HCoop / hcoop / zz_old / portal.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Change granter.sh to give permissions to user specified on command line
[hcoop/zz_old/portal.git] / sec.mlt
CommitLineData
3ad30cf6 1<% val you = Init.getUserId ();
2val yourname = Init.getUserName ();
3
4val uname = case $"uname" of
5 "" => yourname
6 | uname => uname;
7
8val socks = Sec.socketPerms uname;
9val tpe = Sec.isTpe uname;
f971918d 10val cron = Sec.cronAllowed uname;
8c4dc06e 11val ftp = Sec.ftpAllowed uname;
3ad30cf6 12
13ref showNormal = true;
14
15@header [("title", ["Security settings"])];
16
17if $"cmd" = "socks" then
18 showNormal := false;
19 val socks = $"socks";
20 %>Are you sure you want to request that socket permissions for <b><% Web.html uname %></b> be changed to <b><% Web.html socks %></b>?<br>
21 <a href="sec?cmd=socks2&uname=<% Web.urlEncode uname %>&socks=<% Web.urlEncode socks %>&msg=<% Web.urlEncode ($"msg") %>">Yes, place the request!</a><%
22elseif $"cmd" = "socks2" then
23 val id = Sec.Req.add (you, String.concat [uname, ": change socket permissions to ", $"socks"], $"msg");
24 if not (Sec.Req.notifyNew id) then
1fe415e0 25 %><h3>Error sending e-mail notification</h3><%
3ad30cf6 26 end
1fe415e0 27 %><h3>Request added</h3><%
3ad30cf6 28
29elseif $"cmd" = "tpe" then
30 showNormal := false;
31 val tpe = iff $"tpe" = "yes" then "on" else "off";
32 %>Are you sure you want to request that trusted-path-executables-only for <b><% Web.html uname %></b> be turned <b><% tpe %></b>?<br>
33 <a href="sec?cmd=tpe2&uname=<% Web.urlEncode uname %>&tpe=<% tpe %>&msg=<% Web.urlEncode ($"msg") %>">Yes, place the request!</a><%
34elseif $"cmd" = "tpe2" then
35 val id = Sec.Req.add (you, String.concat [uname, ": turn tpe ", $"tpe"], $"msg");
36 if not (Sec.Req.notifyNew id) then
1fe415e0 37 %><h3>Error sending e-mail notification</h3><%
3ad30cf6 38 end
1fe415e0 39 %><h3>Request added</h3><%
3ad30cf6 40
f971918d 41elseif $"cmd" = "cron" then
42 showNormal := false;
43 val cron = iff $"cron" = "yes" then "enabled" else "disabled";
44 %>Are you sure you want to request that <tt>cron</tt> permissions for <b><% Web.html uname %></b> be <b><% cron %></b>?<br>
45 <a href="sec?cmd=cron2&uname=<% Web.urlEncode uname %>&cron=<% cron %>&msg=<% Web.urlEncode ($"msg") %>">Yes, place the request!</a><%
46elseif $"cmd" = "cron2" then
47 val cron = iff $"cron" = "enabled" then "enable" else "disable";
48 val id = Sec.Req.add (you, String.concat [uname, ": ", cron, " cron access"], $"msg");
49 if not (Sec.Req.notifyNew id) then
1fe415e0 50 %><h3>Error sending e-mail notification</h3><%
f971918d 51 end
1fe415e0 52 %><h3>Request added</h3><%
f971918d 53
8c4dc06e 54elseif $"cmd" = "ftp" then
55 showNormal := false;
56 val ftp = iff $"ftp" = "yes" then "enabled" else "disabled";
57 %>Are you sure you want to request that FTP permissions for <b><% Web.html uname %></b> be <b><% ftp %></b>?<br>
58 <a href="sec?cmd=ftp2&uname=<% Web.urlEncode uname %>&ftp=<% ftp %>&msg=<% Web.urlEncode ($"msg") %>">Yes, place the request!</a><%
59elseif $"cmd" = "ftp2" then
60 val ftp = iff $"ftp" = "enabled" then "enable" else "disable";
61 val id = Sec.Req.add (you, String.concat [uname, ": ", ftp, " FTP access"], $"msg");
62 if not (Sec.Req.notifyNew id) then
1fe415e0 63 %><h3>Error sending e-mail notification</h3><%
8c4dc06e 64 end
1fe415e0 65 %><h3>Request added</h3><%
8c4dc06e 66
f971918d 67elseif $"cmd" = "rule" then
68 showNormal := false;
69 val rule = $"rule";
70 %>Are you sure you want to request the firewall rule <b><% Web.html uname %>&nbsp;<% Web.html rule %></b>?<br>
