updating user management

2024-03-09 17:54:35 +01:00
parent c81883a920
commit e9af4347c2
6 changed files with 274 additions and 8 deletions
--- a/src/server/cyberhex-code/system/secure_zone/php/add_user.php
+++ b/src/server/cyberhex-code/system/secure_zone/php/add_user.php
@@ -69,7 +69,7 @@ include "perms_functions.php";
 							</tr>
 							<tr>
 							  <th scope="row">2</th>
-							  <td>Delete/list user</td>
+							  <td>Delete/list/manage user <a data-bs-target="#warning" data-bs-toggle="modal" href="#warning2">(Warning!)</a></td>
 							  <td><input type="checkbox" name="delete_user"></td>
 							</tr>
 							<tr>
@@ -103,7 +103,7 @@ include "perms_functions.php";
 							  <td><input type="checkbox" name="add_clients"></td>
 							</tr>
 							<tr>
-							  <th scope="row">8</th>
+							  <th scope="row">9</th>
 							  <td>Delete/list clients</td>
 							  <td><input type="checkbox" name="delete_clients"></td>
 							</tr>
@@ -198,6 +198,22 @@ include "perms_functions.php";
 			</div>
 		  </div>
 		</div>
+		<div class="modal fade" id="warning2" tabindex="-1" aria-labelledby="warning2_label" aria-hidden="false">
+		  <div class="modal-dialog">
+			<div class="modal-content">
+			  <div class="modal-header">
+				<h5 class="modal-title" id="warning2_label">User manage permission warning</h5>
+				<button type="button" class="btn-close" data-bs-dismiss="modal" aria-label="Close"></button>
+			  </div>
+			  <div class="modal-body">
+				A user with the permission "manage_user" can change all permissions of all users.<br>
+				Including permissions which the user, who has this permission does not have.<br>
+				This can be used for privilege escalation!<br>
+				Please only allow a few trusted users this permission!
+			  </div>
+			</div>
+		  </div>
+		</div>
    </div>
 </div>
 </body>