system_usermanager_addprivs.php 6.95 KB
Newer Older
Ad Schellevis's avatar
Ad Schellevis committed
1 2
<?php
/*
3
	Copyright (C) 2014-2015 Deciso B.V.
Ad Schellevis's avatar
Ad Schellevis committed
4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28
	Copyright (C) 2006 Daniel S. Haischt.
	All rights reserved.

	Redistribution and use in source and binary forms, with or without
	modification, are permitted provided that the following conditions are met:

	1. Redistributions of source code must retain the above copyright notice,
	   this list of conditions and the following disclaimer.

	2. Redistributions in binary form must reproduce the above copyright
	   notice, this list of conditions and the following disclaimer in the
	   documentation and/or other materials provided with the distribution.

	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
	INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
	AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
	AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
	OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
	POSSIBILITY OF SUCH DAMAGE.
*/

29 30 31
function admusercmp($a, $b)
{
    return strcasecmp($a['name'], $b['name']);
Ad Schellevis's avatar
Ad Schellevis committed
32 33
}

34
require_once("guiconfig.inc");
Ad Schellevis's avatar
Ad Schellevis committed
35

36 37 38 39 40 41 42 43 44 45 46
function sort_user_privs($privs) {
	// Privileges to place first, to redirect properly.
	$priority_privs = array("page-dashboard-all", "page-system-login/logout");

	$fprivs = array_intersect($privs, $priority_privs);
	$sprivs  = array_diff($privs, $priority_privs);

	return array_merge($fprivs, $sprivs);
}


Ad Schellevis's avatar
Ad Schellevis committed
47 48
$pgtitle = array("System","User manager","Add privileges");

49 50 51 52 53 54
if (is_numericint($_GET['userid'])) {
    $userid = $_GET['userid'];
}
if (isset($_POST['userid']) && is_numericint($_POST['userid'])) {
    $userid = $_POST['userid'];
}
Ad Schellevis's avatar
Ad Schellevis committed
55 56

if (!isset($config['system']['user'][$userid]) && !is_array($config['system']['user'][$userid])) {
57 58
    redirectHeader("system_usermanager.php");
    exit;
Ad Schellevis's avatar
Ad Schellevis committed
59 60 61 62
}

$a_user = & $config['system']['user'][$userid];

63 64 65
if (!is_array($a_user['priv'])) {
    $a_user['priv'] = array();
}
Ad Schellevis's avatar
Ad Schellevis committed
66 67

if ($_POST) {
68 69
    unset($input_errors);
    $pconfig = $_POST;
Ad Schellevis's avatar
Ad Schellevis committed
70

71 72 73
    /* input validation */
    $reqdfields = explode(" ", "sysprivs");
    $reqdfieldsn = array(gettext("Selected priveleges"));
Ad Schellevis's avatar
Ad Schellevis committed
74

75
    do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
Ad Schellevis's avatar
Ad Schellevis committed
76

77 78 79 80 81
    /* if this is an AJAX caller then handle via JSON */
    if (isAjax() && is_array($input_errors)) {
        input_errors2Ajax($input_errors);
        exit;
    }
Ad Schellevis's avatar
Ad Schellevis committed
82

83 84 85 86
    if (!$input_errors) {
        if (!is_array($pconfig['sysprivs'])) {
            $pconfig['sysprivs'] = array();
        }
Ad Schellevis's avatar
Ad Schellevis committed
87

88 89 90 91 92
        if (!count($a_user['priv'])) {
            $a_user['priv'] = $pconfig['sysprivs'];
        } else {
            $a_user['priv'] = array_merge($a_user['priv'], $pconfig['sysprivs']);
        }
Ad Schellevis's avatar
Ad Schellevis committed
93

94 95 96
        $a_user['priv'] = sort_user_privs($a_user['priv']);
        local_user_set($a_user);
        $retval = write_config();
97
        $savemsg = get_std_save_message();
98

99
        post_redirect("system_usermanager.php", array('act' => 'edit', 'userid' => $userid));
100

101 102
        exit;
    }
Ad Schellevis's avatar
Ad Schellevis committed
103 104 105
}

