Commit 0e3857f8 authored by Clemens John's avatar Clemens John

Add permission checks, move menu entry of dns zones and networks to user menu

parent 22a5ce97
This diff is collapsed.
......@@ -7,35 +7,47 @@
if(!isset($_GET['section']) AND isset($_GET['dns_ressource_record_id'])) {
//show ressource record
} elseif($_GET['section'] == 'add') {
//pass system messages to the template
$smarty->assign('message', Message::getMessage());
$dns_zone_list = new DnsZoneList();
$smarty->assign('dns_zone_list', $dns_zone_list->getDnsZoneList());
//compile the template and sorround the main content by footer and header template
$smarty->display("header.tpl.html");
$smarty->display("dns_ressource_record_add.tpl.html");
$smarty->display("footer.tpl.html");
if(Permission::checkPermission(PERM_USER)) {
//pass system messages to the template
$smarty->assign('message', Message::getMessage());
$dns_zone_list = new DnsZoneList();
$smarty->assign('dns_zone_list', $dns_zone_list->getDnsZoneList());
//compile the template and sorround the main content by footer and header template
$smarty->display("header.tpl.html");
$smarty->display("dns_ressource_record_add.tpl.html");
$smarty->display("footer.tpl.html");
} else {
Permission::denyAccess(PERM_USER);
}
} elseif($_GET['section'] == 'insert_add') {
$dns_ressource_record = new DnsRessourceRecord(false, (int)$_POST['dns_zone_id'], (int)$_SESSION['user_id'],
$_POST['host'], $_POST['type'], $_POST['pri'], (int)$_POST['destination']);
if($dns_ressource_record->store()) {
$message[] = array('Der Ressource Record '.$dns_ressource_record->getHost().' wurde gespeichert.', 1);
if(Permission::checkPermission(PERM_USER)) {
$dns_ressource_record = new DnsRessourceRecord(false, (int)$_POST['dns_zone_id'], (int)$_SESSION['user_id'],
$_POST['host'], $_POST['type'], $_POST['pri'], (int)$_POST['destination']);
if($dns_ressource_record->store()) {
$message[] = array('Der Ressource Record '.$dns_ressource_record->getHost().' wurde gespeichert.', 1);
} else {
$message[] = array('Der Ressource Record konnte nicht gespeichert werden.', 2);
}
Message::setMessage($message);
header('Location: ./dns_zone.php?dns_zone_id='.$_POST['dns_zone_id']);
} else {
$message[] = array('Der Ressource Record konnte nicht gespeichert werden.', 2);
Permission::denyAccess(PERM_USER);
}
Message::setMessage($message);
header('Location: ./dns_zone.php?dns_zone_id='.$_POST['dns_zone_id']);
} elseif($_GET['section'] == 'delete') {
$dns_ressource_record = new DnsRessourceRecord((int)$_GET['dns_ressource_record_id']);
$dns_ressource_record->fetch();
if($dns_ressource_record->delete()) {
$message[] = array('Der Ressource Record '.$dns_ressource_record->getHost().' wurde gelöscht.', 1);
if(permission::checkIfUserIsOwnerOrPermitted(PERM_ROOT, $dns_ressource_record->getUserId())) {
if($dns_ressource_record->delete()) {
$message[] = array('Der Ressource Record '.$dns_ressource_record->getHost().' wurde gelöscht.', 1);
} else {
$message[] = array('Der Ressource Record '.$dns_ressource_record->getHost().' konnte nicht gelöscht werden.', 2);
}
Message::setMessage($message);
header('Location: ./dns_zone.php?dns_zone_id='.$dns_ressource_record->getDnsZoneId());
} else {
$message[] = array('Der Ressource Record '.$dns_ressource_record->getHost().' konnte nicht gelöscht werden.', 2);
Permission::denyAccess(PERM_ROOT, $dns_ressource_record->getUserId());
}
Message::setMessage($message);
header('Location: ./dns_zone.php?dns_zone_id='.$dns_ressource_record->getDnsZoneId());
}
?>
\ No newline at end of file
......@@ -19,27 +19,35 @@
//TODO Ressource record list of zone
} elseif($_GET['section'] == 'insert_add') {
$dns_zone = new DnsZone(false, (int)$_SESSION['user_id'], $_POST['name'], $_POST['pri_dns'], $_POST['sec_dns'],
(int)$_POST['serial'], (int)$_POST['refresh'], (int)$_POST['retry'],
(int)$_POST['expire'], (int)$_POST['ttl']);
if($dns_zone->store()) {
$message[] = array('Neue DNS-Zone '.$_POST['name'].' wurde eingetragen.', 1);
if(Permission::checkPermission(PERM_USER)) {
$dns_zone = new DnsZone(false, (int)$_SESSION['user_id'], $_POST['name'], $_POST['pri_dns'], $_POST['sec_dns'],
(int)$_POST['serial'], (int)$_POST['refresh'], (int)$_POST['retry'],
(int)$_POST['expire'], (int)$_POST['ttl']);
if($dns_zone->store()) {
$message[] = array('Neue DNS-Zone '.$_POST['name'].' wurde eingetragen.', 1);
} else {
$message[] = array('Neue DNS-Zone '.$_POST['name'].' konnte nicht eingetragen werden.', 2);
}
Message::setMessage($message);
header('Location: ./dns_zone.php');
} else {
$message[] = array('Neue DNS-Zone '.$_POST['name'].' konnte nicht eingetragen werden.', 2);
Permission::denyAccess(PERM_USER);
}
Message::setMessage($message);
header('Location: ./dns_zone.php');
} elseif($_GET['section'] == 'delete') {
$dns_zone = new DnsZone((int)$_GET['dns_zone_id']);
$dns_zone->fetch();
$dns_zone_name = $dns_zone->getName();
$dns_zone->delete();
$message[] = array('Die DNS-Zone '.$dns_zone_name.' wurde gelöscht.', 1);
Message::setMessage($message);
header('Location: ./dns_zone.php');
if(permission::checkIfUserIsOwnerOrPermitted(PERM_ROOT, $dns_zone->getUserId())) {
$dns_zone_name = $dns_zone->getName();
$dns_zone->delete();
$message[] = array('Die DNS-Zone '.$dns_zone_name.' wurde gelöscht.', 1);
Message::setMessage($message);
header('Location: ./dns_zone.php');
} else {
Permission::denyAccess(PERM_ROOT, $dns_zone->getUserId());
}
} else {
$dns_zone_list = new DnsZoneList();
$smarty->assign('dns_zone_list', $dns_zone_list->getDnsZoneList());
......
......@@ -6,21 +6,40 @@
$smarty->assign('message', Message::getMessage());
if (isset($_GET['action']) AND $_GET['action'] == 'delete') {
EventNotification::delete($_GET['event_notification_id']);
header('Location: ./event_notifications.php');
} elseif (empty($_POST)) {
$routerlist = new Routerlist(false, 0, -1, "hostname", "asc");
$smarty->assign('routerlist', $routerlist->getRouterlist());
$event_notification_list = new EventNotificationList($_SESSION['user_id']);
$smarty->assign('event_notification_list', $event_notification_list->getEventNotificationList());
$event_notification = new EventNotification((int)$_GET['event_notification_id']);
$event_notification->fetch();
$smarty->display("header.tpl.html");
$smarty->display("event_notifications.tpl.html");
$smarty->display("footer.tpl.html");
if(permission::checkIfUserIsOwnerOrPermitted(PERM_ROOT, $event_notification->getUserId())) {
if($event_notification->delete())
$message[] = array('Die Benachrichtigung wurde gelöscht.', 1);
else
$message[] = array('Die Benachrichtigung konnte nicht gelöscht werden.', 2);
Message::setMessage($message);
header('Location: ./event_notifications.php');
} else {
Permission::denyAccess(PERM_ROOT, $event_notification->getUserId());
}
} elseif (empty($_POST)) {
if(Permission::checkPermission(PERM_USER)) {
$routerlist = new Routerlist(false, 0, -1, "hostname", "asc");
$smarty->assign('routerlist', $routerlist->getRouterlist());
$event_notification_list = new EventNotificationList($_SESSION['user_id']);
$smarty->assign('event_notification_list', $event_notification_list->getEventNotificationList());
$smarty->display("header.tpl.html");
$smarty->display("event_notifications.tpl.html");
$smarty->display("footer.tpl.html");
} else {
Permission::denyAccess(PERM_USER);
}
} else {
$event_notification = new EventNotification(false, (int)$_SESSION['user_id'], $_POST['action'], $_POST['object'], true);
$event_notification->store();
header('Location: ./event_notifications.php');
if(Permission::checkPermission(PERM_USER)) {
$event_notification = new EventNotification(false, (int)$_SESSION['user_id'], $_POST['action'], $_POST['object'], true);
$event_notification->store();
header('Location: ./event_notifications.php');
} else {
Permission::denyAccess(PERM_USER);
}
}
?>
\ No newline at end of file
......@@ -6,34 +6,48 @@
if($_GET['section']=='add') {
$router = new Router((int)$_GET['router_id']);
$router->fetch();
$smarty->assign('router', $router);
$smarty->display("header.tpl.html");
$smarty->display("interface_add.tpl.html");
$smarty->display("footer.tpl.html");
} elseif($_GET['section']=='insert_add') {
$networkinterface = new Networkinterface(false, (int)$_GET['router_id'], $_POST['name']);
if($networkinterface->fetch()==false) {
$networkinterface->store();
if(permission::checkIfUserIsOwnerOrPermitted(PERM_ROOT, $router->getUserId())) {
$smarty->assign('router', $router);
$message[] = array("Das Netzwerkinterface ".$_POST['name']." wurde hinzugefügt.", 1);
Message::setMessage($message);
header('Location: ./router_config.php?router_id='.$_GET['router_id']);
$smarty->display("header.tpl.html");
$smarty->display("interface_add.tpl.html");
$smarty->display("footer.tpl.html");
} else {
$message[] = array("Das Netzwerkinterface ".$_POST['name']." existiert bereits.", 2);
Message::setMessage($message);
header('Location: ./router_config.php?router_id='.$_GET['router_id']);
Permission::denyAccess(PERM_ROOT, $router->getUserId());
}
} elseif($_GET['section']=='delete') {
if (!Permission::checkIfUserIsOwnerOrPermitted(64, $_GET['interface_id']))
Permission::denyAccess();
} elseif($_GET['section']=='insert_add') {
$router = new Router((int)$_GET['router_id']);
$router->fetch();
if(permission::checkIfUserIsOwnerOrPermitted(PERM_ROOT, $router->getUserId())) {
$networkinterface = new Networkinterface(false, (int)$_GET['router_id'], $_POST['name']);
if($networkinterface->fetch()==false) {
$networkinterface->store();
$message[] = array("Das Netzwerkinterface ".$_POST['name']." wurde hinzugefügt.", 1);
Message::setMessage($message);
header('Location: ./router_config.php?router_id='.$_GET['router_id']);
} else {
$message[] = array("Das Netzwerkinterface ".$_POST['name']." existiert bereits.", 2);
Message::setMessage($message);
header('Location: ./router_config.php?router_id='.$_GET['router_id']);
}
} else {
Permission::denyAccess(PERM_ROOT, $router->getUserId());
}
} elseif($_GET['section']=='delete') {
$networkinterface = new Networkinterface((int)$_GET['interface_id']);
$networkinterface->fetch();
$networkinterface->delete();
$message[] = array("Das Netzwerkinterface ".$networkinterface->getName()." wurde entfernt.", 1);
Message::setMessage($message);
header('Location: ./router_config.php?router_id='.$networkinterface->getRouterId());
if(permission::checkIfUserIsOwnerOrPermitted(PERM_ROOT, $networkinterface->getRouter()->getUserId())) {
if($networkinterface->delete())
$message[] = array("Das Netzwerkinterface ".$networkinterface->getName()." wurde entfernt.", 1);
else
$message[] = array("Das Netzwerkinterface ".$networkinterface->getName()." konnte nicht entfernt werden.", 1);
Message::setMessage($message);
header('Location: ./router_config.php?router_id='.$networkinterface->getRouterId());
} else {
Permission::denyAccess(PERM_ROOT, $networkinterface->getRouter()->getUserId());
}
}
?>
\ No newline at end of file
......@@ -6,43 +6,54 @@
require_once(ROOT_DIR.'/lib/core/Router.class.php');
if($_GET['section']=='add') {
$smarty->assign('message', Message::getMessage());
$networklist = new Networklist();
$smarty->assign('networklist', $networklist->getNetworklist());
$networkinterface = new Networkinterface((int)$_GET['interface_id']);
$networkinterface->fetch();
$smarty->assign('networkinterface', $networkinterface);
$router = new Router((int)$_GET['router_id']);
$router->fetch();
$smarty->assign('router', $router);
$smarty->display("header.tpl.html");
$smarty->display("ip_add.tpl.html");
$smarty->display("footer.tpl.html");
if(permission::checkIfUserIsOwnerOrPermitted(PERM_ROOT, $networkinterface->getRouter()->getUserId())) {
$smarty->assign('message', Message::getMessage());
$smarty->assign('networkinterface', $networkinterface);
$networklist = new Networklist();
$smarty->assign('networklist', $networklist->getNetworklist());
$router = new Router((int)$_GET['router_id']);
$router->fetch();
$smarty->assign('router', $router);
$smarty->display("header.tpl.html");
$smarty->display("ip_add.tpl.html");
$smarty->display("footer.tpl.html");
} else {
Permission::denyAccess(PERM_ROOT, $networkinterface->getRouter()->getUserId());
}
} elseif ($_GET['section']=='insert_add') {
$ip = new Ip(false, (int)$_GET['interface_id'], (int)$_POST['network_id'], $_POST['ip']);
if($ip->store()) {
$message[] = array('Die IP '.$_POST['ip'].' wurde angelegt.', 1);
Message::setMessage($message);
$networkinterface = new Networkinterface((int)$_GET['interface_id']);
$networkinterface->fetch();
if(permission::checkIfUserIsOwnerOrPermitted(PERM_ROOT, $networkinterface->getRouter()->getUserId())) {
$ip = new Ip(false, (int)$_GET['interface_id'], (int)$_POST['network_id'], $_POST['ip']);
if($ip->store()) {
$message[] = array('Die IP '.$_POST['ip'].' wurde angelegt.', 1);
Message::setMessage($message);
} else {
$message[] = array('Die IP '.$_POST['ip'].' konnte nicht angelegt werden.', 2);
Message::setMessage($message);
}
header('Location: ./router_config.php?router_id='.$_GET['router_id']);
} else {
$message[] = array('Die IP '.$_POST['ip'].' konnte nicht angelegt werden.', 2);
Message::setMessage($message);
Permission::denyAccess(PERM_ROOT, $networkinterface->getRouter()->getUserId());
}
header('Location: ./router_config.php?router_id='.$_GET['router_id']);
} elseif ($_GET['section']=='delete') {
if (!Permission::checkIfUserIsOwnerOrPermitted(64, $_GET['ip_id']))
Permission::denyAccess();
$ip = new Ip((int)$_GET['ip_id']);
$ip->fetch();
$ip->delete();
$message[] = array('Die IP '.$ip->getIp().'/'.$ip->getNetwork()->getNetmask().' wurde gelöscht.', 1);
Message::setMessage($message);
header('Location: ./router_config.php?router_id='.$_GET['router_id']);
if(permission::checkIfUserIsOwnerOrPermitted(PERM_ROOT, $ip->getNetworkinterface()->getRouter()->getUserId())) {
$ip->delete();
$message[] = array('Die IP '.$ip->getIp().'/'.$ip->getNetwork()->getNetmask().' wurde gelöscht.', 1);
Message::setMessage($message);
header('Location: ./router_config.php?router_id='.$_GET['router_id']);
} else {
Permission::denyAccess(PERM_ROOT, $ip->getNetworkinterface()->getRouter()->getUserId());
}
}
?>
\ No newline at end of file
......@@ -121,14 +121,15 @@
return false;
}
public static function delete($event_notification_id) {
public function delete() {
try {
$stmt = DB::getInstance()->prepare("DELETE FROM event_notifications WHERE id=?");
$stmt->execute(array($event_notification_id));
$stmt->execute(array($this->getEventNotificationId()));
} catch(PDOException $e) {
echo $e->getMessage();
echo $e->getTraceAsString();
}
return true;
}
public function notify() {
......
......@@ -190,6 +190,13 @@
return $this->network;
}
public function getNetworkinterface() {
$networkinterface = new Networkinterface($this->getInterfaceId());
if($networkinterface->fetch())
return $networkinterface;
return false;
}
public function getDomXMLElement($domdocument) {
$domxmlelement = $domdocument->createElement('ip');
$domxmlelement->appendChild($domdocument->createElement("ip_id", $this->getIpId()));
......
......@@ -2,6 +2,7 @@
require_once(ROOT_DIR.'/lib/core/Object.class.php');
require_once(ROOT_DIR.'/lib/core/Iplist.class.php');
require_once(ROOT_DIR.'/lib/core/NetworkinterfaceStatus.class.php');
require_once(ROOT_DIR.'/lib/core/User.class.php');
class Networkinterface extends Object {
private $networkinterface_id = 0;
......@@ -172,6 +173,13 @@
return $this->iplist;
}
public function getRouter() {
$router = new Router($this->getRouterId());
if($router->fetch())
return $router;
return false;
}
public function getDomXMLElement($domdocument) {
$domxmlelement = $domdocument->createElement('networkinterface');
$domxmlelement->appendChild($domdocument->createElement("networkinterface_id", $this->getNetworkinterfaceId()));
......
......@@ -29,21 +29,14 @@
*/
class Menus extends Permission {
function topMenu() {
$menu = array();
if (Permission::checkPermission(1)) {
return $GLOBALS['topMenu'];
}
}
public function loginOutMenu() {
$menu = array();
if (Permission::checkPermission(2)) {
if (Permission::checkPermission(PERM_NOTLOGGEDIN)) {
$menu[] = array('name'=>'Login', 'href'=>'login.php?section=login');
$menu[] = array('name'=>'Registrieren', 'href'=>'register.php');
}
if (Permission::checkPermission(4)) {
if (Permission::checkPermission(PERM_LOGGEDIN)) {
$menu[] = array('name'=>'Logout', 'href'=>'login.php?section=logout');
}
return $menu;
......@@ -62,59 +55,70 @@ class Menus extends Permission {
function normalMenu() {
$menu = array();
if (Permission::checkPermission(1)) {
$submenu = array();
$subsubmenu = array();
$submenu[] = array('name'=>'Karte', 'href'=>'map.php');
$subsubmenu[] = array('name'=>'FFMAP-D3', 'href'=>'ffmap-d3/nodes.html');
$subsubmenu[] = array('name'=>'Tinc-Topologie', 'href'=>'http://dev.freifunk-ol.de/topo/batvpn.png');
$submenu[] = $subsubmenu;
$menu[] = $submenu;
$submenu = array();
$subsubmenu = array();
$submenu[] = array('name'=>'Router', 'href'=>'routerlist.php');
$subsubmenu[] = array('name'=>'Neue Router', 'href'=>'routers_trying_to_assign.php');
if (Permission::checkPermission(12)) //if user is logged in and has permission "user"
$subsubmenu[] = array('name'=>'Router anlegen', 'href'=>'routereditor.php?section=new');
$submenu[] = $subsubmenu;
$menu[] = $submenu;
$submenu = array();
$subsubmenu = array();
$submenu[] = array('name'=>'Dienste', 'href'=>'servicelist.php');
$submenu[] = $subsubmenu;
$menu[] = $submenu;
$submenu = array();
$subsubmenu = array();
$submenu[] = array('name'=>'Statistik', 'href'=>'networkstatistic.php');
$submenu[] = array();
$menu[] = $submenu;
$submenu = array();
$subsubmenu = array();
$submenu[] = array('name'=>'Events', 'href'=>'eventlist.php');
$submenu[] = array();
$menu[] = $submenu;
$submenu = array();
$subsubmenu = array();
$submenu[] = array('name'=>'Karte', 'href'=>'map.php');
$subsubmenu[] = array('name'=>'FFMAP-D3', 'href'=>'ffmap-d3/nodes.html');
$subsubmenu[] = array('name'=>'Tinc-Topologie', 'href'=>'http://dev.freifunk-ol.de/topo/batvpn.png');
$submenu[] = $subsubmenu;
$menu[] = $submenu;
$submenu = array();
$subsubmenu = array();
$submenu[] = array('name'=>'Router', 'href'=>'routerlist.php');
$subsubmenu[] = array('name'=>'Neue Router', 'href'=>'routers_trying_to_assign.php');
if (Permission::checkPermission(PERM_USER)) //if user is logged in and has permission "user"
$subsubmenu[] = array('name'=>'Router anlegen', 'href'=>'routereditor.php?section=new');
$submenu[] = $subsubmenu;
$menu[] = $submenu;
if (Permission::checkPermission(4)) { //if user is logged in
$submenu = array();
$subsubmenu = array();
$submenu[] = array('name'=>'Benutzer', 'href'=>'userlist.php');
$subsubmenu[] = array('name'=>'Mein Benutzer', 'href'=>'user.php?user_id='.$_SESSION['user_id']);
$submenu[] = $subsubmenu;
$menu[] = $submenu;
}
$submenu = array();
$subsubmenu = array();
$submenu[] = array('name'=>'Netzwerke', 'href'=>'networks.php');
$submenu[] = $subsubmenu;
$menu[] = $submenu;
$submenu = array();
$subsubmenu = array();
$submenu[] = array('name'=>'DNS', 'href'=>'dns_zone.php');
$submenu[] = $subsubmenu;
$menu[] = $submenu;
$submenu = array();
$subsubmenu = array();
$submenu[] = array('name'=>'Dienste', 'href'=>'servicelist.php');
$submenu[] = $subsubmenu;
$menu[] = $submenu;
$submenu = array();
$subsubmenu = array();
$submenu[] = array('name'=>'Statistik', 'href'=>'networkstatistic.php');
$submenu[] = array();
$menu[] = $submenu;
$submenu = array();
$subsubmenu = array();
$submenu[] = array('name'=>'Events', 'href'=>'eventlist.php');
$submenu[] = array();
$menu[] = $submenu;
if (Permission::checkPermission(PERM_USER)) { //if user is logged in
$submenu = array();
$subsubmenu = array();
$submenu[] = array('name'=>'Suchen', 'href'=>'search.php');
$submenu[] = array();
$submenu[] = array('name'=>'Benutzer', 'href'=>'userlist.php');
$subsubmenu[] = array('name'=>'Mein Benutzer', 'href'=>'user.php?user_id='.$_SESSION['user_id']);
$submenu[] = $subsubmenu;
$menu[] = $submenu;
}
// $menu = Menus::checkIfSelected($menu);
$submenu = array();
$subsubmenu = array();
$submenu[] = array('name'=>'Suchen', 'href'=>'search.php');
$submenu[] = array();
$menu[] = $submenu;
return $menu;
}
......@@ -122,7 +126,7 @@ class Menus extends Permission {
$menu = array();
$submenu = array();
$subsubmenu = array();
if (Permission::checkPermission(4)) {
if (Permission::checkPermission(PERM_USER)) {
if(strpos($_SERVER['PHP_SELF'], "router_status.php")!==false OR
strpos($_SERVER['PHP_SELF'], "router_config.php")!==false) {
$submenu[] = array('name'=>'Routeroptionen', 'href'=>'#');
......@@ -139,7 +143,7 @@ class Menus extends Permission {
$menu[] = $submenu;
} elseif(strpos($_SERVER['PHP_SELF'], "user.php")!==false) {
$submenu[] = array('name'=>'Benutzeroptionen', 'href'=>'#');
if(Permission::checkIfUserIsOwnerOrPermitted(64, $_SESSION['user_id'])) {
if(Permission::checkIfUserIsOwnerOrPermitted(PERM_ROOT, $_SESSION['user_id'])) {
$subsubmenu[] = array('name'=>'Bearbeiten', 'href'=>'user_edit.php?section=edit&user_id='.$_SESSION['user_id']);
$subsubmenu[] = array('name'=>'Benachrichtigungen', 'href'=>'event_notifications.php?section=edit&user_id='.$_SESSION['user_id']);
$subsubmenu[] = array('name'=>'Dienst hinzufügen', 'href'=>'service.php?section=add&user_id='.$_SESSION['user_id']);
......@@ -153,16 +157,12 @@ class Menus extends Permission {
function adminMenu() {
$menu = array();
if (Permission::checkPermission(32)) {
}
$menu = Menus::checkIfSelected($menu);
return $menu;
}
function rootMenu() {
$menu = array();
if (Permission::checkPermission(64)) {
if (Permission::checkPermission(PERM_ROOT)) {
$submenu = array();
$subsubmenu = array();
$submenu[] = array('name'=>'Konfiguration', 'href'=>'config.php?section=edit_netmon');
......@@ -173,8 +173,6 @@ class Menus extends Permission {
$subsubmenu[] = array('name'=>'Jabber', 'href'=>'config.php?section=edit_jabber');
$subsubmenu[] = array('name'=>'Twitter', 'href'=>'config.php?section=edit_twitter');
$subsubmenu[] = array('name'=>'Hardware', 'href'=>'config.php?section=edit_hardware');
$subsubmenu[] = array('name'=>'IP-Netzwerke', 'href'=>'config.php?section=edit_networks');
$subsubmenu[] = array('name'=>'DNS-Zonen', 'href'=>'dns_zone.php');
$submenu[] = $subsubmenu;
$menu[] = $submenu;
}
......
......@@ -40,6 +40,8 @@
* @package Netmon
*/
require_once(ROOT_DIR.'/lib/core/User.class.php');
class Permission {
/**
* Get all roles that are avaliable in netmon. For a description of the roles see class description.
......@@ -64,12 +66,88 @@ class Permission {
* Deny acces to a special section. Sets a deny message and forwards the user to the login site.
* @author Clemens John <clemens-john@gmx.de>
*/
static public function denyAccess() {
$message[] = array("Sie haben nicht das Recht auf diesen Bereich zuzugreifen.",2);
static public function denyAccess($permission=false, $owner=false) {
// if $permission is != false, then get the Names of the Roles that are wrapped into $permission
if($permission) {
$role_string = "";
foreach(Permission::getRolesByPermission($permission) as $key=>$role) {
if($key)
$role_string .= ", ";
$role_string .= permission::getRoleNameByRoleNumber($role);
}
}
if($owner) {
$user = new User($owner);
$user->fetch();
}
// prepare the "permission denied"-message for the user based on the combination of $permission and $owner
if($permission AND !$owner)
$message[] = array("Auf diesen Bereich dürfen nur Benutzer mit den folgenden Rechten zugreifen: ".$role_string, 2);
elseif(!$permission AND $owner)
$message[] = array("Auf diesen Bereich darf nur der Benutzer ".$user->getNickname()." zugreifen.",2);
elseif($permission AND $owner)
$message[] = array("Auf diesen Bereich dürfen nur der Benutzer ".$user->getNickname()." oder Benutzer mit den folgenden Rechten zugreifen: ".$role_string, 2);
else
$message[] = array("Du darfst auf diesen Bereich nicht zugreifen.",2);
// set the message
Message::setMessage($message);
$_SESSION['redirect_url'] = ".".$_SERVER['REQUEST_URI'];
header('Location: ./login.php?section=login');
die();
// redirect the user to the last page he visited if it was a page inside netmon
// if the page was not inside netmon, redirect to the default path
if(!empty($_SESSION['last_page']) AND $_SESSION['last_page']!=$_SESSION['current_page']) {
header('Location: '.$_SESSION['last_page']);
} else {
header('Location: ./');
}
}
static public function checkPermissionByPermission($rolepermission, $permission) {
$sitepermission = $rolepermission;
$userpermission = $permission;
//Transform permissions into binary
$sitepermission = decbin($sitepermission);
$userpermission = decbin($userpermission);
$sitepermission_len = strlen($sitepermission);
$userpermission_len = strlen($userpermission);
//get all permissions
$roles = Permission::getAllRoles();
for ($i=count($roles)-1; $i>=0; $i--) {
$exponent = $roles[$i];
if (($sitepermission_len-($exponent+1)>=0) && $sitepermission[$sitepermission_len-($exponent+1)]==1) {
if (($sitepermission_len-($exponent+1))>=0 AND $userpermission_len-($exponent+1)>= 0 AND $sitepermission[$sitepermission_len-($exponent+1)]==$userpermission[$userpermission_len-($exponent+1)]) {
return true;
}
}
}
return false;
}
public static function getRolesByPermission($permission) {
$roles = permission::getAllRoles();
$roles_edit = array();
foreach ($roles as $key=>$role) {
if(Permission::checkPermissionByPermission(pow(2,$role), $permission))
$roles_edit[] = $role;
}
return $roles_edit;
}
public static function getRoleNameByRoleNumber($role) {
switch($role) {
case 0: return "Default";
case 1: return "nicht eingeloggt";
case 2: return "eingeloggt";
case 3: return "Benutzer";
case 4: return "Moderator";
case 5: return "Administrator";
case 6: return "Root";
}
}
/**
......
......@@ -6,8 +6,13 @@
if (isset($_GET['action']) AND $_GET['action'] == 'delete') {
$network = new Network((int)$_GET['network_id']);