added new security model

This commit is contained in:
Roland Gruber 2007-12-30 16:08:54 +00:00
parent f8aec0f1a8
commit 93d4c1417e
7 changed files with 71 additions and 40 deletions

View File

@ -462,9 +462,11 @@ class lamList {
echo "<img src=\"../../graphics/edit.png\" alt=\"" . _("Edit") . "\" title=\"" . _("Edit") . "\">";
echo "</a>\n ";
// delete image
echo "<a href=\"deletelink.php?type=" . $this->type . "&amp;DN='" . $account['dn'] . "'\">";
echo "<img src=\"../../graphics/delete.png\" alt=\"" . _("Delete") . "\" title=\"" . _("Delete") . "\">";
echo "</a>\n ";
if (checkIfWriteAccessIsAllowed()) {
echo "<a href=\"deletelink.php?type=" . $this->type . "&amp;DN='" . $account['dn'] . "'\">";
echo "<img src=\"../../graphics/delete.png\" alt=\"" . _("Delete") . "\" title=\"" . _("Delete") . "\">";
echo "</a>\n ";
}
// pdf image
echo "<input type=\"image\" style=\"background:transparent;\" name=\"createPDF_" . $id . "\" src=\"../../graphics/pdf.png\" title=\"" . _('Create PDF') . "\">\n ";
// additional tools
@ -504,6 +506,9 @@ class lamList {
private function listDoPost() {
// check if button was pressed and if we have to add/delete an account
if (isset($_POST['new']) || isset($_POST['del'])){
if (!checkIfWriteAccessIsAllowed()) {
die();
}
// add new account
if (isset($_POST['new'])){
metaRefresh("../account/edit.php?type=" . $this->type . "&amp;suffix=" . $this->suffix);
@ -703,12 +708,14 @@ class lamList {
echo "<table border=0 width=\"100%\">\n";
echo "<tr>\n";
echo "<td align=\"left\">\n";
// add/delete buttons
echo ("<input class=\"" . $this->type . "\" type=\"submit\" name=\"new\" value=\"" . $this->labels['newEntry'] . "\">\n");
if (!$createOnly) {
echo ("<input class=\"" . $this->type . "\" type=\"submit\" name=\"del\" value=\"" . $this->labels['deleteEntry'] . "\">\n");
if (checkIfWriteAccessIsAllowed()) {
// add/delete buttons
echo ("<input class=\"" . $this->type . "\" type=\"submit\" name=\"new\" value=\"" . $this->labels['newEntry'] . "\">\n");
if (!$createOnly) {
echo ("<input class=\"" . $this->type . "\" type=\"submit\" name=\"del\" value=\"" . $this->labels['deleteEntry'] . "\">\n");
}
echo "&nbsp;&nbsp;&nbsp;";
}
echo "&nbsp;&nbsp;&nbsp;";
$this->listShowOUSelection();
echo "</td>\n";
echo "<td align=\"right\">\n";

View File

@ -961,6 +961,43 @@ class accountContainer {
return;
}
}
if (checkIfWriteAccessIsAllowed()) {
$this->printCommonControls();
}
echo "<br>\n";
// create module menu
echo "<table class=\"".$this->type."list\" border=0 width=\"100%\" style=\"border-collapse: collapse;\">\n";
echo "<tr class=\"".$this->type."list\" valign=\"top\"><td style=\"border-bottom: 1px solid;padding:0px;\" colspan=2>";
// tab menu
$this->printModuleTabs();
echo "</td></tr>\n";
// content header
echo "<tr class=\"" . $this->type . "list\">\n";
echo "<td style=\"padding:10px;\">\n";
$this->printContentHeader();
echo "</td>\n";
echo "</tr>\n";
echo "<tr class=\"" . $this->type . "list\">\n";
// content area
echo "<td width=\"100%\" style=\"padding:10px;\">";
// display html-code from modules
$return = array();
$return = call_user_func(array($this->module[$this->order[$this->current_page]], 'display_html_'.$this->subpage));
$y = 5000;
$z = 10000;
parseHtml($this->order[$this->current_page], $return, array(), false, $y, $z, $this->type);
// Display rest of html-page
echo "<br>*" . _('required');
echo "</td></tr></table>\n";
$this->printPageFooter();
}
/**
* Prints common controls like the save button and the ou selection.
*/
private function printCommonControls() {
echo "<table class=\"".$this->type."list\" style=\"border-width:0px;\" width=\"100%\"><tr>";
echo "<td align=\"left\">";
// save button
@ -991,34 +1028,6 @@ class accountContainer {
}
echo "</td>";
echo "</tr></table>";
echo "<br>\n";
// create module menu
echo "<table class=\"".$this->type."list\" border=0 width=\"100%\" style=\"border-collapse: collapse;\">\n";
echo "<tr class=\"".$this->type."list\" valign=\"top\"><td style=\"border-bottom: 1px solid;padding:0px;\" colspan=2>";
// tab menu
$this->printModuleTabs();
echo "</td></tr>\n";
// content header
echo "<tr class=\"" . $this->type . "list\">\n";
echo "<td style=\"padding:10px;\">\n";
$this->printContentHeader();
echo "</td>\n";
echo "</tr>\n";
echo "<tr class=\"" . $this->type . "list\">\n";
// content area
echo "<td width=\"100%\" style=\"padding:10px;\">";
// display html-code from modules
$return = array();
$return = call_user_func(array($this->module[$this->order[$this->current_page]], 'display_html_'.$this->subpage));
$y = 5000;
$z = 10000;
parseHtml($this->order[$this->current_page], $return, array(), false, $y, $z, $this->type);
// Display rest of html-page
echo "<br>*" . _('required');
echo "</td></tr></table>\n";
$this->printPageFooter();
}
/**
@ -1439,6 +1448,9 @@ class accountContainer {
* @return array list of status messages if any errors occured
*/
function save_account() {
if (!checkIfWriteAccessIsAllowed()) {
die();
}
$finalDN = $this->dn;
$errors = array();
$ldapUser = $_SESSION['ldap']->decrypt_login();

View File

@ -1521,6 +1521,9 @@ class posixAccount extends baseModule {
* <br> )
*/
function doUploadPostActions($data, $ids, $failed, &$temp) {
if (!checkIfWriteAccessIsAllowed()) {
die();
}
// on first call generate list of ldap operations
if (!isset($temp['counter'])) {
$temp['groups'] = array();

View File

@ -225,7 +225,7 @@ class lamUserList extends lamList {
if (!isLAMProVersion()) {
return array();
}
else {
elseif (checkIfPasswordChangeIsAllowed()) {
$passwordTool = new lamListTool(_('Change password'), 'key.png', 'changePassword.php');
return array($passwordTool);
}

View File

@ -49,6 +49,10 @@ include_once('../lib/modules.inc');
// Start session
startSecureSession();
if (!checkIfWriteAccessIsAllowed()) {
die();
}
// Redirect to startpage if user is not loged in
if (!isset($_SESSION['loggedIn'])) {
metaRefresh("login.php");

View File

@ -40,6 +40,10 @@ include_once("../lib/status.inc");
// start session
startSecureSession();
if (!checkIfWriteAccessIsAllowed()) {
die();
}
setlanguage();
// check if user already pressed button

View File

@ -71,8 +71,9 @@ echo ("</head>\n");
echo ("<frameset rows=\"150,*\">\n");
echo ("<frame src=\"./main_header.php\" name=\"head\" frameborder=\"0\">\n");
// display page to add suffixes, if needed
if (sizeof($new_suffs) > 0) echo ("<frame src=\"initsuff.php?suffs='" . implode(";", $new_suffs) .
"'\" name=\"mainpart\" frameborder=\"0\">\n");
if ((sizeof($new_suffs) > 0) && checkIfWriteAccessIsAllowed()) {
echo ("<frame src=\"initsuff.php?suffs='" . implode(";", $new_suffs) . "'\" name=\"mainpart\" frameborder=\"0\">\n");
}
else {
if (sizeof($types) > 0) {
echo ("<frame src=\"./lists/list.php?type=" . $types[0] . "\" name=\"mainpart\" frameborder=\"0\" scrolling=\"yes\">\n");