From 40b56dc18bb2fcfa7b1f67a9885a25636ce915cb Mon Sep 17 00:00:00 2001 From: Scott Ullrich Date: Mon, 3 Dec 2007 05:02:56 +0000 Subject: Add multi user firewall nat port forward capabilities. --- usr/local/www/firewall_nat.php | 5 +++++ usr/local/www/firewall_nat_edit.php | 42 +++++++++++++++++++++++++++++++---- usr/local/www/system_groupmanager.php | 19 ++++++++++++++++ 3 files changed, 62 insertions(+), 4 deletions(-) (limited to 'usr/local') diff --git a/usr/local/www/firewall_nat.php b/usr/local/www/firewall_nat.php index 53cf508..6991283 100755 --- a/usr/local/www/firewall_nat.php +++ b/usr/local/www/firewall_nat.php @@ -182,6 +182,11 @@ include("head.inc"); + diff --git a/usr/local/www/firewall_nat_edit.php b/usr/local/www/firewall_nat_edit.php index 5268976..c840029 100755 --- a/usr/local/www/firewall_nat_edit.php +++ b/usr/local/www/firewall_nat_edit.php @@ -61,6 +61,19 @@ if (isset($id) && $a_nat[$id]) { $pconfig['interface'] = "wan"; } +if($id) { + $if = $a_nat[$id]['interface']; + $security_url = "firewall_nat_edit.php?if=". strtolower($if); + if (!isSystemAdmin($HTTP_SERVER_VARS['AUTH_USER'])) { + if(!in_array($security_url, $allowed)) { + // User does not have access + // echo "displaying error {$security_url}"; print_r($allowed); + echo display_error_form("401", "Unauthorized. You do not have access to edit nat rules on the interface {$if}"); + exit; + } + } +} + if (isset($_GET['dup'])) unset($id); @@ -271,10 +284,31 @@ include("fbegin.inc"); ?>