manage records_allow_to_edit setting in DB

2024-11-08 14:40:27 +00:00 · 2018-08-22 08:36:53 +07:00 · 2018-08-22 08:36:53 +07:00 · 9506315a46
commit 9506315a46
parent 74a7b5a3b7
7 changed files with 189 additions and 43 deletions
--- a/app/models.py
+++ b/app/models.py
@ -14,6 +14,7 @@ import dns.name
 import sys
 import logging as logger

+from ast import literal_eval
 from datetime import datetime
 from urllib.parse import urljoin
 from distutils.util import strtobool
@ -1775,7 +1776,7 @@ class History(db.Model):
 class Setting(db.Model):
    id = db.Column(db.Integer, primary_key = True)
    name = db.Column(db.String(64))
-    value = db.Column(db.String(256))
+    value = db.Column(db.Text())
    view = db.Column(db.String(64))

    defaults = {
@ -1821,6 +1822,8 @@ class Setting(db.Model):
        'google_token_params': {'scope': 'email profile'},
        'google_authorize_url':'https://accounts.google.com/o/oauth2/auth',
        'google_base_url':'https://www.googleapis.com/oauth2/v1/',
+        'forward_records_allow_edit': {'A': True, 'AAAA': True, 'AFSDB': False, 'ALIAS': False, 'CAA': True, 'CERT': False, 'CDNSKEY': False, 'CDS': False, 'CNAME': True, 'DNSKEY': False, 'DNAME': False, 'DS': False, 'HINFO': False, 'KEY': False, 'LOC': True, 'MX': True, 'NAPTR': False, 'NS': True, 'NSEC': False, 'NSEC3': False, 'NSEC3PARAM': False, 'OPENPGPKEY': False, 'PTR': True, 'RP': False, 'RRSIG': False, 'SOA': False, 'SPF': True, 'SSHFP': False, 'SRV': True, 'TKEY': False, 'TSIG': False, 'TLSA': False, 'SMIMEA': False, 'TXT': True, 'URI': False},
+        'reverse_records_allow_edit': {'A': False, 'AAAA': False, 'AFSDB': False, 'ALIAS': False, 'CAA': False, 'CERT': False, 'CDNSKEY': False, 'CDS': False, 'CNAME': False, 'DNSKEY': False, 'DNAME': False, 'DS': False, 'HINFO': False, 'KEY': False, 'LOC': True, 'MX': False, 'NAPTR': False, 'NS': True, 'NSEC': False, 'NSEC3': False, 'NSEC3PARAM': False, 'OPENPGPKEY': False, 'PTR': True, 'RP': False, 'RRSIG': False, 'SOA': False, 'SPF': False, 'SSHFP': False, 'SRV': False, 'TKEY': False, 'TSIG': False, 'TLSA': False, 'SMIMEA': False, 'TXT': True, 'URI': False},
    }

    def __init__(self, id=None, name=None, value=None):
@ -1905,6 +1908,17 @@ class Setting(db.Model):
        else:
            logging.error('Unknown setting queried: {0}'.format(setting))

