Item12952: Changes to configure security.

Part 2. Defines a new configuration setting: ConfigureFilter. If configured, this takes precedence over the isAnAdmin test, otherwise all users in the AdminGroup can access the configuration.
foswiki · Sep 12, 2014 · aa5c17d · aa5c17d
1 parent e6115f0
commit aa5c17d
Showing 1 changed file with 15 additions and 4 deletions.
diff --git a/lib/Foswiki/Plugins/ConfigurePlugin.pm b/lib/Foswiki/Plugins/ConfigurePlugin.pm
@@ -94,10 +94,21 @@ sub _JSONwrap {
 
         if ( $Foswiki::cfg{isVALID} ) {
 
-            # Check rights to use this interface - admins only
-            die
-              "You must be logged in as an administrator to use this interface."
-              unless Foswiki::Func::isAnAdmin();
+            if ( defined $Foswiki::cfg{ConfigureFilter}
+                && length( $Foswiki::cfg{ConfigureFilter} ) )
+            {
+                unless ( $session->{user} =~ m/$Foswiki::cfg{ConfigureFilter}/ )
+                {
+                    die
+                      "You must have special permission to use this interface.";
+                }
+            }
+            else {
+                # Check rights to use this interface - admins only
+                die
+"You must be logged in as an administrator to use this interface."
+                  unless Foswiki::Func::isAnAdmin();
+            }
         }
         else {
             # Otherwise we must be bootstrapping - an inherently dangerous