Changeset 83


Ignore:
Timestamp:
02/25/11 17:56:25 (14 years ago)
Author:
Kris Deugau
Message:

/trunk

Checkpoint; partial completion of user editing.

  • general user metadata, username, and password can be changed
  • permissions need to be clarified. Also affects group permission editing to some degree.
Location:
trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/DNSDB.pm

    r78 r83  
    3030        &addDomain &delDomain &domainName
    3131        &addGroup &delGroup &getChildren &groupName
    32         &addUser &delUser &userFullName &userStatus
     32        &addUser &updateUser &delUser &userFullName &userStatus &getUserData
    3333        &getSOA &getRecLine &getDomRecs
    3434        &addRec &updateRec &delRec
     
    4545                &addDomain &delDomain &domainName
    4646                &addGroup &delGroup &getChildren &groupName
    47                 &addUser &delUser &userFullName &userStatus
     47                &addUser &updateUser &delUser &userFullName &userStatus &getUserData
    4848                &getSOA &getRecLine &getDomRecs
    4949                &addRec &updateRec &delRec
     
    753753
    754754
     755## DNSDB:: updateUser()
     756#
     757sub updateUser {
     758  my $dbh = shift;
     759  my $uid = shift;
     760  my $username = shift;
     761  my $group = shift;
     762  my $pass = shift;
     763  my $state = shift;
     764  my $type = shift;
     765  my $fname = shift || $username;
     766  my $lname = shift || '';
     767  my $phone = shift || '';      # not going format-check
     768
     769  my $failmsg = '';
     770
     771  # Allow transactions, and raise an exception on errors so we can catch it later.
     772  # Use local to make sure these get "reset" properly on exiting this block
     773  local $dbh->{AutoCommit} = 0;
     774  local $dbh->{RaiseError} = 1;
     775
     776  my $sth;
     777
     778  # Password can be left blank;  if so we assume there's one on file.
     779  # Actual blank passwords are bad, mm'kay?
     780  if (!$pass) {
     781    $sth = $dbh->prepare("SELECT password FROM users WHERE user_id=?");
     782    $sth->execute($uid);
     783    ($pass) = $sth->fetchrow_array;
     784  } else {
     785    $pass = unix_md5_crypt($pass);
     786  }
     787
     788  eval {
     789    my $sth = $dbh->prepare(q(
     790        UPDATE users
     791        SET username=?, password=?, firstname=?, lastname=?, phone=?, type=?, status=?
     792        WHERE user_id=?
     793        )
     794      );
     795    $sth->execute($username, $pass, $fname, $lname, $phone, $type, $state, $uid);
     796    $dbh->commit;
     797  };
     798  if ($@) {
     799    my $msg = $@;
     800    eval { $dbh->rollback; };
     801    return ('FAIL',"$failmsg: $msg");
     802  } else {
     803    return ('OK','OK');
     804  }
     805} # end updateUser()
     806
     807
    755808## DNSDB::delUser()
    756809#
     
    826879  return $status;
    827880} # end userStatus()
     881
     882
     883## DNSDB::getUserData()
     884# Get misc user data for display
     885sub getUserData {
     886  my $dbh = shift;
     887  my $uid = shift;
     888
     889  my $sth = $dbh->prepare("SELECT group_id,username,firstname,lastname,phone,type,status,inherit_perm ".
     890        "FROM users WHERE user_id=?");
     891  $sth->execute($uid);
     892  return $sth->fetchrow_hashref();
     893
     894} # end getUserData()
    828895
    829896
  • trunk/dns.cgi

    r80 r83  
    1919use Net::DNS;
    2020use DBI;
     21use Data::Dumper;
    2122
    2223use lib '.';
     
    592593} elsif ($webvar{page} eq 'user') {
    593594
    594   fill_actypelist();
     595  #fill_actypelist($webvar{accttype});
    595596  fill_clonemelist();
    596597  my %grpperms;
    597598  getPermissions($dbh, 'group', $curgroup, \%grpperms);
    598   fill_permissions($page, \%grpperms);
     599
    599600  my $grppermlist = new HTML::Template(filename => "$templatedir/permlist.tmpl");
    600601  my %noaccess;
     
