From aff85c2244b1bfecd8b53baddbab0f59422e49ba Mon Sep 17 00:00:00 2001 From: prozacx Date: Wed, 24 Feb 2010 06:28:39 +0000 Subject: [PATCH] Added F_ADMIN flag to CWebSubPage to require admin privs on a page-by-page basis git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1792 726aef4b-f618-498e-8847-2d620e286838 --- WebModules.cpp | 26 ++++++++++++++++++++++---- WebModules.h | 16 +++++++++++++--- 2 files changed, 35 insertions(+), 7 deletions(-) diff --git a/WebModules.cpp b/WebModules.cpp index a13749f7..193f393e 100644 --- a/WebModules.cpp +++ b/WebModules.cpp @@ -281,18 +281,23 @@ bool CWebSock::AddModLoop(const CString& sLoopName, CModule& Module) { VWebSubPages& vSubPages = Module.GetSubPages(); for (unsigned int a = 0; a < vSubPages.size(); a++) { - CTemplate& SubRow = Row.AddRow("SubPageLoop"); TWebSubPage& SubPage = vSubPages[a]; + // bActive is whether or not the current url matches this subpage (params will be checked below) + bool bActive = (m_sModName == Module.GetModName() && m_sPage == SubPage->GetName()); + + if (SubPage->RequiresAdmin() && !IsAdmin()) { + continue; // Don't add admin-only subpages to requests from non-admin users + } + + CTemplate& SubRow = Row.AddRow("SubPageLoop"); + SubRow["ModName"] = Module.GetModName(); SubRow["PageName"] = SubPage->GetName(); SubRow["Title"] = SubPage->GetTitle().empty() ? SubPage->GetName() : SubPage->GetTitle(); CString& sParams = SubRow["Params"]; - // bActive is whether or not the current url matches this subpage (including the params below) - bool bActive = (m_sModName == Module.GetModName() && m_sPage == SubPage->GetName()); - const VPair& vParams = SubPage->GetParams(); for (size_t b = 0; b < vParams.size(); b++) { pair ssNV = vParams[b]; @@ -454,6 +459,19 @@ bool CWebSock::OnPageRequest(const CString& sURI, CString& sPageRet) { return true; } + VWebSubPages& vSubPages = pModule->GetSubPages(); + + for (unsigned int a = 0; a < vSubPages.size(); a++) { + TWebSubPage& SubPage = vSubPages[a]; + + bool bActive = (m_sModName == pModule->GetModName() && m_sPage == SubPage->GetName()); + + if (bActive && SubPage->RequiresAdmin() && !IsAdmin()) { + sPageRet = GetErrorPage(403, "Forbidden", "You need to be an admin to access this page"); + return true; + } + } + if (pModule && !pModule->IsGlobal() && (!IsLoggedIn() || pModule->GetUser() != GetSessionUser())) { AddModLoop("UserModLoop", *pModule); } diff --git a/WebModules.h b/WebModules.h index 11e63760..3e2deb92 100644 --- a/WebModules.h +++ b/WebModules.h @@ -34,21 +34,31 @@ private: class CWebSubPage { public: - CWebSubPage(const CString& sName, const CString& sTitle = "") : m_sName(sName), m_sTitle(sTitle) { + CWebSubPage(const CString& sName, const CString& sTitle = "", unsigned int uFlags = 0) : m_sName(sName), m_sTitle(sTitle) { + m_uFlags = uFlags; + } + + CWebSubPage(const CString& sName, const CString& sTitle, const VPair& vParams, unsigned int uFlags = 0) : m_sName(sName), m_sTitle(sTitle), m_vParams(vParams) { + m_uFlags = uFlags; } - CWebSubPage(const CString& sName, const CString& sTitle, const VPair& vParams) : m_sName(sName), m_sTitle(sTitle), m_vParams(vParams) {} virtual ~CWebSubPage() {} + enum { + F_ADMIN = 1 + }; + void SetName(const CString& s) { m_sName = s; } void SetTitle(const CString& s) { m_sTitle = s; } void AddParam(const CString& sName, const CString& sValue) { m_vParams.push_back(make_pair(sName, sValue)); } + bool RequiresAdmin() const { return m_uFlags & F_ADMIN; } + const CString& GetName() const { return m_sName; } const CString& GetTitle() const { return m_sTitle; } const VPair& GetParams() const { return m_vParams; } - private: + unsigned int m_uFlags; CString m_sName; CString m_sTitle; VPair m_vParams;