mirror of
https://github.com/cwinfo/powerdns-admin.git
synced 2024-11-14 09:30:27 +00:00
Add option to allow user to create domain
This commit is contained in:
parent
38d1d85a18
commit
3481af149b
@ -61,3 +61,18 @@ def can_configure_dnssec(f):
|
||||
|
||||
return f(*args, **kwargs)
|
||||
return decorated_function
|
||||
|
||||
|
||||
def can_create_domain(f):
|
||||
"""
|
||||
Grant access if:
|
||||
- user is in Operator role or higher, or
|
||||
- allow_user_create_domain is on
|
||||
"""
|
||||
@wraps(f)
|
||||
def decorated_function(*args, **kwargs):
|
||||
if g.user.role.name not in ['Administrator', 'Operator'] and not Setting().get('allow_user_create_domain'):
|
||||
return redirect(url_for('error', code=401))
|
||||
|
||||
return f(*args, **kwargs)
|
||||
return decorated_function
|
||||
|
@ -1799,6 +1799,7 @@ class Setting(db.Model):
|
||||
'allow_quick_edit': True,
|
||||
'pretty_ipv6_ptr': False,
|
||||
'dnssec_admins_only': False,
|
||||
'allow_user_create_domain': False,
|
||||
'bg_domain_updates': False,
|
||||
'site_name': 'PowerDNS-Admin',
|
||||
'pdns_api_url': '',
|
||||
|
@ -69,7 +69,7 @@
|
||||
<script>
|
||||
// set up history data table
|
||||
$("#tbl_settings").DataTable({
|
||||
"paging" : true,
|
||||
"paging" : false,
|
||||
"lengthChange" : false,
|
||||
"searching" : true,
|
||||
"ordering" : true,
|
||||
|
@ -108,10 +108,12 @@
|
||||
<li class="{{ 'active' if active_page == 'dashboard' else '' }}">
|
||||
<a href="{{ url_for('dashboard') }}"><i class="fa fa-dashboard"></i> Dashboard</a>
|
||||
</li>
|
||||
{% if current_user.role.name in ['Administrator', 'Operator'] %}
|
||||
{% if SETTING.get('allow_user_create_domain') %}
|
||||
<li class="{{ 'active' if active_page == 'new_domain' else '' }}">
|
||||
<a href="{{ url_for('domain_add') }}"><i class="fa fa-plus"></i> New Domain</a>
|
||||
</li>
|
||||
{% endif %}
|
||||
{% if current_user.role.name in ['Administrator', 'Operator'] %}
|
||||
<li class="header">ADMINISTRATION</li>
|
||||
<li class="{{ 'active' if active_page == 'admin_console' else '' }}">
|
||||
<a href="{{ url_for('admin_pdns') }}"><i class="fa fa-info-circle"></i> PDNS</a>
|
||||
|
10
app/views.py
10
app/views.py
@ -19,7 +19,7 @@ from .models import User, Account, Domain, Record, Role, Server, History, Anonym
|
||||
from app import app, login_manager
|
||||
from app.lib import utils
|
||||
from app.oauth import github_oauth, google_oauth
|
||||
from app.decorators import admin_role_required, operator_role_required, can_access_domain, can_configure_dnssec
|
||||
from app.decorators import admin_role_required, operator_role_required, can_access_domain, can_configure_dnssec, can_create_domain
|
||||
|
||||
if app.config['SAML_ENABLED']:
|
||||
from onelogin.saml2.utils import OneLogin_Saml2_Utils
|
||||
@ -598,7 +598,7 @@ def domain(domain_name):
|
||||
|
||||
@app.route('/admin/domain/add', methods=['GET', 'POST'])
|
||||
@login_required
|
||||
@operator_role_required
|
||||
@can_create_domain
|
||||
def domain_add():
|
||||
templates = DomainTemplate.query.all()
|
||||
if request.method == 'POST':
|
||||
@ -627,6 +627,11 @@ def domain_add():
|
||||
if result['status'] == 'ok':
|
||||
history = History(msg='Add domain {0}'.format(domain_name), detail=str({'domain_type': domain_type, 'domain_master_ips': domain_master_ips, 'account_id': account_id}), created_by=current_user.username)
|
||||
history.add()
|
||||
|
||||
# grant user access to the domain
|
||||
Domain(name=domain_name).grant_privielges([current_user.username])
|
||||
|
||||
# apply template if needed
|
||||
if domain_template != '0':
|
||||
template = DomainTemplate.query.filter(DomainTemplate.id == domain_template).first()
|
||||
template_records = DomainTemplateRecord.query.filter(DomainTemplateRecord.template_id == domain_template).all()
|
||||
@ -693,6 +698,7 @@ def domain_management(domain_name):
|
||||
new_user_list = request.form.getlist('domain_multi_user[]')
|
||||
|
||||
# grant/revoke user privielges
|
||||
d = Domain(name=domain_name)
|
||||
d.grant_privielges(new_user_list)
|
||||
|
||||
history = History(msg='Change domain {0} access control'.format(domain_name), detail=str({'user_has_access': new_user_list}), created_by=current_user.username)
|
||||
|
@ -24,10 +24,11 @@ def update_data():
|
||||
sa.sql.column('view', sa.String)
|
||||
)
|
||||
|
||||
# add ldap_operator_group setting
|
||||
# add new settings
|
||||
op.bulk_insert(setting_table,
|
||||
[
|
||||
{'id': 44, 'name': 'ldap_operator_group', 'value': '', 'view': 'authentication'},
|
||||
{'id': 45, 'name': 'allow_user_create_domain', 'value': 'False', 'view': 'basic'},
|
||||
]
|
||||
)
|
||||
|
||||
@ -54,5 +55,6 @@ def downgrade():
|
||||
op.execute("UPDATE user SET role_id = 2 WHERE role_id=3")
|
||||
op.execute("DELETE FROM role WHERE name = 'Operator'")
|
||||
|
||||
# delete ldap setting
|
||||
op.execute("DELETE FROM setting WHERE name = 'ldap_operator_group'")
|
||||
# delete settings
|
||||
op.execute("DELETE FROM setting WHERE name = 'ldap_operator_group'")
|
||||
op.execute("DELETE FROM setting WHERE name = 'allow_user_create_domain'")
|
||||
|
Loading…
Reference in New Issue
Block a user