diff options
author | Scott Ullrich <sullrich@pfsense.org> | 2007-12-03 01:37:45 +0000 |
---|---|---|
committer | Scott Ullrich <sullrich@pfsense.org> | 2007-12-03 01:37:45 +0000 |
commit | cd0e6d73b8506e2de1eac0128044b6b0410cd4cf (patch) | |
tree | 63345e5cc8097200e9a74a4146ef5bdfa374d0af /usr/local | |
parent | e08864b472446468e2241873dab2f151c25edbb1 (diff) | |
download | pfsense-cd0e6d73b8506e2de1eac0128044b6b0410cd4cf.zip pfsense-cd0e6d73b8506e2de1eac0128044b6b0410cd4cf.tar.gz |
Allow each interface to have ACL's so you can assign a user to be able to edit just that interfaces rules.
Diffstat (limited to 'usr/local')
-rwxr-xr-x | usr/local/www/firewall_rules.php | 10 | ||||
-rwxr-xr-x | usr/local/www/firewall_rules_edit.php | 13 |
2 files changed, 23 insertions, 0 deletions
diff --git a/usr/local/www/firewall_rules.php b/usr/local/www/firewall_rules.php index 94aae51..7fea1d3 100755 --- a/usr/local/www/firewall_rules.php +++ b/usr/local/www/firewall_rules.php @@ -64,6 +64,16 @@ if (isset($config['ipsec']['enable']) || isset($config['ipsec']['mobileclients'] if (!$if || !isset($iflist[$if])) $if = "wan"; +$security_url = "firewall_rules.php?if=". strtolower($if); +if (!isSystemAdmin($HTTP_SERVER_VARS['AUTH_USER'])) { + if(!in_array($security_url, $allowed)) { + // User does not have access +// echo "displaying error {$security_url}"; print_r($allowed); + echo display_error_form("401", "Unauthorized. You do not have access to the page {$pagereq}"); + exit; + } +} + if ($_POST) { $pconfig = $_POST; diff --git a/usr/local/www/firewall_rules_edit.php b/usr/local/www/firewall_rules_edit.php index 7bc020e..a423ee2 100755 --- a/usr/local/www/firewall_rules_edit.php +++ b/usr/local/www/firewall_rules_edit.php @@ -55,6 +55,19 @@ if (isset($_GET['dup'])) { $after = $_GET['dup']; } +if($id) { + $if = $a_filter[$id]['interface']; + $security_url = "firewall_rules_edit.php?if=". strtolower($if); + if (!isSystemAdmin($HTTP_SERVER_VARS['AUTH_USER'])) { + if(!in_array($security_url, $allowed)) { + // User does not have access + // echo "displaying error {$security_url}"; print_r($allowed); + echo display_error_form("401", "Unauthorized. You do not have access to edit rules on the interface {$if}"); + exit; + } + } +} + if (isset($id) && $a_filter[$id]) { $pconfig['interface'] = $a_filter[$id]['interface']; |