iarv/znc
1
0
Fork 0
mirror of https://github.com/znc/znc.git synced 2026-05-09 06:44:40 +02:00
Code Issues Packages Projects Releases Wiki Activity

Added F_ADMIN flag to CWebSubPage to require admin privs on a page-by-page basis

Browse Source 
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1792 726aef4b-f618-498e-8847-2d620e286838
This commit is contained in:
prozacx
2010-02-24 06:28:39 +00:00
parent 587fe3f99f
commit 6a07b44dcb
2 changed files with 35 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files
WebModules.cpp
+22 -4
View File
@@ -281,18 +281,23 @@ bool CWebSock::AddModLoop(const CString& sLoopName, CModule& Module) {
VWebSubPages& vSubPages = Module.GetSubPages();
for (unsigned int a = 0; a < vSubPages.size(); a++) {
CTemplate& SubRow = Row.AddRow("SubPageLoop");
TWebSubPage& SubPage = vSubPages[a];
// bActive is whether or not the current url matches this subpage (params will be checked below)
bool bActive = (m_sModName == Module.GetModName() && m_sPage == SubPage->GetName());
if (SubPage->RequiresAdmin() && !IsAdmin()) {
continue; // Don't add admin-only subpages to requests from non-admin users
}
CTemplate& SubRow = Row.AddRow("SubPageLoop");
SubRow["ModName"] = Module.GetModName();
SubRow["PageName"] = SubPage->GetName();
SubRow["Title"] = SubPage->GetTitle().empty() ? SubPage->GetName() : SubPage->GetTitle();
CString& sParams = SubRow["Params"];
// bActive is whether or not the current url matches this subpage (including the params below)
bool bActive = (m_sModName == Module.GetModName() && m_sPage == SubPage->GetName());
const VPair& vParams = SubPage->GetParams();
for (size_t b = 0; b < vParams.size(); b++) {
pair<CString, CString> ssNV = vParams[b];
@@ -454,6 +459,19 @@ bool CWebSock::OnPageRequest(const CString& sURI, CString& sPageRet) {
return true;
}
VWebSubPages& vSubPages = pModule->GetSubPages();
for (unsigned int a = 0; a < vSubPages.size(); a++) {
TWebSubPage& SubPage = vSubPages[a];
bool bActive = (m_sModName == pModule->GetModName() && m_sPage == SubPage->GetName());
if (bActive && SubPage->RequiresAdmin() && !IsAdmin()) {
sPageRet = GetErrorPage(403, "Forbidden", "You need to be an admin to access this page");
return true;
}
}
if (pModule && !pModule->IsGlobal() && (!IsLoggedIn() || pModule->GetUser() != GetSessionUser())) {
AddModLoop("UserModLoop", *pModule);
}
WebModules.h
+13 -3
View File
@@ -34,21 +34,31 @@ private:
class CWebSubPage {
public:
CWebSubPage(const CString& sName, const CString& sTitle = "") : m_sName(sName), m_sTitle(sTitle) {
CWebSubPage(const CString& sName, const CString& sTitle = "", unsigned int uFlags = 0) : m_sName(sName), m_sTitle(sTitle) {
m_uFlags = uFlags;
}
CWebSubPage(const CString& sName, const CString& sTitle, const VPair& vParams, unsigned int uFlags = 0) : m_sName(sName), m_sTitle(sTitle), m_vParams(vParams) {
m_uFlags = uFlags;
}
CWebSubPage(const CString& sName, const CString& sTitle, const VPair& vParams) : m_sName(sName), m_sTitle(sTitle), m_vParams(vParams) {}
virtual ~CWebSubPage() {}
enum {
F_ADMIN = 1
};
void SetName(const CString& s) { m_sName = s; }
void SetTitle(const CString& s) { m_sTitle = s; }
void AddParam(const CString& sName, const CString& sValue) { m_vParams.push_back(make_pair(sName, sValue)); }
bool RequiresAdmin() const { return m_uFlags & F_ADMIN; }
const CString& GetName() const { return m_sName; }
const CString& GetTitle() const { return m_sTitle; }
const VPair& GetParams() const { return m_vParams; }
private:
unsigned int m_uFlags;
CString m_sName;
CString m_sTitle;
VPair m_vParams;