![[site community profile]](https://www.dreamwidth.org/img/comm_staff.png){kind=small}
[dw-free] change priv for admin/capedit
[commit: http://hg.dwscoalition.org/dw-free/rev/f9f69e8892b9]
http://bugs.dwscoalition.org/show_bug.cgi?id=4345
Convert admin/capedit.bml to TT. Require admin:capedit, rather than admin:*
in order to access.
Patch by![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png)
foxfirefey.
Files modified:
http://bugs.dwscoalition.org/show_bug.cgi?id=4345
Convert admin/capedit.bml to TT. Require admin:capedit, rather than admin:*
in order to access.
Patch by
foxfirefey.Files modified:
- cgi-bin/DW/Controller/Admin.pm
- cgi-bin/DW/Controller/Admin/CapEdit.pm
- htdocs/admin/capedit.bml
- views/admin/capedit.tt
- views/admin/capedit.tt.text
- views/admin/index.tt.text
--------------------------------------------------------------------------------
diff -r e17e214b4289 -r f9f69e8892b9 cgi-bin/DW/Controller/Admin.pm
--- a/cgi-bin/DW/Controller/Admin.pm Wed Mar 21 16:55:34 2012 +0800
+++ b/cgi-bin/DW/Controller/Admin.pm Wed Mar 21 19:08:06 2012 +0800
@@ -42,9 +42,6 @@
# DO NOT add anything to here
DW::Controller::Admin->_register_admin_pages_legacy( '/',
- [ 'capedit', '.admin.capability.link', '.admin.capability.text', [ 'admin:*', sub {
- return ( $LJ::IS_DEV_SERVER, LJ::Lang::ml( "/admin/index.tt.devserver" ) );
- } ] ],
[ 'clusterstatus',
'.admin.cluster.link', '.admin.cluster.text', [ 'supporthelp' ] ],
[ 'console/',
diff -r e17e214b4289 -r f9f69e8892b9 cgi-bin/DW/Controller/Admin/CapEdit.pm
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/cgi-bin/DW/Controller/Admin/CapEdit.pm Wed Mar 21 19:08:06 2012 +0800
@@ -0,0 +1,111 @@
+#!/usr/bin/perl
+#
+# DW::Controller::Admin::CapEdit
+#
+# Edit user capabilities, which are listed in the site's config files; requires
+# admin:capedit or payments:* privileges.
+#
+# Authors:
+# foxfirefey <foxfirefey@gmail.com>
+#
+# Copyright (c) 2012 by Dreamwidth Studios, LLC.
+#
+# This program is free software; you may redistribute it and/or modify it under
+# the same terms as Perl itself. For a copy of the license, please reference
+# 'perldoc perlartistic' or 'perldoc perlgpl'.
+#
+
+package DW::Controller::Admin::CapEdit;
+
+use strict;
+
+use DW::Controller;
+use DW::Controller::Admin;
+use DW::Routing;
+use DW::Template;
+
+use LJ::User;
+
+DW::Routing->register_string( "/admin/capedit/index", \&index_controller );
+DW::Controller::Admin->register_admin_page( '/',
+ path => 'capedit',
+ ml_scope => '/admin/capedit.tt',
+ privs => [ 'admin:capedit', 'payments', sub {
+ return ( $LJ::IS_DEV_SERVER, LJ::Lang::ml( "/admin/index.tt.devserver" ) ) } ]
+);
+
+sub index_controller {
+ my ( $ok, $rv ) = controller( privcheck => [ "admin:capedit", "payments" ] );
+ return $rv unless $ok;
+
+ my $vars = {%$rv};
+ my $r = DW::Request->get;
+ my $args = $r->did_post ? $r->post_args : $r->get_args;
+ my @errors;
+
+ if ( $args->{user} ) {
+ my $user = LJ::canonical_username( $args->{user} );
+ my $u = LJ::load_user($user) if $user;
+
+ push @errors, "Unknown user: " . LJ::ehtml( $args->{user} ) unless $u;
+
+ $vars->{u} = $u;
+
+ # do this first so later when we construct the user caps it will be already there
+ if ( $r->did_post ) {
+ push @errors, "Invalid form auth" unless LJ::check_form_auth( $args->{lj_form_auth} );
+
+ unless ( @errors ) {
+
+ my @cap_add = ();
+ my @cap_del = ();
+ my $newcaps = $u->{caps};
+
+ foreach my $n ( sort { $a <=> $b } keys %LJ::CAP ) {
+ if ( $args->{"class_$n"} ) {
+ push @cap_add, $n;
+ $newcaps |= (1 << $n);
+ } else {
+ push @cap_del, $n;
+ $newcaps &= ~(1 << $n);
+ }
+ }
+
+ # note which caps were changed and log $logmsg to statushistory
+ my $add_txt = join( ",", @cap_add );
+ my $del_txt = join( ",", @cap_del );
+ my $remote = LJ::get_remote();
+
+ LJ::statushistory_add( $u->{userid}, $remote->{userid},
+ "capedit", "add: $add_txt, del: $del_txt\n" );
+
+ $u->modify_caps( \@cap_add, \@cap_del ) or
+ push @errors, "Error: Unable to modify caps.";
+
+ # $u->{caps} is now updated in memory for later in this request
+ $u->{caps} = $newcaps;
+ # set this flag to let the template know we have saved
+ $vars->{save} = 1;
+ }
+
+ # make information for all of the caps based on the current info
+ my @caps;
+
+ foreach my $n (sort { $a <=> $b } keys %LJ::CAP) {
+ push @caps, { "n" => $n,
+ "on" => ( ( $u->{caps} + 0 ) & ( 1 << $n ) ) ? 1 : 0,
+ "name" => $LJ::CAP{$n}->{'_name'} || "Unnamed capability class #$n",
+ }
+ }
+
+ $vars->{caps} = \@caps;
+ }
+ } else {
+ $vars->{u} = 0;
+ }
+
+ $vars->{error_list} = \@errors if @errors;
+ return DW::Template->render_template( 'admin/capedit.tt', $vars );
+}
+
+1;
diff -r e17e214b4289 -r f9f69e8892b9 htdocs/admin/capedit.bml
--- a/htdocs/admin/capedit.bml Wed Mar 21 16:55:34 2012 +0800
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,120 +0,0 @@
-<?_c
-# This code was forked from the LiveJournal project owned and operated
-# by Live Journal, Inc. The code has been modified and expanded by
-# Dreamwidth Studios, LLC. These files were originally licensed under
-# the terms of the license supplied by Live Journal, Inc, which can
-# currently be found at:
-#
-# http://code.livejournal.org/trac/livejournal/browser/trunk/LICENSE-LiveJournal.txt
-#
-# In accordance with the original license, this code and all its
-# modifications are provided under the GNU General Public License.
-# A copy of that license can be found in the LICENSE file included as
-# part of this distribution.
-_c?>
-<?_code
-
- use strict;
- use vars qw(%FORM);
-
- my ($sth, $ret);
- my $mode = $FORM{'mode'};
-
- my $remote = LJ::get_remote();
- my @display_privs = ( "admin:*" );
- my $numprivs = @display_privs;
-
- return "<?needlogin?>" unless $remote;
- return BML::ml ( "admin.noprivserror", { numpriv => $numprivs, needprivs => "<b>" . join(", ", @display_privs) . "</b>"} )
- unless $LJ::IS_DEV_SERVER || $remote->has_priv( "admin", "*" );
-
- $mode ||= $FORM{'user'} ? "viewuser" : "intro";
-
- my $user = LJ::canonical_username($FORM{'user'});
- my $u;
- $u = LJ::load_user($user) if $user;
-
- if ($mode eq "intro")
- {
- $ret .= "<h1>capability class management</h1>\n";
- $ret .= "<form method='get'>";
- $ret .= "Modify capabilities for user: <input name='user' maxlength='25' size='25'> <input type='submit' value=\"Load\">";
- $ret .= "</form>";
-
- return $ret;
- }
-
- if ($mode eq "save")
- {
- return "<b>Error:</b> requires post"
- unless (LJ::did_post());
-
- return"<b>Error:</b> You don't have access to change a user's capability class."
- unless $LJ::IS_DEV_SERVER || ( $remote && $remote->has_priv( "admin", "*" ) );
-
- unless ($u) {
- $ret .= "Unknown user.\n";
- return $ret;
- }
-
- my @cap_add = ();
- my @cap_del = ();
- my $newcaps = $u->{caps};
- foreach my $n (sort { $a <=> $b } keys %LJ::CAP) {
- if ($FORM{"class_$n"}) {
- push @cap_add, $n;
- $newcaps |= (1 << $n);
- } else {
- push @cap_del, $n;
- $newcaps &= ~(1 << $n);
- }
- }
-
- # note which caps were changed and log $logmsg to statushistory
- my $add_txt = join(",", @cap_add);
- my $del_txt = join(",", @cap_del);
- LJ::statushistory_add($u->{'userid'}, $remote->{'userid'},
- "capedit", "add: $add_txt, del: $del_txt\n");
-
- $u->modify_caps( \@cap_add, \@cap_del )
- or return"<b>Error:</b> Unable to modify caps.";
-
- # $u->{caps} is now updated in memory for later in this request
- $u->{caps} = $newcaps;
-
- $ret .= "Saved.";
- $mode = "viewuser";
- }
-
- if ($mode eq "viewuser")
- {
- $ret .= "<h1><a href='capedit'><<</a> edit user '$user'</h1>\n";
-
- unless ($u) {
- $ret .= "Unknown user.\n";
- return $ret;
- }
-
- $ret .= "<form method='post'>";
- $ret .= "<input type='hidden' name='mode' value='save'>\n";
- $ret .= "<input type='hidden' name='user' value='$user'>\n";
- foreach my $n (sort { $a <=> $b } keys %LJ::CAP)
- {
- my $on = ($u->{'caps'}+0) & (1 << $n);
- my $checked = $on ? " checked='1'" : "";
- $ret .= "<p><input type='checkbox' name='class_$n' value='1' id='class_$n' $checked> ";
- my $name = $LJ::CAP{$n}->{'_name'} || "Unnamed capability class \#$n";
- if ($on) { $ret .= "<b>"; }
- $ret .= "<label for='class_$n'>$name</label>";
- if ($on) { $ret .= "</b>"; }
- }
-
- $ret .= "<p><input type='submit' value='Save'>\n";
- $ret .= "</form>";
-
- return $ret;
- }
-
- return "Unknown mode.";
-
-_code?>
diff -r e17e214b4289 -r f9f69e8892b9 views/admin/capedit.tt
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/views/admin/capedit.tt Wed Mar 21 19:08:06 2012 +0800
@@ -0,0 +1,46 @@
+[%# admin/rename.tt
+
+Admin page for capability class management
+
+Authors:
+ foxfirefey <foxfirefey@gmail.com>
+
+This program is free software; you may redistribute it and/or modify it under
+the same terms as Perl itself. For a copy of the license, please reference
+'perldoc perlartistic' or 'perldoc perlgpl'.
+%]
+[%- sections.title = '.title' | ml -%]
+
+[% IF error_list %]
+<div class='error-box message-box'>
+<div class='title'>[% 'error' | ml %]</div>
+<ul class='error-list'>
+ [% FOREACH error = error_list %]
+ <li>[% error %] </li>
+ [% END %]
+</ul>
+</div>
+[% END %]
+
+<form method="get">
+<p>Modify capabilities for user: <input name='user' maxlength='25' size='25'> <input type='submit' value="Load"></p>
+</form>
+
+[% IF u %]
+<h2><a href="capedit"><<</a> editing user [% u.ljuser_display %]</h2>
+
+[% IF save %]<h4>Changes to [% u.display_name %] have been saved!</h4>[% END %]
+
+<form method="post">
+[% dw.form_auth %]
+<input type="hidden" name="mode" value="save">
+<input type="hidden" name="user" value="[% u.display_name %]">
+[% FOREACH cap IN caps %]
+<p><input type="checkbox" name="class_[% cap.n %]" value="1" id="class_[% cap.n %]"[% IF cap.on %] checked="1"[% END %]>
+[% IF cap.on %]<strong>[% END %]
+<label for="class_[% cap.n %]">[% cap.name %]</label>
+[% IF cap.on %]</strong>[% END %]
+[% END %]
+<p><input type="submit" value="Save"></p>
+</form>
+[% END %]
diff -r e17e214b4289 -r f9f69e8892b9 views/admin/capedit.tt.text
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/views/admin/capedit.tt.text Wed Mar 21 19:08:06 2012 +0800
@@ -0,0 +1,6 @@
+;; -*- coding: utf-8 -*-
+.admin.link=Capability Edit
+
+.admin.text=For editing user capabilities.
+
+.title=Capability Class Management
diff -r e17e214b4289 -r f9f69e8892b9 views/admin/index.tt.text
--- a/views/admin/index.tt.text Wed Mar 21 16:55:34 2012 +0800
+++ b/views/admin/index.tt.text Wed Mar 21 19:08:06 2012 +0800
@@ -1,8 +1,4 @@
;; -*- coding: utf-8 -*-
-.admin.capability.link=Capability Edit
-
-.admin.capability.text=For editing user capabilities.
-
.admin.cluster.link=Cluster Status
.admin.cluster.text=Get information on cluster availability.
--------------------------------------------------------------------------------