diff options
Diffstat (limited to 'src/usr/local/www/system_groupmanager.php')
-rw-r--r-- | src/usr/local/www/system_groupmanager.php | 607 |
1 files changed, 607 insertions, 0 deletions
diff --git a/src/usr/local/www/system_groupmanager.php b/src/usr/local/www/system_groupmanager.php new file mode 100644 index 0000000..17b0f73 --- /dev/null +++ b/src/usr/local/www/system_groupmanager.php @@ -0,0 +1,607 @@ +<?php +/* + $Id: system_groupmanager.php + part of m0n0wall (http://m0n0.ch/wall) + part of pfSense + + Copyright (C) 2013-2015 Electric Sheep Fencing, LP + All rights reserved. + + Copyright (C) 2008 Shrew Soft Inc. + All rights reserved. + + Copyright (C) 2005 Paul Taylor <paultaylor@winn-dixie.com>. + All rights reserved. + + Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +/* + pfSense_MODULE: auth +*/ + +##|+PRIV +##|*IDENT=page-system-groupmanager +##|*NAME=System: Group manager page +##|*DESCR=Allow access to the 'System: Group manager' page. +##|*MATCH=system_groupmanager.php* +##|-PRIV + +require("guiconfig.inc"); + +$pgtitle = array(gettext("System"), gettext("Group manager")); + +if (!is_array($config['system']['group'])) { + $config['system']['group'] = array(); +} + +$a_group = &$config['system']['group']; + +unset($id); +if (isset($_POST['groupid']) && is_numericint($_POST['groupid'])) { + $id = $_POST['groupid']; +} + +$act = (isset($_POST['act']) ? $_POST['act'] : ''); + +if ($act == "delgroup") { + + if (!isset($id) || !isset($_POST['groupname']) || !isset($a_group[$id]) || ($_POST['groupname'] != $a_group[$id]['name'])) { + pfSenseHeader("system_groupmanager.php"); + exit; + } + + conf_mount_rw(); + local_group_del($a_group[$id]); + conf_mount_ro(); + $groupdeleted = $a_group[$id]['name']; + unset($a_group[$id]); + write_config(); + $savemsg = gettext("Group") . " {$groupdeleted} " . + gettext("successfully deleted") . "<br />"; +} + +if ($act == "delpriv") { + + if (!isset($id) || !isset($a_group[$id])) { + pfSenseHeader("system_groupmanager.php"); + exit; + } + + $privdeleted = $priv_list[$a_group[$id]['priv'][$_POST['privid']]]['name']; + unset($a_group[$id]['priv'][$_POST['privid']]); + + if (is_array($a_group[$id]['member'])) { + foreach ($a_group[$id]['member'] as $uid) { + $user = getUserEntryByUID($uid); + if ($user) { + local_user_set($user); + } + } + } + + write_config(); + $act = "edit"; + $savemsg = gettext("Privilege") . " {$privdeleted} " . + gettext("successfully deleted") . "<br />"; +} + +if ($act == "edit") { + if (isset($id) && isset($a_group[$id])) { + $pconfig['name'] = $a_group[$id]['name']; + $pconfig['gid'] = $a_group[$id]['gid']; + $pconfig['gtype'] = $a_group[$id]['scope']; + $pconfig['description'] = $a_group[$id]['description']; + $pconfig['members'] = $a_group[$id]['member']; + $pconfig['priv'] = $a_group[$id]['priv']; + } +} + +if (isset($_POST['dellall_x'])) { + + $del_groups = $_POST['delete_check']; + + if (!empty($del_groups)) { + foreach ($del_groups as $groupid) { + if (isset($a_group[$groupid]) && $a_group[$groupid]['scope'] != "system") { + conf_mount_rw(); + local_group_del($a_group[$groupid]); + conf_mount_ro(); + unset($a_group[$groupid]); + } + } + $savemsg = gettext("Selected groups removed successfully!"); + write_config($savemsg); + } +} + +if (isset($_POST['save'])) { + + unset($input_errors); + $pconfig = $_POST; + + /* input validation */ + $reqdfields = explode(" ", "groupname"); + $reqdfieldsn = array(gettext("Group Name")); + + do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); + + if (preg_match("/[^a-zA-Z0-9\.\-_ ]/", $_POST['groupname'])) { + $input_errors[] = gettext("The group name contains invalid characters."); + } + + if (strlen($_POST['groupname']) > 16) { + $input_errors[] = gettext("The group name is longer than 16 characters."); + } + + if (!$input_errors && !(isset($id) && $a_group[$id])) { + /* make sure there are no dupes */ + foreach ($a_group as $group) { + if ($group['name'] == $_POST['groupname']) { + $input_errors[] = gettext("Another entry with the same group name already exists."); + break; + } + } + } + + if (!$input_errors) { + $group = array(); + if (isset($id) && $a_group[$id]) { + $group = $a_group[$id]; + } + + $group['name'] = $_POST['groupname']; + $group['description'] = $_POST['description']; + + if (empty($_POST['members'])) { + unset($group['member']); + } else if ($group['gid'] != 1998) { // all group + $group['member'] = $_POST['members']; + } + + if (isset($id) && $a_group[$id]) { + $a_group[$id] = $group; + } else { + $group['gid'] = $config['system']['nextgid']++; + $a_group[] = $group; + } + + conf_mount_rw(); + local_group_set($group); + conf_mount_ro(); + + /* Refresh users in this group since their privileges may have changed. */ + if (is_array($group['member'])) { + $a_user = &$config['system']['user']; + foreach ($a_user as & $user) { + if (in_array($user['uid'], $group['member'])) { + local_user_set($user); + } + } + } + + write_config(); + + header("Location: system_groupmanager.php"); + exit; + } +} + +include("head.inc"); + +?> + +<body link="#0000CC" vlink="#0000CC" alink="#0000CC" onload="<?= $jsevents["body"]["onload"] ?>"> +<?php include("fbegin.inc"); ?> +<script type="text/javascript" src="/javascript/row_toggle.js"></script> +<script type="text/javascript"> +//<![CDATA[ + +function setall_selected(id) { + selbox = document.getElementById(id); + count = selbox.options.length; + for (index = 0; index<count; index++) { + selbox.options[index].selected = true; + } +} + +function delete_empty(id) { + selbox = document.getElementById(id); + count = selbox.options.length; + for (index = 0; index<count; index++) { + if (selbox.options[index].value == '') { + selbox.remove(index); + } + } +} + +function clear_selected(id) { + selbox = document.getElementById(id); + count = selbox.options.length; + for (index = 0; index<count; index++) { + selbox.options[index].selected = false; + } +} + +function remove_selected(id) { + selbox = document.getElementById(id); + index = selbox.options.length - 1; + for (; index >= 0; index--) { + if (selbox.options[index].selected) { + selbox.remove(index); + } + } +} + +function copy_selected(srcid, dstid) { + src_selbox = document.getElementById(srcid); + dst_selbox = document.getElementById(dstid); + count = dst_selbox.options.length; + for (index = count - 1; index >= 0; index--) { + if (dst_selbox.options[index].value == '') { + dst_selbox.remove(index); + } + } + count = src_selbox.options.length; + for (index = 0; index < count; index++) { + if (src_selbox.options[index].selected) { + option = document.createElement('option'); + option.text = src_selbox.options[index].text; + option.value = src_selbox.options[index].value; + dst_selbox.add(option, null); + } + } +} + +function move_selected(srcid, dstid) { + copy_selected(srcid, dstid); + remove_selected(srcid); +} + +function presubmit() { + delete_empty('members'); + delete_empty('notmembers'); + clear_selected('notmembers'); + setall_selected('members'); +} + +//]]> +</script> +<?php + if ($input_errors) { + print_input_errors($input_errors); + } + if ($savemsg) { + print_info_box($savemsg); + } +?> +<table width="100%" border="0" cellpadding="0" cellspacing="0" summary="group manager"> + <tr> + <td> +<?php + $tab_array = array(); + $tab_array[] = array(gettext("Users"), false, "system_usermanager.php"); + $tab_array[] = array(gettext("Groups"), true, "system_groupmanager.php"); + $tab_array[] = array(gettext("Settings"), false, "system_usermanager_settings.php"); + $tab_array[] = array(gettext("Servers"), false, "system_authservers.php"); + display_top_tabs($tab_array); +?> + </td> + </tr> + <tr> + <td id="mainarea"> + <div class="tabcont"> + +<?php + if ($act == "new" || $act == "edit"): +?> + <form action="system_groupmanager.php" method="post" name="iform" id="iform" onsubmit="presubmit()"> + <input type="hidden" id="act" name="act" value="" /> + <input type="hidden" id="groupid" name="groupid" value="<?=(isset($id) ? $id : '');?>" /> + <input type="hidden" id="privid" name="privid" value="" /> + <table width="100%" border="0" cellpadding="6" cellspacing="0" summary="main area"> +<?php + $ro = ""; + if ($pconfig['gtype'] == "system") { + $ro = "readonly=\"readonly\""; + } +?> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Defined by");?></td> + <td width="78%" class="vtable"> + <strong><?=strtoupper($pconfig['gtype']);?></strong> + <input name="gtype" type="hidden" value="<?=htmlspecialchars($pconfig['gtype'])?>"/> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq"><?=gettext("Group name");?></td> + <td width="78%" class="vtable"> + <input name="groupname" type="text" class="formfld group" id="groupname" size="20" maxlength="16" value="<?=htmlspecialchars($pconfig['name']);?>" <?=$ro;?> /> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Description");?></td> + <td width="78%" class="vtable"> + <input name="description" type="text" class="formfld unknown" id="description" size="20" value="<?=htmlspecialchars($pconfig['description']);?>" /> + <br /> + <?=gettext("Group description, for your own information only");?> + </td> + </tr> +<?php + if ($pconfig['gid'] != 1998): // all users group +?> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Group Memberships");?></td> + <td width="78%" class="vtable" align="center"> + <table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0" summary="membership"> + <tr> + <td align="center" width="50%"> + <strong><?=gettext("Not Members");?></strong><br /> + <br /> + <select size="10" style="width: 75%" name="notmembers[]" class="formselect" id="notmembers" onchange="clear_selected('members')" multiple="multiple"> +<?php + $rowIndex = 0; + foreach ($config['system']['user'] as $user): + if (is_array($pconfig['members']) && in_array($user['uid'], $pconfig['members'])) { + continue; + } + $rowIndex++; +?> + <option value="<?=$user['uid'];?>" <?=$selected;?>> + <?=htmlspecialchars($user['name']);?> + </option> +<?php + endforeach; + if ($rowIndex == 0) { + echo "<option></option>"; + } +?> + </select> + <br /> + </td> + <td> + <br /> + <a href="javascript:move_selected('notmembers', 'members')"> + <img src="/themes/<?= $g['theme'];?>/images/icons/icon_right.gif" title="<?=gettext("Add Members");?>" alt="<?=gettext("Add Members");?>" width="17" height="17" border="0" /> + </a> + <br /><br /> + <a href="javascript:move_selected('members', 'notmembers')"> + <img src="/themes/<?= $g['theme'];?>/images/icons/icon_left.gif" title="<?=gettext("Remove Members");?>" alt="<?=gettext("Remove Members");?>" width="17" height="17" border="0" /> + </a> + </td> + <td align="center" width="50%"> + <strong><?=gettext("Members");?></strong><br /> + <br /> + <select size="10" style="width: 75%" name="members[]" class="formselect" id="members" onchange="clear_selected('notmembers')" multiple="multiple"> +<?php + $rowIndex = 0; + foreach ($config['system']['user'] as $user): + if (!(is_array($pconfig['members']) && in_array($user['uid'], $pconfig['members']))) { + continue; + } + $rowIndex++; +?> + <option value="<?=$user['uid'];?>"> + <?=htmlspecialchars($user['name']);?> + </option> +<?php + endforeach; + if ($rowIndex == 0) { + echo "<option></option>"; + } +?> + </select> + <br /> + </td> + </tr> + </table> + <?=gettext("Hold down CTRL (pc)/COMMAND (mac) key to select multiple items");?> + </td> + </tr> +<?php + endif; + if ($act != "new"): +?> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Assigned Privileges");?></td> + <td width="78%" class="vtable"> + <table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0" summary="privileges"> + <tr> + <td width="40%" class="listhdrr"><?=gettext("Name");?></td> + <td width="60%" class="listhdrr"><?=gettext("Description");?></td> + <td class="list"></td> + </tr> +<?php + if (is_array($pconfig['priv'])): + $i = 0; + foreach ($pconfig['priv'] as $priv): +?> + <tr> + <td class="listr"> + <?=htmlspecialchars($priv_list[$priv]['name']);?> + </td> + <td class="listbg"> + <?=htmlspecialchars($priv_list[$priv]['descr']);?> + </td> + <td valign="middle" class="list nowrap"> + <input type="image" name="delpriv[]" width="17" height="17" border="0" + src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" + onclick="document.getElementById('privid').value='<?=$i;?>'; + document.getElementById('groupid').value='<?=$id;?>'; + document.getElementById('act').value='<?php echo "delpriv";?>'; + return confirm('<?=gettext("Do you really want to delete this privilege?");?>');" + title="<?=gettext("delete privilege");?>" /> + </td> + </tr> +<?php + $i++; + endforeach; + endif; +?> + <tr> + <td class="list" colspan="2"></td> + <td class="list"> + <a href="system_groupmanager_addprivs.php?groupid=<?=htmlspecialchars($id)?>"> + <img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" alt="add" /> + </a> + + </td> + </tr> + </table> + </td> + </tr> +<?php + endif; +?> + <tr> + <td width="22%" valign="top"> </td> + <td width="78%"> + <input name="save" type="submit" class="formbtn" value="<?=gettext("Save");?>" /> + <input type="button" class="formbtn" value="<?=gettext("Cancel");?>" onclick="window.location.href='/system_groupmanager.php'" /> + <?php if (isset($id) && $a_group[$id]): ?> + <input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" /> + <input name="gid" type="hidden" value="<?=htmlspecialchars($pconfig['gid']);?>" /> + <?php endif; ?> + </td> + </tr> + </table> + </form> +<?php + else: +?> + <form action="system_groupmanager.php" method="post" name="iform2" id="iform2"> + <input type="hidden" id="act" name="act" value="" /> + <input type="hidden" id="groupid" name="groupid" value="<?=(isset($id) ? $id : '');?>" /> + <input type="hidden" id="groupname" name="groupname" value="" /> + <table class="sortable" width="100%" border="0" cellpadding="0" cellspacing="0" summary=""> + <thead> + <tr> + <th width="5%" class="list"> </th> + <th width="25%" class="listhdrr"><?=gettext("Group name");?></th> + <th width="25%" class="listhdrr"><?=gettext("Description");?></th> + <th width="30%" class="listhdrr"><?=gettext("Member Count");?></th> + <th width="10%" class="list"></th> + </tr> + </thead> + <tfoot> + <tr> + <td class="list" colspan="4"></td> + <td class="list"> + <input type="image" name="addcert" width="17" height="17" border="0" + src="/themes/<?=$g['theme'];?>/images/icons/icon_plus.gif" + onclick="document.getElementById('act').value='<?php echo "new";?>';" + title="<?=gettext("add group");?>" /> + <input type="image" src="/themes/<?= $g['theme'];?>/images/icons/icon_x.gif" name="dellall" title="<?=gettext('Delete selected groups')?>" onClick="return confirm('<?=gettext("Do you really want to delete selected groups?");?>')" /> + </td> + </tr> + <tr> + <td colspan="4"> + <p> + <?=gettext("Additional webConfigurator groups can be added here. + Group permissions can be assigned which are inherited by users who are members of the group. + An icon that appears grey indicates that it is a system defined object. + Some system object properties can be modified but they cannot be deleted.");?> + </p> + </td> + </tr> + </tfoot> + <tbody> +<?php + $i = 0; + foreach ($a_group as $group): + if ($group['scope'] == "system") { + $grpimg = "/themes/{$g['theme']}/images/icons/icon_system-group-grey.png"; + } else { + $grpimg = "/themes/{$g['theme']}/images/icons/icon_system-group.png"; + } + $groupcount = count($group['member']); + if ($group["name"] == "all") { + $groupcount = count($config['system']['user']); + } +?> + <tr ondblclick="document.getElementById('act').value='<?php echo "edit";?>'; + document.getElementById('groupid').value='<?=$i;?>'; + document.iform2.submit();" id="fr<?=$i?>"> + <td class="list" id="frd<?=$i?>"> + <?php if ($group['scope'] != "system") : ?> + <input type="checkbox" id="frc<?=$i?>" onclick="fr_bgcolor(<?=$i?>)" name="delete_check[]" value="<?=$i?>" /> + <?php endif; ?> + </td> + <td class="listlr" id="frd<?=$i?>" onclick="fr_toggle(<?=$i?>)"> + <table border="0" cellpadding="0" cellspacing="0" summary=""> + <tr> + <td align="left" valign="middle"> + <img src="<?=$grpimg;?>" alt="<?=gettext("User");?>" title="<?=gettext("User");?>" border="0" height="16" width="16" /> + </td> + <td align="left" valign="middle"> + <?=htmlspecialchars($group['name']); ?> + </td> + </tr> + </table> + </td> + <td class="listr" id="frd<?=$i?>" onclick="fr_toggle(<?=$i?>)"> + <?=htmlspecialchars($group['description']);?> + </td> + <td class="listbg" onclick="fr_toggle(<?=$i?>)"> + <?=$groupcount;?> + </td> + <td valign="middle" class="list nowrap"> + <input type="image" name="editgroup[]" width="17" height="17" border="0" + src="/themes/<?=$g['theme'];?>/images/icons/icon_e.gif" + onclick="document.getElementById('groupid').value='<?=$i;?>'; + document.getElementById('act').value='<?php echo "edit";?>';" + title="<?=gettext("edit group");?>" /> + +<?php + if ($group['scope'] != "system"): +?> + <input type="image" name="delgroup[]" width="17" height="17" border="0" + src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" + onclick="document.getElementById('groupid').value='<?=$i;?>'; + document.getElementById('groupname').value='<?=$group['name'];?>'; + document.getElementById('act').value='<?php echo "delgroup";?>'; + return confirm('<?=gettext("Do you really want to delete this group?");?>');" + title="<?=gettext("delete group");?>" /> +<?php + endif; +?> + </td> + </tr> +<?php + $i++; + endforeach; +?> + </tbody> + </table> + </form> +<?php + endif; +?> + </div> + </td> + </tr> +</table> +<?php include("fend.inc"); ?> +</body> +</html> |