diff options
| author | xzilla | 2006-12-28 04:26:55 +0000 |
|---|---|---|
| committer | xzilla | 2006-12-28 04:26:55 +0000 |
| commit | 071527949938a7b30a27ddd1f4a5f573fcfd1e37 (patch) | |
| tree | a644dbde81d839d8e453f26d86eea5e26e935a28 | |
| parent | 84cd8eb37ffdfc9619add9cf4849bd7f2ba76264 (diff) | |
add roles patch from Javier Carlos
| -rw-r--r-- | classes/Misc.php | 32 | ||||
| -rw-r--r-- | classes/database/Postgres81.php | 319 | ||||
| -rw-r--r-- | help/PostgresDoc81.php | 4 | ||||
| -rwxr-xr-x | lang/english.php | 29 | ||||
| -rw-r--r-- | lang/recoded/english.php | 21 | ||||
| -rw-r--r-- | roles.php | 665 | ||||
| -rw-r--r-- | themes/default/global.css | 13 |
7 files changed, 1007 insertions, 76 deletions
diff --git a/classes/Misc.php b/classes/Misc.php index 61ca2c53..4e38e953 100644 --- a/classes/Misc.php +++ b/classes/Misc.php @@ -2,7 +2,7 @@ /** * Class to hold various commonly used functions * - * $Id: Misc.php,v 1.136 2006/11/01 00:49:31 xzilla Exp $ + * $Id: Misc.php,v 1.137 2006/12/28 04:26:55 xzilla Exp $ */ class Misc { @@ -909,6 +909,20 @@ 'icon' => 'Definition', ), ); + + case 'role': + return array ( + 'definition' => array ( + 'title' => $lang['strdefinition'], + 'url' => 'roles.php', + 'urlvars' => array( + 'subject' => 'role', + 'rolename' => field('rolename'), + 'action' => 'properties', + ), + 'icon' => 'Definition', + ), + ); case 'popup': return array ( @@ -987,9 +1001,10 @@ */ function getLastTabURL($section) { global $data; - + switch ($section) { case 'database': + case 'role': case 'schema': if ($data->hasSchemas() === false) { $section = 'database'; @@ -999,7 +1014,7 @@ default: $tabs = $this->getNavTabs($section); } - + if (isset($_SESSION['webdbLastTab'][$section]) && isset($tabs[$_SESSION['webdbLastTab'][$section]])) $tab = $tabs[$_SESSION['webdbLastTab'][$section]]; else @@ -1155,8 +1170,17 @@ 'help' => 'pg.database', 'icon' => 'Database' ); + } elseif (isset($_REQUEST['rolename']) && !$done) { + $vars .= "subject=role&action=properties&rolename=".urlencode($_REQUEST['rolename']); + $trail['role'] = array( + 'title' => $lang['strrole'], + 'text' => $_REQUEST['rolename'], + 'url' => "redirect.php?{$vars}", + 'help' => 'pg.role', + 'icon' => 'Roles' + ); } - if ($subject == 'database') $done = true; + if ($subject == 'database' || $subject == 'role') $done = true; if (isset($_REQUEST['schema']) && !$done) { $vars .= 'schema='.urlencode($_REQUEST['schema']).'&'; diff --git a/classes/database/Postgres81.php b/classes/database/Postgres81.php index 2192b480..fc654b77 100644 --- a/classes/database/Postgres81.php +++ b/classes/database/Postgres81.php @@ -3,7 +3,7 @@ /** * PostgreSQL 8.1 support * - * $Id: Postgres81.php,v 1.11 2006/09/28 13:04:00 xzilla Exp $ + * $Id: Postgres81.php,v 1.12 2006/12/28 04:26:55 xzilla Exp $ */ include_once('./classes/database/Postgres80.php'); @@ -128,43 +128,32 @@ class Postgres81 extends Postgres80 { } // Roles - - /** - * Changes a role's password - * @param $rolename The rolename - * @param $password The new password - * @return 0 success - */ - function changePassword($rolename, $password) { - $enc = $this->_encryptPassword($rolename, $password); - $this->fieldClean($rolename); - $this->clean($enc); - $sql = "ALTER ROLE \"{$rolename}\" WITH ENCRYPTED PASSWORD '{$enc}'"; - - return $this->execute($sql); - } - /** * Returns all roles in the database cluster + * @param $rolename (optional) The roleme to exclude from the select * @return All roles */ - function getRoles() { - $sql = "SELECT * FROM pg_catalog.pg_roles ORDER BY rolname"; - + function getRoles($rolename = '') { + $sql = 'SELECT rolname, rolsuper, rolcreatedb, rolcreaterole, rolinherit, rolcanlogin, rolconnlimit, rolvaliduntil, + rolconfig FROM pg_catalog.pg_roles'; + if($rolename) $sql .= " WHERE rolname!='{$rolename}'"; + $sql .= ' ORDER BY rolname'; + return $this->selectSet($sql); } /** * Returns information about a single role - * @param $rolename The username of the role to retrieve + * @param $rolename The rolename of the role to retrieve * @return The role's data */ function getRole($rolename) { $this->clean($rolename); - $sql = "SELECT * FROM pg_catalog.pg_roles WHERE rolname='{$rolename}'"; - + $sql = "SELECT rolname, rolsuper, rolcreatedb, rolcreaterole, rolinherit, rolcanlogin, rolconnlimit, rolvaliduntil, + rolconfig FROM pg_catalog.pg_roles WHERE rolname='{$rolename}'"; + return $this->selectSet($sql); } @@ -172,90 +161,299 @@ class Postgres81 extends Postgres80 { * Creates a new role * @param $rolename The rolename of the role to create * @param $password A password for the role - * @param $createdb boolean Whether or not the role can create databases - * @param $createrole boolean Whether or not the role can create other roles - * @param $expiry string Format 'YYYY-MM-DD HH:MM:SS'. '' means never expire - * @param $group (array) The groups to create the role in + * @param $superuser Boolean whether or not the role is a superuser + * @param $createdb Boolean whether or not the role can create databases + * @param $createrole Boolean whether or not the role can create other roles + * @param $inherits Boolean whether or not the role inherits the privileges from parent roles + * @param $login Boolean whether or not the role will be allowed to login + * @param $connlimit Number of concurrent connections the role can make + * @param $expiry String Format 'YYYY-MM-DD HH:MM:SS'. '' means never expire + * @param $memberof (array) Roles to which the new role will be immediately added as a new member + * @param $members (array) Roles which are automatically added as members of the new role + * @param $adminmembers (array) Roles which are automatically added as admin members of the new role * @return 0 success */ - function createRole($rolename, $password, $createdb, $super, $createrole, $inherits, $login, $expiry, $conn, $roles) { + function createRole($rolename, $password, $superuser, $createdb, $createrole, $inherits, $login, $connlimit, $expiry, $memberof, $members, $adminmembers) { $enc = $this->_encryptPassword($rolename, $password); $this->fieldClean($rolename); + $this->clean($enc); + $this->clean($connlimit); $this->clean($expiry); - $this->clean($conn); - $this->fieldArrayClean($roles); + $this->fieldArrayClean($memberof); + $this->fieldArrayClean($members); + $this->fieldArrayClean($adminmembers); $sql = "CREATE ROLE \"{$rolename}\""; if ($password != '') $sql .= " WITH ENCRYPTED PASSWORD '{$enc}'"; + $sql .= ($superuser) ? ' SUPERUSER' : ' NOSUPERUSER'; $sql .= ($createdb) ? ' CREATEDB' : ' NOCREATEDB'; $sql .= ($createrole) ? ' CREATEROLE' : ' NOCREATEROLE'; - $sql .= ($super) ? ' SUPERUSER' : ' NOSUPERUSER'; $sql .= ($inherits) ? ' INHERIT' : ' NOINHERIT'; $sql .= ($login) ? ' LOGIN' : ' NOLOGIN'; - if ($conn != '') $sql .= " CONNECTION LIMIT {$conn}"; - if (is_array($roles) && sizeof($roles) > 0) $sql .= " IN ROLE \"" . join('", "', $roles) . "\""; - if ($expiry != '') $sql .= " VALID UNTIL '{$expiry}'"; - + if ($connlimit != '') $sql .= " CONNECTION LIMIT {$connlimit}"; else $sql .= ' CONNECTION LIMIT -1'; + if ($expiry != '') $sql .= " VALID UNTIL '{$expiry}'"; else $sql .= " VALID UNTIL 'infinity'"; + if (is_array($memberof) && sizeof($memberof) > 0) $sql .= ' IN ROLE "' . join('", "', $memberof) . '"'; + if (is_array($members) && sizeof($members) > 0) $sql .= ' ROLE "' . join('", "', $members) . '"'; + if (is_array($adminmembers) && sizeof($adminmembers) > 0) $sql .= ' ADMIN "' . join('", "', $adminmembers) . '"'; + return $this->execute($sql); } /** + * Removes a role + * @param $rolename The rolename of the role to drop + * @return 0 success + */ + function dropRole($rolename) { + $this->fieldClean($rolename); + + $sql = "DROP ROLE \"{$rolename}\""; + + return $this->execute($sql); + } + + /** + * Adjusts a role's info and renames it + * @param $rolename The rolename of the role to create + * @param $password A password for the role + * @param $superuser Boolean whether or not the role is a superuser + * @param $createdb Boolean whether or not the role can create databases + * @param $createrole Boolean whether or not the role can create other roles + * @param $inherits Boolean whether or not the role inherits the privileges from parent roles + * @param $login Boolean whether or not the role will be allowed to login + * @param $connlimit Number of concurrent connections the role can make + * @param $expiry string Format 'YYYY-MM-DD HH:MM:SS'. '' means never expire + * @param $memberof (array) Roles to which the role will be immediately added as a new member + * @param $members (array) Roles which are automatically added as members of the role + * @param $adminmembers (array) Roles which are automatically added as admin members of the role + * @param $memberofold (array) Original roles whose the role belongs to + * @param $membersold (array) Original roles that are members of the role + * @param $adminmembersold (array) Original roles that are admin members of the role + * @param $newrolename The new name of the role + * @return 0 success + * @return -1 transaction error + * @return -2 set role attributes error + * @return -3 rename error + */ + function setRenameRole($rolename, $password, $superuser, $createdb, $createrole, $inherits, $login, $connlimit, $expiry, $memberof, $members, $adminmembers, $memberofold, $membersold, $adminmembersold, $newrolename) { + + $status = $this->beginTransaction(); + if ($status != 0) return -1; + + $status = $this->setRole($rolename, $password, $superuser, $createdb, $createrole, $inherits, $login, $connlimit, $expiry, $memberof, $members, $adminmembers, $memberofold, $membersold, $adminmembersold); + if ($status != 0) { + $this->rollbackTransaction(); + return -2; + } + + if ($rolename != $newrolename){ + $status = $this->renameRole($rolename, $newrolename); + if ($status != 0) { + $this->rollbackTransaction(); + return -3; + } + } + + return $this->endTransaction(); + } + + /** * Adjusts a role's info - * @param $rolename The rolename of the role to modify - * @param $password A new password for the role - * @param $createdb boolean Whether or not the role can create databases - * @param $createrole boolean Whether or not the role can create other roles - * @param $inherit Inherits privs from parent role or not. - * @param $login Can login or not - * @param $expiry string Format 'YYYY-MM-DD HH:MM:SS'. '' means never expire. + * @param $rolename The rolename of the role to create + * @param $password A password for the role + * @param $superuser Boolean whether or not the role is a superuser + * @param $createdb Boolean whether or not the role can create databases + * @param $createrole Boolean whether or not the role can create other roles + * @param $inherits Boolean whether or not the role inherits the privileges from parent roles + * @param $login Boolean whether or not the role will be allowed to login + * @param $connlimit Number of concurrent connections the role can make + * @param $expiry string Format 'YYYY-MM-DD HH:MM:SS'. '' means never expire + * @param $memberof (array) Roles to which the role will be immediately added as a new member + * @param $members (array) Roles which are automatically added as members of the role + * @param $adminmembers (array) Roles which are automatically added as admin members of the role + * @param $memberofold (array) Original roles whose the role belongs to + * @param $membersold (array) Original roles that are members of the role + * @param $adminmembersold (array) Original roles that are admin members of the role * @return 0 success */ - function setRole($rolename, $password, $createdb, $createrole, $inherit, $login, $expiry) { + function setRole($rolename, $password, $superuser, $createdb, $createrole, $inherits, $login, $connlimit, $expiry, $memberof, $members, $adminmembers, $memberofold, $membersold, $adminmembersold) { $enc = $this->_encryptPassword($rolename, $password); $this->fieldClean($rolename); + $this->clean($enc); + $this->clean($connlimit); $this->clean($expiry); - + $this->fieldArrayClean($memberof); + $this->fieldArrayClean($members); + $this->fieldArrayClean($adminmembers); + $sql = "ALTER ROLE \"{$rolename}\""; if ($password != '') $sql .= " WITH ENCRYPTED PASSWORD '{$enc}'"; + $sql .= ($superuser) ? ' SUPERUSER' : ' NOSUPERUSER'; $sql .= ($createdb) ? ' CREATEDB' : ' NOCREATEDB'; $sql .= ($createrole) ? ' CREATEROLE' : ' NOCREATEROLE'; - $sql .= ($inherit) ? ' INHERIT' : ' NOINHERIT'; + $sql .= ($inherits) ? ' INHERIT' : ' NOINHERIT'; $sql .= ($login) ? ' LOGIN' : ' NOLOGIN'; - if ($expiry != '') $sql .= " VALID UNTIL '{$expiry}'"; - else $sql .= " VALID UNTIL 'infinity'"; + if ($connlimit != '') $sql .= " CONNECTION LIMIT {$connlimit}"; else $sql .= ' CONNECTION LIMIT -1'; + if ($expiry != '') $sql .= " VALID UNTIL '{$expiry}'"; else $sql .= " VALID UNTIL 'infinity'"; - return $this->execute($sql); + $status = $this->execute($sql); + + if ($status != 0) return -1; + + //memberof + $old = explode(',', $memberofold); + foreach ($memberof as $m) { + if (!in_array($m, $old)) { + $status = $this->grantRole($m, $rolename); + if ($status != 0) return -1; + } + } + if($memberofold) + { + foreach ($old as $o) { + if (!in_array($o, $memberof)) { + $status = $this->revokeRole($o, $rolename, 0, 'CASCADE'); + if ($status != 0) return -1; + } + } + } + + //members + $old = explode(',', $membersold); + foreach ($members as $m) { + if (!in_array($m, $old)) { + $status = $this->grantRole($rolename, $m); + if ($status != 0) return -1; + } + } + if($membersold) + { + foreach ($old as $o) { + if (!in_array($o, $members)) { + $status = $this->revokeRole($rolename, $o, 0, 'CASCADE'); + if ($status != 0) return -1; + } + } + } + + //adminmembers + $old = explode(',', $adminmembersold); + foreach ($adminmembers as $m) { + if (!in_array($m, $old)) { + $status = $this->grantRole($rolename, $m, 1); + if ($status != 0) return -1; + } + } + if($adminmembersold) + { + foreach ($old as $o) { + if (!in_array($o, $adminmembers)) { + $status = $this->revokeRole($rolename, $o, 1, 'CASCADE'); + if ($status != 0) return -1; + } + } + } + + return $status; } /** - * Removes a role - * @param $rolename The rolename of the role to drop + * Renames a role + * @param $rolename The rolename of the role to rename + * @param $newrolename The new name of the role * @return 0 success */ - function dropRole($rolename) { + function renameRole($rolename, $newrolename){ $this->fieldClean($rolename); + $this->fieldClean($newrolename); + + $sql = "ALTER ROLE \"{$rolename}\" RENAME TO \"{$newrolename}\""; - $sql = "DROP ROLE \"{$rolename}\""; - return $this->execute($sql); } /** - * Renames a user - * @param $username The username of the user to rename - * @param $newname The new name of the user + * Grants membership in a role + * @param $role The name of the target role + * @param $rolename The name of the role that will belong to the target role + * @param $admin (optional) Flag to grant the admin option + * @return 0 success + */ + function grantRole($role, $rolename, $admin=0) { + $this->fieldClean($role); + $this->fieldClean($rolename); + + $sql = "GRANT \"{$role}\" TO \"{$rolename}\""; + if($admin == 1) $sql .= ' WITH ADMIN OPTION'; + + return $this->execute($sql); + } + + /** + * Revokes membership in a role + * @param $role The name of the target role + * @param $rolename The name of the role that will not belong to the target role + * @param $admin (optional) Flag to revoke only the admin option + * @param $type (optional) Type of revoke: RESTRICT | CASCADE * @return 0 success */ - function renameUser($username, $newname){ - $this->fieldClean($username); - $this->fieldClean($newname); + function revokeRole($role, $rolename, $admin = 0, $type = 'RESTRICT') { + $this->fieldClean($role); + $this->fieldClean($rolename); - $sql = "ALTER USER \"{$username}\" RENAME TO \"{$newname}\""; + $sql = "REVOKE "; + if($admin == 1) $sql .= 'ADMIN OPTION FOR '; + $sql .= "\"{$role}\" FROM \"{$rolename}\" {$type}"; return $this->execute($sql); } /** + * Changes a role's password + * @param $rolename The rolename + * @param $password The new password + * @return 0 success + */ + function changePassword($rolename, $password) { + $enc = $this->_encryptPassword($rolename, $password); + $this->fieldClean($rolename); + $this->clean($enc); + + $sql = "ALTER ROLE \"{$rolename}\" WITH ENCRYPTED PASSWORD '{$enc}'"; + + return $this->execute($sql); + } + + /** + * Returns all rolenames which the role belongs to + * @param $rolename The rolename + * @return All rolenames + */ + function getMemberOf($rolename) { + $this->clean($rolname); + + $sql = "SELECT rolname FROM pg_catalog.pg_roles R, pg_auth_members M WHERE R.oid=M.roleid + AND member IN (SELECT oid FROM pg_catalog.pg_roles WHERE rolname='{$rolename}') ORDER BY rolname"; + + return $this->selectSet($sql); + } + + /** + * Returns all rolenames that are members of a role + * @param $rolename The rolename + * @param $admin (optional) Find only admin members + * @return All rolenames + */ + function getMembers($rolename, $admin = 'f') { + $this->clean($rolname); + + $sql = "SELECT rolname FROM pg_catalog.pg_roles R, pg_auth_members M WHERE R.oid=M.member AND admin_option='{$admin}' + AND roleid IN (SELECT oid FROM pg_catalog.pg_roles WHERE rolname='{$rolename}') ORDER BY rolname"; + + return $this->selectSet($sql); + } + + /** * Returns all available process information. * @return A recordset */ @@ -266,7 +464,6 @@ class Postgres81 extends Postgres80 { return $this->selectSet($sql); } - /** * Enables a trigger * @param $tgname The name of the trigger to enable diff --git a/help/PostgresDoc81.php b/help/PostgresDoc81.php index 8b1fa109..29307e37 100644 --- a/help/PostgresDoc81.php +++ b/help/PostgresDoc81.php @@ -3,7 +3,7 @@ /** * Help links for PostgreSQL 8.1 documentation * - * $Id: PostgresDoc81.php,v 1.2 2006/04/21 03:31:26 chriskl Exp $ + * $Id: PostgresDoc81.php,v 1.3 2006/12/28 04:26:55 xzilla Exp $ */ include('./help/PostgresDoc80.php'); @@ -12,7 +12,7 @@ $this->help_base = sprintf($GLOBALS['conf']['help_base'], '8.1'); $this->help_page['pg.role'] = 'user-manag.html'; $this->help_page['pg.role.create'] = array('sql-createrole.html','user-manag.html#DATABASE-ROLES'); -$this->help_page['pg.role.alter'] = array('sql-alterrole.html','user-attributes.html'); +$this->help_page['pg.role.alter'] = array('sql-alterrole.html','role-attributes.html'); $this->help_page['pg.role.drop'] = array('sql-droprole.html','user-manag.html#DATABASE-ROLES'); ?> diff --git a/lang/english.php b/lang/english.php index 201f659d..e56a699e 100755 --- a/lang/english.php +++ b/lang/english.php @@ -4,7 +4,7 @@ * English language file for phpPgAdmin. Use this as a basis * for new translations. * - * $Id: english.php,v 1.197 2006/09/30 17:30:56 xzilla Exp $ + * $Id: english.php,v 1.198 2006/12/28 04:26:55 xzilla Exp $ */ // Language and character set @@ -269,6 +269,8 @@ $lang['strgroupdropped'] = 'Group dropped.'; $lang['strgroupdroppedbad'] = 'Group drop failed.'; $lang['strmembers'] = 'Members'; + $lang['strmemberof'] = 'Member of'; + $lang['stradminmembers'] = 'Admin members'; $lang['straddmember'] = 'Add member'; $lang['strmemberadded'] = 'Member added.'; $lang['strmemberaddedbad'] = 'Member add failed.'; @@ -276,19 +278,33 @@ $lang['strconfdropmember'] = 'Are you sure you want to drop the member "%s" from the group "%s"?'; $lang['strmemberdropped'] = 'Member dropped.'; $lang['strmemberdroppedbad'] = 'Member drop failed.'; - + // Roles $lang['strrole'] = 'Role'; $lang['strroles'] = 'Roles'; + $lang['strrolename'] = 'Rolename'; + $lang['strshowallroles'] = 'Show all roles'; $lang['strinheritsprivs'] = 'Inherits privileges?'; $lang['strcreaterole'] = 'Create role'; + $lang['strcancreaterole'] = 'Create role?'; + $lang['strrolecreated'] = 'Role created.'; + $lang['strrolecreatedbad'] = 'Create role failed.'; + $lang['stralterrole'] = 'Alter role'; + $lang['strroleupdated'] = 'Role updated.'; + $lang['strroleupdatedbad'] = 'Role update failed.'; $lang['strcatupdate'] = 'Modify catalogs?'; $lang['strcanlogin'] = 'Can login?'; + $lang['strconnlimit'] = 'Connection limit'; + $lang['strdroprole'] = 'Drop role'; $lang['strmaxconnections'] = 'Max connections'; - $lang['strconfdroprole'] = 'Are you sure you want to drop the role "%s"?'; + $lang['strconfdroprole'] = 'Are you sure you want to drop the role "%s"?'; $lang['strroledropped'] = 'Role dropped.'; - $lang['strroledroppedbad'] = 'Failed to drop role.'; - + $lang['strroledroppedbad'] = 'Role drop failed.'; + $lang['strnoroles'] = 'No roles found.'; + $lang['strnolimit'] = 'No limit'; + $lang['strnever'] = 'Never'; + $lang['strroleneedsname'] = 'You must give a name for the role.'; + // Privileges $lang['strprivilege'] = 'Privilege'; $lang['strprivileges'] = 'Privileges'; @@ -669,7 +685,8 @@ $lang['straggrffunc'] = 'Final function'; $lang['straggrinitcond'] = 'Initial condition'; $lang['straggrsortop'] = 'Sort operator'; - $lang['strconfdropaggregate'] = 'Are you sure you want to drop the aggregate "%s"?'; + $lang['strdropaggregate'] = 'Drop aggregate'; + $lang['strconfdropaggregate'] = 'Are you sure you want to drop the aggregate "%s"?'; $lang['straggregatedropped'] = 'Aggregate dropped.'; $lang['straggregatedroppedbad'] = 'Aggregate drop failed.'; $lang['stralteraggregate'] = 'Alter aggregate'; diff --git a/lang/recoded/english.php b/lang/recoded/english.php index 903e6fac..fe28ba4d 100644 --- a/lang/recoded/english.php +++ b/lang/recoded/english.php @@ -4,7 +4,7 @@ * English language file for phpPgAdmin. Use this as a basis * for new translations. * - * $Id: english.php,v 1.150 2006/09/30 17:30:56 xzilla Exp $ + * $Id: english.php,v 1.151 2006/12/28 04:26:55 xzilla Exp $ */ // Language and character set @@ -269,6 +269,8 @@ $lang['strgroupdropped'] = 'Group dropped.'; $lang['strgroupdroppedbad'] = 'Group drop failed.'; $lang['strmembers'] = 'Members'; + $lang['strmemberof'] = 'Member of'; + $lang['stradminmembers'] = 'Admin members'; $lang['straddmember'] = 'Add member'; $lang['strmemberadded'] = 'Member added.'; $lang['strmemberaddedbad'] = 'Member add failed.'; @@ -280,14 +282,28 @@ // Roles $lang['strrole'] = 'Role'; $lang['strroles'] = 'Roles'; + $lang['strrolename'] = 'Rolename'; + $lang['strshowallroles'] = 'Show all roles'; $lang['strinheritsprivs'] = 'Inherits privileges?'; $lang['strcreaterole'] = 'Create role'; + $lang['strcancreaterole'] = 'Create role?'; + $lang['strrolecreated'] = 'Role created.'; + $lang['strrolecreatedbad'] = 'Create role failed.'; + $lang['stralterrole'] = 'Alter role'; + $lang['strroleupdated'] = 'Role updated.'; + $lang['strroleupdatedbad'] = 'Role update failed.'; $lang['strcatupdate'] = 'Modify catalogs?'; $lang['strcanlogin'] = 'Can login?'; + $lang['strconnlimit'] = 'Connection limit'; + $lang['strdroprole'] = 'Drop role'; $lang['strmaxconnections'] = 'Max connections'; $lang['strconfdroprole'] = 'Are you sure you want to drop the role "%s"?'; $lang['strroledropped'] = 'Role dropped.'; - $lang['strroledroppedbad'] = 'Failed to drop role.'; + $lang['strroledroppedbad'] = 'Role drop failed.'; + $lang['strnoroles'] = 'No roles found.'; + $lang['strnolimit'] = 'No limit'; + $lang['strnever'] = 'Never'; + $lang['strroleneedsname'] = 'You must give a name for the role.'; // Privileges $lang['strprivilege'] = 'Privilege'; @@ -669,6 +685,7 @@ $lang['straggrffunc'] = 'Final function'; $lang['straggrinitcond'] = 'Initial condition'; $lang['straggrsortop'] = 'Sort operator'; + $lang['strdropaggregate'] = 'Drop aggregate'; $lang['strconfdropaggregate'] = 'Are you sure you want to drop the aggregate "%s"?'; $lang['straggregatedropped'] = 'Aggregate dropped.'; $lang['straggregatedroppedbad'] = 'Aggregate drop failed.'; diff --git a/roles.php b/roles.php new file mode 100644 index 00000000..56280b66 --- /dev/null +++ b/roles.php @@ -0,0 +1,665 @@ +<?php + + /** + * Manage roles in a database cluster + * + * $Id: roles.php + */ + + // Include application functions + include_once('./libraries/lib.inc.php'); + + $action = (isset($_REQUEST['action'])) ? $_REQUEST['action'] : ''; + if (!isset($msg)) $msg = ''; + $PHP_SELF = $_SERVER['PHP_SELF']; + + /** + * Displays a screen for create a new role + */ + function doCreate($msg = '') { + global $data, $misc, $username; + global $PHP_SELF, $lang; + + if (!isset($_POST['formRolename'])) $_POST['formRolename'] = ''; + if (!isset($_POST['formPassword'])) $_POST['formPassword'] = ''; + if (!isset($_POST['formConfirm'])) $_POST['formConfirm'] = ''; + if (!isset($_POST['formConnLimit'])) $_POST['formConnLimit'] = ''; + if (!isset($_POST['formExpires'])) $_POST['formExpires'] = ''; + if (!isset($_POST['memberof'])) $_POST['memberof'] = array(); + if (!isset($_POST['members'])) $_POST['members'] = array(); + if (!isset($_POST['adminmembers'])) $_POST['adminmembers'] = array(); + + $misc->printTrail('role'); + $misc->printTitle($lang['strcreaterole'],'pg.role.create'); + $misc->printMsg($msg); + + echo "<form action=\"$PHP_SELF\" method=\"post\">\n"; + echo $misc->form; + echo "<table>\n"; + echo "\t<tr>\n\t\t<th class=\"data left required\" width=\"130\">{$lang['strrolename']}</th>\n"; + echo "\t\t<td class=\"data1\"><input size=\"15\" maxlength=\"15\" name=\"formRolename\" value=\"", htmlspecialchars($_POST['formRolename']), "\" /></td>\n\t</tr>\n"; + echo "\t<tr>\n\t\t<th class=\"data left\">{$lang['strpassword']}</th>\n"; + echo "\t\t<td class=\"data1\"><input size=\"15\" maxlength=\"32\" type=\"password\" name=\"formPassword\" value=\"", htmlspecialchars($_POST['formPassword']), "\" /></td>\n\t</tr>\n"; + echo "\t<tr>\n\t\t<th class=\"data left\">{$lang['strconfirm']}</th>\n"; + echo "\t\t<td class=\"data1\"><input size=\"15\" maxlength=\"32\" type=\"password\" name=\"formConfirm\" value=\"", htmlspecialchars($_POST['formConfirm']), "\" /></td>\n\t</tr>\n"; + echo "\t<tr>\n\t\t<th class=\"data left\"><label for=\"formSuper\">{$lang['strsuper']}</label></th>\n"; + echo "\t\t<td class=\"data1\"><input type=\"checkbox\" id=\"formSuper\" name=\"formSuper\"", + (isset($_POST['formSuper'])) ? ' checked="checked"' : '', " /></td>\n\t</tr>\n"; + echo "\t<tr>\n\t\t<th class=\"data left\"><label for=\"formCreateDB\">{$lang['strcreatedb']}</label></th>\n"; + echo "\t\t<td class=\"data1\"><input type=\"checkbox\" id=\"formCreateDB\" name=\"formCreateDB\"", + (isset($_POST['formCreateDB'])) ? ' checked="checked"' : '', " /></td>\n\t</tr>\n"; + echo "\t<tr>\n\t\t<th class=\"data left\"><label for=\"formCreateRole\">{$lang['strcancreaterole']}</label></th>\n"; + echo "\t\t<td class=\"data1\"><input type=\"checkbox\" id=\"formCreateDB\" name=\"formCreateRole\"", + (isset($_POST['formCreateRole'])) ? ' checked="checked"' : '', " /></td>\n\t</tr>\n"; + echo "\t<tr>\n\t\t<th class=\"data left\"><label for=\"formCreateDB\">{$lang['strinheritsprivs']}</label></th>\n"; + echo "\t\t<td class=\"data1\"><input type=\"checkbox\" id=\"formInherits\" name=\"formInherits\"", + (isset($_POST['formInherits'])) ? ' checked="checked"' : '', " /></td>\n\t</tr>\n"; + echo "\t<tr>\n\t\t<th class=\"data left\"><label for=\"formCanLogin\">{$lang['strcanlogin']}</label></th>\n"; + echo "\t\t<td class=\"data1\"><input type=\"checkbox\" id=\"formCanLogin\" name=\"formCanLogin\"", + (isset($_POST['formCanLogin'])) ? ' checked="checked"' : '', " /></td>\n\t</tr>\n"; + echo "\t<tr>\n\t\t<th class=\"data left\">{$lang['strconnlimit']}</th>\n"; + echo "\t\t<td class=\"data1\"><input size=\"4\" name=\"formConnLimit\" value=\"", htmlspecialchars($_POST['formConnLimit']), "\" /></td>\n\t</tr>\n"; + echo "\t<tr>\n\t\t<th class=\"data left\">{$lang['strexpires']}</th>\n"; + echo "\t\t<td class=\"data1\"><input size=\"23\" maxlength=\"60\" name=\"formExpires\" value=\"", htmlspecialchars($_POST['formExpires']), "\" /></td>\n\t</tr>\n"; + + $roles = $data->getRoles(); + if ($roles->recordCount() > 0) { + echo "\t<tr>\n\t\t<th class=\"data left\">{$lang['strmemberof']}</th>\n"; + echo "\t\t<td class=\"data\">\n"; + echo "\t\t\t<select name=\"memberof[]\" multiple=\"multiple\" size=\"", min(20, $roles->recordCount()), "\">\n"; + while (!$roles->EOF) { + $rolename = $roles->f['rolname']; + echo "\t\t\t\t<option value=\"{$rolename}\"", + (in_array($rolename, $_POST['memberof']) ? ' selected="selected"' : ''), ">", $misc->printVal($rolename), "</option>\n"; + $roles->moveNext(); + } + echo "\t\t\t</select>\n"; + echo "\t\t</td>\n\t</tr>\n"; + + $roles->moveFirst(); + echo "\t<tr>\n\t\t<th class=\"data left\">{$lang['strmembers']}</th>\n"; + echo "\t\t<td class=\"data\">\n"; + echo "\t\t\t<select name=\"members[]\" multiple=\"multiple\" size=\"", min(20, $roles->recordCount()), "\">\n"; + while (!$roles->EOF) { + $rolename = $roles->f['rolname']; + echo "\t\t\t\t<option value=\"{$rolename}\"", + (in_array($rolename, $_POST['members']) ? ' selected="selected"' : ''), ">", $misc->printVal($rolename), "</option>\n"; + $roles->moveNext(); + } + echo "\t\t\t</select>\n"; + echo "\t\t</td>\n\t</tr>\n"; + + $roles->moveFirst(); + echo "\t<tr>\n\t\t<th class=\"data left\">{$lang['stradminmembers']}</th>\n"; + echo "\t\t<td class=\"data\">\n"; + echo "\t\t\t<select name=\"adminmembers[]\" multiple=\"multiple\" size=\"", min(20, $roles->recordCount()), "\">\n"; + while (!$roles->EOF) { + $rolename = $roles->f['rolname']; + echo "\t\t\t\t<option value=\"{$rolename}\"", + (in_array($rolename, $_POST['adminmembers']) ? ' selected="selected"' : ''), ">", $misc->printVal($rolename), "</option>\n"; + $roles->moveNext(); + } + echo "\t\t\t</select>\n"; + echo "\t\t</td>\n\t</tr>\n"; + } + + echo "</table>\n"; + echo "<p><input type=\"hidden\" name=\"action\" value=\"save_create\" />\n"; + echo "<input type=\"submit\" name=\"create\" value=\"{$lang['strcreate']}\" />\n"; + echo "<input type=\"submit\" name=\"cancel\" value=\"{$lang['strcancel']}\" /></p>\n"; + echo "</form>\n"; + } + + /** + * Actually creates the new role in the database + */ + function doSaveCreate() { + global $data, $lang; + + if(!isset($_POST['memberof'])) $_POST['memberof'] = array(); + if(!isset($_POST['members'])) $_POST['members'] = array(); + if(!isset($_POST['adminmembers'])) $_POST['adminmembers'] = array(); + + // Check data + if ($_POST['formRolename'] == '') + doCreate($lang['strroleneedsname']); + else if ($_POST['formPassword'] != $_POST['formConfirm']) + doCreate($lang['strpasswordconfirm']); + else { + $status = $data->createRole($_POST['formRolename'], $_POST['formPassword'], isset($_POST['formSuper']), + isset($_POST['formCreateDB']), isset($_POST['formCreateRole']), isset($_POST['formInherits']), + isset($_POST['formCanLogin']), $_POST['formConnLimit'], $_POST['formExpires'], $_POST['memberof'], $_POST['members'], + $_POST['adminmembers']); + if ($status == 0) + doDefault($lang['strrolecreated']); + else + doCreate($lang['strrolecreatedbad']); + } + } + + /** + * Function to allow alter a role + */ + function doAlter($msg = '') { + global $data, $misc; + global $PHP_SELF, $lang; + + $misc->printTrail('role'); + $misc->printTitle($lang['stralterrole'],'pg.role.alter'); + $misc->printMsg($msg); + + $roledata = $data->getRole($_REQUEST['rolename']); + + if ($roledata->recordCount() > 0) { + $server_info = $misc->getServerInfo(); + $canRename = $data->hasUserRename() && ($_REQUEST['rolename'] != $server_info['username']); + $roledata->f['rolsuper'] = $data->phpBool($roledata->f['rolsuper']); + $roledata->f['rolcreatedb'] = $data->phpBool($roledata->f['rolcreatedb']); + $roledata->f['rolcreaterole'] = $data->phpBool($roledata->f['rolcreaterole']); + $roledata->f['rolinherit'] = $data->phpBool($roledata->f['rolinherit']); + $roledata->f['rolcanlogin'] = $data->phpBool($roledata->f['rolcanlogin']); + + if (!isset($_POST['formExpires'])){ + if ($canRename) $_POST['formNewRoleName'] = $roledata->f['rolname']; + if ($roledata->f['rolsuper']) $_POST['formSuper'] = ''; + if ($roledata->f['rolcreatedb']) $_POST['formCreateDB'] = ''; + if ($roledata->f['rolcreaterole']) $_POST['formCreateRole'] = ''; + if ($roledata->f['rolinherit']) $_POST['formInherits'] = ''; + if ($roledata->f['rolcanlogin']) $_POST['formCanLogin'] = ''; + $_POST['formConnLimit'] = $roledata->f['rolconnlimit'] == '-1' ? '' : $roledata->f['rolconnlimit']; + $_POST['formExpires'] = $roledata->f['rolvaliduntil'] == 'infinity' ? '' : $roledata->f['rolvaliduntil']; + $_POST['formPassword'] = ''; + } + + echo "<form action=\"$PHP_SELF\" method=\"post\">\n"; + echo $misc->form; + echo "<table>\n"; + echo "\t<tr>\n\t\t<th class=\"data left\" width=\"130\">{$lang['strrolename']}</th>\n"; + echo "\t\t<td class=\"data1\">", ($canRename ? "<input name=\"formNewRoleName\" size=\"15\" maxlength=\"15\" value=\"" . htmlspecialchars($_POST['formNewRoleName']) . "\" />" : $misc->printVal($roledata->f['rolname'])), "</td>\n\t</tr>\n"; + echo "\t<tr>\n\t\t<th class=\"data left\">{$lang['strpassword']}</th>\n"; + echo "\t\t<td class=\"data1\"><input type=\"password\" size=\"15\" maxlength=\"32\" name=\"formPassword\" value=\"", htmlspecialchars($_POST['formPassword']), "\" /></td>\n\t</tr>\n"; + echo "\t<tr>\n\t\t<th class=\"data left\">{$lang['strconfirm']}</th>\n"; + echo "\t\t<td class=\"data1\"><input type=\"password\" size=\"15\" maxlength=\"32\" name=\"formConfirm\" value=\"\" /></td>\n\t</tr>\n"; + echo "\t<tr>\n\t\t<th class=\"data left\"><label for=\"formSuper\">{$lang['strsuper']}</label></th>\n"; + echo "\t\t<td class=\"data1\"><input type=\"checkbox\" id=\"formSuper\" name=\"formSuper\"", + (isset($_POST['formSuper'])) ? ' checked="checked"' : '', " /></td>\n\t</tr>\n"; + echo "\t<tr>\n\t\t<th class=\"data left\"><label for=\"formCreateDB\">{$lang['strcreatedb']}</label></th>\n"; + echo "\t\t<td class=\"data1\"><input type=\"checkbox\" id=\"formCreateDB\" name=\"formCreateDB\"", + (isset($_POST['formCreateDB'])) ? ' checked="checked"' : '', " /></td>\n\t</tr>\n"; + echo "\t<tr>\n\t\t<th class=\"data left\"><label for=\"formCreateRole\">{$lang['strcancreaterole']}</label></th>\n"; + echo "\t\t<td class=\"data1\"><input type=\"checkbox\" id=\"formCreateRole\" name=\"formCreateRole\"", + (isset($_POST['formCreateRole'])) ? ' checked="checked"' : '', " /></td>\n\t</tr>\n"; + echo "\t<tr>\n\t\t<th class=\"data left\"><label for=\"formInherits\">{$lang['strinheritsprivs']}</label></th>\n"; + echo "\t\t<td class=\"data1\"><input type=\"checkbox\" id=\"formInherits\" name=\"formInherits\"", + (isset($_POST['formInherits'])) ? ' checked="checked"' : '', " /></td>\n\t</tr>\n"; + echo "\t<tr>\n\t\t<th class=\"data left\"><label for=\"formCanLogin\">{$lang['strcanlogin']}</label></th>\n"; + echo "\t\t<td class=\"data1\"><input type=\"checkbox\" id=\"formCanLogin\" name=\"formCanLogin\"", + (isset($_POST['formCanLogin'])) ? ' checked="checked"' : '', " /></td>\n\t</tr>\n"; + echo "\t<tr>\n\t\t<th class=\"data left\">{$lang['strconnlimit']}</th>\n"; + echo "\t\t<td class=\"data1\"><input size=\"4\" maxlength=\"4\" name=\"formConnLimit\" value=\"", htmlspecialchars($_POST['formConnLimit']), "\" /></td>\n\t</tr>\n"; + echo "\t<tr>\n\t\t<th class=\"data left\">{$lang['strexpires']}</th>\n"; + echo "\t\t<td class=\"data1\"><input size=\"23\" maxlength=\"60\" name=\"formExpires\" value=\"", htmlspecialchars($_POST['formExpires']), "\" /></td>\n\t</tr>\n"; + + if (!isset($_POST['memberof'])) + { + $memberof = $data->getMemberOf($_REQUEST['rolename']); + if ($memberof->recordCount() > 0) { + $i = 0; + while (!$memberof->EOF) { + $_POST['memberof'][$i++] = $memberof->f['rolname']; + $memberof->moveNext(); + } + } + else + $_POST['memberof'] = array(); + $memberofold = implode(',', $_POST['memberof']); + } + if (!isset($_POST['members'])) + { + $members = $data->getMembers($_REQUEST['rolename']); + if ($members->recordCount() > 0) { + $i = 0; + while (!$members->EOF) { + $_POST['members'][$i++] = $members->f['rolname']; + $members->moveNext(); + } + } + else + $_POST['members'] = array(); + $membersold = implode(',', $_POST['members']); + } + if (!isset($_POST['adminmembers'])) + { + $adminmembers = $data->getMembers($_REQUEST['rolename'], 't'); + if ($adminmembers->recordCount() > 0) { + $i = 0; + while (!$adminmembers->EOF) { + $_POST['adminmembers'][$i++] = $adminmembers->f['rolname']; + $adminmembers->moveNext(); + } + } + else + $_POST['adminmembers'] = array(); + $adminmembersold = implode(',', $_POST['adminmembers']); + } + + $roles = $data->getRoles($_REQUEST['rolename']); + if ($roles->recordCount() > 0) { + echo "\t<tr>\n\t\t<th class=\"data left\">{$lang['strmemberof']}</th>\n"; + echo "\t\t<td class=\"data\">\n"; + echo "\t\t\t<select name=\"memberof[]\" multiple=\"multiple\" size=\"", min(20, $roles->recordCount()), "\">\n"; + while (!$roles->EOF) { + $rolename = $roles->f['rolname']; + echo "\t\t\t\t<option value=\"{$rolename}\"", + (in_array($rolename, $_POST['memberof']) ? ' selected="selected"' : ''), ">", $misc->printVal($rolename), "</option>\n"; + $roles->moveNext(); + } + echo "\t\t\t</select>\n"; + echo "\t\t</td>\n\t</tr>\n"; + + $roles->moveFirst(); + echo "\t<tr>\n\t\t<th class=\"data left\">{$lang['strmembers']}</th>\n"; + echo "\t\t<td class=\"data\">\n"; + echo "\t\t\t<select name=\"members[]\" multiple=\"multiple\" size=\"", min(20, $roles->recordCount()), "\">\n"; + while (!$roles->EOF) { + $rolename = $roles->f['rolname']; + echo "\t\t\t\t<option value=\"{$rolename}\"", + (in_array($rolename, $_POST['members']) ? ' selected="selected"' : ''), ">", $misc->printVal($rolename), "</option>\n"; + $roles->moveNext(); + } + echo "\t\t\t</select>\n"; + echo "\t\t</td>\n\t</tr>\n"; + + $roles->moveFirst(); + echo "\t<tr>\n\t\t<th class=\"data left\">{$lang['stradminmembers']}</th>\n"; + echo "\t\t<td class=\"data\">\n"; + echo "\t\t\t<select name=\"adminmembers[]\" multiple=\"multiple\" size=\"", min(20, $roles->recordCount()), "\">\n"; + while (!$roles->EOF) { + $rolename = $roles->f['rolname']; + echo "\t\t\t\t<option value=\"{$rolename}\"", + (in_array($rolename, $_POST['adminmembers']) ? ' selected="selected"' : ''), ">", $misc->printVal($rolename), "</option>\n"; + $roles->moveNext(); + } + echo "\t\t\t</select>\n"; + echo "\t\t</td>\n\t</tr>\n"; + } + echo "</table>\n"; + + echo "<p><input type=\"hidden\" name=\"action\" value=\"save_alter\" />\n"; + echo "<input type=\"hidden\" name=\"rolename\" value=\"", htmlspecialchars($_REQUEST['rolename']), "\" />\n"; + echo "<input type=\"hidden\" name=\"memberofold\" value=\"", isset($_POST['memberofold']) ? $_POST['memberofold'] : htmlspecialchars($memberofold), "\" />\n"; + echo "<input type=\"hidden\" name=\"membersold\" value=\"", isset($_POST['membersold']) ? $_POST['membersold'] : htmlspecialchars($membersold), "\" />\n"; + echo "<input type=\"hidden\" name=\"adminmembersold\" value=\"", isset($_POST['adminmembersold']) ? $_POST['adminmembersold'] : htmlspecialchars($adminmembersold), "\" />\n"; + echo "<input type=\"submit\" name=\"alter\" value=\"{$lang['stralter']}\" />\n"; + echo "<input type=\"submit\" name=\"cancel\" value=\"{$lang['strcancel']}\" /></p>\n"; + echo "</form>\n"; + } + else echo "<p>{$lang['strnodata']}</p>\n"; + } + + /** + * Function to save after editing a role + */ + function doSaveAlter() { + global $data, $lang; + + if(!isset($_POST['memberof'])) $_POST['memberof'] = array(); + if(!isset($_POST['members'])) $_POST['members'] = array(); + if(!isset($_POST['adminmembers'])) $_POST['adminmembers'] = array(); + + // Check name and password + if (isset($_POST['formNewRoleName']) && $_POST['formNewRoleName'] == '') + doAlter($lang['strroleneedsname']); + else if ($_POST['formPassword'] != $_POST['formConfirm']) + doAlter($lang['strpasswordconfirm']); + else { + if (isset($_POST['formNewRoleName'])) $status = $data->setRenameRole($_POST['rolename'], $_POST['formPassword'], isset($_POST['formSuper']), isset($_POST['formCreateDB']), isset($_POST['formCreateRole']), isset($_POST['formInherits']), isset($_POST['formCanLogin']), $_POST['formConnLimit'], $_POST['formExpires'], $_POST['memberof'], $_POST['members'], $_POST['adminmembers'], $_POST['memberofold'], $_POST['membersold'], $_POST['adminmembersold'], $_POST['formNewRoleName']); + else $status = $data->setRole($_POST['rolename'], $_POST['formPassword'], isset($_POST['formSuper']), isset($_POST['formCreateDB']), isset($_POST['formCreateRole']), isset($_POST['formInherits']), isset($_POST['formCanLogin']), $_POST['formConnLimit'], $_POST['formExpires'], $_POST['memberof'], $_POST['members'], $_POST['adminmembers'], $_POST['memberofold'], $_POST['membersold'], $_POST['adminmembersold']); + if ($status == 0) + doDefault($lang['strroleupdated']); + else + doAlter($lang['strroleupdatedbad']); + } + } + + /** + * Show confirmation of drop a role and perform actual drop + */ + function doDrop($confirm) { + global $data, $misc; + global $PHP_SELF, $lang; + + if ($confirm) { + $misc->printTrail('role'); + $misc->printTitle($lang['strdroprole'],'pg.role.drop'); + + echo "<p>", sprintf($lang['strconfdroprole'], $misc->printVal($_REQUEST['rolename'])), "</p>\n"; + + echo "<form action=\"$PHP_SELF\" method=\"post\">\n"; + echo $misc->form; + echo "<input type=\"hidden\" name=\"action\" value=\"drop\" />\n"; + echo "<input type=\"hidden\" name=\"rolename\" value=\"", htmlspecialchars($_REQUEST['rolename']), "\" />\n"; + echo "<input type=\"submit\" name=\"drop\" value=\"{$lang['strdrop']}\" />\n"; + echo "<input type=\"submit\" name=\"cancel\" value=\"{$lang['strcancel']}\" />\n"; + echo "</form>\n"; + } + else { + $status = $data->dropRole($_REQUEST['rolename']); + if ($status == 0) + doDefault($lang['strroledropped']); + else + doDefault($lang['strroledroppedbad']); + } + } + + /** + * Show the properties of a role + */ + function doProperties($msg = '') { + global $data, $misc; + global $PHP_SELF, $lang; + + $misc->printTrail('role'); + $misc->printTitle($lang['strproperties'],'pg.role'); + $misc->printMsg($msg); + + $roledata = $data->getRole($_REQUEST['rolename']); + if($roledata->recordCount() > 0 ) { + $roledata->f['rolsuper'] = $data->phpBool($roledata->f['rolsuper']); + $roledata->f['rolcreatedb'] = $data->phpBool($roledata->f['rolcreatedb']); + $roledata->f['rolcreaterole'] = $data->phpBool($roledata->f['rolcreaterole']); + $roledata->f['rolinherit'] = $data->phpBool($roledata->f['rolinherit']); + $roledata->f['rolcanlogin'] = $data->phpBool($roledata->f['rolcanlogin']); + + echo "<table>\n"; + echo "\t<tr>\n\t\t<th class=\"data\" width=\"130\">Description</th>\n"; + echo "\t\t<th class=\"data\" width=\"120\">Value</th>\n\t</tr>\n"; + echo "\t<tr>\n\t\t<td class=\"data1\">{$lang['strrolename']}</td>\n"; + echo "\t\t<td class=\"data1\">", htmlspecialchars($_REQUEST['rolename']), "</td>\n\t</tr>\n"; + echo "\t<tr>\n\t\t<td class=\"data2\">{$lang['strsuper']}</td>\n"; + echo "\t\t<td class=\"data2\">", (($roledata->f['rolsuper']) ? $lang['stryes'] : $lang['strno']), "</td>\n\t</tr>\n"; + echo "\t<tr>\n\t\t<td class=\"data1\">{$lang['strcreatedb']}</td>\n"; + echo "\t\t<td class=\"data1\">", (($roledata->f['rolcreatedb']) ? $lang['stryes'] : $lang['strno']), "</td>\n"; + echo "\t<tr>\n\t\t<td class=\"data2\">{$lang['strcancreaterole']}</td>\n"; + echo "\t\t<td class=\"data2\">", (($roledata->f['rolcreaterole']) ? $lang['stryes'] : $lang['strno']), "</td>\n"; + echo "\t<tr>\n\t\t<td class=\"data1\">{$lang['strinheritsprivs']}</td>\n"; + echo "\t\t<td class=\"data1\">", (($roledata->f['rolinherit']) ? $lang['stryes'] : $lang['strno']), "</td>\n"; + echo "\t<tr>\n\t\t<td class=\"data2\">{$lang['strcanlogin']}</td>\n"; + echo "\t\t<td class=\"data2\">", (($roledata->f['rolcanlogin']) ? $lang['stryes'] : $lang['strno']), "</td>\n"; + echo "\t<tr>\n\t\t<td class=\"data1\">{$lang['strconnlimit']}</td>\n"; + echo "\t\t<td class=\"data1\">", ($roledata->f['rolconnlimit'] == '-1' ? $lang['strnolimit'] : $misc->printVal($roledata->f['rolconnlimit'])), "</td>\n"; + echo "\t<tr>\n\t\t<td class=\"data2\">{$lang['strexpires']}</td>\n"; + echo "\t\t<td class=\"data2\">", ($roledata->f['rolvaliduntil'] == 'infinity' ? $lang['strnever'] : $misc->printVal($roledata->f['rolvaliduntil'])), "</td>\n"; + echo "\t<tr>\n\t\t<td class=\"data1\">{$lang['strsessiondefaults']}</td>\n"; + echo "\t\t<td class=\"data1\">", $misc->printVal($roledata->f['rolconfig']), "</td>\n"; + echo "\t<tr>\n\t\t<td class=\"data2\">{$lang['strmemberof']}</td>\n"; + echo "\t\t<td class=\"data2\">"; + $memberof = $data->getMemberOf($_REQUEST['rolename']); + if ($memberof->recordCount() > 0) { + while (!$memberof->EOF) { + echo $misc->printVal($memberof->f['rolname']), "<br />\n"; + $memberof->moveNext(); + } + } + echo "</td>\n\t</tr>\n"; + echo "\t<tr>\n\t\t<td class=\"data1\">{$lang['strmembers']}</td>\n"; + echo "\t\t<td class=\"data1\">"; + $members = $data->getMembers($_REQUEST['rolename']); + if ($members->recordCount() > 0) { + while (!$members->EOF) { + echo $misc->printVal($members->f['rolname']), "<br />\n"; + $members->moveNext(); + } + } + echo "</td>\n\t</tr>\n"; + echo "\t<tr>\n\t\t<td class=\"data2\">{$lang['stradminmembers']}</td>\n"; + echo "\t\t<td class=\"data2\">"; + $adminmembers = $data->getMembers($_REQUEST['rolename'], 't'); + if ($adminmembers->recordCount() > 0) { + while (!$adminmembers->EOF) { + echo $misc->printVal($adminmembers->f['rolname']), "<br />\n"; + $adminmembers->moveNext(); + } + } + echo "</td>\n\t</tr>\n"; + echo "</table>\n"; + } + else echo "<p>{$lang['strnodata']}</p>\n"; + + echo "<p><a class=\"navlink\" href=\"$PHP_SELF?{$misc->href}\">{$lang['strshowallroles']}</a> |\n"; + echo "<a class=\"navlink\" href=\"$PHP_SELF?action=alter&{$misc->href}&rolename=", + urlencode($_REQUEST['rolename']), "\">{$lang['stralter']}</a> |\n"; + echo "<a class=\"navlink\" href=\"$PHP_SELF?action=confirm_drop&{$misc->href}&rolename=", + urlencode($_REQUEST['rolename']), "\">{$lang['strdrop']}</a>\n"; + } + + /** + * If a role is not a superuser role, then we have an 'account management' + * page for change his password, etc. We don't prevent them from + * messing with the URL to gain access to other role admin stuff, because + * the PostgreSQL permissions will prevent them changing anything anyway. + */ + function doAccount($msg = '') { + global $data, $misc; + global $PHP_SELF, $lang; + + $server_info = $misc->getServerInfo(); + + $roledata = $data->getRole($server_info['username']); + $_REQUEST['rolename'] = $server_info['username']; + + $misc->printTrail('role'); + $misc->printTabs('server','account'); + $misc->printMsg($msg); + + if ($roledata->recordCount() > 0) { + $roledata->f['rolsuper'] = $data->phpBool($roledata->f['rolsuper']); + $roledata->f['rolcreatedb'] = $data->phpBool($roledata->f['rolcreatedb']); + $roledata->f['rolcreaterole'] = $data->phpBool($roledata->f['rolcreaterole']); + $roledata->f['rolinherit'] = $data->phpBool($roledata->f['rolinherit']); + echo "<table>\n"; + echo "\t<tr>\n\t\t<th class=\"data\">{$lang['strrolename']}</th>\n"; + echo "\t\t<th class=\"data\">{$lang['strsuper']}</th>\n"; + echo "\t\t<th class=\"data\">{$lang['strcreatedb']}</th>\n"; + echo "\t\t<th class=\"data\">{$lang['strcancreaterole']}</th>\n"; + echo "\t\t<th class=\"data\">{$lang['strinheritsprivs']}</th>\n"; + echo "\t\t<th class=\"data\">{$lang['strconnlimit']}</th>\n"; + echo "\t\t<th class=\"data\">{$lang['strexpires']}</th>\n"; + echo "\t\t<th class=\"data\">{$lang['strsessiondefaults']}</th>\n"; + echo "\t</tr>\n"; + echo "\t<tr>\n\t\t<td class=\"data1\">", $misc->printVal($roledata->f['rolname']), "</td>\n"; + echo "\t\t<td class=\"data1\" id=\"center\">", (($roledata->f['rolsuper']) ? $lang['stryes'] : $lang['strno']), "</td>\n"; + echo "\t\t<td class=\"data1\" id=\"center\">", (($roledata->f['rolcreatedb']) ? $lang['stryes'] : $lang['strno']), "</td>\n"; + echo "\t\t<td class=\"data1\" id=\"center\">", (($roledata->f['rolcreaterole']) ? $lang['stryes'] : $lang['strno']), "</td>\n"; + echo "\t\t<td class=\"data1\" id=\"center\">", (($roledata->f['rolinherit']) ? $lang['stryes'] : $lang['strno']), "</td>\n"; + echo "\t\t<td class=\"data1\" id=\"center\">", ($roledata->f['rolconnlimit'] == '-1' ? $lang['strnolimit'] : $misc->printVal($roledata->f['rolconnlimit'])), "</td>\n"; + echo "\t\t<td class=\"data1\">", ($roledata->f['rolvaliduntil'] == 'infinity' ? $lang['strnever'] : $misc->printVal($roledata->f['rolvaliduntil'])), "</td>\n"; + echo "\t\t<td class=\"data1\">", $misc->printVal($roledata->f['rolconfig']), "</td>\n"; + echo "\t</tr>\n</table>\n"; + } + else echo "<p>{$lang['strnodata']}</p>\n"; + + echo "<p><a class=\"navlink\" href=\"{$PHP_SELF}?action=confchangepassword&{$misc->href}\">{$lang['strchangepassword']}</a></p>\n"; + } + + /** + * Show confirmation of change password and actually change password + */ + function doChangePassword($confirm, $msg = '') { + global $data, $misc; + global $PHP_SELF, $lang, $conf; + + $server_info = $misc->getServerInfo(); + + if ($confirm) { + $_REQUEST['rolename'] = $server_info['username']; + $misc->printTrail('role'); + $misc->printTitle($lang['strchangepassword'],'pg.role.alter'); + $misc->printMsg($msg); + + if (!isset($_POST['password'])) $_POST['password'] = ''; + if (!isset($_POST['confirm'])) $_POST['confirm'] = ''; + + echo "<form action=\"$PHP_SELF\" method=\"post\">\n"; + echo $misc->form; + echo "<table>\n"; + echo "\t<tr>\n\t\t<th class=\"data left required\">{$lang['strpassword']}</th>\n"; + echo "\t\t<td><input type=\"password\" name=\"password\" size=\"32\" value=\"", + htmlspecialchars($_POST['password']), "\" /></td>\n\t</tr>\n"; + echo "\t<tr>\n\t\t<th class=\"data left required\">{$lang['strconfirm']}</th>\n"; + echo "\t\t<td><input type=\"password\" name=\"confirm\" size=\"32\" value=\"\" /></td>\n\t</tr>\n"; + echo "<table>\n"; + echo "<p><input type=\"hidden\" name=\"action\" value=\"changepassword\" />\n"; + echo "<input type=\"submit\" name=\"ok\" value=\"{$lang['strok']}\" />\n"; + echo "<input type=\"submit\" name=\"cancel\" value=\"{$lang['strcancel']}\" />\n"; + echo "</p></form>\n"; + } + else { + // Check that password is minimum length + if (strlen($_POST['password']) < $conf['min_password_length']) + doChangePassword(true, $lang['strpasswordshort']); + // Check that password matches confirmation password + elseif ($_POST['password'] != $_POST['confirm']) + doChangePassword(true, $lang['strpasswordconfirm']); + else { + $status = $data->changePassword($server_info['username'], $_POST['password']); + if ($status == 0) + doAccount($lang['strpasswordchanged']); + else + doAccount($lang['strpasswordchangedbad']); + } + } + } + + + /** + * Show default list of roles in the database + */ + function doDefault($msg = '') { + global $data, $misc; + global $PHP_SELF, $lang; + + function renderRoleConnLimit($val) { + return $val == '-1' ? 'No limit' : htmlspecialchars($val); + } + + function renderRoleExpires($val) { + return $val == 'infinity' ? 'Never' : htmlspecialchars($val); + } + + $misc->printTrail('server'); + $misc->printTabs('server','roles'); + $misc->printMsg($msg); + + $roles = $data->getRoles(); + + $columns = array( + 'rolename' => array( + 'title' => $lang['strrolename'], + 'field' => 'rolname', + ), + 'superuser' => array( + 'title' => $lang['strsuper'], + 'field' => 'rolsuper', + 'type' => 'yesno', + ), + 'createdb' => array( + 'title' => $lang['strcreatedb'], + 'field' => 'rolcreatedb', + 'type' => 'yesno', + ), + 'createrole' => array( + 'title' => $lang['strcancreaterole'], + 'field' => 'rolcreaterole', + 'type' => 'yesno', + ), + 'inherits' => array( + 'title' => $lang['strinheritsprivs'], + 'field' => 'rolinherit', + 'type' => 'yesno', + ), + 'canloging' => array( + 'title' => $lang['strcanlogin'], + 'field' => 'rolcanlogin', + 'type' => 'yesno', + ), + 'expires' => array( + 'title' => $lang['strexpires'], + 'field' => 'rolvaliduntil', + 'type' => 'callback', + 'params'=> array('function' => 'renderRoleExpires'), + ), + 'actions' => array( + 'title' => $lang['stractions'], + ), + ); + + $actions = array( + 'properties' => array( + 'title' => $lang['strproperties'], + 'url' => "redirect.php?subject=role&action=properties&{$misc->href}&", + 'vars' => array('rolename' => 'rolname'), + ), + 'alter' => array( + 'title' => $lang['stralter'], + 'url' => "{$PHP_SELF}?action=alter&{$misc->href}&", + 'vars' => array('rolename' => 'rolname'), + ), + 'drop' => array( + 'title' => $lang['strdrop'], + 'url' => "{$PHP_SELF}?action=confirm_drop&{$misc->href}&", + 'vars' => array('rolename' => 'rolname'), + ), + ); + + $misc->printTable($roles, $columns, $actions, $lang['strnoroles']); + + echo "<p><a class=\"navlink\" href=\"{$PHP_SELF}?action=create&{$misc->href}\">{$lang['strcreaterole']}</a></p>\n"; + + } + + $misc->printHeader($lang['strroles']); + $misc->printBody(); + + switch ($action) { + case 'create': + doCreate(); + break; + case 'save_create': + if (isset($_POST['create'])) doSaveCreate(); + else doDefault(); + break; + case 'alter': + doAlter(); + break; + case 'save_alter': + if (isset($_POST['alter'])) doSaveAlter(); + else doDefault(); + break; + case 'confirm_drop': + doDrop(true); + break; + case 'drop': + if (isset($_POST['drop'])) doDrop(false); + else doDefault(); + break; + case 'properties': + doProperties(); + break; + case 'confchangepassword': + doChangePassword(true); + break; + case 'changepassword': + if (isset($_REQUEST['ok'])) doChangePassword(false); + else doAccount(); + break; + case 'account': + doAccount(); + break; + default: + doDefault(); + } + + $misc->printFooter(); + +?> diff --git a/themes/default/global.css b/themes/default/global.css index 3664bfa9..82b1c530 100644 --- a/themes/default/global.css +++ b/themes/default/global.css @@ -1,7 +1,7 @@ /** * Default style sheet * - * $Id: global.css,v 1.39 2006/08/04 20:42:24 xzilla Exp $ + * $Id: global.css,v 1.40 2006/12/28 04:26:55 xzilla Exp $ */ /** ELEMENTS */ @@ -126,6 +126,17 @@ th.data a:active, th.data a:link, th.data a:visited, th.data a:hover text-align: left; } +#center +{ + text-align: center; +} + +td.dat +{ + color: "ff0"; + text-align: center; +} + th.required { text-decoration: underline; |