Commit 39da13e6 authored by Leigh Stoller's avatar Leigh Stoller

Add a checkbox to control whether a new type is initially restricted

from users.
parent 1077ffe7
#!/usr/bin/perl -wT #!/usr/bin/perl -wT
# #
# Copyright (c) 2000-2012 University of Utah and the Flux Group. # Copyright (c) 2000-2013 University of Utah and the Flux Group.
# #
# {{{EMULAB-LICENSE # {{{EMULAB-LICENSE
# #
...@@ -32,12 +32,13 @@ use Data::Dumper; ...@@ -32,12 +32,13 @@ use Data::Dumper;
# #
sub usage() sub usage()
{ {
print("Usage: editnodetype [-v] <xmlfile>\n"); print("Usage: editnodetype [-v] [-p] <xmlfile>\n");
exit(-1); exit(-1);
} }
my $optlist = "dv"; my $optlist = "dvp";
my $debug = 0; my $restrict = 0;
my $verify = 0; # Check data and return status only. my $debug = 0;
my $verify = 0; # Check data and return status only.
# #
# Configure variables # Configure variables
...@@ -45,6 +46,7 @@ my $verify = 0; # Check data and return status only. ...@@ -45,6 +46,7 @@ my $verify = 0; # Check data and return status only.
my $TB = "@prefix@"; my $TB = "@prefix@";
my $TBOPS = "@TBOPSEMAIL@"; my $TBOPS = "@TBOPSEMAIL@";
my $TBAUDIT = "@TBAUDITEMAIL@"; my $TBAUDIT = "@TBAUDITEMAIL@";
my $UPDATEPERMS = "$TB/sbin/update_permissions";
# #
# Untaint the path # Untaint the path
...@@ -86,6 +88,9 @@ if (defined($options{"d"})) { ...@@ -86,6 +88,9 @@ if (defined($options{"d"})) {
if (defined($options{"v"})) { if (defined($options{"v"})) {
$verify = 1; $verify = 1;
} }
if (defined($options{"p"})) {
$restrict = 1;
}
if (@ARGV != 1) { if (@ARGV != 1) {
usage(); usage();
} }
...@@ -587,10 +592,17 @@ if ($new_type) { ...@@ -587,10 +592,17 @@ if ($new_type) {
" attrvalue='$value' "); " attrvalue='$value' ");
} }
# And a group policy that prevents new type from being used. if ($restrict) {
DBQueryFatal("replace into group_policies ". # And a group policy that prevents new type from being used.
"(pid_idx, gid_idx, pid, gid, policy, auxdata, count) ". DBQueryFatal("replace into group_policies ".
"values (0, 0, '-', '-', 'type', '$node_type', 0)"); "(pid_idx, gid_idx, pid, gid, policy, auxdata, count) ".
"values (0, 0, '-', '-', 'type', '$node_type', 0)");
#
# Now update the permissions table.
#
system($UPDATEPERMS);
}
} }
else { else {
DBQueryFatal("update node_types set ". DBQueryFatal("update node_types set ".
......
<?php <?php
# #
# Copyright (c) 2000-2012 University of Utah and the Flux Group. # Copyright (c) 2000-2013 University of Utah and the Flux Group.
# #
# {{{EMULAB-LICENSE # {{{EMULAB-LICENSE
# #
...@@ -347,6 +347,24 @@ function SPITFORM($node_type, $formfields, $attributes, $deletes, $errors) ...@@ -347,6 +347,24 @@ function SPITFORM($node_type, $formfields, $attributes, $deletes, $errors)
</td> </td>
</tr>\n"; </tr>\n";
if ($new_type) {
echo "<tr>
<td colspan=2>Restricted?:</td>
<td class=left>
<input type=checkbox
name=\"formfields[restricted]\"
value=Yep";
if (isset($formfields["restricted"]) &&
$formfields["restricted"] == "Yep")
echo " checked";
echo " > (Initially restrict nodes to emulab-ops)
</td>
</tr>\n";
}
# #
# Now do attributes. # Now do attributes.
# #
...@@ -699,7 +717,14 @@ if (isset($newattribute_name) && $newattribute_name != "" && ...@@ -699,7 +717,14 @@ if (isset($newattribute_name) && $newattribute_name != "" &&
$args["attr_${newattribute_type}_$newattribute_name"] = $newattribute_value; $args["attr_${newattribute_type}_$newattribute_name"] = $newattribute_value;
} }
if (! ($result = SetNodeType($node_type, $args, $errors))) { # Restricted checkbox.
$restricted = 0;
if (isset($new_type) &&
isset($formfields['restricted']) && $formfields['restricted'] == "Yep") {
$restricted = 1;
}
if (! ($result = SetNodeType($node_type, $restricted, $args, $errors))) {
# Always respit the form so that the form fields are not lost. # Always respit the form so that the form fields are not lost.
# I just hate it when that happens so lets not be guilty of it ourselves. # I just hate it when that happens so lets not be guilty of it ourselves.
SPITFORM($node_type, $formfields, $attributes, $deletes, $errors); SPITFORM($node_type, $formfields, $attributes, $deletes, $errors);
...@@ -723,7 +748,7 @@ PAGEFOOTER(); ...@@ -723,7 +748,7 @@ PAGEFOOTER();
# #
# Create or edit a nodetype. (No class for that at present.) # Create or edit a nodetype. (No class for that at present.)
# #
function SetNodeType($node_type, $args, &$errors) { function SetNodeType($node_type, $restricted, $args, &$errors) {
global $suexec_output, $suexec_output_array; global $suexec_output, $suexec_output_array;
# #
...@@ -754,7 +779,10 @@ function SetNodeType($node_type, $args, &$errors) { ...@@ -754,7 +779,10 @@ function SetNodeType($node_type, $args, &$errors) {
fclose($fp); fclose($fp);
chmod($xmlname, 0666); chmod($xmlname, 0666);
$retval = SUEXEC("nobody", "nobody", "webeditnodetype $xmlname", # Restricted checkbox.
$optarg = ($restricted ? "-p" : "");
$retval = SUEXEC("nobody", "nobody", "webeditnodetype $optarg $xmlname",
SUEXEC_ACTION_IGNORE); SUEXEC_ACTION_IGNORE);
if ($retval) { if ($retval) {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment