Webmin users can now be given temporary passwords, which they are forced to change at the next login. Thanks to GE Medical Systems for supporting this feature.
---- Changes since 1.410 ----
Added an API function to allow easier anonymous module access setup.
+---- Changes since 1.440 ----
+Removed the Hide Unused button and associated functionality, as un-available modules are already automatically hidden in the Un-used Modules category.
+Moved the 'global ACL' fields to the Edit User and Edit Group pages, so that restrictions applying to all modules can be more easily found and edited.
}
$grids .= &ui_grid_table(\@grid, 2, 100, [ "width=50%", "width=50%" ]);
}
-# Group-level global ACL
-if ($access{'acl'}) {
- $grids .= "<b>$text{'edit_special'}</b><br>\n";
- @grid = ( "<img src=images/empty.gif> ".
- "<a href='edit_acl.cgi?mod=&group=".&urlize($in{'group'}).
- "'>".$text{'index_global'}."</a>" );
- $grids .= &ui_grid_table(\@grid, 2, 100);
- }
print &ui_table_row(undef, &ui_links_row(\@links).
- $grids.
- &ui_links_row(\@links), 2);
+ $grids.
+ &ui_links_row(\@links), 2);
print &ui_hidden_table_end("mods");
+# Add global ACL section
+if ($access{'acl'} && $in{'group'}) {
+ print &ui_hidden_table_start($text{'edit_global'}, "width=100%", 2,
+ "global", 0, [ "width=30%" ]);
+ %uaccess = &get_module_acl($in{'group'}, "", 1);
+ print &ui_hidden("acl_security_form", 1);
+ &foreign_require("", "acl_security.pl");
+ &foreign_call("", "acl_security_form", \%uaccess);
+ print &ui_hidden_table_end("global");
+ }
+
# Generate form end buttons
@buts = ( );
push(@buts, [ undef, $in{'group'} ? $text{'save'} : $text{'create'} ]);
if ($in{'group'}) {
- push(@buts, [ "but_hide", $text{'edit_hide'} ]);
push(@buts, [ "but_clone", $text{'edit_clone'} ]);
push(@buts, [ "but_delete", $text{'delete'} ]);
}
$grids .= &ui_grid_table(\@grid, 2, 100, [ "width=50%", "width=50%" ]);
}
-# Add global ACL link, but only if not set from the group
-$groupglobal = $memg && -r "$config_directory/$memg->{'name'}.acl";
-if ($access{'acl'}) {
- $grids .= "<b>$text{'edit_special'}</b><br>\n";
- if ($groupglobal) {
- # Set by group, so cannot be edited. But show the word anyway
- @grid = ( "<img src=images/tick.gif> ".$text{'index_global'} );
- }
- else {
- # Not set by group
- @grid = ( "<img src=images/tick.gif> ".
- "<a href='edit_acl.cgi?mod=&user=".
- &urlize($in{'user'})."'>".
- $text{'index_global'}."</a>" );
- }
- $grids .= &ui_grid_table(\@grid, 2, 100);
- }
print &ui_table_row(undef, &ui_links_row(\@links).
- $grids.
- &ui_links_row(\@links), 2);
+ $grids.
+ &ui_links_row(\@links), 2);
print &ui_hidden_table_end("mods");
+# Add global ACL section, but only if not set from the group
+$groupglobal = $memg && -r "$config_directory/$memg->{'name'}.acl";
+if ($access{'acl'} && !$groupglobal && $in{'user'}) {
+ print &ui_hidden_table_start($text{'edit_global'}, "width=100%", 2,
+ "global", 0, [ "width=30%" ]);
+ %uaccess = &get_module_acl($in{'user'}, "", 1);
+ print &ui_hidden("acl_security_form", 1);
+ &foreign_require("", "acl_security.pl");
+ &foreign_call("", "acl_security_form", \%uaccess);
+ print &ui_hidden_table_end("global");
+ }
+
# Generate form end buttons
@buts = ( );
push(@buts, [ undef, $in{'user'} ? $text{'save'} : $text{'create'} ]);
if ($in{'user'}) {
- if (!$group) {
- push(@buts, [ "but_hide", $text{'edit_hide'} ]);
- }
if ($access{'create'} && !$group) {
push(@buts, [ "but_clone", $text{'edit_clone'} ]);
}
+++ /dev/null
-#!/usr/local/bin/perl
-# hide.cgi
-# Remove from user's module list
-
-require './acl-lib.pl';
-&ReadParse();
-%hide = map { $_, 1 } split(/\0/, $in{'hide'});
-if ($in{'user'}) {
- &can_edit_user($in{'user'}) || &error($text{'edit_euser'});
- ($user) = grep { $_->{'name'} eq $in{'user'} } &list_users();
- $user->{'modules'} = [ grep { !$hide{$_} } @{$user->{'modules'}} ];
- &modify_user($user->{'name'}, $user);
- }
-else {
- $access{'groups'} || &error($text{'gedit_ecannot'});
- ($group) = grep { $_->{'name'} eq $in{'group'} } &list_groups();
- $group->{'modules'} = [ grep { !$hide{$_} } @{$group->{'modules'}} ];
- &modify_group($group->{'name'}, $group);
- }
-&restart_miniserv();
-&redirect("");
-
+++ /dev/null
-#!/usr/local/bin/perl
-# hide_form.cgi
-# Build up a list of modules that should be hidden due to their managed
-# servers not being installed
-
-require './acl-lib.pl';
-&ReadParse();
-if ($in{'user'}) {
- &can_edit_user($in{'user'}) || &error($text{'edit_euser'});
- $what = $in{'user'};
- @whos = &list_users();
- }
-else {
- $access{'groups'} || &error($text{'gedit_ecannot'});
- $what = $in{'group'};
- @whos = &list_groups();
- }
-($who) = grep { $_->{'name'} eq $what } @whos;
-&ui_print_header(undef, $text{'hide_title'}, "");
-
-# Find modules to hide which the user has and which theoretically support
-# this OS
-%got = map { $_, 1 } @{$who->{'modules'}};
-foreach $m (sort { $a->{'desc'} cmp $b->{'desc'} }
- &get_all_module_infos()) {
- if (&check_os_support($m) && $got{$m->{'dir'}} &&
- !&foreign_installed($m->{'dir'}, 0)) {
- push(@hide, $m);
- }
- }
-
-if (@hide) {
- print "<form action=hide.cgi>\n";
- print "<input type=hidden name=user value='$in{'user'}'>\n";
- print "<input type=hidden name=group value='$in{'group'}'>\n";
- print &text('hide_desc', "<tt>$what</tt>"),"<br>\n";
- print "<ul>\n";
- foreach $h (@hide) {
- print "<li>$h->{'desc'}\n";
- if ($h->{'clone'}) {
- print &text('hide_clone', "<tt>$h->{'dir'}</tt>"),"\n";
- }
- print "<input type=hidden name=hide value='$h->{'dir'}'>\n";
- }
- print "</ul><p>\n";
- print "$text{'hide_desc2'}<p>\n";
- print "<input type=submit value='$text{'hide_ok'}'></form>\n";
- }
-else {
- print &text('hide_none', "<tt>$what</tt>"),"<p>\n";
- }
-
-&ui_print_footer(
- $in{'user'} ? ( "edit_user.cgi?user=$who", $text{'edit_return'} )
- : ( "edit_group.cgi?group=$who", $text{'edit_return2'} ),
- "", $text{'index_return'});
-
$rv .= &ui_submit($text{'index_edit'});
}
local @opts;
- push(@opts, [ '', $text{'index_global'} ]) if ($global);
foreach my $m (sort { $modname{$a} cmp $modname{$b} } @$mods) {
if ($modname{$m}) {
push(@opts, [ $m, $modname{$m} ]);
# Show as table
$rv .= $prefix."<br>\n" if ($prefix);
local @grid;
- if ($access{'acl'}) {
- push(@grid, "<a href='edit_acl.cgi?mod=&$type=".
- &urlize($who)."'>$text{'index_global'}</a>");
- }
foreach my $m (sort { $modname{$a} cmp $modname{$b} } @$mods) {
if ($modname{$m}) {
if ($mcan{$m} && $access{'acl'}) {
edit_rbacdeny=RBAC access mode
edit_rbacdeny0=RBAC only controls selected module ACLs
edit_rbacdeny1=RBAC controls all modules and ACLs
-edit_special=Special
+edit_global=Permissions for all modules
edit_templock=Temporarily locked
edit_temppass=Force change at next login
edit_days=Allowed days of the week
&ReadParse();
# Check for special button clicks, and redirect
-if ($in{'but_hide'}) {
- &redirect("hide_form.cgi?group=".&urlize($in{'old'}));
- exit;
- }
-elsif ($in{'but_clone'}) {
+if ($in{'but_clone'}) {
&redirect("edit_group.cgi?clone=".&urlize($in{'old'}));
exit;
}
# create group
&create_group(\%group, $in{'clone'});
}
+
+if ($in{'old'} && $in{'acl_security_form'}) {
+ # Update group's global ACL
+ &foreign_require("", "acl_security.pl");
+ %global::in = %in;
+ &foreign_call("", "acl_security_save",
+ \%uaccess, \%in);
+ $aclfile = "$config_directory/$in{'name'}.gacl";
+ &lock_file($aclfile);
+ &write_file($aclfile, \%uaccess);
+ chmod(0640, $aclfile);
+ &unlock_file($aclfile);
+ }
+
&reload_miniserv();
if ($in{'old'}) {
&webmin_log("modify", "group", $in{'old'}, \%in);
&ReadParse();
# Check for special button clicks, and redirect
-if ($in{'but_hide'}) {
- &redirect("hide_form.cgi?user=".&urlize($in{'old'}));
- exit;
- }
-elsif ($in{'but_clone'}) {
+if ($in{'but_clone'}) {
&redirect("edit_user.cgi?clone=".&urlize($in{'old'}));
exit;
}
#%aclacl = &get_module_acl();
#&save_module_acl(\%aclacl, $in{'name'});
}
+
+if ($in{'old'} && $in{'acl_security_form'} && !$group) {
+ # Update user's global ACL
+ &foreign_require("", "acl_security.pl");
+ %global::in = %in;
+ &foreign_call("", "acl_security_save",
+ \%uaccess, \%in);
+ $aclfile = "$config_directory/$in{'name'}.acl";
+ &lock_file($aclfile);
+ &write_file($aclfile, \%uaccess);
+ chmod(0640, $aclfile);
+ &unlock_file($aclfile);
+ }
+
+# Log the event
delete($in{'pass'});
if ($in{'old'}) {
&webmin_log("modify", "user", $in{'old'}, \%in);