{result, Its} -> Its;
empty -> []
end,
+ PermLev = get_permission_level(From),
%% Recursively get all configure commands
- Nodes = recursively_get_local_items(LServer, "", Server, Lang),
+ Nodes = recursively_get_local_items(PermLev, LServer, "", Server,
+ Lang),
Nodes1 = lists:filter(
fun(N) ->
Nd = xml:get_tag_attr_s("node", N),
Acc
end.
-recursively_get_local_items(_LServer, "online users", _Server, _Lang) ->
+recursively_get_local_items(_PermLev, _LServer, "online users", _Server, _Lang) ->
[];
-recursively_get_local_items(_LServer, "all users", _Server, _Lang) ->
+recursively_get_local_items(_PermLev, _LServer, "all users", _Server, _Lang) ->
[];
-recursively_get_local_items(LServer, Node, Server, Lang) ->
+recursively_get_local_items(PermLev, LServer, Node, Server, Lang) ->
LNode = tokenize(Node),
- Items = case get_local_items(LServer, LNode, Server, Lang) of
+ Items = case get_local_items({PermLev, LServer}, LNode, Server, Lang) of
{result, Res} ->
Res;
{error, _Error} ->
[];
true ->
[N, recursively_get_local_items(
- LServer, Nd, Server, Lang)]
+ PermLev, LServer, Nd, Server, Lang)]
end
end, Items)),
Nodes.
+get_permission_level(JID) ->
+ case acl:match_rule(global, configure, JID) of
+ allow -> global;
+ deny -> vhost
+ end.
+
%%%-----------------------------------------------------------------------
-define(ITEMS_RESULT(Allow, LNode, Fallback),
deny ->
Fallback;
allow ->
- case get_local_items(LServer, LNode,
+ PermLev = get_permission_level(From),
+ case get_local_items({PermLev, LServer}, LNode,
jlib:jid_to_string(To), Lang) of
{result, Res} ->
{result, Res};
deny ->
{result, Items};
allow ->
- case get_local_items(LServer, [],
+ PermLev = get_permission_level(From),
+ case get_local_items({PermLev, LServer}, [],
jlib:jid_to_string(To), Lang) of
{result, Res} ->
{result, Items ++ Res};
%%%-----------------------------------------------------------------------
+%% @spec ({PermissionLevel, Host}, [string()], Server::string(), Lang)
+%% -> {result, [xmlelement()]}
+%% PermissionLevel = global | vhost
get_local_items(_Host, [], Server, Lang) ->
{result,
[?NODE("Configuration", "config"),
get_local_items(_Host, ["http:" | _], _Server, _Lang) ->
{result, []};
-get_local_items(Host, ["online users"], _Server, _Lang) ->
+get_local_items({_, Host}, ["online users"], _Server, _Lang) ->
{result, get_online_vh_users(Host)};
-get_local_items(Host, ["all users"], _Server, _Lang) ->
+get_local_items({_, Host}, ["all users"], _Server, _Lang) ->
{result, get_all_vh_users(Host)};
-get_local_items(Host, ["all users", [$@ | Diap]], _Server, _Lang) ->
+get_local_items({_, Host}, ["all users", [$@ | Diap]], _Server, _Lang) ->
case catch ejabberd_auth:get_vh_registered_users(Host) of
{'EXIT', _Reason} ->
?ERR_INTERNAL_SERVER_ERROR;
end
end;
-get_local_items(Host, ["outgoing s2s"], _Server, Lang) ->
+get_local_items({_, Host}, ["outgoing s2s"], _Server, Lang) ->
{result, get_outgoing_s2s(Host, Lang)};
-get_local_items(Host, ["outgoing s2s", To], _Server, Lang) ->
+get_local_items({_, Host}, ["outgoing s2s", To], _Server, Lang) ->
{result, get_outgoing_s2s(Host, Lang, To)};
get_local_items(_Host, ["running nodes"], Server, Lang) ->
get_local_items(_Host, ["stopped nodes"], _Server, Lang) ->
{result, get_stopped_nodes(Lang)};
-get_local_items(_Host, ["running nodes", ENode], Server, Lang) ->
+get_local_items({global, _Host}, ["running nodes", ENode], Server, Lang) ->
{result,
[?NODE("Database", "running nodes/" ++ ENode ++ "/DB"),
?NODE("Modules", "running nodes/" ++ ENode ++ "/modules"),
?NODE("Shut Down Service", "running nodes/" ++ ENode ++ "/shutdown")
]};
+get_local_items({vhost, _Host}, ["running nodes", ENode], Server, Lang) ->
+ {result,
+ [?NODE("Modules", "running nodes/" ++ ENode ++ "/modules")
+ ]};
+
get_local_items(_Host, ["running nodes", _ENode, "DB"], _Server, _Lang) ->
{result, []};
%%-------------------------------------------------------------------------
--define(COMMANDS_RESULT(Allow, From, To, Request),
- case Allow of
+-define(COMMANDS_RESULT(LServerOrGlobal, From, To, Request),
+ case acl:match_rule(LServerOrGlobal, configure, From) of
deny ->
{error, ?ERR_FORBIDDEN};
allow ->
adhoc_local_commands(Acc, From, #jid{lserver = LServer} = To,
#adhoc_request{node = Node} = Request) ->
LNode = tokenize(Node),
- Allow = acl:match_rule(LServer, configure, From),
case LNode of
["running nodes", _ENode, "DB"] ->
- ?COMMANDS_RESULT(Allow, From, To, Request);
+ ?COMMANDS_RESULT(global, From, To, Request);
["running nodes", _ENode, "modules", _] ->
- ?COMMANDS_RESULT(Allow, From, To, Request);
+ ?COMMANDS_RESULT(LServer, From, To, Request);
["running nodes", _ENode, "backup", _] ->
- ?COMMANDS_RESULT(Allow, From, To, Request);
+ ?COMMANDS_RESULT(global, From, To, Request);
["running nodes", _ENode, "import", _] ->
- ?COMMANDS_RESULT(Allow, From, To, Request);
+ ?COMMANDS_RESULT(global, From, To, Request);
["running nodes", _ENode, "restart"] ->
- ?COMMANDS_RESULT(Allow, From, To, Request);
+ ?COMMANDS_RESULT(global, From, To, Request);
["running nodes", _ENode, "shutdown"] ->
- ?COMMANDS_RESULT(Allow, From, To, Request);
+ ?COMMANDS_RESULT(global, From, To, Request);
["config", _] ->
- ?COMMANDS_RESULT(Allow, From, To, Request);
+ ?COMMANDS_RESULT(LServer, From, To, Request);
?NS_ADMINL(_) ->
- ?COMMANDS_RESULT(Allow, From, To, Request);
+ ?COMMANDS_RESULT(LServer, From, To, Request);
_ ->
Acc
end.
{error, ?ERR_BAD_REQUEST}
end;
-set_form(_From, _Host, ?NS_ADMINL("add-user"), _Lang, XData) ->
+set_form(From, Host, ?NS_ADMINL("add-user"), _Lang, XData) ->
AccountString = get_value("accountjid", XData),
Password = get_value("password", XData),
Password = get_value("password-verify", XData),
User = AccountJID#jid.luser,
Server = AccountJID#jid.lserver,
true = lists:member(Server, ?MYHOSTS),
+ true = (Server == Host) orelse (get_permission_level(From) == global),
ejabberd_auth:try_register(User, Server, Password),
{result, []};
-set_form(_From, _Host, ?NS_ADMINL("delete-user"), _Lang, XData) ->
+set_form(From, Host, ?NS_ADMINL("delete-user"), _Lang, XData) ->
AccountStringList = get_values("accountjids", XData),
[_|_] = AccountStringList,
ASL2 = lists:map(
JID = jlib:string_to_jid(AccountString),
[_|_] = JID#jid.luser,
User = JID#jid.luser,
- Server = JID#jid.lserver,
+ Server = JID#jid.lserver,
+ true = (Server == Host) orelse (get_permission_level(From) == global),
true = ejabberd_auth:is_user_exists(User, Server),
{User, Server}
end,
[ejabberd_auth:remove_user(User, Server) || {User, Server} <- ASL2],
{result, []};
-set_form(_From, _Host, ?NS_ADMINL("end-user-session"), _Lang, XData) ->
+set_form(From, Host, ?NS_ADMINL("end-user-session"), _Lang, XData) ->
AccountString = get_value("accountjid", XData),
JID = jlib:string_to_jid(AccountString),
[_|_] = JID#jid.luser,
LUser = JID#jid.luser,
LServer = JID#jid.lserver,
+ true = (LServer == Host) orelse (get_permission_level(From) == global),
%% Code copied from ejabberd_sm.erl
case JID#jid.lresource of
[] ->
end,
{result, []};
-set_form(_From, _Host, ?NS_ADMINL("get-user-password"), Lang, XData) ->
+set_form(From, Host, ?NS_ADMINL("get-user-password"), Lang, XData) ->
AccountString = get_value("accountjid", XData),
JID = jlib:string_to_jid(AccountString),
[_|_] = JID#jid.luser,
User = JID#jid.luser,
Server = JID#jid.lserver,
+ true = (Server == Host) orelse (get_permission_level(From) == global),
Password = ejabberd_auth:get_password(User, Server),
true = is_list(Password),
{result, [{xmlelement, "x", [{"xmlns", ?NS_XDATA}],
?XFIELD("text-single", "Password", "password", Password)
]}]};
-set_form(_From, _Host, ?NS_ADMINL("change-user-password"), _Lang, XData) ->
+set_form(From, Host, ?NS_ADMINL("change-user-password"), _Lang, XData) ->
AccountString = get_value("accountjid", XData),
Password = get_value("password", XData),
JID = jlib:string_to_jid(AccountString),
[_|_] = JID#jid.luser,
User = JID#jid.luser,
Server = JID#jid.lserver,
+ true = (Server == Host) orelse (get_permission_level(From) == global),
true = ejabberd_auth:is_user_exists(User, Server),
ejabberd_auth:set_password(User, Server, Password),
{result, []};
-set_form(_From, _Host, ?NS_ADMINL("get-user-lastlogin"), Lang, XData) ->
+set_form(From, Host, ?NS_ADMINL("get-user-lastlogin"), Lang, XData) ->
AccountString = get_value("accountjid", XData),
JID = jlib:string_to_jid(AccountString),
[_|_] = JID#jid.luser,
User = JID#jid.luser,
Server = JID#jid.lserver,
+ true = (Server == Host) orelse (get_permission_level(From) == global),
%% Code copied from web/ejabberd_web_admin.erl
%% TODO: Update time format to XEP-0202: Entity Time
?XFIELD("text-single", "Last login", "lastlogin", FLast)
]}]};
-set_form(_From, _Host, ?NS_ADMINL("user-stats"), Lang, XData) ->
+set_form(From, Host, ?NS_ADMINL("user-stats"), Lang, XData) ->
AccountString = get_value("accountjid", XData),
JID = jlib:string_to_jid(AccountString),
[_|_] = JID#jid.luser,
User = JID#jid.luser,
Server = JID#jid.lserver,
+ true = (Server == Host) orelse (get_permission_level(From) == global),
Resources = ejabberd_sm:get_user_resources(User, Server),
IPs1 = [ejabberd_sm:get_user_ip(User, Server, Resource) || Resource <- Resources],
projects / ejabberd / commitdiff