/old/html/PostgresssAdmin/privileges.php - Komentovat - Aplikace pro Centrum blízkovýchodních studií (FF) - Medici - Redmine

6daefa8c

Petr Lukašík

<?php

2

3

/**

4

	 * Manage privileges in a database

5

6

	 * $Id: privileges.php,v 1.38 2005/10/18 03:45:16 chriskl Exp $

7

*/

8

9

	// Include application functions

10

	include_once('./libraries/lib.inc.php');

11

12

	$action = (isset($_REQUEST['action'])) ? $_REQUEST['action'] : '';

13

	if (!isset($msg)) $msg = '';

14

	$PHP_SELF = $_SERVER['PHP_SELF'];

15

16

/**

17

	 * Grant permissions on an object to a user

18

	 * @param $confirm To show entry screen

19

	 * @param $mode 'grant' or 'revoke'

20

	 * @param $msg (optional) A message to show

21

*/

22

	function doAlter($confirm, $mode, $msg = '') {

23

		global $data, $misc;

24

		global $PHP_SELF, $lang;

25

26

		if (!isset($_REQUEST['username'])) $_REQUEST['username'] = array();

27

		if (!isset($_REQUEST['groupname'])) $_REQUEST['groupname'] = array();

28

		if (!isset($_REQUEST['privilege'])) $_REQUEST['privilege'] = array();

29

30

		if ($confirm) {

31

			// Get users from the database

32

			$users = $data->getUsers();

33

			// Get groups from the database

34

			$groups = $data->getGroups();

35

36

			$misc->printTrail($_REQUEST['subject']);

37

38

			switch ($mode) {

39

				case 'grant':

40

					$misc->printTitle($lang['strgrant'],'pg.privilege.grant');

41

					break;

42

				case 'revoke':

43

					$misc->printTitle($lang['strrevoke'],'pg.privilege.revoke');

44

					break;

45

46

			$misc->printMsg($msg);

47

48

			echo "<form action=\"$PHP_SELF\" method=\"post\">\n";

49

			echo "<table>\n";

50

			echo "<tr><th class=\"data left\">{$lang['strusers']}</th>\n";

51

			echo "<td class=\"data1\"><select name=\"username[]\" multiple=\"multiple\" size=\"", min(6, $users->recordCount()), "\">\n";

52

			while (!$users->EOF) {

53

				$uname = htmlspecialchars($users->f['usename']);

54

				echo "<option value=\"{$uname}\"",

55

					in_array($users->f['usename'], $_REQUEST['username']) ? ' selected="selected"' : '', ">{$uname}</option>\n";

56

				$users->moveNext();

57

58

			echo "</select></td></tr>\n";

59

			echo "<tr><th class=\"data left\">{$lang['strgroups']}</th>\n";

60

			echo "<td class=\"data1\">\n";

61

			echo "<input type=\"checkbox\" name=\"public\"", (isset($_REQUEST['public']) ? ' checked="checked"' : ''), " />PUBLIC\n";

62

			// Only show groups if there are groups!

63

			if ($groups->recordCount() > 0) {

64

				echo "<br /><select name=\"groupname[]\" multiple=\"multiple\" size=\"", min(6, $groups->recordCount()), "\">\n";

65

				while (!$groups->EOF) {

66

					$gname = htmlspecialchars($groups->f['groname']);

67

					echo "<option value=\"{$gname}\"",

68

						in_array($groups->f['groname'], $_REQUEST['groupname']) ? ' selected="selected"' : '', ">{$gname}</option>\n";

69

					$groups->moveNext();

70

71

				echo "</select>\n";

72

73

			echo "</td></tr>\n";

74

			echo "<tr><th class=\"data left required\">{$lang['strprivileges']}</th>\n";

75

			echo "<td class=\"data1\">\n";

76

			foreach ($data->privlist[$_REQUEST['subject']] as $v) {

77

				$v = htmlspecialchars($v);

78

				echo "<input type=\"checkbox\" name=\"privilege[$v]\"",

79

							isset($_REQUEST['privilege'][$v]) ? ' checked="checked"' : '', " />{$v}<br />\n";

80

81

			echo "</td></tr>\n";

82

			// Grant option

83

			if ($data->hasGrantOption()) {

84

				echo "<tr><th class=\"data left\">{$lang['stroptions']}</th>\n";

85

				echo "<td class=\"data1\">\n";

86

				if ($mode == 'grant') {

87

					echo "<input type=\"checkbox\" name=\"grantoption\"",

88

								isset($_REQUEST['grantoption']) ? ' checked="checked"' : '', " />GRANT OPTION\n";

