may need to do several sets on a single page
+  my $permset = shift;  # hashref to permissions on object
+
+  foreach (@permtypes) {
+    $template->param("may_$_" => ($permissions{admin} || $permissions{$_}));
+    $template->param($_ => $permset->{$_});
+  }
+}