#975 RBAC for port control with new portctl_by_role setting
This commit is contained in:
Oliver Gorwits
@@ -105,23 +105,4 @@ ajax "/ajax/control/admin/snapshot_del" => require_role setting('defanged_admin'
|
||||
schema(vars->{'tenant'})->resultset('DeviceBrowser')->search({ip => $device->addr})->delete;
|
||||
};
|
||||
|
||||
get '/admin/*' => require_role admin => sub {
|
||||
my ($tag) = splat;
|
||||
|
||||
if (exists setting('_admin_tasks')->{ $tag }) {
|
||||
# trick the ajax into working as if this were a tabbed page
|
||||
params->{tab} = $tag;
|
||||
|
||||
var(nav => 'admin');
|
||||
template 'admintask', {
|
||||
task => setting('_admin_tasks')->{ $tag },
|
||||
}, { layout => 'main' };
|
||||
}
|
||||
else {
|
||||
var('notfound' => true);
|
||||
status 'not_found';
|
||||
template 'index', {}, { layout => 'main' };
|
||||
}
|
||||
};
|
||||
|
||||
true;
|
||||
|
||||
@@ -84,7 +84,7 @@ get '/device' => require_login sub {
|
||||
|
||||
params->{'tab'} ||= 'details';
|
||||
template 'device', {
|
||||
is_pseudo => $first->is_pseudo,
|
||||
netdisco_device => $first,
|
||||
display_name => ($others ? $first->ip : ($first->dns || $first->ip)),
|
||||
lgroup_list => [ schema(vars->{'tenant'})->resultset('Device')->get_distinct_col('location') ],
|
||||
hgroup_list => setting('host_group_displaynames'),
|
||||
|
||||
@@ -14,6 +14,7 @@ use NetAddr::IP::Lite ':lower';
|
||||
register_admin_task({
|
||||
tag => 'topology',
|
||||
label => 'Manual Device Topology',
|
||||
roles => [qw/admin port_control/],
|
||||
});
|
||||
|
||||
sub _sanity_ok {
|
||||
|
||||
@@ -52,6 +52,10 @@ ajax '/ajax/control/admin/users/add' => require_role setting('defanged_admin') =
|
||||
)),
|
||||
|
||||
port_control => (param('port_control') ? \'true' : \'false'),
|
||||
portctl_role =>
|
||||
((param('port_control') and param('port_control') ne '_global_')
|
||||
? param('port_control') : ''),
|
||||
|
||||
admin => (param('admin') ? \'true' : \'false'),
|
||||
note => param('note'),
|
||||
});
|
||||
@@ -92,6 +96,10 @@ ajax '/ajax/control/admin/users/update' => require_role setting('defanged_admin'
|
||||
)),
|
||||
|
||||
port_control => (param('port_control') ? \'true' : \'false'),
|
||||
portctl_role =>
|
||||
((param('port_control') and param('port_control') ne '_global_')
|
||||
? param('port_control') : ''),
|
||||
|
||||
admin => (param('admin') ? \'true' : \'false'),
|
||||
note => param('note'),
|
||||
});
|
||||
@@ -110,9 +118,11 @@ get '/ajax/content/admin/users' => require_role admin => sub {
|
||||
|
||||
return unless scalar @results;
|
||||
|
||||
my @port_control_roles = sort keys %{ setting('portctl_by_role') || {} };
|
||||
|
||||
if ( request->is_ajax ) {
|
||||
template 'ajax/admintask/users.tt',
|
||||
{ results => \@results, },
|
||||
{ results => \@results, port_control_roles => \@port_control_roles },
|
||||
{ layout => undef };
|
||||
}
|
||||
else {
|
||||
|
||||
@@ -251,7 +251,7 @@ get '/ajax/content/device/ports' => require_login sub {
|
||||
|
||||
# add acl on port config
|
||||
if (param('c_admin') and user_has_role('port_control')) {
|
||||
map {$_->{portctl} = (port_reconfig_check($_) ? false : true)} @results;
|
||||
map {$_->{portctl} = (port_reconfig_check($_, $device, logged_in_user) ? false : true)} @results;
|
||||
}
|
||||
|
||||
# empty set would be a 'no records' msg
|
||||
|
||||
Reference in New Issue
Block a user