Make access rules in ejabberd_web_admin configurable

src/ejabberd_web_admin.erl

@@ -74,14 +74,27 @@ get_acl_rule([<<"vhosts">>], _) ->
 %% The pages of a vhost are only accesible if the user is admin of that vhost:
 get_acl_rule([<<"server">>, VHost | _RPath], Method)
     when Method =:= 'GET' orelse Method =:= 'HEAD' ->
-    {VHost, [configure, webadmin_view]};
+    AC = gen_mod:get_module_opt(VHost, ejabberd_web_admin,
+				access, fun(A) -> A end, configure),
+    ACR = gen_mod:get_module_opt(VHost, ejabberd_web_admin,
+				 access_readonly, fun(A) -> A end, webadmin_view),
+    {VHost, [AC, ACR]};
 get_acl_rule([<<"server">>, VHost | _RPath], 'POST') ->
-    {VHost, [configure]};
+    AC = gen_mod:get_module_opt(VHost, ejabberd_web_admin,
+				access, fun(A) -> A end, configure),
+    {VHost, [AC]};
 %% Default rule: only global admins can access any other random page
 get_acl_rule(_RPath, Method)
     when Method =:= 'GET' orelse Method =:= 'HEAD' ->
-    {global, [configure, webadmin_view]};
-get_acl_rule(_RPath, 'POST') -> {global, [configure]}.
+    AC = gen_mod:get_module_opt(global, ejabberd_web_admin,
+				access, fun(A) -> A end, configure),
+    ACR = gen_mod:get_module_opt(global, ejabberd_web_admin,
+				 access_readonly, fun(A) -> A end, webadmin_view),
+    {global, [AC, ACR]};
+get_acl_rule(_RPath, 'POST') ->
+    AC = gen_mod:get_module_opt(global, ejabberd_web_admin,
+				access, fun(A) -> A end, configure),
+    {global, [AC]}.
 
 is_acl_match(Host, Rules, Jid) ->
     lists:any(fun (Rule) ->
@@ -2965,7 +2978,8 @@ make_menu_item(item, 3, URI, Name, Lang) ->
 %%%==================================
 
 
-opt_type(access) -> fun (V) -> V end;
-opt_type(_) -> [access].
+opt_type(access) -> fun acl:access_rules_validator/1;
+opt_type(access_readonly) -> fun acl:access_rules_validator/1;
+opt_type(_) -> [access, access_readonly].
 
 %%% vim: set foldmethod=marker foldmarker=%%%%,%%%=: