diff options
| author | Paweł Chmielowski <pchmielowski@process-one.net> | 2016-07-19 11:26:33 +0200 |
|---|---|---|
| committer | Paweł Chmielowski <pchmielowski@process-one.net> | 2016-07-19 11:27:45 +0200 |
| commit | 655cbf6055c00769108d5c810afbef14c2962b0a (patch) | |
| tree | 8c470d715f3787bb04a34ca3a352a020dc55be56 /src | |
| parent | Fix command argument formatting (diff) | |
Make access rules in ejabberd_web_admin configurable
Diffstat (limited to 'src')
| -rw-r--r-- | src/ejabberd_web_admin.erl | 26 |
1 files changed, 20 insertions, 6 deletions
diff --git a/src/ejabberd_web_admin.erl b/src/ejabberd_web_admin.erl index 3281f6430..62f2eb7fa 100644 --- a/src/ejabberd_web_admin.erl +++ b/src/ejabberd_web_admin.erl @@ -74,14 +74,27 @@ get_acl_rule([<<"vhosts">>], _) -> %% The pages of a vhost are only accesible if the user is admin of that vhost: get_acl_rule([<<"server">>, VHost | _RPath], Method) when Method =:= 'GET' orelse Method =:= 'HEAD' -> - {VHost, [configure, webadmin_view]}; + AC = gen_mod:get_module_opt(VHost, ejabberd_web_admin, + access, fun(A) -> A end, configure), + ACR = gen_mod:get_module_opt(VHost, ejabberd_web_admin, + access_readonly, fun(A) -> A end, webadmin_view), + {VHost, [AC, ACR]}; get_acl_rule([<<"server">>, VHost | _RPath], 'POST') -> - {VHost, [configure]}; + AC = gen_mod:get_module_opt(VHost, ejabberd_web_admin, + access, fun(A) -> A end, configure), + {VHost, [AC]}; %% Default rule: only global admins can access any other random page get_acl_rule(_RPath, Method) when Method =:= 'GET' orelse Method =:= 'HEAD' -> - {global, [configure, webadmin_view]}; -get_acl_rule(_RPath, 'POST') -> {global, [configure]}. + AC = gen_mod:get_module_opt(global, ejabberd_web_admin, + access, fun(A) -> A end, configure), + ACR = gen_mod:get_module_opt(global, ejabberd_web_admin, + access_readonly, fun(A) -> A end, webadmin_view), + {global, [AC, ACR]}; +get_acl_rule(_RPath, 'POST') -> + AC = gen_mod:get_module_opt(global, ejabberd_web_admin, + access, fun(A) -> A end, configure), + {global, [AC]}. is_acl_match(Host, Rules, Jid) -> lists:any(fun (Rule) -> @@ -2965,7 +2978,8 @@ make_menu_item(item, 3, URI, Name, Lang) -> %%%================================== -opt_type(access) -> fun (V) -> V end; -opt_type(_) -> [access]. +opt_type(access) -> fun acl:access_rules_validator/1; +opt_type(access_readonly) -> fun acl:access_rules_validator/1; +opt_type(_) -> [access, access_readonly]. %%% vim: set foldmethod=marker foldmarker=%%%%,%%%=: |