sub copy_acl_files
{
my ($from, $to, $mods) = @_;
-my ($dbh, $fromid, $toid);
-my ($proto, $user, $pass, $host, $prefix, $args);
+my ($dbh, $proto, $fromid, $toid);
# Check if the user is in a DB
-&get_miniserv_config(\%miniserv);
-if ($miniserv{'userdb'}) {
- $dbh = &connect_userdb($miniserv{'userdb'});
+my $userdb = &get_userdb_string();
+if ($userdb) {
+ ($dbh, $proto) = &connect_userdb($userdb);
&error($dbh) if (!ref($dbh));
- ($proto, $user, $pass, $host, $prefix, $args) =
- &split_userdb_string($miniserv{'userdb'});
if ($proto eq "mysql" || $proto eq "postgresql") {
# Search in SQL DB
my $cmd = $dbh->prepare(
if (defined($fromid) && defined($toid)) {
# Copy from database to database
if ($proto eq "mysql" || $proto eq "postgresql") {
- my $cmd = $dbh->prepare("insert into webmin_user_acl select ?,module,attr,value from webmin_user_acl where id = ?");
- $cmd && $cmd->execute($toid, $fromid) ||
- &error("Failed to copy ACLs : ".$dbh->errstr);
- $cmd->finish();
+ my $cmd = $dbh->prepare("insert into webmin_user_acl select ?,module,attr,value from webmin_user_acl where id = ? and module = ?");
+ foreach my $m (@$mods) {
+ $cmd && $cmd->execute($toid, $fromid, $m) ||
+ &error("Failed to copy ACLs : ".$dbh->errstr);
+ $cmd->finish();
+ }
}
elsif ($proto eq "ldap") {
# XXX
}
else {
# Source and dest use different storage types
- # XXX
+ foreach my $m (@$mods) {
+ my %caccess = &get_module_acl($from, $m, 1, 1);
+ if (%caccess) {
+ &save_module_acl(\%caccess, $to, $m, 1);
+ }
+ }
}
if ($dbh) {
- &disconnect_userdb($miniserv{'userdb'}, $dbh);
+ &disconnect_userdb($userdb, $dbh);
}
}
=cut
sub copy_group_user_acl_files
{
+# XXX deal with user DB!
local $m;
foreach $m (@{$_[2]}) {
&unlink_file("$config_directory/$m/$_[1].acl");
=cut
sub set_acl_files
{
-local $m;
-foreach $m (@{$_[3]}) {
+my ($allusers, $allgroups, $mod, $members, $access) = @_;
+foreach my $m (@$members) {
if ($m !~ /^\@(.*)$/) {
# Member is a user
- local ($u) = grep { $_->{'name'} eq $m } @{$_[0]};
+ local ($u) = grep { $_->{'name'} eq $m } @$allusers;
if ($u) {
local $aclfile =
- "$config_directory/$_[2]/$u->{'name'}.acl";
+ "$config_directory/$mod/$u->{'name'}.acl";
&lock_file($aclfile);
- &write_file($aclfile, $_[4]);
- chmod(0640, $aclfile);
+ &save_module_acl($access, $u->{'name'}, $mod, 1);
+ chmod(0640, $aclfile) if (-r $aclfile);
&unlock_file($aclfile);
}
}
else {
# Member is a group
local $gname = substr($m, 1);
- local ($g) = grep { $_->{'name'} eq $gname } @{$_[1]};
+ local ($g) = grep { $_->{'name'} eq $gname } @$allgroups;
if ($g) {
local $aclfile =
- "$config_directory/$_[2]/$g->{'name'}.gacl";
+ "$config_directory/$mod/$g->{'name'}.gacl";
&lock_file($aclfile);
- &write_file($aclfile, $_[4]);
- chmod(0640, $aclfile);
+ &save_group_module_acl($access, $g->{'name'}, $mod, 1);
+ chmod(0640, $aclfile) if (-r $aclfile);
&unlock_file($aclfile);
- &set_acl_files($_[0], $_[1], $_[2], $g->{'members'}, $_[4]);
+ &set_acl_files($allusers, $allgroups, $mod,
+ $g->{'members'}, $access);
}
}
}
# Storage type
if ($in{'group'}) {
print &ui_table_row($text{'edit_proto'},
- $text{'edit_proto'.$user{'proto'}});
+ $text{'edit_proto_'.$group{'proto'}});
}
print &ui_hidden_table_end("basic");
# Start of modules section
print &ui_hidden_table_start(@groups ? $text{'edit_modsg'} : $text{'edit_mods'},
- "width=100%", 2, "mods", 1);
+ "width=100%", 2, "mods");
# Show available modules, under categories
@mlist = &list_module_infos();
# Storage type
if ($in{'user'}) {
print &ui_table_row($text{'edit_proto'},
- $text{'edit_proto'.$user{'proto'}});
+ $text{'edit_proto_'.$user{'proto'}});
}
print &ui_hidden_table_end("rights");
# Start of modules section
print &ui_hidden_table_start(@groups ? $text{'edit_modsg'} : $text{'edit_mods'},
- "width=100%", 2, "mods", 1);
+ "width=100%", 2, "mods");
# Show available modules, under categories
@mlist = grep { $access{'others'} || $has{$_->{'dir'}} || $mcan{$_->{'dir'}} }
edit_mods=Available Webmin modules
edit_modsg=Available Webmin modules (in addition to those from group)
edit_proto=Storage type
-edit_protomysql=MySQL database
-edit_protopostgresql=PostgreSQL database
-edit_protoldap=LDAP server
+edit_proto_mysql=MySQL database
+edit_proto_postgresql=PostgreSQL database
+edit_proto_ldap=LDAP server
+edit_proto_=Local files
save_err=Failed to save user
save_ename='$1' is not a valid username
&foreign_call("", "acl_security_save", \%uaccess, \%in);
$aclfile = "$config_directory/$in{'name'}.gacl";
&lock_file($aclfile);
- &write_file($aclfile, \%uaccess);
- chmod(0640, $aclfile);
+ &save_group_module_acl(\%uaccess, $in{'name'}, "", 1);
+ chmod(0640, $aclfile) if (-r $aclfile);
&unlock_file($aclfile);
}
$access{'users'} .= " ".$in{'name'};
&save_module_acl(\%access);
}
- #%aclacl = &get_module_acl();
- #&save_module_acl(\%aclacl, $in{'name'});
}
if ($in{'old'} && $in{'acl_security_form'} && !$group) {
&foreign_call("", "acl_security_save", \%uaccess, \%in);
$aclfile = "$config_directory/$in{'name'}.acl";
&lock_file($aclfile);
- &write_file($aclfile, \%uaccess);
- chmod(0640, $aclfile);
+ &save_module_acl(\%uaccess, $in{'name'}, "", 1);
+ chmod(0640, $aclfile) if (-r $aclfile);
&unlock_file($aclfile);
}
my $mdir = &module_root_directory($m);
my %rv;
&read_file_cached("$mdir/defaultacl", \%rv);
-&read_file_cached("$config_directory/$m/$g.gacl", \%rv);
+
+my $userdb = &get_userdb_string();
+my $foundindb = 0;
+if ($userdb) {
+ # Look for this group in the user/group DB
+ my ($dbh, $proto) = &connect_userdb($userdb);
+ ref($dbh) || &error(&text('egroupdbacl', $dbh));
+ if ($proto eq "mysql" || $proto eq "postgresql") {
+ # Find the group in the SQL DB
+ my $cmd = $dbh->prepare(
+ "select id from webmin_group where name = ?");
+ $cmd && $cmd->execute($g) ||
+ &error(&text('egroupdbacl', $dbh->errstr));
+ my ($id) = $cmd->fetchrow();
+ $foundindb = 1 if (defined($id));
+ $cmd->finish();
+
+ # Fetch ACLs with SQL
+ if ($foundindb) {
+ my $cmd = $dbh->prepare(
+ "select attr,value from webmin_group_acl ".
+ "where id = ? and module = ?");
+ $cmd && $cmd->execute($id, $m) ||
+ &error(&text('egroupdbacl', $dbh->errstr));
+ while(my ($a, $v) = $cmd->fetchrow()) {
+ $rv{$a} = $v;
+ }
+ $cmd->finish();
+ }
+ }
+ elsif ($proto eq "ldap") {
+ # Fetch ACLs from LDAP
+ # XXX
+ }
+ &disconnect_userdb($userdb, $dbh);
+ }
+if (!$foundindb) {
+ # Read from local files
+ &read_file_cached("$config_directory/$m/$g.gacl", \%rv);
+ }
if (defined(&theme_get_module_acl)) {
%rv = &theme_get_module_acl($g, $m, \%rv);
}
# Find the group in the SQL DB
my $cmd = $dbh->prepare(
"select id from webmin_group where name = ?");
- $cmd && $cmd->execute($u) ||
+ $cmd && $cmd->execute($g) ||
&error(&text('egroupdbacl2', $dbh->errstr));
my ($id) = $cmd->fetchrow();
$foundindb = 1 if (defined($id));
&disconnect_userdb($userdb, $dbh);
}
-
-
if (!$foundindb) {
# Save ACL to local file
if (!-d "$config_directory/$m") {
projects / webmin.git / commitdiff