Unverified Commit ad547e18 authored by IKEDA Soji's avatar IKEDA Soji Committed by GitHub
Browse files

Merge pull request #1179 from ikedas/racke/pr/info-hide-archive-download by racke & ikedas

 Hide archive download link from users without proper permissions #1176
parents 3264df0c 9815a26f
...@@ -134,13 +134,14 @@ ...@@ -134,13 +134,14 @@
<li> <li>
<i class="fa-li fa fa-arrow-right"></i><a href="[% 'edit_list_request' | url_rel([list,'archives']) %]">[%|loc%]Change settings for who can view archives[%END%]</a> <i class="fa-li fa fa-arrow-right"></i><a href="[% 'edit_list_request' | url_rel([list,'archives']) %]">[%|loc%]Change settings for who can view archives[%END%]</a>
</li> </li>
[% IF arc_access %]
<li> <li>
<i class="fa-li fa fa-arrow-right"></i><a href="[% 'arc_manage' | url_rel([list]) %]">[%|loc%]Download archives[%END%]</a> <i class="fa-li fa fa-arrow-right"></i><a href="[% 'arc_manage' | url_rel([list]) %]">[%|loc%]Download archives[%END%]</a>
</li> </li>
[% END %]
</ul> </ul>
</div> </div>
</div> </div>
<div class="item"> <div class="item">
<div class="item_content"> <div class="item_content">
<a class="item_title" href="[% 'edit_list_request' | url_rel([list,'data_source']) %]"> <a class="item_title" href="[% 'edit_list_request' | url_rel([list,'data_source']) %]">
......
...@@ -53,7 +53,7 @@ ...@@ -53,7 +53,7 @@
<li><a href="[% 'review' | url_rel([l.key]) %]"><i class="fa fa-users"></i> [%|loc%]Review members[%END%]</a></li> <li><a href="[% 'review' | url_rel([l.key]) %]"><i class="fa fa-users"></i> [%|loc%]Review members[%END%]</a></li>
[% END %] [% END %]
[% IF is_user_allowed_to('archive_web_access', l.key) %] [% IF l.value.arc_access %]
<li><a href="[% 'arc' | url_rel([l.key]) %]"><i class="fa fa-archive"></i> [%|loc%]Archives[%END%]</a></li> <li><a href="[% 'arc' | url_rel([l.key]) %]"><i class="fa fa-archive"></i> [%|loc%]Archives[%END%]</a></li>
[% END %] [% END %]
</ul> </ul>
......
...@@ -11,9 +11,9 @@ ...@@ -11,9 +11,9 @@
<p>[%|loc%]You are subscribed to the following lists[%END%]</p> <p>[%|loc%]You are subscribed to the following lists[%END%]</p>
<form class="noborder toggleContainer" data-toggle-selector="input[name='listname']" action="[% path_cgi %]" method="POST" name="suspend_request"> <form class="noborder toggleContainer" data-toggle-selector="input[name='listname']" action="[% path_cgi %]" method="POST" name="suspend_request">
[% IF which_info.size %] [% IF which.size %]
<div class="item_list"> <div class="item_list">
[% FOREACH l = which_info %] [% FOREACH l = which %]
[% suspended = 0 %] [% suspended = 0 %]
[% suspendable = 0 %] [% suspendable = 0 %]
[% additional_class = '' %] [% additional_class = '' %]
...@@ -63,7 +63,7 @@ ...@@ -63,7 +63,7 @@
</a> </a>
</li> </li>
[% END %] [% END %]
[% IF is_user_allowed_to('archive_web_access', l.key) %] [% IF l.value.arc_access %]
<li> <li>
<a href="[% 'arc' | url_rel([l.key]) %]"> <a href="[% 'arc' | url_rel([l.key]) %]">
[%|loc%]Archives[%END%] [%|loc%]Archives[%END%]
......
...@@ -1619,30 +1619,8 @@ while ($query = Sympa::WWW::FastCGI->new) { ...@@ -1619,30 +1619,8 @@ while ($query = Sympa::WWW::FastCGI->new) {
$param->{'title_clear_txt'} = $param->{'title'}; $param->{'title_clear_txt'} = $param->{'title'};
} }
   
$param->{'is_user_allowed_to'} = sub { # Deprecated tt2 function. Compat. <= 6.2.62
my $function = shift; $param->{'is_user_allowed_to'} = sub { 0 };
my $list = shift;
return 0 unless $function and $list;
$list = Sympa::List->new($list, $robot)
unless ref $list eq 'Sympa::List';
return 0
if $function eq 'subscribe'
and $param->{'user'}{'email'}
and $list->is_list_member($param->{'user'}{'email'});
my $result = Sympa::Scenario->new($list, $function)->authz(
$param->{'auth_method'},
{ 'sender' => $param->{'user'}{'email'},
'remote_host' => $param->{'remote_host'},
'remote_addr' => $param->{'remote_addr'}
}
);
return 0 unless ref $result eq 'HASH';
return 0 if $result->{action} =~ /\Areject\b/i;
return 1;
};
   
## store in session table this session contexte ## store in session table this session contexte
$session->store(); $session->store();
...@@ -14184,9 +14162,10 @@ sub do_suspend_request { ...@@ -14184,9 +14162,10 @@ sub do_suspend_request {
sub _set_my_lists_info { sub _set_my_lists_info {
my $which = {}; my $which = {};
   
# Set which_info unless in one list page # Set 'which' unless in one list page
if ($param->{'user'}{'email'} and ref $list ne 'Sympa::List') { if ($param->{'user'}{'email'} and ref $list ne 'Sympa::List') {
my %get_which; my %get_which;
my %all_lists;
   
foreach my $role (qw(member owner editor)) { foreach my $role (qw(member owner editor)) {
$get_which{$role} = Sympa::List::get_lists( $get_which{$role} = Sympa::List::get_lists(
...@@ -14212,6 +14191,8 @@ sub _set_my_lists_info { ...@@ -14212,6 +14191,8 @@ sub _set_my_lists_info {
unless ref $result eq 'HASH' unless ref $result eq 'HASH'
and $result->{'action'} eq 'do_it'; and $result->{'action'} eq 'do_it';
   
$all_lists{$list->{'name'}} = $list;
my $l = $list->{'name'}; my $l = $list->{'name'};
$which->{$l}{'subject'} = $list->{'admin'}{'subject'}; $which->{$l}{'subject'} = $list->{'admin'}{'subject'};
$which->{$l}{'status'} = $list->{'admin'}{'status'}; # new 6.2.46 $which->{$l}{'status'} = $list->{'admin'}{'status'}; # new 6.2.46
...@@ -14268,6 +14249,8 @@ sub _set_my_lists_info { ...@@ -14268,6 +14249,8 @@ sub _set_my_lists_info {
$which->{$l}{'display'} = $which->{$l}{'listsuspend'}; $which->{$l}{'display'} = $which->{$l}{'listsuspend'};
} }
foreach my $list (@{$get_which{owner}}) { foreach my $list (@{$get_which{owner}}) {
$all_lists{$list->{'name'}} = $list;
my $l = $list->{'name'}; my $l = $list->{'name'};
   
$which->{$l}{'subject'} = $list->{'admin'}{'subject'}; $which->{$l}{'subject'} = $list->{'admin'}{'subject'};
...@@ -14280,6 +14263,8 @@ sub _set_my_lists_info { ...@@ -14280,6 +14263,8 @@ sub _set_my_lists_info {
$which->{$l}{'host'} = $list->{'domain'}; $which->{$l}{'host'} = $list->{'domain'};
} }
foreach my $list (@{$get_which{editor}}) { foreach my $list (@{$get_which{editor}}) {
$all_lists{$list->{'name'}} = $list;
my $l = $list->{'name'}; my $l = $list->{'name'};
   
$which->{$l}{'subject'} = $list->{'admin'}{'subject'}; $which->{$l}{'subject'} = $list->{'admin'}{'subject'};
...@@ -14291,6 +14276,25 @@ sub _set_my_lists_info { ...@@ -14291,6 +14276,25 @@ sub _set_my_lists_info {
# Compat. < 6.2.32 (Not used by default) # Compat. < 6.2.32 (Not used by default)
$which->{$l}{'host'} = $list->{'domain'}; $which->{$l}{'host'} = $list->{'domain'};
} }
foreach my $list (values %all_lists) {
# Archives Access control
if (defined $list->is_archiving_enabled) {
my $result =
Sympa::Scenario->new($list, 'archive_web_access')->authz(
$param->{'auth_method'},
{ 'sender' => $param->{'user'}{'email'},
'remote_host' => $param->{'remote_host'},
'remote_addr' => $param->{'remote_addr'}
}
);
my $r_action;
$r_action = $result->{'action'} if ref $result eq 'HASH';
$which->{$list->{'name'}}{arc_access} = 1
if $r_action =~ /do_it/i;
}
}
} }
   
$param->{'which'} = $which; $param->{'which'} = $which;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment