How to add a new WebCfg page to the System Privileges list?



  • I've created a new php page on my pfSense box with some custom functions I need in my corporate environment. The page and its functions work great for the default admin account.

    Now there's another user group added, which has to be able to access that page, and a couple of others from the system. And there's a new user in that group, inheriting privileges.

    Unfortunately the page I've just created doesn't show up on System: Group manager: Add privileges pages, thus I can't assign that to the group.

    I'd be happy even with a solution to show that page for everyone by default, as the pages I want to hide are all pfSense's default, and they can be hidden.

    Please give me some hints. Thanks.



  • Found it.

    In
    /etc/inc/priv.defs.inc    add:

    $priv_list['page-yours'] = array();
    $priv_list['page-yours']['name'] = gettext("WebCfg - Your new page");
    $priv_list['page-yours']['descr'] = gettext("Allow access to options on your new page.");
    $priv_list['page-yours']['match'] = array();
    $priv_list['page-yours']['match'][] = "your_new_page.php*";
    

    Go to System: Group manager: Add privileges and find the new privilege at the bottom of the list.


  • Rebel Alliance Developer Netgate

    Don't edit that file. Make your own file in /etc/inc/priv/ or /usr/local/pkg/priv, e.g. "mycustomstuff.inc" and put the definition there, so it does not get overwritten.

    From those two dirs, *.inc get read in when checking privileges.



  • Hmm. I tried adding these lines to /usr/etc/inc/priv/user.priv.inc, and they weren't taken into account.

    This is NanoBSD in my case, I guess "so it does not get overwritten" wouldn't be true, i guess…
    (afaik an upgrade wipes the entire other partition and replaces it with the one from the new image, right? Thus /etc/inc/priv/* wouldn't be kept either...)


  • Rebel Alliance Developer Netgate

    @robi:

    Hmm. I tried adding these lines to /usr/etc/inc/priv/user.priv.inc, and they weren't taken into account.

    It would work in that file, too, but it's still not the right place. Make sure you are using the correct format and put them in the correct place in the file.

    @robi:

    This is NanoBSD in my case, I guess "so it does not get overwritten" wouldn't be true, i guess…
    (afaik an upgrade wipes the entire other partition and replaces it with the one from the new image, right? Thus /etc/inc/priv/* wouldn't be kept either...)

    Yes but it's a lot simpler to copy your own file back in place than to re-do edits to existing files.

    Take for example the OpenVPN Client Export package. It puts in its own privilege file, /etc/inc/priv/openvpn.inc

    
    global $priv_list;
    
    $priv_list['page-openvpn-client-export'] = array();
    $priv_list['page-openvpn-client-export']['name'] = "WebCfg - OpenVPN: Client Export Utility";
    $priv_list['page-openvpn-client-export']['descr'] = "Allow access to the OpenVPN: Client Export Utility page.";
    $priv_list['page-openvpn-client-export']['match'] = array();
    $priv_list['page-openvpn-client-export']['match'][] = "vpn_openvpn_export.php*";
    
    ?>
    

    And that shows up fine in the privilege list for me.



  • Yes it works in my case too.


Log in to reply