mirror of
https://github.com/processone/ejabberd.git
synced 2024-12-20 17:27:00 +01:00
Make access rules in ejabberd_web_admin configurable
This commit is contained in:
parent
483ef09263
commit
655cbf6055
@ -74,14 +74,27 @@ get_acl_rule([<<"vhosts">>], _) ->
|
||||
%% The pages of a vhost are only accesible if the user is admin of that vhost:
|
||||
get_acl_rule([<<"server">>, VHost | _RPath], Method)
|
||||
when Method =:= 'GET' orelse Method =:= 'HEAD' ->
|
||||
{VHost, [configure, webadmin_view]};
|
||||
AC = gen_mod:get_module_opt(VHost, ejabberd_web_admin,
|
||||
access, fun(A) -> A end, configure),
|
||||
ACR = gen_mod:get_module_opt(VHost, ejabberd_web_admin,
|
||||
access_readonly, fun(A) -> A end, webadmin_view),
|
||||
{VHost, [AC, ACR]};
|
||||
get_acl_rule([<<"server">>, VHost | _RPath], 'POST') ->
|
||||
{VHost, [configure]};
|
||||
AC = gen_mod:get_module_opt(VHost, ejabberd_web_admin,
|
||||
access, fun(A) -> A end, configure),
|
||||
{VHost, [AC]};
|
||||
%% Default rule: only global admins can access any other random page
|
||||
get_acl_rule(_RPath, Method)
|
||||
when Method =:= 'GET' orelse Method =:= 'HEAD' ->
|
||||
{global, [configure, webadmin_view]};
|
||||
get_acl_rule(_RPath, 'POST') -> {global, [configure]}.
|
||||
AC = gen_mod:get_module_opt(global, ejabberd_web_admin,
|
||||
access, fun(A) -> A end, configure),
|
||||
ACR = gen_mod:get_module_opt(global, ejabberd_web_admin,
|
||||
access_readonly, fun(A) -> A end, webadmin_view),
|
||||
{global, [AC, ACR]};
|
||||
get_acl_rule(_RPath, 'POST') ->
|
||||
AC = gen_mod:get_module_opt(global, ejabberd_web_admin,
|
||||
access, fun(A) -> A end, configure),
|
||||
{global, [AC]}.
|
||||
|
||||
is_acl_match(Host, Rules, Jid) ->
|
||||
lists:any(fun (Rule) ->
|
||||
@ -2965,7 +2978,8 @@ make_menu_item(item, 3, URI, Name, Lang) ->
|
||||
%%%==================================
|
||||
|
||||
|
||||
opt_type(access) -> fun (V) -> V end;
|
||||
opt_type(_) -> [access].
|
||||
opt_type(access) -> fun acl:access_rules_validator/1;
|
||||
opt_type(access_readonly) -> fun acl:access_rules_validator/1;
|
||||
opt_type(_) -> [access, access_readonly].
|
||||
|
||||
%%% vim: set foldmethod=marker foldmarker=%%%%,%%%=:
|
||||
|
Loading…
Reference in New Issue
Block a user