/src/usr/local/www/system_groupmanager.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/src/usr/local/www/system_groupmanager.php @ f74457df

1	4c291f4c	Renato Botelho	<?php
2	fab7ff44	Bill Marquette	/*
3	4c291f4c	Renato Botelho	$Id: system_groupmanager.php
4	fab7ff44	Bill Marquette	*/
5	f74457df	Stephen Beaver	/* ====================================================================
6			* Copyright (c) 2004-2015 Electric Sheep Fencing, LLC. All rights reserved.
7			* Copyright (c) 2005 Paul Taylor <paultaylor@winn-dixie.com>
8			* Copyright (c) 2003-2005 Manuel Kasper <mk@neon1.net>
9			*
10			* Redistribution and use in source and binary forms, with or without modification,
11			* are permitted provided that the following conditions are met:
12			*
13			* 1. Redistributions of source code must retain the above copyright notice,
14			* this list of conditions and the following disclaimer.
15			*
16			* 2. Redistributions in binary form must reproduce the above copyright
17			* notice, this list of conditions and the following disclaimer in
18			* the documentation and/or other materials provided with the
19			* distribution.
20			*
21			* 3. All advertising materials mentioning features or use of this software
22			* must display the following acknowledgment:
23			* "This product includes software developed by the pfSense Project
24			* for use in the pfSense software distribution. (http://www.pfsense.org/).
25			*
26			* 4. The names "pfSense" and "pfSense Project" must not be used to
27			* endorse or promote products derived from this software without
28			* prior written permission. For written permission, please contact
29			* coreteam@pfsense.org.
30			*
31			* 5. Products derived from this software may not be called "pfSense"
32			* nor may "pfSense" appear in their names without prior written
33			* permission of the Electric Sheep Fencing, LLC.
34			*
35			* 6. Redistributions of any form whatsoever must retain the following
36			* acknowledgment:
37			*
38			* "This product includes software developed by the pfSense Project
39			* for use in the pfSense software distribution (http://www.pfsense.org/).
40			*
41			* THIS SOFTWARE IS PROVIDED BY THE pfSense PROJECT ``AS IS'' AND ANY
42			* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43			* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
44			* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE pfSense PROJECT OR
45			* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
46			* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
47			* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
48			* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
49			* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
50			* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
51			* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
52			* OF THE POSSIBILITY OF SUCH DAMAGE.
53			*
54			* ====================================================================
55			*
56			*/
57	1d333258	Scott Ullrich	/*
58	2f1e91e4	Stephen Beaver	pfSense_MODULE: auth
59	1d333258	Scott Ullrich	*/
60	fab7ff44	Bill Marquette
61	6b07c15a	Matthew Grooms	##\|+PRIV
62			##\|*IDENT=page-system-groupmanager
63			##\|*NAME=System: Group manager page
64			##\|*DESCR=Allow access to the 'System: Group manager' page.
65			##\|MATCH=system_groupmanager.php
66			##\|-PRIV
67	fab7ff44	Bill Marquette
68	3fa86ecd	sullrich	require("guiconfig.inc");
69	d88c6a9f	Scott Ullrich
70	bbf825ab	Vinicius Coque	$pgtitle = array(gettext("System"), gettext("Group manager"));
71	fab7ff44	Bill Marquette
72	e0c7b2fe	Phil Davis	if (!is_array($config['system']['group'])) {
73	6b07c15a	Matthew Grooms	$config['system']['group'] = array();
74	e0c7b2fe	Phil Davis	}
75	d81c2ad1	Scott Ullrich
76	6b07c15a	Matthew Grooms	$a_group = &$config['system']['group'];
77	d81c2ad1	Scott Ullrich
78	7ea27b0d	Renato Botelho	unset($id);
79	e0c7b2fe	Phil Davis	if (isset($_POST['groupid']) && is_numericint($_POST['groupid'])) {
80	7ea27b0d	Renato Botelho	$id = $_POST['groupid'];
81	e0c7b2fe	Phil Davis	}
82	d81c2ad1	Scott Ullrich
83	2f1e91e4	Stephen Beaver	if (isset($_GET['groupid']) && is_numericint($_GET['groupid'])) {
84			$id = $_GET['groupid'];
85			}
86
87			$act = (isset($_GET['act']) ? $_GET['act'] : '');
88	31b53653	Scott Ullrich
89	7ea27b0d	Renato Botelho	if ($act == "delgroup") {
90
91	2f1e91e4	Stephen Beaver	if (!isset($id) \|\| !isset($_GET['groupname']) \|\| !isset($a_group[$id]) \|\| ($_GET['groupname'] != $a_group[$id]['name'])) {
92	6b07c15a	Matthew Grooms	pfSenseHeader("system_groupmanager.php");
93			exit;
94			}
95	31b53653	Scott Ullrich
96	920dbb26	Renato Botelho	conf_mount_rw();
97	7ea27b0d	Renato Botelho	local_group_del($a_group[$id]);
98	920dbb26	Renato Botelho	conf_mount_ro();
99	7ea27b0d	Renato Botelho	$groupdeleted = $a_group[$id]['name'];
100			unset($a_group[$id]);
101	6b07c15a	Matthew Grooms	write_config();
102	e0c7b2fe	Phil Davis	$savemsg = gettext("Group") . " {$groupdeleted} " .
103			gettext("successfully deleted") . "<br />";
104	fab7ff44	Bill Marquette	}
105	d88c6a9f	Scott Ullrich
106	7ea27b0d	Renato Botelho	if ($act == "delpriv") {
107	6b07c15a	Matthew Grooms
108	7ea27b0d	Renato Botelho	if (!isset($id) \|\| !isset($a_group[$id])) {
109	6b07c15a	Matthew Grooms	pfSenseHeader("system_groupmanager.php");
110			exit;
111			}
112	fab7ff44	Bill Marquette
113	7ea27b0d	Renato Botelho	$privdeleted = $priv_list[$a_group[$id]['priv'][$_POST['privid']]]['name'];
114	2f1e91e4	Stephen Beaver	unset($a_group[$id]['priv'][$_GET['privid']]);
115	6b07c15a	Matthew Grooms
116	2ee08031	Erik Fonnesbeck	if (is_array($a_group[$id]['member'])) {
117			foreach ($a_group[$id]['member'] as $uid) {
118			$user = getUserEntryByUID($uid);
119	e0c7b2fe	Phil Davis	if ($user) {
120	2ee08031	Erik Fonnesbeck	local_user_set($user);
121	64600f94	Sjon Hortensius	}
122	2ee08031	Erik Fonnesbeck	}
123	64600f94	Sjon Hortensius	}
124	45ee90ed	Matthew Grooms
125	6b07c15a	Matthew Grooms	write_config();
126	7ea27b0d	Renato Botelho	$act = "edit";
127	e0c7b2fe	Phil Davis	$savemsg = gettext("Privilege") . " {$privdeleted} " .
