Chapril/xmpp.chapril.org-ejabberd
25
1
Fork 0
mirror of https://github.com/processone/ejabberd.git synced 2024-11-26 16:26:24 +01:00
Code Releases Activity

Hardcode ACL rules used by ejabberd_web_admin

Browse Source
This commit is contained in:
Evgeniy Khramtsov 2018-03-19 12:29:07 +03:00
parent 7ba6fae67c
commit e1e7986918
1 changed files with 5 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
src/ejabberd_web_admin.erl
View File

@ -74,21 +74,15 @@ get_acl_rule([<<"vhosts">>], _) ->
%% The pages of a vhost are only accesible if the user is admin of that vhost: %% The pages of a vhost are only accesible if the user is admin of that vhost:
get_acl_rule([<<"server">>, VHost | _RPath], Method) get_acl_rule([<<"server">>, VHost | _RPath], Method)
when Method =:= 'GET' orelse Method =:= 'HEAD' -> when Method =:= 'GET' orelse Method =:= 'HEAD' ->
AC = ejabberd_config:get_option({access, VHost}, configure), {VHost, [configure, webadmin_view]};
ACR = ejabberd_config:get_option({access_readonly, VHost}, webadmin_view),
{VHost, [AC, ACR]};
get_acl_rule([<<"server">>, VHost | _RPath], 'POST') -> get_acl_rule([<<"server">>, VHost | _RPath], 'POST') ->
AC = ejabberd_config:get_option({access, VHost}, configure), {VHost, [configure]};
{VHost, [AC]};
%% Default rule: only global admins can access any other random page %% Default rule: only global admins can access any other random page
get_acl_rule(_RPath, Method) get_acl_rule(_RPath, Method)
when Method =:= 'GET' orelse Method =:= 'HEAD' -> when Method =:= 'GET' orelse Method =:= 'HEAD' ->
AC = ejabberd_config:get_option(access, configure), {global, [configure, webadmin_view]};
ACR = ejabberd_config:get_option(access_readonly, webadmin_view),
{global, [AC, ACR]};
get_acl_rule(_RPath, 'POST') -> get_acl_rule(_RPath, 'POST') ->
AC = ejabberd_config:get_option(access, configure), {global, [configure]}.
{global, [AC]}.
%%%================================== %%%==================================
%%%% Menu Items Access %%%% Menu Items Access
@ -269,7 +263,7 @@ get_auth_account(HostOfRule, AccessRule, User, Server,
case ejabberd_auth:check_password(User, <<"">>, Server, Pass) of case ejabberd_auth:check_password(User, <<"">>, Server, Pass) of
true -> true ->
case acl:any_rules_allowed(HostOfRule, AccessRule, case acl:any_rules_allowed(HostOfRule, AccessRule,
jid:make(User, Server)) jid:make(User, Server))
of of
false -> {unauthorized, <<"unprivileged-account">>}; false -> {unauthorized, <<"unprivileged-account">>};
true -> {ok, {User, Server}} true -> {ok, {User, Server}}