Blende Aktionen aus, wenn die Rechte nicht reichen oder wenn die Domain-API nicht verfügbar ist (29c4531)

Blende Aktionen aus, wenn die Rechte nicht reichen oder wenn die Domain-API nicht verfügbar ist

Bernd Wurst commited on 2018-02-20 11:35:38
Zeige 6 geänderte Dateien mit 47 Einfügungen und 13 Löschungen.

inc/base.php f4ddd76..e9b229f
inc/error.php 1be8d79..ca81e7a
modules/domains/adddomain.php 20874aa..8391c0d
modules/domains/detail.php 73832bb..b532d10
modules/domains/domainreg.php 40bec12..df1da9b
modules/domains/domains.php 0d1b59a..4ad2e93

inc/base.php

@@ -69,6 +69,16 @@ function config($key, $localonly = false)
     return NULL;
 }
 
+function have_role($role) {
+    $have = $_SESSION['role'] & $role;
+    if ($have) {
+        DEBUG("Current user has role ".$role);
+    } else {
+        DEBUG("Current user does not have role ".$role);
+    }
+    return $have;
+}
+
 function get_server_by_id($id) {
   $id = (int) $id;
   $result = db_query("SELECT hostname FROM system.servers WHERE id=?", array($id));

inc/error.php

Zeige Datei @ 29c4531

@@ -112,18 +112,25 @@ function show_messages()
 
 function require_role($roles)
 {
-  if (! is_array($roles))
+  if (! is_array($roles)) {
     $roles = array($roles);
+  }
   $allow = false;
-  foreach ($roles as $role)
-    if ($role & $_SESSION['role'])
+  foreach ($roles as $role) {
+    if ($role & $_SESSION['role']) {
       $allow = true;
-  if (! $allow)
-    if ($_SESSION['role'] == ROLE_ANONYMOUS)
+    }
+  }
+  if (! $allow) {
+    if ($_SESSION['role'] == ROLE_ANONYMOUS) {
       login_screen();
-    else
+    } else {
+      $backtrace = debug_backtrace();
+      DEBUG($backtrace[0]['file'].':'.$backtrace[0]['line'].': Current user does not have any of the required roles: '.implode(",",$roles));
       login_screen("Diese Seite können Sie mit Ihren aktuellen Zugriffsrechten nicht benutzen, bitte melden Sie sich mit den benötigten Zugriffsrechten an!");
     }
+  }
+}
 
 
 function login_screen($why = NULL)

modules/domains/adddomain.php

Zeige Datei @ 29c4531

@@ -23,6 +23,9 @@ require_once('domainapi.php');
 require_once('domains.php');
 
 require_role(ROLE_CUSTOMER);
+if (! config('http.net-apikey')) {
+    system_failure("Dieses System ist nicht eingerichtet zum Hinzufügen von Domains");
+}
 
 title("Domain hinzufügen");
 $section='domains_domains';

modules/domains/detail.php

Zeige Datei @ 29c4531

@@ -19,9 +19,8 @@ require_once('inc/icons.php');
 
 require_once('class/domain.php');
 require_once('domains.php');
-require_once('domainapi.php');
 
-require_role(ROLE_CUSTOMER);
+require_role(array(ROLE_CUSTOMER, ROLE_SYSTEMUSER));
 
 $dom = NULL;
 if (isset($_REQUEST['id'])) {
@@ -35,7 +34,11 @@ if (isset($_REQUEST['id'])) {
 if (!$dom) {
     system_failure("Keine Domain gewählt!");
 }
+if (have_role(ROLE_CUSTOMER)) {
     $dom->ensure_customerdomain();
+} else {
+    $dom->ensure_userdomain();
+}
 
 title("Domain {$dom->fqdn}");
 $section = 'domains_domains';
@@ -43,7 +46,7 @@ $section = 'domains_domains';
 // Block zuständiger Useraccount
 
 $useraccounts = list_useraccounts();
-if ($_SESSION['role'] & ROLE_CUSTOMER && count($useraccounts) > 1) {
+if (have_role(ROLE_CUSTOMER) && count($useraccounts) > 1) {
     // Mehrere User vorhanden
     $options = array();
     foreach ($useraccounts as $u) {
@@ -60,9 +63,10 @@ if ($_SESSION['role'] & ROLE_CUSTOMER && count($useraccounts) > 1) {
 
 // Block Domain-Inhaber 
 
-if ($dom->provider == 'terions' && ($dom->cancel_date === NULL || $dom->cancel_date > date('Y-m-d'))) {
+if (have_role(ROLE_CUSTOMER) && config('http.net-apikey') && $dom->provider == 'terions' && ($dom->cancel_date === NULL || $dom->cancel_date > date('Y-m-d'))) {
     use_module('contacts');
     require_once('contacts.php');
+    require_once('domainapi.php');
 
     output('<h4>Inhaberwechsel der Domain</h4>');
     output('<p>Legen Sie hier einen neuen Inhaber für diese Domain fest.</p>');
@@ -131,6 +135,7 @@ if ($dom->provider == 'terions' && ($dom->cancel_date === NULL || $dom->cancel_d
 
 // Block Externe Domain umziehen
 
+if (have_role(ROLE_CUSTOMER) && config('http.net-apikey')) {
     if ($dom->status == 'prereg') {
         output('<h4>Domain-Registrierung abschließen</h4>
                 <p>'.internal_link('domainreg', 'Domain registrieren', "domain={$dom->fqdn}").'</p>');
@@ -141,7 +146,7 @@ if ($dom->status == 'prereg') {
         output('<h4>Domain zu '.config('company_name').' umziehen</h4>
                 <p>'.internal_link('domainreg', 'Domain-Transfer starten', "domain={$dom->fqdn}").'</p>');
     }
-
+}
 
 // Block Domain löschen/kündigen
 
@@ -149,7 +154,8 @@ $domain_in_use = mailman_subdomains($dom->id) || mail_in_use($dom->id) || web_in
 if (!$domain_in_use && ($dom->status == 'prereg' || $dom->status == 'pretransfer' || $dom->status == 'transferfailed' || $dom->status == 'external')) {
     output('<h4>Domain wieder entfernen</h4>');
     output('<p class="delete">'.internal_link('save', 'Die Domain '.$dom->fqdn.' entfernen', 'action=delete&domain='.$dom->id).'</p>');
-} elseif ($dom->provider == 'terions') {
+} elseif (have_role(ROLE_CUSTOMER) && config('http.net-apikey') && $dom->provider == 'terions') {
+    require_once('domainapi.php');
     output('<h4>Domain kündigen</h4>');
     $info = api_download_domain($dom->id);
     if ($info['authInfo']) {

modules/domains/domainreg.php

Zeige Datei @ 29c4531

@@ -24,6 +24,9 @@ require_role(ROLE_CUSTOMER);
 use_module('contacts');
 require_once('contacts.php');
 
+if (! config('http.net-apikey')) {
+    system_failure("Dieses System ist nicht eingerichtet zum Hinzufügen von Domains");
+}
 
 $dom = NULL;
 if (isset($_REQUEST['domain'])) {

modules/domains/domains.php

Zeige Datei @ 29c4531

@@ -23,7 +23,7 @@ require_once('domains.php');
 
 require_role(array(ROLE_SYSTEMUSER, ROLE_CUSTOMER));
 
-if ($_SESSION['role'] & ROLE_CUSTOMER)
+if (have_role(ROLE_CUSTOMER))
   $user_domains = get_domain_list($_SESSION['customerinfo']['customerno']);
 else
   $user_domains = get_domain_list($_SESSION['userinfo']['customerno'], $_SESSION['userinfo']['uid']);
@@ -107,12 +107,17 @@ foreach ($user_domains as $domain)
     $punycode = '';
   }
   $domainname = "{$domain->fqdn}{$punycode}";
+  if (have_role(ROLE_CUSTOMER)) {
       $domainname = internal_link('detail', $domainname, 'id='.$domain->id);
+  }
   output("  <div class=\"domain-item {$status} {$locked}\"><p class=\"domainname\">{$domainname}</p><p class=\"regdate\">{$regdate}</p><p class=\"domain-usage\">Verwendung: {$features}{$mailserver_lock}</p></div>\n");
 }
 output('</div>');
 output("<br />");
+
+if (have_role(ROLE_CUSTOMER) && config('http.net-apikey')) {
     addnew('adddomain', 'Neue Domain bestellen / hinzufügen');
+}
 
 
 ?>


...	...	@@ -112,18 +112,25 @@ function show_messages()
112	112
113	113	function require_role($roles)
114	114	{
115		- if (! is_array($roles))
	115	+ if (! is_array($roles)) {
116	116	$roles = array($roles);
	117	+ }
117	118	$allow = false;
118		- foreach ($roles as $role)
119		- if ($role & $_SESSION['role'])
	119	+ foreach ($roles as $role) {
	120	+ if ($role & $_SESSION['role']) {
120	121	$allow = true;
121		- if (! $allow)
122		- if ($_SESSION['role'] == ROLE_ANONYMOUS)
	122	+ }
	123	+ }
	124	+ if (! $allow) {
	125	+ if ($_SESSION['role'] == ROLE_ANONYMOUS) {
123	126	login_screen();
124		- else
	127	+ } else {
	128	+ $backtrace = debug_backtrace();
	129	+ DEBUG($backtrace[0]['file'].':'.$backtrace[0]['line'].': Current user does not have any of the required roles: '.implode(",",$roles));
125	130	login_screen("Diese Seite können Sie mit Ihren aktuellen Zugriffsrechten nicht benutzen, bitte melden Sie sich mit den benötigten Zugriffsrechten an!");
126	131	}
	132	+ }
	133	+}
127	134
128	135
129	136	function login_screen($why = NULL)

...	...	@@ -23,7 +23,7 @@ require_once('domains.php');
23	23
24	24	require_role(array(ROLE_SYSTEMUSER, ROLE_CUSTOMER));
25	25
26		-if ($_SESSION['role'] & ROLE_CUSTOMER)
	26	+if (have_role(ROLE_CUSTOMER))
27	27	$user_domains = get_domain_list($_SESSION['customerinfo']['customerno']);
28	28	else
29	29	$user_domains = get_domain_list($_SESSION['userinfo']['customerno'], $_SESSION['userinfo']['uid']);
...	...	@@ -107,12 +107,17 @@ foreach ($user_domains as $domain)
107	107	$punycode = '';
108	108	}
109	109	$domainname = "{$domain->fqdn}{$punycode}";
	110	+ if (have_role(ROLE_CUSTOMER)) {
110	111	$domainname = internal_link('detail', $domainname, 'id='.$domain->id);
	112	+ }
111	113	output(" <div class=\"domain-item {$status} {$locked}\"><p class=\"domainname\">{$domainname}</p><p class=\"regdate\">{$regdate}</p><p class=\"domain-usage\">Verwendung: {$features}{$mailserver_lock}</p></div>\n");
112	114	}
113	115	output('</div>');
114	116	output("<br />");
	117	+
	118	+if (have_role(ROLE_CUSTOMER) && config('http.net-apikey')) {
115	119	addnew('adddomain', 'Neue Domain bestellen / hinzufügen');
	120	+}
116	121
117	122
118	123	?>
119	124

...	...	@@ -69,6 +69,16 @@ function config($key, $localonly = false)
69	69	return NULL;
70	70	}
71	71
	72	+function have_role($role) {
	73	+ $have = $_SESSION['role'] & $role;
	74	+ if ($have) {
	75	+ DEBUG("Current user has role ".$role);
	76	+ } else {
	77	+ DEBUG("Current user does not have role ".$role);
	78	+ }
	79	+ return $have;
	80	+}
	81	+
72	82	function get_server_by_id($id) {
73	83	$id = (int) $id;
74	84	$result = db_query("SELECT hostname FROM system.servers WHERE id=?", array($id));

...	...	@@ -23,6 +23,9 @@ require_once('domainapi.php');
23	23	require_once('domains.php');
24	24
25	25	require_role(ROLE_CUSTOMER);
	26	+if (! config('http.net-apikey')) {
	27	+ system_failure("Dieses System ist nicht eingerichtet zum Hinzufügen von Domains");
	28	+}
26	29
27	30	title("Domain hinzufügen");
28	31	$section='domains_domains';

...	...	@@ -19,9 +19,8 @@ require_once('inc/icons.php');
19	19
20	20	require_once('class/domain.php');
21	21	require_once('domains.php');
22		-require_once('domainapi.php');
23	22
24		-require_role(ROLE_CUSTOMER);
	23	+require_role(array(ROLE_CUSTOMER, ROLE_SYSTEMUSER));
25	24
26	25	$dom = NULL;
27	26	if (isset($_REQUEST['id'])) {
...	...	@@ -35,7 +34,11 @@ if (isset($_REQUEST['id'])) {
35	34	if (!$dom) {
36	35	system_failure("Keine Domain gewählt!");
37	36	}
	37	+if (have_role(ROLE_CUSTOMER)) {
38	38	$dom->ensure_customerdomain();
	39	+} else {
	40	+ $dom->ensure_userdomain();
	41	+}
39	42
40	43	title("Domain {$dom->fqdn}");
41	44	$section = 'domains_domains';
...	...	@@ -43,7 +46,7 @@ $section = 'domains_domains';
43	46	// Block zuständiger Useraccount
44	47
45	48	$useraccounts = list_useraccounts();
46		-if ($_SESSION['role'] & ROLE_CUSTOMER && count($useraccounts) > 1) {
	49	+if (have_role(ROLE_CUSTOMER) && count($useraccounts) > 1) {
47	50	// Mehrere User vorhanden
48	51	$options = array();
49	52	foreach ($useraccounts as $u) {
...	...	@@ -60,9 +63,10 @@ if ($_SESSION['role'] & ROLE_CUSTOMER && count($useraccounts) > 1) {
60	63
61	64	// Block Domain-Inhaber
62	65
63		-if ($dom->provider == 'terions' && ($dom->cancel_date === NULL \|\| $dom->cancel_date > date('Y-m-d'))) {
	66	+if (have_role(ROLE_CUSTOMER) && config('http.net-apikey') && $dom->provider == 'terions' && ($dom->cancel_date === NULL \|\| $dom->cancel_date > date('Y-m-d'))) {
64	67	use_module('contacts');
65	68	require_once('contacts.php');
	69	+ require_once('domainapi.php');
66	70
67	71	output('<h4>Inhaberwechsel der Domain</h4>');
68	72	output('<p>Legen Sie hier einen neuen Inhaber für diese Domain fest.</p>');
...	...	@@ -131,6 +135,7 @@ if ($dom->provider == 'terions' && ($dom->cancel_date === NULL \|\| $dom->cancel_d
131	135
132	136	// Block Externe Domain umziehen
133	137
	138	+if (have_role(ROLE_CUSTOMER) && config('http.net-apikey')) {
134	139	if ($dom->status == 'prereg') {
135	140	output('<h4>Domain-Registrierung abschließen</h4>
136	141	<p>'.internal_link('domainreg', 'Domain registrieren', "domain={$dom->fqdn}").'</p>');
...	...	@@ -141,7 +146,7 @@ if ($dom->status == 'prereg') {
141	146	output('<h4>Domain zu '.config('company_name').' umziehen</h4>
142	147	<p>'.internal_link('domainreg', 'Domain-Transfer starten', "domain={$dom->fqdn}").'</p>');
143	148	}
144		-
	149	+}
145	150
146	151	// Block Domain löschen/kündigen
147	152
...	...	@@ -149,7 +154,8 @@ $domain_in_use = mailman_subdomains($dom->id) \|\| mail_in_use($dom->id) \|\| web_in
149	154	if (!$domain_in_use && ($dom->status == 'prereg' \|\| $dom->status == 'pretransfer' \|\| $dom->status == 'transferfailed' \|\| $dom->status == 'external')) {
150	155	output('<h4>Domain wieder entfernen</h4>');
151	156	output('<p class="delete">'.internal_link('save', 'Die Domain '.$dom->fqdn.' entfernen', 'action=delete&domain='.$dom->id).'</p>');
152		-} elseif ($dom->provider == 'terions') {
	157	+} elseif (have_role(ROLE_CUSTOMER) && config('http.net-apikey') && $dom->provider == 'terions') {
	158	+ require_once('domainapi.php');
153	159	output('<h4>Domain kündigen</h4>');
154	160	$info = api_download_domain($dom->id);
155	161	if ($info['authInfo']) {

...	...	@@ -24,6 +24,9 @@ require_role(ROLE_CUSTOMER);
24	24	use_module('contacts');
25	25	require_once('contacts.php');
26	26
	27	+if (! config('http.net-apikey')) {
	28	+ system_failure("Dieses System ist nicht eingerichtet zum Hinzufügen von Domains");
	29	+}
27	30
28	31	$dom = NULL;
29	32	if (isset($_REQUEST['domain'])) {

webinterface.git