Révision 7ea27b0d
Ajouté par Renato Botelho il y a plus de 9 ans
| usr/local/www/system_groupmanager.php | ||
|---|---|---|
| 53 | 53 |
|
| 54 | 54 |
$a_group = &$config['system']['group']; |
| 55 | 55 |
|
| 56 |
$id = $_GET['id'];
|
|
| 57 |
if (isset($_POST['id'])) |
|
| 58 |
$id = $_POST['id']; |
|
| 56 |
unset($id);
|
|
| 57 |
if (isset($_POST['groupid']) && is_numericint($_POST['groupid']))
|
|
| 58 |
$id = $_POST['groupid'];
|
|
| 59 | 59 |
|
| 60 |
if ($_GET['act'] == "delgroup") {
|
|
| 60 |
$act = (isset($_POST['act']) ? $_POST['act'] : '');
|
|
| 61 | 61 |
|
| 62 |
if (!$a_group[$_GET['id']]) {
|
|
| 62 |
if ($act == "delgroup") {
|
|
| 63 |
|
|
| 64 |
if (!isset($id) || !isset($_POST['groupname']) || !isset($a_group[$id]) || ($_POST['groupname'] != $a_group[$id]['name'])) {
|
|
| 63 | 65 |
pfSenseHeader("system_groupmanager.php");
|
| 64 | 66 |
exit; |
| 65 | 67 |
} |
| 66 | 68 |
|
| 67 | 69 |
conf_mount_rw(); |
| 68 |
local_group_del($a_group[$_GET['id']]);
|
|
| 70 |
local_group_del($a_group[$id]);
|
|
| 69 | 71 |
conf_mount_ro(); |
| 70 |
$groupdeleted = $a_group[$_GET['id']]['name'];
|
|
| 71 |
unset($a_group[$_GET['id']]);
|
|
| 72 |
$groupdeleted = $a_group[$id]['name'];
|
|
| 73 |
unset($a_group[$id]);
|
|
| 72 | 74 |
write_config(); |
| 73 | 75 |
$savemsg = gettext("Group")." {$groupdeleted} ".
|
| 74 |
gettext("successfully deleted")."<br />";
|
|
| 76 |
gettext("successfully deleted")."<br />";
|
|
| 75 | 77 |
} |
| 76 | 78 |
|
| 77 |
if ($_GET['act'] == "delpriv") {
|
|
| 79 |
if ($act == "delpriv") {
|
|
| 78 | 80 |
|
| 79 |
if (!$a_group[$_GET['id']]) {
|
|
| 81 |
if (!isset($id) || !isset($a_group[$id])) {
|
|
| 80 | 82 |
pfSenseHeader("system_groupmanager.php");
|
| 81 | 83 |
exit; |
| 82 | 84 |
} |
| 83 | 85 |
|
| 84 |
$privdeleted = $priv_list[$a_group[$id]['priv'][$_GET['privid']]]['name'];
|
|
| 85 |
unset($a_group[$id]['priv'][$_GET['privid']]);
|
|
| 86 |
$privdeleted = $priv_list[$a_group[$id]['priv'][$_POST['privid']]]['name'];
|
|
| 87 |
unset($a_group[$id]['priv'][$_POST['privid']]);
|
|
| 86 | 88 |
|
| 87 | 89 |
if (is_array($a_group[$id]['member'])) {
|
| 88 | 90 |
foreach ($a_group[$id]['member'] as $uid) {
|
| ... | ... | |
| 93 | 95 |
} |
| 94 | 96 |
|
| 95 | 97 |
write_config(); |
| 96 |
$_GET['act'] = "edit";
|
|
| 98 |
$act = "edit";
|
|
| 97 | 99 |
$savemsg = gettext("Privilege")." {$privdeleted} ".
