added new security model

This commit is contained in:
Roland Gruber 2007-12-30 16:08:54 +00:00
parent f8aec0f1a8
commit 93d4c1417e
7 changed files with 71 additions and 40 deletions

View File

@ -462,9 +462,11 @@ class lamList {
echo "<img src=\"../../graphics/edit.png\" alt=\"" . _("Edit") . "\" title=\"" . _("Edit") . "\">"; echo "<img src=\"../../graphics/edit.png\" alt=\"" . _("Edit") . "\" title=\"" . _("Edit") . "\">";
echo "</a>\n "; echo "</a>\n ";
// delete image // delete image
if (checkIfWriteAccessIsAllowed()) {
echo "<a href=\"deletelink.php?type=" . $this->type . "&amp;DN='" . $account['dn'] . "'\">"; echo "<a href=\"deletelink.php?type=" . $this->type . "&amp;DN='" . $account['dn'] . "'\">";
echo "<img src=\"../../graphics/delete.png\" alt=\"" . _("Delete") . "\" title=\"" . _("Delete") . "\">"; echo "<img src=\"../../graphics/delete.png\" alt=\"" . _("Delete") . "\" title=\"" . _("Delete") . "\">";
echo "</a>\n "; echo "</a>\n ";
}
// pdf image // pdf image
echo "<input type=\"image\" style=\"background:transparent;\" name=\"createPDF_" . $id . "\" src=\"../../graphics/pdf.png\" title=\"" . _('Create PDF') . "\">\n "; echo "<input type=\"image\" style=\"background:transparent;\" name=\"createPDF_" . $id . "\" src=\"../../graphics/pdf.png\" title=\"" . _('Create PDF') . "\">\n ";
// additional tools // additional tools
@ -504,6 +506,9 @@ class lamList {
private function listDoPost() { private function listDoPost() {
// check if button was pressed and if we have to add/delete an account // check if button was pressed and if we have to add/delete an account
if (isset($_POST['new']) || isset($_POST['del'])){ if (isset($_POST['new']) || isset($_POST['del'])){
if (!checkIfWriteAccessIsAllowed()) {
die();
}
// add new account // add new account
if (isset($_POST['new'])){ if (isset($_POST['new'])){
metaRefresh("../account/edit.php?type=" . $this->type . "&amp;suffix=" . $this->suffix); metaRefresh("../account/edit.php?type=" . $this->type . "&amp;suffix=" . $this->suffix);
@ -703,12 +708,14 @@ class lamList {
echo "<table border=0 width=\"100%\">\n"; echo "<table border=0 width=\"100%\">\n";
echo "<tr>\n"; echo "<tr>\n";
echo "<td align=\"left\">\n"; echo "<td align=\"left\">\n";
if (checkIfWriteAccessIsAllowed()) {
// add/delete buttons // add/delete buttons
echo ("<input class=\"" . $this->type . "\" type=\"submit\" name=\"new\" value=\"" . $this->labels['newEntry'] . "\">\n"); echo ("<input class=\"" . $this->type . "\" type=\"submit\" name=\"new\" value=\"" . $this->labels['newEntry'] . "\">\n");
if (!$createOnly) { if (!$createOnly) {
echo ("<input class=\"" . $this->type . "\" type=\"submit\" name=\"del\" value=\"" . $this->labels['deleteEntry'] . "\">\n"); echo ("<input class=\"" . $this->type . "\" type=\"submit\" name=\"del\" value=\"" . $this->labels['deleteEntry'] . "\">\n");
} }
echo "&nbsp;&nbsp;&nbsp;"; echo "&nbsp;&nbsp;&nbsp;";
}
$this->listShowOUSelection(); $this->listShowOUSelection();
echo "</td>\n"; echo "</td>\n";
echo "<td align=\"right\">\n"; echo "<td align=\"right\">\n";

