Update user management feature to allow editing user details directly in the admin user interface.
Also added an option to reset the two factor authentication data of a user, for when that's needed (lost device, technical issues etc).
(cherry picked from commit 3139616282a18c11463c6ecf78888417b2ac1c35)
PowerDNS 3.x API does not support setting or getting account info.
This patch lets PowerDNS 3.x users use the rest of the interface without problems.
Account stuff still does not work.
A message is logged in debug mode, to help with troubleshooting on newer versions
of PowerDNS.
Adds an `allow_quick_edit` setting, using the improved setting handling logic from PR #287 to toggle whether records are editable by simply clicking the row or not.
Aims to fix#288
For a setting to be useful, the code has to be able to make sense of it anyway. For this reason it makes sense, that the available settings are defined within the code, rather than in the database, where a missing row has previously caused problems. Instead, settings are now written to the database, when they are changed.
So instead of relying on the database initialization process to create all available settings for us in the database, the supported settings and their defaults are now in a `defaults` dict in the Setting class. With this in place, we can stop populating the `setting` table as a part of database initialization and it will be much easier to support new settings in the future (we no longer need to do anything to the database, to achieve that).
Another benefit is that any changes to default values will take effect automatically, unless the admin has already modified that setting to his/her liking.
To make it easier to get the value of a setting, falling back to defaults etc, a new function `get` has been added to the Setting class. Call it as `Setting().get('setting_name'), and it will take care of returning a setting from the database or return the default value for that setting, if nothing was found.
The `get` function returns `None`, if the setting passed to the function, does not exist in the `Setting.defaults` dict - Indicating that we don't know of a setting by that name.
For DNSSEC enabled zones to function correctly, they need to be rectified on update.
This changes the DNSSEC enable/disable code to set API-RECTIFY:
To `true` when activating DNSSEC on a domain
To `false` when deactivating DNSSEC on a domain
With this, PowerDNS promises to handle the needed rectifications.
(cherry picked from commit 5d15d8899cc03a4a7d433d33c2c4b1da09b5eb2d)
Added the possibility for assigning users to an account, providing access to all domains associated with that account automatically.
This makes management easier, especially in installations with lots of domains and lots of managing entities.
The old style per-domain permissions are still there and working as usual. The two methods work perfectly side-by-side and are analogous to "user" (per-domain) and "group" (account) permissions as we know them from Active Directory and such places.
(cherry picked from commit 34fbc634d2848a7f76dc89a03dd8c0604068cc17)
This adds initial support for accounts a concept meant to signify a customer, a department or any other entity that somehow owns or manages one or more domains.
The purpose is to be able to assign an account to any number of domains, making it easy to track who owns or manages a domain, significantly improving manageability in setups with a large number of domains.
An account consists of a mandatory, unique `name` and optional `description`, `contact` name and `mail` address. The account `name` is stripped of spaces and symbols, and lower cased before getting stored in the database and in PowerDNS, to help ensure some type of predictability and uniqueness in the database.
The term *account* is actually taken from the PowerDNS database, where the `domains.account` column is used to store the account relationship, in in the form of the account `name`.
The link to a domain in PowerDNS-Admin is done through the `domain.account_id` FOREIGN KEY, that is linked to the `account.id` PRIMARY KEY.
(cherry picked from commits 4e95f33dfb0676d1c401a033c28bca3be7d6ec26, da0d596bd019a339549e2c59630a8fdee65d0e22, 7f06e6aaf4fd8011c784f24b7bbbba5f52aef319, 1c624dad8749024033d1d15dd6242ca52b39f135)
The options for SOA-EDIT-API included was actually the options used for SOA-EDIT, which is a very different beast.
Those options have been swapped out for the options allowed in SOA-EDIT-API and SOA-EDIT-DNSUPDATE.
With refactoring the get_reverse_domain_name
function, we change the reverse domain checking to
a reverse order. In this way we check the lowest class
(more specific) reverse zone first. When an existing domain found we use it to create the reverse PTR records. If no one existing can be find, The most specific address will be used.
In this way the reverse it is possible to create
auto-ptr records in higher ip classes (eg. class A in IPv4).
Only works with existing higher class domain.
If is isn't find higher class domain, create a lowest class domain, and add there the reverse PTRs.
Also works with IPv6!
iteratively checking of existing domains with higher IP
classes. When this function find an existing higher class
domain return with that reverse address. eg. 192.in-addr.arpa
If it is not find any existing higher class domain it returns with the lowest class domain reverse domain name. eg, 39.168.192.in-addr.arpa
With this modification it can be possible, to detect
custom IP classes for domains. It just need to
modify the multipler in regexp {4} or {1}.
In the future it will works automaticly, but not now
Because this bug domain deleting isn't possible when
a domain specific attribute is set (eg. dyndns).
This modification delete domain settings before domain
deleting.
First of all we cut all of dot char at the end of the rstring and than we put one there.
this way we make sure that our string contains just
one dot at its end.
When a record successefully added to a domain, it will
try to create a reverse lookup domain for that record.
In this point we aren't create the records yet...
This function will create automatically the reverse lookup
domain for the applied record of a Domain.
And also grant the privileges from the original Domain.
If we try to check if a domain exists, and we fetch with
get_id_by_name() function it will return with None if
the domain not exists, and return the id when yes.
Depending on the database backend the string might not be UTF-8 encoded.
This makes sure that the hashing function works regardless of that.
Signed-off-by: Felix Kaechele <felix@kaechele.ca>
This commit adds a new table to store per-domain settings, so a database
migrate/upgrade will be required. The first use-case is to allow dyndns
updates to create a record if one doesn't yet exist but only if the
per-domain setting is set.