From 220735007a2888e918244b1e2aadfbfbcb18cb4c Mon Sep 17 00:00:00 2001
From: Clinton Ebadi <clinton@unknownlamer.org>
Date: Sat, 7 Feb 2015 16:03:05 -0500
Subject: [PATCH] sec: split normal user view into its own template

---
 sec.mlt       | 116 ++-----------------------------------------------
 secnormal.mlt | 118 ++++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 122 insertions(+), 112 deletions(-)
 create mode 100644 secnormal.mlt

diff --git a/sec.mlt b/sec.mlt
index e48049a..020c0f9 100644
--- a/sec.mlt
+++ b/sec.mlt
@@ -211,117 +211,9 @@ elseif $"mod" <> "" then
 
 <% end;
 
-if showNormal then %>
-
-<table class="blanks">
-<form action="sec" method="post">
-<input type="hidden" name="uname" value="<% Web.html uname %>">
-<tr> <td>Machines:</td> <td><select name="node">
-<% foreach node in Init.listNodes () do %>
-	<option value="<% #id node %>"<% if nodeNum = #id node then %> selected<% end %>><% Web.html (#name node) %> (<% Web.html (#descr node) %>)</option>
-<% end %></select></td>
-<td><input type="submit" value="Switch"></td> </tr>
-</form>
-<form action="sec" method="post">
-<input type="hidden" name="node" value="<% nodeNum %>">
-<tr> <td>Your users:</td> <td><select name="uname">
-<% foreach name in (yourname :: Sec.findSubusers yourname) do %>
-	<option value="<% name %>"<% if uname = name then %> selected<% end %>><% name %></option>
-<% end %></select></td>
-<td><input type="submit" value="Switch"></td> </tr>
-</form>
-</table>
-
-<!--h3>Request socket permissions change</h3>
-
-<p>You need to request socket permissions before you are able to open any network connections. While you will be limited by firewall rules even then, any requests for firewall rules you enter in the "Reason" blank here <b>will be ignored</b>. Please use the separate form at the bottom of this page for that. There is no need to wait until a request for socket permissions has been granted before starting to request firewall rules.</p>
-
-<p>Keep in mind that, if your request is granted, it will never apply to existing log-in sessions. Close them and re-connect to take advantage of your new privileges.</p>
-
-<form action="sec" method="post">
-<input type="hidden" name="node" value="<% nodeNum %>">
-<input type="hidden" name="uname" value="<% uname %>">
-<input type="hidden" name="cmd" value="socks">
-<table class="blanks">
-<tr> <td>New permissions:</td> <td><select name="socks">
-	<option value="none"<% if socks = Sec.NADA then %> selected<% end %>>None</option>
-	<option value="any"<% if socks = Sec.ANY then %> selected<% end %>>Any</option>
-	<option value="client"<% if socks = Sec.CLIENT_ONLY then %> selected<% end %>>Client only</option>
-	<option value="server"<% if socks = Sec.SERVER_ONLY then %> selected<% end %>>Server only</option>
-</select></td> </tr>
-<tr> <td>Reason:</td> <td><textarea name="msg" wrap="soft" rows="3" cols="80"></textarea></td> </tr>
-<tr> <td><input type="submit" value="Request"></td> </tr>
-</table>
-</form>
-
-<h3>Request change to your execute permissions</h3>
-
-<form action="sec" method="post">
-<input type="hidden" name="node" value="<% nodeNum %>">
-<input type="hidden" name="uname" value="<% uname %>">
-<input type="hidden" name="cmd" value="tpe">
-<table class="blanks">
-<tr> <td>Trusted path executables only?</td> <td><select name="tpe">
