diff options
author | Scott Ullrich <sullrich@pfsense.org> | 2007-12-28 02:36:31 +0000 |
---|---|---|
committer | Scott Ullrich <sullrich@pfsense.org> | 2007-12-28 02:36:31 +0000 |
commit | 7e4a4513a330b9731e6c9b1e6e571defc2c4c73b (patch) | |
tree | eb7d66d36aebfc22257680c525e1debe96ff758d /etc | |
parent | 9d265058e7693c830f80be173ab09d3ee850ec00 (diff) | |
download | pfsense-7e4a4513a330b9731e6c9b1e6e571defc2c4c73b.zip pfsense-7e4a4513a330b9731e6c9b1e6e571defc2c4c73b.tar.gz |
Allow multiple groups to be assigned per user.
Work sponsored-by: Centipede Networks
Diffstat (limited to 'etc')
-rw-r--r-- | etc/inc/auth.inc | 21 | ||||
-rw-r--r-- | etc/inc/authgui.inc | 12 |
2 files changed, 28 insertions, 5 deletions
diff --git a/etc/inc/auth.inc b/etc/inc/auth.inc index 0245a1c..41882bf 100644 --- a/etc/inc/auth.inc +++ b/etc/inc/auth.inc @@ -57,6 +57,27 @@ function logout_session() { $scriptName = $scriptName[$scriptElms-1]; } +function getAllowedGroups($logged_in_user) { + global $g, $config; + + $final_allowed = array(); + + foreach($config['system']['user'] as $username) { + if($username['name'] = $logged_in_user) + $allowed_groups = explode(",", $username['groupname']); + } + + foreach($config['system']['group'] as $group) { + if(in_array($group['name'], $allowed_groups)) { + foreach($group['pages'] as $page) { + $allowed[] = $page; + } + } + } + + return $allowed; +} + function &getSystemAdminNames() { global $config, $g, $userindex; $adminUsers = array(); diff --git a/etc/inc/authgui.inc b/etc/inc/authgui.inc index 92214f7..c3d6f32 100644 --- a/etc/inc/authgui.inc +++ b/etc/inc/authgui.inc @@ -68,11 +68,13 @@ if (isset($_POST['scriptname']) && isSystemAdmin($HTTP_SERVER_VARS['AUTH_USER']) // Once here, the user has authenticated with the web server. // Now, we give them access only to the appropriate pages for their group. if (!(isSystemAdmin($HTTP_SERVER_VARS['AUTH_USER']))) { - $allowed[] = ''; - if (isset($config['system']['group'][$groupindex[$config['system']['user'][$userindex[$HTTP_SERVER_VARS['AUTH_USER']]]['groupname']]]['pages'])) { - $allowed = &$config['system']['group'][$groupindex[$config['system']['user'][$userindex[$HTTP_SERVER_VARS['AUTH_USER']]]['groupname']]]['pages']; - } - $g['privs'] = $allowed; + $g['privs'] = getAllowedGroups($HTTP_SERVER_VARS['AUTH_USER']); + $allowed = $g['privs']; + + $allowed_groups = print_r($g['privs'],true); + $fdny = fopen("/tmp/groups", "w"); + fwrite($fdny, $allowed_groups); + fclose($fdny); $group = $config['system']['user'][$userindex[$HTTP_SERVER_VARS['AUTH_USER']]]['groupname']; /* get the group homepage, to be able to forward |