+    def get_records_allow_to_edit(self):
+        return list(set(self.get_forward_records_allow_to_edit() + self.get_reverse_records_allow_to_edit()))
+
+    def get_forward_records_allow_to_edit(self):
+        records = literal_eval(self.get('forward_records_allow_edit'))
+        return [r for r in records if records[r]]
+
+    def get_reverse_records_allow_to_edit(self):
+        records = literal_eval(self.get('reverse_records_allow_edit'))
+        return [r for r in records if records[r]]
+
    def get_view(self, view):
        r = {}
        settings = Setting.query.filter(Setting.view == view).all()
--- a/app/templates/admin_setting_pdns.html
+++ b/app/templates/admin_setting_pdns.html
@ -26,7 +26,6 @@
            <!-- /.box-header -->
            <!-- form start -->
            <form role="form" method="post" data-toggle="validator">
-                <input type="hidden" name="create" value="{{ create }}">
                <div class="box-body">
                    {% if not SETTING.get('pdns_api_url') or not SETTING.get('pdns_api_key') or not SETTING.get('pdns_version') %}
                        <div class="alert alert-danger alert-dismissible">
--- a/app/templates/admin_setting_records.html
+++ b/app/templates/admin_setting_records.html
@ -0,0 +1,78 @@
+{% extends "base.html" %}
+{% set active_page = "admin_settings" %}
+{% block title %}
+<title>DNS Records Settings - {{ SITE_NAME }}</title>
+{% endblock %} {% block dashboard_stat %}
+<!-- Content Header (Page header) -->
+<section class="content-header">
+    <h1>
+        Settings <small>PowerDNS-Admin settings</small>
+    </h1>
+    <ol class="breadcrumb">
+        <li><a href="{{ url_for('dashboard') }}"><i class="fa fa-dashboard"></i> Home</a></li>
+        <li><a href="#">Setting</a></li>
+        <li class="active">Records</li>
+    </ol>
+</section>
+{% endblock %}
+{% block content %}
+<section class="content">
+<div class="row">
+    <div class="col-md-5">
+        <div class="box box-primary">
+            <div class="box-header with-border">
+                <h3 class="box-title">DNS record Settings</h3>
+            </div>
+            <!-- /.box-header -->
+            <!-- form start -->
+            <form role="form" method="post">
+                <input type="hidden" name="create" value="{{ create }}">
+                <div class="box-body">
+                    <table class="table table-bordered">
+                      <tr>
+                        <th style="width: 10px">#</th>
+                        <th style="width: 40px">Record</th>
+                        <th>Forward Zone</th>
+                        <th>Reverse Zone</th>
+                      </tr>
+                      {% for record in f_records %}
+                      <tr>
+                        <td>{{ loop.index }}</td>
+                        <td>{{ record }}</td>
+                        <td>
+                            <input type="checkbox" id="fr_{{ record|lower }}" name="fr_{{ record|lower }}" class="checkbox" {% if f_records[record] %}checked{% endif %}>
+                        </td>
+                        <td>
+                            <input type="checkbox" id="rr_{{ record|lower }}" name="rr_{{ record|lower }}" class="checkbox" {% if r_records[record] %}checked{% endif %}>
+                        </td>
+                      </tr>
+                      {% endfor %}
+                    </table>
+                </div>
+                <div class="box-footer">
+                    <button type="submit" class="btn btn-flat btn-primary">Update</button>
+                </div>
+            </form>
+        </div>
+    </div>
+    <div class="col-md-7">
+        <div class="box box-primary">
+            <div class="box-header with-border">
+                <h3 class="box-title">Help</h3>
+            </div>
+            <div class="box-body">
+                <p>TBD</p>
+            </div>
+        </div>
+    </div>
+</div>
+</section>
+{% endblock %}
+{% block extrascripts %}
+<script>
+    $('.checkbox').iCheck({
+        checkboxClass : 'icheckbox_square-blue',
+        increaseArea : '20%'
+    })
+</script>
+{% endblock %}
--- a/app/templates/base.html
+++ b/app/templates/base.html
@ -137,6 +137,7 @@
          </a>
          <ul class="treeview-menu" {% if active_page == 'admin_settings' %}style="display: block;"{% endif %}>
            <li><a href="{{ url_for('admin_setting_basic') }}"><i class="fa fa-circle-o"></i></i> Basic</a></li>
+            <li><a href="{{ url_for('admin_setting_records') }}"><i class="fa fa-circle-o"></i> Records</a></li>
            <li><a href="{{ url_for('admin_setting_pdns') }}"><i class="fa fa-circle-o"></i> PDNS</a></li>
            <li><a href="{{ url_for('admin_setting_authentication') }}"><i class="fa fa-circle-o"></i> Authentication</a></li>
          </ul>
--- a/app/views.py
+++ b/app/views.py
@ -8,6 +8,7 @@ from distutils.util import strtobool
 from distutils.version import StrictVersion
 from functools import wraps
 from io import BytesIO
+from ast import literal_eval

 import jinja2
 import qrcode as qrc
@ -564,29 +565,31 @@ def domain(domain_name):
        return redirect(url_for('error', code=500))

    quick_edit = Setting().get('allow_quick_edit')
-
+    records_allow_to_edit = Setting().get_records_allow_to_edit()
+    forward_records_allow_to_edit = Setting().get_forward_records_allow_to_edit()
+    reverse_records_allow_to_edit = Setting().get_reverse_records_allow_to_edit()
    records = []
-    #TODO: This should be done in the "model" instead of "view"
+
    if StrictVersion(Setting().get('pdns_version')) >= StrictVersion('4.0.0'):
        for jr in jrecords:
-            if jr['type'] in app.config['RECORDS_ALLOW_EDIT']:
+            if jr['type'] in Setting().get_records_allow_to_edit():
                for subrecord in jr['records']:
                    record = Record(name=jr['name'], type=jr['type'], status='Disabled' if subrecord['disabled'] else 'Active', ttl=jr['ttl'], data=subrecord['content'])
                    records.append(record)
        if not re.search('ip6\.arpa|in-addr\.arpa$', domain_name):
-            editable_records = app.config['FORWARD_RECORDS_ALLOW_EDIT']
+            editable_records = forward_records_allow_to_edit
        else:
-            editable_records = app.config['REVERSE_RECORDS_ALLOW_EDIT']
+            editable_records = reverse_records_allow_to_edit
        return render_template('domain.html', domain=domain, records=records, editable_records=editable_records, quick_edit=quick_edit)
    else:
        for jr in jrecords:
-            if jr['type'] in app.config['RECORDS_ALLOW_EDIT']:
+            if jr['type'] in Setting().get_records_allow_to_edit():
                record = Record(name=jr['name'], type=jr['type'], status='Disabled' if jr['disabled'] else 'Active', ttl=jr['ttl'], data=jr['content'])
                records.append(record)
    if not re.search('ip6\.arpa|in-addr\.arpa$', domain_name):
-        editable_records = app.config['FORWARD_RECORDS_ALLOW_EDIT']
+        editable_records = forward_records_allow_to_edit
    else:
-        editable_records = app.config['REVERSE_RECORDS_ALLOW_EDIT']
+        editable_records = reverse_records_allow_to_edit
    return render_template('domain.html', domain=domain, records=records, editable_records=editable_records, quick_edit=quick_edit)


@ -980,14 +983,14 @@ def create_template_from_zone():

                if StrictVersion(Setting().get('pdns_version')) >= StrictVersion('4.0.0'):
                    for jr in jrecords:
-                        if jr['type'] in app.config['RECORDS_ALLOW_EDIT']:
+                        if jr['type'] in Setting().get_records_allow_to_edit():
                            name = '@' if jr['name'] == domain_name else re.sub('\.{}$'.format(domain_name), '', jr['name'])
                            for subrecord in jr['records']:
                                record = DomainTemplateRecord(name=name, type=jr['type'], status=True if subrecord['disabled'] else False, ttl=jr['ttl'], data=subrecord['content'])
                                records.append(record)
                else:
                    for jr in jrecords:
-                        if jr['type'] in app.config['RECORDS_ALLOW_EDIT']:
+                        if jr['type'] in Setting().get_records_allow_to_edit():
                            name = '@' if jr['name'] == domain_name else re.sub('\.{}$'.format(domain_name), '', jr['name'])
                            record = DomainTemplateRecord(name=name, type=jr['type'], status=True if jr['disabled'] else False, ttl=jr['ttl'], data=jr['content'])
                            records.append(record)
@ -1013,14 +1016,15 @@ def create_template_from_zone():
 def edit_template(template):
    try:
        t = DomainTemplate.query.filter(DomainTemplate.name == template).first()
+        records_allow_to_edit = Setting().get_records_allow_to_edit()
        if t is not None:
            records = []
            for jr in t.records:
-                if jr.type in app.config['RECORDS_ALLOW_EDIT']:
+                if jr.type in records_allow_to_edit:
                        record = DomainTemplateRecord(name=jr.name, type=jr.type, status='Disabled' if jr.status else 'Active', ttl=jr.ttl, data=jr.data)
                        records.append(record)

