added new security model

2008-01-01 15:00:46 +00:00 · 2008-01-01 15:00:46 +00:00 · 6e324a83f6
parent 461b53efbd
commit 6e324a83f6
14 changed files with 58 additions and 14 deletions
--- a/lam/lib/modules.inc
+++ b/lam/lib/modules.inc
@ -875,7 +875,7 @@ class accountContainer {
 				exit;
 			}
 			// module actions
-			if (sizeof($_POST) > 0) {
+			if ((sizeof($_POST) > 0) && checkIfWriteAccessIsAllowed()) {
 				$result = call_user_func(array(&$this->module[$this->order[$this->current_page]], 'process_'.$this->subpage));
 				if (is_array($result)) {  // messages were returned, check for errors
 					for ($i = 0; $i < sizeof($result); $i++) {
--- a/lam/lib/tree.inc
+++ b/lam/lib/tree.inc
@ -86,9 +86,12 @@ function draw_server_tree()
 			echo '<nobr>';
 			echo '( ';
 			echo '<a title="' . _('Refresh') . '"'.
-				' href="' . $refresh_href . '">' . _('Refresh') . '</a> | ';
-			echo '<a title="' . _('Create new entry') . '"'.
-					' href="' . $create_href . '" target="right_frame">' . _('Create new entry') . '</a>';
+				' href="' . $refresh_href . '">' . _('Refresh') . '</a>';
+			if (checkIfWriteAccessIsAllowed()) {
+				echo ' | ';
+				echo '<a title="' . _('Create new entry') . '"'.
+						' href="' . $create_href . '" target="right_frame">' . _('Create new entry') . '</a>';
+			}
 			echo ' )</nobr></td></tr>';

 			// Fetch and display the base DN for this server
@ -147,13 +150,15 @@ function draw_server_tree()
 			if( isset( $tree[$base_dn] ) && is_array( $tree[$base_dn] ) ) {
 				foreach( $tree[ $base_dn ] as $child_dn )
 					draw_tree_html( $child_dn, 0 );
-					echo '<tr><td class="spacer"></td>';
-					echo '<td class="icon"><a href="' . $create_href .
-						'" target="right_frame"><img src="../../graphics/star.png" alt="' . 
-						_('Create new entry') . '" /></a></td>';
-					echo '<td class="create" colspan="100"><a href="' . $create_href
-						. '" target="right_frame" title="' . _('Create new entry')
-						. ' ' . $base_dn.'">' . _('Create new entry') . '</a></td></tr>';
+					if (checkIfWriteAccessIsAllowed()) {
+						echo '<tr><td class="spacer"></td>';
+						echo '<td class="icon"><a href="' . $create_href .
+							'" target="right_frame"><img src="../../graphics/star.png" alt="' . 
+							_('Create new entry') . '" /></a></td>';
+						echo '<td class="create" colspan="100"><a href="' . $create_href
+							. '" target="right_frame" title="' . _('Create new entry')
+							. ' ' . $base_dn.'">' . _('Create new entry') . '</a></td></tr>';
+					}
 			}

 }
--- a/lam/templates/tree/add_attr.php
+++ b/lam/templates/tree/add_attr.php
@ -59,6 +59,9 @@ include_once('../../lib/account.inc');
 // start session
 startSecureSession();

+// die if no write access
+if (!checkIfWriteAccessIsAllowed()) die();
+
 setlanguage();

 $attr = $_POST['attr'];
--- a/lam/templates/tree/add_oclass.php
+++ b/lam/templates/tree/add_oclass.php
@ -59,6 +59,9 @@ include_once('../../lib/status.inc');
 // start session
 startSecureSession();

+// die if no write access
+if (!checkIfWriteAccessIsAllowed()) die();
+
 setlanguage();

 $dn = rawurldecode( $_POST['dn'] );
--- a/lam/templates/tree/add_oclass_form.php
+++ b/lam/templates/tree/add_oclass_form.php
@ -60,6 +60,9 @@ include_once('../../lib/status.inc');
 // start session
 startSecureSession();

+// die if no write access
+if (!checkIfWriteAccessIsAllowed()) die();
+
 setlanguage();

 $dn = rawurldecode( $_POST['dn'] );
--- a/lam/templates/tree/add_value.php
+++ b/lam/templates/tree/add_value.php
@ -59,6 +59,9 @@ include_once('../../lib/status.inc');
 // start session
 startSecureSession();

+// die if no write access
+if (!checkIfWriteAccessIsAllowed()) die();
+
 setlanguage();

 $dn = rawurldecode( $_POST['dn'] );
--- a/lam/templates/tree/create.php
+++ b/lam/templates/tree/create.php
@ -59,6 +59,9 @@ include_once('../../lib/status.inc');
 // start session
 startSecureSession();

+// die if no write access
+if (!checkIfWriteAccessIsAllowed()) die();
+
 setlanguage();

 $new_dn = isset( $_POST['new_dn'] ) ? $_POST['new_dn'] : null;
--- a/lam/templates/tree/delete.php
+++ b/lam/templates/tree/delete.php
@ -54,6 +54,9 @@ include_once('../../lib/status.inc');
 // start session
 startSecureSession();

+// die if no write access
+if (!checkIfWriteAccessIsAllowed()) die();
+
 setlanguage();

 echo $_SESSION['header'];
--- a/lam/templates/tree/delete_attr.php
+++ b/lam/templates/tree/delete_attr.php
@ -54,6 +54,9 @@ include_once('../../lib/status.inc');
 // start session
 startSecureSession();

+// die if no write access
+if (!checkIfWriteAccessIsAllowed()) die();
+
 setlanguage();

 $dn = $_POST['dn'] ;
--- a/lam/templates/tree/edit.php
+++ b/lam/templates/tree/edit.php
@ -109,13 +109,16 @@ echo "</head>\n";
 </tr>

 <tr>
+<?php if (checkIfWriteAccessIsAllowed()) { ?>
 	<td class="icon"><img src="../../graphics/delete.gif" /></td>
 	<td><a style="color: red" href="delete_form.php?dn=<?php echo $encoded_dn; ?>">
 	<?php echo _('Delete'); ?></a></td>
+<?php } ?>
 	<td class="icon"><img src="../../graphics/save.png" /></td>
 	<td><a href="export_form.php?dn=<?php echo $encoded_dn; ?>">
 	<?php echo _('Export'); ?></a></td>
 </tr>
+<?php if (checkIfWriteAccessIsAllowed()) { ?>
 <tr>
    	<td class="icon"><img src="../../graphics/light.png" /></td>
    	<td colspan="3"><span class="tree_hint"><?php echo _('Hint: To delete an attribute, empty the text field and click save.'); ?></span></td>
@ -126,6 +129,7 @@ echo "</head>\n";
 	<td class="icon"><img src="../../graphics/add.png" /></td>
 	<td><a href="<?php echo "add_attr_form.php?dn=$encoded_dn"; ?>"><?php echo _('Add new attribute'); ?></a></td>
 </tr>
+<?php } ?>


 <?php flush(); ?>
@ -483,7 +487,7 @@ foreach( $attrs as $attr => $vals ) {
 		/* Draw the "add value" link under the list of values for this attributes */

 		if(	( $schema_attr = get_schema_attribute( $attr, $dn ) ) &&
-			! $schema_attr->getIsSingleValue() )
+			! $schema_attr->getIsSingleValue() && checkIfWriteAccessIsAllowed() )
 		{ 
 			$add_href = "add_value_form.php?dn=$encoded_dn&amp;attr=" . rawurlencode( $attr ); 
 			echo "<div class=\"add_value\">(<a href=\"$add_href\">" . 
@ -504,8 +508,10 @@ foreach( $attrs as $attr => $vals ) {
 	flush();

 } /* End foreach( $attrs as $attr => $vals ) */ ?>
-
-	<tr><td colspan="2"><center><input type="submit" value="<?php echo _('Save'); ?>" /></center></td></tr></form>
+	<?php if (checkIfWriteAccessIsAllowed()) { ?>
+		<tr><td colspan="2"><center><input type="submit" value="<?php echo _('Save'); ?>" /></center></td></tr>
+	<?php } ?>
+	</form>
 	
 <?php 
 ?>
--- a/lam/templates/tree/rdelete.php
+++ b/lam/templates/tree/rdelete.php
@ -53,6 +53,9 @@ include_once('../../lib/status.inc');
 // start session
 startSecureSession();

+// die if no write access
+if (!checkIfWriteAccessIsAllowed()) die();
+
 setlanguage();

 echo $_SESSION['header'];
--- a/lam/templates/tree/tree.php
+++ b/lam/templates/tree/tree.php
@ -174,6 +174,9 @@ function draw_tree_html( $dn, $level = 0 )

 function draw_create_link( $rdn, $level, $encoded_dn )
 {
+	if (!checkIfWriteAccessIsAllowed()) {
+		return;
+	}
    // print the "Create New object" link.
    $create_html = "";
    $create_href = "create_form.php?container=$encoded_dn";
--- a/lam/templates/tree/update.php
+++ b/lam/templates/tree/update.php
@ -65,6 +65,9 @@ include_once('../../lib/ldap.inc');
 // start session
 startSecureSession();

+// die if no write access
+if (!checkIfWriteAccessIsAllowed()) die();
+
 setlanguage();

 $dn = $_POST['dn'];
--- a/lam/templates/tree/update_confirm.php
+++ b/lam/templates/tree/update_confirm.php
@ -55,6 +55,9 @@ include_once('../../lib/account.inc');
 // start session
 startSecureSession();

+// die if no write access
+if (!checkIfWriteAccessIsAllowed()) die();
+
 setlanguage();

 $dn = $_POST['dn'];