Commit 90eea7db authored by Franco Fichtner's avatar Franco Fichtner

acl: mostly merge rework from master

Keep two names intact that were broken on master for the sake
of simplicity: legacy map stays in place for these two.

(cherry picked from commit 4763373d)
(cherry picked from commit 9ad060f6)
(cherry picked from commit a90efa28)
(cherry picked from commit d83563fa)
(cherry picked from commit 4b99ff9f)
(cherry picked from commit 9205427c)
(cherry picked from commit 40879017)
(cherry picked from commit ffbbfc96)
(cherry picked from commit a674b5e0)
parent 58a8f00e
......@@ -428,6 +428,7 @@
/usr/local/opnsense/mvc/app/models/OPNsense/CaptivePortal/Menu/Menu.xml
/usr/local/opnsense/mvc/app/models/OPNsense/CaptivePortal/Migrations/M1_0_0.php
/usr/local/opnsense/mvc/app/models/OPNsense/Core/ACL.php
/usr/local/opnsense/mvc/app/models/OPNsense/Core/ACL/ACL.xml
/usr/local/opnsense/mvc/app/models/OPNsense/Core/ACL_Legacy_Page_Map.json
/usr/local/opnsense/mvc/app/models/OPNsense/Cron/ACL/ACL.xml
/usr/local/opnsense/mvc/app/models/OPNsense/Cron/Cron.php
......@@ -444,6 +445,10 @@
/usr/local/opnsense/mvc/app/models/OPNsense/IDS/IDS.xml
/usr/local/opnsense/mvc/app/models/OPNsense/IDS/Menu/Menu.xml
/usr/local/opnsense/mvc/app/models/OPNsense/IDS/Migrations/M1_0_0.php
/usr/local/opnsense/mvc/app/models/OPNsense/IGMPProxy/ACL/ACL.xml
/usr/local/opnsense/mvc/app/models/OPNsense/IGMPProxy/Menu/Menu.xml
/usr/local/opnsense/mvc/app/models/OPNsense/Ntpd/ACL/ACL.xml
/usr/local/opnsense/mvc/app/models/OPNsense/Ntpd/Menu/Menu.xml
/usr/local/opnsense/mvc/app/models/OPNsense/Proxy/ACL/ACL.xml
/usr/local/opnsense/mvc/app/models/OPNsense/Proxy/Menu/Menu.xml
/usr/local/opnsense/mvc/app/models/OPNsense/Proxy/Migrations/M1_0_0.php
......@@ -451,6 +456,8 @@
/usr/local/opnsense/mvc/app/models/OPNsense/Proxy/Proxy.xml
/usr/local/opnsense/mvc/app/models/OPNsense/Relayd/ACL/ACL.xml
/usr/local/opnsense/mvc/app/models/OPNsense/Relayd/Menu/Menu.xml
/usr/local/opnsense/mvc/app/models/OPNsense/SNMP/ACL/ACL.xml
/usr/local/opnsense/mvc/app/models/OPNsense/SNMP/Menu/Menu.xml
/usr/local/opnsense/mvc/app/models/OPNsense/TrafficShaper/ACL/ACL.xml
/usr/local/opnsense/mvc/app/models/OPNsense/TrafficShaper/Menu/Menu.xml
/usr/local/opnsense/mvc/app/models/OPNsense/TrafficShaper/Migrations/M1_0_0.php
......@@ -458,6 +465,8 @@
/usr/local/opnsense/mvc/app/models/OPNsense/TrafficShaper/TrafficShaper.xml
/usr/local/opnsense/mvc/app/models/OPNsense/UPnP/ACL/ACL.xml
/usr/local/opnsense/mvc/app/models/OPNsense/UPnP/Menu/Menu.xml
/usr/local/opnsense/mvc/app/models/OPNsense/WOL/ACL/ACL.xml
/usr/local/opnsense/mvc/app/models/OPNsense/WOL/Menu/Menu.xml
/usr/local/opnsense/mvc/app/views/OPNsense/CaptivePortal/clients.volt
/usr/local/opnsense/mvc/app/views/OPNsense/CaptivePortal/index.volt
/usr/local/opnsense/mvc/app/views/OPNsense/CaptivePortal/vouchers.volt
......
......@@ -252,21 +252,6 @@
<Lookup order="40" url="/diag_dns.php"/>
<LogFile order="100" VisibleName="Log File" url="/diag_logs_resolver.php"/>
</DNSTools>
<IGMPProxy VisibleName="IGMP Proxy" url="/services_igmpproxy.php" cssClass="fa fa-map-signs fa-fw">
<Edit url="/services_igmpproxy_edit.php" visibility="hidden"/>
</IGMPProxy>
<NTP VisibleName="Network Time" cssClass="fa fa-clock-o fa-fw">
<General order="10" url="/services_ntpd.php"/>
<GPS order="20" url="/services_ntpd_gps.php"/>
<PPS order="30" url="/services_ntpd_pps.php"/>
<Status order="40" url="/status_ntpd.php"/>
<Log order="50" VisibleName="Log File" url="/diag_logs_ntpd.php"/>
</NTP>
<SNMP url="/services_snmp.php" cssClass="fa fa-database fa-fw"/>
<WoL VisibleName="Wake on LAN" url="/services_wol.php" cssClass="fa fa-power-off fa-fw">
<WoLEdit url="/services_wol_edit.php*" visibility="hidden"/>
<Wol url="/services_wol.php*" visibility="hidden"/>
</WoL>
<Diagnostics order="900" cssClass="fa fa-medkit fa-fw" url="/status_services.php">
<All url="/status_services.php?*" visibility="hidden"/>
</Diagnostics>
......
<acl>
<!-- unique acl key, must be globally unique for all acl's -->
<page-services-captiveportal>
<name>WebCfg - Services: Captive Portal</name>
<description>Allow access to the 'Services: Captive Portal' page.</description>
<name>Services: Captive Portal</name>
<patterns>
<pattern>ui/captiveportal/*</pattern>
<pattern>api/captiveportal/*</pattern>
......
......@@ -112,10 +112,6 @@ class ACL
if (isset($ACLnode->name)) {
$aclPayload = array();
$aclPayload['name'] = (string)$ACLnode->name;
if (isset($ACLnode->description)) {
// rename internal tag for backward compat.
$aclPayload['descr'] = (string)$ACLnode->description;
}
if (isset($ACLnode->patterns->pattern)) {
// rename pattern to match for internal usage, old code did use match and
// to avoid duplicate conversion let's do this only on input.
......@@ -267,8 +263,8 @@ class ACL
foreach ($this->ACLtags as $aclKey => $aclItem) {
$priv_list[$aclKey] = array();
foreach ($aclItem as $propName => $propValue) {
if ($propName == 'name' || $propName == 'descr') {
// translate name and description tags
if ($propName == 'name') {
// translate name tag
$priv_list[$aclKey][$propName] = gettext($propValue);
} else {
$priv_list[$aclKey][$propName] = $propValue;
......
This diff is collapsed.
<acl>
<!-- unique acl key, must be globally unique for all acl's -->
<page-system-cron>
<name>WebCfg - System: Settings: Cron page</name>
<description>Allow access to the 'System: Settings: Cron' page.</description>
<name>System: Settings: Cron</name>
<patterns>
<pattern>ui/cron/*</pattern>
<pattern>api/cron/*</pattern>
......
