From e70e68056d077fd69eb059a578d1fe143315f63c Mon Sep 17 00:00:00 2001 From: Eric Bollengier Date: Mon, 5 Nov 2007 22:03:24 +0000 Subject: [PATCH] ebl Tweek user acl git-svn-id: https://bacula.svn.sourceforge.net/svnroot/bacula/trunk@5860 91ce42f0-d328-0410-95d8-f526ca767f89 --- gui/bweb/lib/Bweb.pm | 82 ++++++++++++++++++++++++----------- gui/bweb/tpl/display_user.tpl | 6 +-- 2 files changed, 59 insertions(+), 29 deletions(-) diff --git a/gui/bweb/lib/Bweb.pm b/gui/bweb/lib/Bweb.pm index b1950dbfa5..2df26caabd 100644 --- a/gui/bweb/lib/Bweb.pm +++ b/gui/bweb/lib/Bweb.pm @@ -2660,6 +2660,46 @@ sub display_groups ########################################################### +sub get_roles +{ + my ($self) = @_; + if (not $self->{info}->{enable_security}) { + return 1; + } + # admin is a special user that can do everything + if ($self->{loginname} eq 'admin') { + return 1; + } + if (!$self->{loginname}) { + return 0; + } + # already fill + if (defined $self->{security}) { + return 1; + } + $self->{security} = {}; + my $u = $self->dbh_quote($self->{loginname}); + + my $query = " + SELECT use_acl, rolename + FROM bweb_user + JOIN bweb_role_member USING (userid) + JOIN bweb_role USING (roleid) + WHERE username = $u +"; + my $rows = $self->dbh_selectall_arrayref($query); + # do cache with this role + if (!$rows) { + return 0; + } + foreach my $r (@$rows) { + $self->{security}->{$r->[1]}=1; + } + + $self->{security}->{use_acl} = $rows->[0]->[0]; + return 1; +} + # TODO: avoir un mode qui coupe le programme avec une page d'erreur # we can also get all security and fill {security} hash sub can_do @@ -2680,32 +2720,14 @@ sub can_do $self->display_end(); exit (0); } - # already checked - if ($self->{security}->{$action}) { - return 1; - } - my ($u, $r) = ($self->dbh_quote($self->{loginname}), - $self->dbh_quote($action)); - my $query = " - SELECT use_acl, username, rolename - FROM bweb_user - JOIN bweb_role_member USING (userid) - JOIN bweb_role USING (roleid) - WHERE username = $u - AND rolename = $r -"; - - my $row = $self->dbh_selectrow_hashref($query); - # do cache with this role - if (!$row) { - $self->error("$u sorry, but this action ($action) is not permited. " . + $self->get_roles(); + if (!$self->{security}->{$action}) { + $self->error("$self->{loginname} sorry, but this action ($action) " . + "is not permited. " . "Check security with your administrator"); $self->display_end(); exit (0); - } - $self->{security}->{$row->{rolename}} = 1; - $self->{security}->{use_acl} = $row->{use_acl}; - + } return 1; } @@ -2713,9 +2735,17 @@ sub use_filter { my ($self) = @_; - return $self->{info}->{enable_security} && - $self->{info}->{enable_security_acl} && - $self->{security}->{use_acl}; + if (!$self->{info}->{enable_security} or + !$self->{info}->{enable_security_acl}) + { + return 0 ; + } + + if ($self->get_roles()) { + return $self->{security}->{use_acl}; + } else { + return 0; + } } # JOIN Client USING (ClientId) " . $b->get_client_filter() . " diff --git a/gui/bweb/tpl/display_user.tpl b/gui/bweb/tpl/display_user.tpl index c31c4cc08b..5c8d273764 100644 --- a/gui/bweb/tpl/display_user.tpl +++ b/gui/bweb/tpl/display_user.tpl @@ -44,7 +44,7 @@ Groups: @@ -80,7 +80,7 @@ function set_role(val) for (var i=0; i < document.form1.rolename.length; ++i) { document.form1.rolename[i].selected = true; } - else if (val == "production") { + } else if (val == "production") { for (var i=0; i < document.form1.rolename.length; ++i) { if (document.form1.rolename[i].value != 'r_configure' && document.form1.rolename[i].value != 'r_user_mgnt' && @@ -89,7 +89,7 @@ function set_role(val) { document.form1.rolename[i].selected = true; } - } + } } else if (val == "customer") { for (var i=0; i < document.form1.rolename.length; ++i) { if (document.form1.rolename[i].value == 'r_view_stats' || -- 2.39.5