mirror of
https://github.com/processone/ejabberd.git
synced 2024-11-28 16:34:13 +01:00
Make access rules in ejabberd_web_admin configurable
This commit is contained in:
parent
483ef09263
commit
655cbf6055
@ -74,14 +74,27 @@ get_acl_rule([<<"vhosts">>], _) ->
|
|||||||
%% The pages of a vhost are only accesible if the user is admin of that vhost:
|
%% The pages of a vhost are only accesible if the user is admin of that vhost:
|
||||||
get_acl_rule([<<"server">>, VHost | _RPath], Method)
|
get_acl_rule([<<"server">>, VHost | _RPath], Method)
|
||||||
when Method =:= 'GET' orelse Method =:= 'HEAD' ->
|
when Method =:= 'GET' orelse Method =:= 'HEAD' ->
|
||||||
{VHost, [configure, webadmin_view]};
|
AC = gen_mod:get_module_opt(VHost, ejabberd_web_admin,
|
||||||
|
access, fun(A) -> A end, configure),
|
||||||
|
ACR = gen_mod:get_module_opt(VHost, ejabberd_web_admin,
|
||||||
|
access_readonly, fun(A) -> A end, webadmin_view),
|
||||||
|
{VHost, [AC, ACR]};
|
||||||
get_acl_rule([<<"server">>, VHost | _RPath], 'POST') ->
|
get_acl_rule([<<"server">>, VHost | _RPath], 'POST') ->
|
||||||
{VHost, [configure]};
|
AC = gen_mod:get_module_opt(VHost, ejabberd_web_admin,
|
||||||
|
access, fun(A) -> A end, configure),
|
||||||
|
{VHost, [AC]};
|
||||||
%% Default rule: only global admins can access any other random page
|
%% Default rule: only global admins can access any other random page
|
||||||
get_acl_rule(_RPath, Method)
|
get_acl_rule(_RPath, Method)
|
||||||
when Method =:= 'GET' orelse Method =:= 'HEAD' ->
|
when Method =:= 'GET' orelse Method =:= 'HEAD' ->
|
||||||
{global, [configure, webadmin_view]};
|
AC = gen_mod:get_module_opt(global, ejabberd_web_admin,
|
||||||
get_acl_rule(_RPath, 'POST') -> {global, [configure]}.
|
access, fun(A) -> A end, configure),
|
||||||
|
ACR = gen_mod:get_module_opt(global, ejabberd_web_admin,
|
||||||
|
access_readonly, fun(A) -> A end, webadmin_view),
|
||||||
|
{global, [AC, ACR]};
|
||||||
|
get_acl_rule(_RPath, 'POST') ->
|
||||||
|
AC = gen_mod:get_module_opt(global, ejabberd_web_admin,
|
||||||
|
access, fun(A) -> A end, configure),
|
||||||
|
{global, [AC]}.
|
||||||
|
|
||||||
is_acl_match(Host, Rules, Jid) ->
|
is_acl_match(Host, Rules, Jid) ->
|
||||||
lists:any(fun (Rule) ->
|
lists:any(fun (Rule) ->
|
||||||
@ -2965,7 +2978,8 @@ make_menu_item(item, 3, URI, Name, Lang) ->
|
|||||||
%%%==================================
|
%%%==================================
|
||||||
|
|
||||||
|
|
||||||
opt_type(access) -> fun (V) -> V end;
|
opt_type(access) -> fun acl:access_rules_validator/1;
|
||||||
opt_type(_) -> [access].
|
opt_type(access_readonly) -> fun acl:access_rules_validator/1;
|
||||||
|
opt_type(_) -> [access, access_readonly].
|
||||||
|
|
||||||
%%% vim: set foldmethod=marker foldmarker=%%%%,%%%=:
|
%%% vim: set foldmethod=marker foldmarker=%%%%,%%%=:
|
||||||
|
Loading…
Reference in New Issue
Block a user