<acl>
<!-- unique acl key, must be globally unique for all acl's -->
<page-diagnostics-arptable>
<name>WebCfg - Diagnostics: ARP Table page</name>
<description>Allow access to the 'Diagnostics: ARP Table' page.</description>
<name>Diagnostics: ARP Table</name>
<patterns>
<pattern>ui/diagnostics/interface/arp/*</pattern>
<pattern>api/diagnostics/interface/getArp*</pattern>
</patterns>
</page-diagnostics-arptable>
<page-diagnostics-ndptable>
<name>Webcfg - Diagnostics: NDP Table page</name>
<description>Allow access to the 'Diagnostics: NDP Table' page.</description>
<name>Diagnostics: NDP Table</name>
<patterns>
<pattern>ui/diagnostics/interface/ndp/*</pattern>
<pattern>api/diagnostics/interface/getNdp*</pattern>
</patterns>
</page-diagnostics-ndptable>
<page-diagnostics-routingtables>
<name>WebCfg - Diagnostics: Routing tables page</name>
<description>Allow access to the 'Diagnostics: Routing tables' page.</description>
<name>Diagnostics: Routing tables</name>
<patterns>
<pattern>ui/diagnostics/interface/routes/*</pattern>
<pattern>api/diagnostics/interface/getRoutes*</pattern>
</patterns>
</page-diagnostics-routingtables>
<page-diagnostics-system-activity>
<name>WebCfg - Diagnostics: System Activity</name>
<description>Allows access to the 'Diagnostics: System Activity' page</description>
<name>Diagnostics: System Activity</name>
<patterns>
<pattern>ui/diagnostics/activity/*</pattern>
<pattern>api/diagnostics/activity/*</pattern>
</patterns>
</page-diagnostics-system-activity>
<page-diagnostics-health>
<name>WebCfg - Diagnostics: System Health</name>
<description>Allows access to the 'Diagnostics: System Health' page</description>
<name>Diagnostics: System Health</name>
<patterns>
<pattern>ui/diagnostics/systemhealth/*</pattern>
<pattern>api/diagnostics/systemhealth/*</pattern>
......@@ -42,16 +36,14 @@
</patterns>
</page-diagnostics-health>
<page-diagnostics-networkinsight>
<name>WebCfg - Diagnostics: Network Insight</name>
<description>Allows access to the 'Diagnostics: Network Insight' page</description>
<name>Diagnostics: Network Insight</name>
<patterns>
<pattern>ui/diagnostics/networkinsight/*</pattern>
<pattern>api/diagnostics/networkinsight/*</pattern>
</patterns>
</page-diagnostics-networkinsight>
<page-diagnostics-netflow>
<name>WebCfg - Diagnostics: Netflow configuration</name>
<description>Allows access to the Netflow configuration</description>
<name>Diagnostics: Netflow configuration</name>
<patterns>
<pattern>ui/diagnostics/netflow/*</pattern>
<pattern>api/diagnostics/netflow/*</pattern>
......
<acl>
<!-- unique acl key, must be globally unique for all acl's -->
<page-services-ids>
<name>WebCfg - Services: Intrusion Detection page</name>
<description>Allow access to the 'Services: Intrusion Detection' page.</description>
<name>Services: Intrusion Detection</name>
<patterns>
<pattern>ui/ids/*</pattern>
<pattern>api/ids/*</pattern>
......
<acl>
<page-services-igmpproxy>
<name>Services: IGMP Proxy</name>
<patterns>
<pattern>services_igmpproxy.php*</pattern>
</patterns>
</page-services-igmpproxy>
<page-services-igmpproxy-edit>
<name>Services: IGMP Proxy: Edit</name>
<patterns>
<pattern>services_igmpproxy_edit.php*</pattern>
</patterns>
</page-services-igmpproxy-edit>
</acl>
<menu>
<Services>
<IGMPProxy VisibleName="IGMP Proxy" url="/services_igmpproxy.php" cssClass="fa fa-map-signs fa-fw">
<Edit url="/services_igmpproxy_edit.php" visibility="hidden"/>
</IGMPProxy>
</Services>
</menu>
<acl>
<page-services-ntpd>
<name>Services: NTP</name>
<patterns>
<pattern>services_ntpd.php*</pattern>
</patterns>
</page-services-ntpd>
<page-services-ntp-gps>
<name>Status: NTP GPS</name>
<patterns>
<pattern>status_ntpd_gps.php*</pattern>
</patterns>
</page-services-ntp-gps>
<page-status-ntp>
<name>Status: NTP</name>
<patterns>
<pattern>status_ntpd.php*</pattern>
</patterns>
</page-status-ntp>
<page-services-ntp-pps>
<name>Status: NTP PPS</name>
<patterns>
<pattern>status_ntpd_pps.php*</pattern>
</patterns>
</page-services-ntp-pps>
<page-status-systemlogs-ntpd>
<name>Status: System logs: NTP</name>
<patterns>
<pattern>diag_logs_ntpd.php*</pattern>
</patterns>
</page-status-systemlogs-ntpd>
</acl>
<menu>
<Services>
<NTP VisibleName="Network Time" cssClass="fa fa-clock-o fa-fw">
<General order="10" url="/services_ntpd.php"/>
<GPS order="20" url="/services_ntpd_gps.php"/>
<PPS order="30" url="/services_ntpd_pps.php"/>
<Status order="40" url="/status_ntpd.php"/>
<Log order="50" VisibleName="Log File" url="/diag_logs_ntpd.php"/>
</NTP>
</Services>
</menu>
<acl>
<!-- unique acl key, must be globally unique for all acl's -->
<page-services-proxy>
<name>WebCfg - Services: Proxy page</name>
<description>Allow access to the 'Services: Proxy' page.</description>
<name>Services: Proxy</name>
<patterns>
<pattern>ui/proxy/*</pattern>
<pattern>api/proxy/*</pattern>
......
<acl>
<page-services-loadbalancer-monitor-edit>
<name>WebCfg - Services: Load Balancer: Monitor: Edit page</name>
<description>Allow access to the 'Services: Load Balancer: Monitor: Edit' page.</description>
<name>Services: Load Balancer: Monitor: Edit</name>
<patterns>
<pattern>load_balancer_monitor_edit.php*</pattern>
</patterns>
</page-services-loadbalancer-monitor-edit>
<page-services-loadbalancer-monitor>
<name>WebCfg - Services: Load Balancer: Monitors page</name>
<description>Allow access to the 'Services: Load Balancer: Monitors' page.</description>
<name>Services: Load Balancer: Monitors</name>
<patterns>
<pattern>load_balancer_monitor.php*</pattern>
</patterns>
</page-services-loadbalancer-monitor>
<page-services-loadbalancer-setting>
<name>WebCfg - Services: Load Balancer: setting page</name>
<description>Allow access to the 'Settings: Load Balancer: Settings' page.</description>
<name>Services: Load Balancer: setting</name>
<patterns>
<pattern>load_balancer_setting.php*</pattern>
</patterns>
</page-services-loadbalancer-setting>
<page-services-loadbalancer-virtualservers>
<name>WebCfg - Services: Load Balancer: Virtual Servers page</name>
<description>Allow access to the 'Services: Load Balancer: Virtual Servers' page.</description>
<name>Services: Load Balancer: Virtual Servers</name>
<patterns>
<pattern>load_balancer_virtual_server.php*</pattern>
</patterns>
</page-services-loadbalancer-virtualservers>
<page-status-loadbalancer-pool>
<name>WebCfg - Status: Load Balancer: Pool page</name>
<description>Allow access to the 'Status: Load Balancer: Pool' page.</description>