View File

@ -961,6 +961,43 @@ class accountContainer {
return; return;
} }
} }
if (checkIfWriteAccessIsAllowed()) {
$this->printCommonControls();
}
echo "<br>\n";
// create module menu
echo "<table class=\"".$this->type."list\" border=0 width=\"100%\" style=\"border-collapse: collapse;\">\n";
echo "<tr class=\"".$this->type."list\" valign=\"top\"><td style=\"border-bottom: 1px solid;padding:0px;\" colspan=2>";
// tab menu
$this->printModuleTabs();
echo "</td></tr>\n";
// content header
echo "<tr class=\"" . $this->type . "list\">\n";
echo "<td style=\"padding:10px;\">\n";
$this->printContentHeader();
echo "</td>\n";
echo "</tr>\n";
echo "<tr class=\"" . $this->type . "list\">\n";
// content area
echo "<td width=\"100%\" style=\"padding:10px;\">";
// display html-code from modules
$return = array();
$return = call_user_func(array($this->module[$this->order[$this->current_page]], 'display_html_'.$this->subpage));
$y = 5000;
$z = 10000;
parseHtml($this->order[$this->current_page], $return, array(), false, $y, $z, $this->type);
// Display rest of html-page
echo "<br>*" . _('required');
echo "</td></tr></table>\n";
$this->printPageFooter();
}
/**
* Prints common controls like the save button and the ou selection.
*/
private function printCommonControls() {
echo "<table class=\"".$this->type."list\" style=\"border-width:0px;\" width=\"100%\"><tr>"; echo "<table class=\"".$this->type."list\" style=\"border-width:0px;\" width=\"100%\"><tr>";
echo "<td align=\"left\">"; echo "<td align=\"left\">";
// save button // save button
@ -991,34 +1028,6 @@ class accountContainer {
} }
echo "</td>"; echo "</td>";
echo "</tr></table>"; echo "</tr></table>";
echo "<br>\n";
// create module menu
echo "<table class=\"".$this->type."list\" border=0 width=\"100%\" style=\"border-collapse: collapse;\">\n";
echo "<tr class=\"".$this->type."list\" valign=\"top\"><td style=\"border-bottom: 1px solid;padding:0px;\" colspan=2>";
// tab menu
$this->printModuleTabs();
echo "</td></tr>\n";
// content header
echo "<tr class=\"" . $this->type . "list\">\n";
echo "<td style=\"padding:10px;\">\n";
$this->printContentHeader();
echo "</td>\n";
echo "</tr>\n";
echo "<tr class=\"" . $this->type . "list\">\n";
// content area
echo "<td width=\"100%\" style=\"padding:10px;\">";
// display html-code from modules
$return = array();
$return = call_user_func(array($this->module[$this->order[$this->current_page]], 'display_html_'.$this->subpage));
$y = 5000;
$z = 10000;
parseHtml($this->order[$this->current_page], $return, array(), false, $y, $z, $this->type);
// Display rest of html-page
echo "<br>*" . _('required');
echo "</td></tr></table>\n";
$this->printPageFooter();
} }
/** /**
@ -1439,6 +1448,9 @@ class accountContainer {
* @return array list of status messages if any errors occured * @return array list of status messages if any errors occured
*/ */
function save_account() { function save_account() {
if (!checkIfWriteAccessIsAllowed()) {
die();
}
$finalDN = $this->dn; $finalDN = $this->dn;
$errors = array(); $errors = array();
$ldapUser = $_SESSION['ldap']->decrypt_login(); $ldapUser = $_SESSION['ldap']->decrypt_login();

View File

@ -1521,6 +1521,9 @@ class posixAccount extends baseModule {
* <br> ) * <br> )
*/ */
function doUploadPostActions($data, $ids, $failed, &$temp) { function doUploadPostActions($data, $ids, $failed, &$temp) {
if (!checkIfWriteAccessIsAllowed()) {
die();
}
// on first call generate list of ldap operations // on first call generate list of ldap operations
if (!isset($temp['counter'])) { if (!isset($temp['counter'])) {
$temp['groups'] = array(); $temp['groups'] = array();

View File

@ -225,7 +225,7 @@ class lamUserList extends lamList {
if (!isLAMProVersion()) { if (!isLAMProVersion()) {
return array(); return array();
} }
else { elseif (checkIfPasswordChangeIsAllowed()) {
$passwordTool = new lamListTool(_('Change password'), 'key.png', 'changePassword.php'); $passwordTool = new lamListTool(_('Change password'), 'key.png', 'changePassword.php');
return array($passwordTool); return array($passwordTool);
} }

View File

@ -49,6 +49,10 @@ include_once('../lib/modules.inc');
// Start session // Start session
startSecureSession(); startSecureSession();
if (!checkIfWriteAccessIsAllowed()) {
die();
}
// Redirect to startpage if user is not loged in // Redirect to startpage if user is not loged in
if (!isset($_SESSION['loggedIn'])) { if (!isset($_SESSION['loggedIn'])) {
metaRefresh("login.php"); metaRefresh("login.php");

View File

@ -40,6 +40,10 @@ include_once("../lib/status.inc");
// start session // start session
startSecureSession(); startSecureSession();
if (!checkIfWriteAccessIsAllowed()) {
die();
}
setlanguage(); setlanguage();
// check if user already pressed button // check if user already pressed button

View File

@ -71,8 +71,9 @@ echo ("</head>\n");
echo ("<frameset rows=\"150,*\">\n"); echo ("<frameset rows=\"150,*\">\n");
echo ("<frame src=\"./main_header.php\" name=\"head\" frameborder=\"0\">\n"); echo ("<frame src=\"./main_header.php\" name=\"head\" frameborder=\"0\">\n");
// display page to add suffixes, if needed // display page to add suffixes, if needed
if (sizeof($new_suffs) > 0) echo ("<frame src=\"initsuff.php?suffs='" . implode(";", $new_suffs) . if ((sizeof($new_suffs) > 0) && checkIfWriteAccessIsAllowed()) {
"'\" name=\"mainpart\" frameborder=\"0\">\n"); echo ("<frame src=\"initsuff.php?suffs='" . implode(";", $new_suffs) . "'\" name=\"mainpart\" frameborder=\"0\">\n");
}
else { else {
if (sizeof($types) > 0) { if (sizeof($types) > 0) {
echo ("<frame src=\"./lists/list.php?type=" . $types[0] . "\" name=\"mainpart\" frameborder=\"0\" scrolling=\"yes\">\n"); echo ("<frame src=\"./lists/list.php?type=" . $types[0] . "\" name=\"mainpart\" frameborder=\"0\" scrolling=\"yes\">\n");