aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/ejabberd_web_admin.erl26
1 files changed, 20 insertions, 6 deletions
diff --git a/src/ejabberd_web_admin.erl b/src/ejabberd_web_admin.erl
index 3281f6430..62f2eb7fa 100644
--- a/src/ejabberd_web_admin.erl
+++ b/src/ejabberd_web_admin.erl
@@ -74,14 +74,27 @@ get_acl_rule([<<"vhosts">>], _) ->
%% The pages of a vhost are only accesible if the user is admin of that vhost:
get_acl_rule([<<"server">>, VHost | _RPath], Method)
when Method =:= 'GET' orelse Method =:= 'HEAD' ->
- {VHost, [configure, webadmin_view]};
+ AC = gen_mod:get_module_opt(VHost, ejabberd_web_admin,
+ access, fun(A) -> A end, configure),
+ ACR = gen_mod:get_module_opt(VHost, ejabberd_web_admin,
+ access_readonly, fun(A) -> A end, webadmin_view),
+ {VHost, [AC, ACR]};
get_acl_rule([<<"server">>, VHost | _RPath], 'POST') ->
- {VHost, [configure]};
+ AC = gen_mod:get_module_opt(VHost, ejabberd_web_admin,
+ access, fun(A) -> A end, configure),
+ {VHost, [AC]};
%% Default rule: only global admins can access any other random page
get_acl_rule(_RPath, Method)
when Method =:= 'GET' orelse Method =:= 'HEAD' ->
- {global, [configure, webadmin_view]};
-get_acl_rule(_RPath, 'POST') -> {global, [configure]}.
+ AC = gen_mod:get_module_opt(global, ejabberd_web_admin,
+ access, fun(A) -> A end, configure),
+ ACR = gen_mod:get_module_opt(global, ejabberd_web_admin,
+ access_readonly, fun(A) -> A end, webadmin_view),
+ {global, [AC, ACR]};
+get_acl_rule(_RPath, 'POST') ->
+ AC = gen_mod:get_module_opt(global, ejabberd_web_admin,
+ access, fun(A) -> A end, configure),
+ {global, [AC]}.
is_acl_match(Host, Rules, Jid) ->
lists:any(fun (Rule) ->
@@ -2965,7 +2978,8 @@ make_menu_item(item, 3, URI, Name, Lang) ->
%%%==================================
-opt_type(access) -> fun (V) -> V end;
-opt_type(_) -> [access].
+opt_type(access) -> fun acl:access_rules_validator/1;
+opt_type(access_readonly) -> fun acl:access_rules_validator/1;
+opt_type(_) -> [access, access_readonly].
%%% vim: set foldmethod=marker foldmarker=%%%%,%%%=:
generated by cgit v1.2.3 (git 2.25.1) at 2025-09-10 02:28:41 +0000