<name>Status: Load Balancer: Pool</name>
<patterns>
<pattern>status_lb_pool.php*</pattern>
</patterns>
</page-status-loadbalancer-pool>
<page-status-loadbalancer-virtualserver>
<name>WebCfg - Status: Load Balancer: Virtual Server page</name>
<description>Allow access to the 'Status: Load Balancer: Virtual Server' page.</description>
<name>Status: Load Balancer: Virtual Server</name>
<patterns>
<pattern>status_lb_vs.php*</pattern>
</patterns>
</page-status-loadbalancer-virtualserver>
<page-status-systemlogs-loadbalancer>
<name>WebCfg - Status: System logs: Load Balancer page</name>
<description>Allow access to the 'Status: System logs: Load Balancer' page.</description>
<name>Status: System logs: Load Balancer</name>
<patterns>
<pattern>diag_logs_relayd.php*</pattern>
</patterns>
</page-status-systemlogs-loadbalancer>
<page-loadbalancer-pool>
<name>WebCfg - Load Balancer: Pool page</name>
<description>Allow access to the 'Load Balancer: Pool' page.</description>
<name>Load Balancer: Pool</name>
<patterns>
<pattern>load_balancer_pool.php*</pattern>
</patterns>
</page-loadbalancer-pool>
<page-loadbalancer-pool-edit>
<name>WebCfg - Load Balancer: Pool: Edit page</name>
<description>Allow access to the 'Load Balancer: Pool: Edit' page.</description>
<name>Load Balancer: Pool: Edit</name>
<patterns>
<pattern>load_balancer_pool_edit.php*</pattern>
</patterns>
</page-loadbalancer-pool-edit>
<page-loadbalancer-virtualserver-edit>
<name>WebCfg - Load Balancer: Virtual Server: Edit page</name>
<description>Allow access to the 'Load Balancer: Virtual Server: Edit' page.</description>
<name>Load Balancer: Virtual Server: Edit</name>
<patterns>
<pattern>load_balancer_virtual_server_edit.php*</pattern>
</patterns>
......
<acl>
<page-services-snmp>
<name>Services: SNMP</name>
<patterns>
<pattern>services_snmp.php*</pattern>
</patterns>
</page-services-snmp>
</acl>
<menu>
<Services>
<SNMP url="/services_snmp.php" cssClass="fa fa-database fa-fw"/>
</Services>
</menu>
<acl>
<!-- unique acl key, must be globally unique for all acl's -->
<page-firewall-trafficshaper>
<name>WebCfg - Firewall: Traffic Shaper page</name>
<description>Allow access to the 'Firewall: Traffic Shaper' page.</description>
<name>Firewall: Traffic Shaper</name>
<patterns>
<pattern>ui/trafficshaper/*</pattern>
<pattern>api/trafficshaper/*</pattern>
......
<acl>
<page-service-upnp>
<name>WebCfg - Service: Universal Plug and Play page</name>
<description>Allow access to the 'Service: Universal Plug and Play' page.</description>
<name>Service: Universal Plug and Play</name>
<patterns>
<pattern>services_upnp.php*</pattern>
</patterns>
</page-service-upnp>
<page-status-upnpstatus>
<name>WebCfg - Status: Universal Plug and Play page</name>
<description>Allow access to the 'Status: Universal Plug and Play' page.</description>
<name>Status: Universal Plug and Play</name>
<patterns>
<pattern>status_upnp.php*</pattern>
</patterns>
......
<acl>
<page-services-wakeonlan>
<name>Services: Wake on LAN</name>
<patterns>
<pattern>services_wol.php*</pattern>
</patterns>
</page-services-wakeonlan>
<page-services-wakeonlan-edit>
<name>Services: Wake on LAN: Edit</name>
<patterns>
<pattern>services_wol_edit.php*</pattern>
</patterns>
</page-services-wakeonlan-edit>
</acl>
<menu>
<Services>
<WoL VisibleName="Wake on LAN" url="/services_wol.php" cssClass="fa fa-power-off fa-fw">
<WoLEdit url="/services_wol_edit.php*" visibility="hidden"/>
<Wol url="/services_wol.php*" visibility="hidden"/>
</WoL>
</Services>
</menu>
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment