Allow multiple groups to be assigned per user.

Work sponsored-by: Centipede Networks
author: Scott Ullrich <sullrich@pfsense.org> 2007-12-28 02:36:31 +0000
committer: Scott Ullrich <sullrich@pfsense.org> 2007-12-28 02:36:31 +0000
commit: 7e4a4513a330b9731e6c9b1e6e571defc2c4c73b (patch)
tree: eb7d66d36aebfc22257680c525e1debe96ff758d
parent: 9d265058e7693c830f80be173ab09d3ee850ec00 (diff)
download: pfsense-7e4a4513a330b9731e6c9b1e6e571defc2c4c73b.zip
pfsense-7e4a4513a330b9731e6c9b1e6e571defc2c4c73b.tar.gz
3 files changed, 49 insertions, 19 deletions
diff --git a/etc/inc/auth.inc b/etc/inc/auth.inc
index 0245a1c..41882bf 100644
--- a/etc/inc/auth.inc
+++ b/etc/inc/auth.inc
@@ -57,6 +57,27 @@ function logout_session() {
       $scriptName = $scriptName[$scriptElms-1];
 }
 
+function getAllowedGroups($logged_in_user) {
+	global $g, $config;
+	
+	$final_allowed = array();
+	
+	foreach($config['system']['user'] as $username) {
+		if($username['name'] = $logged_in_user) 
+			$allowed_groups  = explode(",", $username['groupname']);
+	}
+	
+	foreach($config['system']['group'] as $group) {
+		if(in_array($group['name'], $allowed_groups)) {
+			foreach($group['pages'] as $page) {
+				$allowed[] = $page;
+			}
+		}
+	}
+	
+	return $allowed;
+}
+
 function &getSystemAdminNames() {
   global $config, $g, $userindex;
   $adminUsers = array();
diff --git a/etc/inc/authgui.inc b/etc/inc/authgui.inc
index 92214f7..c3d6f32 100644
--- a/etc/inc/authgui.inc
+++ b/etc/inc/authgui.inc
@@ -68,11 +68,13 @@ if (isset($_POST['scriptname']) && isSystemAdmin($HTTP_SERVER_VARS['AUTH_USER'])
 // Once here, the user has authenticated with the web server.
 // Now, we give them access only to the appropriate pages for their group.
 if (!(isSystemAdmin($HTTP_SERVER_VARS['AUTH_USER']))) {
-  $allowed[] = '';
-  if (isset($config['system']['group'][$groupindex[$config['system']['user'][$userindex[$HTTP_SERVER_VARS['AUTH_USER']]]['groupname']]]['pages'])) {
-    $allowed = &$config['system']['group'][$groupindex[$config['system']['user'][$userindex[$HTTP_SERVER_VARS['AUTH_USER']]]['groupname']]]['pages'];
-  }
-  $g['privs'] = $allowed;
+	$g['privs'] = getAllowedGroups($HTTP_SERVER_VARS['AUTH_USER']);
+	$allowed = $g['privs'];
+	
+	$allowed_groups = print_r($g['privs'],true);
+	$fdny = fopen("/tmp/groups", "w");
+	fwrite($fdny, $allowed_groups);
+	fclose($fdny);
 
   $group = $config['system']['user'][$userindex[$HTTP_SERVER_VARS['AUTH_USER']]]['groupname'];
   /* get the group homepage, to be able to forward
diff --git a/usr/local/www/system_usermanager.php b/usr/local/www/system_usermanager.php
index b4b7872..73e0a85 100644
--- a/usr/local/www/system_usermanager.php
+++ b/usr/local/www/system_usermanager.php
@@ -44,9 +44,8 @@ if (isSystemAdmin($HTTP_SERVER_VARS['AUTH_USER'])) {
     if (isset($_POST['id']))
         $id = $_POST['id'];
 
-    if (!is_array($config['system']['user'])) {
-        $config['system']['user'] = array();
-    }
+	if (!is_array($config['system']['user'])) 
+		$config['system']['user'] = array();
 
     admin_users_sort();
     $a_user = &$config['system']['user'];
@@ -110,9 +109,11 @@ if (isSystemAdmin($HTTP_SERVER_VARS['AUTH_USER'])) {
             }
         }
 
