Refine saving/applying on more pages - don't show apply or take an action unless the user is allowed to do that.

author: jim-p <jimp@pfsense.org> 2012-10-09 15:07:06 -0400
committer: jim-p <jimp@pfsense.org> 2012-10-09 15:17:00 -0400
commit: 3a343d7384fbf78f987e8c4c2d9f307d22c8a072 (patch)
tree: 4b07c4c6d174a70520ec4ca578ecfe3e94048589 /usr
parent: c9ba2f8a92b0e18b891af2049436d4a3a505f9d9 (diff)
download: pfsense-3a343d7384fbf78f987e8c4c2d9f307d22c8a072.zip
pfsense-3a343d7384fbf78f987e8c4c2d9f307d22c8a072.tar.gz
20 files changed, 118 insertions, 115 deletions
diff --git a/usr/local/www/firewall_aliases.php b/usr/local/www/firewall_aliases.php
index 5d13ec2..18314cd 100755
--- a/usr/local/www/firewall_aliases.php
+++ b/usr/local/www/firewall_aliases.php
@@ -107,9 +107,10 @@ if ($_GET['act'] == "del") {
 			$savemsg = sprintf(gettext("Cannot delete alias. Currently in use by %s"), $referenced_by);
 		} else {
 			unset($a_aliases[$_GET['id']]);
-			write_config();
-			filter_configure();
-			mark_subsystem_dirty('aliases');
+			if (write_config()) {
+				filter_configure();
+				mark_subsystem_dirty('aliases');
+			}
 			header("Location: firewall_aliases.php");
 			exit;
 		}
diff --git a/usr/local/www/firewall_aliases_edit.php b/usr/local/www/firewall_aliases_edit.php
index 194d445..7672d75 100755
--- a/usr/local/www/firewall_aliases_edit.php
+++ b/usr/local/www/firewall_aliases_edit.php
@@ -350,12 +350,11 @@ if ($_POST) {
 		} else
 			$a_aliases[] = $alias;
 
-		mark_subsystem_dirty('aliases');
-
 		// Sort list
 		$a_aliases = msort($a_aliases, "name");
 
-		write_config();
+		if (write_config())
+			mark_subsystem_dirty('aliases');
 
 		if($_POST['tab'])
 			header("Location: firewall_aliases.php?tab=" . htmlspecialchars ($_POST['tab']));
diff --git a/usr/local/www/firewall_aliases_import.php b/usr/local/www/firewall_aliases_import.php
index 39311c4..b42bbe8 100755
--- a/usr/local/www/firewall_aliases_import.php
+++ b/usr/local/www/firewall_aliases_import.php
@@ -109,8 +109,9 @@ if($_POST['aliasimport'] <> "") {
 		// Sort list
 		$a_aliases = msort($a_aliases, "name");
 
-		write_config();
-		
+		if (write_config())
+			mark_subsystem_dirty('aliases');
+		}
 		pfSenseHeader("firewall_aliases.php");
 		
 		exit;
diff --git a/usr/local/www/firewall_nat.php b/usr/local/www/firewall_nat.php
index b9eb91a..75d675d 100755
--- a/usr/local/www/firewall_nat.php
+++ b/usr/local/www/firewall_nat.php
@@ -82,13 +82,18 @@ if ($_POST) {
 
 if ($_GET['act'] == "del") {
 	if ($a_nat[$_GET['id']]) {
+
 		if (isset($a_nat[$_GET['id']]['associated-rule-id'])) {
 			delete_id($a_nat[$_GET['id']]['associated-rule-id'], $config['filter']['rule']);
-			mark_subsystem_dirty('filter');
+			$want_dirty_filter = true;
 		}
 		unset($a_nat[$_GET['id']]);
-		write_config();
-		mark_subsystem_dirty('natconf');
+
+		if (write_config()) {
+			mark_subsystem_dirty('natconf');
+			if ($want_dirty_filter)
+				mark_subsystem_dirty('filter');
+		}
 		header("Location: firewall_nat.php");
 		exit;
 	}
@@ -107,10 +112,10 @@ if (isset($_POST['del_x'])) {
 			}
 	        unset($a_nat[$rulei]);
 	    }
-	    write_config();
-	    mark_subsystem_dirty('natconf');
-	    header("Location: firewall_nat.php");
-	    exit;
+		if (write_config())
+			mark_subsystem_dirty('natconf');
+		header("Location: firewall_nat.php");
+		exit;
 	}
 
 } else {
@@ -150,8 +155,8 @@ if (isset($_POST['del_x'])) {
                                 $a_nat_new[] = $a_nat[$i];
                 }
                 $a_nat = $a_nat_new;
-                write_config();
-		mark_subsystem_dirty('natconf');
+		if (write_config())
+			mark_subsystem_dirty('natconf');
                 header("Location: firewall_nat.php");
                 exit;
         }
diff --git a/usr/local/www/firewall_nat_1to1.php b/usr/local/www/firewall_nat_1to1.php
index 567dc54..0582269 100755
--- a/usr/local/www/firewall_nat_1to1.php
+++ b/usr/local/www/firewall_nat_1to1.php
@@ -68,8 +68,8 @@ if ($_POST) {
 if ($_GET['act'] == "del") {
 	if ($a_1to1[$_GET['id']]) {
 		unset($a_1to1[$_GET['id']]);
-		write_config();
-		mark_subsystem_dirty('natconf');
+		if (write_config())
+			mark_subsystem_dirty('natconf');
 		header("Location: firewall_nat_1to1.php");
 		exit;
 	}
diff --git a/usr/local/www/firewall_nat_1to1_edit.php b/usr/local/www/firewall_nat_1to1_edit.php
index db79f6f..371db9c 100755
--- a/usr/local/www/firewall_nat_1to1_edit.php
+++ b/usr/local/www/firewall_nat_1to1_edit.php
@@ -211,10 +211,8 @@ if ($_POST) {
 			$a_1to1[] = $natent;
 		nat_1to1_rules_sort();
 
-		mark_subsystem_dirty('natconf');
-
-		write_config();
-
+		if (write_config())
+			mark_subsystem_dirty('natconf');
 		header("Location: firewall_nat_1to1.php");
 		exit;
 	}
diff --git a/usr/local/www/firewall_nat_edit.php b/usr/local/www/firewall_nat_edit.php
index 1ac2270..768fb8f 100755
--- a/usr/local/www/firewall_nat_edit.php
+++ b/usr/local/www/firewall_nat_edit.php
@@ -433,9 +433,8 @@ if ($_POST) {
 				$a_nat[] = $natent;
 		}
 
-		mark_subsystem_dirty('natconf');
-
-		write_config();
+		if (write_config())
+			mark_subsystem_dirty('natconf');
 
 		header("Location: firewall_nat.php");
 		exit;
diff --git a/usr/local/www/firewall_nat_npt.php b/usr/local/www/firewall_nat_npt.php
index 4534931..ad035fa 100644
--- a/usr/local/www/firewall_nat_npt.php
+++ b/usr/local/www/firewall_nat_npt.php
@@ -68,8 +68,8 @@ if ($_POST) {
 if ($_GET['act'] == "del") {
 	if ($a_npt[$_GET['id']]) {
 		unset($a_npt[$_GET['id']]);
-		write_config();
-		mark_subsystem_dirty('natconf');
+		if (write_config())
+			mark_subsystem_dirty('natconf');
 		header("Location: firewall_nat_npt.php");
 		exit;
 	}
diff --git a/usr/local/www/firewall_nat_npt_edit.php b/usr/local/www/firewall_nat_npt_edit.php
index ee03792..ae880b0 100644
--- a/usr/local/www/firewall_nat_npt_edit.php
+++ b/usr/local/www/firewall_nat_npt_edit.php
@@ -133,9 +133,8 @@ if ($_POST) {
 			$a_npt[] = $natent;
 		nat_npt_rules_sort();
 
-		mark_subsystem_dirty('natconf');
-
-		write_config();
+		if (write_config())
+			mark_subsystem_dirty('natconf');
 
 		header("Location: firewall_nat_npt.php");
 		exit;
diff --git a/usr/local/www/firewall_nat_out.php b/usr/local/www/firewall_nat_out.php
index 5098532..1a6734f 100755
--- a/usr/local/www/firewall_nat_out.php
+++ b/usr/local/www/firewall_nat_out.php
@@ -214,8 +214,8 @@ if (isset($_POST['save']) && $_POST['save'] == "Save") {
 		}
 		break;
 	}
-        write_config();
-	mark_subsystem_dirty('natconf');
+	if (write_config())
+		mark_subsystem_dirty('natconf');
         header("Location: firewall_nat_out.php");
         exit;
 }
@@ -223,8 +223,8 @@ if (isset($_POST['save']) && $_POST['save'] == "Save") {
 if ($_GET['act'] == "del") {
 	if ($a_out[$_GET['id']]) {
 		unset($a_out[$_GET['id']]);
-		write_config();
-		mark_subsystem_dirty('natconf');
+		if (write_config())
+			mark_subsystem_dirty('natconf');
 		header("Location: firewall_nat_out.php");
 		exit;
 	}
@@ -236,8 +236,8 @@ if (isset($_POST['del_x'])) {
                 foreach ($_POST['rule'] as $rulei) {
                         unset($a_out[$rulei]);
                 }
-                write_config();
-		mark_subsystem_dirty('natconf');
+		if (write_config())
+			mark_subsystem_dirty('natconf');
                 header("Location: firewall_nat_out.php");
                 exit;
         }
@@ -283,8 +283,8 @@ if (isset($_POST['del_x'])) {
 		else
 			unset($config['nat']['advancedoutbound']);
 
-                write_config();
-		mark_subsystem_dirty('natconf');
+		if (write_config())
+			mark_subsystem_dirty('natconf');
                 header("Location: firewall_nat_out.php");
                 exit;
         }
diff --git a/usr/local/www/firewall_nat_out_edit.php b/usr/local/www/firewall_nat_out_edit.php
index 62d0ecc..d62de63 100755
--- a/usr/local/www/firewall_nat_out_edit.php
+++ b/usr/local/www/firewall_nat_out_edit.php
@@ -303,8 +303,8 @@ if ($_POST) {
 			}
 		}
 
-		mark_subsystem_dirty('natconf');
-        	write_config();
+		if (write_config())
+			mark_subsystem_dirty('natconf');
 		header("Location: firewall_nat_out.php");
 		exit;
 	}
diff --git a/usr/local/www/firewall_rules.php b/usr/local/www/firewall_rules.php
index ea5dfe7..85e4eff 100755
--- a/usr/local/www/firewall_rules.php
+++ b/usr/local/www/firewall_rules.php
@@ -210,8 +210,7 @@ if ($_GET['act'] == "del") {
 			delete_nat_association($a_filter[$_GET['id']]['associated-rule-id']);
 		}
 		unset($a_filter[$_GET['id']]);
-		$retval = write_config();
-		if ($retval)
+		if (write_config())
 			mark_subsystem_dirty('filter');
 		header("Location: firewall_rules.php?if={$if}");
 		exit;
@@ -229,8 +228,7 @@ if (isset($_POST['del_x'])) {
 			delete_nat_association($a_filter[$rulei]['associated-rule-id']);
 			unset($a_filter[$rulei]);
 		}
-		$retval = write_config();
-		if ($retval)
+		if (write_config())
 			mark_subsystem_dirty('filter');
 		header("Location: firewall_rules.php?if={$if}");
 		exit;
@@ -241,8 +239,7 @@ if (isset($_POST['del_x'])) {
                         unset($a_filter[$_GET['id']]['disabled']);
                 else
                         $a_filter[$_GET['id']]['disabled'] = true;
-		$retval = write_config();
-		if ($retval)
+		if (write_config())
 			mark_subsystem_dirty('filter');
 		header("Location: firewall_rules.php?if={$if}");
 		exit;
@@ -286,8 +283,7 @@ if (isset($_POST['del_x'])) {
 		}
 
 		$a_filter = $a_filter_new;
-		$retval = write_config();
-		if ($retval)
+		if (write_config())
 			mark_subsystem_dirty('filter');
 		header("Location: firewall_rules.php?if={$if}");
 		exit;
diff --git a/usr/local/www/firewall_rules_edit.php b/usr/local/www/firewall_rules_edit.php
index 5420d19..d46c9f0 100755
--- a/usr/local/www/firewall_rules_edit.php
+++ b/usr/local/www/firewall_rules_edit.php
@@ -643,8 +643,7 @@ if ($_POST) {
 
 		filter_rules_sort();
 
-		$retval = write_config();
-		if ($retval)
+		if (write_config())
 			mark_subsystem_dirty('filter');
 
 		if (isset($_POST['floating']))
diff --git a/usr/local/www/firewall_schedule_edit.php b/usr/local/www/firewall_schedule_edit.php
index 08b8b8c..8e81d1b 100644
--- a/usr/local/www/firewall_schedule_edit.php
+++ b/usr/local/www/firewall_schedule_edit.php
@@ -183,10 +183,9 @@ if ($_POST) {
 			$a_schedules[] = $schedule;
 		}
 		schedule_sort();
-		write_config();
-		
-		filter_configure();
-			
+		if (write_config())
+			filter_configure();
+
 		header("Location: firewall_schedule.php");
 		exit;
 		
diff --git a/usr/local/www/firewall_shaper.php b/usr/local/www/firewall_shaper.php
index 38a013b..6ac8538 100755
--- a/usr/local/www/firewall_shaper.php
+++ b/usr/local/www/firewall_shaper.php
@@ -94,8 +94,8 @@ if ($_GET) {
 	case "delete":
 			if ($queue) {
 				$queue->delete_queue();
-				write_config();
-				mark_subsystem_dirty('shaper');
+				if (write_config())
+					mark_subsystem_dirty('shaper');
 			}
 			header("Location: firewall_shaper.php");
 			exit;
@@ -118,17 +118,18 @@ if ($_GET) {
 				if (isset($rule['wizard']) && $rule['wizard'] == "yes")
 					unset($config['filter']['rule'][$key]);
 			}
-			write_config();
-			
-			$retval = 0;
-                        $retval |= filter_configure();
-                        $savemsg = get_std_save_message($retval);
+			if (write_config()) {
+				$retval = 0;
+				$retval |= filter_configure();
+				$savemsg = get_std_save_message($retval);
 
-                        if (stristr($retval, "error") <> true)
-	                        $savemsg = get_std_save_message($retval);
-                        else
-       	                	$savemsg = $retval;
-			
+				if (stristr($retval, "error") <> true)
+					$savemsg = get_std_save_message($retval);
+				else
+					$savemsg = $retval;
+			} else {
+				$savemsg = gettext("Unable to write config.xml (Access Denied?)");
+			}
 			$output_form = $default_shaper_message;
 
 		break;
@@ -178,8 +179,8 @@ if ($_GET) {
 			if ($queue) {
 					$queue->SetEnabled("on");
 					$output_form .= $queue->build_form();
-					write_config();
-					mark_subsystem_dirty('shaper');
+					if (write_config())
+						mark_subsystem_dirty('shaper');
 			} else
 					$input_errors[] = gettext("Queue not found!");
 		break;
@@ -187,8 +188,8 @@ if ($_GET) {
 			if ($queue) {
 					$queue->SetEnabled("");
 					$output_form .= $queue->build_form();
-					write_config();
-					mark_subsystem_dirty('shaper');
+					if (write_config())
+						mark_subsystem_dirty('shaper');
 			} else
 					$input_errors[] = gettext("Queue not found!");
 		break;
@@ -230,8 +231,8 @@ if ($_GET) {
 			$tmppath[] = $altq->GetInterface();
 			$altq->SetLink(&$tmppath);	
 			$altq->wconfig();
-			write_config();
-			mark_subsystem_dirty('shaper');
+			if (write_config())
+				mark_subsystem_dirty('shaper');
 			$can_enable = true;
                         $can_add = true;
 		}
@@ -255,8 +256,8 @@ if ($_GET) {
                              			$can_add = true;
 				} else
 					$can_add = false;
-				write_config();
-				mark_subsystem_dirty('shaper');
+				if (write_config())
+					mark_subsystem_dirty('shaper');
 				$can_enable = true;
 				if ($altq->GetScheduler() != "PRIQ") /* XXX */
 					if ($tmp->GetDefault() <> "")
@@ -301,8 +302,8 @@ if ($_GET) {
                 if (!$input_errors) {
                             $queue->update_altq_queue_data($_POST);
                             $queue->wconfig();
-							write_config();
-				mark_subsystem_dirty('shaper');
+				if (write_config())
+					mark_subsystem_dirty('shaper');
 				$dontshow = false;
                 } 
 		read_altq_config();
diff --git a/usr/local/www/firewall_shaper_layer7.php b/usr/local/www/firewall_shaper_layer7.php
index 0cb8e30..44c659f 100755
--- a/usr/local/www/firewall_shaper_layer7.php
+++ b/usr/local/www/firewall_shaper_layer7.php
@@ -151,8 +151,8 @@ else if ($_POST) {
 		unset($non_dupes);
 		if(sizeof($dupes) == 0 && !$input_errors) {
 			$l7r->wconfig();
-			write_config();
-			mark_subsystem_dirty('shaper');
+			if (write_config())
+				mark_subsystem_dirty('shaper');
 
 			read_layer7_config();
 		}
@@ -195,8 +195,8 @@ else if ($_POST) {
 		}
 	} else if ($_POST['delete']) {
 		$container->delete_l7c();
-		write_config();
-		mark_subsystem_dirty('shaper');
+		if (write_config())
+			mark_subsystem_dirty('shaper');
 		unset($container);
 
 		header("Location: firewall_shaper_layer7.php");
diff --git a/usr/local/www/firewall_shaper_queues.php b/usr/local/www/firewall_shaper_queues.php
index 68989e1..7eadc7b 100755
--- a/usr/local/www/firewall_shaper_queues.php
+++ b/usr/local/www/firewall_shaper_queues.php
@@ -81,8 +81,8 @@ if ($_GET) {
 			$qtmp =& $altq->find_queue("", $qname);
 			if ($qtmp) {
 				$qtmp->delete_queue(); 
-				write_config();
-				mark_subsystem_dirty('shaper');
+				if (write_config())
+					mark_subsystem_dirty('shaper');
 			}
 			header("Location: firewall_shaper_queues.php");
 			exit;
@@ -119,8 +119,8 @@ if ($_GET) {
                                                 $newroot['queue'][] = $copycfg;
                                                 $config['shaper']['queue'][] = $newroot;
                                         }
-                                        write_config();
-					mark_subsystem_dirty('shaper');
+					if (write_config())
+						mark_subsystem_dirty('shaper');
                                         break;
                                 }
                         }
diff --git a/usr/local/www/firewall_shaper_vinterface.php b/usr/local/www/firewall_shaper_vinterface.php
index b2f2e1d..baeafe4 100644
--- a/usr/local/www/firewall_shaper_vinterface.php
+++ b/usr/local/www/firewall_shaper_vinterface.php
@@ -104,8 +104,8 @@ if ($_GET) {
 			}
 			if (!$input_errors) {
 				$queue->delete_queue();
-				write_config();
-				mark_subsystem_dirty('shaper');
+				if (write_config())
+					mark_subsystem_dirty('shaper');
 				header("Location: firewall_shaper_vinterface.php");
 				exit;
 			}
@@ -133,17 +133,17 @@ if ($_GET) {
 			if (isset($rule['pdnpipe']))
 				unset($config['filter']['rule'][$key]['pdnpipe']);
 		}
-		write_config();
-		
-		$retval = 0;
-		$retval = filter_configure();
-		$savemsg = get_std_save_message($retval);
-
-		if (stristr($retval, "error") <> true)
+		if (write_config()) {
+			$retval = 0;
+			$retval = filter_configure();
 			$savemsg = get_std_save_message($retval);
-		else
-			$savemsg = $retval;
 
+			if (stristr($retval, "error") <> true)
+				$savemsg = get_std_save_message($retval);
+			else
+				$savemsg = $retval;
+		} else
+			$savemsg = gettext("Unable to write config.xml (Access Denied?)");
 		$output_form = $dn_default_shaper_message;
 
 		break;
@@ -176,8 +176,8 @@ if ($_GET) {
 			$queue->SetEnabled("on");
 			$output_form .= $queue->build_form();
 			$queue->wconfig();
-			write_config();
-			mark_subsystem_dirty('shaper');
+			if (write_config())
+				mark_subsystem_dirty('shaper');
 		} else
 			$input_errors[] = gettext("Queue not found!");
 		break;
@@ -186,8 +186,8 @@ if ($_GET) {
 			$queue->SetEnabled("");
 			$output_form .= $queue->build_form();
 			$queue->wconfig();
-			write_config();
-			mark_subsystem_dirty('shaper');
+			if (write_config())
+				mark_subsystem_dirty('shaper');
 		} else
 			$input_errors[] = gettext("Queue not found!");
 		break;
@@ -214,12 +214,12 @@ if ($_GET) {
 				$tmppath[] = $dnpipe->GetQname();
 				$dnpipe->SetLink(&$tmppath);	
 				$dnpipe->wconfig();
-				write_config();
-				mark_subsystem_dirty('shaper');
+				if (write_config())
+					mark_subsystem_dirty('shaper');
 				$can_enable = true;
 				$can_add = true;
 			}
-			
+
 			read_dummynet_config();
 			$output_form .= $dnpipe->build_form();
 		}
@@ -233,14 +233,14 @@ if ($_GET) {
 			if (!$input_errors) {
 				array_pop($tmppath);
 				$tmp->wconfig();
-				write_config();
-				$can_enable = true;
-                		$can_add = false;
-				mark_subsystem_dirty('shaper');
-				$can_enable = true;
+				if (write_config()) {
+					$can_enable = true;
+					$can_add = false;
+					mark_subsystem_dirty('shaper');
+				}
 			}
 			read_dummynet_config();
-			$output_form .= $tmp->build_form();			
+			$output_form .= $tmp->build_form();
 		} else
 			$input_errors[] = gettext("Could not add new queue.");
 	} else if ($_POST['apply']) {
@@ -274,8 +274,8 @@ if ($_GET) {
                 if (!$input_errors) {
 			$queue->update_dn_data($_POST);
 			$queue->wconfig();
-			write_config();
-			mark_subsystem_dirty('shaper');
+			if (write_config())
+				mark_subsystem_dirty('shaper');
 			$dontshow = false;
                 } 
 		read_dummynet_config();
diff --git a/usr/local/www/firewall_virtual_ip.php b/usr/local/www/firewall_virtual_ip.php
index 547ce4b..e4aee0d 100755
--- a/usr/local/www/firewall_virtual_ip.php
+++ b/usr/local/www/firewall_virtual_ip.php
@@ -124,6 +124,12 @@ if ($_GET['act'] == "del") {
 
 		
 		if (!$input_errors) {
+			$user = getUserEntry($_SESSION['Username']);
+			if (is_array($user) && userHasPrivilege($user, "user-config-readonly")) {
+				header("Location: firewall_virtual_ip.php");
+				exit;
+			}
+
 			// Special case since every proxyarp vip is handled by the same daemon.
 			if ($a_vip[$_GET['id']]['mode'] == "proxyarp") {
 				$viface = $a_vip[$_GET['id']]['interface'];
diff --git a/usr/local/www/firewall_virtual_ip_edit.php b/usr/local/www/firewall_virtual_ip_edit.php
index ad05cdf..d208dd3 100755
--- a/usr/local/www/firewall_virtual_ip_edit.php
+++ b/usr/local/www/firewall_virtual_ip_edit.php
@@ -249,10 +249,10 @@ if ($_POST) {
 		}
 		$a_vip[$id] = $vipent;
 
-		mark_subsystem_dirty('vip');
-		
-		write_config();
-		file_put_contents("{$g['tmp_path']}/.firewall_virtual_ip.apply", serialize($toapplylist));
+		if (write_config()) {
+			mark_subsystem_dirty('vip');
+			file_put_contents("{$g['tmp_path']}/.firewall_virtual_ip.apply", serialize($toapplylist));
+		}
 		header("Location: firewall_virtual_ip.php");
 		exit;
 	}
author	jim-p <jimp@pfsense.org>	2012-10-09 15:07:06 -0400
committer	jim-p <jimp@pfsense.org>	2012-10-09 15:17:00 -0400
commit	3a343d7384fbf78f987e8c4c2d9f307d22c8a072 (patch)
tree	4b07c4c6d174a70520ec4ca578ecfe3e94048589 /usr
parent	c9ba2f8a92b0e18b891af2049436d4a3a505f9d9 (diff)
download	pfsense-3a343d7384fbf78f987e8c4c2d9f307d22c8a072.zip pfsense-3a343d7384fbf78f987e8c4c2d9f307d22c8a072.tar.gz