/src/usr/local/www/system_groupmanager.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/src/usr/local/www/system_groupmanager.php @ b18303f1

1	4c291f4c	Renato Botelho	<?php
2	fab7ff44	Bill Marquette	/*
3	4c291f4c	Renato Botelho	$Id: system_groupmanager.php
4	d88c6a9f	Scott Ullrich	part of m0n0wall (http://m0n0.ch/wall)
5	29aef6c4	Jim Thompson	part of pfSense
6
7	ce77a9c4	Phil Davis	Copyright (C) 2013-2015 Electric Sheep Fencing, LP
8	29aef6c4	Jim Thompson	All rights reserved.
9	d88c6a9f	Scott Ullrich
10	6b07c15a	Matthew Grooms	Copyright (C) 2008 Shrew Soft Inc.
11	4c291f4c	Renato Botelho	All rights reserved.
12	6b07c15a	Matthew Grooms
13	d88c6a9f	Scott Ullrich	Copyright (C) 2005 Paul Taylor <paultaylor@winn-dixie.com>.
14	4c291f4c	Renato Botelho	All rights reserved.
15	d88c6a9f	Scott Ullrich
16			Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>.
17			All rights reserved.
18	4c291f4c	Renato Botelho
19	d88c6a9f	Scott Ullrich	Redistribution and use in source and binary forms, with or without
20			modification, are permitted provided that the following conditions are met:
21	4c291f4c	Renato Botelho
22	d88c6a9f	Scott Ullrich	1. Redistributions of source code must retain the above copyright notice,
23			this list of conditions and the following disclaimer.
24	4c291f4c	Renato Botelho
25	d88c6a9f	Scott Ullrich	2. Redistributions in binary form must reproduce the above copyright
26			notice, this list of conditions and the following disclaimer in the
27			documentation and/or other materials provided with the distribution.
28	4c291f4c	Renato Botelho
29	d88c6a9f	Scott Ullrich	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
30			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
31			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
32			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
33			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
34			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
35			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
36			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
37			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
38			POSSIBILITY OF SUCH DAMAGE.
39	fab7ff44	Bill Marquette	*/
40	1d333258	Scott Ullrich	/*
41	2f1e91e4	Stephen Beaver	pfSense_MODULE: auth
42	1d333258	Scott Ullrich	*/
43	fab7ff44	Bill Marquette
44	6b07c15a	Matthew Grooms	##\|+PRIV
45			##\|*IDENT=page-system-groupmanager
46			##\|*NAME=System: Group manager page
47			##\|*DESCR=Allow access to the 'System: Group manager' page.
48			##\|MATCH=system_groupmanager.php
49			##\|-PRIV
50	fab7ff44	Bill Marquette
51	3fa86ecd	sullrich	require("guiconfig.inc");
52	d88c6a9f	Scott Ullrich
53	bbf825ab	Vinicius Coque	$pgtitle = array(gettext("System"), gettext("Group manager"));
54	fab7ff44	Bill Marquette
55	e0c7b2fe	Phil Davis	if (!is_array($config['system']['group'])) {
56	6b07c15a	Matthew Grooms	$config['system']['group'] = array();
57	e0c7b2fe	Phil Davis	}
58	d81c2ad1	Scott Ullrich
59	6b07c15a	Matthew Grooms	$a_group = &$config['system']['group'];
60	d81c2ad1	Scott Ullrich
61	7ea27b0d	Renato Botelho	unset($id);
62	e0c7b2fe	Phil Davis	if (isset($_POST['groupid']) && is_numericint($_POST['groupid'])) {
63	7ea27b0d	Renato Botelho	$id = $_POST['groupid'];
64	e0c7b2fe	Phil Davis	}
65	d81c2ad1	Scott Ullrich
66	2f1e91e4	Stephen Beaver	if (isset($_GET['groupid']) && is_numericint($_GET['groupid'])) {
67			$id = $_GET['groupid'];
68			}
69
70			$act = (isset($_GET['act']) ? $_GET['act'] : '');
71	31b53653	Scott Ullrich
72	7ea27b0d	Renato Botelho	if ($act == "delgroup") {
73
74	2f1e91e4	Stephen Beaver	if (!isset($id) \|\| !isset($_GET['groupname']) \|\| !isset($a_group[$id]) \|\| ($_GET['groupname'] != $a_group[$id]['name'])) {
75	6b07c15a	Matthew Grooms	pfSenseHeader("system_groupmanager.php");
76			exit;
77			}
78	31b53653	Scott Ullrich
79	920dbb26	Renato Botelho	conf_mount_rw();
80	7ea27b0d	Renato Botelho	local_group_del($a_group[$id]);
81	920dbb26	Renato Botelho	conf_mount_ro();
82	7ea27b0d	Renato Botelho	$groupdeleted = $a_group[$id]['name'];
83			unset($a_group[$id]);
84	6b07c15a	Matthew Grooms	write_config();
85	e0c7b2fe	Phil Davis	$savemsg = gettext("Group") . " {$groupdeleted} " .
