Merge branch 'master' into xml-ng

Conflicts: src/adhoc.erl src/cyrsasl_oauth.erl src/ejabberd_c2s.erl src/ejabberd_config.erl src/ejabberd_service.erl src/gen_mod.erl src/mod_admin_extra.erl src/mod_announce.erl src/mod_carboncopy.erl src/mod_client_state.erl src/mod_configure.erl src/mod_echo.erl src/mod_mam.erl src/mod_muc.erl src/mod_muc_room.erl src/mod_offline.erl src/mod_pubsub.erl src/mod_stats.erl src/node_flat_sql.erl src/randoms.erl
author: Evgeniy Khramtsov <ekhramtsov@process-one.net> 2016-11-12 13:27:15 +0300
committer: Evgeniy Khramtsov <ekhramtsov@process-one.net> 2016-11-12 13:27:15 +0300
commit: 78a44e01762e00102f5e3e3f0b49690cc7866c31 (patch)
tree: b8ac7773f510ee3c1da4802bce2badc71c34c0b2 /src/ejabberd_web_admin.erl
parent: Add more tests for offline storage (diff)
parent: Support several groups separated by ; in add_rosteritem command (diff)
1 files changed, 31 insertions, 23 deletions
diff --git a/src/ejabberd_web_admin.erl b/src/ejabberd_web_admin.erl
index 498fcf9b0..bf17c8ab1 100644
--- a/src/ejabberd_web_admin.erl
+++ b/src/ejabberd_web_admin.erl
@@ -74,20 +74,27 @@ get_acl_rule([<<"vhosts">>], _) ->
 %% The pages of a vhost are only accesible if the user is admin of that vhost:
 get_acl_rule([<<"server">>, VHost | _RPath], Method)
     when Method =:= 'GET' orelse Method =:= 'HEAD' ->
-    {VHost, [configure, webadmin_view]};
+    AC = gen_mod:get_module_opt(VHost, ejabberd_web_admin,
+				access, fun(A) -> A end, configure),
+    ACR = gen_mod:get_module_opt(VHost, ejabberd_web_admin,
+				 access_readonly, fun(A) -> A end, webadmin_view),
+    {VHost, [AC, ACR]};
 get_acl_rule([<<"server">>, VHost | _RPath], 'POST') ->
-    {VHost, [configure]};
+    AC = gen_mod:get_module_opt(VHost, ejabberd_web_admin,
+				access, fun(A) -> A end, configure),
+    {VHost, [AC]};
 %% Default rule: only global admins can access any other random page
 get_acl_rule(_RPath, Method)
     when Method =:= 'GET' orelse Method =:= 'HEAD' ->
-    {global, [configure, webadmin_view]};
-get_acl_rule(_RPath, 'POST') -> {global, [configure]}.
-
-is_acl_match(Host, Rules, Jid) ->
-    lists:any(fun (Rule) ->
-		      allow == acl:match_rule(Host, Rule, Jid)
-	      end,
-	      Rules).
+    AC = gen_mod:get_module_opt(global, ejabberd_web_admin,
+				access, fun(A) -> A end, configure),
+    ACR = gen_mod:get_module_opt(global, ejabberd_web_admin,
+				 access_readonly, fun(A) -> A end, webadmin_view),
+    {global, [AC, ACR]};
+get_acl_rule(_RPath, 'POST') ->
+    AC = gen_mod:get_module_opt(global, ejabberd_web_admin,
+				access, fun(A) -> A end, configure),
+    {global, [AC]}.
 
 %%%==================================
 %%%% Menu Items Access
@@ -138,7 +145,7 @@ is_allowed_path([<<"admin">> | Path], JID) ->
     is_allowed_path(Path, JID);
 is_allowed_path(Path, JID) ->
     {HostOfRule, AccessRule} = get_acl_rule(Path, 'GET'),
-    is_acl_match(HostOfRule, AccessRule, JID).
+    acl:any_rules_allowed(HostOfRule, AccessRule, JID).
 
