nsinnovations/fusionpbx
2
0
Fork 0
mirror of https://github.com/fusionpbx/fusionpbx.git synced 2025-12-30 00:53:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

Modernize Access Controls

Browse Source
This commit is contained in:
markjcrane
2020-07-23 19:31:43 +00:00
parent 7e52d8b132
commit 22c7c4711c
5 changed files with 386 additions and 681 deletions
Download Patch File Download Diff File Expand all files Collapse all files

406
app/access_controls/access_control_edit.php
View File

@@ -2,21 +2,23 @@
/*
FusionPBX
Version: MPL 1.1
The contents of this file are subject to the Mozilla Public License Version
1.1 (the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.mozilla.org/MPL/
Software distributed under the License is distributed on an "AS IS" basis,
WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
for the specific language governing rights and limitations under the
License.
The Original Code is FusionPBX
The Initial Developer of the Original Code is
Mark J Crane <markjcrane@fusionpbx.com>
Portions created by the Initial Developer are Copyright (C) 2018
Portions created by the Initial Developer are Copyright (C) 2018 - 2020
the Initial Developer. All Rights Reserved.
Contributor(s):
Mark J Crane <markjcrane@fusionpbx.com>
*/
//includes
@@ -25,8 +27,12 @@
require_once "resources/check_auth.php";
//check permissions
if (!permission_exists('access_control_add') && !permission_exists('access_control_edit')) {
echo "access denied"; exit;
if (permission_exists('access_control_add') || permission_exists('access_control_edit')) {
//access granted
}
else {
echo "access denied";
exit;
}
//add multi-lingual support
@@ -37,131 +43,180 @@
if (is_uuid($_REQUEST["id"])) {
$action = "update";
$access_control_uuid = $_REQUEST["id"];
$id = $_REQUEST["id"];
}
else {
$action = "add";
}
//get http post variables and set them to php variables
if (count($_POST)>0) {
if (is_array($_POST) && is_uuid($access_control_uuid)) {
$access_control_name = $_POST["access_control_name"];
$access_control_default = $_POST["access_control_default"];
$access_control_nodes = $_POST["access_control_nodes"];
$access_control_description = $_POST["access_control_description"];
}
if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) {
//process the user data and save it to the database
if (count($_POST) > 0 && strlen($_POST["persistformvar"]) == 0) {
//delete the access control
if (permission_exists('access_control_delete')) {
if ($_POST['action'] == 'delete' && is_uuid($access_control_uuid)) {
//prepare
$array[0]['checked'] = 'true';
$array[0]['uuid'] = $access_control_uuid;
//delete
$obj = new access_controls;
$obj->delete($array);
//redirect
header('Location: access_controls.php');
//validate the token
$token = new token;
if (!$token->validate($_SERVER['PHP_SELF'])) {
message::add($text['message-invalid_token'],'negative');
header('Location: access_controls.php');
exit;
}
//process the http post data by submitted action
if ($_POST['action'] != '' && strlen($_POST['action']) > 0) {
//prepare the array(s)
$x = 0;
foreach ($_POST['access_control_nodes'] as $row) {
if (is_uuid($row['access_control_uuid']) && $row['checked'] === 'true') {
$array['access_controls'][$x]['checked'] = $row['checked'];
$array['access_controls'][$x]['access_control_nodes'][]['access_control_node_uuid'] = $row['access_control_node_uuid'];
$x++;
}
}
//send the array to the database class
switch ($_POST['action']) {
case 'copy':
if (permission_exists('access_control_add')) {
$obj = new database;
$obj->copy($array);
}
break;
case 'delete':
if (permission_exists('access_control_delete')) {
$obj = new database;
$obj->delete($array);
}
break;
case 'toggle':
if (permission_exists('access_control_update')) {
$obj = new database;
$obj->toggle($array);
}
break;
}
//redirect the user
if (in_array($_POST['action'], array('copy', 'delete', 'toggle'))) {
header('Location: access_control_edit.php?id='.$id);
exit;
}
}
}
//get the primary key
if ($action == "update") {
$access_control_uuid = $_POST["access_control_uuid"];
}
//check for all required data
$msg = '';
if (strlen($access_control_name) == 0) { $msg .= $text['message-required']." ".$text['label-access_control_name']."<br>\n"; }
if (strlen($access_control_default) == 0) { $msg .= $text['message-required']." ".$text['label-access_control_default']."<br>\n"; }
//if (strlen($access_control_nodes) == 0) { $msg .= $text['message-required']." ".$text['label-access_control_nodes']."<br>\n"; }
//if (strlen($access_control_description) == 0) { $msg .= $text['message-required']." ".$text['label-access_control_description']."<br>\n"; }
if (strlen($msg) > 0 && strlen($_POST["persistformvar"]) == 0) {
require_once "resources/header.php";
require_once "resources/persist_form_var.php";
echo "<div align='center'>\n";
echo "<table><tr><td>\n";
echo $msg."<br />";
echo "</td></tr></table>\n";
persistformvar($_POST);
echo "</div>\n";
require_once "resources/footer.php";
return;
}
//validate the token
$token = new token;
if (!$token->validate($_SERVER['PHP_SELF'])) {
message::add($text['message-invalid_token'],'negative');
header('Location: access_controls.php');
exit;
}
//check for all required data
$msg = '';
if (strlen($access_control_name) == 0) { $msg .= $text['message-required']." ".$text['label-access_control_name']."<br>\n"; }
if (strlen($access_control_default) == 0) { $msg .= $text['message-required']." ".$text['label-access_control_default']."<br>\n"; }
//if (strlen($access_control_description) == 0) { $msg .= $text['message-required']." ".$text['label-access_control_description']."<br>\n"; }
if (strlen($msg) > 0 && strlen($_POST["persistformvar"]) == 0) {
require_once "resources/header.php";
require_once "resources/persist_form_var.php";
echo "<div align='center'>\n";
echo "<table><tr><td>\n";
echo $msg."<br />";
echo "</td></tr></table>\n";
persistformvar($_POST);
echo "</div>\n";
require_once "resources/footer.php";
return;
}
//add or update the database
if ($_POST["persistformvar"] != "true") {
$execute = false;
if ($action == "add" && permission_exists('access_control_add')) {
$execute = true;
//add the access_control_uuid
if (!is_uuid($_POST["access_control_uuid"])) {
$access_control_uuid = uuid();
//set the message
message::add($text['message-add']);
//set redirect url
$redirect_url = 'access_control_edit.php?id='.$access_control_uuid;
}
if ($action == "update" && permission_exists('access_control_edit')) {
$execute = true;
//set the message
message::add($text['message-update']);
//prepare the array
$array['access_controls'][0]['access_control_uuid'] = $access_control_uuid;
$array['access_controls'][0]['access_control_name'] = $access_control_name;
$array['access_controls'][0]['access_control_default'] = $access_control_default;
$array['access_controls'][0]['access_control_description'] = $access_control_description;
$y = 0;
if (is_array($access_control_nodes)) {
foreach ($access_control_nodes as $row) {
if (strlen($row['node_type']) > 0) {
$array['access_controls'][0]['access_control_nodes'][$y]['access_control_node_uuid'] = $row["access_control_node_uuid"];
$array['access_controls'][0]['access_control_nodes'][$y]['node_type'] = $row["node_type"];
$array['access_controls'][0]['access_control_nodes'][$y]['node_cidr'] = $row["node_cidr"];
$array['access_controls'][0]['access_control_nodes'][$y]['node_domain'] = $row["node_domain"];
$array['access_controls'][0]['access_control_nodes'][$y]['node_description'] = $row["node_description"];
if (isset($row["checked"])) {
$array['access_controls'][0]['access_control_nodes'][$y]['checked'] = $row["checked"];
