acl/save_acl.cgi

   1 #!/usr/local/bin/perl
   2 # save_acl.cgi
   3 # Save access control options for some module
   4
   5 require './acl-lib.pl';
   6 &ReadParse();
   7 if ($in{'_acl_group'}) {
   8         $access{'groups'} || &error($text{'acl_egroup'});
   9         $who = $in{'_acl_group'};
  10         }
  11 else {
  12         $me = &get_user($base_remote_user);
  13         @mcan = $access{'mode'} == 1 ? @{$me->{'modules'}} :
  14                 $access{'mode'} == 2 ? split(/\s+/, $access{'mods'}) :
  15                                        ( &list_modules(), "" );
  16         &indexof($in{'_acl_mod'}, @mcan) >= 0 || &error($text{'acl_emod'});
  17         &can_edit_user($in{'_acl_user'}) || &error($text{'acl_euser'});
  18         $who = $in{'_acl_user'};
  19         }
  20
  21 $aclfile = $in{'_acl_group'} ? "$config_directory/$in{'_acl_mod'}/$who.gacl"
  22                              : "$config_directory/$in{'_acl_mod'}/$who.acl";
  23 if ($in{'reset'}) {
  24         # Just remove the .acl file
  25         &lock_file($aclfile);
  26         if ($in{'_acl_group'}) {
  27                 # For a group
  28                 &save_group_module_acl(undef, $in{'_acl_group'},
  29                                        $in{'_acl_mod'}, 1);
  30                 }
  31         else {
  32                 # For a user
  33                 &save_module_acl(undef, $in{'_acl_user'},
  34                                  $in{'_acl_mod'},1);
  35                 }
  36         &unlock_file($aclfile);
  37         $in{'moddesc'} = $minfo{'desc'};
  38         &webmin_log("reset", undef, $who, \%in);
  39         }
  40 else {
  41         # Validate and store ACL settings
  42         &error_setup($text{'acl_err'});
  43         $maccess{'noconfig'} = $in{'noconfig'};
  44         if ($in{'rbac'}) {
  45                 # RBAC overrides everything
  46                 $maccess{'rbac'} = 1;
  47                 }
  48         elsif (-r "../$in{'_acl_mod'}/acl_security.pl") {
  49                 # Use user inputs
  50                 $maccess{'rbac'} = 0 if (defined($in{'rbac'}));
  51                 &foreign_require($in{'_acl_mod'}, "acl_security.pl");
  52                 &foreign_call($in{'_acl_mod'}, "acl_security_save",
  53                               \%maccess, \%in);
  54                 }
  55
  56         # Write out the ACL
  57         &lock_file($aclfile);
  58         if ($in{'_acl_group'}) {
  59                 # For a group
  60                 &save_group_module_acl(\%maccess, $in{'_acl_group'},
  61                                        $in{'_acl_mod'}, 1);
  62                 }
  63         else {
  64                 # For a user
  65                 &save_module_acl(\%maccess, $in{'_acl_user'},
  66                                  $in{'_acl_mod'},1);
  67                 }
  68         chmod(0640, $aclfile) if (-r $aclfile);
  69         &unlock_file($aclfile);
  70
  71         %minfo = $in{'_acl_mod'} ? &get_module_info($in{'_acl_mod'})
  72                                  : ( 'desc' => $text{'index_global'} );
  73
  74         if ($in{'_acl_group'}) {
  75                 # Recursively update the ACL for all member users and groups
  76                 # XXX ACL in DB?
  77                 @ulist = &list_users();
  78                 @glist = &list_groups();
  79                 ($group) = grep { $_->{'name'} eq $in{'_acl_group'} } @glist;
  80                 &set_acl_files(\@ulist, \@glist, $in{'_acl_mod'},
  81                                $group->{'members'}, \%maccess);
  82                 }
  83
  84         $in{'moddesc'} = $minfo{'desc'};
  85         &webmin_log("acl", undef, $who, \%in);
  86         }
  87 if ($config{'display'}) {
  88         if ($in{'_acl_group'}) {
  89                 &redirect("edit_group.cgi?group=$in{'_acl_group'}");
  90                 }
  91         else {
  92                 &redirect("edit_user.cgi?user=$in{'_acl_user'}&readwrite=1");
  93                 }
  94         }
  95 else {
  96         &redirect("");
  97         }
  98
  99