diff options
| author | Ted Trask <ttrask01@yahoo.com> | 2014-09-16 20:40:00 +0000 |
|---|---|---|
| committer | Ted Trask <ttrask01@yahoo.com> | 2014-09-16 20:40:00 +0000 |
| commit | 7d25635f278549eaac801f78e320e714fe61bf06 (patch) | |
| tree | 085dcf3ca805e3f569cb4e5feadc999e687d1b10 /freeradius3-viewpasswdfile-html.lsp | |
| parent | 674ea5218b182cb7ba2ba84e9e143f7cf1dd1862 (diff) | |
| download | acf-freeradius3-7d25635f278549eaac801f78e320e714fe61bf06.tar.bz2 acf-freeradius3-7d25635f278549eaac801f78e320e714fe61bf06.tar.xz | |
Modify passwd actions to detect readonly files and prevent modification
If you edit the file with editfile, the permissions will be changed to readwrite, making the file editable
Diffstat (limited to 'freeradius3-viewpasswdfile-html.lsp')
| -rw-r--r-- | freeradius3-viewpasswdfile-html.lsp | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/freeradius3-viewpasswdfile-html.lsp b/freeradius3-viewpasswdfile-html.lsp index 5e6ad7f..fe28b28 100644 --- a/freeradius3-viewpasswdfile-html.lsp +++ b/freeradius3-viewpasswdfile-html.lsp @@ -30,8 +30,16 @@ html = require("acf.html") redir.value = redir.value.."?filename="..html.url_encode(view.value.filename.value) %> +<% +local editable = false +if view.value.mode and string.match(view.value.mode.value, "^.w") then + editable = true +end +%> + <% local header_level = htmlviewfunctions.displaysectionstart(view, page_info) %> <% htmlviewfunctions.displayitem(view.value.filename) %> +<% if view.value.mode then htmlviewfunctions.displayitem(view.value.mode) end %> <% if view.value.data then %> <% local containspasswd = 0 %> <table id="list" class="tablesorter"><thead> @@ -48,6 +56,7 @@ redir.value = redir.value.."?filename="..html.url_encode(view.value.filename.val <% for i,r in ipairs( view.value.data.value ) do %> <tr> <td> +<% if editable then %> <% entry.value = i %> <% if viewlibrary.check_permission("editpasswdentry") then %> <% htmlviewfunctions.displayitem(cfe({type="link", value={filename=filename, entry=entry, redir=redir}, label="", option="Edit", action="editpasswdentry"}), page_info, -1) %> @@ -58,6 +67,7 @@ redir.value = redir.value.."?filename="..html.url_encode(view.value.filename.val <% if 0 < containspasswd and r[containspasswd] ~= "" and viewlibrary.check_permission("editpasswd") then %> <% htmlviewfunctions.displayitem(cfe({type="link", value={filename=filename, entry=entry, redir=redir}, label="", option="Change Pass", action="editpasswd"}), page_info, -1) %> <% end %> +<% end %> </td> <% for j,f in ipairs(r) do %> <td><% if (j == containspasswd) and (f ~= "") then io.write("********") else io.write(html.html_escape(f)) end %></td> @@ -67,7 +77,7 @@ redir.value = redir.value.."?filename="..html.url_encode(view.value.filename.val </tbody></table> <% end %> -<% if view.value.data and viewlibrary and viewlibrary.dispatch_component and viewlibrary.check_permission("createpasswdentry") then +<% if editable and view.value.data and viewlibrary and viewlibrary.dispatch_component and viewlibrary.check_permission("createpasswdentry") then local createform = viewlibrary.dispatch_component("createpasswdentry", {filename=view.value.filename.value, redir=redir.value}, true) createform.action = page_info.script .. page_info.prefix .. page_info.controller .. "/createpasswdentry" htmlviewfunctions.displayitem(createform, page_info, htmlviewfunctions.incrementheader(header_level)) |