diff -r c72d6d51f3d3 -r c255196bc447 edit_record.php --- a/edit_record.php Wed Mar 12 20:45:56 2008 +0000 +++ b/edit_record.php Tue Mar 25 22:45:31 2008 +0000 @@ -20,135 +20,94 @@ */ require_once("inc/toolkit.inc.php"); +include_once("inc/header.inc.php"); -if (isset($_GET["delid"]) && isset($_GET['delid']) && isset($_GET['id'])) { - delete_record_owner($_GET["domain"],$_GET["delid"],$_GET["id"]); -} +if (verify_permission(zone_content_view_others)) { $perm_view = "all" ; } +elseif (verify_permission(zone_content_view_own)) { $perm_view = "own" ; } +else { $perm_view = "none" ; } + +if (verify_permission(zone_content_edit_others)) { $perm_content_edit = "all" ; } +elseif (verify_permission(zone_content_edit_own)) { $perm_content_edit = "own" ; } +else { $perm_content_edit = "none" ; } + +if (verify_permission(zone_meta_edit_others)) { $perm_meta_edit = "all" ; } +elseif (verify_permission(zone_meta_edit_own)) { $perm_meta_edit = "own" ; } +else { $perm_meta_edit = "none" ; } -$xsid = (isset($_GET['id'])) ? $_GET['id'] : $_POST['recordid']; +$user_is_zone_owner = verify_user_is_owner_zoneid($_GET["domain"]); +$zone_type = get_domain_type($_GET["domain"]); +$zone_name = get_domain_name_from_id($_GET["domain"]); -if(!xs(recid_to_domid($xsid))) -{ - error(ERR_RECORD_ACCESS_DENIED); +if ($_POST["commit"]) { + if ( $zone_type == "SLAVE" || $perm_content_edit == "none" || $perm_content_edit == "own" && $user_is_zone_owner == "0" ) { + error(ERR_PERM_EDIT_RECORD); + } else { + $ret_val = edit_record($_POST["recordid"], $_POST["domainid"], $_POST["name"], $_POST["type"], $_POST["content"], $_POST["ttl"], $_POST["prio"]); + if ( $ret_val == "1" ) { + success(SUC_RECORD_UPD); + } else { + echo "
" . $ret_val . "
\n"; + } + } } -if (isset($_GET['domain'])) { - $domain_name = get_domain_name_from_id($_GET['domain']); -} -if (isset($_POST["commit"]) && isset($_POST['recordid']) && isset($_POST['domainid']) && isset($_POST['name']) && isset($_POST['type']) && isset($_POST['content']) && isset($_POST['ttl']) && isset($_POST['prio'])) -{ - edit_record($_POST["recordid"], $_POST["domainid"], $_POST["name"], $_POST["type"], $_POST["content"], $_POST["ttl"], $_POST["prio"]); - clean_page("edit.php?id=".$_POST["domainid"]); -} elseif(isset($_SESSION['partial_'.$domain_name]) && ($_SESSION["partial_".$domain_name] == 1)) -{ - $db->setLimit(1); - $checkPartial = $db->queryOne("SELECT id FROM record_owners WHERE record_id=".$db->quote($_GET["id"])." AND user_id=".$db->quote($_SESSION["userid"])); - if (empty($checkPartial)) { - error(ERR_RECORD_ACCESS_DENIED); - } -} -include_once("inc/header.inc.php"); -?> -

""

-" . _('Edit record in zone') . " " . $zone_name . "\n"; + +if ( $perm_view == "none" || $perm_view == "own" && $user_is_zone_owner == "0" ) { + error(ERR_PERM_VIEW_RECORD); +} else { + $record = get_record_from_id($_GET["id"]); + echo "
\n"; + echo " \n"; + echo " \n"; + echo " \n"; -$x_result = $db->query("SELECT r.id,u.fullname FROM record_owners as r, users as u WHERE r.record_id=".$db->quote($_GET['id'])." AND u.id=r.user_id"); -if (level(10) && ($x_result->numRows() > 0)) -{ -?> -
-
-
" . _('Name') . "\n"; + echo "  \n"; + echo " " . _('Type') . "\n"; + echo " " . _('Priority') . "\n"; + echo " " . _('Content') . "\n"; + echo " " . _('TTL') . "\n"; + echo "
- - -fetchRow()) - { -?> - - - - -\n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + } else { + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; } -?> -
-   -
?id=&domain=&delid=">trash
" . $record["name"] . "IN" . $record["type"] . "" . $record["content"] . "" . $record["prio"] . "" . $record["ttl"] . "
." . $zone_name . "IN\n"; + echo " \n"; + echo "
- - - -
 
-
- - "> - "> - - - - - - - - - - - - -
-   - - - - -
- - " class="input"> - - - - " class="input"> - -. - IN -   \n"; + echo "

\n"; + echo " \n"; } -?> - - 		" class="sinput">" class="input">" class="sinput">
-

-    - -

- -
- +