/* if ajax is calling, give them an update message */
106 107 108
if (isAjax()) {
    print_info_box_np($savemsg);
}
Ad Schellevis's avatar
Ad Schellevis committed
109 110 111 112

include("head.inc");
?>

113
<body link="#0000CC" vlink="#0000CC" alink="#0000CC" >
Ad Schellevis's avatar
Ad Schellevis committed
114 115 116 117 118 119 120
<?php include("fbegin.inc"); ?>
<script type="text/javascript">
//<![CDATA[

<?php

if (is_array($priv_list)) {
121 122 123 124 125 126 127 128 129 130 131 132 133
    $id = 0;

    $jdescs = "var descs = new Array();\n";
    foreach ($priv_list as $pname => $pdata) {
        if (in_array($pname, $a_user['priv'])) {
            continue;
        }
        $desc = addslashes(preg_replace("/pfSense/i", $g['product_name'], $pdata['descr']));
        $jdescs .= "descs[{$id}] = '{$desc}';\n";
        $id++;
    }

    echo $jdescs;
Ad Schellevis's avatar
Ad Schellevis committed
134 135 136 137 138 139 140 141 142 143 144
}

?>

function update_description() {
	var index = document.iform.sysprivs.selectedIndex;
	document.getElementById("pdesc").innerHTML = descs[index];
}

//]]>
</script>
145 146 147 148 149

<section class="page-content-main">
	<div class="container-fluid">
		<div class="row">
			<?php
150
            if (isset($input_errors) && count($input_errors) > 0) {
151 152
                print_input_errors($input_errors);
            }
153
            if (isset($savemsg)) {
154 155 156
                print_info_box($savemsg);
            }
            ?>
157 158
			<section class="col-xs-12">
				<?php
159 160 161 162 163 164 165
                    $tab_array = array();
                    $tab_array[] = array(gettext("Users"), true, "system_usermanager.php");
                    $tab_array[] = array(gettext("Groups"), false, "system_groupmanager.php");
                    $tab_array[] = array(gettext("Settings"), false, "system_usermanager_settings.php");
                    $tab_array[] = array(gettext("Servers"), false, "system_authservers.php");
                    display_top_tabs($tab_array);
                ?>
166 167 168 169 170 171 172 173 174

				<div class="tab-content content-box col-xs-12">
					<form action="system_usermanager_addprivs.php" method="post" name="iform" id="iform">
						<table width="100%" border="0" cellpadding="6" cellspacing="0" summary="main area" class="table table-striped">
							<tr>
								<td width="22%" valign="top" class="vncellreq"><?=gettext("System Privileges");?></td>
								<td width="78%" class="vtable">
									<select name="sysprivs[]" id="sysprivs" class="formselect" onchange="update_description();" multiple="multiple" size="35">
										<?php
175 176 177 178 179 180 181 182 183
                                        foreach ($priv_list as $pname => $pdata) :
                                            if (in_array($pname, $a_user['priv'])) {
                                                continue;
                                            }
                                        ?>
										<option value="<?=$pname;
?>"><?=$pdata['name'];?></option>
										<?php
                                        endforeach; ?>
184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199
									</select>
									<br />
									<?=gettext("Hold down CTRL (pc)/COMMAND (mac) key to select multiple items");?>
								</td>
							</tr>
							<tr height="60">
								<td width="22%" valign="top" class="vncell"><?=gettext("Description");?></td>
								<td width="78%" valign="top" class="vtable" id="pdesc">
									<em><?=gettext("Select a privilege from the list above for a description"); ?></em>
								</td>
							</tr>
							<tr>
								<td width="22%" valign="top">&nbsp;</td>
								<td width="78%">
									<input id="submitt"  name="Submit" type="submit" class="formbtn btn btn-primary" value="<?=gettext("Save");?>" />
									<input id="cancelbutton" class="formbtn btn btn-default" type="button" value="<?=gettext("Cancel");?>" onclick="history.back()" />
200 201
									<?php if (isset($userid)) :
?>
202
									<input name="userid" type="hidden" value="<?=htmlspecialchars($userid);?>" />
203 204
									<?php
endif; ?>
205 206 207 208 209 210 211 212 213 214 215
								</td>
							</tr>
						</table>
					</form>
				</div>
			</section>
		</div>
	</div>
</section>


216
<?php include("foot.inc"); ?>
Ad Schellevis's avatar
Ad Schellevis committed
217 218
</body>
</html>