Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
Open sidebar
Projets publics
Sympa
Commits
e816a043
Unverified
Commit
e816a043
authored
Aug 30, 2021
by
IKEDA Soji
Committed by
GitHub
Aug 30, 2021
Browse files
Merge pull request #1230 from ikedas/issue-1224 by ikedas
Bug: Normal (non-super) listmasters can edit site templates (#1224)
parents
8d21112b
c3bcf86f
Changes
4
Hide whitespace changes
Inline
Side-by-side
default/mail_tt2/report.tt2
View file @
e816a043
...
...
@@ -206,6 +206,9 @@
[%~ ELSIF report_entry == 'action_privileged_owner' ~%]
[%|loc%]This action is restricted to privileged list owners.[%END%]
[%~ ELSIF report_entry == 'action_super_listmaster' ~%]
[%|loc%]This action is restricted to super-listmasters.[%END%]
[%~ ELSIF report_entry == 'edit_right' ~%]
[%|loc(role,right)%]Rights to this action are '%2' for a '%1'.[%END%]
...
...
default/web_tt2/copy_template.tt2
View file @
e816a043
...
...
@@ -49,10 +49,21 @@
<br />
<label for="scope_out">[%|loc%]Scope: [%END%] </label>
<select id="scope_out" name="scope_out">
<option value="site" [% IF scope == 'site' %]selected[% END %]>[%|loc%]site[%END%]</option>
[% UNLESS default_robot %]
<option value="robot" [% IF scope == 'robot' %]selected[% END %]>[%|loc%]robot[%END%]</option>
[%END%]
[% IF is_super_listmaster ~%]
<option value="site"
[%~ IF scope == 'site' %] selected[% END %]>
[%|loc%]site[%END%]
</option>
<option value="robot"
[%~ IF scope == 'robot' %] selected[% END %]>
[%|loc%]robot[%END%]
</option>
[%~ ELSE ~%]
<option value="robot"
[%~ IF scope == 'robot' || scope == 'site' %] selected[% END %]>
[%|loc%]robot[%END%]
</option>
[%~ END %]
<option value="list" [% IF scope == 'list' %]selected[% END %]>[%|loc%]list[%END%]</option>
</select>
<br />
...
...
default/web_tt2/ls_templates.tt2
View file @
e816a043
...
...
@@ -133,9 +133,19 @@
<input type="hidden" name="scope" value="site" />
<input type="hidden" name="tpl_lang" value="[% lang.key %]" />
<input type="hidden" name="webormail" value="[% webormail %]" />
<input class="MainMenuLinks" type="submit" name="action_edit_template" value="[%|loc%]edit[% END %]" />
<input class="MainMenuLinks" type="submit" name="action_copy_template" value="[%|loc%]cp[% END %]" />
<input class="MainMenuLinks" type="submit" name="action_remove_template" value="[%|loc%]rm[% END %]" />
[% IF is_super_listmaster ~%]
<input class="MainMenuLinks" type="submit" name="action_edit_template"
value="[%|loc%]edit[% END %]" />
<input class="MainMenuLinks" type="submit" name="action_copy_template"
value="[%|loc%]cp[% END %]" />
<input class="MainMenuLinks" type="submit" name="action_remove_template"
value="[%|loc%]rm[% END %]" />
[%~ ELSE ~%]
<input class="MainMenuLinks" type="submit" name="action_view_template"
value="[%|loc%]view[% END %]" />
<input class="MainMenuLinks" type="submit" name="action_copy_template"
value="[%|loc%]cp[% END %]" />
[%~ END %]
</fieldset>
</form>
[% END %]
...
...
src/cgi/wwsympa.fcgi.in
View file @
e816a043
...
...
@@ -2510,9 +2510,10 @@ sub check_param_in {
$param->{'last_login_host'} = delete $session->{'last_login_host'};
# listmaster has owner and editor privileges for the list.
if (Sympa::is_listmaster($robot, $param->{'user'}{'email'})) {
$param->{'is_listmaster'} = 1;
}
$param->{'is_listmaster'} =
Sympa::is_listmaster($robot, $param->{'user'}{'email'}) ? 1 : undef;
$param->{'is_super_listmaster'} =
Sympa::is_listmaster('*', $param->{'user'}{'email'}) ? 1 : undef;
unless (ref $list eq 'Sympa::List') {
$param->{'domain'} = $robot;
...
...
@@ -2754,12 +2755,11 @@ sub check_param_out {
localtime $start_time);
$param->{'process_id'} = $PID;
## listmaster has owner and editor privileges for the list
if (Sympa::is_listmaster($robot, $param->{'user'}{'email'})) {
$param->{'is_listmaster'} = 1;
} else {
undef $param->{'is_listmaster'};
}
# listmaster has owner and editor privileges for the list.
$param->{'is_listmaster'} =
Sympa::is_listmaster($robot, $param->{'user'}{'email'}) ? 1 : undef;
$param->{'is_super_listmaster'} =
Sympa::is_listmaster('*', $param->{'user'}{'email'}) ? 1 : undef;
## Reset $list variable if it is not expected for the current action
## To prevent the list panel from being printed in a non list context
...
...
@@ -6302,6 +6302,15 @@ sub do_ls_templates {
sub do_remove_template {
wwslog('info', '');
# Only super-listmasters can remove the templates on site level.
if ($in{'scope'} eq 'site'
and not Sympa::is_listmaster('*', $param->{'user'}{'email'})) {
Sympa::WWW::Report::reject_report_web('auth',
'action_super_listmaster', {}, $param->{'action'});
wwslog('info', 'Authorization failed, insufficient privileges');
web_db_log({status => 'error', error_type => 'authorization'});
return 1;
}
if ($in{'scope'} eq 'list' and ref $list ne 'Sympa::List') {
Sympa::WWW::Report::reject_report_web('user', 'missing_arg',
{'argument' => 'list'},
...
...
@@ -6433,6 +6442,16 @@ sub do_copy_template {
return 1;
}
# Only super-listmasters can create the templates on site level.
if ($in{'scope_out'} eq 'site'
and not Sympa::is_listmaster('*', $param->{'user'}{'email'})) {
Sympa::WWW::Report::reject_report_web('auth',
'action_super_listmaster', {}, $param->{'action'});
wwslog('info', 'Authorization failed, insufficient privileges');
web_db_log({status => 'error', error_type => 'authorization'});
return 1;
}
# one of these parameters is commit from the form submission
if ($in{'scope_out'} eq 'list') {
if ($in{'list_out'}) {
...
...
@@ -6883,6 +6902,17 @@ sub do_edit_template {
unless ($in{'content'}) {
return 1;
}
# Only super-listmasters can edit the templates on site level.
if ($in{'scope'} eq 'site'
and not Sympa::is_listmaster('*', $param->{'user'}{'email'})) {
Sympa::WWW::Report::reject_report_web('auth',
'action_super_listmaster', {}, $param->{'action'});
wwslog('info', 'Authorization failed, insufficient privileges');
web_db_log({status => 'error', error_type => 'authorization'});
return 1;
}
if ($in{'scope'} eq 'list' and ref $list ne 'Sympa::List') {
Sympa::WWW::Report::reject_report_web('user', 'listname_needed', {},
$param->{'action'});
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment