From 0a5c280ca937624f8187be3132694264d3b456ca Mon Sep 17 00:00:00 2001
From: IKEDA Soji <ikeda@conversion.co.jp>
Date: Thu, 26 Aug 2021 12:55:45 +0900
Subject: [PATCH] Bug: Normal (non-super) listmasters can edit site templates
 (#1224)

---
 default/mail_tt2/report.tt2       |  3 ++
 default/web_tt2/copy_template.tt2 | 17 +++++++++--
 default/web_tt2/ls_templates.tt2  | 27 ++++++++++-------
 src/cgi/wwsympa.fcgi.in           | 48 +++++++++++++++++++++++++------
 4 files changed, 74 insertions(+), 21 deletions(-)

diff --git a/default/mail_tt2/report.tt2 b/default/mail_tt2/report.tt2
index c211a6acf..a105fcda2 100644
--- a/default/mail_tt2/report.tt2
+++ b/default/mail_tt2/report.tt2
@@ -203,6 +203,9 @@
 [%~ ELSIF report_entry == 'action_privileged_owner' ~%]
 [%|loc%]This action is restricted to privileged list owners.[%END%]
 
+[%~ ELSIF report_entry == 'action_super_listmaster' ~%]
+[%|loc%]This action is restricted to super-listmasters.[%END%]
+
 [%~ ELSIF report_entry == 'edit_right' ~%]
 [%|loc(role,right)%]Rights to this action are '%2' for a '%1'.[%END%]
 
diff --git a/default/web_tt2/copy_template.tt2 b/default/web_tt2/copy_template.tt2
index da43f11e3..85d07142f 100644
--- a/default/web_tt2/copy_template.tt2
+++ b/default/web_tt2/copy_template.tt2
@@ -35,8 +35,21 @@
   <label for="template_name_out">[%|loc%]New template name: [%END%] </label><input id="template_name_out" type="text" name="template_name_out" value="[% template_name %]" /><br />
   <label for="scope_out">[%|loc%]Scope: [%END%] </label>
     <select id="scope_out" name="scope_out">
-        <option value="site" [% IF scope == 'site' %]selected[% END %]>[%|loc%]site[%END%]</option>
-        [% UNLESS default_robot %]<option value="robot" [% IF scope == 'robot' %]selected[% END %]>[%|loc%]robot[%END%]</option>[%END%]
+        [% IF is_super_listmaster ~%]
+            <option value="site"
+             [%~ IF scope == 'site' %] selected[% END %]>
+                [%|loc%]site[%END%]
+            </option>
+            <option value="robot"
+             [%~ IF scope == 'robot' %] selected[% END %]>
+                [%|loc%]robot[%END%]
+            </option>
+        [%~ ELSE ~%]
+            <option value="robot"
+             [%~ IF scope == 'robot' || scope == 'site' %] selected[% END %]>
+                [%|loc%]robot[%END%]
+            </option>
+        [%~ END %]
         <option value="list" [% IF scope == 'list' %]selected[% END %]>[%|loc%]list[%END%]</option>
     </select><br />
   <label for="tpl_lang_out">[%|loc%]Language: [%END%] </label>
diff --git a/default/web_tt2/ls_templates.tt2 b/default/web_tt2/ls_templates.tt2
index c54f488e9..bddbf814e 100644
--- a/default/web_tt2/ls_templates.tt2
+++ b/default/web_tt2/ls_templates.tt2
@@ -99,7 +99,7 @@
  [% FOREACH lang = file.value.distrib %]
  <td class="text_center">
   [% IF lang.value %]
-    <form action="[% 'edit_template' | url_rel %]" method="post">
+    <form action="[% path_cgi %]" method="post">
     <fieldset>
       <input type="hidden" name="template_path" value="[% lang.value %]" />
       <input type="hidden" name="template_name" value="[% file.key %]" />
@@ -118,19 +118,26 @@
 [% FOREACH lang = file.value.site %]
   <td class="text_center">
   [% IF lang.value %]
-    <form action="[% 'edit_template' | url_rel %]" method="post">
+    <form action="[% path_cgi %]" method="post">
     <fieldset>
       <input type="hidden" name="template_name" value="[% file.key %]" />
       <input type="hidden" name="template_path" value="[% lang.value %]" />
       <input type="hidden" name="scope" value="site" />
       <input type="hidden" name="tpl_lang" value="[% lang.key %]" />
       <input type="hidden" name="webormail" value="[% webormail %]" />
-      <input class="MainMenuLinks" type="submit" name="action_edit_template"
-        value="[%|loc%]edit[% END %]" />
-      <input class="MainMenuLinks" type="submit" name="action_copy_template"
-        value="[%|loc%]cp[% END %]" />
-      <input class="MainMenuLinks" type="submit" name="action_remove_template"
-        value="[%|loc%]rm[% END %]" />
+      [% IF is_super_listmaster ~%]
+        <input class="MainMenuLinks" type="submit" name="action_edit_template"
+          value="[%|loc%]edit[% END %]" />
+        <input class="MainMenuLinks" type="submit" name="action_copy_template"
+          value="[%|loc%]cp[% END %]" />
+        <input class="MainMenuLinks" type="submit" name="action_remove_template"
+          value="[%|loc%]rm[% END %]" />
+      [%~ ELSE ~%]
+        <input class="MainMenuLinks" type="submit" name="action_view_template"
+          value="[%|loc%]view[% END %]" />
+        <input class="MainMenuLinks" type="submit" name="action_copy_template"
+          value="[%|loc%]cp[% END %]" />
+      [%~ END %]
     </fieldset>
     </form>
   [% END %]
@@ -143,7 +150,7 @@
 [% FOREACH lang = file.value.robot %]
   <td class="text_center">
   [% IF lang.value %]
-    <form action="[% 'edit_template' | url_rel %]" method="post">
+    <form action="[% path_cgi %]" method="post">
     <fieldset>
       <input type="hidden" name="template_name" value="[% file.key %]" />
       <input type="hidden" name="template_path" value="[% lang.value %]" />
@@ -167,7 +174,7 @@
     [% FOREACH lang = file.value.list %]
     <td class="text_center">
     [% IF lang.value %]
-    <form action="[% 'edit_template' | url_rel %]" method="post">
+    <form action="[% path_cgi %]" method="post">
     <fieldset>
       <input type="hidden" name="template_name" value="[% file.key %]" />
       <input type="hidden" name="template_path" value="[% lang.value %]" />
diff --git a/src/cgi/wwsympa.fcgi.in b/src/cgi/wwsympa.fcgi.in
index 4724ba300..5b39d10c7 100644
--- a/src/cgi/wwsympa.fcgi.in
+++ b/src/cgi/wwsympa.fcgi.in
@@ -2571,9 +2571,10 @@ sub check_param_in {
     $param->{'last_login_host'}  = delete $session->{'last_login_host'};
 
