Changeset 284 for trunk/cgi-bin

Timestamp:

09/21/05 16:30:31 (19 years ago)

Author:

Kris Deugau

Message:

/trunk

Merge /branches/privdata r278:283 (with notable exception of
281, already committed to trunk) to /trunk
Merge is clean.

Location:

trunk/cgi-bin

Files:

• IPDB.pm (modified) (4 diffs)
• admin.cgi (modified) (3 diffs)
• ipdb.psql (modified) (2 diffs)
• main.cgi (modified) (14 diffs)

trunk/cgi-bin/IPDB.pm

@@ -184 +184 @@
 # Does all of the magic of actually allocating a netblock
 # Requires database handle, block to allocate, custid, type, city,
-#       description, notes, circuit ID, block to allocate from, 
+#       description, notes, circuit ID, block to allocate from, private data
 # Returns a success code and optional error message.
 sub allocateBlock {
-  my ($dbh,undef,undef,$custid,$type,$city,$desc,$notes,$circid) = @_;
-  
+  my ($dbh,undef,undef,$custid,$type,$city,$desc,$notes,$circid,$privdata) = @_;
+
   my $cidr = new NetAddr::IP $_[1];
   my $alloc_from = new NetAddr::IP $_[2];
@@ -220 +220 @@
       $sth = $dbh->prepare("update poolips set custid='$custid',".
         "city='$city',available='n',description='$desc',notes='$notes',".
-        "circuitid='$circid'".
+        "circuitid='$circid',privdata='$privdata'".
         " where ip='$cidr'");
       $sth->execute;
@@ -263 +263 @@
           }
           $sth = $dbh->prepare("insert into allocations".
-                " (cidr,custid,type,city,description,notes,maskbits,circuitid)".
+                " (cidr,custid,type,city,description,notes,maskbits,circuitid,privdata)".
                 " values ('$cidr','$custid','$type','$city','$desc','$notes',".
-                $cidr->masklen.",'$circid')");
+                $cidr->masklen.",'$circid','$privdata')");
           $sth->execute;
 
@@ -361 +361 @@
           # Insert the allocations entry
           $sth = $dbh->prepare("insert into allocations (cidr,custid,type,city,".
-                "description,notes,maskbits,circuitid)".
+                "description,notes,maskbits,circuitid,privdata)".
                 " values ('$cidr','$custid','$type','$city','$desc','$notes',".
-                $cidr->masklen.",'$circid')");
+                $cidr->masklen.",'$circid','$privdata')");
           $sth->execute;
 

trunk/cgi-bin/admin.cgi

@@ -285 +285 @@
 
   print "<hr>Users with access:\n<table border=1>\n";
+  print "<tr><td></td><td align=center colspan=3>General access</td></tr>\n";
   print "<tr><td>Username</td><td>Add new</td><td>Change</td>".
-        "<td>Delete</td><td>Admin user</td></tr>\n".
+        "<td>Delete</td><td>Systems/Networking</td><td>Admin user</td></tr>\n".
         "<form action=admin.cgi method=POST>\n";
   $sth = $ip_dbh->prepare("select username,acl from users order by username");
@@ -298 +299 @@
         "></td><td><input type=checkbox name=change".($data[1] =~ /c/ ? ' checked=y' : '').
         "></td><td><input type=checkbox name=del".($data[1] =~ /d/ ? ' checked=y' : '').
+        "></td><td><input type=checkbox name=sysnet".($data[1] =~ /s/ ? ' checked=y' : '').
         "></td><td><input type=checkbox name=admin".($data[1] =~ /A/ ? ' checked=y' : '').
         qq(></td><td><input type=submit value="Update"></td></form>\n).
@@ -310 +312 @@
   my $acl = 'b';
   if ($webvar{admin} eq 'on') {
-    $acl .= "acdA";
+    $acl .= "acdsA";
   } else {
     $acl .= ($webvar{add} eq 'on' ? 'a' : '').
         ($webvar{change} eq 'on' ? 'c' : '').
-        ($webvar{del} eq 'on' ? 'd' : '');
+        ($webvar{del} eq 'on' ? 'd' : '').
+        ($webvar{sysnet} eq 'on' ? 's' : '');
   }
   print "New ACL: $acl<br>\n";

trunk/cgi-bin/ipdb.psql

@@ -71 +71 @@
         "description" character varying(64) DEFAULT '' NOT NULL,
         "circuitid" character varying(128) DEFAULT '' NOT NULL,
+        "privdata" text DEFAULT '' NOT NULL,
         "newcustid" integer,
         "createstamp" timestamp DEFAULT now(),
@@ -92 +93 @@
         "createstamp" timestamp DEFAULT now(),
         "modifystamp" timestamp DEFAULT now(),
+        "privdata" text DEFAULT '' NOT NULL,
         "newcustid" integer
 );

trunk/cgi-bin/main.cgi

@@ -626 +626 @@
   }
   $html =~ s|\$\$ALLCITIES\$\$|$cities|g;
+
+  my $i = 0;
+  $i++ if $webvar{fbtype} eq 'y';
+  # Check to see if user is allowed to do anything with sensitive data
+  my $privdata = '';
+  if ($IPDBacl{$authuser} =~ /s/) {
+    $privdata = qq(<tr class="color).($i%2).qq("><td>Restricted data:</td>).
+        qq(<td class=regular><textarea rows="3" cols="64" name="privdata" class="regular">).
+        qq(</textarea></td></tr>\n);
+    $i++;
+  }
+  $html =~ s/\$\$PRIVDATA\$\$/$privdata/g;
+
+  $i = $i % 2;
+  $html =~ s/\$\$BUTTONROWCOLOUR\$\$/color$i/;
 
   print $html;
@@ -789 +804 @@
   $html =~ s|\$\$ACTION\$\$|insert|g;
 
+  my $i=1;
+  # Check to see if user is allowed to do anything with sensitive data
+  my $privdata = '';
+  if ($IPDBacl{$authuser} =~ /s/) {
+    $privdata = qq(<tr class="color).($i%2).qq("><td>Restricted data:</td>).
+        qq(<td class=regular>$webvar{privdata}).
+        qq(<input type=hidden name=privdata value="$webvar{privdata}"></td></tr>\n);
+    $i++;
+  }
+  $html =~ s/\$\$PRIVDATA\$\$/$privdata/g;
+
+  $i = $i % 2;
+  $html =~ s/\$\$BUTTONROWCOLOUR\$\$/color$i/;
+
   print $html;
 
@@ -803 +832 @@
   return if !validateInput();
 
+  if (!defined($webvar{privdata})) {
+    $webvar{privdata} = '';
+  }
   # $code is "success" vs "failure", $msg contains OK for a
   # successful netblock allocation, the IP allocated for static
@@ -808 +840 @@
   my ($code,$msg) = allocateBlock($ip_dbh, $webvar{fullcidr}, $webvar{alloc_from},
         $webvar{custid}, $webvar{alloctype}, $webvar{city}, $webvar{desc}, $webvar{notes},
-        $webvar{circid});
+        $webvar{circid}, $webvar{privdata});
 
   if ($code eq 'OK') {
@@ -904 +936 @@
   # because I'm lazy, we'll try to make the SELECT's bring out identical)ish) data
   if ($webvar{block} =~ /\/32$/) {
-    $sql = "select ip,custid,type,city,circuitid,description,notes,modifystamp from poolips where ip='$webvar{block}'";
+    $sql = "select ip,custid,type,city,circuitid,description,notes,modifystamp,privdata from poolips where ip='$webvar{block}'";
   } else {
-    $sql = "select cidr,custid,type,city,circuitid,description,notes,modifystamp from allocations where cidr='$webvar{block}'"
+    $sql = "select cidr,custid,type,city,circuitid,description,notes,modifystamp,privdata from allocations where cidr='$webvar{block}'"
   }
 
@@ -971 +1003 @@
   my $i=1;
 
+  # Check to see if we can display sensitive data
+  my $privdata = '';
+  if ($IPDBacl{$authuser} =~ /s/) {
+    $privdata = qq(<tr class="color).($i%2).qq("><td class=heading>Restricted data:</td>).
+        qq(<td class=regular><textarea rows="3" cols="64" name="privdata" class="regular">).
+        qq($data[8]</textarea></td></tr>\n);
+    $i++;
+  }
+  $html =~ s/\$\$PRIVDATA\$\$/$privdata/g;
+
   # More ACL trickery - we can live with forms that don't submit,
   # but we can't leave the extra table rows there, and we *really*
@@ -976 +1018 @@
   my $updok = '';
   if ($IPDBacl{$authuser} =~ /c/) {
-    $updok = qq(<tr class="color$i"><td colspan=2><div class="center">).
+    $updok = qq(<tr class="color).($i%2).qq("><td colspan=2><div class="center">).
         qq(<input type="submit" value=" Update this block " class="regular">).
         "</div></td></tr></form>\n";
@@ -986 +1028 @@
   if ($IPDBacl{$authuser} =~ /d/) {
     $delok = qq(<form method="POST" action="main.cgi">
-        <tr class="color$i"><td colspan=2 class="regular"><div class=center>
+        <tr class="color).($i%2).qq("><td colspan=2 class="regular"><div class=center>
         <input type="hidden" name="action" value="delete">
         <input type="hidden" name="block" value="$webvar{block}">
@@ -1003 +1045 @@
 # action=update
 sub update {
+  if ($IPDBacl{$authuser} !~ /c/) {
+    printError("You shouldn't have been able to get here.  Access denied.");
+    return;
+  }
+
+  # Check to see if we can update restricted data
+  my $privdata = '';
+  if ($IPDBacl{$authuser} =~ /s/) {
+    $privdata = ",privdata='$webvar{privdata}'";
+  }
 
   # Make sure incoming data is in correct format - custID among other things.
@@ -1013 +1065 @@
     if (my $pooltype = ($webvar{alloctype} =~ /^(.)i$/) ) {
       $sql = "update poolips set custid='$webvar{custid}',notes='$webvar{notes}',".
-        "circuitid='$webvar{circid}',description='$webvar{desc}',city='$webvar{city}' ".
-        "where ip='$webvar{block}'";
+        "circuitid='$webvar{circid}',description='$webvar{desc}',city='$webvar{city}'".
+        "$privdata where ip='$webvar{block}'";
     } else {
       $sql = "update allocations set custid='$webvar{custid}',".
         "description='$webvar{desc}',notes='$webvar{notes}',city='$webvar{city}',".
-        "type='$webvar{alloctype}',circuitid='$webvar{circid}' where cidr='$webvar{block}'";
+        "type='$webvar{alloctype}',circuitid='$webvar{circid}'$privdata ".
+        "where cidr='$webvar{block}'";
     }
     # Log the details of the change.
@@ -1054 +1107 @@
   $html =~ s/\$\$NOTES\$\$/$webvar{notes}/g;
 
+  if ($IPDBacl{$authuser} =~ /s/) {
+    $privdata = qq(<tr class="color2"><td valign="top">Restricted data:</td>).
+        qq(<td class="regular">).desanitize($webvar{privdata}).qq(</td></tr>\n);
+  }
+  $html =~ s/\$\$PRIVDATA\$\$/$privdata/g;
+
   print $html;
 
@@ -1078 +1137 @@
   }
 
-  my ($cidr, $custid, $type, $city, $circid, $desc, $notes, $alloctype);
+  my ($cidr, $custid, $type, $city, $circid, $desc, $notes, $alloctype, $privdata);
 
   if ($webvar{alloctype} eq 'rm') {
@@ -1107 +1166 @@
 
     # Unassigning a static IP
-    my $sth = $ip_dbh->prepare("select ip,custid,city,type,notes,circuitid from poolips".
-        " where ip='$webvar{block}'");
+    my $sth = $ip_dbh->prepare("select ip,custid,city,type,notes,circuitid,privdata".
+        " from poolips where ip='$webvar{block}'");
     $sth->execute();
 #  croak $sth->errstr() if($sth->errstr());
 
-    $sth->bind_columns(\$cidr, \$custid, \$city, \$alloctype, \$notes, \$circid);
+    $sth->bind_columns(\$cidr, \$custid, \$city, \$alloctype, \$notes, \$circid,
+        \$privdata);
     $sth->fetch() || croak $sth->errstr;
 
   } else { # done with alloctype=~ /^.i$/
 
-    my $sth = $ip_dbh->prepare("select cidr,custid,type,city,circuitid,description,notes from ".
-        "allocations where cidr='$webvar{block}'");
+    my $sth = $ip_dbh->prepare("select cidr,custid,type,city,circuitid,description,notes,privdata".
+        " from allocations where cidr='$webvar{block}'");
     $sth->execute();
 #       croak $sth->errstr() if($sth->errstr());
 
-    $sth->bind_columns(\$cidr, \$custid, \$alloctype, \$city, \$circid, \$desc, \$notes);
+    $sth->bind_columns(\$cidr, \$custid, \$alloctype, \$city, \$circid, \$desc,
+        \$notes, \$privdata);
     $sth->fetch() || carp $sth->errstr;
   } # end cases for different alloctypes
@@ -1145 +1206 @@
     $html =~ s|<!--warn-->|<tr bgcolor="black"><td colspan="2"><div class="red">Warning: clicking confirm will remove this record entirely.</div></td></tr>|;
   }
+
+  my $i = 1;
+  # Check to see if user is allowed to do anything with sensitive data
+  if ($IPDBacl{$authuser} =~ /s/) {
+    $privdata = qq(<tr class="color).($i%2).qq("><td>Restricted data:</td>).
+        qq(<td class=regular>$privdata</td></tr>\n);
+    $i++;
+  }
+  $html =~ s/\$\$PRIVDATA\$\$/$privdata/g;
+
+  $i = ++$i % 2;
+  $html =~ s/\$\$BUTTONROWCOLOUR\$\$/color$i/;
 
   print $html;