}
$y++;
}
}
}
if ($execute) {
$array['access_controls'][0]['access_control_uuid'] = $access_control_uuid;
$array['access_controls'][0]['access_control_name'] = $access_control_name;
$array['access_controls'][0]['access_control_default'] = $access_control_default;
$array['access_controls'][0]['access_control_description'] = $access_control_description;
$database = new database;
$database->app_name = 'access_control';
$database->app_uuid = '1416a250-f6e1-4edc-91a6-5c9b883638fd';
$database->save($array);
unset($array);
//save the data
$database = new database;
$database->app_name = 'access controls';
$database->app_uuid = '1416a250-f6e1-4edc-91a6-5c9b883638fd';
$database->save($array);
//clear the cache
$cache = new cache;
$cache->delete("configuration:acl.conf");
//create the event socket connection
$fp = event_socket_create($_SESSION['event_socket_ip_address'], $_SESSION['event_socket_port'], $_SESSION['event_socket_password']);
if ($fp) { event_socket_request($fp, "api reloadacl"); }
//redirect the user
if (isset($action)) {
if ($action == "add") {
$_SESSION["message"] = $text['message-add'];
}
if ($action == "update") {
$_SESSION["message"] = $text['message-update'];
}
//header('Location: access_controls.php');
header('Location: access_control_edit.php?id='.urlencode($access_control_uuid));
return;
}
//redirect the user
header('Location: '.($redirect_url ? $redirect_url : 'access_controls.php'));
exit;
}
}
}
//pre-populate the form
if (count($_GET) > 0 && $_POST["persistformvar"] != "true" && is_uuid($_GET["id"])) {
$access_control_uuid = $_GET["id"];
if (is_array($_GET) && $_POST["persistformvar"] != "true") {
$sql = "select * from v_access_controls ";
$sql .= "where access_control_uuid = :access_control_uuid ";
$parameters['access_control_uuid'] = $access_control_uuid;
$database = new database;
$row = $database->select($sql, $parameters, 'row');
if (is_array($row) && sizeof($row)) {
if (is_array($row) && @sizeof($row) != 0) {
$access_control_name = $row["access_control_name"];
$access_control_default = $row["access_control_default"];
$access_control_nodes = $row["access_control_nodes"];
$access_control_description = $row["access_control_description"];
}
unset ($sql, $parameters, $row);
unset($sql, $parameters, $row);
}
//get the child data
if (is_uuid($access_control_uuid)) {
$sql = "select * from v_access_control_nodes ";
$sql .= "where access_control_uuid = :access_control_uuid ";
$sql .= "order by node_cidr asc";
$parameters['access_control_uuid'] = $access_control_uuid;
$database = new database;
$access_control_nodes = $database->select($sql, $parameters, 'all');
unset ($sql, $parameters);
}
//add the $access_control_node_uuid
if (!is_uuid($access_control_node_uuid)) {
$access_control_node_uuid = uuid();
}
//add an empty row
$x = is_array($access_control_nodes) ? count($access_control_nodes) : 0;
$access_control_nodes[$x]['access_control_uuid'] = $access_control_uuid;
$access_control_nodes[$x]['access_control_node_uuid'] = uuid();
$access_control_nodes[$x]['node_type'] = '';
$access_control_nodes[$x]['node_cidr'] = '';
$access_control_nodes[$x]['node_domain'] = '';
$access_control_nodes[$x]['node_description'] = '';
//create token
$object = new token;
$token = $object->create($_SERVER['PHP_SELF']);
@@ -171,67 +226,162 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) {
require_once "resources/header.php";
//show the content
echo "<form name='frm' id='frm' method='post'>\n";
echo "<form name='frm' id='frm' method='post' action=''>\n";
echo "<input class='formfld' type='hidden' name='access_control_uuid' value='".escape($access_control_uuid)."'>\n";
echo "<div class='action_bar' id='action_bar'>\n";
echo " <div class='heading'><b>".$text['title-access_control']."</b></div>\n";
echo " <div class='actions'>\n";
echo button::create(['type'=>'button','label'=>$text['button-back'],'icon'=>$_SESSION['theme']['button_icon_back'],'id'=>'btn_back','style'=>'margin-right: 15px;','collapse'=>'hide-xs','link'=>'access_controls.php']);
if ($action == 'update' && permission_exists('access_control_delete')) {
echo button::create(['type'=>'button','label'=>$text['button-delete'],'icon'=>$_SESSION['theme']['button_icon_delete'],'name'=>'btn_delete_access_control','collapse'=>'hide-xs','style'=>'margin-right: 15px;','onclick'=>"modal_open('modal-delete-access-control','btn_delete_access_control');"]);
echo " <button type='button' id='btn_back' alt='".$text['button-back']."' title='Back' class='btn btn-default' onclick=\"location.href='access_controls.php'\">\n";
echo " <span class='".$_SESSION['theme']['button_icon_back']['text']." $button_icon_class' style='$button_icon_style'></span>\n";
echo " <span class='$button_label_class' style='$button_label_style'>".$text['button-back']."</span>\n";
echo " </button>\n";
if ($action == 'update') {
if (permission_exists('access_control_node_add')) {
echo " <button type='submit' id='btn_copy' alt='".$text['button-copy']."' title='Copy' name='action' value='copy' style='display: none;' onclick=\"modal_open('modal-copy','btn_copy'); return false;\" class='btn btn-default'>\n";
echo " <span class='".$_SESSION['theme']['button_icon_copy']['text']." $button_icon_class' style='$button_icon_style'></span>\n";
echo " <span class='$button_label_class' style='$button_label_style'>".$text['button-copy']."</span>\n";
echo " </button>\n";
}
if (permission_exists('access_control_node_delete')) {
echo " <button type='submit' id='btn_delete' alt='".$text['button-delete']."' title='Delete' name='action' value='delete' style='display: none;' onclick=\"modal_open('modal-delete','btn_delete'); return false;\" class='btn btn-default'>\n";
echo " <span class='".$_SESSION['theme']['button_icon_delete']['text']." $button_icon_class' style='$button_icon_style'></span>\n";
echo " <span class='$button_label_class' style='$button_label_style'>".$text['button-delete']."</span>\n";
echo " </button>\n";
}
}
echo button::create(['type'=>'submit','label'=>$text['button-save'],'icon'=>$_SESSION['theme']['button_icon_save'],'id'=>'btn_save','collapse'=>'hide-xs']);
echo " <button type='submit' id='btn_save' alt='".$text['button-save']."' title='Save' name='action' value='save' onclick='' class='btn btn-default'>\n";
echo " <span class='".$_SESSION['theme']['button_icon_save']['text']." $button_icon_class' style='$button_icon_style'></span>\n";
echo " <span class='$button_label_class' style='$button_label_style'>".$text['button-save']."</span>\n";
echo " </button>\n";
echo " <div style='clear: both;'><br /></div>\n";
echo " </div>\n";
echo " <div style='clear: both;'></div>\n";
echo "</div>\n";
if ($action == 'update' && permission_exists('access_control_delete')) {
echo modal::create(['id'=>'modal-delete-access-control','type'=>'delete','actions'=>button::create(['type'=>'submit','label'=>$text['button-continue'],'icon'=>'check','id'=>'btn_delete_access_control','style'=>'float: right; margin-left: 15px;','collapse'=>'never','name'=>'action','value'=>'delete','onclick'=>"modal_close();"])]);
echo " <div style='clear: both;'>".$text['description-access_controls']."</div>\n";
echo "<br />\n";
if ($action == 'update') {
if (permission_exists('access_control_add')) {
echo modal::create(['id'=>'modal-copy','type'=>'copy','actions'=>button::create(['type'=>'submit','label'=>$text['button-continue'],'icon'=>'check','id'=>'btn_copy','style'=>'float: right; margin-left: 15px;','collapse'=>'never','name'=>'action','value'=>'copy','onclick'=>"modal_close();"])]);
}
if (permission_exists('access_control_delete')) {
echo modal::create(['id'=>'modal-delete','type'=>'delete','actions'=>button::create(['type'=>'submit','label'=>$text['button-continue'],'icon'=>'check','id'=>'btn_delete','style'=>'float: right; margin-left: 15px;','collapse'=>'never','name'=>'action','value'=>'delete','onclick'=>"modal_close();"])]);
}
}
echo "<table width='100%' border='0' cellpadding='0' cellspacing='0'>\n";
echo "<table width='100%' border='0' cellpadding='0' cellspacing='0'>\n";
echo "<tr>\n";
echo "<td width='30%' class='vncellreq' valign='top' align='left' nowrap='nowrap'>\n";
echo "<td class='vncellreq' valign='top' align='left' nowrap='nowrap'>\n";
echo " ".$text['label-access_control_name']."\n";
echo "</td>\n";
echo "<td width='70%' class='vtable' align='left'>\n";
echo " <input class='formfld' type='text' name='access_control_name' maxlength='255' value=\"".escape($access_control_name)."\">\n";
echo "<td class='vtable' style='position: relative;' align='left'>\n";
echo " <input class='formfld' type='text' name='access_control_name' maxlength='255' value='".escape($access_control_name)."'>\n";
echo "<br />\n";
echo $text['description-access_control_name']."\n";
echo "</td>\n";
echo "</tr>\n";
echo "<tr>\n";
echo "<td class='vncell' valign='top' align='left' nowrap='nowrap'>\n";
echo "<td class='vncellreq' valign='top' align='left' nowrap='nowrap'>\n";
echo " ".$text['label-access_control_default']."\n";
echo "</td>\n";
echo "<td class='vtable' align='left'>\n";
echo " <select class='formfld' name='access_control_default'>\n";
if ($access_control_default == "allow") {
echo " <option value='allow' selected='selected'>".$text['label-allow']."</option>\n";
}
else {
echo " <option value='allow'>".$text['label-allow']."</option>\n";
}
if ($access_control_default == "deny") {
echo " <option value='deny' selected='selected'>".$text['label-deny']."</option>\n";
}
else {
echo " <option value='deny'>".$text['label-deny']."</option>\n";
}
echo " </select>\n";
echo "<td class='vtable' style='position: relative;' align='left'>\n";
echo " <select class='formfld' name='access_control_default'>\n";
echo " <option value=''></option>\n";
if ($access_control_default == "allow") {
echo " <option value='allow' selected='selected'>".$text['label-allow']."</option>\n";
}
else {
echo " <option value='allow'>".$text['label-allow']."</option>\n";
}
if ($access_control_default == "deny") {
echo " <option value='deny' selected='selected'>".$text['label-deny']."</option>\n";
}
else {
echo " <option value='deny'>".$text['label-deny']."</option>\n";
}
echo " </select>\n";
echo "<br />\n";
echo $text['description-access_control_default']."\n";
echo "</td>\n";
echo "</tr>\n";
echo "<tr>\n";
echo "<td class='vncell' valign='top' align='left' nowrap='nowrap'>\n";
echo " ".$text['label-access_control_nodes']."\n";
echo "</td>\n";
echo "<td class='vtable' style='position: relative;' align='left'>\n";
echo " <table>\n";
echo " <tr>\n";
echo " <th class='vtablereq'>".$text['label-node_type']."</th>\n";
echo " <td class='vtable'>".$text['label-node_cidr']."</td>\n";
echo " <td class='vtable'>".$text['label-node_domain']."</td>\n";
echo " <td class='vtable'>".$text['label-node_description']."</td>\n";
if (is_array($access_control_nodes) && @sizeof($access_control_nodes) > 1 && permission_exists('access_control_node_delete')) {
echo " <td class='vtable edit_delete_checkbox_all' onmouseover=\"swap_display('delete_label_details', 'delete_toggle_details');\" onmouseout=\"swap_display('delete_label_details', 'delete_toggle_details');\">\n";
echo " <span id='delete_label_details'>".$text['label-action']."</span>\n";
echo " <span id='delete_toggle_details'><input type='checkbox' id='checkbox_all_details' name='checkbox_all' onclick=\"edit_all_toggle('details'); checkbox_on_change(this);\"></span>\n";
echo " </td>\n";
}
echo " </tr>\n";
$x = 0;
foreach($access_control_nodes as $row) {
echo " <tr>\n";
echo " <input type='hidden' name='access_control_nodes[$x][access_control_uuid]' value=\"".escape($row["access_control_uuid"])."\">\n";
echo " <input type='hidden' name='access_control_nodes[$x][access_control_node_uuid]' value=\"".escape($row["access_control_node_uuid"])."\">\n";
echo " <td class='formfld'>\n";
echo " <select class='formfld' name='access_control_nodes[$x][node_type]'>\n";
echo " <option value=''></option>\n";
if ($row['node_type'] == "allow") {
echo " <option value='allow' selected='selected'>".$text['label-allow']."</option>\n";
}
else {
echo " <option value='allow'>".$text['label-allow']."</option>\n";
}
if ($row['node_type'] == "deny") {
echo " <option value='deny' selected='selected'>".$text['label-deny']."</option>\n";
}
else {
echo " <option value='deny'>".$text['label-deny']."</option>\n";
}
echo " </select>\n";
echo " </td>\n";
echo " <td class='formfld'>\n";
echo " <input class='formfld' type='text' name='access_control_nodes[$x][node_cidr]' maxlength='255' value=\"".escape($row["node_cidr"])."\">\n";
echo " </td>\n";
echo " <td class='formfld'>\n";
echo " <input class='formfld' type='text' name='access_control_nodes[$x][node_domain]' maxlength='255' value=\"".escape($row["node_domain"])."\">\n";
echo " </td>\n";
echo " <td class='formfld'>\n";
echo " <input class='formfld' type='text' name='access_control_nodes[$x][node_description]' maxlength='255' value=\"".escape($row["node_description"])."\">\n";
echo " </td>\n";
if (is_array($access_control_nodes) && @sizeof($access_control_nodes) > 1 && permission_exists('access_control_node_delete')) {
if (is_uuid($row['access_control_node_uuid'])) {
echo " <td class='vtable' style='text-align: center; padding-bottom: 3px;'>\n";
echo " <input type='checkbox' name='access_control_nodes[".$x."][checked]' value='true' class='chk_delete checkbox_details' onclick=\"checkbox_on_change(this);\">\n";
echo " </td>\n";
}
else {
echo " <td></td>\n";
}
}
echo " </tr>\n";
$x++;
}
echo " </table>\n";
echo "<br />\n";
echo $text['description-node_description']."\n";
echo "</td>\n";
echo "</tr>\n";
echo "<tr>\n";
echo "<td class='vncell' valign='top' align='left' nowrap='nowrap'>\n";
echo " ".$text['label-access_control_description']."\n";
echo "</td>\n";
echo "<td class='vtable' align='left'>\n";
echo " <input class='formfld' type='text' name='access_control_description' maxlength='255' value=\"".escape($access_control_description)."\">\n";
echo "<td class='vtable' style='position: relative;' align='left'>\n";
echo " <input class='formfld' type='text' name='access_control_description' maxlength='255' value='".escape($access_control_description)."'>\n";
echo "<br />\n";
echo $text['description-access_control_description']."\n";
echo "</td>\n";
@@ -240,18 +390,10 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) {
echo "</table>";
echo "<br /><br />";
if ($action == "update") {
echo "<input type='hidden' name='access_control_uuid' value='".escape($access_control_uuid)."'>\n";
}
echo "<input type='hidden' name='".$token['name']."' value='".$token['hash']."'>\n";
echo "</form>";
if ($action == "update") {
require "access_control_nodes.php";
echo "<br><br>";
}
//include the footer
require_once "resources/footer.php";

279
app/access_controls/access_control_node_edit.php
View File

@@ -1,279 +0,0 @@
<?php
/*
FusionPBX
Version: MPL 1.1
The contents of this file are subject to the Mozilla Public License Version
1.1 (the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.mozilla.org/MPL/
Software distributed under the License is distributed on an "AS IS" basis,
WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
for the specific language governing rights and limitations under the
License.
The Original Code is FusionPBX
The Initial Developer of the Original Code is
Mark J Crane <markjcrane@fusionpbx.com>
Portions created by the Initial Developer are Copyright (C) 2018
the Initial Developer. All Rights Reserved.
Contributor(s):
Mark J Crane <markjcrane@fusionpbx.com>
*/
//includes
require_once "root.php";
require_once "resources/require.php";
require_once "resources/check_auth.php";
//check permissions
if (!permission_exists('access_control_node_add') && !permission_exists('access_control_node_edit')) {
echo "access denied"; exit;
}
//add multi-lingual support
$language = new text;
$text = $language->get();
//action add or update
if (is_uuid($_REQUEST["id"])) {
$action = "update";
$access_control_node_uuid = $_REQUEST["id"];
}
else {
$action = "add";
}
//set the parent uuid
if (is_uuid($_GET["access_control_uuid"])) {
$access_control_uuid = $_GET["access_control_uuid"];
}
//get http post variables and set them to php variables
if (count($_POST)>0) {
$node_type = $_POST["node_type"];
$node_cidr = $_POST["node_cidr"];
$node_domain = $_POST["node_domain"];
$node_description = $_POST["node_description"];
}
if (count($_POST) > 0 && strlen($_POST["persistformvar"]) == 0) {
//get the uuid
if ($action == "update" && is_uuid($_POST["access_control_node_uuid"])) {
$access_control_node_uuid = $_POST["access_control_node_uuid"];
}
//validate the token
$token = new token;
if (!$token->validate($_SERVER['PHP_SELF'])) {
message::add($text['message-invalid_token'],'negative');
header('Location: access_controls.php');
exit;
}
//check for all required data
$msg = '';
if (strlen($node_type) == 0) { $msg .= $text['message-required']." ".$text['label-node_type']."<br>\n"; }
//if (strlen($node_cidr) == 0) { $msg .= $text['message-required']." ".$text['label-node_cidr']."<br>\n"; }
//if (strlen($node_domain) == 0) { $msg .= $text['message-required']." ".$text['label-node_domain']."<br>\n"; }
//if (strlen($node_description) == 0) { $msg .= $text['message-required']." ".$text['label-node_description']."<br>\n"; }
// check IPv4 and IPv6 CIDR notation
$pattern4 = '/^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$/';
$pattern6 = '/^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8]))$/';
if ($node_cidr != '' && (preg_match($pattern4, $node_cidr) == 0) && (preg_match($pattern6, $node_cidr) == 0)) {
$msg .= $text['message-required']." ".$text['label-node_cidr']."<br>\n";
}
if (strlen($msg) > 0 && strlen($_POST["persistformvar"]) == 0) {
require_once "resources/header.php";
require_once "resources/persist_form_var.php";
echo "<div align='center'>\n";
echo "<table><tr><td>\n";
echo $msg."<br />";
echo "</td></tr></table>\n";
persistformvar($_POST);
echo "</div>\n";
require_once "resources/footer.php";
return;
}
//add or update the database
if ($_POST["persistformvar"] != "true") {
if ($action == "add" && permission_exists('access_control_node_add')) {
//insert
$array['access_control_nodes'][0]['access_control_node_uuid'] = uuid();
$array['access_control_nodes'][0]['access_control_uuid'] = $access_control_uuid;
$array['access_control_nodes'][0]['node_type'] = $node_type;
$array['access_control_nodes'][0]['node_cidr'] = $node_cidr;
$array['access_control_nodes'][0]['node_domain'] = $node_domain;
$array['access_control_nodes'][0]['node_description'] = $node_description;
$database = new database;
$database->app_name = 'access_controls';
$database->app_uuid = '1416a250-f6e1-4edc-91a6-5c9b883638fd';
$database->save($array);
unset($array);
//clear the cache
$cache = new cache;
$cache->delete("configuration:acl.conf");
//create the event socket connection
$fp = event_socket_create($_SESSION['event_socket_ip_address'], $_SESSION['event_socket_port'], $_SESSION['event_socket_password']);
if ($fp) { event_socket_request($fp, "api reloadacl"); }
//add the message
message::add($text['message-add']);
//redirect the browser
header('Location: access_control_edit.php?id='.escape($access_control_uuid));
return;
} //if ($action == "add")
if ($action == "update" && permission_exists('access_control_node_edit')) {
//update
$array['access_control_nodes'][0]['access_control_node_uuid'] = $access_control_node_uuid;
$array['access_control_nodes'][0]['access_control_uuid'] = $access_control_uuid;
$array['access_control_nodes'][0]['node_type'] = $node_type;
$array['access_control_nodes'][0]['node_cidr'] = $node_cidr;
$array['access_control_nodes'][0]['node_domain'] = $node_domain;
$array['access_control_nodes'][0]['node_description'] = $node_description;
$database = new database;
$database->app_name = 'access_controls';
$database->app_uuid = '1416a250-f6e1-4edc-91a6-5c9b883638fd';
$database->save($array);
unset($array);
//clear the cache
$cache = new cache;
$cache->delete("configuration:acl.conf");
//create the event socket connection
$fp = event_socket_create($_SESSION['event_socket_ip_address'], $_SESSION['event_socket_port'], $_SESSION['event_socket_password']);
if ($fp) { event_socket_request($fp, "api reloadacl"); }
//add the message
message::add($text['message-update']);
//redirect the browser
header('Location: access_control_edit.php?id='.escape($access_control_uuid));
return;
} //if ($action == "update")
} //if ($_POST["persistformvar"] != "true")
} //(count($_POST)>0 && strlen($_POST["persistformvar"]) == 0)
//pre-populate the form
if (count($_GET) > 0 && $_POST["persistformvar"] != "true" && is_uuid($_GET["id"])) {
$access_control_node_uuid = $_GET["id"];
$sql = "select * from v_access_control_nodes ";
$sql .= "where access_control_node_uuid = :access_control_node_uuid ";
$parameters['access_control_node_uuid'] = $access_control_node_uuid;
$database = new database;
$row = $database->select($sql, $parameters, 'row');
if (is_array($row) && sizeof($row) != 0) {
$node_type = $row["node_type"];
$node_cidr = $row["node_cidr"];
$node_domain = $row["node_domain"];
$node_description = $row["node_description"];
}
unset($sql, $parameters, $row);
}
//create token
$object = new token;
$token = $object->create($_SERVER['PHP_SELF']);
//show the header
$document['title'] = $text['title-access_control_node'];
require_once "resources/header.php";
//show the content
echo "<form method='post' name='frm' id='frm'>\n";
echo "<div class='action_bar' id='action_bar'>\n";
echo " <div class='heading'><b>".$text['title-access_control_node']."</b></div>\n";
echo " <div class='actions'>\n";
echo button::create(['type'=>'button','label'=>$text['button-back'],'icon'=>$_SESSION['theme']['button_icon_back'],'id'=>'btn_back','style'=>'margin-right: 15px;','link'=>'access_control_edit.php?id='.urlencode($access_control_uuid)]);
echo button::create(['type'=>'submit','label'=>$text['button-save'],'icon'=>$_SESSION['theme']['button_icon_save'],'id'=>'btn_save']);
echo " </div>\n";
echo " <div style='clear: both;'></div>\n";
echo "</div>\n";
echo "<table width='100%' border='0' cellpadding='0' cellspacing='0'>\n";
echo "<tr>\n";
echo "<td width='30%' class='vncell' valign='top' align='left' nowrap='nowrap'>\n";
echo " ".$text['label-node_type']."\n";