     # listmaster has owner and editor privileges for the list.
-    if (Sympa::is_listmaster($robot, $param->{'user'}{'email'})) {
-        $param->{'is_listmaster'} = 1;
-    }
+    $param->{'is_listmaster'} =
+        Sympa::is_listmaster($robot, $param->{'user'}{'email'}) ? 1 : undef;
+    $param->{'is_super_listmaster'} =
+        Sympa::is_listmaster('*', $param->{'user'}{'email'}) ? 1 : undef;
 
     unless (ref $list eq 'Sympa::List') {
         $param->{'domain'} = $robot;
@@ -2822,12 +2823,11 @@ sub check_param_out {
         localtime $start_time);
     $param->{'process_id'} = $PID;
 
-    ## listmaster has owner and editor privileges for the list
-    if (Sympa::is_listmaster($robot, $param->{'user'}{'email'})) {
-        $param->{'is_listmaster'} = 1;
-    } else {
-        undef $param->{'is_listmaster'};
-    }
+    # listmaster has owner and editor privileges for the list.
+    $param->{'is_listmaster'} =
+        Sympa::is_listmaster($robot, $param->{'user'}{'email'}) ? 1 : undef;
+    $param->{'is_super_listmaster'} =
+        Sympa::is_listmaster('*', $param->{'user'}{'email'}) ? 1 : undef;
 
     ## Reset $list variable if it is not expected for the current action
     ## To prevent the list panel from being printed in a non list context
@@ -6426,6 +6426,15 @@ sub do_ls_templates {
 sub do_remove_template {
     wwslog('info', '');
 
+    # Only super-listmasters can remove the templates on site level.
+    if ($in{'scope'} eq 'site'
+        and not Sympa::is_listmaster('*', $param->{'user'}{'email'})) {
+        Sympa::WWW::Report::reject_report_web('auth',
+            'action_super_listmaster', {}, $param->{'action'});
+        wwslog('info', 'Authorization failed, insufficient privileges');
+        web_db_log({status => 'error', error_type => 'authorization'});
+        return 1;
+    }
     if ($in{'scope'} eq 'list' and ref $list ne 'Sympa::List') {
         Sympa::WWW::Report::reject_report_web('user', 'missing_arg',
             {'argument' => 'list'},
@@ -6557,6 +6566,16 @@ sub do_copy_template {
         return 1;
     }
 
+    # Only super-listmasters can create the templates on site level.
+    if ($in{'scope_out'} eq 'site'
+        and not Sympa::is_listmaster('*', $param->{'user'}{'email'})) {
+        Sympa::WWW::Report::reject_report_web('auth',
+            'action_super_listmaster', {}, $param->{'action'});
+        wwslog('info', 'Authorization failed, insufficient privileges');
+        web_db_log({status => 'error', error_type => 'authorization'});
+        return 1;
+    }
+
     # one of these parameters is commit from the form submission
     if ($in{'scope_out'} eq 'list') {
         if ($in{'list_out'}) {
@@ -7007,6 +7026,17 @@ sub do_edit_template {
     unless ($in{'content'}) {
         return 1;
     }
+
+    # Only super-listmasters can edit the templates on site level.
+    if ($in{'scope'} eq 'site'
+        and not Sympa::is_listmaster('*', $param->{'user'}{'email'})) {
+        Sympa::WWW::Report::reject_report_web('auth',
+            'action_super_listmaster', {}, $param->{'action'});
+        wwslog('info', 'Authorization failed, insufficient privileges');
+        web_db_log({status => 'error', error_type => 'authorization'});
+        return 1;
+    }
+
     if ($in{'scope'} eq 'list' and ref $list ne 'Sympa::List') {
         Sympa::WWW::Report::reject_report_web('user', 'listname_needed', {},
             $param->{'action'});