| 1 |
4c291f4c
|
Renato Botelho
|
<?php
|
| 2 |
fab7ff44
|
Bill Marquette
|
/*
|
| 3 |
c5d81585
|
Renato Botelho
|
* system_groupmanager.php
|
| 4 |
191cb31d
|
Stephen Beaver
|
*
|
| 5 |
c5d81585
|
Renato Botelho
|
* part of pfSense (https://www.pfsense.org)
|
| 6 |
38809d47
|
Renato Botelho do Couto
|
* Copyright (c) 2004-2013 BSD Perimeter
|
| 7 |
|
|
* Copyright (c) 2013-2016 Electric Sheep Fencing
|
| 8 |
37d60e23
|
Luiz Souza
|
* Copyright (c) 2014-2025 Rubicon Communications, LLC (Netgate)
|
| 9 |
c5d81585
|
Renato Botelho
|
* Copyright (c) 2005 Paul Taylor <paultaylor@winn-dixie.com>
|
| 10 |
|
|
* Copyright (c) 2008 Shrew Soft Inc
|
| 11 |
|
|
* All rights reserved.
|
| 12 |
f74457df
|
Stephen Beaver
|
*
|
| 13 |
c5d81585
|
Renato Botelho
|
* originally based on m0n0wall (http://m0n0.ch/wall)
|
| 14 |
|
|
* Copyright (c) 2003-2004 Manuel Kasper <mk@neon1.net>.
|
| 15 |
|
|
* All rights reserved.
|
| 16 |
f74457df
|
Stephen Beaver
|
*
|
| 17 |
b12ea3fb
|
Renato Botelho
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
| 18 |
|
|
* you may not use this file except in compliance with the License.
|
| 19 |
|
|
* You may obtain a copy of the License at
|
| 20 |
f74457df
|
Stephen Beaver
|
*
|
| 21 |
b12ea3fb
|
Renato Botelho
|
* http://www.apache.org/licenses/LICENSE-2.0
|
| 22 |
f74457df
|
Stephen Beaver
|
*
|
| 23 |
b12ea3fb
|
Renato Botelho
|
* Unless required by applicable law or agreed to in writing, software
|
| 24 |
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
| 25 |
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
| 26 |
|
|
* See the License for the specific language governing permissions and
|
| 27 |
|
|
* limitations under the License.
|
| 28 |
f74457df
|
Stephen Beaver
|
*/
|
| 29 |
fab7ff44
|
Bill Marquette
|
|
| 30 |
6b07c15a
|
Matthew Grooms
|
##|+PRIV
|
| 31 |
|
|
##|*IDENT=page-system-groupmanager
|
| 32 |
48157a04
|
Phil Davis
|
##|*NAME=System: Group Manager
|
| 33 |
|
|
##|*DESCR=Allow access to the 'System: Group Manager' page.
|
| 34 |
57188e47
|
Phil Davis
|
##|*WARN=standard-warning-root
|
| 35 |
6b07c15a
|
Matthew Grooms
|
##|*MATCH=system_groupmanager.php*
|
| 36 |
|
|
##|-PRIV
|
| 37 |
fab7ff44
|
Bill Marquette
|
|
| 38 |
c81ef6e2
|
Phil Davis
|
require_once("guiconfig.inc");
|
| 39 |
15c74b5b
|
doktornotor
|
require_once("pfsense-utils.inc");
|
| 40 |
d88c6a9f
|
Scott Ullrich
|
|
| 41 |
3fa6d462
|
jim-p
|
$logging_level = LOG_WARNING;
|
| 42 |
|
|
$logging_prefix = gettext("Local User Database");
|
| 43 |
|
|
|
| 44 |
4cd7b4b4
|
Marcos Mendoza
|
$id = is_numericint($_REQUEST['groupid']) ? $_REQUEST['groupid'] : null;
|
| 45 |
4611e283
|
Steve Beaver
|
$act = (isset($_REQUEST['act']) ? $_REQUEST['act'] : '');
|
| 46 |
31b53653
|
Scott Ullrich
|
|
| 47 |
9270d777
|
jim-p
|
$dup = null;
|
| 48 |
|
|
|
| 49 |
e6407b22
|
Viktor G
|
if ($act == 'dup') {
|
| 50 |
df14688b
|
Viktor G
|
$dup = $id;
|
| 51 |
e6407b22
|
Viktor G
|
$act = 'edit';
|
| 52 |
|
|
}
|
| 53 |
|
|
|
| 54 |
06683083
|
Stephen Beaver
|
function cpusercmp($a, $b) {
|
| 55 |
|
|
return strcasecmp($a['name'], $b['name']);
|
| 56 |
|
|
}
|
| 57 |
23d09a2e
|
Stephen Beaver
|
|
| 58 |
06683083
|
Stephen Beaver
|
function admin_groups_sort() {
|
| 59 |
1bb9c407
|
Marcos Mendoza
|
$group_config = config_get_path('system/group');
|
| 60 |
06683083
|
Stephen Beaver
|
|
| 61 |
1bb9c407
|
Marcos Mendoza
|
if (!is_array($group_config)) {
|
| 62 |
06683083
|
Stephen Beaver
|
return;
|
| 63 |
|
|
}
|
| 64 |
|
|
|
| 65 |
1bb9c407
|
Marcos Mendoza
|
usort($group_config, "cpusercmp");
|
| 66 |
|
|
config_set_path("system/group", $group_config);
|
| 67 |
06683083
|
Stephen Beaver
|
}
|
| 68 |
|
|
|
| 69 |
acd7e560
|
jim-p
|
/*
|
| 70 |
|
|
* Check user privileges to test if the user is allowed to make changes.
|
| 71 |
|
|
* Otherwise users can end up in an inconsistent state where some changes are
|
| 72 |
|
|
* performed and others denied. See https://redmine.pfsense.org/issues/9259
|
| 73 |
|
|
*/
|
| 74 |
|
|
phpsession_begin();
|
| 75 |
|
|
$guiuser = getUserEntry($_SESSION['Username']);
|
| 76 |
1bb9c407
|
Marcos Mendoza
|
$guiuser = $guiuser['item'];
|
| 77 |
acd7e560
|
jim-p
|
$read_only = (is_array($guiuser) && userHasPrivilege($guiuser, "user-config-readonly"));
|
| 78 |
|
|
phpsession_end();
|
| 79 |
|
|
|
| 80 |
|
|
if (!empty($_POST) && $read_only) {
|
| 81 |
|
|
$input_errors = array(gettext("Insufficient privileges to make the requested change (read only)."));
|
| 82 |
|
|
}
|
| 83 |
|
|
|
| 84 |
|
|
if (($_POST['act'] == "delgroup") && !$read_only) {
|
| 85 |
7ea27b0d
|
Renato Botelho
|
|
| 86 |
449cac24
|
Renato Botelho
|
if (!isset($id) || !isset($_REQUEST['groupname']) ||
|
| 87 |
1bb9c407
|
Marcos Mendoza
|
(config_get_path("system/group/{$id}") === null) ||
|
| 88 |
|
|
($_REQUEST['groupname'] != config_get_path("system/group/{$id}/name"))) {
|
| 89 |
6b07c15a
|
Matthew Grooms
|
pfSenseHeader("system_groupmanager.php");
|
| 90 |
|
|
exit;
|
| 91 |
|
|
}
|
| 92 |
31b53653
|
Scott Ullrich
|
|
| 93 |
1bb9c407
|
Marcos Mendoza
|
local_group_del(config_get_path("system/group/{$id}"));
|
| 94 |
|
|
$groupdeleted = config_get_path("system/group/{$id}/name");
|
| 95 |
|
|
config_del_path("system/group/{$id}");
|
| 96 |
449cac24
|
Renato Botelho
|
/*
|
| 97 |
|
|
* Reindex the array to avoid operating on an incorrect index
|
| 98 |
|
|
* https://redmine.pfsense.org/issues/7733
|
| 99 |
|
|
*/
|
| 100 |
b8f18410
|
Marcos Mendoza
|
config_set_path("system/group", array_values(config_get_path('system/group', [])));
|
| 101 |
3fa6d462
|
jim-p
|
|
| 102 |
449cac24
|
Renato Botelho
|
$savemsg = sprintf(gettext("Successfully deleted group: %s"),
|
| 103 |
|
|
$groupdeleted);
|
| 104 |
3fa6d462
|
jim-p
|
write_config($savemsg);
|
| 105 |
|
|
syslog($logging_level, "{$logging_prefix}: {$savemsg}");
|
| 106 |
fab7ff44
|
Bill Marquette
|
}
|
| 107 |
d88c6a9f
|
Scott Ullrich
|
|
| 108 |
9270d777
|
jim-p
|
if (($_POST['act'] == "delpriv") && !$read_only && ($dup === null)) {
|
| 109 |
6b07c15a
|
Matthew Grooms
|
|
| 110 |
1bb9c407
|
Marcos Mendoza
|
if (!isset($id) || (config_get_path("system/group/{$id}") === null)) {
|
| 111 |
6b07c15a
|
Matthew Grooms
|
pfSenseHeader("system_groupmanager.php");
|
| 112 |
|
|
exit;
|
| 113 |
|
|
}
|
| 114 |
fab7ff44
|
Bill Marquette
|
|
| 115 |
1bb9c407
|
Marcos Mendoza
|
$privdeleted = array_get_path($priv_list, (config_get_path("system/group/{$id}/priv/{$_REQUEST['privid']}") . "/name"));
|
| 116 |
|
|
config_del_path("system/group/{$id}/priv/{$_REQUEST['privid']}");
|
| 117 |
6b07c15a
|
Matthew Grooms
|
|
| 118 |
1bb9c407
|
Marcos Mendoza
|
foreach (config_get_path("system/group/{$id}/member", []) as $uid) {
|
| 119 |
|
|
$user = getUserEntryByUID($uid);
|
| 120 |
|
|
$user = $user['item'];
|
| 121 |
|
|
if ($user) {
|
| 122 |
|
|
local_user_set($user);
|
| 123 |
2ee08031
|
Erik Fonnesbeck
|
}
|
| 124 |
64600f94
|
Sjon Hortensius
|
}
|
| 125 |
45ee90ed
|
Matthew Grooms
|
|
| 126 |
449cac24
|
Renato Botelho
|
$savemsg = sprintf(gettext("Removed Privilege \"%s\" from group %s"),
|
| 127 |
1bb9c407
|
Marcos Mendoza
|
$privdeleted, config_get_path("system/group/{$id}/name"));
|
| 128 |
3fa6d462
|
jim-p
|
write_config($savemsg);
|
| 129 |
|
|
syslog($logging_level, "{$logging_prefix}: {$savemsg}");
|
| 130 |
|
|
|
| 131 |
7ea27b0d
|
Renato Botelho
|
$act = "edit";
|
| 132 |
6b07c15a
|
Matthew Grooms
|
}
|
| 133 |
45ee90ed
|
Matthew Grooms
|
|
| 134 |
7ea27b0d
|
Renato Botelho
|
if ($act == "edit") {
|
| 135 |
4cd7b4b4
|
Marcos Mendoza
|
if (isset($id)) {
|
| 136 |
|
|
$this_group = config_get_path("system/group/{$id}");
|
| 137 |
9270d777
|
jim-p
|
if ($dup === null) {
|
| 138 |
1bb9c407
|
Marcos Mendoza
|
$pconfig['name'] = $this_group['name'];
|
| 139 |
|
|
$pconfig['gid'] = $this_group['gid'];
|
| 140 |
|
|
$pconfig['gtype'] = empty($this_group['scope'])
|
| 141 |
|
|
? "local" : $this_group['scope'];
|
| 142 |
e6407b22
|
Viktor G
|
} else {
|
| 143 |
1bb9c407
|
Marcos Mendoza
|
$pconfig['gtype'] = ($this_group['scope'] == 'system')
|
| 144 |
|
|
? "local" : $this_group['scope'];
|
| 145 |
e6407b22
|
Viktor G
|
}
|
| 146 |
1bb9c407
|
Marcos Mendoza
|
$pconfig['priv'] = $this_group['priv'];
|
| 147 |
|
|
$pconfig['description'] = $this_group['description'];
|
| 148 |
|
|
$pconfig['members'] = $this_group['member'];
|
| 149 |
45ee90ed
|
Matthew Grooms
|
}
|
| 150 |
|
|
}
|
| 151 |
6b07c15a
|
Matthew Grooms
|
|
| 152 |
acd7e560
|
jim-p
|
if (isset($_POST['dellall_x']) && !$read_only) {
|
| 153 |
c0c5b8cc
|
bruno
|
|
| 154 |
20231404
|
Steve Beaver
|
$del_groups = $_POST['delete_check'];
|
| 155 |
3fa6d462
|
jim-p
|
$deleted_groups = array();
|
| 156 |
c0c5b8cc
|
bruno
|
|
| 157 |
e0c7b2fe
|
Phil Davis
|
if (!empty($del_groups)) {
|
| 158 |
|
|
foreach ($del_groups as $groupid) {
|
| 159 |
1bb9c407
|
Marcos Mendoza
|
$this_group = config_get_path("system/group/{$groupid}");
|
| 160 |
|
|
if (isset($this_group) &&
|
| 161 |
|
|
$this_group['scope'] != "system") {
|
| 162 |
|
|
$deleted_groups[] = $this_group['name'];
|
| 163 |
|
|
local_group_del($this_group);
|
| 164 |
|
|
config_del_path("system/group/{$groupid}");
|
| 165 |
c0c5b8cc
|
bruno
|
}
|
| 166 |
|
|
}
|
| 167 |
3fa6d462
|
jim-p
|
|
| 168 |
449cac24
|
Renato Botelho
|
$savemsg = sprintf(gettext("Successfully deleted %s: %s"),
|
| 169 |
|
|
(count($deleted_groups) == 1)
|
| 170 |
|
|
? gettext("group") : gettext("groups"),
|
| 171 |
|
|
implode(', ', $deleted_groups));
|
| 172 |
|
|
/*
|
| 173 |
|
|
* Reindex the array to avoid operating on an incorrect index
|
| 174 |
|
|
* https://redmine.pfsense.org/issues/7733
|
| 175 |
|
|
*/
|
| 176 |
b8f18410
|
Marcos Mendoza
|
config_set_path("system/group", array_values(config_get_path('system/group', [])));
|
| 177 |
c0c5b8cc
|
bruno
|
write_config($savemsg);
|
| 178 |
3fa6d462
|
jim-p
|
syslog($logging_level, "{$logging_prefix}: {$savemsg}");
|
| 179 |
c0c5b8cc
|
bruno
|
}
|
| 180 |
|
|
}
|
| 181 |
|
|
|
| 182 |
acd7e560
|
jim-p
|
if (isset($_POST['save']) && !$read_only) {
|
| 183 |
d88c6a9f
|
Scott Ullrich
|
unset($input_errors);
|
| 184 |
|
|
$pconfig = $_POST;
|
| 185 |
|
|
|
| 186 |
|
|
/* input validation */
|
| 187 |
|
|
$reqdfields = explode(" ", "groupname");
|
| 188 |
b4fd804b
|
Carlos Eduardo Ramos
|
$reqdfieldsn = array(gettext("Group Name"));
|
| 189 |
4c291f4c
|
Renato Botelho
|
|
| 190 |
1e9b4611
|
Renato Botelho
|
do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
|
| 191 |
4c291f4c
|
Renato Botelho
|
|
| 192 |
d7689b2c
|
Stephen Beaver
|
if ($_POST['gtype'] != "remote") {
|
| 193 |
79ed8ce0
|
Stephen Beaver
|
if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['groupname'])) {
|
| 194 |
449cac24
|
Renato Botelho
|
$input_errors[] = sprintf(gettext(
|
| 195 |
|
|
"The (%s) group name contains invalid characters."),
|
| 196 |
|
|
$_POST['gtype']);
|
| 197 |
79ed8ce0
|
Stephen Beaver
|
}
|
| 198 |
8d4f79cd
|
jim-p
|
if (strlen($_POST['groupname']) > 16) {
|
| 199 |
|
|
$input_errors[] = gettext(
|
| 200 |
|
|
"The group name is longer than 16 characters.");
|
| 201 |
|
|
}
|
| 202 |
79ed8ce0
|
Stephen Beaver
|
} else {
|
| 203 |
|
|
if (preg_match("/[^a-zA-Z0-9\.\- _]/", $_POST['groupname'])) {
|
| 204 |
449cac24
|
Renato Botelho
|
$input_errors[] = sprintf(gettext(
|
| 205 |
|
|
"The (%s) group name contains invalid characters."),
|
| 206 |
|
|
$_POST['gtype']);
|
| 207 |
79ed8ce0
|
Stephen Beaver
|
}
|
| 208 |
e0c7b2fe
|
Phil Davis
|
}
|
| 209 |
4c291f4c
|
Renato Botelho
|
|
| 210 |
5bef2407
|
jim-p
|
/* Check the POSTed members to ensure they are valid and exist */
|
| 211 |
9d3e8723
|
Phil Davis
|
if (is_array($_POST['members'])) {
|
| 212 |
9f472202
|
NewEraCracker
|
foreach ($_POST['members'] as $newmember) {
|
| 213 |
449cac24
|
Renato Botelho
|
if (!is_numeric($newmember) ||
|
| 214 |
|
|
empty(getUserEntryByUID($newmember))) {
|
| 215 |
|
|
$input_errors[] = gettext("One or more " .
|
| 216 |
|
|
"invalid group members was submitted.");
|
| 217 |
9f472202
|
NewEraCracker
|
}
|
| 218 |
5bef2407
|
jim-p
|
}
|
| 219 |
|
|
}
|
| 220 |
|
|
|
| 221 |
1bb9c407
|
Marcos Mendoza
|
if (!$input_errors && !(isset($id) && config_get_path("system/group/{$id}"))) {
|
| 222 |
d88c6a9f
|
Scott Ullrich
|
/* make sure there are no dupes */
|
| 223 |
4b9165e5
|
Marcos Mendoza
|
foreach (config_get_path('system/group', []) as $group) {
|
| 224 |
d88c6a9f
|
Scott Ullrich
|
if ($group['name'] == $_POST['groupname']) {
|
| 225 |
449cac24
|
Renato Botelho
|
$input_errors[] = gettext("Another entry " .
|
| 226 |
|
|
"with the same group name already exists.");
|
| 227 |
d88c6a9f
|
Scott Ullrich
|
break;
|
| 228 |
|
|
}
|
| 229 |
|
|
}
|
| 230 |
|
|
}
|
| 231 |
4c291f4c
|
Renato Botelho
|
|
| 232 |
d88c6a9f
|
Scott Ullrich
|
if (!$input_errors) {
|
| 233 |
45ee90ed
|
Matthew Grooms
|
$group = array();
|
| 234 |
1bb9c407
|
Marcos Mendoza
|
if (isset($id) && config_get_path("system/group/{$id}")) {
|
| 235 |
|
|
$group = config_get_path("system/group/{$id}");
|
| 236 |
e0c7b2fe
|
Phil Davis
|
}
|
| 237 |
4c291f4c
|
Renato Botelho
|
|
| 238 |
d88c6a9f
|
Scott Ullrich
|
$group['name'] = $_POST['groupname'];
|
| 239 |
|
|
$group['description'] = $_POST['description'];
|
| 240 |
79ed8ce0
|
Stephen Beaver
|
$group['scope'] = $_POST['gtype'];
|
| 241 |
45ee90ed
|
Matthew Grooms
|
|
| 242 |
e0c7b2fe
|
Phil Davis
|
if (empty($_POST['members'])) {
|
| 243 |
70d6b5c4
|
Ermal
|
unset($group['member']);
|
| 244 |
e0c7b2fe
|
Phil Davis
|
} else if ($group['gid'] != 1998) { // all group
|
| 245 |
6b07c15a
|
Matthew Grooms
|
$group['member'] = $_POST['members'];
|
| 246 |
e0c7b2fe
|
Phil Davis
|
}
|
| 247 |
45ee90ed
|
Matthew Grooms
|
|
| 248 |
1bb9c407
|
Marcos Mendoza
|
if (isset($id) && config_get_path("system/group/{$id}")) {
|
| 249 |
|
|
config_set_path("system/group/{$id}", $group);
|
| 250 |
e0c7b2fe
|
Phil Davis
|
} else {
|
| 251 |
1bb9c407
|
Marcos Mendoza
|
$nextgid = config_get_path('system/nextgid');
|
| 252 |
|
|
$group['gid'] = $nextgid++;
|
| 253 |
|
|
config_set_path('system/nextgid', $nextgid);
|
| 254 |
df14688b
|
Viktor G
|
if ($_POST['dup']) {
|
| 255 |
1bb9c407
|
Marcos Mendoza
|
$group['priv'] = config_get_path("system/group/{$_POST['dup']}/priv");
|
| 256 |
df14688b
|
Viktor G
|
}
|
| 257 |
1bb9c407
|
Marcos Mendoza
|
config_set_path('system/group/', $group);
|
| 258 |
45ee90ed
|
Matthew Grooms
|
}
|
| 259 |
|
|
|
| 260 |
06683083
|
Stephen Beaver
|
admin_groups_sort();
|
| 261 |
|
|
|
| 262 |
659fa7f2
|
Matthew Grooms
|
local_group_set($group);
|
| 263 |
2a0e8512
|
jim-p
|
|
| 264 |
449cac24
|
Renato Botelho
|
/*
|
| 265 |
|
|
* Refresh users in this group since their privileges may have
|
| 266 |
|
|
* changed.
|
| 267 |
|
|
*/
|
| 268 |
5709072a
|
jim-p
|
if (is_array($group['member'])) {
|
| 269 |
4b9165e5
|
Marcos Mendoza
|
foreach (config_get_path('system/user', []) as $idx => $user) {
|
| 270 |
e0c7b2fe
|
Phil Davis
|
if (in_array($user['uid'], $group['member'])) {
|
| 271 |
5709072a
|
jim-p
|
local_user_set($user);
|
| 272 |
1bb9c407
|
Marcos Mendoza
|
config_set_path("system/user/{$idx}", $user);
|
| 273 |
e0c7b2fe
|
Phil Davis
|
}
|
| 274 |
5709072a
|
jim-p
|
}
|
| 275 |
2a0e8512
|
jim-p
|
}
|
| 276 |
|
|
|
| 277 |
dc3bc1f8
|
Renato Botelho
|
/* Sort it alphabetically */
|
| 278 |
b8f18410
|
Marcos Mendoza
|
$group_config = config_get_path('system/group', []);
|
| 279 |
1bb9c407
|
Marcos Mendoza
|
usort($group_config, function($a, $b) {
|
| 280 |
dc3bc1f8
|
Renato Botelho
|
return strcmp($a['name'], $b['name']);
|
| 281 |
|
|
});
|
| 282 |
1bb9c407
|
Marcos Mendoza
|
config_set_path('system/group', $group_config);
|
| 283 |
dc3bc1f8
|
Renato Botelho
|
|
| 284 |
449cac24
|
Renato Botelho
|
$savemsg = sprintf(gettext("Successfully %s group %s"),
|
| 285 |
|
|
(strlen($id) > 0) ? gettext("edited") : gettext("created"),
|
| 286 |
|
|
$group['name']);
|
| 287 |
3fa6d462
|
jim-p
|
write_config($savemsg);
|
| 288 |
|
|
syslog($logging_level, "{$logging_prefix}: {$savemsg}");
|
| 289 |
4c291f4c
|
Renato Botelho
|
|
| 290 |
d88c6a9f
|
Scott Ullrich
|
header("Location: system_groupmanager.php");
|
| 291 |
|
|
exit;
|
| 292 |
|
|
}
|
| 293 |
23d09a2e
|
Stephen Beaver
|
|
| 294 |
|
|
$pconfig['name'] = $_POST['groupname'];
|
| 295 |
fab7ff44
|
Bill Marquette
|
}
|
| 296 |
|
|
|
| 297 |
2f1e91e4
|
Stephen Beaver
|
function build_priv_table() {
|
| 298 |
1bb9c407
|
Marcos Mendoza
|
global $id, $read_only, $dup;
|
| 299 |
2f1e91e4
|
Stephen Beaver
|
|
| 300 |
|
|
$privhtml = '<div class="table-responsive">';
|
| 301 |
|
|
$privhtml .= '<table class="table table-striped table-hover table-condensed">';
|
| 302 |
|
|
$privhtml .= '<thead>';
|
| 303 |
70da45c9
|
NOYB
|
$privhtml .= '<tr>';
|
| 304 |
|
|
$privhtml .= '<th>' . gettext('Name') . '</th>';
|
| 305 |
|
|
$privhtml .= '<th>' . gettext('Description') . '</th>';
|
| 306 |
|
|
$privhtml .= '<th>' . gettext('Action') . '</th>';
|
| 307 |
|
|
$privhtml .= '</tr>';
|
| 308 |
2f1e91e4
|
Stephen Beaver
|
$privhtml .= '</thead>';
|
| 309 |
|
|
$privhtml .= '<tbody>';
|
| 310 |
|
|
|
| 311 |
57188e47
|
Phil Davis
|
$user_has_root_priv = false;
|
| 312 |
|
|
|
| 313 |
4cd7b4b4
|
Marcos Mendoza
|
if (isset($id)) {
|
| 314 |
|
|
foreach (get_user_privdesc(config_get_path("system/group/{$id}")) as $i => $priv) {
|
| 315 |
|
|
$privhtml .= '<tr>';
|
| 316 |
|
|
$privhtml .= '<td>' . htmlspecialchars($priv['name']) . '</td>';
|
| 317 |
|
|
$privhtml .= '<td>' . htmlspecialchars($priv['descr']);
|
| 318 |
|
|
if (isset($priv['warn']) && ($priv['warn'] == 'standard-warning-root')) {
|
| 319 |
|
|
$privhtml .= ' ' . gettext('(admin privilege)');
|
| 320 |
|
|
$user_has_root_priv = true;
|
| 321 |
|
|
}
|
| 322 |
|
|
$privhtml .= '</td>';
|
| 323 |
|
|
if (!$read_only && ($dup === null)) {
|
| 324 |
|
|
$privhtml .= '<td><a class="fa-solid fa-trash-can" title="' . gettext('Delete Privilege') . '" href="system_groupmanager.php?act=delpriv&groupid=' . $id . '&privid=' . $i . '" usepost></a></td>';
|
| 325 |
|
|
}
|
| 326 |
|
|
$privhtml .= '</tr>';
|
| 327 |
acd7e560
|
jim-p
|
}
|
| 328 |
2f1e91e4
|
Stephen Beaver
|
}
|
| 329 |
|
|
|
| 330 |
57188e47
|
Phil Davis
|
if ($user_has_root_priv) {
|
| 331 |
|
|
$privhtml .= '<tr>';
|
| 332 |
|
|
$privhtml .= '<td colspan="2">';
|
| 333 |
9187d6f7
|
Phil Davis
|
$privhtml .= '<b>' . gettext('Security notice: Users in this group effectively have administrator-level access') . '</b>';
|
| 334 |
57188e47
|
Phil Davis
|
$privhtml .= '</td>';
|
| 335 |
|
|
$privhtml .= '<td>';
|
| 336 |
|
|
$privhtml .= '</td>';
|
| 337 |
|
|
$privhtml .= '</tr>';
|
| 338 |
20231404
|
Steve Beaver
|
|
| 339 |
57188e47
|
Phil Davis
|
}
|
| 340 |
|
|
|
| 341 |
2f1e91e4
|
Stephen Beaver
|
$privhtml .= '</tbody>';
|
| 342 |
|
|
$privhtml .= '</table>';
|
| 343 |
|
|
$privhtml .= '</div>';
|
| 344 |
|
|
|
| 345 |
|
|
$privhtml .= '<nav class="action-buttons">';
|
| 346 |
9270d777
|
jim-p
|
if (!$read_only && ($dup === null)) {
|
| 347 |
e0cb987c
|
Marcos Mendoza
|
$privhtml .= '<a href="system_groupmanager_addprivs.php?groupid=' . $id . '" class="btn btn-success"><i class="fa-solid fa-plus icon-embed-btn"></i>' . gettext("Add") . '</a>';
|
| 348 |
acd7e560
|
jim-p
|
}
|
| 349 |
2f1e91e4
|
Stephen Beaver
|
$privhtml .= '</nav>';
|
| 350 |
|
|
|
| 351 |
|
|
return($privhtml);
|
| 352 |
|
|
}
|
| 353 |
|
|
|
| 354 |
8f1ab2a4
|
k-paulius
|
$pgtitle = array(gettext("System"), gettext("User Manager"), gettext("Groups"));
|
| 355 |
edcd7535
|
Phil Davis
|
$pglinks = array("", "system_usermanager.php", "system_groupmanager.php");
|
| 356 |
8f1ab2a4
|
k-paulius
|
|
| 357 |
|
|
if ($act == "new" || $act == "edit") {
|
| 358 |
|
|
$pgtitle[] = gettext('Edit');
|
| 359 |
edcd7535
|
Phil Davis
|
$pglinks[] = "@self";
|
| 360 |
8f1ab2a4
|
k-paulius
|
}
|
| 361 |
23d09a2e
|
Stephen Beaver
|
|
| 362 |
fab7ff44
|
Bill Marquette
|
include("head.inc");
|
| 363 |
|
|
|
| 364 |
d61309a0
|
Phil Davis
|
if ($input_errors) {
|
| 365 |
64600f94
|
Sjon Hortensius
|
print_input_errors($input_errors);
|
| 366 |
d61309a0
|
Phil Davis
|
}
|
| 367 |
23d09a2e
|
Stephen Beaver
|
|
| 368 |
d61309a0
|
Phil Davis
|
if ($savemsg) {
|
| 369 |
f78bbe16
|
Phil Davis
|
print_info_box($savemsg, 'success');
|
| 370 |
d61309a0
|
Phil Davis
|
}
|
| 371 |
64600f94
|
Sjon Hortensius
|
|
| 372 |
|
|
$tab_array = array();
|
| 373 |
210eb1d6
|
jim-p
|
$tab_array[] = array(gettext("Users"), false, "system_usermanager.php");
|
| 374 |
64600f94
|
Sjon Hortensius
|
$tab_array[] = array(gettext("Groups"), true, "system_groupmanager.php");
|
| 375 |
|
|
$tab_array[] = array(gettext("Settings"), false, "system_usermanager_settings.php");
|
| 376 |
210eb1d6
|
jim-p
|
$tab_array[] = array(gettext("Change Password"), false, "system_usermanager_passwordmg.php");
|
| 377 |
2d1f33d9
|
k-paulius
|
$tab_array[] = array(gettext("Authentication Servers"), false, "system_authservers.php");
|
| 378 |
64600f94
|
Sjon Hortensius
|
display_top_tabs($tab_array);
|
| 379 |
|
|
|
| 380 |
4611e283
|
Steve Beaver
|
if (!($act == "new" || $act == "edit")) {
|
| 381 |
64600f94
|
Sjon Hortensius
|
?>
|
| 382 |
060ed238
|
Stephen Beaver
|
<div class="panel panel-default">
|
| 383 |
|
|
<div class="panel-heading"><h2 class="panel-title"><?=gettext('Groups')?></h2></div>
|
| 384 |
|
|
<div class="panel-body">
|
| 385 |
|
|
<div class="table-responsive">
|
| 386 |
1c10ce97
|
PiBa-NL
|
<table class="table table-striped table-hover table-condensed sortable-theme-bootstrap table-rowdblclickedit" data-sortable>
|
| 387 |
060ed238
|
Stephen Beaver
|
<thead>
|
| 388 |
|
|
<tr>
|
| 389 |
|
|
<th><?=gettext("Group name")?></th>
|
| 390 |
|
|
<th><?=gettext("Description")?></th>
|
| 391 |
|
|
<th><?=gettext("Member Count")?></th>
|
| 392 |
|
|
<th><?=gettext("Actions")?></th>
|
| 393 |
|
|
</tr>
|
| 394 |
|
|
</thead>
|
| 395 |
|
|
<tbody>
|
| 396 |
64600f94
|
Sjon Hortensius
|
<?php
|
| 397 |
4b9165e5
|
Marcos Mendoza
|
foreach (config_get_path('system/group', []) as $i => $group):
|
| 398 |
d61309a0
|
Phil Davis
|
if ($group["name"] == "all") {
|
| 399 |
1bb9c407
|
Marcos Mendoza
|
$groupcount = count(config_get_path('system/user', []));
|
| 400 |
19028049
|
Renato Botelho
|
} elseif (is_array($group['member'])) {
|
| 401 |
64600f94
|
Sjon Hortensius
|
$groupcount = count($group['member']);
|
| 402 |
19028049
|
Renato Botelho
|
} else {
|
| 403 |
|
|
$groupcount = 0;
|
| 404 |
d61309a0
|
Phil Davis
|
}
|
| 405 |
64600f94
|
Sjon Hortensius
|
?>
|
| 406 |
060ed238
|
Stephen Beaver
|
<tr>
|
| 407 |
|
|
<td>
|
| 408 |
|
|
<?=htmlspecialchars($group['name'])?>
|
| 409 |
|
|
</td>
|
| 410 |
|
|
<td>
|
| 411 |
|
|
<?=htmlspecialchars($group['description'])?>
|
| 412 |
|
|
</td>
|
| 413 |
|
|
<td>
|
| 414 |
|
|
<?=$groupcount?>
|
| 415 |
|
|
</td>
|
| 416 |
|
|
<td>
|
| 417 |
e0cb987c
|
Marcos Mendoza
|
<a class="fa-solid fa-pencil" title="<?=gettext("Edit group"); ?>" href="?act=edit&groupid=<?=$i?>"></a>
|
| 418 |
c1d304b3
|
Marcos Mendoza
|
<a class="fa-regular fa-clone" title="<?=gettext("Copy group"); ?>" href="?act=dup&groupid=<?=$i?>"></a>
|
| 419 |
acd7e560
|
jim-p
|
<?php if (($group['scope'] != "system") && !$read_only): ?>
|
| 420 |
c1d304b3
|
Marcos Mendoza
|
<a class="fa-solid fa-trash-can" title="<?=gettext("Delete group")?>" href="?act=delgroup&groupid=<?=$i?>&groupname=<?=$group['name']?>" usepost></a>
|
| 421 |
060ed238
|
Stephen Beaver
|
<?php endif;?>
|
| 422 |
|
|
</td>
|
| 423 |
|
|
</tr>
|
| 424 |
64600f94
|
Sjon Hortensius
|
<?php
|
| 425 |
|
|
endforeach;
|
| 426 |
fab7ff44
|
Bill Marquette
|
?>
|
| 427 |
060ed238
|
Stephen Beaver
|
</tbody>
|
| 428 |
|
|
</table>
|
| 429 |
|
|
</div>
|
| 430 |
94404d94
|
Sander van Leeuwen
|
</div>
|
| 431 |
060ed238
|
Stephen Beaver
|
</div>
|
| 432 |
|
|
|
| 433 |
|
|
<nav class="action-buttons">
|
| 434 |
acd7e560
|
jim-p
|
<?php if (!$read_only): ?>
|
| 435 |
4611e283
|
Steve Beaver
|
<a href="?act=new" class="btn btn-success btn-sm">
|
| 436 |
e0cb987c
|
Marcos Mendoza
|
<i class="fa-solid fa-plus icon-embed-btn"></i>
|
| 437 |
060ed238
|
Stephen Beaver
|
<?=gettext("Add")?>
|
| 438 |
|
|
</a>
|
| 439 |
acd7e560
|
jim-p
|
<?php endif; ?>
|
| 440 |
060ed238
|
Stephen Beaver
|
</nav>
|
| 441 |
64600f94
|
Sjon Hortensius
|
<?php
|
| 442 |
|
|
include('foot.inc');
|
| 443 |
|
|
exit;
|
| 444 |
6b07c15a
|
Matthew Grooms
|
}
|
| 445 |
|
|
|
| 446 |
64600f94
|
Sjon Hortensius
|
$form = new Form;
|
| 447 |
|
|
$form->setAction('system_groupmanager.php?act=edit');
|
| 448 |
9270d777
|
jim-p
|
if ($dup === null) {
|
| 449 |
df14688b
|
Viktor G
|
$form->addGlobal(new Form_Input(
|
| 450 |
|
|
'groupid',
|
| 451 |
|
|
null,
|
| 452 |
|
|
'hidden',
|
| 453 |
|
|
$id
|
| 454 |
|
|
));
|
| 455 |
|
|
} else {
|
| 456 |
|
|
$form->addGlobal(new Form_Input(
|
| 457 |
|
|
'dup',
|
| 458 |
|
|
null,
|
| 459 |
|
|
'hidden',
|
| 460 |
|
|
$dup
|
| 461 |
|
|
));
|
| 462 |
|
|
}
|
| 463 |
64600f94
|
Sjon Hortensius
|
|
| 464 |
1bb9c407
|
Marcos Mendoza
|
if (isset($id) && config_get_path("system/group/{$id}")) {
|
| 465 |
64600f94
|
Sjon Hortensius
|
$form->addGlobal(new Form_Input(
|
| 466 |
|
|
'id',
|
| 467 |
|
|
null,
|
| 468 |
|
|
'hidden',
|
| 469 |
|
|
$id
|
| 470 |
|
|
));
|
| 471 |
|
|
|
| 472 |
|
|
$form->addGlobal(new Form_Input(
|
| 473 |
|
|
'gid',
|
| 474 |
|
|
null,
|
| 475 |
|
|
'hidden',
|
| 476 |
|
|
$pconfig['gid']
|
| 477 |
|
|
));
|
| 478 |
61dec0b0
|
Renato Botelho
|
}
|
| 479 |
|
|
|
| 480 |
5f88f964
|
k-paulius
|
$section = new Form_Section('Group Properties');
|
| 481 |
82833610
|
Stephen Beaver
|
|
| 482 |
e6acc2ee
|
Sjon Hortensius
|
$section->addInput($input = new Form_Input(
|
| 483 |
64600f94
|
Sjon Hortensius
|
'groupname',
|
| 484 |
153c3aa6
|
Phil Davis
|
'*Group name',
|
| 485 |
64600f94
|
Sjon Hortensius
|
'text',
|
| 486 |
|
|
$pconfig['name']
|
| 487 |
|
|
));
|
| 488 |
|
|
|
| 489 |
d61309a0
|
Phil Davis
|
if ($pconfig['gtype'] == "system") {
|
| 490 |
1192840b
|
Sjon Hortensius
|
$input->setReadonly();
|
| 491 |
79ed8ce0
|
Stephen Beaver
|
|
| 492 |
|
|
$section->addInput(new Form_Input(
|
| 493 |
|
|
'gtype',
|
| 494 |
153c3aa6
|
Phil Davis
|
'*Scope',
|
| 495 |
79ed8ce0
|
Stephen Beaver
|
'text',
|
| 496 |
|
|
$pconfig['gtype']
|
| 497 |
|
|
))->setReadonly();
|
| 498 |
|
|
} else {
|
| 499 |
|
|
$section->addInput(new Form_Select(
|
| 500 |
|
|
'gtype',
|
| 501 |
153c3aa6
|
Phil Davis
|
'*Scope',
|
| 502 |
79ed8ce0
|
Stephen Beaver
|
$pconfig['gtype'],
|
| 503 |
82833610
|
Stephen Beaver
|
["local" => gettext("Local"), "remote" => gettext("Remote")]
|
| 504 |
449cac24
|
Renato Botelho
|
))->setHelp("<span class=\"text-danger\">Warning: Changing this " .
|
| 505 |
|
|
"setting may affect the local groups file, in which case a " .
|
| 506 |
|
|
"reboot may be required for the changes to take effect.</span>");
|
| 507 |
d61309a0
|
Phil Davis
|
}
|
| 508 |
e6acc2ee
|
Sjon Hortensius
|
|
| 509 |
64600f94
|
Sjon Hortensius
|
$section->addInput(new Form_Input(
|
| 510 |
|
|
'description',
|
| 511 |
|
|
'Description',
|
| 512 |
|
|
'text',
|
| 513 |
|
|
$pconfig['description']
|
| 514 |
89140b63
|
NOYB
|
))->setHelp('Group description, for administrative information only');
|
| 515 |
64600f94
|
Sjon Hortensius
|
|
| 516 |
|
|
$form->add($section);
|
| 517 |
d61309a0
|
Phil Davis
|
|
| 518 |
449cac24
|
Renato Botelho
|
/* all users group */
|
| 519 |
|
|
if ($pconfig['gid'] != 1998) {
|
| 520 |
|
|
/* Group membership */
|
| 521 |
2f1e91e4
|
Stephen Beaver
|
$group = new Form_Group('Group membership');
|
| 522 |
|
|
|
| 523 |
449cac24
|
Renato Botelho
|
/*
|
| 524 |
|
|
* Make a list of all the groups configured on the system, and a list of
|
| 525 |
|
|
* those which this user is a member of
|
| 526 |
|
|
*/
|
| 527 |
2f1e91e4
|
Stephen Beaver
|
$systemGroups = array();
|
| 528 |
|
|
$usersGroups = array();
|
| 529 |
|
|
|
| 530 |
ac0a027f
|
Christian McDonald
|
foreach (config_get_path('system/user', []) as $user) {
|
| 531 |
449cac24
|
Renato Botelho
|
if (is_array($pconfig['members']) && in_array($user['uid'],
|
| 532 |
|
|
$pconfig['members'])) {
|
| 533 |
|
|
/* Add it to the user's list */
|
| 534 |
|
|
$usersGroups[ $user['uid'] ] = $user['name'];
|
| 535 |
d61309a0
|
Phil Davis
|
} else {
|
| 536 |
449cac24
|
Renato Botelho
|
/* Add it to the 'not a member of' list */
|
| 537 |
|
|
$systemGroups[ $user['uid'] ] = $user['name'];
|
| 538 |
d61309a0
|
Phil Davis
|
}
|
| 539 |
2f1e91e4
|
Stephen Beaver
|
}
|
| 540 |
|
|
|
| 541 |
|
|
$group->add(new Form_Select(
|
| 542 |
|
|
'notmembers',
|
| 543 |
|
|
null,
|
| 544 |
449cac24
|
Renato Botelho
|
array_combine((array)$pconfig['groups'],
|
| 545 |
|
|
(array)$pconfig['groups']),
|
| 546 |
2f1e91e4
|
Stephen Beaver
|
$systemGroups,
|
| 547 |
|
|
true
|
| 548 |
6ef8f2e9
|
heper
|
))->setHelp('Not members');
|
| 549 |
64600f94
|
Sjon Hortensius
|
|
| 550 |
2f1e91e4
|
Stephen Beaver
|
$group->add(new Form_Select(
|
| 551 |
64600f94
|
Sjon Hortensius
|
'members',
|
| 552 |
2f1e91e4
|
Stephen Beaver
|
null,
|
| 553 |
449cac24
|
Renato Botelho
|
array_combine((array)$pconfig['groups'],
|
| 554 |
|
|
(array)$pconfig['groups']),
|
| 555 |
2f1e91e4
|
Stephen Beaver
|
$usersGroups,
|
| 556 |
64600f94
|
Sjon Hortensius
|
true
|
| 557 |
6ef8f2e9
|
heper
|
))->setHelp('Members');
|
| 558 |
2f1e91e4
|
Stephen Beaver
|
|
| 559 |
|
|
$section->add($group);
|
| 560 |
|
|
|
| 561 |
|
|
$group = new Form_Group('');
|
| 562 |
|
|
|
| 563 |
|
|
$group->add(new Form_Button(
|
| 564 |
|
|
'movetoenabled',
|
| 565 |
faab522f
|
Renato Botelho
|
'Move to "Members"',
|
| 566 |
37676f4e
|
jim-p
|
null,
|
| 567 |
e6f78714
|
Marcos Mendoza
|
'fa-solid fa-angle-double-right'
|
| 568 |
449cac24
|
Renato Botelho
|
))->setAttribute('type','button')->removeClass('btn-primary')->addClass(
|
| 569 |
|
|
'btn-info btn-sm');
|
| 570 |
2f1e91e4
|
Stephen Beaver
|
|
| 571 |
|
|
$group->add(new Form_Button(
|
| 572 |
|
|
'movetodisabled',
|
| 573 |
faab522f
|
Renato Botelho
|
'Move to "Not members',
|
| 574 |
37676f4e
|
jim-p
|
null,
|
| 575 |
e6f78714
|
Marcos Mendoza
|
'fa-solid fa-angle-double-left'
|
| 576 |
449cac24
|
Renato Botelho
|
))->setAttribute('type','button')->removeClass('btn-primary')->addClass(
|
| 577 |
|
|
'btn-info btn-sm');
|
| 578 |
2f1e91e4
|
Stephen Beaver
|
|
| 579 |
449cac24
|
Renato Botelho
|
$group->setHelp(
|
| 580 |
|
|
'Hold down CTRL (PC)/COMMAND (Mac) key to select multiple items.');
|
| 581 |
2f1e91e4
|
Stephen Beaver
|
$section->add($group);
|
| 582 |
64600f94
|
Sjon Hortensius
|
|
| 583 |
6b07c15a
|
Matthew Grooms
|
}
|
| 584 |
|
|
|
| 585 |
9270d777
|
jim-p
|
if (isset($pconfig['gid']) || ($dup !== null)) {
|
| 586 |
64600f94
|
Sjon Hortensius
|
$section = new Form_Section('Assigned Privileges');
|
| 587 |
|
|
|
| 588 |
|
|
$section->addInput(new Form_StaticText(
|
| 589 |
|
|
null,
|
| 590 |
2f1e91e4
|
Stephen Beaver
|
build_priv_table()
|
| 591 |
64600f94
|
Sjon Hortensius
|
));
|
| 592 |
6b07c15a
|
Matthew Grooms
|
|
| 593 |
2f1e91e4
|
Stephen Beaver
|
|
| 594 |
64600f94
|
Sjon Hortensius
|
$form->add($section);
|
| 595 |
6b07c15a
|
Matthew Grooms
|
}
|
| 596 |
|
|
|
| 597 |
64600f94
|
Sjon Hortensius
|
print $form;
|
| 598 |
2f1e91e4
|
Stephen Beaver
|
?>
|
| 599 |
8fd9052f
|
Colin Fleming
|
<script type="text/javascript">
|
| 600 |
2f1e91e4
|
Stephen Beaver
|
//<![CDATA[
|
| 601 |
d61309a0
|
Phil Davis
|
events.push(function() {
|
| 602 |
2f1e91e4
|
Stephen Beaver
|
|
| 603 |
|
|
// On click . .
|
| 604 |
|
|
$("#movetodisabled").click(function() {
|
| 605 |
449cac24
|
Renato Botelho
|
moveOptions($('[name="members[]"] option'),
|
| 606 |
|
|
$('[name="notmembers[]"]'));
|
| 607 |
2f1e91e4
|
Stephen Beaver
|
});
|
| 608 |
|
|
|
| 609 |
|
|
$("#movetoenabled").click(function() {
|
| 610 |
449cac24
|
Renato Botelho
|
moveOptions($('[name="notmembers[]"] option'),
|
| 611 |
|
|
$('[name="members[]"]'));
|
| 612 |
2f1e91e4
|
Stephen Beaver
|
});
|
| 613 |
|
|
|
| 614 |
|
|
// On submit mark all the user's groups as "selected"
|
| 615 |
d61309a0
|
Phil Davis
|
$('form').submit(function() {
|
| 616 |
2f1e91e4
|
Stephen Beaver
|
AllServers($('[name="members[]"] option'), true);
|
| 617 |
|
|
});
|
| 618 |
|
|
});
|
| 619 |
|
|
//]]>
|
| 620 |
|
|
</script>
|
| 621 |
|
|
<?php
|
| 622 |
854fa106
|
heper
|
include('foot.inc');
|