From 40b56dc18bb2fcfa7b1f67a9885a25636ce915cb Mon Sep 17 00:00:00 2001
From: Scott Ullrich <sullrich@pfsense.org>
Date: Mon, 3 Dec 2007 05:02:56 +0000
Subject: Add multi user firewall nat port forward capabilities.

---
 usr/local/www/firewall_nat_edit.php | 42 +++++++++++++++++++++++++++++++++----
 1 file changed, 38 insertions(+), 4 deletions(-)

(limited to 'usr/local/www/firewall_nat_edit.php')

diff --git a/usr/local/www/firewall_nat_edit.php b/usr/local/www/firewall_nat_edit.php
index 5268976..c840029 100755
--- a/usr/local/www/firewall_nat_edit.php
+++ b/usr/local/www/firewall_nat_edit.php
@@ -61,6 +61,19 @@ if (isset($id) && $a_nat[$id]) {
 	$pconfig['interface'] = "wan";
 }
 
+if($id) {
+	$if = $a_nat[$id]['interface'];
+	$security_url = "firewall_nat_edit.php?if=". strtolower($if);
+	if (!isSystemAdmin($HTTP_SERVER_VARS['AUTH_USER'])) {
+		if(!in_array($security_url, $allowed)) {
+			// User does not have access
+	//		echo "displaying error {$security_url}"; print_r($allowed);
+			echo display_error_form("401", "Unauthorized. You do not have access to edit nat rules on the interface {$if}");
+			exit;
+		}
+	}
+}
+
 if (isset($_GET['dup']))
 	unset($id);
 
@@ -271,10 +284,31 @@ include("fbegin.inc"); ?>
                   <td width="78%" class="vtable">
 					<select name="interface" class="formselect">
 						<?php
-						$interfaces = array('wan' => 'WAN', 'lan' => 'LAN', 'pptp' => 'PPTP', 'pppoe' => 'PPPOE');
-						for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) {
-							$interfaces['opt' . $i] = $config['interfaces']['opt' . $i]['descr'];
-						}
+						
+						$interfaces = array();
+						
+						if(have_ruleint_access("lan")) 
+							$interfaces['lan'] = "LAN";
+						if(have_ruleint_access("wan")) 
+							$interfaces['wan'] = "WAN";
+							
+						for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) 
+							if(have_ruleint_access("opt{$i}")) 
+								$interfaces['opt' . $i] = $config['interfaces']['opt' . $i]['descr'];
+						
+						if ($config['pptpd']['mode'] == "server")
+							if(have_ruleint_access("pptp")) 
+								$interfaces['pptp'] = "PPTP VPN";
+						
+						if ($config['pppoe']['mode'] == "server")
+							if(have_ruleint_access("pppoe")) 
+								$interfaces['pppoe'] = "PPPoE VPN";
+						
+						/* add ipsec interfaces */
+						if (isset($config['ipsec']['enable']) || isset($config['ipsec']['mobileclients']['enable']))
+							if(have_ruleint_access("enc0")) 
+								$interfaces["enc0"] = "IPSEC";						
+
 						foreach ($interfaces as $iface => $ifacename): ?>
 						<option value="<?=$iface;?>" <?php if ($iface == $pconfig['interface']) echo "selected"; ?>>
 						<?=htmlspecialchars($ifacename);?>
-- 
cgit v1.1