Changeset 280 for branches/privdata/cgi-bin/main.cgi

Timestamp:

09/16/05 17:21:57 (19 years ago)

Author:

Kris Deugau

Message:

/branches/privdata

Add support for editing/viewing "private"/restricted-access
data field for allocations and static IPs.

New ACL entry: s for systems/networking

SQL tabledefs updated.

File:

• branches/privdata/cgi-bin/main.cgi (modified) (7 diffs)

branches/privdata/cgi-bin/main.cgi

@@ -904 +904 @@
   # because I'm lazy, we'll try to make the SELECT's bring out identical)ish) data
   if ($webvar{block} =~ /\/32$/) {
-    $sql = "select ip,custid,type,city,circuitid,description,notes,modifystamp from poolips where ip='$webvar{block}'";
+    $sql = "select ip,custid,type,city,circuitid,description,notes,modifystamp,privdata from poolips where ip='$webvar{block}'";
   } else {
-    $sql = "select cidr,custid,type,city,circuitid,description,notes,modifystamp from allocations where cidr='$webvar{block}'"
+    $sql = "select cidr,custid,type,city,circuitid,description,notes,modifystamp,privdata from allocations where cidr='$webvar{block}'"
   }
 
@@ -971 +971 @@
   my $i=1;
 
+  # Check to see if we can display sensitive data
+  my $privdata = '';
+  if ($IPDBacl{$authuser} =~ /s/) {
+    $privdata = qq(<tr class="color).($i%2).qq("><td class=heading>Restricted data:</td>).
+        qq(<td class=regular><textarea rows="3" cols="64" name="privdata" class="regular">).
+        qq($data[8]</textarea></td></tr>\n);
+    $i++;
+  }
+  $html =~ s/\$\$PRIVDATA\$\$/$privdata/g;
+
   # More ACL trickery - we can live with forms that don't submit,
   # but we can't leave the extra table rows there, and we *really*
@@ -976 +986 @@
   my $updok = '';
   if ($IPDBacl{$authuser} =~ /c/) {
-    $updok = qq(<tr class="color$i"><td colspan=2><div class="center">).
+    $updok = qq(<tr class="color).($i%2).qq("><td colspan=2><div class="center">).
         qq(<input type="submit" value=" Update this block " class="regular">).
         "</div></td></tr></form>\n";
@@ -986 +996 @@
   if ($IPDBacl{$authuser} =~ /d/) {
     $delok = qq(<form method="POST" action="main.cgi">
-        <tr class="color$i"><td colspan=2 class="regular"><div class=center>
+        <tr class="color).($i%2).qq("><td colspan=2 class="regular"><div class=center>
         <input type="hidden" name="action" value="delete">
         <input type="hidden" name="block" value="$webvar{block}">
@@ -1003 +1013 @@
 # action=update
 sub update {
+  if ($IPDBacl{$authuser} !~ /c/) {
+    printError("You shouldn't have been able to get here.  Access denied.");
+    return;
+  }
+
+  # Check to see if we can update restricted data
+  my $privdata = '';
+  if ($IPDBacl{$authuser} =~ /s/) {
+    $privdata = ",privdata='$webvar{privdata}'";
+  }
 
   # Make sure incoming data is in correct format - custID among other things.
@@ -1013 +1033 @@
     if (my $pooltype = ($webvar{alloctype} =~ /^(.)i$/) ) {
       $sql = "update poolips set custid='$webvar{custid}',notes='$webvar{notes}',".
-        "circuitid='$webvar{circid}',description='$webvar{desc}',city='$webvar{city}' ".
-        "where ip='$webvar{block}'";
+        "circuitid='$webvar{circid}',description='$webvar{desc}',city='$webvar{city}'".
+        "$privdata where ip='$webvar{block}'";
     } else {
       $sql = "update allocations set custid='$webvar{custid}',".
         "description='$webvar{desc}',notes='$webvar{notes}',city='$webvar{city}',".
-        "type='$webvar{alloctype}',circuitid='$webvar{circid}' where cidr='$webvar{block}'";
+        "type='$webvar{alloctype}',circuitid='$webvar{circid}'$privdata ".
+        "where cidr='$webvar{block}'";
     }
     # Log the details of the change.
@@ -1054 +1075 @@
   $html =~ s/\$\$NOTES\$\$/$webvar{notes}/g;
 
+  if ($IPDBacl{$authuser} =~ /s/) {
+    $privdata = qq(<tr class="color2"><td valign="top">Restricted data:</td>).
+        qq(<td class="regular">).desanitize($webvar{privdata}).qq(</td></tr>\n);
+  }
+  $html =~ s/\$\$PRIVDATA\$\$/$privdata/g;
+
   print $html;