iarv/znc
1
0
Fork 0
mirror of https://github.com/znc/znc.git synced 2026-03-28 17:42:41 +01:00
Code Issues Packages Projects Releases Wiki Activity

Added F_ADMIN flag to CWebSubPage to require admin privs on a page-by-page basis

Browse Source 
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1792 726aef4b-f618-498e-8847-2d620e286838
This commit is contained in:
prozacx
2010-02-24 06:28:39 +00:00
parent aadde9b48f
commit aff85c2244
2 changed files with 35 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
WebModules.cpp
View File

@@ -281,18 +281,23 @@ bool CWebSock::AddModLoop(const CString& sLoopName, CModule& Module) {
VWebSubPages& vSubPages = Module.GetSubPages();
for (unsigned int a = 0; a < vSubPages.size(); a++) {
CTemplate& SubRow = Row.AddRow("SubPageLoop");
TWebSubPage& SubPage = vSubPages[a];
// bActive is whether or not the current url matches this subpage (params will be checked below)
bool bActive = (m_sModName == Module.GetModName() && m_sPage == SubPage->GetName());
if (SubPage->RequiresAdmin() && !IsAdmin()) {
continue; // Don't add admin-only subpages to requests from non-admin users
}
CTemplate& SubRow = Row.AddRow("SubPageLoop");
SubRow["ModName"] = Module.GetModName();
SubRow["PageName"] = SubPage->GetName();
SubRow["Title"] = SubPage->GetTitle().empty() ? SubPage->GetName() : SubPage->GetTitle();
CString& sParams = SubRow["Params"];
// bActive is whether or not the current url matches this subpage (including the params below)
bool bActive = (m_sModName == Module.GetModName() && m_sPage == SubPage->GetName());
const VPair& vParams = SubPage->GetParams();
for (size_t b = 0; b < vParams.size(); b++) {
pair<CString, CString> ssNV = vParams[b];
@@ -454,6 +459,19 @@ bool CWebSock::OnPageRequest(const CString& sURI, CString& sPageRet) {
return true;
}
VWebSubPages& vSubPages = pModule->GetSubPages();
for (unsigned int a = 0; a < vSubPages.size(); a++) {
TWebSubPage& SubPage = vSubPages[a];
bool bActive = (m_sModName == pModule->GetModName() && m_sPage == SubPage->GetName());
if (bActive && SubPage->RequiresAdmin() && !IsAdmin()) {
sPageRet = GetErrorPage(403, "Forbidden", "You need to be an admin to access this page");
return true;
}
}
if (pModule && !pModule->IsGlobal() && (!IsLoggedIn() || pModule->GetUser() != GetSessionUser())) {
AddModLoop("UserModLoop", *pModule);
}