diff options
author | Scott Ullrich <sullrich@pfsense.org> | 2007-12-03 04:48:12 +0000 |
---|---|---|
committer | Scott Ullrich <sullrich@pfsense.org> | 2007-12-03 04:48:12 +0000 |
commit | 0397013a4044fd591079a007fb0cf126c5d85cd6 (patch) | |
tree | 20440a5681e937ef04187e5175c3d720132241c7 | |
parent | 99ea44397a6f9df1dd6a6062c71c002bd7222b85 (diff) | |
download | pfsense-0397013a4044fd591079a007fb0cf126c5d85cd6.zip pfsense-0397013a4044fd591079a007fb0cf126c5d85cd6.tar.gz |
Add more ACL checkers to help with port forward and one to one NAT for multi user.
-rw-r--r-- | etc/inc/pfsense-utils.inc | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/etc/inc/pfsense-utils.inc b/etc/inc/pfsense-utils.inc index 8dbd305..6921d42 100644 --- a/etc/inc/pfsense-utils.inc +++ b/etc/inc/pfsense-utils.inc @@ -33,6 +33,44 @@ * */ +/****f* pfsense-utils/have_natonetooneruleint_access + * NAME + * have_natonetooneruleint_access + * INPUTS + * none + * RESULT + * returns true if user has access to edit a specific firewall nat one to one interface + ******/ +function have_natonetooneruleint_access($if) { + global $config, $g, $HTTP_SERVER_VARS; + $allowed = $g['privs']; + if (isSystemAdmin($HTTP_SERVER_VARS['AUTH_USER'])) + return true; + $security_url = "firewall_nat_1to1_edit.php?if=". strtolower($if); + if(in_array($security_url, $allowed)) + return true; + return false; +} + +/****f* pfsense-utils/have_natpfruleint_access + * NAME + * have_natpfruleint_access + * INPUTS + * none + * RESULT + * returns true if user has access to edit a specific firewall nat port forward interface + ******/ +function have_natpfruleint_access($if) { + global $config, $g, $HTTP_SERVER_VARS; + $allowed = $g['privs']; + if (isSystemAdmin($HTTP_SERVER_VARS['AUTH_USER'])) + return true; + $security_url = "firewall_nat_edit.php?if=". strtolower($if); + if(in_array($security_url, $allowed)) + return true; + return false; +} + /****f* pfsense-utils/have_ruleint_access * NAME * have_ruleint_access |