KGRKJGETMRETU895U-589TY5MIGM5JGB5SDFESFREWTGR54TY
Server : Apache/2.4.62
System : FreeBSD fbsdweb2.web.rcn.net 14.1-RELEASE FreeBSD 14.1-RELEASE releng/14.1-n267679-10e31f0946d8 GENERIC amd64
User : www ( 80)
PHP Version : 8.3.8
Disable Function : NONE
Directory :  /domains/compasssysweb/calendar/CalciumDir39/Operation/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Current File : /domains/compasssysweb/calendar/CalciumDir39/Operation/SysSecurity.pm
# Copyright 1999-2003, Fred Steinberg, Brown Bear Software

# Specify who can do System Administration type things

package SysSecurity;
use strict;

use CGI (':standard');
use Calendar::GetHTML;

use vars ('@ISA');
@ISA = ('Operation');

sub perform {
    my $self = shift;
    my $i18n = $self->I18N;

    my ($save, $cancel, $anyOrSelected) =
             $self->getParams (qw (Save Cancel AnyOrSelected));

    # if we've been cancel'ed, go back
    if ($cancel or $self->calendarName) {
        print $self->redir ($self->makeURL ({Op => 'SysAdminPage'}));
        return;
    }

    my @allUsers = User->getUserNames;
    my $username = $self->getUsername;

    my $message;

    # if we're getting saved, save it.
    if ($save) {
        $self->{audit_formsaved}++;
        $self->{audit_orig} = $self->permission->getUserHash;

        if ($anyOrSelected eq 'anyone') {
            $self->permission->setAnonymous ('Admin');
        } else {
            $self->permission->setAnonymous ('None');
            $self->permission->setAuthenticatedUser ('None');
            foreach (@allUsers) {
                my $level = (param ("User-$_") ? 'Admin' : 'None');
                $self->permission->set ($_, $level);
            }
        }

        # Make sure they don't remove their own admin privs
        unless ($self->permission->permitted ($username, 'Admin')) {
            $self->permission->set ($username, 'Admin');
            $message = $i18n->get ('Sorry, you cannot remove Administration ' .
                                   'permissions for yourself.');
        }
    }

    print header;
    print start_html ('-title'   => 'Calcium - ' .
                                    $i18n->get ('System Security'),
                      '-bgcolor' => 'white');

    print GetHTML->SysAdminHeader ($i18n,
                                   'Security for System Administration', 1);

    my $instructions = $i18n->get ('SysSecurity_HelpString');
    if ($instructions eq 'SysSecurity_HelpString') {
        ($instructions =<<"        FNORD") =~ s/^ +//gm;
            System Administration functions include Creating and
            Deleting Calendars, adding and removing Users, and setting
            Global Defaults which apply to new calendars. Any
            user with System Administration rights will have full
            permissions in any calendar.
        FNORD
    }
    print table ({width => '90%', align => 'center'}, Tr (td ($instructions)));

    print '<center>';

    if ($username) {
        print $i18n->get ('You are currently logged in as') .
              ' <b>' . $username . '.</b><br><br>';
    } else {
        print '<p>';
        print $i18n->get ('You are <b>not</b> currently logged in.') .
              '&nbsp;';
        my $loginURL = $self->makeURL ({Op        => 'UserLogin',
                                        DesiredOp => 'SysSecurity'});
        print a ({href => $loginURL}, $i18n->get ('Login'));
        print '</p>';
    }

    print "<p>$message</p>" if $message;

    my $anonAdmin = $self->permission->permitted (undef, 'Admin');

    my %empowered;
    unless ($anonAdmin) {
        foreach (@allUsers) {
            $empowered{$_}++ if $self->permission->permitted ($_, 'Admin');
        }
    }

    my ($theUsers, $theString);
    if ($anonAdmin) {
        $theString = 'Current settings allow <font color=red>Anyone</font> ' .
                     'to perform System Administration';
    } else {
        if (keys %empowered == 1) {
            $theString = 'Current settings allow only this user to perform' .
                         ' System Administration';
        } else {
            $theString = 'Current settings allow only these users to perform' .
                         ' System Administration';
        }
        $theUsers = join ', ', sort {lc($a) cmp lc($b)} keys %empowered;
    }
    print $i18n->get ($theString);
    print ":<br><b>$theUsers</b>" if $theUsers;

    print '</center>';

    print startform;

    my $anyoneString = $i18n->get ("<b>Anyone</b> can perform System "     .
                                   "Administration, even if they haven't " .
                                   "logged in.");
    my $selectedUsersString = $i18n->get ("<b>Only the users selected "   .
                                          "below</b> can perform System " .
                                          "Administration.");
    my @radios = radio_group (-name      => 'AnyOrSelected',
                              -values    => ['anyone', 'selectedUsers'],
                              -default   => $anonAdmin ? 'anyone'
                                                       : 'selectedUsers',
                              -labels    => {anyone        => '',
                                             selectedUsers => ''});

    my $whoTable = table (Tr (td ($radios[0], $anyoneString)),
                          Tr (td ($radios[1], $selectedUsersString)));

    print <<'    END_JAVASCRIPT';
        <SCRIPT LANGUAGE="JavaScript">
        <!-- start
            function setWhoRadio (theCheckbox) {
                form = theCheckbox.form;
                form.AnyOrSelected[1].checked = true;
            }
        // End -->
        </SCRIPT>
    END_JAVASCRIPT

    my ($color, $color2) = ('#eeeeee', '#cccccc');
    my @rows;
    foreach (sort {lc($a) cmp lc($b)} @allUsers) {
        push @rows, Tr ({-bgcolor => $color},
                        td ($_),
                        td ({-align => 'center'},
                             checkbox (-name    => "User-$_",
                                       -label   => '',
                                       -checked => $empowered{$_},
                                       -override => 1,
                                       -onClick  => 'setWhoRadio (this)')));
        ($color, $color2) = ($color2, $color);
    }

    my $boxTable =
        table ({-cellspacing => 0,
                -cellpadding => 2,
                -border      => 0},
               th ({-align => 'center'},
                   ['<u>' . $i18n->get ('Username') . '</u>&nbsp;',
                    '<u>' . $i18n->get ('Administer') . '?</u>']),
               @rows);

    print table ({-width   => '90%',
                  -align   => 'center',
                  -bgcolor => '#cccccc'},
                 Tr (td (GetHTML->SectionHeader (
                                         $i18n->get ('Change Permissions')))),
                 Tr (td ({align => 'center'}, table (Tr (td ($whoTable))))),
                 Tr (td ({align => 'center'},
                         $boxTable)));
    print '<br>';
    print '<hr>';
    print submit (-name  => 'Save',
                  -value => $i18n->get ('Set Permissions')); print '&nbsp;';
    print submit (-name  => 'Cancel',
                  -value => $i18n->get ('Done'));
    print hidden (-name  => 'Op', -value => 'SysSecurity');
    print endform;
    print end_html;
}

sub auditString {
    my ($self, $short) = @_;
    return unless $self->{audit_formsaved};
    my $line = $self->SUPER::auditString ($short);

    my $perms = $self->permission->getUserHash;

    my $info;
    foreach (sort keys %{$self->{audit_orig}}) {
        next if ($self->{audit_orig}->{$_} eq $perms->{$_});
        $info .= " [$_: $self->{audit_orig}->{$_} -> $perms->{$_}]";
    }

    return unless $info;     # don't report if nothing changed
    return $line . $info;
}

1;

Anon7 - 2021