Implement users administration and access permissions and update to 0.0.3
authorMichal Novotny <minovotn@redhat.com>
Mon, 5 Dec 2011 17:16:17 +0000 (18:16 +0100)
committerMichal Novotny <minovotn@redhat.com>
Mon, 5 Dec 2011 17:21:25 +0000 (18:21 +0100)
This patch also implements the database initialization with adding
default user 'admin' to the MySQL database with the password that
defaults to 'admin' too with the full permissions.

Signed-off-by: Michal Novotny <mignov@gmail.com>

18 files changed:
classes/database-file.php
classes/database-mysql.php
classes/database.php
classes/language.php
configure.ac
dialog-login.php [new file with mode: 0644]
functions.php
init.php
lang/cs.php
lang/en.php
main-menu.php
pages/domain-list.php
pages/network-list.php
pages/new-net.php
pages/new-vm.php
pages/overview.php
pages/users.php [new file with mode: 0644]
php-virt-control.spec

index 854e66f..afa4d1a 100644 (file)
                        return true;
                }
 
+               function verify_user($user, $password) {
+                       return true;
+               }
+
+               function user_add($user, $password, $perms) {
+                       return false;
+               }
+
+               function user_edit($id, $user, $password, $perms) {
+                       return false;
+               }
+
+               function user_del($id, $user) {
+                       return false;
+               }
+
+               function get_users() {
+                       return array();
+               }
+
                /* Parse function */
                function parse_data() {
                        $id = 0;
index 87c54b8..069c5d1 100644 (file)
@@ -1,28 +1,14 @@
 <?php
-       /*
-               Database table structures:
-
-               CREATE TABLE IF NOT EXISTS `connections` (
-                 `id` int(11) NOT NULL AUTO_INCREMENT,
-                 `name` varchar(255) NOT NULL,
-                 `hv` varchar(5) NOT NULL,
-                 `type` tinyint(4) NOT NULL,
-                 `method` varchar(3) NOT NULL,
-                 `require_pwd` tinyint(4) NOT NULL,
-                 `user` varchar(255) NOT NULL,
-                 `host` varchar(255) NOT NULL,
-                 `logfile` varchar(255) NOT NULL,
-                 PRIMARY KEY (`id`)
-               ) ENGINE=MyISAM DEFAULT CHARSET=utf8 COMMENT='Table of connection for php-virt-control';
-
-       */
        class DatabaseMySQL extends Database {
                private $server;
                private $user;
                private $password;
                private $dbname;
                private $prefix;
+               private $default_user = 'admin';
+               private $default_password = 'admin';
                private $tab_connections = 'connections';
+               private $tab_users = 'users';
                private $connections = array();
                private $db;
 
                                        'PRIMARY KEY (id)'.
                                ') ENGINE=MyISAM  DEFAULT CHARSET=utf8';
 
-                       return is_resource( mysql_query($qry) );
+                       if (!mysql_query($qry))
+                               return false;
+
+                       $qry = 'CREATE TABLE IF NOT EXISTS '.$this->prefix.$this->tab_users.' ('.
+                                       'id int(11) NOT NULL AUTO_INCREMENT,'.
+                                       'username varchar(255) NOT NULL,'.
+                                       'password varchar(255) NOT NULL,'.
+                                       'permissions int(11) NOT NULL,'.
+                                       'PRIMARY KEY (id)'.
+                               ') ENGINE=MyISAM DEFAULT CHARSET=utf8';
+
+                       if (!mysql_query($qry))
+                               return false;
+
+                       /* Create a user with full permissions */
+                       global $user_permissions;
+                       $perms = 0;
+                       while (list($key, $val) = each($user_permissions))
+                               eval('$perms |= '.$key.';');
+
+                       $qry = 'INSERT INTO '.$this->prefix.$this->tab_users.'(username, password, permissions) '.
+                               'VALUES("'.$this->default_user.'", "'.hash('sha512', $this->default_password).'", '.$perms.')';
+                       return mysql_query($qry) ? true : false;
+               }
+
+               function verify_user($user, $password) {
+                       $user = mysql_real_escape_string($user);
+                       $password = hash('sha512', $password);
+                       $qry = 'SELECT permissions FROM '.$this->prefix.$this->tab_users.' WHERE username = "'.$user.'" '.
+                                               'AND password = "'.$password.'"';
+
+                       $res = mysql_query($qry);
+                       if (!$res)
+                               return false;
+
+                       if (mysql_num_rows($res) == 0)
+                               return false;
+
+                       $rec = mysql_fetch_row($res);
+                       return $rec[0];
+               }
+
+               function user_add($user, $password, $perms) {
+                       $user = mysql_real_escape_string($user);
+                       $password = hash('sha512', $password);
+                       $perms = (int)$perms;
+
+                       $qry = 'SELECT id FROM '.$this->prefix.$this->tab_users.' WHERE username = "'.$user.'"';
+                       $res = mysql_query($qry);
+                       if (mysql_num_rows($res) > 0)
+                               return false;
+
+                       $qry = 'INSERT INTO '.$this->prefix.$this->tab_users.'(username, password, permissions) VALUES("'.$user.'", "'.
+                               $password.'", '.$perms.')';
+
+                       return (mysql_query($qry) ? true : false);
+               }
+
+               function user_edit($id, $user, $password, $perms) {
+                       $user = mysql_real_escape_string($user);
+                       $password = (strlen($password) > 0) ? hash('sha512', $password) : false;
+
+                       $qry = 'SELECT permissions FROM '.$this->prefix.$this->tab_users.' WHERE username = "'.$user.'"';
+                       $res = mysql_query($qry);
+                       if (mysql_num_rows($res) == 0)
+                               return false;
+
+                       if ($perms == false) {
+                               $rec = mysql_fetch_row($res);
+                               $perms = (int)$rec[0];
+                       }
+                       else
+                               $perms = (int)$perms;
+
+                       if ($password)
+                               $qry = 'UPDATE '.$this->prefix.$this->tab_users.' SET password = "'.$password.'", permissions = '.$perms.
+                                       ' WHERE username = "'.$user.'" AND id = '.$id;
+                       else
+                               $qry = 'UPDATE '.$this->prefix.$this->tab_users.' SET permissions = '.$perms.
+                                       ' WHERE username = "'.$user.'" AND id = '.$id;
+
+                       return (mysql_query($qry) ? true : false);
+               }
+
+               function user_del($id, $user) {
+                       $user = mysql_real_escape_string($user);
+
+                       $qry = 'SELECT id FROM '.$this->prefix.$this->tab_users.' WHERE username = "'.$user.'"';
+                       $res = mysql_query($qry);
+                       if (mysql_num_rows($res) == 0)
+                               return false;
+
+                       $qry = 'DELETE FROM '.$this->prefix.$this->tab_users.' WHERE username = "'.$user.'" AND id = '.$id;
+                       return (mysql_query($qry) ? true : false);
+               }
+
+               function get_users() {
+                       $res = mysql_query('SELECT id, username, permissions FROM '.$this->prefix.$this->tab_users);
+
+                       $ret = array();
+                       while ($rec = mysql_fetch_assoc($res)) {
+                               $ret[] = array(
+                                               'id'   => $rec['id'],
+                                               'name' => $rec['username'],
+                                               'permissions' => $rec['permissions']
+                                               );
+                       }
+
+                       return $ret;
                }
 
                function refresh() {
index 7abb25b..90dfd63 100644 (file)
                        return $this->err('init', $this->unimpl);
                }
 
+               function verify_user($user, $password) {
+                       return $this->err('verify_user', $this->unimpl);
+               }
+
+               function user_add($user, $password, $perms) {
+                       return $this->err('user_add', $this->unimpl);
+               }
+
+               function user_edit($id, $user, $password, $perms) {
+                       return $this->err('user_edit', $this->unimpl);
+               }
+
+               function user_del($id, $user) {
+                       return $this->err('user_del', $this->unimpl);
+               }
+
+               function get_users() {
+                       return $this->err('get_users', $this->unimpl);
+               }
+
                function has_fatal_error() {
                        return $this->fatal;
                }
index dac11d2..df9d2d5 100644 (file)
                                        'network-generate-mac' => 'Generate new MAC address',
                                        'network-remove-ok' => 'Network card has been removed successfully. Changes will take effect on next domain startup.',
                                        'network-remove-error' => 'Cannot remove disk',
+                                       'login_page_title' => 'Log-in',
+                                       'login_enter_login' => 'Login:',
+                                       'login_enter_password' => 'Password:',
+                                       'login_submit' => 'Login',
+                                       'login_invalid' => 'Your credentials are not valid. Please provide valid credentials',
+                                       'logout' => 'Logout',
+
+                                       'users' => 'Users',
+                                       'create-new-user' => 'Create a new user',
+                                       'user_add' => 'Add user',
+                                       'user_edit' => 'Edit user',
+                                       'user_del' => 'Delete user',
+                                       'user_del_confirm' => 'Do you really want to delete selected user?',
+                                       'user_added' => 'User has been successfully added',
+                                       'user_edited' => 'User information has been successfully changed',
+                                       'user_deleted' => 'User has been succesfully deleted',
+                                       'confirm_password' => 'Confirm password',
+                                       'permissions' => 'Permissions',
+                                       'permission_save_connection' => 'Save connection',
+                                       'permission_vm_create' => 'Create virtual machine',
+                                       'permission_vm_edit' => 'Edit virtual machine',
+                                       'permission_vm_delete' => 'Delete virtual machine',
+                                       'permission_network_create' => 'Create virtual network',
+                                       'permission_network_edit' => 'Edit virtual network',
+                                       'permission_network_delete' => 'Delete virtual network',
+                                       'permission_user_create' => 'Create user',
+                                       'permission_user_edit' => 'Edit user',
+                                       'permission_user_delete' => 'Delete user',
+                                       'user_add_btn' => 'Add user',
+                                       'user_edit_btn' => 'Edit user',
+                                       'password_mismatch' => 'Password mismatch',
                                        );
 
                        $this->trans = $trans;
index e5b7b36..897eec4 100644 (file)
@@ -1,4 +1,4 @@
-AC_INIT([php-virt-control], [0.0.2], [http://www.php-virt-control.org])
+AC_INIT([php-virt-control], [0.0.3], [http://www.php-virt-control.org])
 AM_INIT_AUTOMAKE([-Wall -Werror])
 AC_CONFIG_FILES([Makefile tools/Makefile])
 AC_OUTPUT
diff --git a/dialog-login.php b/dialog-login.php
new file mode 100644 (file)
index 0000000..1d33323
--- /dev/null
@@ -0,0 +1,43 @@
+
+<html> 
+<head> 
+ <title>php-virt-control - <?php echo $lang->get('title_vmc') ?></title> 
+ <link rel="STYLESHEET" type="text/css" href="manager.css"> 
+</head> 
+<body> 
+  <div id="header"> 
+    <div id="headerLogo"></div> 
+  </div> 
+  <!-- CONTENTS --> 
+  <div id="content"> 
+
+<?php
+       if (array_key_exists('user', $_POST))
+               echo '<div id="msg"><b>Message: </b>'.$lang->get('login_invalid').'</div>';
+?>
+
+    <form method="POST">
+
+    <div class="section"><?php echo $lang->get('login_page_title') ?></div>
+    <div class="item">
+      <div class="label"><?php echo $lang->get('login_enter_login') ?></div>
+      <div class="value"><input type="text" name="user"></div>
+      <div class="nl" />
+    </div>
+    <div class="item">
+      <div class="label"><?php echo $lang->get('login_enter_password') ?></div>
+      <div class="value"><input type="password" name="password"></div>
+      <div class="nl" />
+    </div>
+    <div class="item">
+      <div class="label">&nbsp;</div>
+      <div class="value"><input type="submit" value="<?php echo $lang->get('login_submit') ?>"></div>
+      <div class="nl" />
+    </div>
+    </form> 
+  </div> 
+</body> 
+</html> 
index 1adff79..201e3d2 100644 (file)
 
                return false;
        }
+
+       function verify_user($db, $perm=false) {
+               if (array_key_exists('logged_in', $_SESSION)) {
+                       if ($perm != false) {
+                               if ($_SESSION['user_perms'] == '*')
+                                       return true;
+                               else
+                                       return ($_SESSION['user_perms'] & $perm) ? true : false;
+                       }
+                       else
+                               return true;
+               }
+
+               $logged_in = false;
+               if (array_key_exists('user', $_POST)) {
+                       $perm = $db->verify_user($_POST['user'], $_POST['password']);
+                       if (is_string($perm)) {
+                               $logged_in = base64_encode("{$_POST['user']}\n{$_POST['password']}");
+
+                               if ($perm == true) {
+                                       $_SESSION['user_perms'] = '*';
+                                       $_SESSION['logged_in'] = $logged_in;
+                               }
+                               else {
+                                       $_SESSION['user_perms'] = $perm;
+                                       $_SESSION['logged_in'] = $logged_in;
+                               }
+                       }
+               }
+
+               return $logged_in;
+        }
 ?>
index d98c426..f3fa430 100644 (file)
--- a/init.php
+++ b/init.php
@@ -2,11 +2,36 @@
        define('DEBUG', false);
        define('LOGDIR', getcwd().'/logs');
        define('LIBVIRT_PHP_REQ_VERSION', '0.4.4');
-       define('PHPVIRTCONTROL_VERSION', '0.0.2');
+       define('PHPVIRTCONTROL_VERSION', '0.0.3');
        define('PHPVIRTCONTROL_WEBSITE', 'http://www.php-virt-control.org');
        define('CONNECT_WITH_NULL_STRING', false);
        define('ALLOW_EXPERIMENTAL_VNC', false);
 
+       /* User permission defines */
+       define('USER_PERMISSION_SAVE_CONNECTION', 0x01);
+       define('USER_PERMISSION_VM_CREATE', 0x02);
+       define('USER_PERMISSION_VM_EDIT', 0x04);
+       define('USER_PERMISSION_VM_DELETE', 0x08);
+       define('USER_PERMISSION_NETWORK_CREATE', 0x10);
+       define('USER_PERMISSION_NETWORK_EDIT', 0x20);
+       define('USER_PERMISSION_NETWORK_DELETE', 0x40);
+       define('USER_PERMISSION_USER_CREATE', 0x80);
+       define('USER_PERMISSION_USER_EDIT', 0x100);
+       define('USER_PERMISSION_USER_DELETE', 0x200);
+
+       $user_permissions = array(
+                               'USER_PERMISSION_SAVE_CONNECTION'       => 'permission_save_connection',
+                               'USER_PERMISSION_VM_CREATE'             => 'permission_vm_create',
+                               'USER_PERMISSION_VM_EDIT'               => 'permission_vm_edit',
+                               'USER_PERMISSION_VM_DELETE'             => 'permission_vm_delete',
+                               'USER_PERMISSION_NETWORK_CREATE'        => 'permission_network_create',
+                               'USER_PERMISSION_NETWORK_EDIT'          => 'permission_network_edit',
+                               'USER_PERMISSION_NETWORK_DELETE'        => 'permission_network_delete',
+                               'USER_PERMISSION_USER_CREATE'           => 'permission_user_create',
+                               'USER_PERMISSION_USER_EDIT'             => 'permission_user_edit',
+                               'USER_PERMISSION_USER_DELETE'           => 'permission_user_delete',
+                               );
+
        session_start();
 
        if (array_key_exists('lang-override', $_GET)) {
        $cstr = $type.':/etc/php-virt-control/'.$config;
 
        $db = getDBObject($cstr);
+       $db->init();
        if ($db->has_fatal_error()) {
                include('error-connection-db.php');
                exit;
        }
+
+       if (array_key_exists('action', $_GET) && ($_GET['action'] == 'logout')) {
+               unset($_SESSION['logged_in']);
+               unset($_SESSION['user_perms']);
+       }
+
+       if (!verify_user($db)) {
+               include('dialog-login.php');
+               exit;
+       }
 ?>
index d2deb0d..5f4416b 100644 (file)
                                        'network-generate-mac' => 'Vygenerovat novou MAC adresu',
                                        'network-remove-ok' => 'Síťové karta byla úspěšně odebrána. Změny se projeví po dalším restartu domény.',
                                        'network-remove-error' => 'Nelze odebrat síťovou kartu',
+                                       'login_page_title' => 'Přihlášení',
+                                       'login_enter_login' => 'Jméno:',
+                                       'login_enter_password' => 'Heslo:',
+                                       'login_submit' => 'Přihlásit',
+                                       'login_invalid' => 'Vaše přihlašovací údaje nejsou platné. Prosím zadejte správné údaje pro přihlášení',
+                                       'logout' => 'Odhlásit se',
+
+                                        'users' => 'Uživatelé',
+                                        'create-new-user' => 'Vytvořit nového uživatele',
+                                        'user_add' => 'Přidat uživatele',
+                                        'user_edit' => 'Editovat uživatele',
+                                        'user_del' => 'Smazat uživatele',
+                                        'user_del_confirm' => 'Skutečně si přejete daného uživatele smazat?',
+                                        'user_added' => 'Uživatel byl úspěšně přidán',
+                                        'user_edited' => 'Uživatelské informace byly úspěšně upraveny',
+                                        'user_deleted' => 'Uživatel byl úspěšně smazán',
+                                        'confirm_password' => 'Potvrzení hesla',
+                                        'permissions' => 'Oprávnění',
+                                        'permission_save_connection' => 'Uložit nastavení',
+                                        'permission_vm_create' => 'Vytvořit virtuální stroj',
+                                        'permission_vm_edit' => 'Upravit virtuální stroj',
+                                        'permission_vm_delete' => 'Smazat virtuální stroj',
+                                        'permission_network_create' => 'Vytvořit virtuální síť',
+                                        'permission_network_edit' => 'Upravit virtuální síť',
+                                        'permission_network_delete' => 'Smazat virtuální síť',
+                                        'permission_user_create' => 'Vytvořit nového uživatele',
+                                        'permission_user_edit' => 'Upravit stávajícího uživatele',
+                                        'permission_user_delete' => 'Smazat uživatele',
+                                        'user_add_btn' => 'Přidat uživatele',
+                                        'user_edit_btn' => 'Upravit uživatele',
+                                       'password_mismatch' => 'Heslo nebylo ověřeno',
                                        );
 ?>
index 0ea183d..9897fe9 100644 (file)
                                        'network-generate-mac' => 'Generate new MAC address',
                                        'network-remove-ok' => 'Network card has been removed successfully. Changes will take effect on next domain startup.',
                                        'network-remove-error' => 'Cannot remove disk',
+                                       'login_page_title' => 'Log-in',
+                                       'login_enter_login' => 'Login:',
+                                       'login_enter_password' => 'Password:',
+                                       'login_submit' => 'Login',
+                                       'login_invalid' => 'Your credentials are not valid. Please provide valid credentials',
+                                       'logout' => 'Logout',
+
+                                        'users' => 'Users',
+                                        'create-new-user' => 'Create a new user',
+                                        'user_add' => 'Add user',
+                                        'user_edit' => 'Edit user',
+                                        'user_del' => 'Delete user',
+                                        'user_del_confirm' => 'Do you really want to delete selected user?',
+                                        'user_added' => 'User has been successfully added',
+                                        'user_edited' => 'User information has been successfully changed',
+                                        'user_deleted' => 'User has been succesfully deleted',
+                                        'confirm_password' => 'Confirm password',
+                                        'permissions' => 'Permissions',
+                                        'permission_save_connection' => 'Save connection',
+                                        'permission_vm_create' => 'Create virtual machine',
+                                        'permission_vm_edit' => 'Edit virtual machine',
+                                        'permission_vm_delete' => 'Delete virtual machine',
+                                        'permission_network_create' => 'Create virtual network',
+                                        'permission_network_edit' => 'Edit virtual network',
+                                        'permission_network_delete' => 'Delete virtual network',
+                                        'permission_user_create' => 'Create user',
+                                        'permission_user_edit' => 'Edit user',
+                                        'permission_user_delete' => 'Delete user',
+                                        'user_add_btn' => 'Add user',
+                                        'user_edit_btn' => 'Edit user',
+                                       'password_mismatch' => 'Password mismatch',
                                        );
 ?>
index ab8e178..af7fa18 100644 (file)
@@ -3,6 +3,8 @@
     <a href="?"><?php echo $lang->get('main_menu') ?></a>
     | <a href="?page=domain-list"><?php echo $lang->get('domain_list') ?></a>
     | <a href="?page=network-list"><?php echo $lang->get('network_list') ?></a>
+    | <a href="?page=users"><?php echo $lang->get('users') ?></a>
     | <a href="?page=settings"><?php echo $lang->get('settings') ?></a>
     | <a href="?page=info"><?php echo $lang->get('info') ?></a>
+    | <a href="?action=logout"><?php echo $lang->get('logout') ?></a>
   </div>
index 292e37c..5ffba2d 100644 (file)
@@ -21,7 +21,7 @@
            $lang->get('dom_destroy_err').': '.$lv->get_last_error();
   }
 
-  if ($action == 'domain-undefine') {
+  if (($action == 'domain-undefine') && (verify_user($db, USER_PERMISSION_VM_DELETE))) {
     $name = $_GET['dom'];
     if ((!array_key_exists('confirmed', $_GET)) || ($_GET['confirmed'] != 1)) {
         $frm = '<div class="section">'.$lang->get('dom_undefine').'</div>
 <div class="section"><?php echo $lang->get('domain_list') ?></div>
 
 <table id="domain-list">
+<?php
+       if (verify_user($db, USER_PERMISSION_VM_CREATE)):
+?>
   <tr>
     <td colspan="2" align="left">
       <a href="?page=new-vm"><?php echo $lang->get('create-new-vm') ?></a>
     </td>
   </tr>
+<?php
+       endif;
+?>
   <tr>
     <th><?php echo $lang->get('name') ?></th>
     <th><?php echo $lang->get('arch') ?></th>
                                if (!$running) {
                                        $actions  = '<a href="?page='.$page.'&amp;action=domain-start&amp;dom='.$name.'">'.$lang->get('dom_start').'</a> | ';
                                        $actions .= '<a href="?page='.$page.'&amp;action=domain-dump&amp;dom='.$name.'">'.$lang->get('dom_dumpxml').'</a> | ';
-                                       $actions .= '<a href="?page='.$page.'&amp;action=domain-edit&amp;dom='.$name.'">'.$lang->get('dom_editxml').'</a> | ';
-                                       $actions .= '<a href="?page='.$page.'&amp;action=domain-undefine&amp;dom='.$name.'">'.$lang->get('dom_undefine').'</a> | ';
+                                       if (verify_user($db, USER_PERMISSION_VM_EDIT))
+                                               $actions .= '<a href="?page='.$page.'&amp;action=domain-edit&amp;dom='.$name.'">'.$lang->get('dom_editxml').'</a> | ';
+                                       if (verify_user($db, USER_PERMISSION_VM_DELETE))
+                                               $actions .= '<a href="?page='.$page.'&amp;action=domain-undefine&amp;dom='.$name.'">'.$lang->get('dom_undefine').'</a> | ';
 
                                        $actions[ strlen($actions) - 2 ] = ' ';
                                        $actions = Trim($actions);
 
                                echo "<tr>
                                                <td class=\"name\">
-                                                   <a href=\"?name=$name\">$name</a>
+                                       ";
+
+                               if (verify_user($db, USER_PERMISSION_VM_EDIT))
+                                       echo "
+                                                   <a href=\"?name=$name\">$name</a>";
+                               else
+                                       echo '<b><i>'.$name.'</i></b>';
+
+                               echo "
                                                </td>
                                                <td>$arch</td>
                                         <td>$cpu</td>
index 4de51f7..39dafec 100644 (file)
@@ -18,7 +18,7 @@
            $lang->get('net_stop_err').': '.$lv->get_last_error();
   }
 
-  if ($action == 'net-undefine') {
+  if (($action == 'net-undefine') && (verify_user($db, USER_PERMISSION_NETWORK_CREATE))){
     $name = $_GET['net'];
     if ((!array_key_exists('confirmed', $_GET)) || ($_GET['confirmed'] != 1)) {
         $frm = '<div class="section">'.$lang->get('net_undefine').'</div>
@@ -48,7 +48,7 @@
             </tr></form></table>';
   }
 
-  if ($action == 'net-editxml') {
+  if (($action == 'net-editxml') && (verify_user($db, USER_PERMISSION_NETWORK_EDIT))) {
     $name = $_GET['net'];
 
     if (array_key_exists('xmldesc', $_POST)) {
 <div class="section"><?php echo $lang->get('network_list') ?></div>
 
 <table id="domain-list">
+<?php
+       if (verify_user($db, USER_PERMISSION_NETWORK_CREATE)):
+?>
   <tr>
     <td colspan="2" align="left">
       <a href="?page=new-net"><?php echo $lang->get('create-new-network') ?></a>
     </td>
   </tr>
+<?php
+       endif;
+?>
   <tr>
     <th><?php echo $lang->get('name') ?></th>
     <th><?php echo $lang->get('net_ip') ?></th>
                                if (!$active) {
                                        $actions .= '<a href="?page='.$page.'&amp;action=net-start&amp;net='.$name.'">'.$lang->get('net_start').'</a> | ';
                                        $actions .= '<a href="?page='.$page.'&amp;action=net-dumpxml&amp;net='.$name.'">'.$lang->get('net_dumpxml').'</a> | ';
-                                       $actions .= '<a href="?page='.$page.'&amp;action=net-editxml&amp;net='.$name.'">'.$lang->get('net_editxml').'</a> | ';
-                                       $actions .= '<a href="?page='.$page.'&amp;action=net-undefine&amp;net='.$name.'">'.$lang->get('net_undefine').'</a> | ';
+                                       if (verify_user($db, USER_PERMISSION_NETWORK_EDIT))
+                                               $actions .= '<a href="?page='.$page.'&amp;action=net-editxml&amp;net='.$name.'">'.$lang->get('net_editxml').'</a> | ';
+                                       if (verify_user($db, USER_PERMISSION_NETWORK_DELETE))
+                                               $actions .= '<a href="?page='.$page.'&amp;action=net-undefine&amp;net='.$name.'">'.$lang->get('net_undefine').'</a> | ';
 
                                        $actions[ strlen($actions) - 2 ] = ' ';
                                        $actions = Trim($actions);
index 340b611..d604db0 100644 (file)
@@ -1,4 +1,7 @@
 <?php
+       if (!verify_user($db, USER_PERMISSION_NETWORK_CREATE))
+               exit;
+
   $skip = false;
   $msg = false;
 
index 0a69759..6f38c73 100644 (file)
@@ -1,4 +1,7 @@
 <?php
+       if (!verify_user($db, USER_PERMISSION_VM_CREATE))
+               exit;
+
   $skip = false;
   $msg = false;
   if (array_key_exists('sent', $_POST)) {
index 905fec0..208f04b 100644 (file)
       <input type="text" name="lvclogging" value="<?php echo $lg ?>" title="<?php echo $lang->get('empty_disable_log') ?>" />
     </td>
   </tr>
+<?php
+       if (verify_user($db, USER_PERMISSION_SAVE_CONNECTION)):
+?>
   <tr>
     <th colspan="2"><?php echo $lang->get('save_conn') ?></th>
   </tr>
       <input type="text" name="lvcname" value="<?php echo $nm ?>" title="<?php echo $lang->get('empty_disable_save') ?>" />
     </td>
   </tr>
+<?php
+       endif;
+?>
   <tr align="center">
     <td colspan="2">
       <input type="submit" value=" <?php echo $lang->get('connect_new') ?> " />
diff --git a/pages/users.php b/pages/users.php
new file mode 100644 (file)
index 0000000..df7d7b4
--- /dev/null
@@ -0,0 +1,244 @@
+<?php
+       $skip = false;
+       $p_user = array_key_exists('user', $_POST) ? $_POST['user'] : false;
+       $p_perms= array_key_exists('perm', $_POST) ? $_POST['perm'] : array();
+       $action = array_key_exists('action', $_GET) ? $_GET['action'] : false;
+
+       $tmp = explode("\n", base64_decode($_SESSION['logged_in']));
+       $user = $tmp[0];
+
+       $myId = false;
+       $tmp = $db->get_users();
+       for ($i = 0; $i < sizeof($tmp); $i++) {
+               if ($tmp[$i]['name'] == $user)
+                       $myId = $tmp[$i]['id'];
+       }
+
+       $uid = array_key_exists('user_id', $_GET) ? $_GET['user_id'] : false;
+
+       if ((($action == 'new') && (verify_user($db, USER_PERMISSION_USER_CREATE)))
+               || ((($action == 'edit') && (verify_user($db, USER_PERMISSION_USER_EDIT))) || ($uid == $myId))):
+               $skip = true;
+               $skip_add_dlg = false;
+               if (array_key_exists('user', $_POST)) {
+                       if ($_POST['password'] != $_POST['password2']) {
+                               echo '<div id="msg">'.$lang->get('msg').': '.$lang->get('password_mismatch').'</div>';
+                       }
+                       else {
+                               $perms = 0;
+                               while (list($key, $val) = each($user_permissions)) {
+                                       if (in_array($key, $p_perms))
+                                               eval('$perms |= '.$key.';');
+                               }
+
+                               reset($user_permissions);
+
+                               if (!verify_user($db, USER_PERMISSION_USER_EDIT))
+                                       $perms = false;
+
+                               $skip_add_dlg = true;
+                               if ($action == 'new') {
+                                       if ($db->user_add($_POST['user'], $_POST['password'], $perms))
+                                               $msg = $lang->get('user_added');
+                                       else
+                                               $msg = $lang->get('error');
+                               }
+                               else {
+                                       if ($db->user_edit($_GET['user_id'], $_POST['user'], $_POST['password'], $perms))
+                                               $msg = $lang->get('user_edited');
+                                       else
+                                               $msg = $lang->get('error');
+                               }
+
+                               echo '<div id="msg">'.$lang->get('msg').': '.$msg.'</div>';
+                       }
+               }
+
+               if (!$skip_add_dlg):
+                       $ident = ($action == 'new') ? 'user_add' : 'user_edit';
+
+                       if ($action == 'edit') {
+                               $tmp = $db->get_users();
+
+                               for ($i = 0; $i < sizeof($tmp); $i++) {
+                                       if ($tmp[$i]['id'] == $_GET['user_id']) {
+                                               $p_user = $tmp[$i]['name'];
+                                               $perms = $tmp[$i]['permissions'];
+
+                                               $p_perms = array();
+                                               while (list($key, $val) = each($user_permissions))
+                                                       eval('if ($perms & '.$key.') $p_perms[] = "'.$key.'";');
+
+                                               reset($user_permissions);
+                                       }
+                               }
+                       }
+?>
+<div id="content">
+
+<div class="section"><?php echo $lang->get($ident) ?></div>
+
+<form method="POST">
+
+<div class="item">
+        <div class="label"><?php echo $lang->get('user') ?></div>
+        <div class="value"><input type="text" name="user" value="<?php echo $p_user ?>" /></div>
+        <div class="nl">
+</div>
+
+<div class="item">
+        <div class="label"><?php echo $lang->get('password') ?></div>
+        <div class="value"><input type="password" name="password" /></div>
+        <div class="nl">
+</div>
+
+<div class="item">
+        <div class="label"><?php echo $lang->get('confirm_password') ?></div>
+        <div class="value"><input type="password" name="password2" /></div>
+        <div class="nl">
+</div>
+
+<div class="item">
+        <div class="label"><?php echo $lang->get('permissions') ?></div>
+        <div class="value">
+<?php
+       $readonly_perms = (!verify_user($db, USER_PERMISSION_USER_EDIT)) ? 'disabled="disabled"' : '';
+
+       while (list($key, $value) = each($user_permissions)) {
+               $val = in_array($key, $p_perms) ? 'checked="checked"' : '';
+               echo "<input type=\"checkbox\" name=\"perm[]\" value=\"$key\" $val $readonly_perms/> ".$lang->get($value)."<br />";
+       }
+?>
+       </div>
+        <div class="nl">
+</div>
+
+<div class="item">
+        <div class="label">&nbsp;</div>
+       <div class="value">
+               <br />
+               <input type="submit" value=" <?php echo $lang->get($ident.'_btn') ?>" />
+       </div>
+</div>
+
+</form>
+
+<?php
+               endif;
+       elseif ($action == 'del'):
+               $tmp = $db->get_users();
+               for ($i = 0; $i < sizeof($tmp); $i++) {
+                       if ($tmp[$i]['id'] == $_GET['user_id'])
+                               $name = $tmp[$i]['name'];
+               }
+
+               if (array_key_exists('confirmed', $_GET) && $_GET['confirmed']):
+                       if ($db->user_del($_GET['user_id'], $name))
+                               $msg = $lang->get('user_deleted');
+                       else
+                               $msg = $lang->get('error');
+
+               echo '<div id="msg">'.$lang->get('msg').': '.$msg.'</div>';
+               else:
+?>
+
+<div id="content">
+
+<div class="section"><?php echo $lang->get('user_del') ?></div>
+<table id="form-table">
+       <tr>
+               <td colspan="3"><?php echo $lang->get('user_del_confirm').'.'. $lang->get('user').': '.$name ?></u></td>
+       </tr>
+       <tr align="center">
+               <td><a href="<?php echo $_SERVER['REQUEST_URI'] ?>&amp;confirmed=1"><?php echo $lang->get('Yes') ?></a></td>
+                  <td><a href="?page=<?php echo $page ?>"><?php echo $lang->get('No') ?></a></td>
+               </td>
+       </tr>
+</table>
+<?php
+               endif;
+       endif;
+
+       function translate_permissions($perms) {
+               global $lang;
+
+               $str = array();
+               if ($perms & USER_PERMISSION_SAVE_CONNECTION)
+                       $str[] = $lang->get('permission_save_connection');
+               if ($perms & USER_PERMISSION_VM_CREATE)
+                       $str[] = $lang->get('permission_vm_create');
+               if ($perms & USER_PERMISSION_VM_EDIT)
+                       $str[] = $lang->get('permission_vm_edit');
+               if ($perms & USER_PERMISSION_VM_DELETE)
+                       $str[] = $lang->get('permission_vm_delete');
+               if ($perms & USER_PERMISSION_NETWORK_CREATE)
+                       $str[] = $lang->get('permission_network_create');
+               if ($perms & USER_PERMISSION_NETWORK_EDIT)
+                       $str[] = $lang->get('permission_network_edit');
+               if ($perms & USER_PERMISSION_NETWORK_DELETE)
+                       $str[] = $lang->get('permission_network_delete');
+               if ($perms & USER_PERMISSION_USER_CREATE)
+                       $str[] = $lang->get('permission_user_create');
+               if ($perms & USER_PERMISSION_USER_EDIT)
+                       $str[] = $lang->get('permission_user_edit');
+               if ($perms & USER_PERMISSION_USER_DELETE)
+                       $str[] = $lang->get('permission_user_delete');
+
+               if (empty($str))
+                       return '-';
+
+               return implode(', ', $str);
+       }
+
+       if (!$skip):
+?>
+<div id="content">
+
+<div class="section"><?php echo $lang->get('users') ?></div>
+
+<table id="domain-list">
+<?php
+       if (verify_user($db, USER_PERMISSION_USER_CREATE)):
+?>
+  <tr>
+    <td>
+      <a href="?page=users&amp;action=new"><?php echo $lang->get('create-new-user') ?></a>
+    </td>
+  </tr>
+<?php
+       endif;
+?>
+  <tr>
+    <th><?php echo $lang->get('user') ?></th>
+    <th><?php echo $lang->get('permissions') ?></th>
+    <th><?php echo $lang->get('action') ?></th>
+  </tr>
+<?php
+       $users = $db->get_users();
+       for ($i = 0; $i < sizeof($users); $i++):
+
+               $ok = (($users[$i]['name'] == $user) || (verify_user($db, USER_PERMISSION_USER_EDIT) || verify_user($db, USER_PERMISSION_USER_DELETE)));
+               if ($ok):
+?>
+  <tr>
+    <td><?php echo $users[$i]['name'] ?></td>
+    <td><?php echo translate_permissions($users[$i]['permissions']) ?></td>
+    <td>
+       <a href="?page=users&amp;action=edit&amp;user_id=<?php echo $users[$i]['id'] ?>">
+               <?php echo $lang->get('user_edit') ?>
+       </a>
+       <a href="?page=users&amp;action=del&amp;user_id=<?php echo $users[$i]['id'] ?>">
+               <?php echo $lang->get('user_del') ?>
+       </a>
+    </td>
+  </tr>
+<?php
+               endif;
+       endfor;
+?>
+</table>
+
+</div>
+<?php
+       endif;
+?>
index 32062aa..326e09c 100644 (file)
@@ -1,6 +1,6 @@
 Name:          php-virt-control
-Version:       0.0.2
-Release:       3%{?dist}%{?extra_release}
+Version:       0.0.3
+Release:       1%{?dist}%{?extra_release}
 Summary:       PHP-based virtual machine control tool
 Group:         Applications/Internet
 License:       GPLv3
@@ -77,6 +77,9 @@ rm -rf %{buildroot}
 %{_datadir}/%{name}/
 
 %changelog
+* Mon Dec 05 2011 Michal Novotny <minovotn@redhat.com> - 0.0.3
+- Implement the user administration and access permissions
+
 * Sat Oct 01 2011 Michal Novotny <minovotn@redhat.com> - 0.0.2-3
 - Fixes for Fedora-15 and policy kit