135/netdisco
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

#975 RBAC for port control with new portctl_by_role setting

Browse Source
This commit is contained in:
Oliver Gorwits
2023-06-27 22:52:04 +01:00
parent 8d85562396
commit 2cbb68889a
19 changed files with 139 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
lib/App/Netdisco/Web/Plugin/AdminTask/Topology.pm
View File

@@ -14,6 +14,7 @@ use NetAddr::IP::Lite ':lower';
register_admin_task({
tag => 'topology',
label => 'Manual Device Topology',
roles => [qw/admin port_control/],
});
sub _sanity_ok {

12
lib/App/Netdisco/Web/Plugin/AdminTask/Users.pm
View File

@@ -52,6 +52,10 @@ ajax '/ajax/control/admin/users/add' => require_role setting('defanged_admin') =
)),
port_control => (param('port_control') ? \'true' : \'false'),
portctl_role =>
((param('port_control') and param('port_control') ne '_global_')
? param('port_control') : ''),
admin => (param('admin') ? \'true' : \'false'),
note => param('note'),
});
@@ -92,6 +96,10 @@ ajax '/ajax/control/admin/users/update' => require_role setting('defanged_admin'
)),
port_control => (param('port_control') ? \'true' : \'false'),
portctl_role =>
((param('port_control') and param('port_control') ne '_global_')
? param('port_control') : ''),
admin => (param('admin') ? \'true' : \'false'),
note => param('note'),
});
@@ -110,9 +118,11 @@ get '/ajax/content/admin/users' => require_role admin => sub {
return unless scalar @results;
my @port_control_roles = sort keys %{ setting('portctl_by_role') || {} };
if ( request->is_ajax ) {
template 'ajax/admintask/users.tt',
{ results => \@results, },
{ results => \@results, port_control_roles => \@port_control_roles },
{ layout => undef };
}
else {

2
lib/App/Netdisco/Web/Plugin/Device/Ports.pm
View File

@@ -251,7 +251,7 @@ get '/ajax/content/device/ports' => require_login sub {
# add acl on port config
if (param('c_admin') and user_has_role('port_control')) {
map {$_->{portctl} = (port_reconfig_check($_) ? false : true)} @results;
map {$_->{portctl} = (port_reconfig_check($_, $device, logged_in_user) ? false : true)} @results;
}
# empty set would be a 'no records' msg