HCoop / hcoop / zz_old / portal.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Misc. fixes
[hcoop/zz_old/portal.git] / sec.mlt
CommitLineData
3ad30cf6 1<% val you = Init.getUserId ();
2val yourname = Init.getUserName ();
3
4val uname = case $"uname" of
5 "" => yourname
6 | uname => uname;
7
8val socks = Sec.socketPerms uname;
9val tpe = Sec.isTpe uname;
f971918d 10val cron = Sec.cronAllowed uname;
3ad30cf6 11
12ref showNormal = true;
13
14@header [("title", ["Security settings"])];
15
16if $"cmd" = "socks" then
17 showNormal := false;
18 val socks = $"socks";
19 %>Are you sure you want to request that socket permissions for <b><% Web.html uname %></b> be changed to <b><% Web.html socks %></b>?<br>
20 <a href="sec?cmd=socks2&uname=<% Web.urlEncode uname %>&socks=<% Web.urlEncode socks %>&msg=<% Web.urlEncode ($"msg") %>">Yes, place the request!</a><%
21elseif $"cmd" = "socks2" then
22 val id = Sec.Req.add (you, String.concat [uname, ": change socket permissions to ", $"socks"], $"msg");
23 if not (Sec.Req.notifyNew id) then
24 %><h3><b>Error sending e-mail notification</b></h3><%
25 end
26 %><h3><b>Request added</b></h3><%
27
28elseif $"cmd" = "tpe" then
29 showNormal := false;
30 val tpe = iff $"tpe" = "yes" then "on" else "off";
31 %>Are you sure you want to request that trusted-path-executables-only for <b><% Web.html uname %></b> be turned <b><% tpe %></b>?<br>
32 <a href="sec?cmd=tpe2&uname=<% Web.urlEncode uname %>&tpe=<% tpe %>&msg=<% Web.urlEncode ($"msg") %>">Yes, place the request!</a><%
33elseif $"cmd" = "tpe2" then
34 val id = Sec.Req.add (you, String.concat [uname, ": turn tpe ", $"tpe"], $"msg");
35 if not (Sec.Req.notifyNew id) then
36 %><h3><b>Error sending e-mail notification</b></h3><%
37 end
38 %><h3><b>Request added</b></h3><%
39
f971918d 40elseif $"cmd" = "cron" then
41 showNormal := false;
42 val cron = iff $"cron" = "yes" then "enabled" else "disabled";
43 %>Are you sure you want to request that <tt>cron</tt> permissions for <b><% Web.html uname %></b> be <b><% cron %></b>?<br>
44 <a href="sec?cmd=cron2&uname=<% Web.urlEncode uname %>&cron=<% cron %>&msg=<% Web.urlEncode ($"msg") %>">Yes, place the request!</a><%
45elseif $"cmd" = "cron2" then
46 val cron = iff $"cron" = "enabled" then "enable" else "disable";
47 val id = Sec.Req.add (you, String.concat [uname, ": ", cron, " cron access"], $"msg");
48 if not (Sec.Req.notifyNew id) then
49 %><h3><b>Error sending e-mail notification</b></h3><%
50 end
51 %><h3><b>Request added</b></h3><%
52
53elseif $"cmd" = "rule" then
54 showNormal := false;
55 val rule = $"rule";
56 %>Are you sure you want to request the firewall rule <b><% Web.html uname %>&nbsp;<% Web.html rule %></b>?<br>
57 <a href="sec?cmd=rule2&uname=<% Web.urlEncode uname %>&rule=<% Web.urlEncode rule %>&msg=<% Web.urlEncode ($"msg") %>">Yes, place the request!</a><%
58elseif $"cmd" = "rule2" then
59 val id = Sec.Req.add (you, String.concat ["Add firewall rule \"", uname, " ", $"rule", "\""], $"msg");
60 if not (Sec.Req.notifyNew id) then
61 %><h3><b>Error sending e-mail notification</b></h3><%
62 end
63 %><h3><b>Request added</b></h3><%
64
65elseif $"modRule" <> "" then
66 showNormal := false;
67 val oldRule = $"modRule";
68 val rule = $"rule"
69 if oldRule = rule then
70 %>You didn't modify the textbox for this rule before clicking the button, so there is no request to be made.<%
71 else
72 %>Are you sure you want to request that firewall rule <b><% Web.html uname %>&nbsp;<% Web.html oldRule %></b> be replaced by <b><% Web.html uname %>&nbsp;<% Web.html rule %></b>?<br>
73 <a href="sec?uname=<% Web.urlEncode uname %>&modRule2=<% Web.urlEncode oldRule %>&rule=<% Web.urlEncode rule %>&msg=<% Web.urlEncode ($"msg") %>">Yes, place the request!</a><%
74 end
75elseif $"modRule2" <> "" then
76 val id = Sec.Req.add (you, String.concat ["Change firewall rule \"", uname, " ", $"modRule2", "\" to \"", uname, " ", $"rule", "\""], $"msg");
77 if not (Sec.Req.notifyNew id) then
78 %><h3><b>Error sending e-mail notification</b></h3><%
79 end
80 %><h3><b>Request added</b></h3><%
81
82elseif $"delRule" <> "" then
83 showNormal := false;
84 val oldRule = $"delRule";
85 %>Are you sure you want to request that firewall rule <b><% Web.html uname %>&nbsp;<% Web.html oldRule %></b> be <b>deleted</b>?<br>
86 <a href="sec?uname=<% Web.urlEncode uname %>&delRule2=<% Web.urlEncode oldRule %>&msg=<% Web.urlEncode ($"msg") %>">Yes, place the request!</a><%
87elseif $"delRule2" <> "" then
88 val id = Sec.Req.add (you, String.concat ["Delete firewall rule \"", uname, " ", $"delRule2", "\""], $"msg");
89 if not (Sec.Req.notifyNew id) then
90 %><h3><b>Error sending e-mail notification</b></h3><%
91 end
92 %><h3><b>Request added</b></h3><%
93
3ad30cf6 94elseif $"cmd" = "open" then
95 showNormal := false;
96 Group.requireGroupName "server";
97 %><h3><b>Open requests</b></h3>
98 <a href="sec?cmd=list">List all requests</a><%
99
100 foreach (name, req) in Sec.Req.listOpen () do %>
101<br><hr><br>
102<table>
103<tr> <td align="right"><b>By</b>:</td> <td><a href="user?id=<% #usr req %>"><% name %></a></td> </tr>
104<tr> <td align="right"><b>Time</b>:</td> <td><% #stamp req %></td> </tr>
105<tr> <td align="right"><b>Request</b>:</td> <td><% #data req %></td> </tr>
106<tr> <td align="right" valign="top"><b>Msg</b>:</td> <td colspan="2"><% Web.html (#msg req) %></td> </tr>
107</table>
108
109<br>
110<a href="sec?mod=<% #id req %>">[Modify]</a>
111<a href="sec?del=<% #id req %>">[Delete]</a><br>
112
113<% end
114
115elseif $"cmd" = "list" then
116 showNormal := false;
117 Group.requireGroupName "server"
118 %><h3><b>All requests</b></h3><%
119
120 foreach (name, req) in Sec.Req.list () do %>
121<br><hr><br>
122<table>
123<tr> <td align="right"><b>By</b>:</td> <td colspan="2"><a href="user?id=<% #usr req %>"><% name %></a></td> </tr>
124<tr> <td align="right"><b>Time</b>:</td> <td colspan="2"><% #stamp req %></td> </tr>
125<tr> <td align="right"><b>Request</b>:</td> <td><% #data req %></td> </tr>
126<tr> <td align="right" valign="top"><b>Reason</b>:</td> <td colspan="2"><% Web.html (#msg req) %></td> </tr>
127</table>
128
129<br>
130<a href="sec?mod=<% #id req %>">[Modify]</a>
131<a href="sec?del=<% #id req %>">[Delete]</a>
132
133<% end
134
135elseif $"mod" <> "" then
136 showNormal := false;
137 Group.requireGroupName "server";
138 val id = Web.stoi ($"mod");
139 val req = Sec.Req.lookup id;
140 val user = Init.lookupUser (#usr req) %>
141<h3><b>Handle request</b></h3>
142
143<form action="sec" method="post">
144<input type="hidden" name="save" value="<% id %>">
145<table>
146<tr> <td align="right"><b>Requestor</b>:</td> <td><a href="user?id=<% #usr req %>"><% #name user %></a></td> </tr>
147<tr> <td align="right"><b>Time</b>:</td> <td><% #stamp req %></td> </tr>
148<tr> <td align="right"><b>Status</b>:</td> <td><select name="status">
149 <option value="0"<% if #status req = Sec.Req.NEW then %> selected<% end %>>New</option>
150 <option value="1"<% if #status req = Sec.Req.INSTALLED then %> selected<% end %>>Installed</option>
151 <option value="2"<% if #status req = Sec.Req.REJECTED then %> selected<% end %>>Rejected</option>
152</select></td> </tr>
153<tr> <td align="right"><b>Request</b>:</td> <td><input name="req" value="<% #data req %>"></td> </tr>
154<tr> <td align="right" valign="top"><b>Message</b>:</td> <td><textarea name="msg" rows="10" cols="80" wrap="soft"><% Web.html (#msg req) %></textarea></td> </tr>
155<tr> <td><input type="submit" value="Save"></td> </tr>
156</table>
157</form>
158
159<% elseif $"save" <> "" then
160 showNormal := false;
161 Group.requireGroupName "server";
162 val id = Web.stoi ($"save");
163 val req = Sec.Req.lookup id;
164 val oldStatus = #status req;
165 val newStatus = Sec.Req.statusFromInt (Web.stoi ($"status"));
166 Sec.Req.modify {req with data = $"req", msg = $"msg", status = newStatus};
167 if oldStatus <> newStatus then
168 if not (Sec.Req.notifyMod (oldStatus, newStatus, Init.getUserName(), id)) then
169 %><h3><b>Error sending e-mail notification</b></h3><%
170 end
171 end
172 %><h3><b>Request modified</b></h3>
173 Back to: <a href="sec?cmd=open">open requests</a>, <a href="sec?cmd=list">all requests</a>
174
175<% elseif $"del" <> "" then
176 showNormal := false;
177 Group.requireGroupName "server";
178 val id = Web.stoi ($"del");
179 val req = Sec.Req.lookup id;
180 val user = Init.lookupUser (#usr req)
181 %><h3><b>Are you sure you want to delete request by <% #name user %> for "<% #data req %>"?</b></h3>
182 <a href="sec?del2=<% id %>">Yes, I'm sure!</a>
183
184<% elseif $"del2" <> "" then
185 showNormal := false;
186 Group.requireGroupName "server";
187 val id = Web.stoi ($"del2");
188 Sec.Req.delete id
189 %><h3><b>Request deleted</b><h3>
190 Back to: <a href="sec?cmd=open">open requests</a>, <a href="sec?cmd=list">all requests</a>
191
192<% end;
193
194if showNormal then %>
195
196<form action="sec" method="post">
197<b>Your users:</b> <select name="uname">
198<% foreach name in (yourname :: Sec.findSubusers yourname) do %>
199 <option value="<% name %>"<% if uname = name then %> selected<% end %>><% name %></option>
200<% end %></select> <input type="submit" value="Switch"> </form>
201
202<h3><b>Request socket permissions change</b></h3>
203
204<form action="sec" method="post">
205<input type="hidden" name="uname" value="<% uname %>">
206<input type="hidden" name="cmd" value="socks">
207<table>
208<tr> <td align="right"><b>New permissions:</b></td> <td><select name="socks">
209 <option value="none"<% if socks = Sec.NADA then %> selected<% end %>>None</option>
210 <option value="any"<% if socks = Sec.ANY then %> selected<% end %>>Any</option>
211 <option value="client"<% if socks = Sec.CLIENT_ONLY then %> selected<% end %>>Client only</option>
212 <option value="server"<% if socks = Sec.SERVER_ONLY then %> selected<% end %>>Server only</option>
213</select></td> </tr>
214<tr> <td align="right" valign="top"><b>Reason:</b></td> <td><textarea name="msg" wrap="soft" rows="3" cols="80"></textarea></td> </tr>
215<tr> <td><input type="submit" value="Request"></td> </tr>
216</table>
217</form>
218
219<h3><b>Request change to your execute permissions</b></h3>
220
221<form action="sec" method="post">
222<input type="hidden" name="uname" value="<% uname %>">
223<input type="hidden" name="cmd" value="tpe">
224<table>
225<tr> <td align="right"><b>Trusted path executables only?</b></td> <td><select name="tpe">
226 <option value="no"<% if not tpe then %> selected<% end %>>No</option>
227 <option value="yes"<% if tpe then %> selected<% end %>>Yes</option>
228</select></td> </tr>
229<tr> <td align="right" valign="top"><b>Reason:</b></td> <td><textarea name="msg" wrap="soft" rows="3" cols="80"></textarea></td> </tr>
230<tr> <td><input type="submit" value="Request"></td> </tr>
231</table>
232</form>
233
f971918d 234<h3><b>Request change to your <tt>cron</tt> permissions</b></h3>
235
236<form action="sec" method="post">
237<input type="hidden" name="uname" value="<% uname %>">
238<input type="hidden" name="cmd" value="cron">
239<table>
240<tr> <td align="right"><b>Allowed to use cron?</b></td> <td><select name="cron">
241 <option value="no"<% if not cron then %> selected<% end %>>No</option>
242 <option value="yes"<% if cron then %> selected<% end %>>Yes</option>
243</select></td> </tr>
244<tr> <td align="right" valign="top"><b>Reason:</b></td> <td><textarea name="msg" wrap="soft" rows="3" cols="80"></textarea></td> </tr>
245<tr> <td><input type="submit" value="Request"></td> </tr>
246</table>
247</form>
248
249<% val rules = Sec.findFirewallRules uname;
250switch rules of
251 _::_ => %>
252<h3><b>Your firewall rules</b></h3>
253
254<% foreach rule in rules do %>
255<form action="sec" method="post">
256<input type="hidden" name="uname" value="<% uname %>">
257<input type="hidden" name="modRule" value="<% Web.html rule %>">
258<input name="rule" value="<% Web.html rule %>">
259<a href="sec?delRule=<% Web.urlEncode rule %>">[Request deletion]</a>
260<input type="submit" value="Request change">
261</form><br>
262<% end
263end%>
264
265<h3><b>Request a new firewall rule</b></h3>
266
267<p>You can find a description of rule formats <a href="http://wiki.hcoop.net/wiki/FirewallRules">on our wiki</a>. Enter here the rule you want, without the initial <tt>user</tt> portion.</p>
268
269<form action="sec" method="post">
270<input type="hidden" name="uname" value="<% uname %>">
271<input type="hidden" name="cmd" value="rule">
272<table>
273<tr> <td align="right"><b>Rule</b></td> <td><input name="rule" size="80"></td> </tr>
274<tr> <td align="right" valign="top"><b>Reason:</b></td> <td><textarea name="msg" wrap="soft" rows="3" cols="80"></textarea></td> </tr>
275<tr> <td><input type="submit" value="Request"></td> </tr>
276</table>
277</form>
278
3ad30cf6 279<% end %>
280
281<% @footer[] %>
The HCoop web portal.