Feature form rights

ChangeLog

@@ -8,6 +8,7 @@
 	- charset is now utf8 by Michal Švamberg
 	- add import CAA records into Custom zone file entries by Michal Švamberg
 	- fix import of multiple TXT zone records by Michal Švamberg
+	- forms can be limited by restrict.yaml file by Michal Švamberg
 
 0.7.4
 	[project moved to sourceforge and switched to use git instead of cvs]

Makefile.in

@@ -214,6 +214,9 @@ install: make_dirs
 		$(INSTALL_ROOT)/$(etcdir)/config-browser; \
 	    $(PERL) -p -i -e 's@^\$$PROG_DIR = "/usr/local/sauron/";@\$$PROG_DIR = "$(bindir)/";@;' $(INSTALL_ROOT)/$(etcdir)/config-browser; \
 	fi
+	if [ ! -f $(INSTALL_ROOT)/$(etcdir)/restrict.yaml ]; then \
+	  $(INSTALL) -m 644 restrict.yaml $(INSTALL_ROOT)/$(etcdir)/restrict.yaml; \
+	fi
 	@for f in $(PROGS); do \
 		$(INSTALL) -m 755 $$f $(INSTALL_ROOT)/$(bindir); \
 	done

README

@@ -28,6 +28,7 @@ REQUIREMENTS
 		- MIME::Base64
 		- Crypt::Cipher::RC5
 		- Text::Table
+		- YAML::XS module
 	- PostgresSQL [7.4 or newer (may work fine with earlier 7.x versions)]
 	  (or add support to your favorite db yourself :)
 	- www-server (Apache or any other www-server with CGI support)

Sauron/CGIutil.pm

@@ -11,6 +11,8 @@ use Sauron::DB;
 use Sauron::Util;
 use Sauron::BackEnd;
 use Net::IP qw(:PROC);
+use YAML::XS 'LoadFile';
+use Data::Dumper;
 
 use strict;
 use vars qw(@ISA @EXPORT);
@@ -46,6 +48,58 @@ our $inetFamily6 = 0;
 our $inetNet = undef;
 our $formduid = undef;
 
+my $restrict_cache = undef;
+
+sub is_restricted($) {
+  my ($tag) = @_;
+  return 0 if $tag =~/^$/;
+  return 0 if (%main::state{superuser} eq 'yes');  # superuser is always permitted
+  my (@q, $group, $rtag);
+  my $module=(split /::/, (caller(1))[0])[-1];
+  my $restrict_file = $main::CONFIG_FILE;
+  $restrict_file =~ s/[^\/]+$/restrict.yaml/;
+
+  if (!$restrict_cache) {
+    if (-e $restrict_file) {
+      $restrict_cache = LoadFile($restrict_file);
+    }
+    else {
+      return 0; # not restricted (false), config file is not exists
+    }
+  }
+
+  db_query("SELECT g.name FROM user_groups g, user_rights r " .
+           "WHERE g.id=r.rref AND r.rtype=0 AND r.type=2 AND r.ref=$main::state{uid} " .
+           " ORDER BY g.id;",\@q);
+
+  #print "<pre>" . Dumper (@{$q[0]}) . "</pre>\n";
+  return 0 if (scalar(@{$q[0]}) == 0); # user is not listed in any group
+
+  foreach $group (@{$q[0]}) {
+    # pro kazdou skupinu precti seznam tagu, pokud tento tag v nejake chybi, dej false
+    #print "<pre>" . Dumper($restrict_cache) . "</pre>\n";
+    #print "<pre>group: $group\nmodule: $module\n</pre>";
+
+    if (exists $restrict_cache->{$group}->{$module}) {
+      my @list = @{$restrict_cache->{$group}->{$module}};
+
+      # Ověřit, zda $test je v seznamu
+      if (grep { $_ eq $tag } @list) {
+        #print "Prvek '$tag'  je  v seznamu pro skupinu $group v $module.\n";
+      } else {
+        #print "Prvek '$tag' NENI v seznamu pro skupinu $group v $module.\n";
+        return 0;
+      }
+    }
+    else {
+      #print "Restrict $group->$module neexistuje <br>\n";
+      return 0;
+    }
+  }
+  # je ve vsech skupinach, vracim true (je restricted)
+  return 1;
+}
+
 sub cgi_util_set_zone($$) {
   my ($id,$name) = @_;
   $CGI_UTIL_zoneid = $id;
@@ -599,6 +653,8 @@ sub form_magic($$$) {
       next unless ($val =~ /^($e)$/);
     }
     next if ($rec->{no_edit});
+    # TODO
+    next if is_restricted($rec->{tag});
 
     print "<TR ".($form->{bgcolor}?" bgcolor=\"$form->{bgcolor}\" ":'').">";
 

restrict.yaml

@@ -0,0 +1,18 @@
+# List of group/package/tag from forms that will be restricted (not showed).
+# Sauron used same path as 'config' file location (typicaly /usr/local/etc/sauron/)
+
+# structure and commands for listing items
+#
+# <group_name>:          #  ./modgroup --list
+#   <perl_package_name>: #  grep ^package /usr/local/sauron/Sauron/CGI/*.pm  
+#     - <tag_name>       #  grep 'tag=>' /usr/local/sauron/Sauron/CGI/*.pm
+#     - <tag_name>       
+
+sample:
+  Hosts:
+    - mx
+    - expiration
+
+  Zones:
+    - mx
+