Hardcode ACL rules used by ejabberd_web_admin

2024-11-22 16:20:52 +01:00 · 2018-03-19 12:29:07 +03:00 · 2018-03-19 12:29:07 +03:00 · e1e7986918
commit e1e7986918
parent 7ba6fae67c
1 changed files with 5 additions and 11 deletions
--- a/src/ejabberd_web_admin.erl
+++ b/src/ejabberd_web_admin.erl
@ -74,21 +74,15 @@ get_acl_rule([<<"vhosts">>], _) ->
 %% The pages of a vhost are only accesible if the user is admin of that vhost:
 get_acl_rule([<<"server">>, VHost | _RPath], Method)
    when Method =:= 'GET' orelse Method =:= 'HEAD' ->
-    AC = ejabberd_config:get_option({access, VHost}, configure),
-    ACR = ejabberd_config:get_option({access_readonly, VHost}, webadmin_view),
-    {VHost, [AC, ACR]};
+    {VHost, [configure, webadmin_view]};
 get_acl_rule([<<"server">>, VHost | _RPath], 'POST') ->
-    AC = ejabberd_config:get_option({access, VHost}, configure),
-    {VHost, [AC]};
+    {VHost, [configure]};
 %% Default rule: only global admins can access any other random page
 get_acl_rule(_RPath, Method)
    when Method =:= 'GET' orelse Method =:= 'HEAD' ->
-    AC = ejabberd_config:get_option(access, configure),
-    ACR = ejabberd_config:get_option(access_readonly, webadmin_view),
-    {global, [AC, ACR]};
+    {global, [configure, webadmin_view]};
 get_acl_rule(_RPath, 'POST') ->
-    AC = ejabberd_config:get_option(access, configure),
-    {global, [AC]}.
+    {global, [configure]}.

 %%%==================================
 %%%% Menu Items Access
@ -269,7 +263,7 @@ get_auth_account(HostOfRule, AccessRule, User, Server,
    case ejabberd_auth:check_password(User, <<"">>, Server, Pass) of
      true ->
 	  case acl:any_rules_allowed(HostOfRule, AccessRule,
-			    jid:make(User, Server))
+				     jid:make(User, Server))
 	      of
 	    false -> {unauthorized, <<"unprivileged-account">>};
 	    true -> {ok, {User, Server}}