iarv/znc
1
0
Fork 0
mirror of https://github.com/znc/znc.git synced 2026-03-28 17:42:41 +01:00
Code Issues Packages Projects Releases Wiki Activity

Added a bunch of admin checks

Browse Source 
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1793 726aef4b-f618-498e-8847-2d620e286838
This commit is contained in:
prozacx
2010-02-24 06:31:58 +00:00
parent aff85c2244
commit e4f907dc42
1 changed files with 42 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

49
modules/webadmin.cpp
View File

@@ -33,13 +33,13 @@ using std::make_pair;
class CWebAdminMod : public CGlobalModule {
public:
GLOBALMODCONSTRUCTOR(CWebAdminMod) {
AddSubPage(new CWebSubPage("settings", "Global Settings"));
VPair vParams;
vParams.push_back(make_pair("user", ""));
AddSubPage(new CWebSubPage("edituser", "Your Settings", vParams));
AddSubPage(new CWebSubPage("listusers", "List Users"));
AddSubPage(new CWebSubPage("adduser", "Add User"));
AddSubPage(new CWebSubPage("settings", "Global Settings", CWebSubPage::F_ADMIN));
AddSubPage(new CWebSubPage("listusers", "List Users", CWebSubPage::F_ADMIN));
AddSubPage(new CWebSubPage("adduser", "Add User", CWebSubPage::F_ADMIN));
}
virtual ~CWebAdminMod() {
@@ -223,12 +223,27 @@ public:
virtual CString GetWebMenuTitle() { return "webadmin"; }
virtual bool OnWebRequest(CWebSock& WebSock, const CString& sPageName, CTemplate& Tmpl) {
if (sPageName == "settings") {
// Admin Check
if (!WebSock.IsAdmin()) {
return false;
}
return SettingsPage(WebSock, Tmpl);
} else if (sPageName == "adduser") {
// Admin Check
if (!WebSock.IsAdmin()) {
return false;
}
return UserPage(WebSock, Tmpl);
} else if (sPageName == "editchan") {
CUser* pUser = CZNC::Get().FindUser(WebSock.GetParam("user"));
// Admin/Self Check
if (!WebSock.IsAdmin() && (!WebSock.GetSessionUser() || WebSock.GetSessionUser() != pUser)) {
return false;
}
if (!pUser) {
WebSock.PrintErrorPage("No such username");
return true;
@@ -244,6 +259,11 @@ public:
} else if (sPageName == "addchan") {
CUser* pUser = CZNC::Get().FindUser(WebSock.GetParam("user"));
// Admin/Self Check
if (!WebSock.IsAdmin() && (!WebSock.GetSessionUser() || WebSock.GetSessionUser() != pUser)) {
return false;
}
if (pUser) {
return ChanPage(WebSock, Tmpl, pUser);
}
@@ -252,22 +272,27 @@ public:
} else if (sPageName == "delchan") {
CUser* pUser = CZNC::Get().FindUser(WebSock.GetParam("user"));
// Admin/Self Check
if (!WebSock.IsAdmin() && (!WebSock.GetSessionUser() || WebSock.GetSessionUser() != pUser)) {
return false;
}
if (pUser) {
return DelChan(WebSock, pUser);
}
WebSock.PrintErrorPage("No such username");
} else if (sPageName == "deluser") {
// Admin Check
if (!WebSock.IsAdmin()) {
WebSock.PrintErrorPage("You are not an admin");
return true;
return false;
}
CString sUser = WebSock.GetParam("user");
CUser* pUser = CZNC::Get().FindUser(sUser);
if (pUser && pUser == WebSock.GetSessionUser()) {
WebSock.PrintErrorPage("You are not allowed to delete yourself");
WebSock.PrintErrorPage("Please don't delete yourself, suicide is not the answer!");
return true;
} else if (CZNC::Get().DeleteUser(sUser)) {
WebSock.Redirect("listusers");
@@ -279,12 +304,22 @@ public:
} else if (sPageName == "edituser") {
CUser* pUser = WebSock.HasParam("user") ? CZNC::Get().FindUser(WebSock.GetParam("user")) : WebSock.GetSessionUser();
// Admin/Self Check
if (!WebSock.IsAdmin() && (!WebSock.GetSessionUser() || WebSock.GetSessionUser() != pUser)) {
return false;
}
if (pUser) {
return UserPage(WebSock, Tmpl, pUser);
}
WebSock.PrintErrorPage("No such username");
} else if (sPageName == "listusers") {
// Admin Check
if (!WebSock.IsAdmin()) {
return false;
}
return ListUsersPage(WebSock, Tmpl);
} else if (sPageName.empty() || sPageName == "index") {
return true;