Move any access rules check to ACL module

2024-12-22 17:28:25 +01:00 · 2016-07-23 16:21:00 +02:00 · 2016-07-23 16:21:00 +02:00 · 1485b56211
commit 1485b56211
parent 2c70c572c8
2 changed files with 14 additions and 11 deletions
--- a/src/acl.erl
+++ b/src/acl.erl
@ -31,7 +31,7 @@

 -export([add_access/3, clear/0]).
 -export([start/0, add/3, add_list/3, add_local/3, add_list_local/3,
-	 load_from_config/0, match_rule/3,
+	 load_from_config/0, match_rule/3, any_rules_allowed/3,
 	 transform_options/1, opt_type/1, acl_rule_matches/3,
 	 acl_rule_verify/1, access_matches/3,
 	 transform_access_rules_config/1,
@ -274,6 +274,15 @@ normalize_spec(Spec) ->
            end
    end.

+-spec any_rules_allowed(global | binary(), access_name(),
+                           jid() | ljid() | inet:ip_address()) -> boolean().
+
+any_rules_allowed(Host, Access, Entity) ->
+    lists:any(fun (Rule) ->
+                      allow == acl:match_rule(Host, Rule, Entity)
+              end,
+              Access).
+
 -spec match_rule(global | binary(), access_name(),
                 jid() | ljid() | inet:ip_address()) -> any().

--- a/src/ejabberd_web_admin.erl
+++ b/src/ejabberd_web_admin.erl
@ -96,12 +96,6 @@ get_acl_rule(_RPath, 'POST') ->
 				access, fun(A) -> A end, configure),
    {global, [AC]}.

-is_acl_match(Host, Rules, Jid) ->
-    lists:any(fun (Rule) ->
-		      allow == acl:match_rule(Host, Rule, Jid)
-	      end,
-	      Rules).
-
 %%%==================================
 %%%% Menu Items Access

@ -151,7 +145,7 @@ is_allowed_path([<<"admin">> | Path], JID) ->
    is_allowed_path(Path, JID);
 is_allowed_path(Path, JID) ->
    {HostOfRule, AccessRule} = get_acl_rule(Path, 'GET'),
-    is_acl_match(HostOfRule, AccessRule, JID).
+    acl:any_rules_allowed(HostOfRule, AccessRule, JID).

 %% @spec(Path) -> URL
 %% where Path = [string()]
@ -279,7 +273,7 @@ get_auth_account(HostOfRule, AccessRule, User, Server,
 		 Pass) ->
    case ejabberd_auth:check_password(User, <<"">>, Server, Pass) of
      true ->
-	  case is_acl_match(HostOfRule, AccessRule,
+	  case acl:any_rules_allowed(HostOfRule, AccessRule,
                               jid:make(User, Server, <<"">>))
 	      of
 	    false -> {unauthorized, <<"unprivileged-account">>};
@ -1346,7 +1340,7 @@ parse_access_rule(Text) ->
 list_vhosts(Lang, JID) ->
    Hosts = (?MYHOSTS),
    HostsAllowed = lists:filter(fun (Host) ->
-					is_acl_match(Host,
+					acl:any_rules_allowed(Host,
 						     [configure, webadmin_view],
 						     JID)
 				end,