r4363 index.php: take care of "permission denied" in "ajax" module
authorDenis Ovsienko <infrastation@yandex.ru>
Thu, 17 Mar 2011 19:53:27 +0000 (19:53 +0000)
committerDenis Ovsienko <infrastation@yandex.ru>
Thu, 17 Mar 2011 19:53:27 +0000 (19:53 +0000)
dispatchAJAXRequest(): clean up

wwwroot/inc/ajax-interface.php
wwwroot/index.php

index 80d8ccdf62c0ba2b2bf6095c2b5de8af3a43e085..08369f44d1519a7d55efaab80345cd0579d65619 100644 (file)
@@ -98,11 +98,7 @@ function dispatchAJAXRequest()
                $pageno = 'perms';
                $tabno = 'edit';
                fixContext();
-               if (!permitted())
-               {
-                       echo "NAK\nPermission denied";
-                       return;
-               }
+               assertPermission();
                genericAssertion ('code', 'string');
                $result = getRackCode (dos2unix ($_REQUEST['code']));
                if ($result['result'] == 'ACK')
@@ -110,30 +106,26 @@ function dispatchAJAXRequest()
                else
                        echo "NAK\n" . $result['load'];
                break;
-       case 'get-port-link': // returns JSON-encoded text
-               genericAssertion ('object_id', 'uint');
-               $object = spotEntity ('object', $_REQUEST['object_id']);
-               fixContext ($object);
-               if (! permitted ('object', 'liveports', 'get_link_status'))
-                       throw new RacktablesError ('Permission denied: $op_get_link_status check failed');
-               $data = formatPortLinkHints ($_REQUEST['object_id']);
-               echo json_encode ($data);
-               break;
-       case 'get-port-mac': // returns JSON-encoded text
-               genericAssertion ('object_id', 'uint');
-               fixContext (spotEntity ('object', $_REQUEST['object_id']));
-               if (! permitted ('object', 'liveports', 'get_mac_list'))
-                       throw new RacktablesError ('Permission denied: $op_get_mac_list check failed');
-               $data = formatPortMacHints ($_REQUEST['object_id']);
-               echo json_encode ($data);
-               break;
-       case 'get-port-conf': // returns JSON-encoded text
+       # returns JSON-encoded text
+       case 'get-port-link':
+       case 'get-port-mac':
+       case 'get-port-conf':
+               $funcmap = array
+               (
+                       'get-port-link' => 'formatPortLinkHints',
+                       'get-port-mac'  => 'formatPortMacHints',
+                       'get-port-conf' => 'formatPortConfigHints',
+               );
+               $opmap = array
+               (
+                       'get-port-link' => 'get_link_status',
+                       'get-port-mac'  => 'get_mac_list',
+                       'get-port-conf' => 'get_port_conf',
+               );
                genericAssertion ('object_id', 'uint');
                fixContext (spotEntity ('object', $_REQUEST['object_id']));
-               if (! permitted ('object', 'liveports', 'get_port_conf'))
-                       throw new RacktablesError ('Permission denied: $op_get_port_conf check failed');
-               $data = formatPortConfigHints ($_REQUEST['object_id']);
-               echo json_encode ($data);
+               assertPermission ('object', 'liveports', $opmap[$_REQUEST['ac']]);
+               echo json_encode ($funcmap[$_REQUEST['ac']] ($_REQUEST['object_id']));
                break;
        default:
                throw new InvalidRequestArgException ('ac', $_REQUEST['ac']);
index 4d04783e5fa6946f000248923848d8cda0173c71..f84d917bb652f7e40daa526d8f271ba0cfeb5870 100644 (file)
@@ -103,6 +103,12 @@ try {
                        ob_clean();
                        echo "NAK\nMalformed request";
                }
+               catch (RTPermissionDenied $e)
+               {
+                       ob_clean();
+                       # FIXME: the remote client could be expecting JSON data instead
+                       echo "NAK\nPermission denied";
+               }
                catch (Exception $e)
                {
                        ob_clean();