128			gettext("successfully deleted") . "<br />";
129	6b07c15a	Matthew Grooms	}
130	45ee90ed	Matthew Grooms
131	7ea27b0d	Renato Botelho	if ($act == "edit") {
132			if (isset($id) && isset($a_group[$id])) {
133	45ee90ed	Matthew Grooms	$pconfig['name'] = $a_group[$id]['name'];
134	6b07c15a	Matthew Grooms	$pconfig['gid'] = $a_group[$id]['gid'];
135			$pconfig['gtype'] = $a_group[$id]['scope'];
136	45ee90ed	Matthew Grooms	$pconfig['description'] = $a_group[$id]['description'];
137	6b07c15a	Matthew Grooms	$pconfig['members'] = $a_group[$id]['member'];
138			$pconfig['priv'] = $a_group[$id]['priv'];
139	45ee90ed	Matthew Grooms	}
140			}
141	6b07c15a	Matthew Grooms
142	2f1e91e4	Stephen Beaver	if (isset($_GET['dellall_x'])) {
143	c0c5b8cc	bruno
144	2f1e91e4	Stephen Beaver	$del_groups = $_GET['delete_check'];
145	c0c5b8cc	bruno
146	e0c7b2fe	Phil Davis	if (!empty($del_groups)) {
147			foreach ($del_groups as $groupid) {
148			if (isset($a_group[$groupid]) && $a_group[$groupid]['scope'] != "system") {
149	c0c5b8cc	bruno	conf_mount_rw();
150			local_group_del($a_group[$groupid]);
151			conf_mount_ro();
152			unset($a_group[$groupid]);
153			}
154			}
155			$savemsg = gettext("Selected groups removed successfully!");
156			write_config($savemsg);
157			}
158			}
159
160	7ea27b0d	Renato Botelho	if (isset($_POST['save'])) {
161	d88c6a9f	Scott Ullrich	unset($input_errors);
162			$pconfig = $_POST;
163
164			/* input validation */
165			$reqdfields = explode(" ", "groupname");
166	b4fd804b	Carlos Eduardo Ramos	$reqdfieldsn = array(gettext("Group Name"));
167	4c291f4c	Renato Botelho
168	1e9b4611	Renato Botelho	do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
169	4c291f4c	Renato Botelho
170	e0c7b2fe	Phil Davis	if (preg_match("/[^a-zA-Z0-9\.\-_ ]/", $_POST['groupname'])) {
171	bbf825ab	Vinicius Coque	$input_errors[] = gettext("The group name contains invalid characters.");
172	e0c7b2fe	Phil Davis	}
173	4c291f4c	Renato Botelho
174	e0c7b2fe	Phil Davis	if (strlen($_POST['groupname']) > 16) {
175	3db408b3	PiBa-NL	$input_errors[] = gettext("The group name is longer than 16 characters.");
176	e0c7b2fe	Phil Davis	}
177	4c291f4c	Renato Botelho
178	d88c6a9f	Scott Ullrich	if (!$input_errors && !(isset($id) && $a_group[$id])) {
179			/* make sure there are no dupes */
180			foreach ($a_group as $group) {
181			if ($group['name'] == $_POST['groupname']) {
182	bbf825ab	Vinicius Coque	$input_errors[] = gettext("Another entry with the same group name already exists.");
183	d88c6a9f	Scott Ullrich	break;
184			}
185			}
186			}
187	4c291f4c	Renato Botelho
188	d88c6a9f	Scott Ullrich	if (!$input_errors) {
189	45ee90ed	Matthew Grooms	$group = array();
190	e0c7b2fe	Phil Davis	if (isset($id) && $a_group[$id]) {
191	d88c6a9f	Scott Ullrich	$group = $a_group[$id];
192	e0c7b2fe	Phil Davis	}
193	4c291f4c	Renato Botelho
194	d88c6a9f	Scott Ullrich	$group['name'] = $_POST['groupname'];
195			$group['description'] = $_POST['description'];
196	45ee90ed	Matthew Grooms
197	e0c7b2fe	Phil Davis	if (empty($_POST['members'])) {
198	70d6b5c4	Ermal	unset($group['member']);
199	e0c7b2fe	Phil Davis	} else if ($group['gid'] != 1998) { // all group
200	6b07c15a	Matthew Grooms	$group['member'] = $_POST['members'];
201	e0c7b2fe	Phil Davis	}
202	45ee90ed	Matthew Grooms
203	e0c7b2fe	Phil Davis	if (isset($id) && $a_group[$id]) {
