added new security model
This commit is contained in:
		
							parent
							
								
									f8aec0f1a8
								
							
						
					
					
						commit
						93d4c1417e
					
				|  | @ -462,9 +462,11 @@ class lamList { | ||||||
| 		echo "<img src=\"../../graphics/edit.png\" alt=\"" . _("Edit") . "\" title=\"" . _("Edit") . "\">"; | 		echo "<img src=\"../../graphics/edit.png\" alt=\"" . _("Edit") . "\" title=\"" . _("Edit") . "\">"; | ||||||
| 		echo "</a>\n "; | 		echo "</a>\n "; | ||||||
| 		// delete image
 | 		// delete image
 | ||||||
|  | 		if (checkIfWriteAccessIsAllowed()) { | ||||||
| 			echo "<a href=\"deletelink.php?type=" . $this->type . "&DN='" . $account['dn'] . "'\">"; | 			echo "<a href=\"deletelink.php?type=" . $this->type . "&DN='" . $account['dn'] . "'\">"; | ||||||
| 			echo "<img src=\"../../graphics/delete.png\" alt=\"" . _("Delete") . "\" title=\"" . _("Delete") . "\">"; | 			echo "<img src=\"../../graphics/delete.png\" alt=\"" . _("Delete") . "\" title=\"" . _("Delete") . "\">"; | ||||||
| 			echo "</a>\n "; | 			echo "</a>\n "; | ||||||
|  | 		} | ||||||
| 		// pdf image
 | 		// pdf image
 | ||||||
| 		echo "<input type=\"image\" style=\"background:transparent;\" name=\"createPDF_" . $id . "\" src=\"../../graphics/pdf.png\" title=\"" . _('Create PDF') . "\">\n "; | 		echo "<input type=\"image\" style=\"background:transparent;\" name=\"createPDF_" . $id . "\" src=\"../../graphics/pdf.png\" title=\"" . _('Create PDF') . "\">\n "; | ||||||
| 		// additional tools
 | 		// additional tools
 | ||||||
|  | @ -504,6 +506,9 @@ class lamList { | ||||||
| 	private function listDoPost() { | 	private function listDoPost() { | ||||||
| 		// check if button was pressed and if we have to add/delete an account
 | 		// check if button was pressed and if we have to add/delete an account
 | ||||||
| 		if (isset($_POST['new']) || isset($_POST['del'])){ | 		if (isset($_POST['new']) || isset($_POST['del'])){ | ||||||
|  | 			if (!checkIfWriteAccessIsAllowed()) { | ||||||
|  | 				die(); | ||||||
|  | 			} | ||||||
| 			// add new account
 | 			// add new account
 | ||||||
| 			if (isset($_POST['new'])){ | 			if (isset($_POST['new'])){ | ||||||
| 				metaRefresh("../account/edit.php?type=" . $this->type . "&suffix=" . $this->suffix); | 				metaRefresh("../account/edit.php?type=" . $this->type . "&suffix=" . $this->suffix); | ||||||
|  | @ -703,12 +708,14 @@ class lamList { | ||||||
| 		echo "<table border=0 width=\"100%\">\n"; | 		echo "<table border=0 width=\"100%\">\n"; | ||||||
| 		echo "<tr>\n"; | 		echo "<tr>\n"; | ||||||
| 		echo "<td align=\"left\">\n"; | 		echo "<td align=\"left\">\n"; | ||||||
|  | 		if (checkIfWriteAccessIsAllowed()) { | ||||||
| 			// add/delete buttons
 | 			// add/delete buttons
 | ||||||
| 			echo ("<input class=\"" . $this->type . "\" type=\"submit\" name=\"new\" value=\"" . $this->labels['newEntry'] . "\">\n"); | 			echo ("<input class=\"" . $this->type . "\" type=\"submit\" name=\"new\" value=\"" . $this->labels['newEntry'] . "\">\n"); | ||||||
| 			if (!$createOnly) { | 			if (!$createOnly) { | ||||||
| 				echo ("<input class=\"" . $this->type . "\" type=\"submit\" name=\"del\" value=\"" . $this->labels['deleteEntry'] . "\">\n"); | 				echo ("<input class=\"" . $this->type . "\" type=\"submit\" name=\"del\" value=\"" . $this->labels['deleteEntry'] . "\">\n"); | ||||||
| 			} | 			} | ||||||
| 			echo "   "; | 			echo "   "; | ||||||
|  | 		} | ||||||
| 		$this->listShowOUSelection(); | 		$this->listShowOUSelection(); | ||||||
| 		echo "</td>\n"; | 		echo "</td>\n"; | ||||||
| 		echo "<td align=\"right\">\n"; | 		echo "<td align=\"right\">\n"; | ||||||
|  |  | ||||||
|  | @ -961,6 +961,43 @@ class accountContainer { | ||||||
| 				return; | 				return; | ||||||
| 			} | 			} | ||||||
| 		} | 		} | ||||||
|  | 		if (checkIfWriteAccessIsAllowed()) { | ||||||
|  | 			$this->printCommonControls(); | ||||||
