From 1c89972ffabdc2a409735bbc7fdda26b4b0abb82 Mon Sep 17 00:00:00 2001
From: Thomas Pike <thomasp@opera.com>
Date: Tue, 24 Apr 2018 01:23:54 +0200
Subject: [PATCH] Only allow admins to enable/disable DNSSEC on a zone

---
 templates/zone.php | 6 ++++++
 views/zone.php     | 4 ++--
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/templates/zone.php b/templates/zone.php
index 6e979f0..90781c5 100644
--- a/templates/zone.php
+++ b/templates/zone.php
@@ -512,6 +512,11 @@
 			</div>
 		</div>
 		<?php } ?>
+		<?php } else { ?>
+		<p>DNSSEC is not currently enabled for this zone.</p>
+		<?php } ?>
+		<?php if($active_user->admin) { ?>
+		<?php if($zone->dnssec) { ?>
 		<h3>Disable DNSSEC</h3>
 		<form method="post" action="/zones/<?php out(DNSZoneName::unqualify($zone->name), ESC_URL)?>" class="disablednssec">
 			<?php out($this->get('active_user')->get_csrf_field(), ESC_NONE) ?>
@@ -532,6 +537,7 @@
 			</p>
 		</form>
 		<?php } ?>
+		<?php } ?>
 	</div>
 	<?php } ?>
 	<div role="tabpanel" class="tab-pane" id="import">
diff --git a/views/zone.php b/views/zone.php
index 6a9528e..6670685 100644
--- a/views/zone.php
+++ b/views/zone.php
@@ -208,11 +208,11 @@
 			$zone->process_bulk_json_rrset_update(json_encode($json));
 		}
 		redirect();
-	} elseif(isset($_POST['enable_dnssec'])) {
+	} elseif(isset($_POST['enable_dnssec']) && $active_user->admin) {
 		$zone->dnssec = 1;
 		$zone->update();
 		redirect();
-	} elseif(isset($_POST['disable_dnssec'])) {
+	} elseif(isset($_POST['disable_dnssec']) && $active_user->admin) {
 		$zone->dnssec = 0;
 		$zone->update();
 		redirect();