204	d88c6a9f	Scott Ullrich	$a_group[$id] = $group;
205	e0c7b2fe	Phil Davis	} else {
206	45ee90ed	Matthew Grooms	$group['gid'] = $config['system']['nextgid']++;
207	d88c6a9f	Scott Ullrich	$a_group[] = $group;
208	45ee90ed	Matthew Grooms	}
209
210	920dbb26	Renato Botelho	conf_mount_rw();
211	659fa7f2	Matthew Grooms	local_group_set($group);
212	920dbb26	Renato Botelho	conf_mount_ro();
213	2a0e8512	jim-p
214			/* Refresh users in this group since their privileges may have changed. */
215	5709072a	jim-p	if (is_array($group['member'])) {
216			$a_user = &$config['system']['user'];
217			foreach ($a_user as & $user) {
218	e0c7b2fe	Phil Davis	if (in_array($user['uid'], $group['member'])) {
219	5709072a	jim-p	local_user_set($user);
220	e0c7b2fe	Phil Davis	}
221	5709072a	jim-p	}
222	2a0e8512	jim-p	}
223
224	d88c6a9f	Scott Ullrich	write_config();
225	4c291f4c	Renato Botelho
226	d88c6a9f	Scott Ullrich	header("Location: system_groupmanager.php");
227			exit;
228			}
229	fab7ff44	Bill Marquette	}
230
231	2f1e91e4	Stephen Beaver	function build_priv_table() {
232			global $a_group, $id;
233
234			$privhtml = '<div class="table-responsive">';
235			$privhtml .= '<table class="table table-striped table-hover table-condensed">';
236			$privhtml .= '<thead>';
237			$privhtml .= '<th>' . gettext('Name') . '</th>';
238			$privhtml .= '<th>' . gettext('Description') . '</th>';
239			$privhtml .= '</thead>';
240			$privhtml .= '<tbody>';
241
242			foreach (get_user_privdesc($a_group[$id]) as $i => $priv) {
243			$privhtml .= '<tr>';
244			$privhtml .= '<td>' . htmlspecialchars($priv['name']) . '</td>';
245			$privhtml .= '<td>' . htmlspecialchars($priv['descr']) . '</td>';
246			$privhtml .= '</tr>';
247			}
248
249			$privhtml .= '</tbody>';
250			$privhtml .= '</table>';
251			$privhtml .= '</div>';
252
253			$privhtml .= '<nav class="action-buttons">';
254			$privhtml .= '<a href="system_groupmanager_addprivs.php?groupid=' . $id . '" class="btn btn-success">' . gettext("Add") . '</a>';
255			$privhtml .= '</nav>';
256
257			return($privhtml);
258			}
259
260	fab7ff44	Bill Marquette	include("head.inc");
261
262	64600f94	Sjon Hortensius	if ($input_errors)
263			print_input_errors($input_errors);
264			if ($savemsg)
265			print_info_box($savemsg);
266
267			$tab_array = array();
268			$tab_array[] = array(gettext("Users"), false, "system_usermanager.php");
269			$tab_array[] = array(gettext("Groups"), true, "system_groupmanager.php");
270			$tab_array[] = array(gettext("Settings"), false, "system_usermanager_settings.php");
271			$tab_array[] = array(gettext("Servers"), false, "system_authservers.php");
272			display_top_tabs($tab_array);
273
274			if (!($_GET['act'] == "new" \|\| $_GET['act'] == "edit"))
275			{
276			?>
277	94404d94	Sander van Leeuwen	<div class="table-responsive">
278			<table class="table table-striped table-hover">
279			<thead>
280			<tr>
281			<th><?=gettext("Group name")?></th>
282			<th><?=gettext("Description")?></th>
283			<th><?=gettext("Member Count")?></th>
284	f74457df	Stephen Beaver	<th><?=gettext("Actions")?></th>
285	94404d94	Sander van Leeuwen	</tr>
286			</thead>
287			<tbody>
288	64600f94	Sjon Hortensius	<?php
289			foreach($a_group as $i => $group):
290			if ($group["name"] == "all")
291			$groupcount = count($config['system']['user']);
292			else
293			$groupcount = count($group['member']);
294			?>
295	94404d94	Sander van Leeuwen	<tr>
296			<td>
297			<?=htmlspecialchars($group['name'])?>
298			</td>
299			<td>
300			<?=htmlspecialchars($group['description'])?>
301			</td>
302			<td>
303			<?=$groupcount?>
304			</td>
305			<td>
306	854fa106	heper	<a class="fa fa-pencil" title="<?=gettext("Edit group"); ?>" href="?act=edit&groupid=<?=$i?>"></a>
307	94404d94	Sander van Leeuwen	<?php if($group['scope'] != "system"): ?>
308	854fa106	heper	<a class="fa fa-trash" title="<?=gettext("Delete group")?>" href="?act=delgroup&groupid=<?=$i?>&groupname=<?=$group['name']?>" onclick="return confirm('<?=gettext("Are you sure you want to delete this group?")?>')"></a>
309	94404d94	Sander van Leeuwen	<?php endif;?>
310			</td>
311			</tr>
312	64600f94	Sjon Hortensius	<?php
313			endforeach;
314	fab7ff44	Bill Marquette	?>
315	94404d94	Sander van Leeuwen	</tbody>
316			</table>
317			</div>
318	45ee90ed	Matthew Grooms
319	f74457df	Stephen Beaver	<nav class="action-buttons" style="margin-top: 10px;">
320			<a href="?act=new" class="btn btn-success btn-sm">
321			<i class="fa fa-plus" style="font-size:15px; vertical-align: middle; margin-right: 6px;"></i>
322			<?=gettext("Add")?>
323			</a>
324	94404d94	Sander van Leeuwen	</nav>
325	64600f94	Sjon Hortensius	<?php
326			include('foot.inc');
327			exit;
328	6b07c15a	Matthew Grooms	}
329
330	ad2879b8	PiBa-NL	require_once('classes/Form.class.php');
331	64600f94	Sjon Hortensius	$form = new Form;
332			$form->setAction('system_groupmanager.php?act=edit');
333			$form->addGlobal(new Form_Input(
334			'groupid',
335			null,
336			'hidden',
337			$id
338			));
339
340			if (isset($id) && $a_group[$id]){
341			$form->addGlobal(new Form_Input(
342			'id',
343			null,
344			'hidden',
345			$id
346			));
347
348			$form->addGlobal(new Form_Input(
349			'gid',
350			null,
351			'hidden',
352			$pconfig['gid']
353			));
354	61dec0b0	Renato Botelho	}
355
356	64600f94	Sjon Hortensius	$section = new Form_Section('Group properties');
357
358			if ($_GET['act'] != "new")
359			{
360			$section->addInput(new Form_StaticText(
361			'Defined by',
362			strtoupper($pconfig['gtype'])
363			));
364	6b07c15a	Matthew Grooms	}
365
366	e6acc2ee	Sjon Hortensius	$section->addInput($input = new Form_Input(
367	64600f94	Sjon Hortensius	'groupname',
368			'Group name',
369			'text',
370			$pconfig['name']
371			));
372
373	e6acc2ee	Sjon Hortensius	if ($pconfig['gtype'] == "system")
374	1192840b	Sjon Hortensius	$input->setReadonly();
375	e6acc2ee	Sjon Hortensius
376	64600f94	Sjon Hortensius	$section->addInput(new Form_Input(
377			'description',
378			'Description',
379			'text',
380			$pconfig['description']
381			))->setHelp('Group description, for your own information only');
382
383			$form->add($section);
384			if ($pconfig['gid'] != 1998) // all users group
385			{
386	2f1e91e4	Stephen Beaver	// ==== Group membership ==================================================
387			$group = new Form_Group('Group membership');
388
389			// Make a list of all the groups configured on the system, and a list of
390			// those which this user is a member of
391			$systemGroups = array();
392			$usersGroups = array();
393
394			foreach ($config['system']['user'] as $user) {
395			if (is_array($pconfig['members']) && in_array($user['uid'], $pconfig['members']))
396			$usersGroups[ $user['uid'] ] = $user['name']; // Add it to the user's list
397			else
398			$systemGroups[ $user['uid'] ] = $user['name']; // Add it to the 'not a member of' list
399			}
400
401			$group->add(new Form_Select(
402			'notmembers',
403			null,
404			array_combine((array)$pconfig['groups'], (array)$pconfig['groups']),
405			$systemGroups,
406			true
407			))->setHelp('Not members');
408	64600f94	Sjon Hortensius
409	2f1e91e4	Stephen Beaver	$group->add(new Form_Select(
410	64600f94	Sjon Hortensius	'members',
411	2f1e91e4	Stephen Beaver	null,
412			array_combine((array)$pconfig['groups'], (array)$pconfig['groups']),
413			$usersGroups,
414	64600f94	Sjon Hortensius	true
415	2f1e91e4	Stephen Beaver	))->setHelp('Members');
416
417			$section->add($group);
418
419			$group = new Form_Group('');
420
421			$group->add(new Form_Button(
422			'movetoenabled',
423			'Move to "Members" >'
424			))->removeClass('btn-primary')->addClass('btn-default btn-sm');
425
426			$group->add(new Form_Button(
427			'movetodisabled',
428			'< Move to "Not members'
429			))->removeClass('btn-primary')->addClass('btn-default btn-sm');
430
431			$group->setHelp('Hold down CTRL (pc)/COMMAND (mac) key to select multiple items');
432			$section->add($group);
433	64600f94	Sjon Hortensius
434	6b07c15a	Matthew Grooms	}
435
436	64600f94	Sjon Hortensius	if ($_GET['act'] != "new")
437			{
438			$section = new Form_Section('Assigned Privileges');
439
440			$section->addInput(new Form_StaticText(
441			null,
442	2f1e91e4	Stephen Beaver	build_priv_table()
443	64600f94	Sjon Hortensius	));
444	6b07c15a	Matthew Grooms
445	2f1e91e4	Stephen Beaver
446	64600f94	Sjon Hortensius	$form->add($section);
447	6b07c15a	Matthew Grooms	}
448
449	64600f94	Sjon Hortensius	print $form;
450	2f1e91e4	Stephen Beaver	?>
451			<script>
452			//<![CDATA[
453			events.push(function(){
454
455			// Select every option in the specified multiselect
456			function AllServers(id, selectAll) {
457			for (i = 0; i < id.length; i++) {
458			id.eq(i).prop('selected', selectAll);
459			}
460			}
461	e30001cf	Matthew Grooms
462	2f1e91e4	Stephen Beaver	// Move all selected options from one multiselect to another
463			function moveOptions(From, To) {
464			var len = From.length;
465			var option, value;
466
467			if(len > 1) {
468			for(i=0; i<len; i++) {
469			if(From.eq(i).is(':selected')) {
470			option = From.eq(i).val();
471			value = From.eq(i).text();
472			To.append(new Option(value, option));
473			From.eq(i).remove();
474			}
475			}
476			}
477			}
478
479			// Make buttons plain buttons, not submit
480			$("#movetodisabled").prop('type','button');
481			$("#movetoenabled").prop('type','button');
482
483
484			// On click . .
485			$("#movetodisabled").click(function() {
486			moveOptions($('[name="members[]"] option'), $('[name="notmembers[]"]'));
487			});
488
489			$("#movetoenabled").click(function() {
490			moveOptions($('[name="notmembers[]"] option'), $('[name="members[]"]'));
491			});
492
493			// On submit mark all the user's groups as "selected"
494			$('form').submit(function(){
495			AllServers($('[name="members[]"] option'), true);
496			});
497			});
498			//]]>
499			</script>
500			<?php
501	854fa106	heper	include('foot.inc');

Project

General

Profile

pfSense