 %% @spec(Path) -> URL
 %% where Path = [string()]
@@ -266,7 +273,7 @@ get_auth_account(HostOfRule, AccessRule, User, Server,
 		 Pass) ->
     case ejabberd_auth:check_password(User, <<"">>, Server, Pass) of
       true ->
-	  case is_acl_match(HostOfRule, AccessRule,
+	  case acl:any_rules_allowed(HostOfRule, AccessRule,
 			    jid:make(User, Server, <<"">>))
 	      of
 	    false -> {unauthorized, <<"unprivileged-account">>};
@@ -740,7 +747,7 @@ process_admin(Host,
 	    _ -> nothing
 	  end,
     ACLs = lists:keysort(2,
-			 ets:select(acl,
+			 mnesia:dirty_select(acl,
 				    [{{acl, {'$1', Host}, '$2'}, [],
 				      [{{acl, '$1', '$2'}}]}])),
     {NumLines, ACLsP} = term_to_paragraph(ACLs, 80),
@@ -777,7 +784,7 @@ process_admin(Host,
 	    _ -> nothing
 	  end,
     ACLs = lists:keysort(2,
-			 ets:select(acl,
+			 mnesia:dirty_select(acl,
 				    [{{acl, {'$1', Host}, '$2'}, [],
 				      [{{acl, '$1', '$2'}}]}])),
     make_xhtml((?H1GL((?T(<<"Access Control Lists">>)),
@@ -842,7 +849,7 @@ process_admin(Host,
 		end;
 	    _ -> nothing
 	  end,
-    Access = ets:select(access,
+    Access = mnesia:dirty_select(access,
 			[{{access, {'$1', Host}, '$2'}, [],
 			  [{{access, '$1', '$2'}}]}]),
     {NumLines, AccessP} = term_to_paragraph(lists:keysort(2,Access), 80),
@@ -876,7 +883,7 @@ process_admin(Host,
 		end;
 	    _ -> nothing
 	  end,
-    AccessRules = ets:select(access,
+    AccessRules = mnesia:dirty_select(access,
 			     [{{access, {'$1', Host}, '$2'}, [],
 			       [{{access, '$1', '$2'}}]}]),
     make_xhtml((?H1GL((?T(<<"Access Rules">>)),
@@ -1150,7 +1157,7 @@ term_to_paragraph(T, Cols) ->
 term_to_id(T) -> jlib:encode_base64((term_to_binary(T))).
 
 acl_parse_query(Host, Query) ->
-    ACLs = ets:select(acl,
+    ACLs = mnesia:dirty_select(acl,
 		      [{{acl, {'$1', Host}, '$2'}, [],
 			[{{acl, '$1', '$2'}}]}]),
     case lists:keysearch(<<"submit">>, 1, Query) of
@@ -1264,7 +1271,7 @@ access_rules_to_xhtml(AccessRules, Lang) ->
 				    <<"Add New">>)])])]))]).
 
 access_parse_query(Host, Query) ->
-    AccessRules = ets:select(access,
+    AccessRules = mnesia:dirty_select(access,
 			     [{{access, {'$1', Host}, '$2'}, [],
 			       [{{access, '$1', '$2'}}]}]),
     case lists:keysearch(<<"addnew">>, 1, Query) of
@@ -1337,7 +1344,7 @@ parse_access_rule(Text) ->
 list_vhosts(Lang, JID) ->
     Hosts = (?MYHOSTS),
     HostsAllowed = lists:filter(fun (Host) ->
-					is_acl_match(Host,
+					acl:any_rules_allowed(Host,
 						     [configure, webadmin_view],
 						     JID)
 				end,
@@ -1549,7 +1556,7 @@ su_to_list({Server, User}) ->
 %%%% get_stats
 
 get_stats(global, Lang) ->
-    OnlineUsers = mnesia:table_info(session, size),
+    OnlineUsers = ejabberd_sm:connected_users_number(),
     RegisteredUsers = lists:foldl(fun (Host, Total) ->
 					  ejabberd_auth:get_vh_registered_users_number(Host)
 					    + Total
@@ -2175,7 +2182,7 @@ get_node(global, Node, [<<"stats">>], _Query, Lang) ->
     CPUTime = ejabberd_cluster:call(Node, erlang, statistics, [runtime]),
     CPUTimeS = list_to_binary(io_lib:format("~.3f",
                                             [element(1, CPUTime) / 1000])),
-    OnlineUsers = mnesia:table_info(session, size),
+    OnlineUsers = ejabberd_sm:connected_users_number(),
     TransactionsCommitted = ejabberd_cluster:call(Node, mnesia,
 				     system_info, [transaction_commits]),
     TransactionsAborted = ejabberd_cluster:call(Node, mnesia,
@@ -2970,7 +2977,8 @@ make_menu_item(item, 3, URI, Name, Lang) ->
 %%%==================================
 
 
-opt_type(access) -> fun (V) -> V end;
-opt_type(_) -> [access].
+opt_type(access) -> fun acl:access_rules_validator/1;
+opt_type(access_readonly) -> fun acl:access_rules_validator/1;
+opt_type(_) -> [access, access_readonly].
 
 %%% vim: set foldmethod=marker foldmarker=%%%%,%%%=:
author	Evgeniy Khramtsov <ekhramtsov@process-one.net>	2016-11-12 13:27:15 +0300
committer	Evgeniy Khramtsov <ekhramtsov@process-one.net>	2016-11-12 13:27:15 +0300
commit	78a44e01762e00102f5e3e3f0b49690cc7866c31 (patch)
tree	b8ac7773f510ee3c1da4802bce2badc71c34c0b2 /src/ejabberd_web_admin.erl
parent	Add more tests for offline storage (diff)
parent	Support several groups separated by ; in add_rosteritem command (diff)