From f0d187b4c36092affbcc21c5a5ba89f7f483d4de Mon Sep 17 00:00:00 2001
From: Thomas Hooge <thomas@hoogi.de>
Date: Wed, 1 Mar 2023 15:12:09 +0100
Subject: [PATCH] More restrictions due to authorization system

---
 install/mysql.sql           | 38 ++++++++++++++++++++-----------------
 install/upgrade.txt         |  4 ++--
 lang/de.php                 |  1 +
 lang/en.php                 |  1 +
 login.php                   |  5 ++++-
 options.php                 |  5 +++++
 tpl/assetclassgroupview.tpl |  6 ++++++
 tpl/assetclassview.tpl      |  8 ++++++++
 tpl/assetview.tpl           |  8 ++++++++
 tpl/locationview.tpl        |  8 ++++++++
 tpl/nodeview.tpl            |  4 ++++
 tpl/options.tpl             | 31 +++++++++++++++++++++++++++++-
 tpl/subnetview.tpl          |  8 ++++++++
 tpl/vlanview.tpl            |  8 ++++++++
 14 files changed, 114 insertions(+), 21 deletions(-)

diff --git a/install/mysql.sql b/install/mysql.sql
index f114243..1a01027 100644
--- a/install/mysql.sql
+++ b/install/mysql.sql
@@ -97,7 +97,9 @@ CREATE TABLE node (
   zone_id int(10) DEFAULT NULL,
   node_info text DEFAULT NULL,
   node_type enum('v4','v6') NOT NULL DEFAULT 'v4',
-  PRIMARY KEY (node_id)
+  PRIMARY KEY (node_id),
+  INDEX ix_ip (node_ip),
+  INDEX ix_mac (node_mac)
 ) ENGINE=MyISAM DEFAULT CHARSET=utf8;
 
 CREATE TABLE subnet (
@@ -109,7 +111,8 @@ CREATE TABLE subnet (
   subnet_info text DEFAULT NULL,
   protocol_version tinyint(1) NOT NULL DEFAULT 4,
   ntp_server varchar(45) DEFAULT NULL,
-  PRIMARY KEY (subnet_id)
+  PRIMARY KEY (subnet_id),
+  UNIQUE INDEX ix_subnet (subnet_address, subnet_mask)
 ) ENGINE=MyISAM DEFAULT CHARSET=utf8;
 
 CREATE TABLE subnetlocation (
@@ -162,20 +165,21 @@ CREATE TABLE vlan (
 
 CREATE TABLE zone (
   zone_id int(10) NOT NULL AUTO_INCREMENT,
-  zone_soa varchar(40) CHARACTER SET utf8 NOT NULL,
-  zone_hostmaster varchar(40) CHARACTER SET utf8 NOT NULL,
-  zone_origin varchar(40) CHARACTER SET utf8 NOT NULL,
-  zone_ttl_default varchar(10) CHARACTER SET utf8 NOT NULL DEFAULT '3D',
-  zone_refresh varchar(10) CHARACTER SET utf8 NOT NULL DEFAULT '8H',
-  zone_retry varchar(10) CHARACTER SET utf8 NOT NULL DEFAULT '2H',
-  zone_expire varchar(10) CHARACTER SET utf8 NOT NULL DEFAULT '4W',
-  zone_ttl varchar(10) CHARACTER SET utf8 NOT NULL DEFAULT '1D',
+  zone_soa varchar(40) NOT NULL,
+  zone_hostmaster varchar(40) NOT NULL,
+  zone_origin varchar(40) NOT NULL,
+  zone_ttl_default varchar(10) NOT NULL DEFAULT '3D',
+  zone_refresh varchar(10) NOT NULL DEFAULT '8H',
+  zone_retry varchar(10) NOT NULL DEFAULT '2H',
+  zone_expire varchar(10) NOT NULL DEFAULT '4W',
+  zone_ttl varchar(10) NOT NULL DEFAULT '1D',
   zone_serial int(10) unsigned NOT NULL,
-  zone_ns1 varchar(20) CHARACTER SET utf8 NOT NULL,
-  zone_ns2 varchar(20) CHARACTER SET utf8 DEFAULT NULL,
-  zone_ns3 varchar(20) CHARACTER SET utf8 DEFAULT NULL,
-  zone_mx1 varchar(20) CHARACTER SET utf8 DEFAULT NULL,
-  zone_mx2 varchar(20) CHARACTER SET utf8 DEFAULT NULL,
-  zone_info text CHARACTER SET utf8 DEFAULT NULL,
-  PRIMARY KEY (zone_id)
+  zone_ns1 varchar(20) NOT NULL,
+  zone_ns2 varchar(20) DEFAULT NULL,
+  zone_ns3 varchar(20) DEFAULT NULL,
+  zone_mx1 varchar(20) DEFAULT NULL,
+  zone_mx2 varchar(20) DEFAULT NULL,
+  zone_info text DEFAULT NULL,
+  PRIMARY KEY (zone_id),
+  UNIQUE INDEX ix_zone_origin (zone_origin)
 ) ENGINE=MyISAM DEFAULT CHARSET=utf8;
diff --git a/install/upgrade.txt b/install/upgrade.txt
index a5251eb..8cb5cff 100644
--- a/install/upgrade.txt
+++ b/install/upgrade.txt
@@ -18,7 +18,7 @@ Compare the configuration to the sample config.
 There may be additional settings that you want to customize.
 
 3. Switch to new version
-Rename the old an new directory.
+Rename the old and new directory.
 
 4. Done
-If everything works fine you could remove the old directory.
\ No newline at end of file
+If everything works fine you could remove the old directory.
diff --git a/lang/de.php b/lang/de.php
index b1c5e6f..ee53b5a 100644
--- a/lang/de.php
+++ b/lang/de.php
@@ -194,6 +194,7 @@ $lang = array(
     'lang_comments_accessdenied' => 'Zugriff verweigert. Keine Berechtigung.',
 
     'lang_options_ipreg' => 'IP Reg Optionen',
+    'lang_options_profile' => 'Aktuelles Benutzerprofil',
     'lang_options_display' => 'Anzeigeeinstellungen',
     'lang_options_password' => 'Kennwort ändern',
     'lang_options_imagesize' => 'Bildgröße',
diff --git a/lang/en.php b/lang/en.php
index 9a908f4..38c7723 100644
--- a/lang/en.php
+++ b/lang/en.php
@@ -194,6 +194,7 @@ $lang = array(
     'lang_comments_accessdenied' => 'Access denied',
 
     'lang_options_ipreg' => 'IP Reg options',
+    'lang_options_profile' => 'Current user profile',
     'lang_options_display' => 'Display options',
     'lang_options_password' => 'Change password',
     'lang_options_imagesize' => 'Imagesize',
diff --git a/login.php b/login.php
index abb3c69..e668f27 100644
--- a/login.php
+++ b/login.php
@@ -10,7 +10,10 @@ SPDX-License-Identifier: GPL-3.0-or-later
 session_name('ipreg');
 session_start();
 
-include("config.php");
+if (! include("config.php")) {
+    echo "<!DOCTYPE html><html><head><title>IP Reg</title></head><body><h1>IP Reg</h1><h2>No configuration</h2><p>Error loading configuration. Please check your installation.</p></body></html>\n";
+    exit(1);
+}
 
 // connect to database
 $dbh = new PDO("mysql:host=$config_mysql_host;dbname=$config_mysql_dbname;charset=utf8", $config_mysql_username, $config_mysql_password);
diff --git a/options.php b/options.php
index 93af530..5efe468 100644
--- a/options.php
+++ b/options.php
@@ -10,6 +10,11 @@ SPDX-License-Identifier: GPL-3.0-or-later
 include("includes.php");
 include("header.php");
 
+$smarty->assign('role_add', $_SESSION['suser_role_add']);
+$smarty->assign('role_edit', $_SESSION['suser_role_edit']);
+$smarty->assign('role_delete', $_SESSION['suser_role_delete']);
+$smarty->assign('role_manage', $_SESSION['suser_role_manage']);
+$smarty->assign('role_admin', $_SESSION['suser_role_admin']);
 $smarty->display("options.tpl");
 
 include("footer.php");
diff --git a/tpl/assetclassgroupview.tpl b/tpl/assetclassgroupview.tpl
index 9879b76..a24057b 100644
--- a/tpl/assetclassgroupview.tpl
+++ b/tpl/assetclassgroupview.tpl
@@ -5,9 +5,15 @@
         {$assetclassgroup->name}
     </td>
     <td align="right">
+{if $suser_add}
         <a href="assetclassgroupadd.php?assetclassgroup_id={$assetclassgroup->id}"><img src="image.php?icon=add" alt="{$lang_assetclassgroup_add}" {if $suser_tooltips}title="{$lang_assetclassgroup_add}" {/if}/></a>
+{/if}
+{if $suser_edit}
         <a href="assetclassgroupedit.php?assetclassgroup_id={$assetclassgroup->id}"><img src="image.php?icon=edit" alt="{$lang_assetclassgroup_edit}" {if $suser_tooltips}title="{$lang_assetclassgroup_edit}" {/if}/></a>
+{/if}
+{if $suser_del}
         <a href="assetclassgroupdel.php?assetclassgroup_id={$assetclassgroup->id}"><img src="image.php?icon=delete" alt="{$lang_assetclassgroup_del}" {if $suser_tooltips}title="{$lang_assetclassgroup_del}" {/if}/></a>
+{/if}
     </td>
 </tr>
 </table>
diff --git a/tpl/assetclassview.tpl b/tpl/assetclassview.tpl
index 9c8c79a..65ac5cd 100644
--- a/tpl/assetclassview.tpl
+++ b/tpl/assetclassview.tpl
@@ -5,9 +5,15 @@
         {$assetclass->assetclass_name}
     </td>
     <td align="right">
+{if $suser_add}
         <a href="assetadd.php?assetclass_id={$assetclass->assetclass_id}"><img src="image.php?icon=add" alt="{$lang_asset_add}" {if $suser_tooltips}title="{$lang_asset_add}" {/if}/></a>
+{/if}
+{if $suser_edit}
         <a href="assetclassedit.php?assetclass_id={$assetclass->assetclass_id}"><img src="image.php?icon=edit" alt="{$lang_assetclass_edit}" {if $suser_tooltips}title="{$lang_asset_edit}" {/if}/></a>
+{/if}
+{if $suser_del}
         <a href="assetclassdel.php?assetclass_id={$assetclass->assetclass_id}"><img src="image.php?icon=delete" alt="{$lang_assetclass_add}" {if $suser_tooltips}title="{$lang_asset_delete}" {/if}/></a>
+{/if}
     </td>
 </tr>
 </table>
@@ -26,7 +32,9 @@
         {$lang_assetclass_name}
     </td>
     <td class="value">
+{if $suser_edit}
         <a href="assetclassview.php?assetclass_id={$assetclass->assetclass_id}">{$assetclass->assetclass_name}</a>
+{/if}
     </td>
 </tr>
 </table>
diff --git a/tpl/assetview.tpl b/tpl/assetview.tpl
index 7c1a785..ebe74c2 100644
--- a/tpl/assetview.tpl
+++ b/tpl/assetview.tpl
@@ -5,9 +5,15 @@
         {$asset->asset_name}
     </td>
     <td align="right">
+{if $suser_add}
         <a href="assignnodetoasset.php?asset_id={$asset->asset_id}"><img src="image.php?icon=add" alt="{$lang_assignnodetoasset}"></a>
+{/if}
+{if $suser_edit}
         <a href="assetedit.php?asset_id={$asset->asset_id}"><img src="image.php?icon=edit" alt="{$lang_asset_edit}"></a>
+{/if}
+{if $suser_del}
         <a href="assetdel.php?asset_id={$asset->asset_id}"><img src="image.php?icon=delete" alt="{$lang_asset_edit}"></a>
+{/if}
     </td>
 </tr>
 </table>
@@ -89,7 +95,9 @@
         {$lang_nodes}
     </td>
     <td class="header_right">
+{if $suser_edit}
         <a href="assignnodetoasset.php?asset_id={$asset->asset_id}"><img src="image.php?icon=edit" alt="{$lang_assignnodetoasset}"></a>
+{/if}
     </td>
 </tr>
 <tr>
diff --git a/tpl/locationview.tpl b/tpl/locationview.tpl
index c8aa8dc..a0604b5 100644
--- a/tpl/locationview.tpl
+++ b/tpl/locationview.tpl
@@ -5,9 +5,15 @@
         {$location->name}
     </td>
     <td align="right">
+{if $suser_add}
         <a href="locationadd.php?location_parent={$location->id}"><img src="images/building_add.png" alt="{$lang_sublocation_add}"></a>
+{/if}
+{if $suser_edit}
         <a href="locationedit.php?location_id={$location->id}"><img src="images/building_edit.png" alt="{$lang_location_edit}"></a>
+{/if}
+{if $suser_del}
         <a href="locationdel.php?location_id={$location->id}"><img src="images/building_delete.png" alt="{$lang_location_del}"></a>
+{/if}
     </td>
 </tr>
 </table>
@@ -72,7 +78,9 @@
         {$lang_subnet}
     </td>
     <td class="header_right">
+{if $suser_edit}
         <a href="locationsubnetedit.php?location_id={$location->id}"><img src="image.php?icon=edit" alt="{$lang_locationsubnet_edit}"></a>
+{/if}
     </td>
 </tr>
 <tr>
diff --git a/tpl/nodeview.tpl b/tpl/nodeview.tpl
index cbae880..b759fa4 100644
--- a/tpl/nodeview.tpl
+++ b/tpl/nodeview.tpl
@@ -5,8 +5,12 @@
         {$node->ip}
     </td>
     <td align="right">
+{if $suser_edit}
         <a href="nodeedit.php?node_id={$node->id}"><img src="image.php?icon=edit" alt="{$lang_node_edit}"></a>
+{/if}
+{if $suser_del}
         <a href="nodedel.php?node_id={$node->id}"><img src="image.php?icon=delete" alt="{$lang_node_del}"></a>
+{/if}
     </td>
 </tr>
 </table>
diff --git a/tpl/options.tpl b/tpl/options.tpl
index 96f3795..487a849 100644
--- a/tpl/options.tpl
+++ b/tpl/options.tpl
@@ -9,7 +9,6 @@
 </tr>
 </table>
 	
-	
 <table class="info">
 <tr>
 	<td class="header">
@@ -34,3 +33,33 @@
 </tr>
 {/if}
 </table>
+
+<table class="info">
+<tr>
+	<td class="header" colspan="2">
+		{$lang_options_profile}
+	</td>
+</tr>
+<tr>
+    <td class="label">
+        {$lang_user_roles}
+    </td>
+    <td class="label">
+{if $role_add}
+        <img src="images/page_add.png" alt="[Add]">  {$lang_user_role_add} <br>
+{/if}
+{if $role_edit}
+        <img src="images/page_edit.png" alt="[Edit]">  {$lang_user_role_edit} <br>
+{/if}
+{if $role_edit}
+        <img src="images/page_delete.png" alt="[Del]">  {$lang_user_role_delete} <br>
+{/if}
+{if $role_manage}
+        <img src="images/manage.png" alt="[Manage]">  {$lang_user_role_manage} <br>
+{/if}
+{if $role_manage}
+        <img src="images/admin.png" alt="[Admin]">  {$lang_user_role_admin}
+{/if}
+    </td>
+</tr>
+</table>
diff --git a/tpl/subnetview.tpl b/tpl/subnetview.tpl
index fb15ed6..5bab9bf 100644
--- a/tpl/subnetview.tpl
+++ b/tpl/subnetview.tpl
@@ -5,8 +5,12 @@
         {$subnet->address}/{$subnet->mask}
     </td>
     <td align="right">
+{if $suser_edit}
         <a href="subnetedit.php?subnet_id={$subnet->id}"><img src="image.php?icon=edit" alt="{$lang_subnet_edit}"></a>
+{/if}
+{if $suser_del}
         <a href="subnetdel.php?subnet_id={$subnet->id}"><img src="image.php?icon=delete" alt="{$lang_subnet_del}"></a>
+{/if}
     </td>
 </tr>
 </table>
@@ -152,7 +156,9 @@
         {$lang_vlans}
     </td>
     <td class="header_right">
+{if $suser_edit}
         <a href="subnetvlanedit.php?subnet_id={$subnet->id}"><img src="image.php?icon=edit" alt="{$lang_subnetvlan_edit}"></a>
+{/if}
     </td>
 </tr>
 <tr>
@@ -173,7 +179,9 @@
         {$lang_locations}
     </td>
     <td class="header" align="right">
+{if $suser_edit}
         <a href="subnetlocationedit.php?subnet_id={$subnet->id}"><img src="image.php?icon=edit" alt="{$lang_location_edit}"></a>
+{/if}
     </td>
 </tr>
 <tr>
diff --git a/tpl/vlanview.tpl b/tpl/vlanview.tpl
index 9ca7d19..c8b6d96 100644
--- a/tpl/vlanview.tpl
+++ b/tpl/vlanview.tpl
@@ -5,9 +5,15 @@
         {$vlan->name}
     </td>
     <td align="right">
+{if $suser_add}
         <a href="assignvlantosubnet.php?vlan_id={$vlan->id}"><img src="image.php?icon=add" alt="{$lang_assignvlantosubnet}"></a>
+{/if}
+{if $suser_edit}
         <a href="vlanedit.php?vlan_id={$vlan->id}"><img src="image.php?icon=edit" alt="{$lang_vlan_edit}"></a>
+{/if}
+{if $suser_del}
         <a href="vlandel.php?vlan_id={$vlan->id}"><img src="image.php?icon=delete" alt="{$lang_vlan_del}"></a>
+{/if}
     </td>
 </tr>
 </table>
@@ -62,7 +68,9 @@
         {$lang_subnet}
     </td>
     <td class="header" align="right">
+{if $suser_edit}
         <a href="vlansubnetedit.php?vlan_id={$vlan->id}"><img src="image.php?icon=edit" alt="{$lang_subnetvlan_edit}"></a>
+{/if}
     </td>
 </tr>
 <tr>