71 <a href="sec?cmd=rule2&uname=<% Web.urlEncode uname %>&rule=<% Web.urlEncode rule %>&msg=<% Web.urlEncode ($"msg") %>">Yes, place the request!</a><%
72elseif $"cmd" = "rule2" then
73 val id = Sec.Req.add (you, String.concat ["Add firewall rule \"", uname, " ", $"rule", "\""], $"msg");
74 if not (Sec.Req.notifyNew id) then
1fe415e0 75 %><h3>Error sending e-mail notification</h3><%
f971918d 76 end
1fe415e0 77 %><h3>Request added</h3><%
f971918d 78
79elseif $"modRule" <> "" then
80 showNormal := false;
81 val oldRule = $"modRule";
82 val rule = $"rule"
83 if oldRule = rule then
84 %>You didn't modify the textbox for this rule before clicking the button, so there is no request to be made.<%
85 else
86 %>Are you sure you want to request that firewall rule <b><% Web.html uname %>&nbsp;<% Web.html oldRule %></b> be replaced by <b><% Web.html uname %>&nbsp;<% Web.html rule %></b>?<br>
87 <a href="sec?uname=<% Web.urlEncode uname %>&modRule2=<% Web.urlEncode oldRule %>&rule=<% Web.urlEncode rule %>&msg=<% Web.urlEncode ($"msg") %>">Yes, place the request!</a><%
88 end
89elseif $"modRule2" <> "" then
90 val id = Sec.Req.add (you, String.concat ["Change firewall rule \"", uname, " ", $"modRule2", "\" to \"", uname, " ", $"rule", "\""], $"msg");
91 if not (Sec.Req.notifyNew id) then
1fe415e0 92 %><h3>Error sending e-mail notification</h3><%
f971918d 93 end
1fe415e0 94 %><h3>Request added</h3><%
f971918d 95
96elseif $"delRule" <> "" then
97 showNormal := false;
98 val oldRule = $"delRule";
99 %>Are you sure you want to request that firewall rule <b><% Web.html uname %>&nbsp;<% Web.html oldRule %></b> be <b>deleted</b>?<br>
100 <a href="sec?uname=<% Web.urlEncode uname %>&delRule2=<% Web.urlEncode oldRule %>&msg=<% Web.urlEncode ($"msg") %>">Yes, place the request!</a><%
101elseif $"delRule2" <> "" then
102 val id = Sec.Req.add (you, String.concat ["Delete firewall rule \"", uname, " ", $"delRule2", "\""], $"msg");
103 if not (Sec.Req.notifyNew id) then
1fe415e0 104 %><h3>Error sending e-mail notification</h3><%
f971918d 105 end
1fe415e0 106 %><h3>Request added</h3><%
f971918d 107
3ad30cf6 108elseif $"cmd" = "open" then
109 showNormal := false;
110 Group.requireGroupName "server";
1fe415e0 111 %><h3>Open requests</h3>
3ad30cf6 112 <a href="sec?cmd=list">List all requests</a><%
113
114 foreach (name, req) in Sec.Req.listOpen () do %>
115<br><hr><br>
1fe415e0 116<table class="blanks">
117<tr> <td>By:</td> <td><a href="user?id=<% #usr req %>"><% name %></a></td> </tr>
118<tr> <td>Time:</td> <td><% #stamp req %></td> </tr>
119<tr> <td>Request:</td> <td><% #data req %></td> </tr>
120<tr> <td>Msg:</td> <td colspan="2"><% Web.html (#msg req) %></td> </tr>
3ad30cf6 121</table>
122
123<br>
124<a href="sec?mod=<% #id req %>">[Modify]</a>
125<a href="sec?del=<% #id req %>">[Delete]</a><br>
126
127<% end
128
129elseif $"cmd" = "list" then
130 showNormal := false;
131 Group.requireGroupName "server"
1fe415e0 132 %><h3>All requests</h3><%
3ad30cf6 133
134 foreach (name, req) in Sec.Req.list () do %>
135<br><hr><br>
1fe415e0 136<table class="blanks">
137<tr> <td>By:</td> <td colspan="2"><a href="user?id=<% #usr req %>"><% name %></a></td> </tr>
138<tr> <td>Time:</td> <td colspan="2"><% #stamp req %></td> </tr>
139<tr> <td>Request:</td> <td><% #data req %></td> </tr>
140<tr> <td>Reason:</td> <td colspan="2"><% Web.html (#msg req) %></td> </tr>
3ad30cf6 141</table>
142
143<br>
144<a href="sec?mod=<% #id req %>">[Modify]</a>
145<a href="sec?del=<% #id req %>">[Delete]</a>
146
147<% end
148
149elseif $"mod" <> "" then
150 showNormal := false;
151 Group.requireGroupName "server";
