portctl_nameonly to limit port control to name only (F. Schiavarelli)

2014-07-13 17:51:41 +01:00
parent 769aa35044
commit 3457d083f4
4 changed files with 21 additions and 0 deletions
--- a/Netdisco/lib/App/Netdisco/Manual/Configuration.pod
+++ b/Netdisco/lib/App/Netdisco/Manual/Configuration.pod
@@ -782,6 +782,14 @@ field to use as the management IP address for a device.
 Value: Boolean. Default: C<true>.

 Set to false to prevent users from changing the default VLAN on an interface.
+This setting has no effect when C<portctl_nameonly> below is set to true.
+
+=head3 C<portctl_nameonly>
+
+Value: Boolean. Default: C<false>.
+
+Set to true to limit port control action to only changing the interface name
+(description).

 =head3 C<portctl_nophones>

--- a/Netdisco/lib/App/Netdisco/Util/Port.pm
+++ b/Netdisco/lib/App/Netdisco/Util/Port.pm
@@ -68,6 +68,10 @@ sub vlan_reconfig_check {

 =item *

+Permission check that C<portctl_nameonly> is false in Netdisco config.
+
+=item *
+
 Permission check that C<portctl_uplinks> is true in Netdisco config, if
 C<$port> is an uplink.

@@ -95,6 +99,10 @@ sub port_reconfig_check {
  my $has_phone = port_has_phone($port);
  my $is_vlan   = is_vlan_interface($port);

+  # only permitted to change interface name
+  return "forbidden: not permitted to change port configuration"
+    if setting('portctl_nameonly');
+
  # uplink check
  return "forbidden: port [$name] on [$ip] is an uplink"
    if $port->remote_type and not $has_phone and not setting('portctl_uplinks');