From 1485b5621151c37948ebd6c68232c3ffd23984f1 Mon Sep 17 00:00:00 2001
From: Mickael Remond <mremond@process-one.net>
Date: Sat, 23 Jul 2016 16:21:00 +0200
Subject: Move any access rules check to ACL module

---
 src/acl.erl                | 11 ++++++++++-
 src/ejabberd_web_admin.erl | 14 ++++----------
 2 files changed, 14 insertions(+), 11 deletions(-)

(limited to 'src')

diff --git a/src/acl.erl b/src/acl.erl
index 31a7547dd..834b85d97 100644
--- a/src/acl.erl
+++ b/src/acl.erl
@@ -31,7 +31,7 @@
 
 -export([add_access/3, clear/0]).
 -export([start/0, add/3, add_list/3, add_local/3, add_list_local/3,
-	 load_from_config/0, match_rule/3,
+	 load_from_config/0, match_rule/3, any_rules_allowed/3,
 	 transform_options/1, opt_type/1, acl_rule_matches/3,
 	 acl_rule_verify/1, access_matches/3,
 	 transform_access_rules_config/1,
@@ -274,6 +274,15 @@ normalize_spec(Spec) ->
             end
     end.
 
+-spec any_rules_allowed(global | binary(), access_name(),
+                           jid() | ljid() | inet:ip_address()) -> boolean().
+
+any_rules_allowed(Host, Access, Entity) ->
+    lists:any(fun (Rule) ->
+                      allow == acl:match_rule(Host, Rule, Entity)
+              end,
+              Access).
+
 -spec match_rule(global | binary(), access_name(),
                  jid() | ljid() | inet:ip_address()) -> any().
 
diff --git a/src/ejabberd_web_admin.erl b/src/ejabberd_web_admin.erl
index 62f2eb7fa..6583fb445 100644
--- a/src/ejabberd_web_admin.erl
+++ b/src/ejabberd_web_admin.erl
@@ -96,12 +96,6 @@ get_acl_rule(_RPath, 'POST') ->
 				access, fun(A) -> A end, configure),
     {global, [AC]}.
 
-is_acl_match(Host, Rules, Jid) ->
-    lists:any(fun (Rule) ->
-		      allow == acl:match_rule(Host, Rule, Jid)
-	      end,
-	      Rules).
-
 %%%==================================
 %%%% Menu Items Access
 
@@ -151,7 +145,7 @@ is_allowed_path([<<"admin">> | Path], JID) ->
     is_allowed_path(Path, JID);
 is_allowed_path(Path, JID) ->
     {HostOfRule, AccessRule} = get_acl_rule(Path, 'GET'),
-    is_acl_match(HostOfRule, AccessRule, JID).
+    acl:any_rules_allowed(HostOfRule, AccessRule, JID).
 
 %% @spec(Path) -> URL
 %% where Path = [string()]
@@ -279,8 +273,8 @@ get_auth_account(HostOfRule, AccessRule, User, Server,
 		 Pass) ->
     case ejabberd_auth:check_password(User, <<"">>, Server, Pass) of
       true ->
-	  case is_acl_match(HostOfRule, AccessRule,
-			    jid:make(User, Server, <<"">>))
+	  case acl:any_rules_allowed(HostOfRule, AccessRule,
+                               jid:make(User, Server, <<"">>))
 	      of
 	    false -> {unauthorized, <<"unprivileged-account">>};
 	    true -> {ok, {User, Server}}
@@ -1346,7 +1340,7 @@ parse_access_rule(Text) ->
 list_vhosts(Lang, JID) ->
     Hosts = (?MYHOSTS),
     HostsAllowed = lists:filter(fun (Host) ->
-					is_acl_match(Host,
+					acl:any_rules_allowed(Host,
 						     [configure, webadmin_view],
 						     JID)
 				end,
-- 
cgit v1.2.3