3 # Save access control options for some module
5 require './acl-lib.pl';
7 if ($in{'_acl_group'}) {
8 $access{'groups'} || &error($text{'acl_egroup'});
9 $who = $in{'_acl_group'};
12 $me = &get_user($base_remote_user);
13 @mcan = $access{'mode'} == 1 ? @{$me->{'modules'}} :
14 $access{'mode'} == 2 ? split(/\s+/, $access{'mods'}) :
15 ( &list_modules(), "" );
16 &indexof($in{'_acl_mod'}, @mcan) >= 0 || &error($text{'acl_emod'});
17 &can_edit_user($in{'_acl_user'}) || &error($text{'acl_euser'});
18 $who = $in{'_acl_user'};
21 $aclfile = $in{'_acl_group'} ? "$config_directory/$in{'_acl_mod'}/$who.gacl"
22 : "$config_directory/$in{'_acl_mod'}/$who.acl";
24 # Just remove the .acl file
26 if ($in{'_acl_group'}) {
28 &save_group_module_acl(undef, $in{'_acl_group'},
33 &save_module_acl(undef, $in{'_acl_user'},
36 &unlock_file($aclfile);
37 $in{'moddesc'} = $minfo{'desc'};
38 &webmin_log("reset", undef, $who, \%in);
41 # Validate and store ACL settings
42 &error_setup($text{'acl_err'});
43 $maccess{'noconfig'} = $in{'noconfig'};
45 # RBAC overrides everything
48 elsif (-r "../$in{'_acl_mod'}/acl_security.pl") {
50 $maccess{'rbac'} = 0 if (defined($in{'rbac'}));
51 &foreign_require($in{'_acl_mod'}, "acl_security.pl");
52 &foreign_call($in{'_acl_mod'}, "acl_security_save",
58 if ($in{'_acl_group'}) {
60 &save_group_module_acl(\%maccess, $in{'_acl_group'},
65 &save_module_acl(\%maccess, $in{'_acl_user'},
68 chmod(0640, $aclfile) if (-r $aclfile);
69 &unlock_file($aclfile);
71 %minfo = $in{'_acl_mod'} ? &get_module_info($in{'_acl_mod'})
72 : ( 'desc' => $text{'index_global'} );
74 if ($in{'_acl_group'}) {
75 # Recursively update the ACL for all member users and groups
77 @ulist = &list_users();
78 @glist = &list_groups();
79 ($group) = grep { $_->{'name'} eq $in{'_acl_group'} } @glist;
80 &set_acl_files(\@ulist, \@glist, $in{'_acl_mod'},
81 $group->{'members'}, \%maccess);
84 $in{'moddesc'} = $minfo{'desc'};
85 &webmin_log("acl", undef, $who, \%in);
87 if ($config{'display'}) {
88 if ($in{'_acl_group'}) {
89 &redirect("edit_group.cgi?group=$in{'_acl_group'}");
92 &redirect("edit_user.cgi?user=$in{'_acl_user'}&readwrite=1");