2 # Create, update or delete one RBAC user
4 require './rbac-lib.pl';
6 &error_setup($text{'user_err'});
9 $users = &list_user_attrs();
11 $user = $users->[$in{'idx'}];
12 &can_edit_user($user) || &error($text{'user_ecannot'});
13 $loguser = $user->{'user'};
14 @oldroles = split(/,/, $user->{'attr'}->{'roles'});
15 @oldprofs = split(/,/, $user->{'attr'}->{'profiles'});
18 $access{'users'} || $access{'roles'} || &error($text{'user_ecannot'});
19 $user = { 'attr' => { } };
20 $loguser = $in{'user'};
24 # Find users of this role
25 foreach $u (@$users) {
27 split(/,/, $u->{'attr'}->{'roles'});
28 $idx = &indexof($loguser, @roles);
30 push(@roleusers, [ $u, $idx, \@roles ]);
36 # Just delete this user
37 @roleusers && &error(&text('user_einuse',
38 $roleusers[0]->[0]->{'user'}));
39 &delete_user_attr($user);
43 if ($in{'new'} || $loguser ne $in{'user'}) {
44 ($clash) = grep { $_->{'user'} eq $in{'user'} } @$users;
45 $clash && &error($text{'user_eclash'});
48 # Validate and store inputs
49 $in{'user'} =~ /^[^ :]+$/ || &error($text{'user_euser'});
50 $user->{'user'} = $in{'user'};
51 if (!$access{'users'}) {
53 $user->{'attr'}->{'type'} = 'role';
55 elsif (!$access{'roles'}) {
57 $user->{'attr'}->{'type'} = 'normal';
61 $user->{'attr'}->{'type'} = $in{'type'};
65 delete($user->{'attr'}->{'type'});
67 $profiles = &profiles_parse("profiles");
69 @profiles = split(/,/, $profiles);
70 foreach $p (@profiles) {
71 if (!&can_assign_profile($p) &&
72 &indexof($p, @oldprofs) == -1) {
73 &error(&text('user_eprof', $p));
76 $user->{'attr'}->{'profiles'} = $profiles;
79 delete($user->{'attr'}->{'profiles'});
81 if ($access{'authassign'}) {
82 $auths = &auths_parse("auths");
84 $user->{'attr'}->{'auths'} = $auths;
87 delete($user->{'attr'}->{'auths'});
90 $roles = &attr_parse("roles");
92 @roles = split(/,/, $roles);
93 &indexof($in{'user'}, @roles) < 0 ||
94 &error($text{'user_esub'});
96 if (!&can_assign_role($r) &&
97 &indexof($r, @oldroles) == -1) {
98 &error(&text('user_erole', $r));
101 $user->{'attr'}->{'roles'} = $roles;
104 delete($user->{'attr'}->{'roles'});
106 if ($in{'project_def'}) {
107 delete($user->{'attr'}->{'project'});
110 $user->{'attr'}->{'project'} = $in{'project'};
113 $user->{'attr'}->{'lock_after_retries'} = $in{'lock'};
116 delete($user->{'attr'}->{'lock_after_retries'});
119 # Save or update user
121 &create_user_attr($user);
124 &modify_user_attr($user);
126 # Update other users of this role, if renamed
127 if ($loguser ne $in{'user'}) {
128 foreach $ru (@roleusers) {
129 $ru->[2]->[$ru->[1]] = $in{'user'};
130 $ru->[0]->{'attr'}->{'roles'} =
131 join(",", @{$ru->[2]});
132 &modify_user_attr($ru->[0]);
138 &unlock_rbac_files();
139 &webmin_log($in{'delete'} ? "delete" : $in{'new'} ? "create" : "modify",
140 "user", $loguser, $user);
141 &redirect("list_users.cgi");