From 10f47039ec846a36f5420521758df4aae589dc95 Mon Sep 17 00:00:00 2001 From: Thomas M Steenholdt Date: Wed, 6 Jun 2018 08:42:57 -0200 Subject: [PATCH] Add config option to allow DNSSEC changes only for admins DNSSEC requires changes to the parent domain, which in many cases requires special access to a registry or the like. For that reason, especially the option to disable DNSSEC can be dangerous - if DNSSEC is disabled in PowerDNS but not in the registry, the domain stops working. For this reason, adding an option to disable DNSSEC changes for non-admins seems reasonable. (cherry picked from commit 5cdfc0263b07f4658d51cf7c038fea9a8911152a) --- app/templates/dashboard.html | 2 ++ app/views.py | 3 ++- config_template.py | 3 +++ 3 files changed, 7 insertions(+), 1 deletion(-) diff --git a/app/templates/dashboard.html b/app/templates/dashboard.html index 0f806df..588c3d4 100644 --- a/app/templates/dashboard.html +++ b/app/templates/dashboard.html @@ -224,6 +224,7 @@ modal.modal('show'); }); + {% if current_user.role.name == 'Administrator' or dnssec_adm_only == false %} $(document.body).on("click", ".button_dnssec", function() { var domain = $(this).prop('id'); getdnssec($SCRIPT_ROOT + '/domain/' + domain + '/dnssec', domain); @@ -240,6 +241,7 @@ enable_dns_sec($SCRIPT_ROOT + '/domain/' + domain + '/dnssec/disable'); }); + {% endif %} {% endblock %} {% block modals %} diff --git a/app/views.py b/app/views.py index 1c65ca1..7d67780 100644 --- a/app/views.py +++ b/app/views.py @@ -472,7 +472,8 @@ def dashboard(): uptime = list([uptime for uptime in statistics if uptime['name'] == 'uptime'])[0]['value'] else: uptime = 0 - return render_template('dashboard.html', domain_count=domain_count, users=users, history_number=history_number, uptime=uptime, histories=history,pdns_version=app.config['PDNS_VERSION']) + + return render_template('dashboard.html', domain_count=domain_count, users=users, history_number=history_number, uptime=uptime, histories=history, dnssec_adm_only=app.config['DNSSEC_ADMINS_ONLY'], pdns_version=app.config['PDNS_VERSION']) @app.route('/dashboard-domains', methods=['GET']) diff --git a/config_template.py b/config_template.py index cbc4d2a..a481cac 100644 --- a/config_template.py +++ b/config_template.py @@ -125,5 +125,8 @@ RECORDS_ALLOW_EDIT = ['SOA', 'A', 'AAAA', 'CAA', 'CNAME', 'MX', 'PTR', 'SPF', 'S FORWARD_RECORDS_ALLOW_EDIT = ['A', 'AAAA', 'CAA', 'CNAME', 'MX', 'PTR', 'SPF', 'SRV', 'TXT', 'LOC' 'NS'] REVERSE_RECORDS_ALLOW_EDIT = ['SOA', 'TXT', 'LOC', 'NS', 'PTR'] +# ALLOW DNSSEC CHANGES FOR ADMINS ONLY +DNSSEC_ADMINS_ONLY = False + # EXPERIMENTAL FEATURES PRETTY_IPV6_PTR = False