-        if ($pconfig['utype'] <> "system" && !isset($groupindex[$_POST['groupname']])) {
-            $input_errors[] = gettext("group does not exist, please define the group before assigning users.");
-        }
+		foreach($_POST['groupname'] as $groupname) {
+        	if ($pconfig['utype'] <> "system" && !isset($groupindex[$groupname])) {
+            	$input_errors[] = gettext("group {$groupname} does not exist, please define the group before assigning users.");
+        	}
+		}
 
         if (isset($config['system']['ssh']['sshdkeyonly']) &&
             empty($_POST['authorizedkeys'])) {
@@ -130,6 +131,8 @@ if (isSystemAdmin($HTTP_SERVER_VARS['AUTH_USER'])) {
             if (isset($id) && $a_user[$id])
                 $userent = $a_user[$id];
 
+
+
             /* the user did change his username */
             if ($_POST['usernamefld'] <> $_POST['oldusername']) {
                 $_SERVER['REMOTE_USER'] = $_POST['usernamefld'];
@@ -137,9 +140,10 @@ if (isSystemAdmin($HTTP_SERVER_VARS['AUTH_USER'])) {
 
             $userent['name'] = $_POST['usernamefld'];
             $userent['fullname'] = $_POST['fullname'];
-            if ($pconfig['utype'] <> "system") {
-              $userent['groupname'] = $_POST['groupname'];
-            }
+
+            if ($pconfig['utype'] <> "system") 
+				$userent['groupname'] = implode(",", $_POST['groupname']);
+
             isset($_POST['utype']) ? $userent['scope'] = $_POST['utype'] : $userent['scope'] = "system";
 
             if ($_POST['passwordfld1'])
@@ -189,7 +193,7 @@ if (isSystemAdmin($HTTP_SERVER_VARS['AUTH_USER'])) {
             if (isset($id) && $a_user[$id]) {
                 $pconfig['usernamefld'] = $a_user[$id]['name'];
                 $pconfig['fullname'] = $a_user[$id]['fullname'];
-                $pconfig['groupname'] = $a_user[$id]['groupname'];
+                $pconfig['groupname'] = split(",", $a_user[$id]['groupname']);
                 $pconfig['utype'] = $a_user[$id]['scope'];
                 $pconfig['authorizedkeys'] = base64_decode($a_user[$id]['authorizedkeys']);
             }
@@ -307,15 +311,15 @@ if (isSystemAdmin($HTTP_SERVER_VARS['AUTH_USER'])) {
           <tr>
             <td width="22%" valign="top" class="vncell"><?=gettext("Group Name");?></td>
             <td width="78%" class="vtable">
-              <select name="groupname" class="formselect" id="groupname" <?php if ($pconfig['utype'] == "system") { echo "disabled=\"disabled\" "; } ?>>
+              <select size="10" name="groupname[]" class="formselect" id="groupname" <?php if ($pconfig['utype'] == "system") { echo "disabled=\"disabled\" "; } ?> MULTIPLE>
               <?php foreach ($config['system']['group'] as $group): ?>
-                <option value="<?=$group['name'];?>" <?php if ($group['name'] == $pconfig['groupname']) { echo "selected"; } ?>>
+                <option value="<?=$group['name'];?>" <?php if (in_array($group['name'],$pconfig['groupname'])) { echo "selected"; } ?>>
                       <?=htmlspecialchars($group['name']);?>
                 </option>
               <?php endforeach;?>
               </select>
               <br />
-              <?=gettext("The admin group to which this user is assigned.");?>
+              <?=gettext("Hold down CTRL (pc)/COMMAND (mac) key to select multiple items");?>
             </td>
           </tr>
           <tr>
@@ -363,7 +367,10 @@ if (isSystemAdmin($HTTP_SERVER_VARS['AUTH_USER'])) {
           </td>
           <td class="listr"><?=htmlspecialchars($userent['fullname']);?>&nbsp;</td>
           <td class="listbg">
-            <font color="white"><?=htmlspecialchars($userent['groupname']);?></font>&nbsp;
+			<?php
+				$groupname = split(",", $userent['groupname']);
+			?>
+            <font color="white"><?=htmlspecialchars(implode(",",$groupname));?></font>&nbsp;
           </td>
           <td valign="middle" nowrap class="list">
             <a href="system_usermanager.php?act=edit&id=<?=$i;?>">
author	Scott Ullrich <sullrich@pfsense.org>	2007-12-28 02:36:31 +0000
committer	Scott Ullrich <sullrich@pfsense.org>	2007-12-28 02:36:31 +0000
commit	7e4a4513a330b9731e6c9b1e6e571defc2c4c73b (patch)
tree	eb7d66d36aebfc22257680c525e1debe96ff758d
parent	9d265058e7693c830f80be173ab09d3ee850ec00 (diff)
download	pfsense-7e4a4513a330b9731e6c9b1e6e571defc2c4c73b.zip pfsense-7e4a4513a330b9731e6c9b1e6e571defc2c4c73b.tar.gz