86			gettext("successfully deleted") . "<br />";
87	fab7ff44	Bill Marquette	}
88	d88c6a9f	Scott Ullrich
89	7ea27b0d	Renato Botelho	if ($act == "delpriv") {
90	6b07c15a	Matthew Grooms
91	7ea27b0d	Renato Botelho	if (!isset($id) \|\| !isset($a_group[$id])) {
92	6b07c15a	Matthew Grooms	pfSenseHeader("system_groupmanager.php");
93			exit;
94			}
95	fab7ff44	Bill Marquette
96	7ea27b0d	Renato Botelho	$privdeleted = $priv_list[$a_group[$id]['priv'][$_POST['privid']]]['name'];
97	2f1e91e4	Stephen Beaver	unset($a_group[$id]['priv'][$_GET['privid']]);
98	6b07c15a	Matthew Grooms
99	2ee08031	Erik Fonnesbeck	if (is_array($a_group[$id]['member'])) {
100			foreach ($a_group[$id]['member'] as $uid) {
101			$user = getUserEntryByUID($uid);
102	e0c7b2fe	Phil Davis	if ($user) {
103	2ee08031	Erik Fonnesbeck	local_user_set($user);
104	64600f94	Sjon Hortensius	}
105	2ee08031	Erik Fonnesbeck	}
106	64600f94	Sjon Hortensius	}
107	45ee90ed	Matthew Grooms
108	6b07c15a	Matthew Grooms	write_config();
109	7ea27b0d	Renato Botelho	$act = "edit";
110	e0c7b2fe	Phil Davis	$savemsg = gettext("Privilege") . " {$privdeleted} " .
111			gettext("successfully deleted") . "<br />";
112	6b07c15a	Matthew Grooms	}
113	45ee90ed	Matthew Grooms
114	7ea27b0d	Renato Botelho	if ($act == "edit") {
115			if (isset($id) && isset($a_group[$id])) {
116	45ee90ed	Matthew Grooms	$pconfig['name'] = $a_group[$id]['name'];
117	6b07c15a	Matthew Grooms	$pconfig['gid'] = $a_group[$id]['gid'];
118			$pconfig['gtype'] = $a_group[$id]['scope'];
119	45ee90ed	Matthew Grooms	$pconfig['description'] = $a_group[$id]['description'];
120	6b07c15a	Matthew Grooms	$pconfig['members'] = $a_group[$id]['member'];
121			$pconfig['priv'] = $a_group[$id]['priv'];
122	45ee90ed	Matthew Grooms	}
123			}
124	6b07c15a	Matthew Grooms
125	2f1e91e4	Stephen Beaver	if (isset($_GET['dellall_x'])) {
126	c0c5b8cc	bruno
127	2f1e91e4	Stephen Beaver	$del_groups = $_GET['delete_check'];
128	c0c5b8cc	bruno
129	e0c7b2fe	Phil Davis	if (!empty($del_groups)) {
130			foreach ($del_groups as $groupid) {
131			if (isset($a_group[$groupid]) && $a_group[$groupid]['scope'] != "system") {
132	c0c5b8cc	bruno	conf_mount_rw();
133			local_group_del($a_group[$groupid]);
134			conf_mount_ro();
135			unset($a_group[$groupid]);
136			}
137			}
138			$savemsg = gettext("Selected groups removed successfully!");
139			write_config($savemsg);
140			}
141			}
142
143	7ea27b0d	Renato Botelho	if (isset($_POST['save'])) {
144	d88c6a9f	Scott Ullrich	unset($input_errors);
145			$pconfig = $_POST;
146
147			/* input validation */
148			$reqdfields = explode(" ", "groupname");
149	b4fd804b	Carlos Eduardo Ramos	$reqdfieldsn = array(gettext("Group Name"));
150	4c291f4c	Renato Botelho
151	1e9b4611	Renato Botelho	do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
152	4c291f4c	Renato Botelho
153	e0c7b2fe	Phil Davis	if (preg_match("/[^a-zA-Z0-9\.\-_ ]/", $_POST['groupname'])) {
154	bbf825ab	Vinicius Coque	$input_errors[] = gettext("The group name contains invalid characters.");
155	e0c7b2fe	Phil Davis	}
156	4c291f4c	Renato Botelho
157	e0c7b2fe	Phil Davis	if (strlen($_POST['groupname']) > 16) {
158	3db408b3	PiBa-NL	$input_errors[] = gettext("The group name is longer than 16 characters.");
159	e0c7b2fe	Phil Davis	}
160	4c291f4c	Renato Botelho
161	d88c6a9f	Scott Ullrich	if (!$input_errors && !(isset($id) && $a_group[$id])) {
162			/* make sure there are no dupes */
163			foreach ($a_group as $group) {
164			if ($group['name'] == $_POST['groupname']) {
165	bbf825ab	Vinicius Coque	$input_errors[] = gettext("Another entry with the same group name already exists.");
166	d88c6a9f	Scott Ullrich	break;
167			}
168			}
169			}
170	4c291f4c	Renato Botelho
171	d88c6a9f	Scott Ullrich	if (!$input_errors) {
172	45ee90ed	Matthew Grooms	$group = array();
173	e0c7b2fe	Phil Davis	if (isset($id) && $a_group[$id]) {
174	d88c6a9f	Scott Ullrich	$group = $a_group[$id];
175	e0c7b2fe	Phil Davis	}
176	4c291f4c	Renato Botelho
177	d88c6a9f	Scott Ullrich	$group['name'] = $_POST['groupname'];
178			$group['description'] = $_POST['description'];
179	45ee90ed	Matthew Grooms
180	e0c7b2fe	Phil Davis	if (empty($_POST['members'])) {
181	70d6b5c4	Ermal	unset($group['member']);
182	e0c7b2fe	Phil Davis	} else if ($group['gid'] != 1998) { // all group
183	6b07c15a	Matthew Grooms	$group['member'] = $_POST['members'];
184	e0c7b2fe	Phil Davis	}
185	45ee90ed	Matthew Grooms
186	e0c7b2fe	Phil Davis	if (isset($id) && $a_group[$id]) {
187	d88c6a9f	Scott Ullrich	$a_group[$id] = $group;
188	e0c7b2fe	Phil Davis	} else {
189	45ee90ed	Matthew Grooms	$group['gid'] = $config['system']['nextgid']++;
190	d88c6a9f	Scott Ullrich	$a_group[] = $group;
191	45ee90ed	Matthew Grooms	}
192
193	920dbb26	Renato Botelho	conf_mount_rw();
194	659fa7f2	Matthew Grooms	local_group_set($group);
195	920dbb26	Renato Botelho	conf_mount_ro();
196	2a0e8512	jim-p
197			/* Refresh users in this group since their privileges may have changed. */
198	5709072a	jim-p	if (is_array($group['member'])) {
199			$a_user = &$config['system']['user'];
200			foreach ($a_user as & $user) {
201	e0c7b2fe	Phil Davis	if (in_array($user['uid'], $group['member'])) {
202	5709072a	jim-p	local_user_set($user);
203	e0c7b2fe	Phil Davis	}
204	5709072a	jim-p	}
205	2a0e8512	jim-p	}
206
207	d88c6a9f	Scott Ullrich	write_config();
208	4c291f4c	Renato Botelho
209	d88c6a9f	Scott Ullrich	header("Location: system_groupmanager.php");
210			exit;
211			}
212	fab7ff44	Bill Marquette	}
213
214	2f1e91e4	Stephen Beaver	function build_priv_table() {
215			global $a_group, $id;
216
217			$privhtml = '<div class="table-responsive">';
218			$privhtml .= '<table class="table table-striped table-hover table-condensed">';
219			$privhtml .= '<thead>';
220			$privhtml .= '<th>' . gettext('Name') . '</th>';
221			$privhtml .= '<th>' . gettext('Description') . '</th>';
222			$privhtml .= '</thead>';
223			$privhtml .= '<tbody>';
224
225			foreach (get_user_privdesc($a_group[$id]) as $i => $priv) {
226			$privhtml .= '<tr>';
227			$privhtml .= '<td>' . htmlspecialchars($priv['name']) . '</td>';
228			$privhtml .= '<td>' . htmlspecialchars($priv['descr']) . '</td>';
229			$privhtml .= '</tr>';
230			}
231
232			$privhtml .= '</tbody>';
233			$privhtml .= '</table>';
234			$privhtml .= '</div>';
235
236			$privhtml .= '<nav class="action-buttons">';
237			$privhtml .= '<a href="system_groupmanager_addprivs.php?groupid=' . $id . '" class="btn btn-success">' . gettext("Add") . '</a>';
238			$privhtml .= '</nav>';
239
240			return($privhtml);
241			}
242
243	fab7ff44	Bill Marquette	include("head.inc");
244
245	64600f94	Sjon Hortensius	if ($input_errors)
246			print_input_errors($input_errors);
247			if ($savemsg)
248			print_info_box($savemsg);
249
250			$tab_array = array();
251			$tab_array[] = array(gettext("Users"), false, "system_usermanager.php");
252			$tab_array[] = array(gettext("Groups"), true, "system_groupmanager.php");
253			$tab_array[] = array(gettext("Settings"), false, "system_usermanager_settings.php");
254			$tab_array[] = array(gettext("Servers"), false, "system_authservers.php");
255			display_top_tabs($tab_array);
256
257			if (!($_GET['act'] == "new" \|\| $_GET['act'] == "edit"))
258			{
259			?>
260	94404d94	Sander van Leeuwen	<div class="table-responsive">
261			<table class="table table-striped table-hover">
262			<thead>
263			<tr>
264			<th><?=gettext("Group name")?></th>
265			<th><?=gettext("Description")?></th>
266			<th><?=gettext("Member Count")?></th>
267			<th></th>
268			</tr>
269			</thead>
270			<tbody>
271	64600f94	Sjon Hortensius	<?php
272			foreach($a_group as $i => $group):
273			if ($group["name"] == "all")
274			$groupcount = count($config['system']['user']);
275			else
276			$groupcount = count($group['member']);
277			?>
278	94404d94	Sander van Leeuwen	<tr>
279			<td>
280			<?=htmlspecialchars($group['name'])?>
281			</td>
282			<td>
283			<?=htmlspecialchars($group['description'])?>
284			</td>
285			<td>
286			<?=$groupcount?>
287			</td>
288			<td>
289			<a href="?act=edit&groupid=<?=$i?>" class="btn btn-xs btn-primary">edit</a>
290			<?php if($group['scope'] != "system"): ?>
291			<a href="?act=delgroup&groupid=<?=$i?>&groupname=<?=$group['name']?>" class="btn btn-xs btn-danger">delete</a>
292			<?php endif;?>
293			</td>
294			</tr>
295	64600f94	Sjon Hortensius	<?php
296			endforeach;
297	fab7ff44	Bill Marquette	?>
298	94404d94	Sander van Leeuwen	</tbody>
299			</table>
300			</div>
301	45ee90ed	Matthew Grooms
302	94404d94	Sander van Leeuwen	<nav class="action-buttons">
303			<a href="?act=new" class="btn btn-success">add new</a>
304			</nav>
305	64600f94	Sjon Hortensius	<?php
306			include('foot.inc');
307			exit;
308	6b07c15a	Matthew Grooms	}
309
310	ad2879b8	PiBa-NL	require_once('classes/Form.class.php');
311	64600f94	Sjon Hortensius	$form = new Form;
312			$form->setAction('system_groupmanager.php?act=edit');
313			$form->addGlobal(new Form_Input(
314			'groupid',
315			null,
316			'hidden',
317			$id
318			));
319
320			if (isset($id) && $a_group[$id]){
321			$form->addGlobal(new Form_Input(
322			'id',
323			null,
324			'hidden',
325			$id
326			));
327
328			$form->addGlobal(new Form_Input(
329			'gid',
330			null,
331			'hidden',
332			$pconfig['gid']
333			));
334	61dec0b0	Renato Botelho	}
335
336	64600f94	Sjon Hortensius	$section = new Form_Section('Group properties');
337
338			if ($_GET['act'] != "new")
339			{
340			$section->addInput(new Form_StaticText(
341			'Defined by',
342			strtoupper($pconfig['gtype'])
343			));
344	6b07c15a	Matthew Grooms	}
345
346	e6acc2ee	Sjon Hortensius	$section->addInput($input = new Form_Input(
347	64600f94	Sjon Hortensius	'groupname',
348			'Group name',
349			'text',
350			$pconfig['name']
351			));
352
353	e6acc2ee	Sjon Hortensius	if ($pconfig['gtype'] == "system")
354	1192840b	Sjon Hortensius	$input->setReadonly();
355	e6acc2ee	Sjon Hortensius
356	64600f94	Sjon Hortensius	$section->addInput(new Form_Input(
357			'description',
358			'Description',
359			'text',
360			$pconfig['description']
361			))->setHelp('Group description, for your own information only');
362
363			$form->add($section);
364			if ($pconfig['gid'] != 1998) // all users group
365			{
366	2f1e91e4	Stephen Beaver	// ==== Group membership ==================================================
367			$group = new Form_Group('Group membership');
368
369			// Make a list of all the groups configured on the system, and a list of
370			// those which this user is a member of
