Changeset 789 for trunk/cgi-bin


Ignore:
Timestamp:
12/10/15 16:49:01 (8 years ago)
Author:
Kris Deugau
Message:

/trunk

Add an ACL flag for merge operations. This is not automatically included
in the "Admin" priviledge per request, since a merge operation can
potentially wipe virtually the entire dataset. See #8.

Location:
trunk/cgi-bin
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • trunk/cgi-bin/admin.cgi

    r709 r789  
    349349        can_del => ($acl =~ /d/ ? 1 : 0),
    350350        sysnet => ($acl =~ /s/ ? 1 : 0),
     351        can_merge => ($acl =~ /m/ ? 1 : 0),
    351352        is_admin => ($acl =~ /A/ ? 1 : 0),
    352353        acl => $acl
     
    361362  my $acl = 'b';
    362363  if ($webvar{admin} eq 'on') {
     364    # as per request "admin" users do not automatically get merge permission.  Networkz iz hard.
     365    # Admin users that add the priviledge and then shoot everybody in all the feet probably
     366    # shouldn't have had admin access in the first place.
    363367    $acl .= "acdsA";
     368    $acl .= 'm' if $webvar{merge} eq 'on';
    364369  } else {
    365370    $acl .= ($webvar{add} eq 'on' ? 'a' : '').
    366371        ($webvar{change} eq 'on' ? 'c' : '').
    367372        ($webvar{del} eq 'on' ? 'd' : '').
    368         ($webvar{sysnet} eq 'on' ? 's' : '');
     373        ($webvar{sysnet} eq 'on' ? 's' : '').
     374        ($webvar{merge} eq 'on' ? 'm' : '');
    369375  }
    370376  $page->param(acl => $acl);

  • trunk/cgi-bin/main.cgi

    r788 r789  
    10631063
    10641064  # Need to find internal knobs to twist to actually vary these.  (Ab)use "change" flag for now
    1065   $page->param(maymerge => ($IPDBacl{$authuser} =~ /c/ && $blockinfo->{type} !~ /^.i$/));
     1065  $page->param(maymerge => ($IPDBacl{$authuser} =~ /m/ && $blockinfo->{type} !~ /^.i$/));
     1066
    10661067  if ($IPDBacl{$authuser} =~ /c/ && $blockinfo->{type} !~ /^.i$/) {
    10671068    if ($blockinfo->{type} =~ /^.p$/) {
     
    13231324# Set up for merge
    13241325sub prepMerge {
     1326  if ($IPDBacl{$authuser} !~ /m/) {
     1327    $aclerr = 'mergeblock';
     1328    return;
     1329  }
     1330
    13251331  my $binfo = getBlockData($ip_dbh, $webvar{block});
    13261332
     
    13481354# Show what will be merged, present warnings about data loss
    13491355sub confMerge {
     1356  if ($IPDBacl{$authuser} !~ /m/) {
     1357    $aclerr = 'mergeblock';
     1358    return;
     1359  }
     1360
    13501361  if (!$webvar{newmask} || $webvar{newmask} !~ /^\d+$/) {
    13511362    $page->param(err => 'New netmask required');
     
    13871398# Make it so
    13881399sub doMerge {
     1400  if ($IPDBacl{$authuser} !~ /m/) {
     1401    $aclerr = 'mergeblock';
     1402    return;
     1403  }
     1404
    13891405  if (!$webvar{newmask} || $webvar{newmask} !~ /^\d+$/) {
    13901406    $page->param(err => 'New netmask required');
Note: See TracChangeset for help on using the changeset viewer.