-	<option value="no"<% if not tpe then %> selected<% end %>>No</option>
-	<option value="yes"<% if tpe then %> selected<% end %>>Yes</option>
-</select></td> </tr>
-<tr> <td>Reason:</td> <td><textarea name="msg" wrap="soft" rows="3" cols="80"></textarea></td> </tr>
-<tr> <td><input type="submit" value="Request"></td> </tr>
-</table>
-</form-->
-
-<h3>Request change to your <tt>cron</tt> permissions</h3>
-
-<form action="sec" method="post">
-<input type="hidden" name="node" value="<% nodeNum %>">
-<input type="hidden" name="uname" value="<% uname %>">
-<input type="hidden" name="cmd" value="cron">
-<table class="blanks">
-<tr> <td>Allowed to use cron?</td> <td><select name="cron">
-	<option value="no"<% if not cron then %> selected<% end %>>No</option>
-	<option value="yes"<% if cron then %> selected<% end %>>Yes</option>
-</select></td> </tr>
-<tr> <td>Reason:</td> <td><textarea name="msg" wrap="soft" rows="3" cols="80"></textarea></td> </tr>
-<tr> <td><input type="submit" value="Request"></td> </tr>
-</table>
-</form>
-
-<% val rules = Sec.findFirewallRules {node = nodeNum, uname = uname};
-switch rules of
-  _::_ => %>
-<h3>Your firewall rules</h3>
-
-<% foreach rule in rules do %>
-<form action="sec" method="post">
-<input type="hidden" name="node" value="<% nodeNum %>">
-<input type="hidden" name="uname" value="<% uname %>">
-<input type="hidden" name="modRule" value="<% Web.html rule %>">
-<label>Node: <% nodeName %> <input name="rule" value="<% Web.html rule %>"></label>
-<a href="sec?delRule=<% Web.urlEncode rule %>">[Request deletion]</a>
-<input type="submit" value="Request change">
-</form><br>
-<% end
-end%>
-
-<h3>Request a new firewall rule</h3>
-
-<p>You can find a description of rule formats <a href="http://wiki.hcoop.net/FirewallRules">on our wiki</a>. Enter here the rule you want, without the initial <tt>user</tt> portion. We also <a href="http://wiki.hcoop.net/FirewallRules#Common_Rules">allow all members access to some services</a> if they are commonly requested.</p>
-
-<p>When requesting a <tt>Server</tt> or <tt>ProxiedServer</tt> rule, use a port above <tt>50000</tt> (there is a list of <a href="http://wiki.hcoop.net/AllocatedFirewallPorts">allocated ports</a>). We may grant <tt>Server</tt> requests for ports under <tt>50000</tt> if it can be justified, but never for a <tt>ProxiedServer</tt>.</p>
-
-<p>We very rarely grant requests for Client rules that don't include remote host whitelists. For example, important security concerns make it a bad idea for us to give anybody blanket IRC permissions. Instead, request specific servers. We will refuse such requests that include networks that are popularly considered fronts for illegal activity.</p>
-
-<form action="sec" method="post">
-<input type="hidden" name="node" value="<% nodeNum %>">
-<input type="hidden" name="uname" value="<% uname %>">
-<input type="hidden" name="cmd" value="rule">
-<table class="blanks">
-<tr> <td>Rule</td> <td><input name="rule" size="80"></td> </tr>
-<tr> <td>Reason:</td> <td><textarea name="msg" wrap="soft" rows="3" cols="80"></textarea></td> </tr>
-<tr> <td><input type="submit" value="Request"></td> </tr>
-</table>
-</form>
-
-<% end %>
+if showNormal then
+  @secnormal [("uname", [uname]),
+              ("nodeNum", [Int.toString nodeNum])];
+end %>
 
 <% @footer[] %>
\ No newline at end of file
diff --git a/secnormal.mlt b/secnormal.mlt
new file mode 100644
index 0000000..356c45b
--- /dev/null
+++ b/secnormal.mlt
@@ -0,0 +1,118 @@
+<%
+val uname = $"uname";
+val nodeNum = case $"nodeNum" of node => Web.stoi node;
+val nodeName = Init.nodeName nodeNum;
+val yourname = Init.getUserName ();
+
+val socks = Sec.socketPerms {node = nodeNum, uname = uname};
+val tpe = Sec.isTpe {node = nodeNum, uname = uname};
+val cron = Sec.cronAllowed {node = nodeNum, uname = uname};
+%>
+<table class="blanks">
+<form action="sec" method="post">
+<input type="hidden" name="uname" value="<% Web.html uname %>">
+<tr> <td>Machines:</td> <td><select name="node">
+<% foreach node in Init.listNodes () do %>
+	<option value="<% #id node %>"<% if nodeNum = #id node then %> selected<% end %>><% Web.html (#name node) %> (<% Web.html (#descr node) %>)</option>
+<% end %></select></td>
+<td><input type="submit" value="Switch"></td> </tr>
+</form>
+<form action="sec" method="post">
+<input type="hidden" name="node" value="<% nodeNum %>">
+<tr> <td>Your users:</td> <td><select name="uname">
+<% foreach name in (yourname :: Sec.findSubusers yourname) do %>
+	<option value="<% name %>"<% if uname = name then %> selected<% end %>><% name %></option>
+<% end %></select></td>
+<td><input type="submit" value="Switch"></td> </tr>
+</form>
+</table>
+
+<!--h3>Request socket permissions change</h3>
+
+<p>You need to request socket permissions before you are able to open any network connections. While you will be limited by firewall rules even then, any requests for firewall rules you enter in the "Reason" blank here <b>will be ignored</b>. Please use the separate form at the bottom of this page for that. There is no need to wait until a request for socket permissions has been granted before starting to request firewall rules.</p>
+
+<p>Keep in mind that, if your request is granted, it will never apply to existing log-in sessions. Close them and re-connect to take advantage of your new privileges.</p>
+
+<form action="sec" method="post">
+<input type="hidden" name="node" value="<% nodeNum %>">
+<input type="hidden" name="uname" value="<% uname %>">
+<input type="hidden" name="cmd" value="socks">
+<table class="blanks">
+<tr> <td>New permissions:</td> <td><select name="socks">
+	<option value="none"<% if socks = Sec.NADA then %> selected<% end %>>None</option>
+	<option value="any"<% if socks = Sec.ANY then %> selected<% end %>>Any</option>
+	<option value="client"<% if socks = Sec.CLIENT_ONLY then %> selected<% end %>>Client only</option>
+	<option value="server"<% if socks = Sec.SERVER_ONLY then %> selected<% end %>>Server only</option>
+</select></td> </tr>
+<tr> <td>Reason:</td> <td><textarea name="msg" wrap="soft" rows="3" cols="80"></textarea></td> </tr>
+<tr> <td><input type="submit" value="Request"></td> </tr>
+</table>
+</form>
+
+<h3>Request change to your execute permissions</h3>
+
+<form action="sec" method="post">
+<input type="hidden" name="node" value="<% nodeNum %>">
+<input type="hidden" name="uname" value="<% uname %>">
+<input type="hidden" name="cmd" value="tpe">
+<table class="blanks">
+<tr> <td>Trusted path executables only?</td> <td><select name="tpe">
+	<option value="no"<% if not tpe then %> selected<% end %>>No</option>
+	<option value="yes"<% if tpe then %> selected<% end %>>Yes</option>
+</select></td> </tr>
+<tr> <td>Reason:</td> <td><textarea name="msg" wrap="soft" rows="3" cols="80"></textarea></td> </tr>
+<tr> <td><input type="submit" value="Request"></td> </tr>
+</table>
+</form-->
+
+<h3>Request change to your <tt>cron</tt> permissions</h3>
+
+<form action="sec" method="post">
+<input type="hidden" name="node" value="<% nodeNum %>">
+<input type="hidden" name="uname" value="<% uname %>">
+<input type="hidden" name="cmd" value="cron">
+<table class="blanks">
+<tr> <td>Allowed to use cron?</td> <td><select name="cron">
+	<option value="no"<% if not cron then %> selected<% end %>>No</option>
+	<option value="yes"<% if cron then %> selected<% end %>>Yes</option>
+</select></td> </tr>
+<tr> <td>Reason:</td> <td><textarea name="msg" wrap="soft" rows="3" cols="80"></textarea></td> </tr>
+<tr> <td><input type="submit" value="Request"></td> </tr>
+</table>
+</form>
+
+<% val rules = Sec.findFirewallRules {node = nodeNum, uname = uname};
+switch rules of
+  _::_ => %>
+<h3>Your firewall rules</h3>
+
+<% foreach rule in rules do %>
+<form action="sec" method="post">
+<input type="hidden" name="node" value="<% nodeNum %>">
+<input type="hidden" name="uname" value="<% uname %>">
+<input type="hidden" name="modRule" value="<% Web.html rule %>">
+<label>Node: <% nodeName %> <input name="rule" value="<% Web.html rule %>"></label>
+<a href="sec?delRule=<% Web.urlEncode rule %>">[Request deletion]</a>
+<input type="submit" value="Request change">
+</form><br>
+<% end
+end%>
+
+<h3>Request a new firewall rule</h3>
+
+<p>You can find a description of rule formats <a href="http://wiki.hcoop.net/FirewallRules">on our wiki</a>. Enter here the rule you want, without the initial <tt>user</tt> portion. We also <a href="http://wiki.hcoop.net/FirewallRules#Common_Rules">allow all members access to some services</a> if they are commonly requested.</p>
+
+<p>When requesting a <tt>Server</tt> or <tt>ProxiedServer</tt> rule, use a port above <tt>50000</tt> (there is a list of <a href="http://wiki.hcoop.net/AllocatedFirewallPorts">allocated ports</a>). We may grant <tt>Server</tt> requests for ports under <tt>50000</tt> if it can be justified, but never for a <tt>ProxiedServer</tt>.</p>
+
+<p>We very rarely grant requests for Client rules that don't include remote host whitelists. For example, important security concerns make it a bad idea for us to give anybody blanket IRC permissions. Instead, request specific servers. We will refuse such requests that include networks that are popularly considered fronts for illegal activity.</p>
+
+<form action="sec" method="post">
+<input type="hidden" name="node" value="<% nodeNum %>">
+<input type="hidden" name="uname" value="<% uname %>">
+<input type="hidden" name="cmd" value="rule">
+<table class="blanks">
+<tr> <td>Rule</td> <td><input name="rule" size="80"></td> </tr>
+<tr> <td>Reason:</td> <td><textarea name="msg" wrap="soft" rows="3" cols="80"></textarea></td> </tr>
+<tr> <td><input type="submit" value="Request"></td> </tr>
+</table>
+</form>
-- 
2.20.1