diff options
-rw-r--r-- | cobbler/modules/authz_ownership.py | 7 | ||||
-rw-r--r-- | cobbler/webui/CobblerWeb.py | 5 | ||||
-rw-r--r-- | setup.py | 1 | ||||
-rw-r--r-- | webui_templates/enoaccess.tmpl | 2 | ||||
-rw-r--r-- | webui_templates/ksfile_edit.tmpl | 33 | ||||
-rw-r--r-- | webui_templates/ksfile_view.tmpl | 6 |
6 files changed, 44 insertions, 10 deletions
diff --git a/cobbler/modules/authz_ownership.py b/cobbler/modules/authz_ownership.py index ff5c016..9e7a217 100644 --- a/cobbler/modules/authz_ownership.py +++ b/cobbler/modules/authz_ownership.py @@ -98,6 +98,13 @@ def authorize(api_handle,user,resource,arg1=None,arg2=None): All users in the file are permitted by this module. """ + # everybody can get read-only access to everything + # if they pass authorization, they don't have to be in users.conf + if resource is not None: + for x in [ "get", "read", "/cobbler/web" ]: + if resource.startswith(x): + return 1 + user_groups = __parse_config() # classify the type of operation diff --git a/cobbler/webui/CobblerWeb.py b/cobbler/webui/CobblerWeb.py index 2012708..f6afe2f 100644 --- a/cobbler/webui/CobblerWeb.py +++ b/cobbler/webui/CobblerWeb.py @@ -677,10 +677,15 @@ class CobblerWeb(object): } ) def ksfile_edit(self, name=None,**spam): + + if not self.__xmlrpc_setup(): return self.xmlrpc_auth_failure() + + can_edit = self.remote.check_access_no_fail(self.token,"modify_kickstart",name) return self.__render( 'ksfile_edit.tmpl', { 'name': name, + 'editable' : can_edit, 'ksdata': self.remote.read_or_write_kickstart_template(name,True,"",self.token) } ) @@ -159,7 +159,6 @@ if __name__ == "__main__": # Web UI kickstart file editing (wwwtmpl, ['webui_templates/ksfile_edit.tmpl']), (wwwtmpl, ['webui_templates/ksfile_list.tmpl']), - (wwwtmpl, ['webui_templates/ksfile_view.tmpl']), # Web UI support files (wwwgfx, ['docs/wui.html']), diff --git a/webui_templates/enoaccess.tmpl b/webui_templates/enoaccess.tmpl index 5af1ae3..b3a001e 100644 --- a/webui_templates/enoaccess.tmpl +++ b/webui_templates/enoaccess.tmpl @@ -5,6 +5,8 @@ WARNING: You do not have permission to make changes to this object. To recieve access, contact your Cobbler server administrator. </br> +#if $owners != [] The access control list for this object is: <B><U>$myowners</U></B>. +#end if </blockquote> diff --git a/webui_templates/ksfile_edit.tmpl b/webui_templates/ksfile_edit.tmpl index 5e0c5ae..87c9f41 100644 --- a/webui_templates/ksfile_edit.tmpl +++ b/webui_templates/ksfile_edit.tmpl @@ -1,7 +1,22 @@ #extends cobbler.webui.master -#attr $title = "Cobbler: Edit Kickstart File $ksfile" +##attr $title = "Cobbler: Edit Kickstart File $ksfile" #block body + +#if $editable != True +<blockquote> +NOTE: You do not have permission to make changes to this +kickstart template and can only read it. It is possible that +other Cobbler users has secured permissions on Cobbler +profiles/systems that depend on this template -- changing this +template would ultimately affect those profile/system records which +you do not have access to. Alternatively, you may not have access +to edit *any* kickstart templates. Contact your Cobbler server administrator +if you need to resolve this. +</blockquote> +</br> +#end if + <form method="post" action="$base_url?mode=ksfile_save"> <input type="hidden" name="name" value="$name"/> <fieldset id="cform"> @@ -10,8 +25,20 @@ <pre><textarea rows="40" cols="120" name="ksdata" id="ksdata">$ksdata</textarea></pre> <br/> - <input type="submit" name="submit" value="Save"/> - <input type="reset" name="reset" value="Reset"/> + #if $editable == True + <input type="submit" name="submit" value="Save"/> + <input type="reset" name="reset" value="Reset"/> + #end if + </fieldset> </form> + +#if $editable == True +<br/> +<blockquote> +NOTE: Run a cobbler sync to after making changes here in order +for kickstart files to be regenerated. +</blockquote> +#end if + #end block body diff --git a/webui_templates/ksfile_view.tmpl b/webui_templates/ksfile_view.tmpl deleted file mode 100644 index b6abf67..0000000 --- a/webui_templates/ksfile_view.tmpl +++ /dev/null @@ -1,6 +0,0 @@ -#extends cobbler.webui.master - -#block body -<pre class="config_data">$ksdata</pre> -#end block body - |