Commit 9225489e authored by Ad Schellevis's avatar Ad Schellevis Committed by Franco Fichtner

(auth) refactor user/group privilege management

(cherry picked from commit e74f0c2a)
(cherry picked from commit 89ea14d2)
parent 05c948c0
......@@ -1122,7 +1122,7 @@
"name": "WebCfg - System: Group Manager: Add Privileges page",
"descr": "Allow access to the 'System: Group Manager: Add Privileges' page.",
"match": [
"system_groupmanager_addprivs.php*"
"system_usermanager_addprivs.php?group*"
]
},
"page-system-hasync": {
......@@ -1164,7 +1164,7 @@
"name": "WebCfg - System: User Manager: Add Privileges page",
"descr": "Allow access to the 'System: User Manager: Add Privileges' page.",
"match": [
"system_usermanager_addprivs.php*"
"system_usermanager_addprivs.php?user*"
]
},
"page-system-usermanager-settings": {
......
<?php
/*
Copyright (C) 2014-2015 Deciso B.V.
Copyright (C) 2008 Shrew Soft Inc.
Copyright (C) 2005 Paul Taylor <paultaylor@winn-dixie.com>.
Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>.
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
Copyright (C) 2014-2016 Deciso B.V.
Copyright (C) 2008 Shrew Soft Inc.
Copyright (C) 2005 Paul Taylor <paultaylor@winn-dixie.com>.
Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>.
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
*/
require_once("guiconfig.inc");
......@@ -78,26 +78,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
// reload page
header("Location: system_groupmanager.php");
exit;
} elseif (isset($id) && $act == "delpriv" && isset($a_group[$id]['priv']) && is_array($a_group[$id]['priv'])) {
// remove by privid
foreach ($a_group[$id]['priv'] as $key => $value) {
if ($value == $pconfig['privid']) {
unset($a_group[$id]['priv'][$key]);
}
}
if (isset($a_group[$id]['member']) && is_array($a_group[$id]['member'])) {
foreach ($a_group[$id]['member'] as $uid) {
$user = getUserEntryByUID($uid);
if ($user) {
local_user_set($user);
}
}
}
write_config();
// reload page
header("Location: system_groupmanager.php?act=edit&groupid={$id}");
exit;
} elseif (isset($pconfig['save'])) {
} elseif (isset($pconfig['save'])) {
$input_errors = array();
/* input validation */
......@@ -245,30 +226,6 @@ function presubmit() {
$( document ).ready(function() {
// delete privilege
$(".act-del-priv").click(function(event){
event.preventDefault();
var priv_name = $(this).data('privname');
var privid = $(this).data('privid');
BootstrapDialog.show({
type:BootstrapDialog.TYPE_DANGER,
title: "<?= gettext("Group");?>",
message: "<?=gettext("Do you really want to delete this privilege?");?> " + "<br/>("+priv_name+")",
buttons: [{
label: "<?= gettext("No");?>",
action: function(dialogRef) {
dialogRef.close();
}}, {
label: "<?= gettext("Yes");?>",
action: function(dialogRef) {
$("#privid").val(privid);
$("#act").val("delpriv");
$("#iform").submit();
}
}]
});
});
// remove group
$(".act-del-group").click(function(event){
var groupid = $(this).data('groupid');
......@@ -402,15 +359,12 @@ $( document ).ready(function() {
<?php
if ($act != "new") :?>
<tr>
<td colspan="2"><b><?=gettext("Assigned Privileges");?></b></td>
</tr>
<tr>
<td colspan="2">
<table class="table table-striped table-condensed">
<td><b><?=gettext("Assigned Privileges");?></b></td>
<td>
<table class="table table-hover table-condensed">
<tr>
<td><b><?=gettext("Name");?></b></td>
<td><b><?=gettext("Description");?></b></td>
<td></td>
</tr>
<?php
if (isset($pconfig['priv']) && is_array($pconfig['priv'])) :
......@@ -419,20 +373,14 @@ $( document ).ready(function() {
<tr>
<td><?=$priv_list[$priv]['name'];?></td>
<td><?=$priv_list[$priv]['descr'];?></td>
<td>
<button type="button" data-privid="<?=$priv;?>" data-privname="<?=$priv_list[$priv]['name']?>" class="btn btn-default btn-xs act-del-priv" title="<?=gettext("delete privilege");?>" data-toggle="tooltip">
<span class="fa fa-trash text-muted"></span>
</button>
</td>
</tr>
<?php
endforeach;
endif;?>
<tr>
<td colspan="2"></td>
<td>
<a href="system_groupmanager_addprivs.php?groupid=<?=htmlspecialchars($id)?>" class="btn btn-default btn-xs">
<span class="glyphicon glyphicon-plus"></span>
<td colspan="2">
<a href="system_usermanager_addprivs.php?groupid=<?=htmlspecialchars($id)?>" class="btn btn-default btn-xs">
<span class="fa fa-pencil"></span>
</a>
</td>
</tr>
......
