diff options
| author | Mickael Remond <mremond@process-one.net> | 2016-07-23 16:21:00 +0200 |
|---|---|---|
| committer | Mickael Remond <mremond@process-one.net> | 2016-07-23 18:21:45 +0200 |
| commit | 1485b5621151c37948ebd6c68232c3ffd23984f1 (patch) | |
| tree | 2dd304146d95dc7889f04a51a335e004a9aa9908 /src | |
| parent | Clean-up of error codes and format json structure (diff) | |
Move any access rules check to ACL module
Diffstat (limited to '')
| -rw-r--r-- | src/acl.erl | 11 | ||||
| -rw-r--r-- | src/ejabberd_web_admin.erl | 14 |
2 files changed, 14 insertions, 11 deletions
diff --git a/src/acl.erl b/src/acl.erl index 31a7547dd..834b85d97 100644 --- a/src/acl.erl +++ b/src/acl.erl @@ -31,7 +31,7 @@ -export([add_access/3, clear/0]). -export([start/0, add/3, add_list/3, add_local/3, add_list_local/3, - load_from_config/0, match_rule/3, + load_from_config/0, match_rule/3, any_rules_allowed/3, transform_options/1, opt_type/1, acl_rule_matches/3, acl_rule_verify/1, access_matches/3, transform_access_rules_config/1, @@ -274,6 +274,15 @@ normalize_spec(Spec) -> end end. +-spec any_rules_allowed(global | binary(), access_name(), + jid() | ljid() | inet:ip_address()) -> boolean(). + +any_rules_allowed(Host, Access, Entity) -> + lists:any(fun (Rule) -> + allow == acl:match_rule(Host, Rule, Entity) + end, + Access). + -spec match_rule(global | binary(), access_name(), jid() | ljid() | inet:ip_address()) -> any(). diff --git a/src/ejabberd_web_admin.erl b/src/ejabberd_web_admin.erl index 62f2eb7fa..6583fb445 100644 --- a/src/ejabberd_web_admin.erl +++ b/src/ejabberd_web_admin.erl @@ -96,12 +96,6 @@ get_acl_rule(_RPath, 'POST') -> access, fun(A) -> A end, configure), {global, [AC]}. -is_acl_match(Host, Rules, Jid) -> - lists:any(fun (Rule) -> - allow == acl:match_rule(Host, Rule, Jid) - end, - Rules). - %%%================================== %%%% Menu Items Access @@ -151,7 +145,7 @@ is_allowed_path([<<"admin">> | Path], JID) -> is_allowed_path(Path, JID); is_allowed_path(Path, JID) -> {HostOfRule, AccessRule} = get_acl_rule(Path, 'GET'), - is_acl_match(HostOfRule, AccessRule, JID). + acl:any_rules_allowed(HostOfRule, AccessRule, JID). %% @spec(Path) -> URL %% where Path = [string()] @@ -279,8 +273,8 @@ get_auth_account(HostOfRule, AccessRule, User, Server, Pass) -> case ejabberd_auth:check_password(User, <<"">>, Server, Pass) of true -> - case is_acl_match(HostOfRule, AccessRule, - jid:make(User, Server, <<"">>)) + case acl:any_rules_allowed(HostOfRule, AccessRule, + jid:make(User, Server, <<"">>)) of false -> {unauthorized, <<"unprivileged-account">>}; true -> {ok, {User, Server}} @@ -1346,7 +1340,7 @@ parse_access_rule(Text) -> list_vhosts(Lang, JID) -> Hosts = (?MYHOSTS), HostsAllowed = lists:filter(fun (Host) -> - is_acl_match(Host, + acl:any_rules_allowed(Host, [configure, webadmin_view], JID) end, |