feat: Option to forbid the creation of domain if it exists as a record (#1127)

When enabled, forbids the creation of a domain if it exists as a record in one of its parent domains (administrators and operators are not limited though).
2025-06-14 20:16:05 +00:00 · 2022-06-17 18:50:51 +03:00
parent 1112105683
commit 1926b862b8
7 changed files with 120 additions and 5 deletions
--- a/powerdnsadmin/routes/admin.py
+++ b/powerdnsadmin/routes/admin.py
@ -1268,7 +1268,7 @@ def setting_basic():
            'allow_user_create_domain', 'allow_user_remove_domain', 'allow_user_view_history', 'bg_domain_updates', 'site_name',
            'session_timeout', 'warn_session_timeout', 'ttl_options',
            'pdns_api_timeout', 'verify_ssl_connections', 'verify_user_email',
-	          'delete_sso_accounts', 'otp_field_enabled', 'custom_css', 'enable_api_rr_history', 'max_history_records', 'otp_force'
+	          'delete_sso_accounts', 'otp_field_enabled', 'custom_css', 'enable_api_rr_history', 'max_history_records', 'otp_force', 'deny_domain_override'
        ]

        return render_template('admin_setting_basic.html', settings=settings)
--- a/powerdnsadmin/routes/domain.py
+++ b/powerdnsadmin/routes/domain.py
@ -32,7 +32,6 @@ domain_bp = Blueprint('domain',
                      template_folder='templates',
                      url_prefix='/domain')

-
@domain_bp.before_request
 def before_request():
    # Check if user is anonymous
@ -401,6 +400,38 @@ def add():
            account_name = Account().get_name_by_id(account_id)

            d = Domain()
+
+            ### Test if a record same as the domain already exists in an upper level domain
+            if Setting().get('deny_domain_override'):
+
+                upper_domain = None
+                domain_override = False
+                domain_override_toggle = False
+
+                if current_user.role.name in ['Administrator', 'Operator']:
+                    domain_override = request.form.get('domain_override')
+                    domain_override_toggle = True
+
+
+                # If overriding box is not selected.
+                # False = Do not allow ovrriding, perform checks
+                # True = Allow overriding, do not perform checks
+                if not domain_override:
+                    upper_domain = d.is_overriding(domain_name)
+
+                if upper_domain:
+                    if current_user.role.name in ['Administrator', 'Operator']:
+                        accounts = Account.query.order_by(Account.name).all()
+                    else:
+                        accounts = current_user.get_accounts()
+                    
+                    msg = 'Domain already exists as a record under domain: {}'.format(upper_domain)
+                    
+                    return render_template('domain_add.html', 
+                                            domain_override_message=msg,
+                                            accounts=accounts,
+                                            domain_override_toggle=domain_override_toggle)
+           
            result = d.add(domain_name=domain_name,
                           domain_type=domain_type,
                           soa_edit_api=soa_edit_api,
@ -478,14 +509,17 @@ def add():

    # Get
    else:
+        domain_override_toggle = False
        # Admins and Operators can set to any account
        if current_user.role.name in ['Administrator', 'Operator']:
            accounts = Account.query.order_by(Account.name).all()
+            domain_override_toggle = True
        else:
            accounts = current_user.get_accounts()
        return render_template('domain_add.html',
                               templates=templates,
-                               accounts=accounts)
+                               accounts=accounts,
+                               domain_override_toggle=domain_override_toggle)