From: Evgeniy Khramtsov Date: Mon, 19 Mar 2018 09:29:07 +0000 (+0300) Subject: Hardcode ACL rules used by ejabberd_web_admin X-Git-Tag: 18.03~18 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=e1e798691870ea2ffc8838143c4b682085d414fa;p=ejabberd Hardcode ACL rules used by ejabberd_web_admin --- diff --git a/src/ejabberd_web_admin.erl b/src/ejabberd_web_admin.erl index da9664a48..20c630df1 100644 --- a/src/ejabberd_web_admin.erl +++ b/src/ejabberd_web_admin.erl @@ -74,21 +74,15 @@ get_acl_rule([<<"vhosts">>], _) -> %% The pages of a vhost are only accesible if the user is admin of that vhost: get_acl_rule([<<"server">>, VHost | _RPath], Method) when Method =:= 'GET' orelse Method =:= 'HEAD' -> - AC = ejabberd_config:get_option({access, VHost}, configure), - ACR = ejabberd_config:get_option({access_readonly, VHost}, webadmin_view), - {VHost, [AC, ACR]}; + {VHost, [configure, webadmin_view]}; get_acl_rule([<<"server">>, VHost | _RPath], 'POST') -> - AC = ejabberd_config:get_option({access, VHost}, configure), - {VHost, [AC]}; + {VHost, [configure]}; %% Default rule: only global admins can access any other random page get_acl_rule(_RPath, Method) when Method =:= 'GET' orelse Method =:= 'HEAD' -> - AC = ejabberd_config:get_option(access, configure), - ACR = ejabberd_config:get_option(access_readonly, webadmin_view), - {global, [AC, ACR]}; + {global, [configure, webadmin_view]}; get_acl_rule(_RPath, 'POST') -> - AC = ejabberd_config:get_option(access, configure), - {global, [AC]}. + {global, [configure]}. %%%================================== %%%% Menu Items Access @@ -269,7 +263,7 @@ get_auth_account(HostOfRule, AccessRule, User, Server, case ejabberd_auth:check_password(User, <<"">>, Server, Pass) of true -> case acl:any_rules_allowed(HostOfRule, AccessRule, - jid:make(User, Server)) + jid:make(User, Server)) of false -> {unauthorized, <<"unprivileged-account">>}; true -> {ok, {User, Server}}