<?php
/*
Copyright (C) 2014-2015 Deciso B.V.
Copyright (C) 2006 Daniel S. Haischt.
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
*/
function cpusercmp($a, $b)
{
return strcasecmp($a['name'], $b['name']);
}
require_once("guiconfig.inc");
if ($_SERVER['REQUEST_METHOD'] === 'GET') {
if (isset($config['system']['group'][$_GET['groupid']])) {
$groupid = $_GET['groupid'];
$a_group = & $config['system']['group'][$groupid];
} else {
header("Location: system_groupmanager.php");
exit;
}
} elseif ($_SERVER['REQUEST_METHOD'] === 'POST') {
if (isset($config['system']['group'][$_POST['groupid']])) {
$groupid = $_POST['groupid'];
$a_group = & $config['system']['group'][$groupid];
$input_errors = array();
$pconfig = $_POST;
/* input validation */
$reqdfields = explode(" ", "sysprivs");
$reqdfieldsn = array(gettext("Selected priveleges"));
do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
if (count($input_errors) == 0) {
if (!is_array($pconfig['sysprivs'])) {
$pconfig['sysprivs'] = array();
}
if (!isset($a_group['priv']) || !count($a_group['priv'])) {
$a_group['priv'] = $pconfig['sysprivs'];
} else {
$a_group['priv'] = array_merge($a_group['priv'], $pconfig['sysprivs']);
}
if (is_array($a_group['member'])) {
foreach ($a_group['member'] as $uid) {
$user = getUserEntryByUID($uid);
if ($user) {
local_user_set($user);
}
}
}
if (isset($config['system']['group']) && is_array($config['system']['group'])) {
usort($config['system']['group'], "cpusercmp");
}
write_config();
header("Location: system_groupmanager.php?act=edit&groupid={$groupid}");
exit;
}
} else {
header("Location: system_groupmanager.php");
exit;
}
}
if (!isset($a_group['priv']) || !is_array($a_group['priv'])) {
$a_group['priv'] = array();
}
include("head.inc");
?>
<body link="#0000CC" vlink="#0000CC" alink="#0000CC" >
<?php include("fbegin.inc"); ?>
<script type="text/javascript">
$( document ).ready(function() {
$("#sysprivs").change(function(){
$("#pdesc").html($(this).find(':selected').data('descr'));
});
});
</script>
<section class="page-content-main">
<div class="container-fluid">
<div class="row">
<?php
if (isset($input_errors) && count($input_errors) > 0) {
print_input_errors($input_errors);
}
?>
<section class="col-xs-12">
<div class="tab-content content-box col-xs-12">
<form method="post" name="iform">
<table class="table table-striped">
<tr>
<td width="22%"><?=gettext("System Privileges");?></td>
<td width="78%">
<select name="sysprivs[]" id="sysprivs" class="formselect" multiple="multiple" size="35">
<?php
foreach ($priv_list as $pname => $pdata) :
if (in_array($pname, $a_group['priv'])) {
continue;
}
?>
<option data-descr="<?=!empty($pdata['descr']) ? $pdata['descr'] : "";?>" value="<?=$pname;?>">
<?=$pdata['name'];?>
</option>
<?php
endforeach; ?>
</select>
<br />
<?=gettext("Hold down CTRL (pc)/COMMAND (mac) key to select multiple items");?>
</td>
</tr>
<tr>
<td><?=gettext("Description");?></td>
<td id="pdesc">
<em><?=gettext("Select a privilege from the list above for a description"); ?></em>
</td>
</tr>
<tr>
<td>&nbsp;</td>
<td>
<input type="submit" class="btn btn-primary" value="<?=gettext("Save");?>" />
<input class="btn btn-default" type="button" value="<?=gettext("Cancel");?>" onclick="history.back()" />
<input name="groupid" type="hidden" value="<?=$groupid;?>" />
</td>
</tr>
</table>
</form>
</div>
</section>
</div>
</div>
</section>
<?php include("foot.inc"); ?>
<?php
/*
Copyright (C) 2014-2015 Deciso B.V.
Copyright (C) 2014-2016 Deciso B.V.
Copyright (C) 2008 Shrew Soft Inc.
Copyright (C) 2005 Paul Taylor <paultaylor@winn-dixie.com>
Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>
......@@ -172,30 +172,6 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
$savemsg = gettext("User")." {$userdeleted} ". gettext("successfully deleted");
header("Location: system_usermanager.php?savemsg=".$savemsg);
exit;
} elseif ($act == "delpriv" && !empty($pconfig['priv_delete']) && isset($id)) {
// drop privilege from user
// search for priv id to delete
$privid = null;
if (!empty($a_user[$id]['priv'])) {
foreach ($a_user[$id]['priv'] as $key => $value) {
if ($value == $pconfig['priv_delete']) {
$privid = $key;
$privdeleted = $value;
}
}
}
if ($privid !== null) {
unset($a_user[$id]['priv'][$privid]);
local_user_set($a_user[$id]);
write_config();
$savemsg = gettext("Privilege")." {$privdeleted} ".
gettext("successfully deleted");
header("Location: system_usermanager.php?savemsg=".$savemsg."&act=edit&userid=".$id);
} else {
header("Location: system_usermanager.php?act=edit&userid=".$id);
}
exit;
} elseif ($act == "delcert" && isset($id)) {
// remove certificate association
$certdeleted = lookup_cert($a_user[$id]['cert'][$pconfig['certid']]);
......@@ -456,29 +432,6 @@ function presubmit() {
<script type="text/javascript">
$( document ).ready(function() {
// delete privilege
$(".act-del-priv").click(function(event){
event.preventDefault();
var priv_name = $(this).data('priv');
BootstrapDialog.show({
type:BootstrapDialog.TYPE_DANGER,
title: "<?= gettext("User");?>",
message: "<?=gettext("Do you really want to delete this privilege?");?> " + "<br/>("+priv_name+")",
buttons: [{
label: "<?= gettext("No");?>",
action: function(dialogRef) {
dialogRef.close();
}}, {
label: "<?= gettext("Yes");?>",
action: function(dialogRef) {
$("#priv_delete").val(priv_name);
$("#act").val("delpriv");
$("#iform").submit();
}
}]
});
});
// remove certificate association
$(".act-del-cert").click(function(event){
var certid = $(this).data('certid');
......@@ -745,16 +698,13 @@ $( document ).ready(function() {
<?php
if ($pconfig['uid'] != "") :?>
<tr>
<td colspan="2"><i class="fa fa-info-circle text-muted"></i> <?=gettext("Effective Privileges");?></td>
</tr>
<tr>
<td colspan="2">
<table class="table table-striped table-condensed">
<td><i class="fa fa-info-circle text-muted"></i> <?=gettext("Effective Privileges");?></td>
<td>
<table class="table table-hover table-condensed">
<tr>
<td width="20%"><b><?=gettext("Inherited From");?></b></td>
<td width="30%"><b><?=gettext("Name");?></b></td>
<td width="40%"><b><?=gettext("Description");?></b></td>
<td></td>
<td><b><?=gettext("Inherited From");?></b></td>
<td><b><?=gettext("Name");?></b></td>
<td><b><?=gettext("Description");?></b></td>
</tr>
<?php
foreach (get_user_privdesc($a_user[$id]) as $priv) :?>
......@@ -762,26 +712,15 @@ $( document ).ready(function() {
<td><?=!empty($priv['group']) ? $priv['group'] : ""?></td>
<td><?=$priv['name']?></td>
<td><?=!empty($priv['descr']) ? $priv['descr'] : ""?></td>
<td class="text-center">
<?php
if (empty($priv['group'])) :?>
<button type="button" data-priv="<?=$priv['id']?>" class="btn btn-default btn-xs act-del-priv"
title="<?=gettext("revoke privilege");?>" data-toggle="tooltip">
<span class="fa fa-trash text-muted"></span>
</button>
<?php
endif;?>
</td>
</tr>
<?php
endforeach;?>
<tr>
<td colspan="3"></td>
<td>
<a href="system_usermanager_addprivs.php?userid=<?=$id?>" class="btn btn-xs btn-default"
title="<?=gettext("assign privileges");?>" data-toggle="tooltip">
<span class="glyphicon glyphicon-plus"></span>
</a>
<td colspan="3">
<a href="system_usermanager_addprivs.php?userid=<?=$id?>" class="btn btn-xs btn-default"
title="<?=gettext("edit privileges");?>" data-toggle="tooltip">
<span class="fa fa-pencil"></span>
</a>
</td>
</tr>
</table>
......@@ -830,8 +769,7 @@ $( document ).ready(function() {
endforeach;
endif;?>
<tr>
<td colspan="2"></td>
<td>
<td colspan="3">
<a href="system_certmanager.php?act=new&amp;userid=<?=$id?>" class="btn btn-default btn-xs"
title="<?=gettext("create or link user certificate");?>" data-toggle="tooltip">
<span class="glyphicon glyphicon-plus"></span>
......@@ -880,8 +818,7 @@ $( document ).ready(function() {
</tbody>
<tfoot>
<tr>
<td></td>
<td>
<td colspan="2">
<button type="button" class="btn btn-default btn-xs" id="newApiKey"
title="<?=gettext("create API key");?>" data-toggle="tooltip">
<span class="glyphicon glyphicon-plus"></span>
......
This diff is collapsed.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment