Project

General

Profile

Download (13.3 KB) Statistics
| Branch: | Tag: | Revision:
1
<?php
2
/*
3
	system_groupmanager.php
4
*/
5
/* ====================================================================
6
 *	Copyright (c)  2004-2015  Electric Sheep Fencing, LLC. All rights reserved.
7
 *	Copyright (c)  2005 Paul Taylor <paultaylor@winn-dixie.com>
8
 *	Copyright (c)  2008 Shrew Soft Inc
9
 *
10
 *	Some or all of this file is based on the m0n0wall project which is
11
 *	Copyright (c)  2004 Manuel Kasper (BSD 2 clause)
12
 *
13
 *	Redistribution and use in source and binary forms, with or without modification,
14
 *	are permitted provided that the following conditions are met:
15
 *
16
 *	1. Redistributions of source code must retain the above copyright notice,
17
 *		this list of conditions and the following disclaimer.
18
 *
19
 *	2. Redistributions in binary form must reproduce the above copyright
20
 *		notice, this list of conditions and the following disclaimer in
21
 *		the documentation and/or other materials provided with the
22
 *		distribution.
23
 *
24
 *	3. All advertising materials mentioning features or use of this software
25
 *		must display the following acknowledgment:
26
 *		"This product includes software developed by the pfSense Project
27
 *		 for use in the pfSense software distribution. (http://www.pfsense.org/).
28
 *
29
 *	4. The names "pfSense" and "pfSense Project" must not be used to
30
 *		 endorse or promote products derived from this software without
31
 *		 prior written permission. For written permission, please contact
32
 *		 coreteam@pfsense.org.
33
 *
34
 *	5. Products derived from this software may not be called "pfSense"
35
 *		nor may "pfSense" appear in their names without prior written
36
 *		permission of the Electric Sheep Fencing, LLC.
37
 *
38
 *	6. Redistributions of any form whatsoever must retain the following
39
 *		acknowledgment:
40
 *
41
 *	"This product includes software developed by the pfSense Project
42
 *	for use in the pfSense software distribution (http://www.pfsense.org/).
43
 *
44
 *	THIS SOFTWARE IS PROVIDED BY THE pfSense PROJECT ``AS IS'' AND ANY
45
 *	EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
46
 *	IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
47
 *	PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE pfSense PROJECT OR
48
 *	ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
49
 *	SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
50
 *	NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
51
 *	LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
52
 *	HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
53
 *	STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
54
 *	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
55
 *	OF THE POSSIBILITY OF SUCH DAMAGE.
56
 *
57
 *	====================================================================
58
 *
59
 */
60

    
61
##|+PRIV
62
##|*IDENT=page-system-groupmanager
63
##|*NAME=System: Group manager
64
##|*DESCR=Allow access to the 'System: Group manager' page.
65
##|*MATCH=system_groupmanager.php*
66
##|-PRIV
67

    
68
require("guiconfig.inc");
69

    
70
if (!is_array($config['system']['group'])) {
71
	$config['system']['group'] = array();
72
}
73

    
74
$a_group = &$config['system']['group'];
75

    
76
unset($id);
77

    
78
if (isset($_POST['groupid']) && is_numericint($_POST['groupid'])) {
79
	$id = $_POST['groupid'];
80
}
81

    
82
if (isset($_GET['groupid']) && is_numericint($_GET['groupid'])) {
83
	$id = $_GET['groupid'];
84
}
85

    
86
$act = (isset($_GET['act']) ? $_GET['act'] : '');
87

    
88
function cpusercmp($a, $b) {
89
	return strcasecmp($a['name'], $b['name']);
90
}
91
function admin_groups_sort() {
92
	global $a_group;
93

    
94
	if (!is_array($a_group)) {
95
		return;
96
	}
97

    
98
	usort($a_group, "cpusercmp");
99
}
100

    
101
if ($act == "delgroup") {
102

    
103
	if (!isset($id) || !isset($_GET['groupname']) || !isset($a_group[$id]) || ($_GET['groupname'] != $a_group[$id]['name'])) {
104
		pfSenseHeader("system_groupmanager.php");
105
		exit;
106
	}
107

    
108
	conf_mount_rw();
109
	local_group_del($a_group[$id]);
110
	conf_mount_ro();
111
	$groupdeleted = $a_group[$id]['name'];
112
	unset($a_group[$id]);
113
	write_config();
114
	$savemsg = sprintf(gettext("Group %s successfully deleted."), $groupdeleted);
115
}
116

    
117
if ($act == "delpriv") {
118

    
119
	if (!isset($id) || !isset($a_group[$id])) {
120
		pfSenseHeader("system_groupmanager.php");
121
		exit;
122
	}
123

    
124
	$privdeleted = $priv_list[$a_group[$id]['priv'][$_POST['privid']]]['name'];
125
	unset($a_group[$id]['priv'][$_GET['privid']]);
126

    
127
	if (is_array($a_group[$id]['member'])) {
128
		foreach ($a_group[$id]['member'] as $uid) {
129
			$user = getUserEntryByUID($uid);
130
			if ($user) {
131
				local_user_set($user);
132
			}
133
		}
134
	}
135

    
136
	write_config();
137
	$act = "edit";
138
	$savemsg = sprintf(gettext("Privilege %s successfully deleted."), $privdeleted);
139
}
140

    
141
if ($act == "edit") {
142
	if (isset($id) && isset($a_group[$id])) {
143
		$pconfig['name'] = $a_group[$id]['name'];
144
		$pconfig['gid'] = $a_group[$id]['gid'];
145
		$pconfig['gtype'] = $a_group[$id]['scope'];
146
		$pconfig['description'] = $a_group[$id]['description'];
147
		$pconfig['members'] = $a_group[$id]['member'];
148
		$pconfig['priv'] = $a_group[$id]['priv'];
149
	}
150
}
151

    
152
if (isset($_GET['dellall_x'])) {
153

    
154
	$del_groups = $_GET['delete_check'];
155

    
156
	if (!empty($del_groups)) {
157
		foreach ($del_groups as $groupid) {
158
			if (isset($a_group[$groupid]) && $a_group[$groupid]['scope'] != "system") {
159
				conf_mount_rw();
160
				local_group_del($a_group[$groupid]);
161
				conf_mount_ro();
162
				unset($a_group[$groupid]);
163
			}
164
		}
165
		$savemsg = gettext("Selected groups removed successfully.");
166
		write_config($savemsg);
167
	}
168
}
169

    
170
if (isset($_POST['save'])) {
171
	unset($input_errors);
172
	$pconfig = $_POST;
173

    
174
	/* input validation */
175
	$reqdfields = explode(" ", "groupname");
176
	$reqdfieldsn = array(gettext("Group Name"));
177

    
178
	do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
179

    
180
	if (preg_match("/[^a-zA-Z0-9\.\-_ ]/", $_POST['groupname'])) {
181
		$input_errors[] = gettext("The group name contains invalid characters.");
182
	}
183

    
184
	if (strlen($_POST['groupname']) > 16) {
185
		$input_errors[] = gettext("The group name is longer than 16 characters.");
186
	}
187

    
188
	if (!$input_errors && !(isset($id) && $a_group[$id])) {
189
		/* make sure there are no dupes */
190
		foreach ($a_group as $group) {
191
			if ($group['name'] == $_POST['groupname']) {
192
				$input_errors[] = gettext("Another entry with the same group name already exists.");
193
				break;
194
			}
195
		}
196
	}
197

    
198
	if (!$input_errors) {
199
		$group = array();
200
		if (isset($id) && $a_group[$id]) {
201
			$group = $a_group[$id];
202
		}
203

    
204
		$group['name'] = $_POST['groupname'];
205
		$group['description'] = $_POST['description'];
206

    
207
		if (empty($_POST['members'])) {
208
			unset($group['member']);
209
		} else if ($group['gid'] != 1998) { // all group
210
			$group['member'] = $_POST['members'];
211
		}
212

    
213
		if (isset($id) && $a_group[$id]) {
214
			$a_group[$id] = $group;
215
		} else {
216
			$group['gid'] = $config['system']['nextgid']++;
217
			$a_group[] = $group;
218
		}
219

    
220
		admin_groups_sort();
221

    
222
		conf_mount_rw();
223
		local_group_set($group);
224
		conf_mount_ro();
225

    
226
		/* Refresh users in this group since their privileges may have changed. */
227
		if (is_array($group['member'])) {
228
			$a_user = &$config['system']['user'];
229
			foreach ($a_user as & $user) {
230
				if (in_array($user['uid'], $group['member'])) {
231
					local_user_set($user);
232
				}
233
			}
234
		}
235

    
236
		write_config();
237

    
238
		header("Location: system_groupmanager.php");
239
		exit;
240
	}
241
}
242

    
243
function build_priv_table() {
244
	global $a_group, $id;
245

    
246
	$privhtml = '<div class="table-responsive">';
247
	$privhtml .=	'<table class="table table-striped table-hover table-condensed">';
248
	$privhtml .=		'<thead>';
249
	$privhtml .=			'<th>' . gettext('Name') . '</th>';
250
	$privhtml .=			'<th>' . gettext('Description') . '</th>';
251
	$privhtml .=		'</thead>';
252
	$privhtml .=		'<tbody>';
253

    
254
	foreach (get_user_privdesc($a_group[$id]) as $i => $priv) {
255
		$privhtml .=		'<tr>';
256
		$privhtml .=			'<td>' . htmlspecialchars($priv['name']) . '</td>';
257
		$privhtml .=			'<td>' . htmlspecialchars($priv['descr']) . '</td>';
258
		$privhtml .=			'<td><a class="fa fa-trash" title="' . gettext('Delete Privilege') . '"	href="system_groupmanager.php?act=delpriv&amp;groupid=' . $id . '&amp;privid=' . $i . '"></a></td>';
259
		$privhtml .=		'</tr>';
260

    
261
	}
262

    
263
	$privhtml .=		'</tbody>';
264
	$privhtml .=	'</table>';
265
	$privhtml .= '</div>';
266

    
267
	$privhtml .= '<nav class="action-buttons">';
268
	$privhtml .=	'<a href="system_groupmanager_addprivs.php?groupid=' . $id . '" class="btn btn-success">' . gettext("Add") . '</a>';
269
	$privhtml .= '</nav>';
270

    
271
	return($privhtml);
272
}
273

    
274
$pgtitle = array(gettext("System"), gettext("User Manager"), gettext("Groups"));
275

    
276
if ($act == "new" || $act == "edit") {
277
	$pgtitle[] = gettext('Edit');
278
}
279
include("head.inc");
280

    
281
if ($input_errors) {
282
	print_input_errors($input_errors);
283
}
284
if ($savemsg) {
285
	print_info_box($savemsg, 'success');
286
}
287

    
288
$tab_array = array();
289
$tab_array[] = array(gettext("Users"), false, "system_usermanager.php");
290
$tab_array[] = array(gettext("Groups"), true, "system_groupmanager.php");
291
$tab_array[] = array(gettext("Settings"), false, "system_usermanager_settings.php");
292
$tab_array[] = array(gettext("Authentication Servers"), false, "system_authservers.php");
293
display_top_tabs($tab_array);
294

    
295
if (!($_GET['act'] == "new" || $_GET['act'] == "edit")) {
296
?>
297
<div class="panel panel-default">
298
	<div class="panel-heading"><h2 class="panel-title"><?=gettext('Groups')?></h2></div>
299
	<div class="panel-body">
300
		<div class="table-responsive">
301
			<table class="table table-striped table-hover table-condensed sortable-theme-bootstrap" data-sortable>
302
				<thead>
303
					<tr>
304
						<th><?=gettext("Group name")?></th>
305
						<th><?=gettext("Description")?></th>
306
						<th><?=gettext("Member Count")?></th>
307
						<th><?=gettext("Actions")?></th>
308
					</tr>
309
				</thead>
310
				<tbody>
311
<?php
312
	foreach ($a_group as $i => $group):
313
		if ($group["name"] == "all") {
314
			$groupcount = count($config['system']['user']);
315
		} else {
316
			$groupcount = count($group['member']);
317
		}
318
?>
319
					<tr>
320
						<td>
321
							<?=htmlspecialchars($group['name'])?>
322
						</td>
323
						<td>
324
							<?=htmlspecialchars($group['description'])?>
325
						</td>
326
						<td>
327
							<?=$groupcount?>
328
						</td>
329
						<td>
330
							<a class="fa fa-pencil" title="<?=gettext("Edit group"); ?>" href="?act=edit&amp;groupid=<?=$i?>"></a>
331
							<?php if ($group['scope'] != "system"): ?>
332
								<a class="fa fa-trash"	title="<?=gettext("Delete group")?>" href="?act=delgroup&amp;groupid=<?=$i?>&amp;groupname=<?=$group['name']?>"></a>
333
							<?php endif;?>
334
						</td>
335
					</tr>
336
<?php
337
	endforeach;
338
?>
339
				</tbody>
340
			</table>
341
		</div>
342
	</div>
343
</div>
344

    
345
<nav class="action-buttons">
346
	<a href="?act=new" class="btn btn-success btn-sm">
347
		<i class="fa fa-plus icon-embed-btn"></i>
348
		<?=gettext("Add")?>
349
	</a>
350
</nav>
351
<?php
352
	include('foot.inc');
353
	exit;
354
}
355

    
356
$form = new Form;
357
$form->setAction('system_groupmanager.php?act=edit');
358
$form->addGlobal(new Form_Input(
359
	'groupid',
360
	null,
361
	'hidden',
362
	$id
363
));
364

    
365
if (isset($id) && $a_group[$id]){
366
	$form->addGlobal(new Form_Input(
367
		'id',
368
		null,
369
		'hidden',
370
		$id
371
	));
372

    
373
	$form->addGlobal(new Form_Input(
374
		'gid',
375
		null,
376
		'hidden',
377
		$pconfig['gid']
378
	));
379
}
380

    
381
$section = new Form_Section('Group Properties');
382

    
383
if ($_GET['act'] != "new") {
384
	$section->addInput(new Form_StaticText(
385
		'Defined by',
386
		strtoupper($pconfig['gtype'])
387
	));
388
}
389

    
390
$section->addInput($input = new Form_Input(
391
	'groupname',
392
	'Group name',
393
	'text',
394
	$pconfig['name']
395
));
396

    
397
if ($pconfig['gtype'] == "system") {
398
	$input->setReadonly();
399
}
400

    
401
$section->addInput(new Form_Input(
402
	'description',
403
	'Description',
404
	'text',
405
	$pconfig['description']
406
))->setHelp('Group description, for your own information only');
407

    
408
$form->add($section);
409
if ($pconfig['gid'] != 1998) { // all users group
410

    
411
	// ==== Group membership ==================================================
412
	$group = new Form_Group('Group membership');
413

    
414
	// Make a list of all the groups configured on the system, and a list of
415
	// those which this user is a member of
416
	$systemGroups = array();
417
	$usersGroups = array();
418

    
419
	foreach ($config['system']['user'] as $user) {
420
		if (is_array($pconfig['members']) && in_array($user['uid'], $pconfig['members'])) {
421
			$usersGroups[ $user['uid'] ] = $user['name'];	// Add it to the user's list
422
		} else {
423
			$systemGroups[ $user['uid'] ] = $user['name']; // Add it to the 'not a member of' list
424
		}
425
	}
426

    
427
	$group->add(new Form_Select(
428
		'notmembers',
429
		null,
430
		array_combine((array)$pconfig['groups'], (array)$pconfig['groups']),
431
		$systemGroups,
432
		true
433
	))->setHelp('Not members');
434

    
435
	$group->add(new Form_Select(
436
		'members',
437
		null,
438
		array_combine((array)$pconfig['groups'], (array)$pconfig['groups']),
439
		$usersGroups,
440
		true
441
	))->setHelp('Members');
442

    
443
	$section->add($group);
444

    
445
	$group = new Form_Group('');
446

    
447
	$group->add(new Form_Button(
448
		'movetoenabled',
449
		'Move to "Members" >'
450
	))->removeClass('btn-primary')->addClass('btn-default btn-sm');
451

    
452
	$group->add(new Form_Button(
453
		'movetodisabled',
454
		'< Move to "Not members'
455
	))->removeClass('btn-primary')->addClass('btn-default btn-sm');
456

    
457
	$group->setHelp('Hold down CTRL (pc)/COMMAND (mac) key to select multiple items');
458
	$section->add($group);
459

    
460
}
461

    
462
if ($_GET['act'] != "new") {
463
	$section = new Form_Section('Assigned Privileges');
464

    
465
	$section->addInput(new Form_StaticText(
466
		null,
467
		build_priv_table()
468
	));
469

    
470

    
471
	$form->add($section);
472
}
473

    
474
print $form;
475
?>
476
<script type="text/javascript">
477
//<![CDATA[
478
events.push(function() {
479

    
480
	// Make buttons plain buttons, not submit
481
	$("#movetodisabled").prop('type','button');
482
	$("#movetoenabled").prop('type','button');
483

    
484

    
485
	// On click . .
486
	$("#movetodisabled").click(function() {
487
		moveOptions($('[name="members[]"] option'), $('[name="notmembers[]"]'));
488
	});
489

    
490
	$("#movetoenabled").click(function() {
491
		moveOptions($('[name="notmembers[]"] option'), $('[name="members[]"]'));
492
	});
493

    
494
	// On submit mark all the user's groups as "selected"
495
	$('form').submit(function() {
496
		AllServers($('[name="members[]"] option'), true);
497
	});
498
});
499
//]]>
500
</script>
501
<?php
502
include('foot.inc');
(202-202/229)