Unverified Commit e816a043 authored by IKEDA Soji's avatar IKEDA Soji Committed by GitHub
Browse files

Merge pull request #1230 from ikedas/issue-1224 by ikedas

Bug: Normal (non-super) listmasters can edit site templates (#1224)
parents 8d21112b c3bcf86f
......@@ -206,6 +206,9 @@
[%~ ELSIF report_entry == 'action_privileged_owner' ~%]
[%|loc%]This action is restricted to privileged list owners.[%END%]
[%~ ELSIF report_entry == 'action_super_listmaster' ~%]
[%|loc%]This action is restricted to super-listmasters.[%END%]
[%~ ELSIF report_entry == 'edit_right' ~%]
[%|loc(role,right)%]Rights to this action are '%2' for a '%1'.[%END%]
......
......@@ -49,10 +49,21 @@
<br />
<label for="scope_out">[%|loc%]Scope: [%END%] </label>
<select id="scope_out" name="scope_out">
<option value="site" [% IF scope == 'site' %]selected[% END %]>[%|loc%]site[%END%]</option>
[% UNLESS default_robot %]
<option value="robot" [% IF scope == 'robot' %]selected[% END %]>[%|loc%]robot[%END%]</option>
[%END%]
[% IF is_super_listmaster ~%]
<option value="site"
[%~ IF scope == 'site' %] selected[% END %]>
[%|loc%]site[%END%]
</option>
<option value="robot"
[%~ IF scope == 'robot' %] selected[% END %]>
[%|loc%]robot[%END%]
</option>
[%~ ELSE ~%]
<option value="robot"
[%~ IF scope == 'robot' || scope == 'site' %] selected[% END %]>
[%|loc%]robot[%END%]
</option>
[%~ END %]
<option value="list" [% IF scope == 'list' %]selected[% END %]>[%|loc%]list[%END%]</option>
</select>
<br />
......
......@@ -133,9 +133,19 @@
<input type="hidden" name="scope" value="site" />
<input type="hidden" name="tpl_lang" value="[% lang.key %]" />
<input type="hidden" name="webormail" value="[% webormail %]" />
<input class="MainMenuLinks" type="submit" name="action_edit_template" value="[%|loc%]edit[% END %]" />
<input class="MainMenuLinks" type="submit" name="action_copy_template" value="[%|loc%]cp[% END %]" />
<input class="MainMenuLinks" type="submit" name="action_remove_template" value="[%|loc%]rm[% END %]" />
[% IF is_super_listmaster ~%]
<input class="MainMenuLinks" type="submit" name="action_edit_template"
value="[%|loc%]edit[% END %]" />
<input class="MainMenuLinks" type="submit" name="action_copy_template"
value="[%|loc%]cp[% END %]" />
<input class="MainMenuLinks" type="submit" name="action_remove_template"
value="[%|loc%]rm[% END %]" />
[%~ ELSE ~%]
<input class="MainMenuLinks" type="submit" name="action_view_template"
value="[%|loc%]view[% END %]" />
<input class="MainMenuLinks" type="submit" name="action_copy_template"
value="[%|loc%]cp[% END %]" />
[%~ END %]
</fieldset>
</form>
[% END %]
......
......@@ -2510,9 +2510,10 @@ sub check_param_in {
$param->{'last_login_host'} = delete $session->{'last_login_host'};
 
# listmaster has owner and editor privileges for the list.
if (Sympa::is_listmaster($robot, $param->{'user'}{'email'})) {
$param->{'is_listmaster'} = 1;
}
$param->{'is_listmaster'} =
Sympa::is_listmaster($robot, $param->{'user'}{'email'}) ? 1 : undef;
$param->{'is_super_listmaster'} =
Sympa::is_listmaster('*', $param->{'user'}{'email'}) ? 1 : undef;
 
unless (ref $list eq 'Sympa::List') {
$param->{'domain'} = $robot;
......@@ -2754,12 +2755,11 @@ sub check_param_out {
localtime $start_time);
$param->{'process_id'} = $PID;
 
## listmaster has owner and editor privileges for the list
if (Sympa::is_listmaster($robot, $param->{'user'}{'email'})) {
$param->{'is_listmaster'} = 1;
} else {
undef $param->{'is_listmaster'};
}
# listmaster has owner and editor privileges for the list.
$param->{'is_listmaster'} =
Sympa::is_listmaster($robot, $param->{'user'}{'email'}) ? 1 : undef;
$param->{'is_super_listmaster'} =
Sympa::is_listmaster('*', $param->{'user'}{'email'}) ? 1 : undef;
 
## Reset $list variable if it is not expected for the current action
## To prevent the list panel from being printed in a non list context
......@@ -6302,6 +6302,15 @@ sub do_ls_templates {
sub do_remove_template {
wwslog('info', '');
 
# Only super-listmasters can remove the templates on site level.
if ($in{'scope'} eq 'site'
and not Sympa::is_listmaster('*', $param->{'user'}{'email'})) {
Sympa::WWW::Report::reject_report_web('auth',
'action_super_listmaster', {}, $param->{'action'});
wwslog('info', 'Authorization failed, insufficient privileges');
web_db_log({status => 'error', error_type => 'authorization'});
return 1;
}
if ($in{'scope'} eq 'list' and ref $list ne 'Sympa::List') {
Sympa::WWW::Report::reject_report_web('user', 'missing_arg',
{'argument' => 'list'},
......@@ -6433,6 +6442,16 @@ sub do_copy_template {
return 1;
}
 
# Only super-listmasters can create the templates on site level.
if ($in{'scope_out'} eq 'site'
and not Sympa::is_listmaster('*', $param->{'user'}{'email'})) {
Sympa::WWW::Report::reject_report_web('auth',
'action_super_listmaster', {}, $param->{'action'});
wwslog('info', 'Authorization failed, insufficient privileges');
web_db_log({status => 'error', error_type => 'authorization'});
return 1;
}
# one of these parameters is commit from the form submission
if ($in{'scope_out'} eq 'list') {
if ($in{'list_out'}) {
......@@ -6883,6 +6902,17 @@ sub do_edit_template {
unless ($in{'content'}) {
return 1;
}
# Only super-listmasters can edit the templates on site level.
if ($in{'scope'} eq 'site'
and not Sympa::is_listmaster('*', $param->{'user'}{'email'})) {
Sympa::WWW::Report::reject_report_web('auth',
'action_super_listmaster', {}, $param->{'action'});
wwslog('info', 'Authorization failed, insufficient privileges');
web_db_log({status => 'error', error_type => 'authorization'});
return 1;
}
if ($in{'scope'} eq 'list' and ref $list ne 'Sympa::List') {
Sympa::WWW::Report::reject_report_web('user', 'listname_needed', {},
$param->{'action'});
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment