25
1
mirror of https://github.com/processone/ejabberd.git synced 2024-11-24 16:23:40 +01:00

Hardcode ACL rules used by ejabberd_web_admin

This commit is contained in:
Evgeniy Khramtsov 2018-03-19 12:29:07 +03:00
parent 7ba6fae67c
commit e1e7986918

View File

@ -74,21 +74,15 @@ get_acl_rule([<<"vhosts">>], _) ->
%% The pages of a vhost are only accesible if the user is admin of that vhost:
get_acl_rule([<<"server">>, VHost | _RPath], Method)
when Method =:= 'GET' orelse Method =:= 'HEAD' ->
AC = ejabberd_config:get_option({access, VHost}, configure),
ACR = ejabberd_config:get_option({access_readonly, VHost}, webadmin_view),
{VHost, [AC, ACR]};
{VHost, [configure, webadmin_view]};
get_acl_rule([<<"server">>, VHost | _RPath], 'POST') ->
AC = ejabberd_config:get_option({access, VHost}, configure),
{VHost, [AC]};
{VHost, [configure]};
%% Default rule: only global admins can access any other random page
get_acl_rule(_RPath, Method)
when Method =:= 'GET' orelse Method =:= 'HEAD' ->
AC = ejabberd_config:get_option(access, configure),
ACR = ejabberd_config:get_option(access_readonly, webadmin_view),
{global, [AC, ACR]};
{global, [configure, webadmin_view]};
get_acl_rule(_RPath, 'POST') ->
AC = ejabberd_config:get_option(access, configure),
{global, [AC]}.
{global, [configure]}.
%%%==================================
%%%% Menu Items Access
@ -269,7 +263,7 @@ get_auth_account(HostOfRule, AccessRule, User, Server,
case ejabberd_auth:check_password(User, <<"">>, Server, Pass) of
true ->
case acl:any_rules_allowed(HostOfRule, AccessRule,
jid:make(User, Server))
jid:make(User, Server))
of
false -> {unauthorized, <<"unprivileged-account">>};
true -> {ok, {User, Server}}