Changeset 284 for trunk/cgi-bin


Ignore:
Timestamp:
09/21/05 16:30:31 (19 years ago)
Author:
Kris Deugau
Message:

/trunk

Merge /branches/privdata r278:283 (with notable exception of
281, already committed to trunk) to /trunk
Merge is clean.

Location:
trunk/cgi-bin
Files:
4 edited

Legend:

Unmodified
Added
Removed
  • trunk/cgi-bin/IPDB.pm

    r256 r284  
    184184# Does all of the magic of actually allocating a netblock
    185185# Requires database handle, block to allocate, custid, type, city,
    186 #       description, notes, circuit ID, block to allocate from,
     186#       description, notes, circuit ID, block to allocate from, private data
    187187# Returns a success code and optional error message.
    188188sub allocateBlock {
    189   my ($dbh,undef,undef,$custid,$type,$city,$desc,$notes,$circid) = @_;
    190  
     189  my ($dbh,undef,undef,$custid,$type,$city,$desc,$notes,$circid,$privdata) = @_;
     190
    191191  my $cidr = new NetAddr::IP $_[1];
    192192  my $alloc_from = new NetAddr::IP $_[2];
     
    220220      $sth = $dbh->prepare("update poolips set custid='$custid',".
    221221        "city='$city',available='n',description='$desc',notes='$notes',".
    222         "circuitid='$circid'".
     222        "circuitid='$circid',privdata='$privdata'".
    223223        " where ip='$cidr'");
    224224      $sth->execute;
     
    263263          }
    264264          $sth = $dbh->prepare("insert into allocations".
    265                 " (cidr,custid,type,city,description,notes,maskbits,circuitid)".
     265                " (cidr,custid,type,city,description,notes,maskbits,circuitid,privdata)".
    266266                " values ('$cidr','$custid','$type','$city','$desc','$notes',".
    267                 $cidr->masklen.",'$circid')");
     267                $cidr->masklen.",'$circid','$privdata')");
    268268          $sth->execute;
    269269
     
    361361          # Insert the allocations entry
    362362          $sth = $dbh->prepare("insert into allocations (cidr,custid,type,city,".
    363                 "description,notes,maskbits,circuitid)".
     363                "description,notes,maskbits,circuitid,privdata)".
    364364                " values ('$cidr','$custid','$type','$city','$desc','$notes',".
    365                 $cidr->masklen.",'$circid')");
     365                $cidr->masklen.",'$circid','$privdata')");
    366366          $sth->execute;
    367367
  • trunk/cgi-bin/admin.cgi

    r259 r284  
    285285
    286286  print "<hr>Users with access:\n<table border=1>\n";
     287  print "<tr><td></td><td align=center colspan=3>General access</td></tr>\n";
    287288  print "<tr><td>Username</td><td>Add new</td><td>Change</td>".
    288         "<td>Delete</td><td>Admin user</td></tr>\n".
     289        "<td>Delete</td><td>Systems/Networking</td><td>Admin user</td></tr>\n".
    289290        "<form action=admin.cgi method=POST>\n";
    290291  $sth = $ip_dbh->prepare("select username,acl from users order by username");
     
    298299        "></td><td><input type=checkbox name=change".($data[1] =~ /c/ ? ' checked=y' : '').
    299300        "></td><td><input type=checkbox name=del".($data[1] =~ /d/ ? ' checked=y' : '').
     301        "></td><td><input type=checkbox name=sysnet".($data[1] =~ /s/ ? ' checked=y' : '').
    300302        "></td><td><input type=checkbox name=admin".($data[1] =~ /A/ ? ' checked=y' : '').
    301303        qq(></td><td><input type=submit value="Update"></td></form>\n).
     
    310312  my $acl = 'b';
    311313  if ($webvar{admin} eq 'on') {
    312     $acl .= "acdA";
     314    $acl .= "acdsA";
    313315  } else {
    314316    $acl .= ($webvar{add} eq 'on' ? 'a' : '').
    315317        ($webvar{change} eq 'on' ? 'c' : '').
    316         ($webvar{del} eq 'on' ? 'd' : '');
     318        ($webvar{del} eq 'on' ? 'd' : '').
     319        ($webvar{sysnet} eq 'on' ? 's' : '');
    317320  }
    318321  print "New ACL: $acl<br>\n";
  • trunk/cgi-bin/ipdb.psql

    r257 r284  
    7171        "description" character varying(64) DEFAULT '' NOT NULL,
    7272        "circuitid" character varying(128) DEFAULT '' NOT NULL,
     73        "privdata" text DEFAULT '' NOT NULL,
    7374        "newcustid" integer,
    7475        "createstamp" timestamp DEFAULT now(),
     
    9293        "createstamp" timestamp DEFAULT now(),
    9394        "modifystamp" timestamp DEFAULT now(),
     95        "privdata" text DEFAULT '' NOT NULL,
    9496        "newcustid" integer
    9597);
  • trunk/cgi-bin/main.cgi

    r261 r284  
    626626  }
    627627  $html =~ s|\$\$ALLCITIES\$\$|$cities|g;
     628
     629  my $i = 0;
     630  $i++ if $webvar{fbtype} eq 'y';
     631  # Check to see if user is allowed to do anything with sensitive data
     632  my $privdata = '';
     633  if ($IPDBacl{$authuser} =~ /s/) {
     634    $privdata = qq(<tr class="color).($i%2).qq("><td>Restricted data:</td>).
     635        qq(<td class=regular><textarea rows="3" cols="64" name="privdata" class="regular">).
     636        qq(</textarea></td></tr>\n);
     637    $i++;
     638  }
     639  $html =~ s/\$\$PRIVDATA\$\$/$privdata/g;
     640
     641  $i = $i % 2;
     642  $html =~ s/\$\$BUTTONROWCOLOUR\$\$/color$i/;
    628643
    629644  print $html;
     
    789804  $html =~ s|\$\$ACTION\$\$|insert|g;
    790805
     806  my $i=1;
     807  # Check to see if user is allowed to do anything with sensitive data
     808  my $privdata = '';
     809  if ($IPDBacl{$authuser} =~ /s/) {
     810    $privdata = qq(<tr class="color).($i%2).qq("><td>Restricted data:</td>).
     811        qq(<td class=regular>$webvar{privdata}).
     812        qq(<input type=hidden name=privdata value="$webvar{privdata}"></td></tr>\n);
     813    $i++;
     814  }
     815  $html =~ s/\$\$PRIVDATA\$\$/$privdata/g;
     816
     817  $i = $i % 2;
     818  $html =~ s/\$\$BUTTONROWCOLOUR\$\$/color$i/;
     819
    791820  print $html;
    792821
     
    803832  return if !validateInput();
    804833
     834  if (!defined($webvar{privdata})) {
     835    $webvar{privdata} = '';
     836  }
    805837  # $code is "success" vs "failure", $msg contains OK for a
    806838  # successful netblock allocation, the IP allocated for static
     
    808840  my ($code,$msg) = allocateBlock($ip_dbh, $webvar{fullcidr}, $webvar{alloc_from},
    809841        $webvar{custid}, $webvar{alloctype}, $webvar{city}, $webvar{desc}, $webvar{notes},
    810         $webvar{circid});
     842        $webvar{circid}, $webvar{privdata});
    811843
    812844  if ($code eq 'OK') {
     
    904936  # because I'm lazy, we'll try to make the SELECT's bring out identical)ish) data
    905937  if ($webvar{block} =~ /\/32$/) {
    906     $sql = "select ip,custid,type,city,circuitid,description,notes,modifystamp from poolips where ip='$webvar{block}'";
     938    $sql = "select ip,custid,type,city,circuitid,description,notes,modifystamp,privdata from poolips where ip='$webvar{block}'";
    907939  } else {
    908     $sql = "select cidr,custid,type,city,circuitid,description,notes,modifystamp from allocations where cidr='$webvar{block}'"
     940    $sql = "select cidr,custid,type,city,circuitid,description,notes,modifystamp,privdata from allocations where cidr='$webvar{block}'"
    909941  }
    910942
     
    9711003  my $i=1;
    9721004
     1005  # Check to see if we can display sensitive data
     1006  my $privdata = '';
     1007  if ($IPDBacl{$authuser} =~ /s/) {
     1008    $privdata = qq(<tr class="color).($i%2).qq("><td class=heading>Restricted data:</td>).
     1009        qq(<td class=regular><textarea rows="3" cols="64" name="privdata" class="regular">).
     1010        qq($data[8]</textarea></td></tr>\n);
     1011    $i++;
     1012  }
     1013  $html =~ s/\$\$PRIVDATA\$\$/$privdata/g;
     1014
    9731015  # More ACL trickery - we can live with forms that don't submit,
    9741016  # but we can't leave the extra table rows there, and we *really*
     
    9761018  my $updok = '';
    9771019  if ($IPDBacl{$authuser} =~ /c/) {
    978     $updok = qq(<tr class="color$i"><td colspan=2><div class="center">).
     1020    $updok = qq(<tr class="color).($i%2).qq("><td colspan=2><div class="center">).
    9791021        qq(<input type="submit" value=" Update this block " class="regular">).
    9801022        "</div></td></tr></form>\n";
     
    9861028  if ($IPDBacl{$authuser} =~ /d/) {
    9871029    $delok = qq(<form method="POST" action="main.cgi">
    988         <tr class="color$i"><td colspan=2 class="regular"><div class=center>
     1030        <tr class="color).($i%2).qq("><td colspan=2 class="regular"><div class=center>
    9891031        <input type="hidden" name="action" value="delete">
    9901032        <input type="hidden" name="block" value="$webvar{block}">
     
    10031045# action=update
    10041046sub update {
     1047  if ($IPDBacl{$authuser} !~ /c/) {
     1048    printError("You shouldn't have been able to get here.  Access denied.");
     1049    return;
     1050  }
     1051
     1052  # Check to see if we can update restricted data
     1053  my $privdata = '';
     1054  if ($IPDBacl{$authuser} =~ /s/) {
     1055    $privdata = ",privdata='$webvar{privdata}'";
     1056  }
    10051057
    10061058  # Make sure incoming data is in correct format - custID among other things.
     
