$bweb->display_job(limit => 10);
} elsif ($action eq 'view_conf') {
- $bweb->can_do('configure');
+ $bweb->can_do('r_configure');
$conf->view()
} elsif ($action eq 'edit_conf') {
- $bweb->can_do('configure');
+ $bweb->can_do('r_configure');
$conf->edit();
} elsif ($action eq 'apply_conf') {
- $bweb->can_do('configure');
+ $bweb->can_do('r_configure');
$conf->modify();
} elsif ($action eq 'user_del') {
$bweb->display_allmedia();
} elsif ($action eq 'eject') {
- $bweb->can_do('autochanger_mgnt');
+ $bweb->can_do('r_autochanger_mgnt');
my $arg = $bweb->get_form("ach");
my $a = $bweb->ach_get($arg->{ach});
$bweb->eject_media();
} elsif ($action eq 'clear_io') {
- $bweb->can_do('autochanger_mgnt');
+ $bweb->can_do('r_autochanger_mgnt');
my $arg = $bweb->get_form('ach');
$bweb->ach_del();
} elsif ($action eq 'ach_view') {
- $bweb->can_do('autochanger_mgnt');
+ $bweb->can_do('r_autochanger_mgnt');
# TODO : get autochanger name and create it
$bweb->connect_db();
$bweb->ach_add();
} elsif ($action eq 'ach_load') {
- $bweb->can_do('autochanger_mgnt');
+ $bweb->can_do('r_autochanger_mgnt');
my $arg = $bweb->get_form('ach', 'drive', 'slot');
}
} elsif ($action eq 'ach_unload') {
- $bweb->can_do('autochanger_mgnt');
+ $bweb->can_do('r_autochanger_mgnt');
my $arg = $bweb->get_form('drive', 'slot', 'ach');
$bweb->help_extern_compute();
} elsif ($action eq 'extern') {
- $bweb->can_do('media_mgnt');
- $bweb->can_do('autochanger_mgnt');
+ $bweb->can_do('r_media_mgnt');
+ $bweb->can_do('r_autochanger_mgnt');
print "<div style='float: left;'>";
my @achs = $bweb->eject_media();
$bweb->groups_del();
} elsif ($action eq 'job') {
-
+ $bweb->can_do('r_view_job');
print "<div><table border='0'><tr><td valign='top'>\n";
my $fields = $bweb->get_form(qw/status level filter db_clients
db_filesets
limit => $arg->{limit});
print "</td></tr></table></div>";
} elsif ($action eq 'job_group') {
-
+ $bweb->can_do('r_view_job');
print "<div><table border='0'><tr><td valign='top'>\n";
my $fields = $bweb->get_form(qw/limit level age filter
db_client_groups qclient_groups/); # drop this to hide
$bweb->display_running_job();
} elsif ($action eq 'update_from_pool') {
- $bweb->can_do('media_mgnt');
+ $bweb->can_do('r_media_mgnt');
my $elt = $bweb->get_form(qw/media pool/);
unless ($elt->{media} || $elt->{pool}) {
$bweb->error("Can't get media or pool param");
$bweb->update_media();
} elsif ($action eq 'client_status') {
- $bweb->can_do('client_status');
+ $bweb->can_do('r_client_status');
my $b;
foreach my $client (CGI::param('client')) {
if ($client =~ m/$client_re/) {
stat_job_table => qr!^(\w*)$!,
display_log_time => qr!^(on)?$!,
enable_security => qr/^(on)?$/,
+ enable_security_acl => qr/^(on)?$/,
);
=head1 FUNCTION
$self->{error} = '';
# we need to reset checkbox first
$self->{debug} = 0;
- $self->{enable_security} = 0;
$self->{display_log_time} = 0;
+ $self->{enable_security} = 0;
+ $self->{enable_security_acl} = 0;
foreach my $k (CGI::param())
{
sub display_job
{
my ($self, %arg) = @_ ;
+ $self->can_do('r_view_job');
$arg{order} = ' Job.JobId DESC ';
sub display_job_zoom
{
my ($self, $jobid) = @_ ;
+ $self->can_do('r_view_job');
$jobid = $self->dbh_quote($jobid);
sub display_job_group
{
my ($self, %arg) = @_;
+ $self->can_do('r_view_job');
my ($limit, $label) = $self->get_limit(groupby => 'client_group_name', %arg);
sub location_edit
{
my ($self) = @_ ;
- $self->can_do('location_mgnt');
+ $self->can_do('r_location_mgnt');
my $loc = $self->get_form('qlocation');
unless ($loc->{qlocation}) {
sub location_save
{
my ($self) = @_ ;
- $self->can_do('location_mgnt');
+ $self->can_do('r_location_mgnt');
my $arg = $self->get_form(qw/qlocation qnewlocation cost/) ;
unless ($arg->{qlocation}) {
sub location_del
{
my ($self) = @_ ;
- $self->can_do('location_mgnt');
+ $self->can_do('r_location_mgnt');
my $arg = $self->get_form(qw/qlocation/) ;
sub location_add
{
my ($self) = @_ ;
- $self->can_do('location_mgnt');
+ $self->can_do('r_location_mgnt');
my $arg = $self->get_form(qw/qlocation cost/) ;
sub groups_edit
{
my ($self) = @_;
- $self->can_do('group_mgnt');
+ $self->can_do('r_group_mgnt');
my $grp = $self->get_form(qw/qclient_group db_clients/);
sub groups_save
{
my ($self) = @_;
- $self->can_do('group_mgnt');
+ $self->can_do('r_group_mgnt');
my $arg = $self->get_form(qw/qclient_group jclients qnewgroup/);
unless ($arg->{qclient_group}) {
sub groups_del
{
my ($self) = @_;
- $self->can_do('group_mgnt');
+ $self->can_do('r_group_mgnt');
my $arg = $self->get_form(qw/qclient_group/);
sub groups_add
{
my ($self) = @_;
- $self->can_do('group_mgnt');
+ $self->can_do('r_group_mgnt');
my $arg = $self->get_form(qw/qclient_group/) ;
my ($u, $r) = ($self->dbh_quote($self->{loginname}),
$self->dbh_quote($action));
my $query = "
- SELECT 1, username, rolename
+ SELECT use_acl, username, rolename
FROM bweb_user
JOIN bweb_role_member USING (userid)
JOIN bweb_role USING (roleid)
$self->display_end();
exit (0);
}
- $self->{security}->{$row->{rolename}} = 1;
+ $self->{security}->{$row->{rolename}} = 1;
+ $self->{security}->{use_acl} = $row->{use_acl};
+
return 1;
}
+sub use_filter
+{
+ my ($self) = @_;
+
+ return $self->{info}->{enable_security} &&
+ $self->{info}->{enable_security_acl} &&
+ $self->{security}->{use_acl};
+}
+
# JOIN Client USING (ClientId) " . $b->get_client_filter() . "
sub get_client_filter
{
my ($self) = @_;
- if ($self->{info}->{enable_security}) {
+ if ($self->use_filter()) {
my $u = $self->dbh_quote($self->{loginname});
return "
JOIN (SELECT ClientId FROM client_group_member
sub get_client_group_filter
{
my ($self) = @_;
- if ($self->{info}->{enable_security}) {
+ if ($self->use_filter()) {
my $u = $self->dbh_quote($self->{loginname});
return "
JOIN (SELECT client_group_id
sub revoke
{
my ($self, $role, $username) = @_;
- $self->can_do("user_mgnt");
+ $self->can_do("r_user_mgnt");
my $nb = $self->dbh_do("
DELETE FROM bweb_role_member
sub grant
{
my ($self, $role, $username) = @_;
- $self->can_do("user_mgnt");
+ $self->can_do("r_user_mgnt");
my $nb = $self->dbh_do("
INSERT INTO bweb_role_member (roleid, userid)
sub grant_like
{
my ($self, $copy, $user) = @_;
- $self->can_do("user_mgnt");
+ $self->can_do("r_user_mgnt");
my $nb = $self->dbh_do("
INSERT INTO bweb_role_member (roleid, userid)
sub revoke_all
{
my ($self, $username) = @_;
- $self->can_do("user_mgnt");
+ $self->can_do("r_user_mgnt");
$self->dbh_do("
DELETE FROM bweb_role_member
sub users_del
{
my ($self) = @_;
- $self->can_do("user_mgnt");
+ $self->can_do("r_user_mgnt");
my $arg = $self->get_form(qw/jusernames/);
sub users_add
{
my ($self) = @_;
- $self->can_do("user_mgnt");
+ $self->can_do("r_user_mgnt");
# we don't quote username directly to check that it is conform
my $arg = $self->get_form(qw/username qpasswd qcomment jrolenames qcreate qcopy_username jclient_groups/) ;
}
my $u = $self->dbh_quote($arg->{username});
+
+ $arg->{use_acl}=(CGI::param('use_acl')?'true':'false');
if (!$arg->{qpasswd}) {
$arg->{qpasswd} = "''";
# will fail if user already exists
$self->dbh_do("
- UPDATE bweb_user SET passwd=$arg->{qpasswd}, comment=$arg->{qcomment}
+ UPDATE bweb_user
+ SET passwd=$arg->{qpasswd}, comment=$arg->{qcomment},
+ use_acl=$arg->{use_acl}
WHERE username = $u")
or
$self->dbh_do("
- INSERT INTO bweb_user (username, passwd, comment)
- VALUES ($u, $arg->{qpasswd}, $arg->{qcomment})");
+ INSERT INTO bweb_user (username, passwd, use_acl, comment)
+ VALUES ($u, $arg->{qpasswd}, $arg->{use_acl}, $arg->{qcomment})");
$self->{dbh}->begin_work();
{
sub display_users
{
my ($self) = @_;
- $self->can_do("user_mgnt");
+ $self->can_do("r_user_mgnt");
my $arg = $self->get_form(qw/db_usernames/) ;
sub display_user
{
my ($self) = @_;
- $self->can_do("user_mgnt");
+ $self->can_do("r_user_mgnt");
my $arg = $self->get_form('username');
my $user = $self->dbh_quote($arg->{username});
my $userp = $self->dbh_selectrow_hashref("
- SELECT username, passwd, comment
+ SELECT username, passwd, comment, use_acl
FROM bweb_user
WHERE username = $user
");
username => $userp->{username},
comment => $userp->{comment},
passwd => $userp->{passwd},
+ use_acl => $userp->{use_acl},
db_client_groups => $arg->{db_client_groups},
client_group => $arg2->{db_client_groups},
db_roles => [ values %$role],
sub save_location
{
my ($self) = @_ ;
- $self->can_do('media_mgnt');
+ $self->can_do('r_media_mgnt');
my $arg = $self->get_form('jmedias', 'qnewlocation') ;
sub location_change
{
my ($self) = @_ ;
- $self->can_do('media_mgnt');
+ $self->can_do('r_media_mgnt');
my $media = $self->get_selected_media_location();
unless ($media) {
sub display_client_stats
{
my ($self, %arg) = @_ ;
+ $self->can_do('r_view_stats');
my $client = $self->dbh_quote($arg{clientname});
# get security filter
sub display_running_job
{
my ($self) = @_;
+ $self->can_do('r_view_running_job');
my $arg = $self->get_form('client', 'jobid');
sub display_running_jobs
{
my ($self, $display_action) = @_;
+ $self->can_do('r_view_running_job');
+
# get security filter
my $filter = $self->get_client_filter();
sub eject_media
{
my ($self) = @_;
- $self->can_do('media_mgnt');
+ $self->can_do('r_media_mgnt');
my %ret;
my $arg = $self->get_form('jmedias');
sub ach_register
{
my ($self, $ach) = @_;
- $self->can_do('configure');
+ $self->can_do('r_configure');
$self->{info}->{ach_list}->{$ach->{name}} = $ach;
sub ach_edit
{
my ($self) = @_;
- $self->can_do('configure');
+ $self->can_do('r_configure');
my $arg = $self->get_form('ach');
if (!$arg->{ach}
sub ach_del
{
my ($self) = @_;
- $self->can_do('configure');
+ $self->can_do('r_configure');
my $arg = $self->get_form('ach');
sub ach_add
{
my ($self) = @_;
- $self->can_do('configure');
+ $self->can_do('r_configure');
my $arg = $self->get_form('ach', 'mtxcmd', 'device', 'precmd');
sub delete
{
my ($self) = @_;
- $self->can_do('delete_job');
+ $self->can_do('r_delete_job');
my $arg = $self->get_form('jobid');
sub do_update_media
{
my ($self) = @_ ;
- $self->can_do('media_mgnt');
+ $self->can_do('r_media_mgnt');
my $arg = $self->get_form(qw/media volstatus inchanger pool
slot volretention voluseduration
sub update_slots
{
my ($self) = @_;
- $self->can_do('autochanger_mgnt');
+ $self->can_do('r_autochanger_mgnt');
my $ach = CGI::param('ach') ;
$ach = $self->ach_get($ach);
sub get_job_log
{
my ($self) = @_;
+ $self->can_do('r_view_log');
my $arg = $self->get_form('jobid', 'limit', 'offset');
unless ($arg->{jobid}) {
sub label_barcodes
{
my ($self) = @_ ;
- $self->can_do('autochanger_mgnt');
+ $self->can_do('r_autochanger_mgnt');
my $arg = $self->get_form('ach', 'slots', 'drive');
sub purge
{
my ($self) = @_;
- $self->can_do('purge');
+ $self->can_do('r_purge');
my @volume = CGI::param('media');
sub prune
{
my ($self) = @_;
- $self->can_do('prune');
+ $self->can_do('r_prune');
my @volume = CGI::param('media');
unless (@volume) {
sub cancel_job
{
my ($self) = @_;
- $self->can_do('cancel_job');
+ $self->can_do('r_cancel_job');
my $arg = $self->get_form('jobid');
unless ($arg->{jobid}) {
sub enable_disable_job
{
my ($self, $what) = @_ ;
- $self->can_do('run_job');
+ $self->can_do('r_run_job');
my $name = CGI::param('job') || '';
unless ($name =~ /^[\w\d\.\-\s]+$/) {
sub run_job_select
{
my ($self) = @_;
- $self->can_do('run_job');
+ $self->can_do('r_run_job');
my $b = $self->get_bconsole();
sub run_job_mod
{
my ($self) = @_;
- $self->can_do('run_job');
+ $self->can_do('r_run_job');
my $b = $self->get_bconsole();
sub run_job
{
my ($self) = @_;
- $self->can_do('run_job');
+ $self->can_do('r_run_job');
my $b = $self->get_bconsole();
sub run_job_now
{
my ($self) = @_;
- $self->can_do('run_job');
+ $self->can_do('r_run_job');
my $b = $self->get_bconsole();
projects / bacula / bacula / commitdiff