25
1
mirror of https://github.com/processone/ejabberd.git synced 2024-12-20 17:27:00 +01:00

Make access rules in ejabberd_web_admin configurable

This commit is contained in:
Paweł Chmielowski 2016-07-19 11:26:33 +02:00
parent 483ef09263
commit 655cbf6055

View File

@ -74,14 +74,27 @@ get_acl_rule([<<"vhosts">>], _) ->
%% The pages of a vhost are only accesible if the user is admin of that vhost:
get_acl_rule([<<"server">>, VHost | _RPath], Method)
when Method =:= 'GET' orelse Method =:= 'HEAD' ->
{VHost, [configure, webadmin_view]};
AC = gen_mod:get_module_opt(VHost, ejabberd_web_admin,
access, fun(A) -> A end, configure),
ACR = gen_mod:get_module_opt(VHost, ejabberd_web_admin,
access_readonly, fun(A) -> A end, webadmin_view),
{VHost, [AC, ACR]};
get_acl_rule([<<"server">>, VHost | _RPath], 'POST') ->
{VHost, [configure]};
AC = gen_mod:get_module_opt(VHost, ejabberd_web_admin,
access, fun(A) -> A end, configure),
{VHost, [AC]};
%% Default rule: only global admins can access any other random page
get_acl_rule(_RPath, Method)
when Method =:= 'GET' orelse Method =:= 'HEAD' ->
{global, [configure, webadmin_view]};
get_acl_rule(_RPath, 'POST') -> {global, [configure]}.
AC = gen_mod:get_module_opt(global, ejabberd_web_admin,
access, fun(A) -> A end, configure),
ACR = gen_mod:get_module_opt(global, ejabberd_web_admin,
access_readonly, fun(A) -> A end, webadmin_view),
{global, [AC, ACR]};
get_acl_rule(_RPath, 'POST') ->
AC = gen_mod:get_module_opt(global, ejabberd_web_admin,
access, fun(A) -> A end, configure),
{global, [AC]}.
is_acl_match(Host, Rules, Jid) ->
lists:any(fun (Rule) ->
@ -2965,7 +2978,8 @@ make_menu_item(item, 3, URI, Name, Lang) ->
%%%==================================
opt_type(access) -> fun (V) -> V end;
opt_type(_) -> [access].
opt_type(access) -> fun acl:access_rules_validator/1;
opt_type(access_readonly) -> fun acl:access_rules_validator/1;
opt_type(_) -> [access, access_readonly].
%%% vim: set foldmethod=marker foldmarker=%%%%,%%%=: