From 2b5e7ea5f64b08c7da646f9c9b1c0be02d023c97 Mon Sep 17 00:00:00 2001
From: Richard Underwood <richard.underwood@digitaslbi.com>
Date: Wed, 4 Jan 2017 09:30:58 +0000
Subject: [PATCH] Uncomitted changes prior to merge. Permissions ...
---
includes/config.inc.php-dist | 6 +++
index.php | 69 ++++++++++++++++++++++++++++++
permissions.php | 83 ++++++++++++++++++++++++++++++++++++
3 files changed, 158 insertions(+)
create mode 100644 permissions.php
diff --git a/includes/config.inc.php-dist b/includes/config.inc.php-dist
index bc00616..4b1ff16 100644
--- a/includes/config.inc.php-dist
+++ b/includes/config.inc.php-dist
@@ -10,6 +10,12 @@ $logging = TRUE;
$allowclearlogs = TRUE; # Allow clearing of log entries
$allowrotatelogs = FALSE;# Allow rotation to text file on server
+$restrictediting = TRUE; # Restrict editing of record types
+$restrictedtypes = array(
+ 'SOA' => 1,
+ 'NS' => 1
+);
+
# Log directory - if allowrotatelogs is set, this is where the logs will
# be written. It must be writeable by the web server user.
$logsdirectory = "../etc";
diff --git a/index.php b/index.php
index 31f328f..593ce29 100644
--- a/index.php
+++ b/index.php
@@ -796,6 +796,75 @@ $(document).ready(function () {
inputClass: 'serial',
listClass: 'serial'
},
+ permissions: {
+ title: 'Permissions',
+ width: '10%',
+ create: false,
+ edit: false,
+ display: function(data) {
+ var $img = $('<img class="list" src="img/list.png" title="Permissions" />');
+ $img.click(function () {
+ $('#SlaveZones').jtable('openChildTable',
+ $img.closest('tr'), {
+ title: 'Permissions for ' + data.record.name,
+ openChildAsAccordion: true,
+ actions: {
+ listAction: 'permissions.php?action=list&zoneid=' + data.record.id,
+ createAction: 'permissions.php?action=add&zoneid=' + data.record.id,
+ deleteAction: 'permissions.php?action=remove&zoneid=' + data.record.id
+ },
+ fields: {
+ id: {
+ key: true,
+ type: 'hidden'
+ },
+ type: {
+ title: 'Type',
+ inputClass: "permissionstype",
+ options: {
+ 'user': 'User',
+ 'group': 'Group'
+ },
+ create: true,
+ edit: false
+ },
+ value: {
+ title: 'Name',
+ inputClass: "usergrouplist",
+ display: displayContent('value')
+ },
+ permissions: {
+ title: 'Permissions',
+ options: {
+ '1' : 'View Only',
+<?php if($restrictediting) { ?>
+ '3' : 'Update normal records',
+ '7' : 'Update all records',
+<?php } else { ?>
+ '7' : 'Update',
+<?php } ?>
+ '15' : 'Admin'
+ }
+ }
+ },
+ formCreated: function(event, dat) {
+ $( ".usergrouplist" ).autocomplete({
+ source: "users.php?action=autocomplete&zoneid=" + data.record.id + "&type=" + $( ".permissionstype" ).val()
+ });
+ $( ".permissionstype" ).change(function() {
+ $( ".usergrouplist" ).val("");
+ $( ".usergrouplist" ).autocomplete({
+ source: "users.php?action=autocomplete&type=" + $( ".permissionstype" ).val()
+ });
+ });
+ }
+ }, function (data) {
+ data.childTable.jtable('load');
+ })
+ });
+ return $img;
+ }
+ },
exportzone: {
title: '',
width: '1%',
diff --git a/permissions.php b/permissions.php
new file mode 100644
index 0000000..713e465
--- /dev/null
+++ b/permissions.php
@@ -0,0 +1,83 @@
+<?php
+
+include_once('includes/config.inc.php');
+include_once('includes/session.inc.php');
+include_once('includes/misc.inc.php');
+
+if (!is_csrf_safe()) {
+ header('Status: 403');
+ header('Location: ./index.php');
+ jtable_respond(null, 'error', "Authentication required");
+}
+
+$zoneid = isset($_GET['zoneid']) ? intval($_GET['zoneid']) : '';
+
+if (!is_adminuser()) {
+ header('Status: 403');
+ jtable_respond(null, 'error', "You need adminprivileges to get here");
+}
+
+if (!isset($_GET['action'])) {
+ header('Status: 400');
+ jtable_respond(null, 'error', 'No action given');
+}
+
+switch ($_GET['action']) {
+
+case "list":
+
+ if ($zoneid != '') {
+ $permissions = get_zone_permissions($zoneid);
+ jtable_respond($permissions);
+ } else {
+ jtable_respond(null, 'error', 'Could not list zone permissions');
+ }
+ break;
+
+case "add":
+ $type = isset($_POST['type']) ? $_POST['type'] : '';
+ $value = isset($_POST['value']) ? $_POST['value'] : '';
+ $permissons = isset($_POST['permissions']) ? $_POST['permissions'] : '';
+
+ if ($zoneid != '') {
+ if (user_exists($user)) {
+ if(is_group_member($groupid,$user)) {
+ jtable_respond(null, 'error', "User already a member of the group");
+ } elseif(!is_null($id=add_group_member($groupid,$user))) {
+ $entry = array('id' => $id,'user' => $user);
+ jtable_respond($entry, 'single');
+ } else {
+ jtable_respond(null, 'error', "Failed to add user to group");
+ }
+ } else {
+ jtable_respond(null, 'error', "User doesn't exist");
+ }
+ } else {
+ jtable_respond(null, 'error', 'Zone not specified');
+ }
+ break;
+
+case "remove":
+
+ if ($id != '') {
+ if(remove_group_member($id)) {
+ jtable_respond(null, 'delete');
+ } else {
+ jtable_respond(null, 'error', "Failed to delete user from group");
+ }
+ } else {
+ jtable_respond(null, 'error', 'ID not specified');
+ }
+ break;
+
+case "autocomplete":
+ $term = isset($_GET['type']) ? $_GET['type'] : '';
+ $term = isset($_GET['term']) ? $_GET['term'] : '';
+ $users=get_usernames_filtered($term);
+ print json_encode($users);
+ break;
+
+default:
+ jtable_respond(null, 'error', 'Invalid action');
+ break;
+}