Group support & permissions#137
Conversation
Conflicts: users.php
…esn't stop the permissions list from working.
… it's needed everywhere.
|
Holy moly! I'll try to review this soon and await the rest of the patches. But good work! |
|
Thanks, one thing I should mention is that the interface is using j-query autocomplete rather than drop-downs for the user and group selection boxes as the number of users could be large. I hope this is OK. |
|
Yeah, I'd think that's ok. |
|
Hi are there any news to commit this into master? |
|
Ping? Any plans to get this PR reviewed and merged? |
|
@richard-underwood Was it ready? |
|
Apologies - other tasks got in the way and it stalled. It's not finished, and will need re-merging now. I'll try and get it up to date later this week and see what the state of play is. |
|
Not a problem. Thanks. |
|
I've merged the upstream changes, which looked OK, but not fully tested everything yet. This is a large change, I'll try and list the changes below:
Essentially, each domain still has an owner who is always admin, but other users or groups can be assigned to view, update or admin a zone. There's a config option to restrict editing (e.g. to stop SOA and NS records being updated). I'm certain there's more to do, but it'll take me a while to remember exactly what. In particular, I have a feeling there are issues editing zones which have bene created, but not in the database. Hopefully I'll have a chance to work on this over the next week. If anyone who is interested in this pull request could have a look ON A TEST SYSTEM and see if it works for you, if there's anything fundamentally missing, if there are any security issues, etc. then it'd be appreciated. Bear in mind that the database schema will be changed, so take a backup of this if it's important to you. |
…that this will create users if they don't exist also.
| ============ | ||
| Multiple users are supported. A user can be an admin or a normal user. You can | ||
| configure wheter or not a normal user is allowed to add new zones. | ||
| configure whether or not a normal user is allowed to add new zones. |
|
|
||
| if (!is_adminuser()) { | ||
| header('Status: 403'); | ||
| jtable_respond(null, 'error', "You need adminprivileges to get here"); |
There was a problem hiding this comment.
I'd argue that adminprivileges should be two words (x2) as there doesn't appear to be a token by this name.
There was a problem hiding this comment.
Changed, thanks.
|
@righter83 @pasikarkkainen ? Are you able to test this ON A TEST SYSTEM ? I'm currently not able to test this extensively. |
|
Hi, thanks for investing more time into this feature! I've pulled it into my test system and almost everything works. just my 2c on this feature. My programming is not that fine, therefore I haven't mad a pull request. thanks |
|
righter83 - thanks for looking at it. I didn't think I'd made any changes to zone cloning, so I suspect that that had always happened (but will check). However, the permissions will not be copied on zone clone, which I'm guessing they should be - so will need to add that. Thanks. |
|
I've raised issue #160 for the owner change on cloning - it looks like the "kind" field is also ignored. |
richard-underwood
changed the title
|
I'm happy for this to be merged, if everyone else is - although I think it could still do with some more review or testing. In particular, @tuxis-ie, are you happy with the database update scripts? |
|
+1 for merging this feature soon :-) |
|
@tuxis-ie any news about this? If you need some more testing, I'd be available too (have a test system up and running) |
|
+1 for merging that will lift nsedit to a new level |
7 participants
Hi, this is a pretty big set of changes, so it would be worth getting some early feedback. It's designed to fix the following:
Issue 68 - group support
Issue 17 - forbid users from editing administrative records
Unfortunately, there's no point in having groups without some sort of permissions system, so that's included as well.
As the DB schema also needed updating for this, I've put a framework in place for schema versioning.