Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Item13315: Improve usability of config auth
- Refactor the code. Move redundant auth logic into a new module Foswiki::Configure::Auth. Used in 4 places. - Change auth routine to throw Json errors instead of "die" when used in ConfigurePlugin. - Always allow the Sudo super admin access to configure. If we would rather force users to add AdminUser to the {FeatureAccess}{Configure} simple change, and now would be done by WikiName not BaseUserMapping.
- Loading branch information
Showing
5 changed files
with
112 additions
and
89 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,103 @@ | ||
# See bottom of file for license and copyright information | ||
|
||
package Foswiki::Configure::Auth; | ||
|
||
use Foswiki::Func; | ||
use Foswiki::AccessControlException; | ||
use Foswiki::Contrib::JsonRpcContrib::Error; | ||
|
||
=begin TML | ||
---+ package Foswiki::Configure::Auth | ||
Implements authorization checking for access to configure. | ||
=cut | ||
|
||
use strict; | ||
use warnings; | ||
|
||
=begin TML | ||
---++ StaticMethod checkAccess( $session, $die ) | ||
Throws an AccessControlException if access is denied. | ||
=cut | ||
|
||
sub checkAccess { | ||
my $session = shift; | ||
my $json = shift; # JSON needs throw JSON errors. | ||
|
||
my $wikiname = Foswiki::Func::getWikiName( $session->{user} ); | ||
|
||
return | ||
if ( defined $Foswiki::cfg{AdminUserWikiName} | ||
&& $Foswiki::cfg{AdminUserWikiName} eq $wikiname ); | ||
|
||
if ( defined $Foswiki::cfg{FeatureAccess}{Configure} | ||
&& length( $Foswiki::cfg{FeatureAccess}{Configure} ) ) | ||
{ | ||
my $authorized = ''; | ||
foreach my $authuser ( | ||
split( /[,\s]/, $Foswiki::cfg{FeatureAccess}{Configure} ) ) | ||
{ | ||
if ( $wikiname eq $authuser ) { | ||
$authorized = 1; | ||
last; | ||
} | ||
} | ||
unless ($authorized) { | ||
if ($json) { | ||
throw Foswiki::Contrib::JsonRpcContrib::Error( -32600, | ||
'Access to configure denied by {FeatureAccess}{Configure} Setting' | ||
); | ||
} | ||
else { | ||
throw Foswiki::AccessControlException( 'VIEW', | ||
$session->{user}, 'System', 'Configuration', | ||
'Denied by {FeatureAccess}{Configure} Setting' ); | ||
} | ||
} | ||
} | ||
else { | ||
unless ( Foswiki::Func::isAnAdmin() ) { | ||
if ($json) { | ||
throw Foswiki::Contrib::JsonRpcContrib::Error( -32600, | ||
'Access to configure denied for non-admin users' ); | ||
} | ||
else { | ||
throw Foswiki::AccessControlException( 'VIEW', | ||
$session->{user}, 'System', 'Configuration', | ||
'Not an admin' ); | ||
} | ||
} | ||
} | ||
} | ||
|
||
1; | ||
__END__ | ||
Foswiki - The Free and Open Source Wiki, http://foswiki.org/ | ||
Copyright (C) 2008-2014 Foswiki Contributors. Foswiki Contributors | ||
are listed in the AUTHORS file in the root of this distribution. | ||
NOTE: Please extend that file, not this notice. | ||
Additional copyrights apply to some or all of the code in this | ||
file as follows: | ||
Copyright (C) 2000-2006 TWiki Contributors. All Rights Reserved. | ||
TWiki Contributors are listed in the AUTHORS file in the root | ||
of this distribution. NOTE: Please extend that file, not this notice. | ||
This program is free software; you can redistribute it and/or | ||
modify it under the terms of the GNU General Public License | ||
as published by the Free Software Foundation; either version 2 | ||
of the License, or (at your option) any later version. For | ||
more details read LICENSE in the root of this distribution. | ||
This program is distributed in the hope that it will be useful, | ||
but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. | ||
As per the GPL, removal of this notice is prohibited. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters