.
* All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
##|+PRIV
##|*IDENT=page-system-groupmanager-addprivs
##|*NAME=System: Group Manager: Add Privileges
##|*DESCR=Allow access to the 'System: Group Manager: Add Privileges' page.
##|*WARN=standard-warning-root
##|*MATCH=system_groupmanager_addprivs.php*
##|-PRIV
require_once("guiconfig.inc");
require_once("pfsense-utils.inc");
$groupid = $_REQUEST['groupid'];
$pgtitle = array(gettext("System"), gettext("User Manager"), gettext("Groups"), gettext("Edit"), gettext("Add Privileges"));
$pglinks = array("", "system_usermanager.php", "system_groupmanager.php", "system_groupmanager.php?act=edit&groupid=" . $groupid, "@self");
$a_group = & $config['system']['group'][$groupid];
if (!is_array($a_group)) {
pfSenseHeader("system_groupmanager.php?id={$groupid}");
exit;
}
if (!is_array($a_group['priv'])) {
$a_group['priv'] = array();
}
// Make a local copy and sort it
$spriv_list = $priv_list;
uasort($spriv_list, "compare_by_name");
if ($_POST['save']) {
unset($input_errors);
$pconfig = $_POST;
/* input validation */
$reqdfields = explode(" ", "sysprivs");
$reqdfieldsn = array(gettext("Selected privileges"));
do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
if (!$input_errors) {
if (!is_array($pconfig['sysprivs'])) {
$pconfig['sysprivs'] = array();
}
if (!count($a_group['priv'])) {
$a_group['priv'] = $pconfig['sysprivs'];
} else {
$a_group['priv'] = array_merge($a_group['priv'], $pconfig['sysprivs']);
}
if (is_array($a_group['member'])) {
foreach ($a_group['member'] as $uid) {
$user = getUserEntryByUID($uid);
if ($user) {
local_user_set($user);
}
}
}
write_config();
pfSenseHeader("system_groupmanager.php?act=edit&groupid={$groupid}");
exit;
}
}
function build_priv_list() {
global $spriv_list, $a_group;
$list = array();
foreach ($spriv_list as $pname => $pdata) {
if (in_array($pname, $a_group['priv'])) {
continue;
}
$list[$pname] = $pdata['name'];
}
return($list);
}
function get_root_priv_item_text() {
global $priv_list;
$priv_text = "";
foreach ($priv_list as $pname => $pdata) {
if (isset($pdata['warn']) && ($pdata['warn'] == 'standard-warning-root')) {
$priv_text .= '
' . $pdata['name'];
}
}
return($priv_text);
}
include("head.inc");
if ($input_errors) {
print_input_errors($input_errors);
}
$tab_array = array();
$tab_array[] = array(gettext("Users"), false, "system_usermanager.php");
$tab_array[] = array(gettext("Groups"), true, "system_groupmanager.php");
$tab_array[] = array(gettext("Settings"), false, "system_usermanager_settings.php");
$tab_array[] = array(gettext("Authentication Servers"), false, "system_authservers.php");
display_top_tabs($tab_array);
$form = new Form;
if (isset($groupid)) {
$form->addGlobal(new Form_Input(
'groupid',
null,
'hidden',
$groupid
));
}
$section = new Form_Section('Group Privileges');
$name_string = $a_group['name'];
if (!empty($a_group['descr'])) {
$name_string .= " ({$a_group['descr']})";
}
$section->addInput(new Form_StaticText(
'Group',
$name_string
));
$section->addInput(new Form_Select(
'sysprivs',
'*Assigned privileges',
$a_group['priv'],
build_priv_list(),
true
))->addClass('multiselect')
->setHelp('Hold down CTRL (PC)/COMMAND (Mac) key to select multiple items.');
$section->addInput(new Form_Select(
'shadow',
'Shadow',
null,
build_priv_list(),
true
))->addClass('shadowselect')
->setHelp('Hold down CTRL (PC)/COMMAND (Mac) key to select multiple items.');
$section->addInput(new Form_Input(
'filtertxt',
'Filter',
'text',
null
))->setHelp('Show only the choices containing this term');
$section->addInput(new Form_StaticText(
gettext('Privilege information'),
''.
gettext('The following privileges effectively give administrator-level access to users in the group' .
' because the user gains access to execute general commands, edit system files, ' .
' modify users, change passwords or similar:') .
'
' .
get_root_priv_item_text() .
'
' .
gettext('Please take care when granting these privileges.') .
''
));
$btnfilter = new Form_Button(
'btnfilter',
'Filter',
null,
'fa-filter'
);
$btnfilter->setAttribute('type','button')->addClass('btn btn-info');
$form->addGlobal($btnfilter);
$btnclear = new Form_Button(
'btnclear',
'Clear',
null,
'fa-times'
);
$btnclear->setAttribute('type','button')->addClass('btn btn-warning');
$form->addGlobal($btnclear);
$form->add($section);
print $form;
?>