Changeset 67 for trunk/dns.cgi


Ignore:
Timestamp:
11/30/10 18:01:27 (14 years ago)
Author:
Kris Deugau
Message:

/trunk

checkpoint
Add user ACL handling nearing function
Add user/edit user pages merged; they're next to identical anyway
Group list images tweaked with proper "alpha channel", CSS fiddled again

  • final arrangement will probably be a couple of small triangles; pointing right for an expandable group, down for an expanded one

Option to add user to a different group removed

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/dns.cgi

    r66 r67  
    571571  list_users();
    572572
     573} elsif ($webvar{page} eq 'user') {
     574
     575  fill_actypelist();
     576  fill_clonemelist();
     577  my %grpperms;
     578  getPermissions($dbh, 'group', $curgroup, \%grpperms);
     579  fill_permissions($page, \%grpperms);
     580  my $grppermlist = new HTML::Template(filename => "$templatedir/permlist.tmpl");
     581  my %noaccess;
     582  fill_permissions($grppermlist, \%grpperms, \%noaccess);
     583  $grppermlist->param(info => 1);
     584  $page->param(grpperms => $grppermlist->output);
     585  $page->param(is_admin => $permissions{admin});
     586
     587#  if ($webvar{action} eq 'new') {
     588#  } els
     589  if ($webvar{action} eq 'add') {
     590
     591    my ($code,$msg);
     592
     593    my $alterperms = 0; # flag iff we need to force custom permissions due to user's current access limits
     594
     595    if ($webvar{pass1} ne $webvar{pass2}) {
     596      $code = 'FAIL';
     597      $msg = "Passwords don't match";
     598    } else {
     599# assemble a permission string - far simpler than trying to pass an
     600# indeterminate set of permission flags individually
     601
     602# ooooh.
     603# OOOOH.
     604# We have to see if the user can add any particular permissions;  otherwise we have a priviledge escalation.  Whee.
     605
     606if (!$permissions{admin}) {
     607  my %grpperms;
     608  getPermissions($dbh, 'group', $curgroup, \%grpperms);
     609  my $ret = comparePermissions(\%permissions, \%grpperms);
     610  if ($ret ne '<' && $ret ne '!') {
     611    # User's permissions are not a superset or equivalent to group.  Can't inherit
     612    # (and include access user doesn't currently have), so we force custom.
     613    $webvar{perms_type} = 'custom';
     614    $alterperms = 1;
     615  }
     616}
     617##work
     618      my $permstring;
     619      if ($webvar{perms_type} eq 'custom') {
     620        $permstring = 'C:';
     621        foreach (@permtypes) {
     622          if ($permissions{admin}) {
     623            $permstring .= ",$_" if defined($webvar{$_}) && $webvar{$_} eq 'on';
     624          } else {
     625            $permstring .= ",$_" if $permissions{$_} && defined($webvar{$_}) && $webvar{$_} eq 'on';
     626          }
     627        }
     628        $page->param(perm_custom => 1);
     629      } elsif ($permissions{admin} && $webvar{perms_type} eq 'clone') {
     630        $permstring = "c:$webvar{clonesrc}";
     631        $page->param(perm_clone => 1);
     632      } else {
     633        $permstring = 'i';
     634      }
     635      ($code,$msg) = addUser($dbh,$webvar{uname}, $curgroup, $webvar{pass1},
     636        ($webvar{makeactive} eq 'on' ? 1 : 0), $webvar{accttype}, $permstring,
     637        $webvar{fname}, $webvar{lname}, $webvar{phone});
     638    }
     639
     640# hokay, a bit of magic to decide which page we hit.
     641    if ($code eq 'OK') {
     642##log
     643      logaction(0, $session->param("username"), $webvar{group},
     644        "Added user $webvar{uname} ($webvar{fname} $webvar{lname})");
     645      if ($alterperms) {
     646        changepage(page => "useradmin", warnmsg =>
     647                "You can only grant permissions you hold.  $webvar{uname} added with reduced access.");
     648      } else {
     649        changepage(page => "useradmin");
     650      }
     651id => $webvar{id}, defrec => $webvar{defrec}
     652    } else {
     653# oddity - apparently, xhtml 1.0 strict swallows username as an HTML::Template var.  O_o
     654      $page->param(add_failed => 1);
     655      $page->param(uname => $webvar{uname});
     656      $page->param(fname => $webvar{fname});
     657      $page->param(lname => $webvar{lname});
     658      $page->param(pass1 => $webvar{pass1});
     659      $page->param(pass2 => $webvar{pass2});
     660      $page->param(errmsg => $msg);
     661      fill_actypelist();
     662      fill_clonemelist();
     663    }
     664
     665  } elsif ($webvar{action} eq 'edit') {
     666  } elsif ($webvar{action} eq 'update') {
     667  } else {
     668    # default is "new"
     669  }
     670
    573671} elsif ($webvar{page} eq 'newuser') {
    574672
     
    576674  fill_actypelist();
    577675  fill_clonemelist();
     676
     677  my %grpperms;
     678  getPermissions($dbh, 'group', $curgroup, \%grpperms);
     679  fill_permissions($page, \%grpperms);
     680
     681  my $grppermlist = new HTML::Template(filename => "$templatedir/permlist.tmpl");
     682  my %noaccess;
     683  fill_permissions($grppermlist, \%grpperms, \%noaccess);
     684  $grppermlist->param(info => 1);
     685  $page->param(grpperms => $grppermlist->output);
    578686
    579687} elsif ($webvar{page} eq 'adduser') {
     
    14511559  my $template = shift; # may need to do several sets on a single page
    14521560  my $permset = shift;  # hashref to permissions on object
     1561  my $usercan = shift || \%permissions; # allow alternate user-is-allowed permission block
    14531562
    14541563  foreach (@permtypes) {
    1455     $template->param("may_$_" => ($permissions{admin} || $permissions{$_}));
     1564    $template->param("may_$_" => ($usercan->{admin} || $usercan->{$_}));
    14561565    $template->param($_ => $permset->{$_});
    14571566  }
Note: See TracChangeset for help on using the changeset viewer.