    10131065    if (my $pooltype = ($webvar{alloctype} =~ /^(.)i$/) ) {
    10141066      $sql = "update poolips set custid='$webvar{custid}',notes='$webvar{notes}',".
    1015         "circuitid='$webvar{circid}',description='$webvar{desc}',city='$webvar{city}' ".
    1016         "where ip='$webvar{block}'";
     1067        "circuitid='$webvar{circid}',description='$webvar{desc}',city='$webvar{city}'".
     1068        "$privdata where ip='$webvar{block}'";
    10171069    } else {
    10181070      $sql = "update allocations set custid='$webvar{custid}',".
    10191071        "description='$webvar{desc}',notes='$webvar{notes}',city='$webvar{city}',".
    1020         "type='$webvar{alloctype}',circuitid='$webvar{circid}' where cidr='$webvar{block}'";
     1072        "type='$webvar{alloctype}',circuitid='$webvar{circid}'$privdata ".
     1073        "where cidr='$webvar{block}'";
    10211074    }
    10221075    # Log the details of the change.
     
    10541107  $html =~ s/\$\$NOTES\$\$/$webvar{notes}/g;
    10551108
     1109  if ($IPDBacl{$authuser} =~ /s/) {
     1110    $privdata = qq(<tr class="color2"><td valign="top">Restricted data:</td>).
     1111        qq(<td class="regular">).desanitize($webvar{privdata}).qq(</td></tr>\n);
     1112  }
     1113  $html =~ s/\$\$PRIVDATA\$\$/$privdata/g;
     1114
    10561115  print $html;
    10571116
     
    10781137  }
    10791138
    1080   my ($cidr, $custid, $type, $city, $circid, $desc, $notes, $alloctype);
     1139  my ($cidr, $custid, $type, $city, $circid, $desc, $notes, $alloctype, $privdata);
    10811140
    10821141  if ($webvar{alloctype} eq 'rm') {
     
    11071166
    11081167    # Unassigning a static IP
    1109     my $sth = $ip_dbh->prepare("select ip,custid,city,type,notes,circuitid from poolips".
    1110         " where ip='$webvar{block}'");
     1168    my $sth = $ip_dbh->prepare("select ip,custid,city,type,notes,circuitid,privdata".
     1169        " from poolips where ip='$webvar{block}'");
    11111170    $sth->execute();
    11121171#  croak $sth->errstr() if($sth->errstr());
    11131172
    1114     $sth->bind_columns(\$cidr, \$custid, \$city, \$alloctype, \$notes, \$circid);
     1173    $sth->bind_columns(\$cidr, \$custid, \$city, \$alloctype, \$notes, \$circid,
     1174        \$privdata);
    11151175    $sth->fetch() || croak $sth->errstr;
    11161176
    11171177  } else { # done with alloctype=~ /^.i$/
    11181178
    1119     my $sth = $ip_dbh->prepare("select cidr,custid,type,city,circuitid,description,notes from ".
    1120         "allocations where cidr='$webvar{block}'");
     1179    my $sth = $ip_dbh->prepare("select cidr,custid,type,city,circuitid,description,notes,privdata".
     1180        " from allocations where cidr='$webvar{block}'");
    11211181    $sth->execute();
    11221182#       croak $sth->errstr() if($sth->errstr());
    11231183
    1124     $sth->bind_columns(\$cidr, \$custid, \$alloctype, \$city, \$circid, \$desc, \$notes);
     1184    $sth->bind_columns(\$cidr, \$custid, \$alloctype, \$city, \$circid, \$desc,
     1185        \$notes, \$privdata);
    11251186    $sth->fetch() || carp $sth->errstr;
    11261187  } # end cases for different alloctypes
     
    11451206    $html =~ s|<!--warn-->|<tr bgcolor="black"><td colspan="2"><div class="red">Warning: clicking confirm will remove this record entirely.</div></td></tr>|;
    11461207  }
     1208
     1209  my $i = 1;
     1210  # Check to see if user is allowed to do anything with sensitive data
     1211  if ($IPDBacl{$authuser} =~ /s/) {
     1212    $privdata = qq(<tr class="color).($i%2).qq("><td>Restricted data:</td>).
     1213        qq(<td class=regular>$privdata</td></tr>\n);
     1214    $i++;
     1215  }
     1216  $html =~ s/\$\$PRIVDATA\$\$/$privdata/g;
     1217
     1218  $i = ++$i % 2;
     1219  $html =~ s/\$\$BUTTONROWCOLOUR\$\$/color$i/;
    11471220
    11481221  print $html;
Note: See TracChangeset for help on using the changeset viewer.