152 val id = Web.stoi ($"mod");
153 val req = Sec.Req.lookup id;
154 val user = Init.lookupUser (#usr req) %>
1fe415e0 155<h3>Handle request</h3>
3ad30cf6 156
157<form action="sec" method="post">
158<input type="hidden" name="save" value="<% id %>">
1fe415e0 159<table class="blanks">
160<tr> <td>Requestor:</td> <td><a href="user?id=<% #usr req %>"><% #name user %></a></td> </tr>
161<tr> <td>Time:</td> <td><% #stamp req %></td> </tr>
162<tr> <td>Status:</td> <td><select name="status">
3ad30cf6 163 <option value="0"<% if #status req = Sec.Req.NEW then %> selected<% end %>>New</option>
164 <option value="1"<% if #status req = Sec.Req.INSTALLED then %> selected<% end %>>Installed</option>
165 <option value="2"<% if #status req = Sec.Req.REJECTED then %> selected<% end %>>Rejected</option>
166</select></td> </tr>
1fe415e0 167<tr> <td>Request:</td> <td><input name="req" value="<% #data req %>"></td> </tr>
168<tr> <td>Message:</td> <td><textarea name="msg" rows="10" cols="80" wrap="soft"><% Web.html (#msg req) %></textarea></td> </tr>
3ad30cf6 169<tr> <td><input type="submit" value="Save"></td> </tr>
170</table>
171</form>
172
173<% elseif $"save" <> "" then
174 showNormal := false;
175 Group.requireGroupName "server";
176 val id = Web.stoi ($"save");
177 val req = Sec.Req.lookup id;
178 val oldStatus = #status req;
179 val newStatus = Sec.Req.statusFromInt (Web.stoi ($"status"));
180 Sec.Req.modify {req with data = $"req", msg = $"msg", status = newStatus};
181 if oldStatus <> newStatus then
182 if not (Sec.Req.notifyMod (oldStatus, newStatus, Init.getUserName(), id)) then
1fe415e0 183 %><h3>Error sending e-mail notification</h3><%
3ad30cf6 184 end
185 end
1fe415e0 186 %><h3>Request modified</h3>
3ad30cf6 187 Back to: <a href="sec?cmd=open">open requests</a>, <a href="sec?cmd=list">all requests</a>
188
189<% elseif $"del" <> "" then
190 showNormal := false;
191 Group.requireGroupName "server";
192 val id = Web.stoi ($"del");
193 val req = Sec.Req.lookup id;
194 val user = Init.lookupUser (#usr req)
1fe415e0 195 %><h3>Are you sure you want to delete request by <% #name user %> for "<% #data req %>"?</h3>
3ad30cf6 196 <a href="sec?del2=<% id %>">Yes, I'm sure!</a>
197
198<% elseif $"del2" <> "" then
199 showNormal := false;
200 Group.requireGroupName "server";
201 val id = Web.stoi ($"del2");
202 Sec.Req.delete id
1fe415e0 203 %><h3>Request deleted</b><h3>
3ad30cf6 204 Back to: <a href="sec?cmd=open">open requests</a>, <a href="sec?cmd=list">all requests</a>
205
206<% end;
207
208if showNormal then %>
209
210<form action="sec" method="post">
211<b>Your users:</b> <select name="uname">
212<% foreach name in (yourname :: Sec.findSubusers yourname) do %>
213 <option value="<% name %>"<% if uname = name then %> selected<% end %>><% name %></option>
214<% end %></select> <input type="submit" value="Switch"> </form>
215
1fe415e0 216<h3>Request socket permissions change</h3>
3ad30cf6 217
218<form action="sec" method="post">
219<input type="hidden" name="uname" value="<% uname %>">
220<input type="hidden" name="cmd" value="socks">
1fe415e0 221<table class="blanks">
222<tr> <td>New permissions:</td> <td><select name="socks">
3ad30cf6 223 <option value="none"<% if socks = Sec.NADA then %> selected<% end %>>None</option>
224 <option value="any"<% if socks = Sec.ANY then %> selected<% end %>>Any</option>
225 <option value="client"<% if socks = Sec.CLIENT_ONLY then %> selected<% end %>>Client only</option>
226 <option value="server"<% if socks = Sec.SERVER_ONLY then %> selected<% end %>>Server only</option>
227</select></td> </tr>
1fe415e0 228<tr> <td>Reason:</td> <td><textarea name="msg" wrap="soft" rows="3" cols="80"></textarea></td> </tr>
3ad30cf6 229<tr> <td><input type="submit" value="Request"></td> </tr>
230</table>
231</form>
232
1fe415e0 233<h3>Request change to your execute permissions</h3>
3ad30cf6 234
235<form action="sec" method="post">
236<input type="hidden" name="uname" value="<% uname %>">
237<input type="hidden" name="cmd" value="tpe">
1fe415e0 238<table class="blanks">
239<tr> <td>Trusted path executables only?</td> <td><select name="tpe">
3ad30cf6 240 <option value="no"<% if not tpe then %> selected<% end %>>No</option>
241 <option value="yes"<% if tpe then %> selected<% end %>>Yes</option>
242</select></td> </tr>
1fe415e0 243<tr> <td>Reason:</td> <td><textarea name="msg" wrap="soft" rows="3" cols="80"></textarea></td> </tr>
3ad30cf6 244<tr> <td><input type="submit" value="Request"></td> </tr>
245</table>
246</form>
247
1fe415e0 248<h3>Request change to your <tt>cron</tt> permissions</h3>
f971918d 249
250<form action="sec" method="post">
251<input type="hidden" name="uname" value="<% uname %>">
252<input type="hidden" name="cmd" value="cron">
1fe415e0 253<table class="blanks">
254<tr> <td>Allowed to use cron?</td> <td><select name="cron">
255 option value="no"<% if not cron then %> selected<% end %>>No</option>
f971918d 256 <option value="yes"<% if cron then %> selected<% end %>>Yes</option>
257</select></td> </tr>
1fe415e0 258<tr> <td>Reason:</td> <td><textarea name="msg" wrap="soft" rows="3" cols="80"></textarea></td> </tr>
f971918d 259<tr> <td><input type="submit" value="Request"></td> </tr>
260</table>
261</form>
262
1fe415e0 263<h3>Request change to your FTP permissions</h3>
8c4dc06e 264
265<form action="sec" method="post">
266<input type="hidden" name="uname" value="<% uname %>">
267<input type="hidden" name="cmd" value="ftp">
1fe415e0 268<table class="blanks">
269<tr> <td>Allowed to use FTP?</td> <td><select name="ftp">
8c4dc06e 270 <option value="no"<% if not ftp then %> selected<% end %>>No</option>
271 <option value="yes"<% if ftp then %> selected<% end %>>Yes</option>
272</select></td> </tr>
1fe415e0 273<tr> <td>Reason:</td> <td><textarea name="msg" wrap="soft" rows="3" cols="80"></textarea></td> </tr>
8c4dc06e 274<tr> <td><input type="submit" value="Request"></td> </tr>
275</table>
276</form>
277
f971918d 278<% val rules = Sec.findFirewallRules uname;
279switch rules of
280 _::_ => %>
1fe415e0 281<h3>Your firewall rules</h3>
f971918d 282
283<% foreach rule in rules do %>
284<form action="sec" method="post">
285<input type="hidden" name="uname" value="<% uname %>">
286<input type="hidden" name="modRule" value="<% Web.html rule %>">
287<input name="rule" value="<% Web.html rule %>">
288<a href="sec?delRule=<% Web.urlEncode rule %>">[Request deletion]</a>
289<input type="submit" value="Request change">
290</form><br>
291<% end
292end%>
293
1fe415e0 294<h3>Request a new firewall rule</h3>
f971918d 295
296<p>You can find a description of rule formats <a href="http://wiki.hcoop.net/wiki/FirewallRules">on our wiki</a>. Enter here the rule you want, without the initial <tt>user</tt> portion.</p>
297
298<form action="sec" method="post">
299<input type="hidden" name="uname" value="<% uname %>">
300<input type="hidden" name="cmd" value="rule">
1fe415e0 301<table class="blanks">
302<tr> <td>Rule</td> <td><input name="rule" size="80"></td> </tr>
303<tr> <td>Reason:</td> <td><textarea name="msg" wrap="soft" rows="3" cols="80"></textarea></td> </tr>
f971918d 304<tr> <td><input type="submit" value="Request"></td> </tr>
305</table>
306</form>
307
3ad30cf6 308<% end %>
309
310<% @footer[] %>
The HCoop web portal.