-            return render_template('template_edit.html', template=t.name, records=records, editable_records=app.config['RECORDS_ALLOW_EDIT'])
+            return render_template('template_edit.html', template=t.name, records=records, editable_records=records_allow_to_edit)
    except:
        logging.error(traceback.print_exc())
        return redirect(url_for('error', code=500))
@ -1374,6 +1378,27 @@ def admin_setting_pdns():
        return render_template('admin_setting_pdns.html', pdns_api_url=pdns_api_url, pdns_api_key=pdns_api_key, pdns_version=pdns_version)


+@app.route('/admin/setting/dns-records', methods=['GET', 'POST'])
+@login_required
+@admin_role_required
+def admin_setting_records():
+    if request.method == 'GET':
+        f_records = literal_eval(Setting().get('forward_records_allow_edit'))
+        r_records = literal_eval(Setting().get('reverse_records_allow_edit'))
+        return render_template('admin_setting_records.html', f_records=f_records, r_records=r_records)
+    elif request.method == 'POST':
+        fr = {}
+        rr = {}
+        records = Setting().defaults['forward_records_allow_edit']
+        for r in records:
+            fr[r] = True if request.form.get('fr_{0}'.format(r.lower())) else False
+            rr[r] = True if request.form.get('rr_{0}'.format(r.lower())) else False
+
+        Setting().set('forward_records_allow_edit', str(fr))
+        Setting().set('reverse_records_allow_edit', str(rr))
+        return redirect(url_for('admin_setting_records'))
+
+
@app.route('/admin/setting/authentication', methods=['GET', 'POST'])
@login_required
@admin_role_required
--- a/config_template.py
+++ b/config_template.py
@ -11,29 +11,26 @@ PORT = 9191
 TIMEOUT = 10

 # LOG CONFIG
+#  	- For docker, LOG_FILE=''
 LOG_LEVEL = 'DEBUG'
 LOG_FILE = 'logfile.log'
-# For Docker, leave empty string
-#LOG_FILE = ''

-# Upload
+# UPLOAD DIRECTORY
 UPLOAD_DIR = os.path.join(basedir, 'upload')

 # DATABASE CONFIG
-#You'll need MySQL-python
-SQLA_DB_USER = 'powerdnsadmin'
-SQLA_DB_PASSWORD = 'powerdnsadminpassword'
-SQLA_DB_HOST = 'mysqlhostorip'
-SQLA_DB_NAME = 'powerdnsadmin'
-
-#MySQL
-#SQLALCHEMY_DATABASE_URI = 'mysql://'+SQLA_DB_USER+':'\
-#    +SQLA_DB_PASSWORD+'@'+SQLA_DB_HOST+'/'+SQLA_DB_NAME
-#SQLite
-SQLALCHEMY_DATABASE_URI = 'sqlite:///' + os.path.join(basedir, 'pdns.db')
-SQLALCHEMY_MIGRATE_REPO = os.path.join(basedir, 'db_repository')
+SQLA_DB_USER = 'pda'
+SQLA_DB_PASSWORD = 'changeme'
+SQLA_DB_HOST = '127.0.0.1'
+SQLA_DB_NAME = 'pda'
 SQLALCHEMY_TRACK_MODIFICATIONS = True

+# DATBASE - MySQL
+SQLALCHEMY_DATABASE_URI = 'mysql://'+SQLA_DB_USER+':'+SQLA_DB_PASSWORD+'@'+SQLA_DB_HOST+'/'+SQLA_DB_NAME
+
+# DATABSE - SQLite
+#SQLALCHEMY_DATABASE_URI = 'sqlite:///' + os.path.join(basedir, 'pdns.db')
+
 # SAML Authnetication
 SAML_ENABLED = False
 SAML_DEBUG = True
@ -106,17 +103,3 @@ SAML_LOGOUT = False
 #Configure to redirect to a different url then PowerDNS-Admin login after SAML logout
 #for example redirect to google.com after successful saml logout
 #SAML_LOGOUT_URL = 'https://google.com'
-
-# RECORDS ALLOWED TO EDIT
-RECORDS_ALLOW_EDIT = ['A', 'AAAA', 'CAA', 'CNAME', 'MX', 'PTR', 'SPF', 'SRV', 'TXT', 'LOC', 'NS', 'PTR', 'SOA']
-FORWARD_RECORDS_ALLOW_EDIT = ['A', 'AAAA', 'CAA', 'CNAME', 'MX', 'PTR', 'SPF', 'SRV', 'TXT', 'LOC' 'NS']
-REVERSE_RECORDS_ALLOW_EDIT = ['SOA', 'TXT', 'LOC', 'NS', 'PTR']
-
-# ALLOW DNSSEC CHANGES FOR ADMINS ONLY
-DNSSEC_ADMINS_ONLY = False
-
-# EXPERIMENTAL FEATURES
-PRETTY_IPV6_PTR = False
-
-# Domain updates in background, for big installations
-BG_DOMAIN_UPDATES = False
--- a/migrations/versions/1274ed462010_change_setting_value_data_type.py
+++ b/migrations/versions/1274ed462010_change_setting_value_data_type.py
@ -0,0 +1,46 @@
+"""Change setting.value data type
+
+Revision ID: 1274ed462010
+Revises: 59729e468045
+Create Date: 2018-08-21 17:12:30.058782
+
+"""
+from alembic import op
+import sqlalchemy as sa
+
+
+# revision identifiers, used by Alembic.
+revision = '1274ed462010'
+down_revision = '59729e468045'
+branch_labels = None
+depends_on = None
+
+
+def update_data():
+    setting_table = sa.sql.table('setting',
+        sa.sql.column('id', sa.Integer),
+        sa.sql.column('name', sa.String),
+        sa.sql.column('value', sa.String),
+        sa.sql.column('view', sa.String)
+    )
+
+    # add more new settings
+    op.bulk_insert(setting_table,
+        [
+            {'id': 42, 'name': 'forward_records_allow_edit', 'value': "{'A': True, 'AAAA': True, 'AFSDB': False, 'ALIAS': False, 'CAA': True, 'CERT': False, 'CDNSKEY': False, 'CDS': False, 'CNAME': True, 'DNSKEY': False, 'DNAME': False, 'DS': False, 'HINFO': False, 'KEY': False, 'LOC': True, 'MX': True, 'NAPTR': False, 'NS': True, 'NSEC': False, 'NSEC3': False, 'NSEC3PARAM': False, 'OPENPGPKEY': False, 'PTR': True, 'RP': False, 'RRSIG': False, 'SOA': False, 'SPF': True, 'SSHFP': False, 'SRV': True, 'TKEY': False, 'TSIG': False, 'TLSA': False, 'SMIMEA': False, 'TXT': True, 'URI': False}", 'view': 'records'},
+            {'id': 43, 'name': 'reverse_records_allow_edit', 'value': "{'A': False, 'AAAA': False, 'AFSDB': False, 'ALIAS': False, 'CAA': False, 'CERT': False, 'CDNSKEY': False, 'CDS': False, 'CNAME': False, 'DNSKEY': False, 'DNAME': False, 'DS': False, 'HINFO': False, 'KEY': False, 'LOC': True, 'MX': False, 'NAPTR': False, 'NS': True, 'NSEC': False, 'NSEC3': False, 'NSEC3PARAM': False, 'OPENPGPKEY': False, 'PTR': True, 'RP': False, 'RRSIG': False, 'SOA': False, 'SPF': False, 'SSHFP': False, 'SRV': False, 'TKEY': False, 'TSIG': False, 'TLSA': False, 'SMIMEA': False, 'TXT': True, 'URI': False}", 'view': 'records'},
+        ]
+    )
+
+def upgrade():
+    # change column data type
+    op.alter_column('setting', 'value', existing_type=sa.String(256), type_=sa.Text())
+    # update data for new schema
+    update_data()
+
+
+def downgrade():
+    # delete added records in previous version
+    op.execute("DELETE FROM setting WHERE id > 41")
+    # change column data type
+    op.alter_column('setting', 'value', existing_type=sa.Text(), type_=sa.String(256))