89

90

				elseif ($mode == 'revoke') {

91

					echo "<input type=\"checkbox\" name=\"grantoption\"",

92

								isset($_REQUEST['grantoption']) ? ' checked="checked"' : '', " />GRANT OPTION FOR<br />\n";

93

					echo "<input type=\"checkbox\" name=\"cascade\"",

94

								isset($_REQUEST['cascade']) ? ' checked="checked"' : '', " />CASCADE<br />\n";

95

96

				echo "</td></tr>\n";

97

98

			echo "</table>\n";

99

100

			if (isset($_REQUEST[$_REQUEST['subject'].'_oid']))

101

				echo "<input type=\"hidden\" name=\"", htmlspecialchars($_REQUEST['subject'].'_oid'),

102

					"\" value=\"", htmlspecialchars($_REQUEST[$_REQUEST['subject'].'_oid']), "\" />\n";

103

			echo "<input type=\"hidden\" name=\"action\" value=\"save\" />\n";

104

			echo "<input type=\"hidden\" name=\"mode\" value=\"", htmlspecialchars($mode), "\" />\n";

105

			echo "<input type=\"hidden\" name=\"subject\" value=\"", htmlspecialchars($_REQUEST['subject']), "\" />\n";

106

			echo "<input type=\"hidden\" name=\"", htmlspecialchars($_REQUEST['subject']),

107

					"\" value=\"", htmlspecialchars($_REQUEST[$_REQUEST['subject']]), "\" />\n";

108

			echo $misc->form;

109

			echo "<p>";

110

			if ($mode == 'grant')

111

				echo "<input type=\"submit\" name=\"grant\" value=\"{$lang['strgrant']}\" />\n";

112

			elseif ($mode == 'revoke')

113

				echo "<input type=\"submit\" name=\"revoke\" value=\"{$lang['strrevoke']}\" />\n";

114

			echo "<input type=\"submit\" name=\"cancel\" value=\"{$lang['strcancel']}\" />";

115

			echo "</p>\n";

116

			echo "</form>\n";

117

118

		else {

119

120

			// Determine whether object should be ref'd by name or oid.

121

			if (isset($_REQUEST[$_REQUEST['subject'].'_oid']))

122

				$object = $_REQUEST[$_REQUEST['subject'].'_oid'];

123

			else

124

				$object = $_REQUEST[$_REQUEST['subject']];

125

126

			$status = $data->setPrivileges(($mode == 'grant') ? 'GRANT' : 'REVOKE', $_REQUEST['subject'], $object,

127

				isset($_REQUEST['public']), $_REQUEST['username'], $_REQUEST['groupname'], array_keys($_REQUEST['privilege']),

128

				isset($_REQUEST['grantoption']), isset($_REQUEST['cascade']));

129

			if ($status == 0)

130

				doDefault($lang['strgranted']);

131

			elseif ($status == -3 || $status == -4)

132

				doAlter(true, $_REQUEST['mode'], $lang['strgrantbad']);

133

			else

134

				doAlter(true, $_REQUEST['mode'], $lang['strgrantfailed']);

/**

139

	 * Show permissions on a database, namespace, relation, language or function

140

*/

141

	function doDefault($msg = '') {

142

		global $data, $misc, $database;

143

		global $PHP_SELF, $lang;

144

145

		$misc->printTrail($_REQUEST['subject']);

146

147

		# @@@FIXME: This switch is just a temporary solution,

148

		# need a better way, maybe every type of object should

149

		# have a tab bar???

150

		switch ($_REQUEST['subject']) {

151

			case 'server':

152

			case 'database':

153

			case 'schema':

154

			case 'table':

155

			case 'view':

156

				$misc->printTabs($_REQUEST['subject'], 'privileges');

157

				break;

158

			default:

159

				$misc->printTitle($lang['strprivileges'], 'pg.privilege');

160

161

		$misc->printMsg($msg);

162

163

		// Determine whether object should be ref'd by name or oid.

164

		if (isset($_REQUEST[$_REQUEST['subject'].'_oid']))

165

			$object = $_REQUEST[$_REQUEST['subject'].'_oid'];

166

		else

167

			$object = $_REQUEST[$_REQUEST['subject']];

168

169

		// Get the privileges on the object, given its type

170

		$privileges = $data->getPrivileges($object, $_REQUEST['subject']);

171

172

		if (sizeof($privileges) > 0) {

173

			echo "<table>\n";

174

			echo "<tr><th class=\"data\">{$lang['strtype']}</th><th class=\"data\">{$lang['struser']}/{$lang['strgroup']}</th>";

175

			foreach ($data->privlist[$_REQUEST['subject']] as $v2) {

176

				// Skip over ALL PRIVILEGES

177

				if ($v2 == 'ALL PRIVILEGES') continue;

178

				echo "<th class=\"data\">{$v2}</th>\n";

179

180

			if ($data->hasGrantOption()) {

181

				echo "<th class=\"data\">{$lang['strgrantor']}</th>";

182

183

			echo "</tr>\n";

184

185

			// Loop over privileges, outputting them

186

			$i = 0;

187

			foreach ($privileges as $v) {

188

				$id = (($i % 2) == 0 ? '1' : '2');

189

				echo "<tr>\n";

190

				echo "<td class=\"data{$id}\">", $misc->printVal($v[0]), "</td>\n";

191

				echo "<td class=\"data{$id}\">", $misc->printVal($v[1]), "</td>\n";

192

				foreach ($data->privlist[$_REQUEST['subject']] as $v2) {

193

					// Skip over ALL PRIVILEGES

194

					if ($v2 == 'ALL PRIVILEGES') continue;

195

					echo "<td class=\"data{$id}\">";

196

					if (in_array($v2, $v[2]))

197

						echo $lang['stryes'];

198

					else

199

						echo $lang['strno'];

200

					// If we have grant option for this, end mark

201

					if ($data->hasGrantOption() && in_array($v2, $v[4])) echo $lang['strasterisk'];

202

					echo "</td>\n";

203

204

				if ($data->hasGrantOption()) {

205

					echo "<td class=\"data{$id}\">", $misc->printVal($v[3]), "</td>\n";

206

207

				echo "</tr>\n";

208

				$i++;

209

210

211

			echo "</table>";

212

213

		else {

214

			echo "<p>{$lang['strnoprivileges']}</p>\n";

215

216

217

		// Links for granting to a user or group

218

		switch ($_REQUEST['subject']) {

219

			case 'table':

220

			case 'view':

221

			case 'sequence':

222

			case 'function':

223

			case 'tablespace':

224

				$allurl = "{$_REQUEST['subject']}s.php";

225

				$alltxt = $lang["strshowall{$_REQUEST['subject']}s"];

226

				break;

227

			case 'schema':

228

				$allurl = "database.php";

229

				$alltxt = $lang["strshowallschemas"];

230

				break;

231

			case 'database':

232

				$allurl = 'all_db.php';

233

				$alltxt = $lang['strshowalldatabases'];

234

				break;

235

236

237

		$subject = htmlspecialchars(urlencode($_REQUEST['subject']));

238

		$object = htmlspecialchars(urlencode($_REQUEST[$_REQUEST['subject']]));

239

240

		if ($_REQUEST['subject'] == 'function') {

241

			$objectoid = $_REQUEST[$_REQUEST['subject'].'_oid'];

242

			$alterurl = "{$PHP_SELF}?action=alter&amp;{$misc->href}&amp;{$subject}={$object}&amp;{$subject}_oid=$objectoid&amp;subject={$subject}&amp;mode=";

243

		} else {

244

			$alterurl = "{$PHP_SELF}?action=alter&amp;{$misc->href}&amp;{$subject}={$object}&amp;subject={$subject}&amp;mode=";

245

246

247

		echo "<p><a class=\"navlink\" href=\"{$alterurl}grant\">{$lang['strgrant']}</a> |\n";

248

		echo "<a class=\"navlink\" href=\"{$alterurl}revoke\">{$lang['strrevoke']}</a>\n";

249

		if (isset($allurl))

250

			echo "| <a class=\"navlink\" href=\"{$allurl}?{$misc->href}\">{$alltxt}</a>\n";

251

252

		echo "</p>\n";

253

254

255

	$misc->printHeader($lang['strprivileges']);

256

	$misc->printBody();

257

258

	switch ($action) {

259

		case 'save':

260

			if (isset($_REQUEST['cancel'])) doDefault();

261

			else doAlter(false, $_REQUEST['mode']);

262

			break;

263

		case 'alter':

264

			doAlter(true, $_REQUEST['mode']);

265

			break;

266

		default:

267

			doDefault();

268

			break;

269

270

271

	$misc->printFooter();

272

273

?>

Projekt

Obecné

Profil

ASWI - Pokročilé softwarové inženýrství » ASWI 2019 » Aplikace pro Centrum blízkovýchodních studií (FF) - Medici

Projekt

Obecné

Profil

ASWI - Pokročilé softwarové inženýrství » ASWI 2019 » Aplikace pro Centrum blízkovýchodních studií (FF) - Medici

gitlab_medici/old/html/PostgresssAdmin/privileges.php @ f1da904b