371			$systemGroups = array();
372			$usersGroups = array();
373
374			foreach ($config['system']['user'] as $user) {
375			if (is_array($pconfig['members']) && in_array($user['uid'], $pconfig['members']))
376			$usersGroups[ $user['uid'] ] = $user['name']; // Add it to the user's list
377			else
378			$systemGroups[ $user['uid'] ] = $user['name']; // Add it to the 'not a member of' list
379			}
380
381			$group->add(new Form_Select(
382			'notmembers',
383			null,
384			array_combine((array)$pconfig['groups'], (array)$pconfig['groups']),
385			$systemGroups,
386			true
387			))->setHelp('Not members');
388	64600f94	Sjon Hortensius
389	2f1e91e4	Stephen Beaver	$group->add(new Form_Select(
390	64600f94	Sjon Hortensius	'members',
391	2f1e91e4	Stephen Beaver	null,
392			array_combine((array)$pconfig['groups'], (array)$pconfig['groups']),
393			$usersGroups,
394	64600f94	Sjon Hortensius	true
395	2f1e91e4	Stephen Beaver	))->setHelp('Members');
396
397			$section->add($group);
398
399			$group = new Form_Group('');
400
401			$group->add(new Form_Button(
402			'movetoenabled',
403			'Move to "Members" >'
404			))->removeClass('btn-primary')->addClass('btn-default btn-sm');
405
406			$group->add(new Form_Button(
407			'movetodisabled',
408			'< Move to "Not members'
409			))->removeClass('btn-primary')->addClass('btn-default btn-sm');
410
411			$group->setHelp('Hold down CTRL (pc)/COMMAND (mac) key to select multiple items');
412			$section->add($group);
413	64600f94	Sjon Hortensius
414	6b07c15a	Matthew Grooms	}
415
416	64600f94	Sjon Hortensius	if ($_GET['act'] != "new")
417			{
418			$section = new Form_Section('Assigned Privileges');
419
420			$section->addInput(new Form_StaticText(
421			null,
422	2f1e91e4	Stephen Beaver	build_priv_table()
423	64600f94	Sjon Hortensius	));
424	6b07c15a	Matthew Grooms
425	2f1e91e4	Stephen Beaver
426	64600f94	Sjon Hortensius	$form->add($section);
427	6b07c15a	Matthew Grooms	}
428
429	64600f94	Sjon Hortensius	print $form;
430	2f1e91e4	Stephen Beaver	?>
431			<script>
432			//<![CDATA[
433			events.push(function(){
434
435			// Select every option in the specified multiselect
436			function AllServers(id, selectAll) {
437			for (i = 0; i < id.length; i++) {
438			id.eq(i).prop('selected', selectAll);
439			}
440			}
441	e30001cf	Matthew Grooms
442	2f1e91e4	Stephen Beaver	// Move all selected options from one multiselect to another
443			function moveOptions(From, To) {
444			var len = From.length;
445			var option, value;
446
447			if(len > 1) {
448			for(i=0; i<len; i++) {
449			if(From.eq(i).is(':selected')) {
450			option = From.eq(i).val();
451			value = From.eq(i).text();
452			To.append(new Option(value, option));
453			From.eq(i).remove();
454			}
455			}
456			}
457			}
458
459			// Make buttons plain buttons, not submit
460			$("#movetodisabled").prop('type','button');
461			$("#movetoenabled").prop('type','button');
462
463
464			// On click . .
465			$("#movetodisabled").click(function() {
466			moveOptions($('[name="members[]"] option'), $('[name="notmembers[]"]'));
467			});
468
469			$("#movetoenabled").click(function() {
470			moveOptions($('[name="notmembers[]"] option'), $('[name="members[]"]'));
471			});
472
473			// On submit mark all the user's groups as "selected"
474			$('form').submit(function(){
475			AllServers($('[name="members[]"] option'), true);
476			});
477			});
478			//]]>
479			</script>
480			<?php
481	64600f94	Sjon Hortensius	include('foot.inc');

Project

General

Profile

pfSense