|  | 		} | ||||||
|  | 		echo "<br>\n"; | ||||||
|  | 		// create module menu
 | ||||||
|  | 		echo "<table class=\"".$this->type."list\" border=0 width=\"100%\" style=\"border-collapse: collapse;\">\n"; | ||||||
|  | 		echo "<tr class=\"".$this->type."list\" valign=\"top\"><td style=\"border-bottom: 1px solid;padding:0px;\" colspan=2>"; | ||||||
|  | 		// tab menu
 | ||||||
|  | 		$this->printModuleTabs(); | ||||||
|  | 		echo "</td></tr>\n"; | ||||||
|  | 		// content header
 | ||||||
|  | 		echo "<tr class=\"" . $this->type . "list\">\n"; | ||||||
|  | 			echo "<td style=\"padding:10px;\">\n"; | ||||||
|  | 				$this->printContentHeader(); | ||||||
|  | 			echo "</td>\n"; | ||||||
|  | 		echo "</tr>\n"; | ||||||
|  | 		echo "<tr class=\"" . $this->type . "list\">\n"; | ||||||
|  | 		// content area
 | ||||||
|  | 		echo "<td width=\"100%\" style=\"padding:10px;\">"; | ||||||
|  | 		// display html-code from modules
 | ||||||
|  | 		$return = array(); | ||||||
|  | 		 | ||||||
|  | 		$return = call_user_func(array($this->module[$this->order[$this->current_page]], 'display_html_'.$this->subpage)); | ||||||
|  | 				 | ||||||
|  | 		$y = 5000; | ||||||
|  | 		$z = 10000; | ||||||
|  | 		parseHtml($this->order[$this->current_page], $return, array(), false, $y, $z, $this->type); | ||||||
|  | 		// Display rest of html-page
 | ||||||
|  | 		echo "<br>*" . _('required'); | ||||||
|  | 		echo "</td></tr></table>\n"; | ||||||
|  | 		$this->printPageFooter(); | ||||||
|  | 	} | ||||||
|  | 	 | ||||||
|  | 	/** | ||||||
|  | 	 * Prints common controls like the save button and the ou selection. | ||||||
|  | 	 */ | ||||||
|  | 	private function printCommonControls() { | ||||||
| 		echo "<table class=\"".$this->type."list\" style=\"border-width:0px;\" width=\"100%\"><tr>"; | 		echo "<table class=\"".$this->type."list\" style=\"border-width:0px;\" width=\"100%\"><tr>"; | ||||||
| 		echo "<td align=\"left\">"; | 		echo "<td align=\"left\">"; | ||||||
| 		// save button
 | 		// save button
 | ||||||
|  | @ -991,34 +1028,6 @@ class accountContainer { | ||||||
| 		} | 		} | ||||||
| 		echo "</td>"; | 		echo "</td>"; | ||||||
| 		echo "</tr></table>";		 | 		echo "</tr></table>";		 | ||||||
| 		echo "<br>\n"; |  | ||||||
| 		// create module menu
 |  | ||||||
| 		echo "<table class=\"".$this->type."list\" border=0 width=\"100%\" style=\"border-collapse: collapse;\">\n"; |  | ||||||
| 		echo "<tr class=\"".$this->type."list\" valign=\"top\"><td style=\"border-bottom: 1px solid;padding:0px;\" colspan=2>"; |  | ||||||
| 		// tab menu
 |  | ||||||
| 		$this->printModuleTabs(); |  | ||||||
| 		echo "</td></tr>\n"; |  | ||||||
| 		// content header
 |  | ||||||
| 		echo "<tr class=\"" . $this->type . "list\">\n"; |  | ||||||
| 			echo "<td style=\"padding:10px;\">\n"; |  | ||||||
| 				$this->printContentHeader(); |  | ||||||
| 			echo "</td>\n"; |  | ||||||
| 		echo "</tr>\n"; |  | ||||||
| 		echo "<tr class=\"" . $this->type . "list\">\n"; |  | ||||||
| 		// content area
 |  | ||||||
| 		echo "<td width=\"100%\" style=\"padding:10px;\">"; |  | ||||||
| 		// display html-code from modules
 |  | ||||||
| 		$return = array(); |  | ||||||
| 		 |  | ||||||
| 		$return = call_user_func(array($this->module[$this->order[$this->current_page]], 'display_html_'.$this->subpage)); |  | ||||||
| 				 |  | ||||||
| 		$y = 5000; |  | ||||||
| 		$z = 10000; |  | ||||||
| 		parseHtml($this->order[$this->current_page], $return, array(), false, $y, $z, $this->type); |  | ||||||
| 		// Display rest of html-page
 |  | ||||||
| 		echo "<br>*" . _('required'); |  | ||||||
| 		echo "</td></tr></table>\n"; |  | ||||||
| 		$this->printPageFooter(); |  | ||||||
| 	} | 	} | ||||||
| 	 | 	 | ||||||
| 	/** | 	/** | ||||||
|  | @ -1439,6 +1448,9 @@ class accountContainer { | ||||||
| 	* @return array list of status messages if any errors occured | 	* @return array list of status messages if any errors occured | ||||||
| 	*/ | 	*/ | ||||||
| 	function save_account() { | 	function save_account() { | ||||||
|  | 		if (!checkIfWriteAccessIsAllowed()) { | ||||||
|  | 			die(); | ||||||
|  | 		} | ||||||
| 		$finalDN = $this->dn; | 		$finalDN = $this->dn; | ||||||
| 		$errors = array(); | 		$errors = array(); | ||||||
| 		$ldapUser = $_SESSION['ldap']->decrypt_login(); | 		$ldapUser = $_SESSION['ldap']->decrypt_login(); | ||||||
|  |  | ||||||
|  | @ -1521,6 +1521,9 @@ class posixAccount extends baseModule { | ||||||
| 	* <br> ) | 	* <br> ) | ||||||
| 	*/ | 	*/ | ||||||
| 	function doUploadPostActions($data, $ids, $failed, &$temp) { | 	function doUploadPostActions($data, $ids, $failed, &$temp) { | ||||||
|  | 		if (!checkIfWriteAccessIsAllowed()) { | ||||||
|  | 			die(); | ||||||
|  | 		} | ||||||
| 		// on first call generate list of ldap operations
 | 		// on first call generate list of ldap operations
 | ||||||
| 		if (!isset($temp['counter'])) { | 		if (!isset($temp['counter'])) { | ||||||
| 			$temp['groups'] = array(); | 			$temp['groups'] = array(); | ||||||
|  |  | ||||||
|  | @ -225,7 +225,7 @@ class lamUserList extends lamList { | ||||||
| 		if (!isLAMProVersion()) { | 		if (!isLAMProVersion()) { | ||||||
| 			return array(); | 			return array(); | ||||||
| 		} | 		} | ||||||
| 		else { | 		elseif (checkIfPasswordChangeIsAllowed()) { | ||||||
| 			$passwordTool = new lamListTool(_('Change password'), 'key.png', 'changePassword.php'); | 			$passwordTool = new lamListTool(_('Change password'), 'key.png', 'changePassword.php'); | ||||||
| 			return array($passwordTool); | 			return array($passwordTool); | ||||||
| 		} | 		} | ||||||
|  |  | ||||||
|  | @ -49,6 +49,10 @@ include_once('../lib/modules.inc'); | ||||||
| // Start session
 | // Start session
 | ||||||
| startSecureSession(); | startSecureSession(); | ||||||
| 
 | 
 | ||||||
|  | if (!checkIfWriteAccessIsAllowed()) { | ||||||
|  | 	die(); | ||||||
|  | } | ||||||
|  | 
 | ||||||
| // Redirect to startpage if user is not loged in
 | // Redirect to startpage if user is not loged in
 | ||||||
| if (!isset($_SESSION['loggedIn'])) { | if (!isset($_SESSION['loggedIn'])) { | ||||||
| 	metaRefresh("login.php"); | 	metaRefresh("login.php"); | ||||||
|  |  | ||||||
|  | @ -40,6 +40,10 @@ include_once("../lib/status.inc"); | ||||||
| // start session
 | // start session
 | ||||||
| startSecureSession(); | startSecureSession(); | ||||||
| 
 | 
 | ||||||
|  | if (!checkIfWriteAccessIsAllowed()) { | ||||||
|  | 	die(); | ||||||
|  | } | ||||||
|  | 
 | ||||||
| setlanguage(); | setlanguage(); | ||||||
| 
 | 
 | ||||||
| // check if user already pressed button
 | // check if user already pressed button
 | ||||||
|  |  | ||||||
|  | @ -71,8 +71,9 @@ echo ("</head>\n"); | ||||||
| echo ("<frameset rows=\"150,*\">\n"); | echo ("<frameset rows=\"150,*\">\n"); | ||||||
| echo ("<frame src=\"./main_header.php\" name=\"head\" frameborder=\"0\">\n"); | echo ("<frame src=\"./main_header.php\" name=\"head\" frameborder=\"0\">\n"); | ||||||
| // display page to add suffixes, if needed
 | // display page to add suffixes, if needed
 | ||||||
| if (sizeof($new_suffs) > 0) echo ("<frame src=\"initsuff.php?suffs='" . implode(";", $new_suffs) . | if ((sizeof($new_suffs) > 0) && checkIfWriteAccessIsAllowed()) { | ||||||
| 	"'\" name=\"mainpart\" frameborder=\"0\">\n"); | 	echo ("<frame src=\"initsuff.php?suffs='" . implode(";", $new_suffs) . "'\" name=\"mainpart\" frameborder=\"0\">\n"); | ||||||
|  | } | ||||||
| else { | else { | ||||||
| 	if (sizeof($types) > 0) { | 	if (sizeof($types) > 0) { | ||||||
| 		echo ("<frame src=\"./lists/list.php?type=" . $types[0] . "\" name=\"mainpart\" frameborder=\"0\" scrolling=\"yes\">\n"); | 		echo ("<frame src=\"./lists/list.php?type=" . $types[0] . "\" name=\"mainpart\" frameborder=\"0\" scrolling=\"yes\">\n"); | ||||||
|  |  | ||||||
		Loading…
	
		Reference in New Issue