Context Navigation

index.bml @ 857

Visit:

Revision 857, 9.3 KB (checked in by bradfitz, 11 years ago)
untabify
Property svn:eol-style set to `native` Property svn:keywords set to `Author Date Id Revision`

Line
1	(=_CODE
2
3	use strict;
4	use vars qw(%FORM);
5
6	my $dbs = LJ::get_dbs();
7	my $dbh = $dbs->{'dbh'};
8	my $dbr = $dbs->{'reader'};
9
10	my ($sth, $ret);
11	my $mode = $FORM{'mode'};
12
13	my $remote = LJ::get_remote($dbs);
14	my %access = ();
15	if ($remote) {
16	LJ::remote_has_priv($dbs, $remote, "admin", \%access);
17	}
18
19	my $view_access = $access{'all'}; # TODO: add \|\| LJ::check_priv($dbs, $remote, "privview")
20
21	my @privs;
22	my %priv;
23	my %pcode2id;
24	$sth = $dbh->prepare("SELECT prlid, privcode, privname, des, is_public FROM priv_list ORDER BY privcode");
25	$sth->execute;
26	while ($_ = $sth->fetchrow_hashref) {
27	push @privs, $_;
28	$priv{$_->{'prlid'}} = $_;
29	$pcode2id{$_->{'privcode'}} = $_->{'prlid'};
30	}
31
32	unless ($mode)
33	{
34	if ($FORM{'user'}) { $mode = "viewuser"; }
35	elsif ($FORM{'priv'}) { $mode = "viewpriv"; }
36	}
37
38	unless ($mode)
39	{
40	$ret .= "<h1>privilege management</h1>\n";
41	$ret .= "<form method='get'>";
42	$ret .= "View all privileges of user <input name='user' size='15'> <input type='submit' value=\"Load\">";
43	$ret .= "</form>";
44
45	$ret .= "Or, show all users with privilege:<ul>";
46	foreach my $priv (@privs) {
47	$ret .= "<li><b><a href='./?priv=$priv->{'privcode'}'>$priv->{'privcode'}</a>: $priv->{'privname'}</b><br />$priv->{'des'}\n";
48	}
49	$ret .= "</ul>";
50	return $ret;
51	}
52
53	if ($mode eq "userchange" \|\| $mode eq "privchange")
54	{
55	unless (LJ::did_post()) {
56	return "<b>Error:</b> requires post";
57	}
58
59	unless ($FORM{'submit:refresh'}) {
60	my $userid = LJ::get_userid($dbs, $FORM{'user'});
61	foreach my $key (keys %FORM) {
62	if ($key =~ /^revoke:(\d+):(\d+)$/) {
63	my $prmid = $1;
64	my $del_userid1 = $2;
65	my $sth = $dbh->prepare("SELECT userid, prlid, arg FROM priv_map WHERE prmid=$prmid");
66	$sth->execute;
67	my ($del_userid2, $prlid, $arg) = $sth->fetchrow_array;
68	if ($del_userid1 && $del_userid1 == $del_userid2)
69	{
70	$dbh->do("DELETE FROM priv_map WHERE prmid=$prmid");
71	my $privcode = $priv{$prlid}->{'privcode'};
72	LJ::statushistory_add($dbh, $del_userid1, $remote->{'userid'}, "privdel",
73	"Denying: \"$privcode\" with arg \"$arg\"");
74	$ret .= "Privilege removed.<br />\n";
75	}
76	}
77	}
78	if ($FORM{'grantpriv'}) {
79	my $qpriv = $FORM{'grantpriv'}+0;
80	my $privcode = $priv{$qpriv}->{'privcode'};
81	if ($privcode) {
82	if ($access{'all'} \|\| $access{$privcode}) {
83	my $qarg = $dbh->quote($FORM{'arg'});
84	$dbh->do("INSERT INTO priv_map (prmid, userid, prlid, arg) VALUES (NULL, $userid, $qpriv, $qarg)");
85	LJ::statushistory_add($dbh, $userid, $remote->{'userid'}, "privadd", "Granting: \"$privcode\" with arg \"$FORM{'arg'}\"");
86	$ret .= "Privilege <B>$privcode</B> granted.<br />\n";
87	} else {
88	$ret .= "You no longer have access to grant <B>$privcode</B>.<br />\n";
89	}
90	} else {
91	$ret .= "ERROR: Unknown privilege.<br />\n";
92	}
93	}
94	if ($FORM{'grantuser'}) {
95	my $userid = LJ::get_userid($dbs, $FORM{'grantuser'});
96	my $privid = $pcode2id{$FORM{'priv'}};
97	my $qarg = $dbh->quote($FORM{'arg'});
98	my $privcode = $priv{$privid}->{'privcode'};
99	if ($privcode) {
100	if ($access{'all'} \|\| $access{$privcode}) {
101	if ($userid && $privid) {
102	my $qarg = $dbh->quote($FORM{'arg'});
103	$dbh->do("INSERT INTO priv_map (prmid, userid, prlid, arg) VALUES (NULL, $userid, $privid, $qarg)");
104	LJ::statushistory_add($dbh, $userid, $remote->{'userid'}, "privadd", "Granting: \"$privcode\" with arg \"$FORM{'arg'}\"");
105	$ret .= "Privilege added.<br />\n";
106	}
107	else {
108	my $euser = LJ::ehtml($FORM{'grantuser'});
109	unless ($userid) {
110	$ret .= "cannot grant priv to non-existent user <b>$euser</b><br />";
111	}
112	else { $ret .= "privid is 0!<br />"; }
113	}
114	} else {
115	$ret .= "You no longer have access to grant <B>$privcode</B>.<br />\n";
116	}
117	} else {
118	$ret .= "ERROR: Unknown privilege.<br />\n";
119	}
120	} # end if grantuser
121	}
122
123	if ($mode eq "userchange") { $mode = "viewuser"; }
124	if ($mode eq "privchange") { $mode = "viewpriv"; }
125	}
126
127	if ($mode eq "viewuser")
128	{
129	my $user = LJ::canonical_username($FORM{'user'});
130	my $userid = LJ::get_userid($dbs, $user);
131
132	$ret .= "<h1><a href='./'><<</a> view user \"$user\"</h1>\n";
133	unless ($userid) {
134	$ret .= "<b>Error:</b> non-existent user\n";
135	return $ret;
136	}
137
138	$ret .= "<form method='post'><input type='hidden' name='mode' value='userchange'>\n";
139	$ret .= "<input type='hidden' name='user' value='$user'>\n";
140	$sth = $dbh->prepare("SELECT pm.prmid, pm.prlid, pm.arg FROM priv_map pm, priv_list pl WHERE pm.prlid=pl.prlid AND pm.userid=$userid ORDER BY pl.privcode");
141	$sth->execute;
142	$ret .= "<table cellpadding='5' cellspacing='1' border='1'><tr><td><b>Revoke</b></td><td><b>Privilege</b></td><td><b>Arg</b></td></tr>\n";
143	while (my ($prmid, $prlid, $arg) = $sth->fetchrow_array)
144	{
145	my $prec = $priv{$prlid};
146	next unless ($prec->{'is_public'} \|\|
147	$view_access \|\|
148	($remote && $remote->{'userid'} == $userid));
149
150	$ret .= "<tr><td align='center'>";
151	if ($access{'all'} \|\| $access{$prec->{'privcode'}}) {
152	$ret .= "<input type='checkbox' name='revoke:$prmid:$userid'>";
153	} else {
154	$ret .= "--";
155	}
156	my $pcode = $priv{$prlid}->{'privcode'};
157	$ret .= "</td><td><a href='./?priv=$pcode'>$pcode</a></td>";
158	$ret .= "<td>$arg</td></tr>\n";
159	}
160	$ret .= "</table>";
161
162	if (%access) {
163	$ret .= "<p>Grant <b>$user</b> privilege:<ul>";
164	$ret .= "<select name='grantpriv'><option value='' selected='1'></option>";
165	foreach my $priv (@privs) {
166	next unless ($access{'all'} \|\| $access{$priv->{'privcode'}});
167	$ret .= "<option value='$priv->{'prlid'}'>$priv->{'privcode'}</option>";
168	}
169	$ret .= "</select>";
170	$ret .= "Arg: <input name='arg' size='10' maxlength='40'></ul>";
171	} else {
172	$ret .= "<P><I>(you do not have access to grant any privileges)</I>";
173	}
174
175	$ret .= "<P>";
176	if (%access) {
177	$ret .= "<INPUT TYPE=SUBMIT VALUE=\"Make Changes\">";
178	}
179	$ret .= " <INPUT TYPE=SUBMIT NAME=\"submit:refresh\" VALUE=\"Just Refresh\">";
180	$ret .= "</FORM>";
181	return $ret;
182	}
183
184	if ($mode eq "viewpriv") {
185	my $priv = $pcode2id{$FORM{'priv'}};
186	my $prec = $priv{$priv};
187	my $pcode = $prec->{'privcode'};
188
189	$ret .= "<h1><a href=\"./\"><<</a> view priv \"$priv{$priv}->{'privcode'}\"</h1>";
190	$ret .= "<p><b>Privilege Name:</b> $priv{$priv}->{'privname'}";
191	$ret .= "<br /><b>Description:</b> $priv{$priv}->{'des'}" if ($priv{$priv}->{'des'});
192
193	unless ($prec->{'is_public'} \|\| $view_access) {
194	$ret .= "<p><b>ERROR:</b> This privilege's access list is not public.</p>";
195	return $ret;
196	}
197
198	$ret .= "<form method='post'><input type='hidden' name='mode' value='privchange'>";
199	$ret .= "<input type='hidden' name='priv' value='$pcode'>";
200	$sth = $dbh->prepare("SELECT pm.prmid, u.user, u.userid, pm.arg FROM priv_map pm, user u WHERE pm.prlid=$priv AND pm.userid=u.userid ORDER BY u.user LIMIT 100");
201	$sth->execute;
202	$ret .= "<table cellpadding='5' cellspacing='1' border='1'><tr><td><b>Revoke</b></td><td><b>User</b></td><td><b>Arg</b></td></tr>\n";
203
204	my $cangrant = ($access{'all'} \|\| $access{$priv{$priv}->{'privcode'}});
205
206	while ($_ = $sth->fetchrow_hashref)
207	{
208	$ret .= "<tr><td align='center'>";
209	if ($cangrant) {
210	$ret .= "<input type='checkbox' name=\"revoke:$_->{'prmid'}:$_->{'userid'}\" />";
211	} else {
212	$ret .= "--";
213	}
214	$ret .= "</td><td><a href=\"./?user=$_->{'user'}\">$_->{'user'}</a></td>";
215	$ret .= "<td>$_->{'arg'}</td></tr>\n";
216	}
217	$ret .= "</table>";
218
219	if ($cangrant) {
220	$ret .= "<p>Grant <b>$priv{$priv}->{'privcode'}</b> privilege to:<ul>";
221	$ret .= "User: <input name='grantuser' size='15' maxlength='15'> ";
222	$ret .= "Arg: <input name='arg' size='10' maxlength='40'></ul>";
223	} else {
224	$ret .= "<p><i>(you don't have access to grant this privilege to other users)</i>";
225	}
226
227	$ret .= "<p>";
228	if ($cangrant) { $ret .= "<INPUT TYPE=SUBMIT VALUE=\"Make Changes\">"; }
229	$ret .= " <input type='submit' name=\"submit:refresh\" value=\"Just Refresh\" />";
230	$ret .= "</form>";
231	return $ret;
232	}
233
234	return "Unknown mode.";
235
236	_CODE=)(=_C <LJDEP>
237	lib: cgi-bin/ljlib.pl
238	link: htdocs/admin/priv/index.bml
239	post: htdocs/admin/priv/index.bml
240	</LJDEP _C=)

Note: See TracBrowser for help on using the browser.

Download in other formats:

Original Format