Changeset 789 for trunk/cgi-bin/admin.cgi

Timestamp:

12/10/15 16:49:01 (8 years ago)

Author:

Kris Deugau

Message:

/trunk

Add an ACL flag for merge operations. This is not automatically included
in the "Admin" priviledge per request, since a merge operation can
potentially wipe virtually the entire dataset. See #8.

File:

• trunk/cgi-bin/admin.cgi (modified) (2 diffs)

trunk/cgi-bin/admin.cgi

@@ -349 +349 @@
         can_del => ($acl =~ /d/ ? 1 : 0),
         sysnet => ($acl =~ /s/ ? 1 : 0),
+        can_merge => ($acl =~ /m/ ? 1 : 0),
         is_admin => ($acl =~ /A/ ? 1 : 0),
         acl => $acl
@@ -361 +362 @@
   my $acl = 'b';
   if ($webvar{admin} eq 'on') {
+    # as per request "admin" users do not automatically get merge permission.  Networkz iz hard.
+    # Admin users that add the priviledge and then shoot everybody in all the feet probably
+    # shouldn't have had admin access in the first place.
     $acl .= "acdsA";
+    $acl .= 'm' if $webvar{merge} eq 'on';
   } else {
     $acl .= ($webvar{add} eq 'on' ? 'a' : '').
         ($webvar{change} eq 'on' ? 'c' : '').
         ($webvar{del} eq 'on' ? 'd' : '').
-        ($webvar{sysnet} eq 'on' ? 's' : '');
+        ($webvar{sysnet} eq 'on' ? 's' : '').
+        ($webvar{merge} eq 'on' ? 'm' : '');
   }
   $page->param(acl => $acl);