|
| 98 | 100 |
gettext("successfully deleted")."<br />";
|
| 99 | 101 |
} |
| 100 | 102 |
|
| 101 |
if($_GET['act']=="edit"){
|
|
| 102 |
if (isset($id) && $a_group[$id]) {
|
|
| 103 |
if ($act == "edit") {
|
|
| 104 |
if (isset($id) && isset($a_group[$id])) {
|
|
| 103 | 105 |
$pconfig['name'] = $a_group[$id]['name']; |
| 104 | 106 |
$pconfig['gid'] = $a_group[$id]['gid']; |
| 105 | 107 |
$pconfig['gtype'] = $a_group[$id]['scope']; |
| ... | ... | |
| 109 | 111 |
} |
| 110 | 112 |
} |
| 111 | 113 |
|
| 112 |
if ($_POST) {
|
|
| 114 |
if (isset($_POST['save'])) {
|
|
| 113 | 115 |
|
| 114 | 116 |
unset($input_errors); |
| 115 | 117 |
$pconfig = $_POST; |
| ... | ... | |
| 263 | 265 |
<div class="tabcont"> |
| 264 | 266 |
|
| 265 | 267 |
<?php |
| 266 |
if($_GET['act']=="new" || $_GET['act']=="edit"):
|
|
| 268 |
if($act == "new" || $act == "edit"):
|
|
| 267 | 269 |
?> |
| 268 | 270 |
<form action="system_groupmanager.php" method="post" name="iform" id="iform" onsubmit="presubmit()"> |
| 271 |
<input type="hidden" id="act" name="act" value="" /> |
|
| 272 |
<input type="hidden" id="groupid" name="groupid" value="<?=(isset($id) ? $id : '');?>" /> |
|
| 273 |
<input type="hidden" id="privid" name="privid" value="" /> |
|
| 269 | 274 |
<table width="100%" border="0" cellpadding="6" cellspacing="0" summary="main area"> |
| 270 | 275 |
<?php |
| 271 | 276 |
$ro = ""; |
| ... | ... | |
| 362 | 367 |
</tr> |
| 363 | 368 |
<?php |
| 364 | 369 |
endif; |
| 365 |
if($_GET['act'] != "new"):
|
|
| 370 |
if ($act != "new"):
|
|
| 366 | 371 |
?> |
| 367 | 372 |
<tr> |
| 368 | 373 |
<td width="22%" valign="top" class="vncell"><?=gettext("Assigned Privileges");?></td>
|
| ... | ... | |
| 386 | 391 |
<?=htmlspecialchars($priv_list[$priv]['descr']);?> |
| 387 | 392 |
</td> |
| 388 | 393 |
<td valign="middle" class="list nowrap"> |
| 389 |
<a href="system_groupmanager.php?act=delpriv&id=<?=htmlspecialchars($id)?>&privid=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this privilege?");?>')">
|
|
| 390 |
<img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" alt="delete" /> |
|
| 391 |
</a> |
|
| 394 |
<input type="image" name="delpriv[]" width="17" height="17" border="0" |
|
| 395 |
src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" |
|
| 396 |
onclick="document.getElementById('privid').value='<?=$i;?>';
|
|
| 397 |
document.getElementById('groupid').value='<?=$id;?>';
|
|
| 398 |
document.getElementById('act').value='<?php echo "delpriv";?>';
|
|
| 399 |
return confirm('<?=gettext("Do you really want to delete this privilege?");?>');"
|
|
| 400 |
title="<?=gettext("delete privilege");?>" />
|
|
| 392 | 401 |
</td> |
| 393 | 402 |
</tr> |
| 394 | 403 |
<?php |
| ... | ... | |
| 428 | 437 |
<?php |
| 429 | 438 |
else: |
| 430 | 439 |
?> |
| 431 |
<table class="sortable" width="100%" border="0" cellpadding="0" cellspacing="0" summary=""> |
|
| 432 |
<thead> |
|
| 433 |
<tr> |
|
| 434 |
<th width="25%" class="listhdrr"><?=gettext("Group name");?></th>
|
|
| 435 |
<th width="25%" class="listhdrr"><?=gettext("Description");?></th>
|
|
| 436 |
<th width="30%" class="listhdrr"><?=gettext("Member Count");?></th>
|
|
| 437 |
<th width="10%" class="list"></th> |
|
| 438 |
</tr> |
|
| 439 |
</thead> |
|
| 440 |
<tfoot> |
|
| 441 |
<tr> |
|
| 442 |
<td class="list" colspan="3"></td> |
|
| 443 |
<td class="list"> |
|
| 444 |
<a href="system_groupmanager.php?act=new"><img src="./themes/<?=$g['theme'];?>/images/icons/icon_plus.gif" title="<?=gettext("add group");?>" width="17" height="17" border="0" alt="add" />
|
|
| 445 |
</a> |
|
| 446 |
</td> |
|
| 447 |
</tr> |
|
| 448 |
<tr> |
|
| 449 |
<td colspan="3"> |
|
| 450 |
<p> |
|
| 451 |
<?=gettext("Additional webConfigurator groups can be added here.
|
|
| 452 |
Group permissions can be assigned which are inherited by users who are members of the group. |
|
| 453 |
An icon that appears grey indicates that it is a system defined object. |
|
| 454 |
Some system object properties can be modified but they cannot be deleted.");?> |
|
| 455 |
</p> |
|
| 456 |
</td> |
|
| 457 |
</tr> |
|
| 458 |
</tfoot> |
|
| 459 |
<tbody> |
|
| 440 |
<form action="system_groupmanager.php" method="post" name="iform2" id="iform2"> |
|
| 441 |
<input type="hidden" id="act" name="act" value="" /> |
|
| 442 |
<input type="hidden" id="groupid" name="groupid" value="<?=(isset($id) ? $id : '');?>" /> |
|
| 443 |
<input type="hidden" id="groupname" name="groupname" value="" /> |
|
| 444 |
<table class="sortable" width="100%" border="0" cellpadding="0" cellspacing="0" summary=""> |
|
| 445 |
<thead> |
|
| 446 |
<tr> |
|
| 447 |
<th width="25%" class="listhdrr"><?=gettext("Group name");?></th>
|
|
| 448 |
<th width="25%" class="listhdrr"><?=gettext("Description");?></th>
|
|
| 449 |
<th width="30%" class="listhdrr"><?=gettext("Member Count");?></th>
|
|
| 450 |
<th width="10%" class="list"></th> |
|
| 451 |
</tr> |
|
| 452 |
</thead> |
|
| 453 |
<tfoot> |
|
| 454 |
<tr> |
|
| 455 |
<td class="list" colspan="3"></td> |
|
| 456 |
<td class="list"> |
|
| 457 |
<input type="image" name="addcert" width="17" height="17" border="0" |
|
| 458 |
src="/themes/<?=$g['theme'];?>/images/icons/icon_plus.gif" |
|
| 459 |
onclick="document.getElementById('act').value='<?php echo "new";?>';"
|
|
| 460 |
title="<?=gettext("add group");?>" />
|
|
| 461 |
</td> |
|
| 462 |
</tr> |
|
| 463 |
<tr> |
|
| 464 |
<td colspan="3"> |
|
| 465 |
<p> |
|
| 466 |
<?=gettext("Additional webConfigurator groups can be added here.
|
|
| 467 |
Group permissions can be assigned which are inherited by users who are members of the group. |
|
| 468 |
An icon that appears grey indicates that it is a system defined object. |
|
| 469 |
Some system object properties can be modified but they cannot be deleted.");?> |
|
| 470 |
</p> |
|
| 471 |
</td> |
|
| 472 |
</tr> |
|
| 473 |
</tfoot> |
|
| 474 |
<tbody> |
|
| 460 | 475 |
<?php |
| 461 |
$i = 0; |
|
| 462 |
foreach($a_group as $group): |
|
| 463 |
if($group['scope'] == "system") |
|
| 464 |
$grpimg = "/themes/{$g['theme']}/images/icons/icon_system-group-grey.png";
|
|
| 465 |
else |
|
| 466 |
$grpimg = "/themes/{$g['theme']}/images/icons/icon_system-group.png";
|
|
| 467 |
$groupcount = count($group['member']); |
|
| 468 |
if ($group["name"] == "all") |
|
| 469 |
$groupcount = count($config['system']['user']); |
|
| 476 |
$i = 0;
|
|
| 477 |
foreach($a_group as $group):
|
|
| 478 |
if($group['scope'] == "system")
|
|
| 479 |
$grpimg = "/themes/{$g['theme']}/images/icons/icon_system-group-grey.png";
|
|
| 480 |
else
|
|
| 481 |
$grpimg = "/themes/{$g['theme']}/images/icons/icon_system-group.png";
|
|
| 482 |
$groupcount = count($group['member']);
|
|
| 483 |
if ($group["name"] == "all")
|
|
| 484 |
$groupcount = count($config['system']['user']);
|
|
| 470 | 485 |
?> |
| 471 |
<tr ondblclick="document.location='system_groupmanager.php?act=edit&id=<?=$i;?>'"> |
|
| 472 |
<td class="listlr"> |
|
| 473 |
<table border="0" cellpadding="0" cellspacing="0" summary=""> |
|
| 474 |
<tr> |
|
| 475 |
<td align="left" valign="middle"> |
|
| 476 |
<img src="<?=$grpimg;?>" alt="<?=gettext("User");?>" title="<?=gettext("User");?>" border="0" height="16" width="16" />
|
|
| 477 |
</td> |
|
| 478 |
<td align="left" valign="middle"> |
|
| 479 |
<?=htmlspecialchars($group['name']); ?> |
|
| 480 |
</td> |
|
| 481 |
</tr> |
|
| 482 |
</table> |
|
| 483 |
</td> |
|
| 484 |
<td class="listr"> |
|
| 485 |
<?=htmlspecialchars($group['description']);?> |
|
| 486 |
</td> |
|
| 487 |
<td class="listbg"> |
|
| 488 |
<?=$groupcount;?> |
|
| 489 |
</td> |
|
| 490 |
<td valign="middle" class="list nowrap"> |
|
| 491 |
<a href="system_groupmanager.php?act=edit&id=<?=$i;?>"> |
|
| 492 |
<img src="./themes/<?=$g['theme'];?>/images/icons/icon_e.gif" title="<?=gettext("edit group");?>" width="17" height="17" border="0" alt="edit" />
|
|
| 493 |
</a> |
|
| 494 |
|
|
| 486 |
<tr ondblclick="document.getElementById('act').value='<?php echo "edit";?>';
|
|
| 487 |
document.getElementById('groupid').value='<?=$i;?>';
|
|
| 488 |
document.iform2.submit();"> |
|
| 489 |
<td class="listlr"> |
|
| 490 |
<table border="0" cellpadding="0" cellspacing="0" summary=""> |
|
| 491 |
<tr> |
|
| 492 |
<td align="left" valign="middle"> |
|
| 493 |
<img src="<?=$grpimg;?>" alt="<?=gettext("User");?>" title="<?=gettext("User");?>" border="0" height="16" width="16" />
|
|
| 494 |
</td> |
|
| 495 |
<td align="left" valign="middle"> |
|
| 496 |
<?=htmlspecialchars($group['name']); ?> |
|
| 497 |
</td> |
|
| 498 |
</tr> |
|
| 499 |
</table> |
|
| 500 |
</td> |
|
| 501 |
<td class="listr"> |
|
| 502 |
<?=htmlspecialchars($group['description']);?> |
|
| 503 |
</td> |
|
| 504 |
<td class="listbg"> |
|
| 505 |
<?=$groupcount;?> |
|
| 506 |
</td> |
|
| 507 |
<td valign="middle" class="list nowrap"> |
|
| 508 |
<input type="image" name="editgroup[]" width="17" height="17" border="0" |
|
| 509 |
src="/themes/<?=$g['theme'];?>/images/icons/icon_e.gif" |
|
| 510 |
onclick="document.getElementById('groupid').value='<?=$i;?>';
|
|
| 511 |
document.getElementById('act').value='<?php echo "edit";?>';"
|
|
| 512 |
title="<?=gettext("edit group");?>" />
|
|
| 513 |
|
|
| 495 | 514 |
<?php |
| 496 |
if($group['scope'] != "system"): |
|
| 515 |
if($group['scope'] != "system"):
|
|
| 497 | 516 |
?> |
| 498 |
<a href="system_groupmanager.php?act=delgroup&id=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this group?"); ?>')">
|
|
| 499 |
<img src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" title="<?=gettext("delete group"); ?>" width="17" height="17" border="0" alt="delete" />
|
|
| 500 |
</a> |
|
| 517 |
<input type="image" name="delgroup[]" width="17" height="17" border="0" |
|
| 518 |
src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" |
|
| 519 |
onclick="document.getElementById('groupid').value='<?=$i;?>';
|
|
| 520 |
document.getElementById('groupname').value='<?=$group['name'];?>';
|
|
| 521 |
document.getElementById('act').value='<?php echo "delgroup";?>';
|
|
| 522 |
return confirm('<?=gettext("Do you really want to delete this group?");?>');"
|
|
| 523 |
title="<?=gettext("delete group");?>" />
|
|
| 501 | 524 |
<?php |
| 502 |
endif; |
|
| 525 |
endif;
|
|
| 503 | 526 |
?> |
| 504 |
</td> |
|
| 505 |
</tr> |
|
| 527 |
</td>
|
|
| 528 |
</tr>
|
|
| 506 | 529 |
<?php |
| 507 |
$i++; |
|
| 508 |
endforeach; |
|
| 530 |
$i++;
|
|
| 531 |
endforeach;
|
|
| 509 | 532 |
?> |
| 510 |
</tbody> |
|
| 511 |
</table> |
|
| 533 |
</tbody> |
|
| 534 |
</table> |
|
| 535 |
</form> |
|
| 512 | 536 |
<?php |
| 513 | 537 |
endif; |
| 514 | 538 |
?> |
Formats disponibles : Unified diff
Be more strict on removing groups checking group id and group name, it avoids issues like happened to users on ticket #3856. While I'm here, replace GET by POST