    602603  $grppermlist->param(info => 1);
    603604  $page->param(grpperms => $grppermlist->output);
     605
    604606  $page->param(is_admin => $permissions{admin});
    605607
    606 #  if ($webvar{action} eq 'new') {
    607 #  } els
    608   if ($webvar{action} eq 'add') {
     608  if ($webvar{action} eq 'add' or $webvar{action} eq 'update') {
     609
     610    $page->param(add => 1) if $webvar{action} eq 'add';
    609611
    610612    my ($code,$msg);
    611613
    612614    my $alterperms = 0; # flag iff we need to force custom permissions due to user's current access limits
     615    my %newperms;
    613616
    614617    if ($webvar{pass1} ne $webvar{pass2}) {
     
    616619      $msg = "Passwords don't match";
    617620    } else {
    618 # assemble a permission string - far simpler than trying to pass an
    619 # indeterminate set of permission flags individually
    620 
    621 # ooooh.
    622 # OOOOH.
    623 # We have to see if the user can add any particular permissions;  otherwise we have a priviledge escalation.  Whee.
    624 
    625 if (!$permissions{admin}) {
    626   my %grpperms;
    627   getPermissions($dbh, 'group', $curgroup, \%grpperms);
    628   my $ret = comparePermissions(\%permissions, \%grpperms);
    629   if ($ret ne '<' && $ret ne '!') {
    630     # User's permissions are not a superset or equivalent to group.  Can't inherit
    631     # (and include access user doesn't currently have), so we force custom.
    632     $webvar{perms_type} = 'custom';
    633     $alterperms = 1;
    634   }
    635 }
    636 ##work
     621
     622      # assemble a permission string - far simpler than trying to pass an
     623      # indeterminate set of permission flags individually
     624
     625      # But first, we have to see if the user can add any particular
     626      # permissions;  otherwise we have a priviledge escalation.  Whee.
     627
     628      if (!$permissions{admin}) {
     629        my %grpperms;
     630        getPermissions($dbh, 'group', $curgroup, \%grpperms);
     631        my $ret = comparePermissions(\%permissions, \%grpperms);
     632        if ($ret ne '<' && $ret ne '!') {
     633          # User's permissions are not a superset or equivalent to group.  Can't inherit
     634          # (and include access user doesn't currently have), so we force custom.
     635          $webvar{perms_type} = 'custom';
     636          $alterperms = 1;
     637        }
     638      }
     639
    637640      my $permstring;
    638641      if ($webvar{perms_type} eq 'custom') {
    639642        $permstring = 'C:';
    640643        foreach (@permtypes) {
     644          $newperms{$_} = 0;
     645          $newperms{$_} = 1 if $webvar{$_} eq 'on';
    641646          if ($permissions{admin}) {
    642647            $permstring .= ",$_" if defined($webvar{$_}) && $webvar{$_} eq 'on';
     
    652657        $permstring = 'i';
    653658      }
    654       ($code,$msg) = addUser($dbh,$webvar{uname}, $curgroup, $webvar{pass1},
    655         ($webvar{makeactive} eq 'on' ? 1 : 0), $webvar{accttype}, $permstring,
    656         $webvar{fname}, $webvar{lname}, $webvar{phone});
    657     }
    658 
    659 # hokay, a bit of magic to decide which page we hit.
     659      if ($webvar{action} eq 'add') {
     660        ($code,$msg) = addUser($dbh, $webvar{uname}, $curgroup, $webvar{pass1},
     661                ($webvar{makeactive} eq 'on' ? 1 : 0), $webvar{accttype}, $permstring,
     662                $webvar{fname}, $webvar{lname}, $webvar{phone});
     663      } else {
     664# User update is icky.  I'd really like to do this in one atomic
     665# operation, but that would duplicate a **lot** of code in DNSDB.pm
     666        # Allowing for changing group, but not coding web support just yet.
     667        ($code,$msg) = updateUser($dbh, $webvar{uid}, $webvar{uname}, $webvar{gid}, $webvar{pass1},
     668                ($webvar{makeactive} eq 'on' ? 1 : 0), $webvar{accttype},
     669                $webvar{fname}, $webvar{lname}, $webvar{phone});
     670        if ($code eq 'OK') {
     671##fixme - need to actually get a correct permission set to pass in here,
     672# also a flag to revert custom permissions to inherited
     673##work
     674          ($code,$msg) = changePermissions($dbh, 'user', $webvar{uid}, \%newperms);
     675        }
     676      }
     677    }
     678
    660679    if ($code eq 'OK') {
    661 ##log
     680
    662681      logaction(0, $session->param("username"), $webvar{group},
    663         "Added user $webvar{uname} ($webvar{fname} $webvar{lname})");
     682        ($webvar{action} eq 'add' ? 'Added' : 'Updated')." user $webvar{uname} ($webvar{fname} $webvar{lname})");
    664683      if ($alterperms) {
    665684        changepage(page => "useradmin", warnmsg =>
    666                 "You can only grant permissions you hold.  $webvar{uname} added with reduced access.");
     685                "You can only grant permissions you hold.  $webvar{uname} ".
     686                ($webvar{action} eq 'add' ? 'added' : 'updated')." with reduced access.");
    667687      } else {
    668688        changepage(page => "useradmin");
    669689      }
     690
     691    # add/update failed:
    670692    } else {
    671 # oddity - apparently, xhtml 1.0 strict swallows username as an HTML::Template var.  O_o
    672693      $page->param(add_failed => 1);
     694      $page->param(action => $webvar{action});
     695      $page->param(set_permgroup => 1);
    673696      $page->param(uname => $webvar{uname});
    674697      $page->param(fname => $webvar{fname});
     
    677700      $page->param(pass2 => $webvar{pass2});
    678701      $page->param(errmsg => $msg);
    679       fill_actypelist();
     702      fill_permissions($page, \%newperms);
     703      fill_actypelist($webvar{accttype});
    680704      fill_clonemelist();
    681705    }
    682706
    683707  } elsif ($webvar{action} eq 'edit') {
    684   } elsif ($webvar{action} eq 'update') {
     708
     709    $page->param(set_permgroup => 1);
     710    $page->param(action => 'update');
     711    $page->param(uid => $webvar{user});
     712    fill_clonemelist();
     713
     714    my $userinfo = getUserData($dbh,$webvar{user});
     715    fill_actypelist($userinfo->{type});
     716    # not using this yet, but adding it now means we can *much* more easily do so later.
     717    $page->param(gid => $webvar{group_id});
     718
     719    my %curperms;
     720    getPermissions($dbh, 'user', $webvar{user}, \%curperms);
     721    fill_permissions($page, \%curperms);
     722
     723    $page->param(uname => $userinfo->{username});
     724    $page->param(fname => $userinfo->{firstname});
     725    $page->param(lname => $userinfo->{lastname});
     726    if ($userinfo->{inherit_perm}) {
     727      $page->param(perm_inherit => 1);
     728    } else {
     729      $page->param(perm_custom => 1);
     730    }
     731
     732#  } elsif ($webvar{action} eq 'update') {
    685733  } else {
    686734    # default is "new"
     735    $page->param(add => 1);
     736    $page->param(action => 'add');
     737    fill_permissions($page, \%grpperms);
     738    fill_actypelist();
    687739  }
    688740
     
    744796    $page->param(pass2 => $webvar{pass2});
    745797    $page->param(errmsg => $msg);
    746     fill_actypelist();
     798    fill_actypelist($webvar{accttype});
    747799    fill_clonemelist();
    748800  }
     
    11681220
    11691221sub fill_actypelist {
     1222  my $curtype = shift || 'u';
     1223
    11701224  my @actypes;
    11711225
    11721226  my %row1 = (actypeval => 'u', actypename => 'user');
    1173   $row1{typesel} = 1 if $webvar{accttype} eq 'u';
     1227  $row1{typesel} = 1 if $curtype eq 'u';
    11741228  push @actypes, \%row1;
    11751229
    11761230  my %row2 = (actypeval => 'S', actypename => 'superuser');
    1177   $row2{typesel} = 1 if $webvar{accttype} eq 'S';
     1231  $row2{typesel} = 1 if $curtype eq 'S';
    11781232  push @actypes, \%row2;
    11791233
    1180   $page->param(actypelist       => \@actypes);
     1234  $page->param(actypelist => \@actypes);
    11811235}
    11821236
Note: See TracChangeset for help on using the changeset viewer.