Chapril/xmpp.chapril.org-ejabberd
25
1
Fork 0
mirror of https://github.com/processone/ejabberd.git synced 2024-12-22 17:28:25 +01:00
Code Releases Activity

Move any access rules check to ACL module

Browse Source
This commit is contained in:
Mickael Remond 2016-07-23 16:21:00 +02:00
parent 2c70c572c8
commit 1485b56211
No known key found for this signature in database
GPG Key ID: E6F6045D79965AA3
2 changed files with 14 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
src/acl.erl
View File

@ -31,7 +31,7 @@
-export([add_access/3, clear/0]). -export([add_access/3, clear/0]).
-export([start/0, add/3, add_list/3, add_local/3, add_list_local/3, -export([start/0, add/3, add_list/3, add_local/3, add_list_local/3,
load_from_config/0, match_rule/3, load_from_config/0, match_rule/3, any_rules_allowed/3,
transform_options/1, opt_type/1, acl_rule_matches/3, transform_options/1, opt_type/1, acl_rule_matches/3,
acl_rule_verify/1, access_matches/3, acl_rule_verify/1, access_matches/3,
transform_access_rules_config/1, transform_access_rules_config/1,
@ -274,6 +274,15 @@ normalize_spec(Spec) ->
end end
end. end.
-spec any_rules_allowed(global | binary(), access_name(),
jid() | ljid() | inet:ip_address()) -> boolean().
any_rules_allowed(Host, Access, Entity) ->
lists:any(fun (Rule) ->
allow == acl:match_rule(Host, Rule, Entity)
end,
Access).
-spec match_rule(global | binary(), access_name(), -spec match_rule(global | binary(), access_name(),
jid() | ljid() | inet:ip_address()) -> any(). jid() | ljid() | inet:ip_address()) -> any().

14
src/ejabberd_web_admin.erl
View File

@ -96,12 +96,6 @@ get_acl_rule(_RPath, 'POST') ->
access, fun(A) -> A end, configure), access, fun(A) -> A end, configure),
{global, [AC]}. {global, [AC]}.
is_acl_match(Host, Rules, Jid) ->
lists:any(fun (Rule) ->
allow == acl:match_rule(Host, Rule, Jid)
end,
Rules).
%%%================================== %%%==================================
%%%% Menu Items Access %%%% Menu Items Access
@ -151,7 +145,7 @@ is_allowed_path([<<"admin">> | Path], JID) ->
is_allowed_path(Path, JID); is_allowed_path(Path, JID);
is_allowed_path(Path, JID) -> is_allowed_path(Path, JID) ->
{HostOfRule, AccessRule} = get_acl_rule(Path, 'GET'), {HostOfRule, AccessRule} = get_acl_rule(Path, 'GET'),
is_acl_match(HostOfRule, AccessRule, JID). acl:any_rules_allowed(HostOfRule, AccessRule, JID).
%% @spec(Path) -> URL %% @spec(Path) -> URL
%% where Path = [string()] %% where Path = [string()]
@ -279,8 +273,8 @@ get_auth_account(HostOfRule, AccessRule, User, Server,
Pass) -> Pass) ->
case ejabberd_auth:check_password(User, <<"">>, Server, Pass) of case ejabberd_auth:check_password(User, <<"">>, Server, Pass) of
true -> true ->
case is_acl_match(HostOfRule, AccessRule, case acl:any_rules_allowed(HostOfRule, AccessRule,
jid:make(User, Server, <<"">>)) jid:make(User, Server, <<"">>))
of of
false -> {unauthorized, <<"unprivileged-account">>}; false -> {unauthorized, <<"unprivileged-account">>};
true -> {ok, {User, Server}} true -> {ok, {User, Server}}
@ -1346,7 +1340,7 @@ parse_access_rule(Text) ->
list_vhosts(Lang, JID) -> list_vhosts(Lang, JID) ->
Hosts = (?MYHOSTS), Hosts = (?MYHOSTS),
HostsAllowed = lists:filter(fun (Host) -> HostsAllowed = lists:filter(fun (Host) ->
is_acl_match(Host, acl:any_rules_allowed(Host,
[configure, webadmin_view], [configure, webadmin_view],
JID) JID)
end, end,