echo "</td>\n";
echo "<td width='70%' class='vtable' align='left'>\n";
echo " <select class='formfld' name='node_type'>\n";
if ($node_type == "allow") {
echo " <option value='allow' selected='selected'>".$text['label-allow']."</option>\n";
}
else {
echo " <option value='allow'>".$text['label-allow']."</option>\n";
}
if ($node_type == "deny") {
echo " <option value='deny' selected='selected'>".$text['label-deny']."</option>\n";
}
else {
echo " <option value='deny'>".$text['label-deny']."</option>\n";
}
echo " </select>\n";
echo "<br />\n";
echo $text['description-node_type']."\n";
echo "</td>\n";
echo "</tr>\n";
echo "<tr>\n";
echo "<td class='vncell' valign='top' align='left' nowrap='nowrap'>\n";
echo " ".$text['label-node_cidr']."\n";
echo "</td>\n";
echo "<td class='vtable' align='left'>\n";
echo " <input class='formfld' type='text' name='node_cidr' maxlength='255' value=\"".escape($node_cidr)."\">\n";
echo "<br />\n";
echo $text['description-node_cidr']."\n";
echo "</td>\n";
echo "</tr>\n";
echo "<tr>\n";
echo "<td class='vncell' valign='top' align='left' nowrap='nowrap'>\n";
echo " ".$text['label-node_domain']."\n";
echo "</td>\n";
echo "<td class='vtable' align='left'>\n";
echo " <input class='formfld' type='text' name='node_domain' maxlength='255' value=\"".escape($node_domain)."\">\n";
echo "<br />\n";
echo $text['description-node_domain']."\n";
echo "</td>\n";
echo "</tr>\n";
echo "<tr>\n";
echo "<td class='vncell' valign='top' align='left' nowrap='nowrap'>\n";
echo " ".$text['label-node_description']."\n";
echo "</td>\n";
echo "<td class='vtable' align='left'>\n";
echo " <input class='formfld' type='text' name='node_description' maxlength='255' value=\"".escape($node_description)."\">\n";
echo "<br />\n";
echo $text['description-node_description']."\n";
echo "</td>\n";
echo "</tr>\n";
echo "</table>";
echo "<br><br>";
echo "<input type='hidden' name='access_control_uuid' value='".escape($access_control_uuid)."'>\n";
if ($action == "update") {
echo "<input type='hidden' name='access_control_node_uuid' value='".escape($access_control_node_uuid)."'>\n";
}
echo "<input type='hidden' name='".$token['name']."' value='".$token['hash']."'>\n";
echo "</form>";
//include the footer
require_once "resources/footer.php";
?>

197
app/access_controls/access_control_nodes.php
View File

@@ -1,197 +0,0 @@
<?php
/*
FusionPBX
Version: MPL 1.1
The contents of this file are subject to the Mozilla Public License Version
1.1 (the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.mozilla.org/MPL/
Software distributed under the License is distributed on an "AS IS" basis,
WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
for the specific language governing rights and limitations under the
License.
The Original Code is FusionPBX
The Initial Developer of the Original Code is
Mark J Crane <markjcrane@fusionpbx.com>
Portions created by the Initial Developer are Copyright (C) 2019
the Initial Developer. All Rights Reserved.
Contributor(s):
Mark J Crane <markjcrane@fusionpbx.com>
*/
//includes
require_once "root.php";
require_once "resources/require.php";
require_once "resources/check_auth.php";
require_once "resources/paging.php";
//check permissions
if (!permission_exists('access_control_node_view')) {
echo "access denied";
exit;
}
//get the http post data
if ($_POST['action'] != '') {
$action = $_POST['action'];
$access_control_uuid = $_POST['access_control_uuid'];
$access_control_nodes = $_POST['access_control_nodes'];
//process the http post data by action
if (is_array($access_control_nodes) && @sizeof($access_control_nodes) != 0) {
switch ($action) {
case 'delete':
if (permission_exists('access_control_node_delete')) {
$obj = new access_controls;
$obj->delete_nodes($access_control_nodes);
}
break;
}
}
//redirect
header('Location: access_control_edit.php?id='.urlencode($access_control_uuid));
exit;
}
//add multi-lingual support
$language = new text;
$text = $language->get();
//get variables used to control the order
$order_by = $_GET["order_by"];
$order = $_GET["order"];
//prepare to page the results
$sql = "select count(*) from v_access_control_nodes ";
$sql .= "where access_control_uuid = :access_control_uuid ";
$parameters['access_control_uuid'] = $access_control_uuid;
$database = new database;
$num_rows = $database->select($sql, $parameters, 'column');
//prepare to page the results
$rows_per_page = ($_SESSION['domain']['paging']['numeric'] != '') ? $_SESSION['domain']['paging']['numeric'] : 50;
$param = "&id=".escape($access_control_uuid);
if (isset($_GET['page'])) {
$page = $_GET['page'];
if (strlen($page) == 0) { $page = 0; $_GET['page'] = 0; }
list($paging_controls, $rows_per_page) = paging($num_rows, $param, $rows_per_page);
$offset = $rows_per_page * $page;
}
//get the list
$sql = "select * from v_access_control_nodes ";
$sql .= "where access_control_uuid = :access_control_uuid ";
$sql .= order_by($order_by, $order);
$sql .= limit_offset($rows_per_page, $offset);
$parameters['access_control_uuid'] = $access_control_uuid;
$database = new database;
$access_control_nodes = $database->select($sql, $parameters);
//create token
$object = new token;
$token = $object->create('/app/access_controls/access_control_nodes.php');
//show the content
echo "<form id='form_list' method='post' action='access_control_nodes.php'>\n";
echo "<input type='hidden' name='action' id='action' value=''>\n";
echo "<input type='hidden' name='access_control_uuid' value='".escape($access_control_uuid)."'>\n";
echo "<div class='action_bar' id='action_bar_sub'>\n";
echo " <div class='heading'><b id='heading_sub'>".$text['title-access_control_nodes']." (".$num_rows.")</b></div>\n";
echo " <div class='actions'>\n";
echo button::create(['type'=>'button','id'=>'action_bar_sub_button_back','label'=>$text['button-back'],'icon'=>$_SESSION['theme']['button_icon_back'],'collapse'=>'hide-xs','style'=>'margin-right: 15px; display: none;','link'=>'access_controls.php']);
if (permission_exists('access_control_node_add')) {
echo button::create(['type'=>'button','label'=>$text['button-add'],'icon'=>$_SESSION['theme']['button_icon_add'],'id'=>'btn_add','collapse'=>'hide-xs','link'=>'access_control_node_edit.php?access_control_uuid='.urlencode($_GET['id'])]);
}
if (permission_exists('access_control_node_delete') && $access_control_nodes) {
echo button::create(['type'=>'button','label'=>$text['button-delete'],'icon'=>$_SESSION['theme']['button_icon_delete'],'name'=>'btn_delete','collapse'=>'hide-xs','onclick'=>"modal_open('modal-delete-access-control-node','btn_delete_access_control_node');"]);
}
echo " </div>\n";
echo " <div style='clear: both;'></div>\n";
echo "</div>\n";
if (permission_exists('access_control_node_delete') && $access_control_nodes) {
echo modal::create(['id'=>'modal-delete-access-control-node','type'=>'delete','actions'=>button::create(['type'=>'button','label'=>$text['button-continue'],'icon'=>'check','id'=>'btn_delete_access_control_node','style'=>'float: right; margin-left: 15px;','collapse'=>'never','onclick'=>"modal_close(); list_action_set('delete'); list_form_submit('form_list');"])]);
}
echo "<table class='list'>\n";
echo "<tr class='list-header'>\n";
if (permission_exists('access_control_node_delete')) {
echo " <th class='checkbox'>\n";
echo " <input type='checkbox' id='checkbox_all' name='checkbox_all' onclick='list_all_toggle();' ".($access_control_nodes ?: "style='visibility: hidden;'").">\n";
echo " </th>\n";
}
echo th_order_by('node_type', $text['label-node_type'], $order_by, $order);
echo th_order_by('node_cidr', $text['label-node_cidr'], $order_by, $order);
echo th_order_by('node_domain', $text['label-node_domain'], $order_by, $order);
echo th_order_by('node_description', $text['label-node_description'], $order_by, $order, null, "class='hide-sm-dn'");
if (permission_exists('access_control_node_edit') && $_SESSION['theme']['list_row_edit_button']['boolean'] == 'true') {
echo " <td class='action-button'>&nbsp;</td>\n";
}
echo "</tr>\n";
if (is_array($access_control_nodes) && @sizeof($access_control_nodes) != 0) {
$x = 0;
foreach ($access_control_nodes as $row) {
if (permission_exists('access_control_node_edit')) {
$list_row_url = 'access_control_node_edit.php?access_control_uuid='.urlencode($row['access_control_uuid'])."&id=".urlencode($row['access_control_node_uuid']);
}
echo "<tr class='list-row' href='".$list_row_url."'>\n";
if (permission_exists('access_control_node_delete')) {
echo " <td class='checkbox'>\n";
echo " <input type='checkbox' name='access_control_nodes[$x][checked]' id='checkbox_".$x."' value='true' onclick=\"if (!this.checked) { document.getElementById('checkbox_all').checked = false; }\">\n";
echo " <input type='hidden' name='access_control_nodes[$x][uuid]' value='".escape($row['access_control_node_uuid'])."' />\n";
echo " </td>\n";
}
echo " <td>".escape($row['node_type'])."&nbsp;</td>\n";
echo " <td>\n";
if (permission_exists('access_control_node_edit')) {
echo " <a href='".$list_row_url."' title=\"".$text['button-edit']."\">".escape($row['node_cidr'])."</a>\n";
}
else {
echo " ".escape($row['node_cidr']);
}
echo " </td>\n";
echo " <td>".escape($row['node_domain'])."&nbsp;</td>\n";
echo " <td class='description overflow hide-sm-dn'>".escape($row['node_description'])."&nbsp;</td>\n";
if (permission_exists('access_control_node_edit') && $_SESSION['theme']['list_row_edit_button']['boolean'] == 'true') {
echo " <td class='action-button'>\n";
echo button::create(['type'=>'button','title'=>$text['button-edit'],'icon'=>$_SESSION['theme']['button_icon_edit'],'link'=>$list_row_url]);
echo " </td>\n";
}
echo "</tr>\n";
$x++;
}
unset($access_control_nodes);
}
echo "</table>\n";
echo "<br />\n";
echo "<input type='hidden' name='".$token['name']."' value='".$token['hash']."'>\n";
echo "</form>\n";
//make sub action bar sticky
echo "<script>\n";
echo " window.addEventListener('scroll', function(){\n";
echo " action_bar_scroll('action_bar_sub', 270, heading_modify, heading_restore);\n";
echo " }, false);\n";
echo " function heading_modify() {\n";
echo " document.getElementById('heading_sub').innerHTML = \"".$text['title-access_control'].' '.$text['title-access_control_nodes']." (".$num_rows.")\";\n";
echo " document.getElementById('action_bar_sub_button_back').style.display = 'inline-block';\n";
echo " }\n";
echo " function heading_restore() {\n";
echo " document.getElementById('heading_sub').innerHTML = \"".$text['title-access_control_nodes']." (".$num_rows.")\";\n";
echo " document.getElementById('action_bar_sub_button_back').style.display = 'none';\n";
echo " }\n";
echo "</script>\n";
//include the footer
require_once "resources/footer.php";
?>

139
app/access_controls/access_controls.php
View File

@@ -17,7 +17,7 @@
The Initial Developer of the Original Code is
Mark J Crane <markjcrane@fusionpbx.com>
Portions created by the Initial Developer are Copyright (C) 2018
Portions created by the Initial Developer are Copyright (C) 2018 - 2020
the Initial Developer. All Rights Reserved.
Contributor(s):
@@ -28,18 +28,21 @@
require_once "root.php";
require_once "resources/require.php";
require_once "resources/check_auth.php";
require_once "resources/paging.php";
//check permissions
if (!permission_exists('access_control_view')) {
echo "access denied"; exit;
if (permission_exists('access_control_view')) {
//access granted
}
else {
echo "access denied";
exit;
}
//add multi-lingual support
$language = new text;
$text = $language->get();
//get posted data
//get the http post data
if (is_array($_POST['access_controls'])) {
$action = $_POST['action'];
$search = $_POST['search'];
@@ -48,60 +51,89 @@
//process the http post data by action
if ($action != '' && is_array($access_controls) && @sizeof($access_controls) != 0) {
//validate the token
$token = new token;
if (!$token->validate($_SERVER['PHP_SELF'])) {
message::add($text['message-invalid_token'],'negative');
header('Location: access_controls.php');
exit;
}
//prepare the array
foreach($access_controls as $row) {
$array['access_controls'][$x]['checked'] = $row['checked'];
$array['access_controls'][$x]['access_control_uuid'] = $row['access_control_uuid'];
$x++;
}
//prepare the database object
$database = new database;
$database->app_name = 'access_controls';
$database->app_uuid = '1416a250-f6e1-4edc-91a6-5c9b883638fd';
//send the array to the database class
switch ($action) {
case 'copy':
if (permission_exists('access_control_add')) {
$obj = new access_controls;
$obj->copy($access_controls);
$database->copy($array);
}
break;
case 'toggle':
if (permission_exists('access_control_edit')) {
$database->toggle($array);
}
break;
case 'delete':
if (permission_exists('access_control_delete')) {
$obj = new access_controls;
$obj->delete($access_controls);
$database->delete($array);
}
break;
}
//redirect the user
header('Location: access_controls.php'.($search != '' ? '?search='.urlencode($search) : null));
exit;
}
//get variables used to control the order
//get order and order by
$order_by = $_GET["order_by"];
$order = $_GET["order"];
//add the search term
$search = strtolower($_GET["search"]);
if (strlen($search) > 0) {
$sql_search = " (";
$sql_search .= "lower(access_control_name) like :search ";
$sql_search .= "or lower(access_control_default) like :search ";
$sql_search .= "or lower(access_control_description) like :search ";
$sql_search .= ") ";
//add the search
if (isset($_GET["search"])) {
$search = strtolower($_GET["search"]);
$parameters['search'] = '%'.$search.'%';
}
//prepare to page the results
$sql = "select count(*) from v_access_controls ";
if (isset($sql_search)) {
$sql .= "where ".$sql_search;
//get the count
$sql = "select count(access_control_uuid) ";
$sql .= "from v_access_controls ";
if (isset($_GET["search"])) {
$sql .= "where (";
$sql .= " lower(access_control_name) like :search ";
$sql .= " or lower(access_control_default) like :search ";
$sql .= " or lower(access_control_description) like :search ";
$sql .= ") ";
}
$database = new database;
$num_rows = $database->select($sql, $parameters, 'column');
//prepare to page the results
$rows_per_page = ($_SESSION['domain']['paging']['numeric'] != '') ? $_SESSION['domain']['paging']['numeric'] : 50;
$param = "&search=".$search;
$page = $_GET['page'];
if (strlen($page) == 0) { $page = 0; $_GET['page'] = 0; }
list($paging_controls, $rows_per_page) = paging($num_rows, $param, $rows_per_page);
list($paging_controls_mini, $rows_per_page) = paging($num_rows, $param, $rows_per_page, true);
$offset = $rows_per_page * $page;
//get the list
$sql = str_replace('count(*)', '*', $sql);
$sql .= order_by($order_by, $order);
$sql = "select ";
$sql .= "access_control_uuid, ";
$sql .= "access_control_name, ";
$sql .= "access_control_default, ";
$sql .= "access_control_description ";
$sql .= "from v_access_controls ";
if (isset($_GET["search"])) {
$sql .= "where (";
$sql .= " lower(access_control_name) like :search ";
$sql .= " or lower(access_control_default) like :search ";
$sql .= " or lower(access_control_description) like :search ";
$sql .= ") ";
}
$sql .= order_by($order_by, $order, 'access_control_name', 'asc');
$sql .= limit_offset($rows_per_page, $offset);
$database = new database;
$access_controls = $database->select($sql, $parameters, 'all');
@@ -111,7 +143,7 @@
$object = new token;
$token = $object->create($_SERVER['PHP_SELF']);
//include the header
//additional includes
$document['title'] = $text['title-access_controls'];
require_once "resources/header.php";
@@ -120,20 +152,20 @@
echo " <div class='heading'><b>".$text['title-access_controls']." (".$num_rows.")</b></div>\n";
echo " <div class='actions'>\n";
if (permission_exists('access_control_add')) {
echo button::create(['type'=>'button','label'=>$text['button-add'],'icon'=>$_SESSION['theme']['button_icon_add'],'id'=>'btn_add','link'=>'access_control_edit.php']);
echo button::create(['type'=>'button','label'=>$text['button-add'],'icon'=>$_SESSION['theme']['button_icon_add'],'id'=>'btn_add','name'=>'btn_add','link'=>'access_control_edit.php']);
}
if (permission_exists('access_control_add') && $access_controls) {
echo button::create(['type'=>'button','label'=>$text['button-copy'],'icon'=>$_SESSION['theme']['button_icon_copy'],'name'=>'btn_copy','onclick'=>"modal_open('modal-copy','btn_copy');"]);
echo button::create(['type'=>'button','label'=>$text['button-copy'],'icon'=>$_SESSION['theme']['button_icon_copy'],'id'=>'btn_copy','name'=>'btn_copy','style'=>'display:none;','onclick'=>"modal_open('modal-copy','btn_copy');"]);
}
if (permission_exists('access_control_delete') && $access_controls) {
echo button::create(['type'=>'button','label'=>$text['button-delete'],'icon'=>$_SESSION['theme']['button_icon_delete'],'name'=>'btn_delete','onclick'=>"modal_open('modal-delete','btn_delete');"]);
echo button::create(['type'=>'button','label'=>$text['button-delete'],'icon'=>$_SESSION['theme']['button_icon_delete'],'id'=>'btn_delete','name'=>'btn_delete','style'=>'display:none;','onclick'=>"modal_open('modal-delete','btn_delete');"]);
}
echo "<form id='form_search' class='inline' method='get'>\n";
echo "<input type='text' class='txt list-search' name='search' id='search' value=\"".escape($search)."\" placeholder=\"".$text['label-search']."\" onkeydown='list_search_reset();'>";
echo button::create(['label'=>$text['button-search'],'icon'=>$_SESSION['theme']['button_icon_search'],'type'=>'submit','id'=>'btn_search','style'=>($search != '' ? 'display: none;' : null)]);
echo button::create(['label'=>$text['button-reset'],'icon'=>$_SESSION['theme']['button_icon_reset'],'type'=>'button','id'=>'btn_reset','link'=>'access_controls.php','style'=>($search == '' ? 'display: none;' : null)]);
if ($paging_controls_mini != '') {
echo "<span style='margin-left: 15px;'>".$paging_controls_mini."</span>";
echo "<span style='margin-left: 15px;'>".$paging_controls_mini."</span>\n";
}
echo " </form>\n";
echo " </div>\n";
@@ -147,7 +179,7 @@
echo modal::create(['id'=>'modal-delete','type'=>'delete','actions'=>button::create(['type'=>'button','label'=>$text['button-continue'],'icon'=>'check','id'=>'btn_delete','style'=>'float: right; margin-left: 15px;','collapse'=>'never','onclick'=>"modal_close(); list_action_set('delete'); list_form_submit('form_list');"])]);
}
echo $text['description-access_control']."\n";
echo $text['description-access_controls']."\n";
echo "<br /><br />\n";
echo "<form id='form_list' method='post'>\n";
@@ -156,37 +188,44 @@
echo "<table class='list'>\n";
echo "<tr class='list-header'>\n";
if (permission_exists('access_control_add') || permission_exists('access_control_delete')) {
if (permission_exists('access_control_add') || permission_exists('access_control_edit') || permission_exists('access_control_delete')) {
echo " <th class='checkbox'>\n";
echo " <input type='checkbox' id='checkbox_all' name='checkbox_all' onclick='list_all_toggle();' ".($access_controls ?: "style='visibility: hidden;'").">\n";
echo " <input type='checkbox' id='checkbox_all' name='checkbox_all' onclick='list_all_toggle(); checkbox_on_change(this);' ".($access_controls ?: "style='visibility: hidden;'").">\n";
echo " </th>\n";
}
echo th_order_by('access_control_name', $text['label-access_control_name'], $order_by, $order);
echo th_order_by('access_control_default', $text['label-access_control_default'], $order_by, $order);
echo th_order_by('access_control_description', $text['label-access_control_description'], $order_by, $order, null, "class='hide-xs'");
echo " <th class='hide-sm-dn'>".$text['label-access_control_description']."</th>\n";
if (permission_exists('access_control_edit') && $_SESSION['theme']['list_row_edit_button']['boolean'] == 'true') {
echo " <td class='action-button'>&nbsp;</td>\n";
}
echo "</tr>\n";
if (is_array($access_controls)) {
if (is_array($access_controls) && @sizeof($access_controls) != 0) {
$x = 0;
foreach($access_controls as $row) {
foreach ($access_controls as $row) {
if (permission_exists('access_control_edit')) {
$list_row_url = "access_control_edit.php?id=".urlencode($row['access_control_uuid']);
}
echo "<tr class='list-row' href='".$list_row_url."'>\n";
if (permission_exists('access_control_add') || permission_exists('access_control_delete')) {
if (permission_exists('access_control_add') || permission_exists('access_control_edit') || permission_exists('access_control_delete')) {
echo " <td class='checkbox'>\n";
echo " <input type='checkbox' name='access_controls[".$x."][checked]' id='checkbox_".$x."' value='true' onclick=\"if (!this.checked) { document.getElementById('checkbox_all').checked = false; }\">\n";
echo " <input type='hidden' name='access_controls[".$x."][uuid]' value='".escape($row['access_control_uuid'])."' />\n";
echo " <input type='checkbox' name='access_controls[$x][checked]' id='checkbox_".$x."' value='true' onclick=\"checkbox_on_change(this); if (!this.checked) { document.getElementById('checkbox_all').checked = false; }\">\n";
echo " <input type='hidden' name='access_controls[$x][access_control_uuid]' value='".escape($row['access_control_uuid'])."' />\n";
echo " </td>\n";
}
echo " <td><a href='".$list_row_url."'>".escape($row['access_control_name'])."</a></td>\n";
echo " <td>\n";
if (permission_exists('access_control_edit')) {
echo " <a href='".$list_row_url."' title=\"".$text['button-edit']."\">".escape($row['access_control_name'])."</a>\n";
}
else {
echo " ".escape($row['access_control_name']);
}
echo " </td>\n";
echo " <td>".escape($row['access_control_default'])."</td>\n";
echo " <td class='description overflow hide-xs'>".escape($row['access_control_description'])."</td>\n";
echo " <td class='description overflow hide-sm-dn'>".escape($row['access_control_description'])."</td>\n";
if (permission_exists('access_control_edit') && $_SESSION['theme']['list_row_edit_button']['boolean'] == 'true') {
echo " <td class='action-button'>";
echo " <td class='action-button'>\n";
echo button::create(['type'=>'button','title'=>$text['button-edit'],'icon'=>$_SESSION['theme']['button_icon_edit'],'link'=>$list_row_url]);
echo " </td>\n";
}

46
app/access_controls/app_languages.php
View File

@@ -85,6 +85,27 @@ $text['title-access_control']['ru-ru'] = "Управление доступом"
$text['title-access_control']['sv-se'] = "Åtkomstkontroll";
$text['title-access_control']['uk-ua'] = "Управління доступом";
$text['description-access_controls']['en-us'] = "Access control list can allow or deny ranges of IP addresses.";
$text['description-access_controls']['en-gb'] = "Access control list can allow or deny ranges of IP addresses.";
$text['description-access_controls']['ar-eg'] = "قائمة التحكم بالوصول يمكن السماح أو الرفض نطاقات العناوين.";
$text['description-access_controls']['de-at'] = " Die Zugriffskontrollliste kann Bereiche von IP Adressen zulassen oder ablehnen."; //copied from de-de
$text['description-access_controls']['de-ch'] = " Die Zugriffskontrollliste kann Bereiche von IP Adressen zulassen oder ablehnen."; //copied from de-de
$text['description-access_controls']['de-de'] = " Die Zugriffskontrollliste kann Bereiche von IP Adressen zulassen oder ablehnen.";
$text['description-access_controls']['es-cl'] = " Lista de control de acceso puede permitir o denegar los rangos de direcciones IP.";
$text['description-access_controls']['es-mx'] = " Lista de control de acceso puede permitir o denegar los rangos de direcciones IP."; //copied from es-cl
$text['description-access_controls']['fr-ca'] = " Liste de contrôle d'accès peut autoriser ou refuser des plages d'adresses IP."; //copied from fr-fr
$text['description-access_controls']['fr-fr'] = " Liste de contrôle d'accès peut autoriser ou refuser des plages d'adresses IP.";
$text['description-access_controls']['he-il'] = " רשימת בקרת גישה יכולה לאפשר או למנוע טווחים של כתובות IP.";
$text['description-access_controls']['it-it'] = "Le liste per il controllo di accesso permettono o negano l'accesso a range di IP.";
$text['description-access_controls']['nl-nl'] = "Toegang Controle lijst kan IP adres reeks toestaan of verbieden.";
$text['description-access_controls']['pl-pl'] = "Lista kontroli dostępu może umożliwić lub zablokować zakresy adresów IP.";
$text['description-access_controls']['pt-br'] = "Lista de controle de acesso pode permitir ou negar intervalos de endereços IP."; //copied from pt-pt
$text['description-access_controls']['pt-pt'] = "Lista de controle de acesso pode permitir ou negar intervalos de endereços IP.";
$text['description-access_controls']['ro-ro'] = "Lista de control al accesului poate permite sau refuza intervale de adrese IP.";
$text['description-access_controls']['ru-ru'] = "Контроль доступа может разрешить или запретить диапазоны IP адресов.";
$text['description-access_controls']['sv-se'] = "Åtkomstkontrollista kan tillåta eller neka intervall av IP-adresser.";
$text['description-access_controls']['uk-ua'] = "Список контролю доступу може дозволити або заборонити діапазони IP-адрес.";
$text['label-node_type']['en-us'] = "Type";
$text['label-node_type']['en-gb'] = "Type";
$text['label-node_type']['ar-eg'] = "اكتب";
@@ -419,27 +440,6 @@ $text['description-access_control_default']['pt-pt'] = "Selecione o tipo de padr
$text['description-access_control_default']['ro-ro'] = "Selectați tipul implicit.";
$text['description-access_control_default']['ru-ru'] = "Выберите тип по умолчанию.";
$text['description-access_control_default']['sv-se'] = "Välj standardtypen.";
$text['description-access_control_default']['uk-ua'] = "Вибір типу за замовчуванням.";
$text['description-access_control_default']['uk-ua'] = "Вибір типу за замовчуванням.";=
$text['description-access_control']['en-us'] = "Access control list can allow or deny ranges of IP addresses.";
$text['description-access_control']['en-gb'] = "Access control list can allow or deny ranges of IP addresses.";
$text['description-access_control']['ar-eg'] = "قائمة التحكم بالوصول يمكن السماح أو الرفض نطاقات العناوين.";
$text['description-access_control']['de-at'] = " Die Zugriffskontrollliste kann Bereiche von IP Adressen zulassen oder ablehnen."; //copied from de-de
$text['description-access_control']['de-ch'] = " Die Zugriffskontrollliste kann Bereiche von IP Adressen zulassen oder ablehnen."; //copied from de-de
$text['description-access_control']['de-de'] = " Die Zugriffskontrollliste kann Bereiche von IP Adressen zulassen oder ablehnen.";
$text['description-access_control']['es-cl'] = " Lista de control de acceso puede permitir o denegar los rangos de direcciones IP.";
$text['description-access_control']['es-mx'] = " Lista de control de acceso puede permitir o denegar los rangos de direcciones IP."; //copied from es-cl
$text['description-access_control']['fr-ca'] = " Liste de contrôle d'accès peut autoriser ou refuser des plages d'adresses IP."; //copied from fr-fr
$text['description-access_control']['fr-fr'] = " Liste de contrôle d'accès peut autoriser ou refuser des plages d'adresses IP.";
$text['description-access_control']['he-il'] = " רשימת בקרת גישה יכולה לאפשר או למנוע טווחים של כתובות IP.";
$text['description-access_control']['it-it'] = "Le liste per il controllo di accesso permettono o negano l'accesso a range di IP.";
$text['description-access_control']['nl-nl'] = "Toegang Controle lijst kan IP adres reeks toestaan of verbieden.";
$text['description-access_control']['pl-pl'] = "Lista kontroli dostępu może umożliwić lub zablokować zakresy adresów IP.";
$text['description-access_control']['pt-br'] = "Lista de controle de acesso pode permitir ou negar intervalos de endereços IP."; //copied from pt-pt
$text['description-access_control']['pt-pt'] = "Lista de controle de acesso pode permitir ou negar intervalos de endereços IP.";
$text['description-access_control']['ro-ro'] = "Lista de control al accesului poate permite sau refuza intervale de adrese IP.";
$text['description-access_control']['ru-ru'] = "Контроль доступа может разрешить или запретить диапазоны IP адресов.";
$text['description-access_control']['sv-se'] = "Åtkomstkontrollista kan tillåta eller neka intervall av IP-adresser.";
$text['description-access_control']['uk-ua'] = "Список контролю доступу може дозволити або заборонити діапазони IP-адрес.";
?>
?>