changelog | [dw-free] change priv for admin/capedit (Reply)

[commit: http://hg.dwscoalition.org/dw-free/rev/f9f69e8892b9]

http://bugs.dwscoalition.org/show_bug.cgi?id=4345

Convert admin/capedit.bml to TT. Require admin:capedit, rather than admin:*
in order to access.

Patch by
foxfirefey.

Files modified:
cgi-bin/DW/Controller/Admin.pm
cgi-bin/DW/Controller/Admin/CapEdit.pm
htdocs/admin/capedit.bml
views/admin/capedit.tt
views/admin/capedit.tt.text
views/admin/index.tt.text
--------------------------------------------------------------------------------
diff -r e17e214b4289 -r f9f69e8892b9 cgi-bin/DW/Controller/Admin.pm
--- a/cgi-bin/DW/Controller/Admin.pm	Wed Mar 21 16:55:34 2012 +0800
+++ b/cgi-bin/DW/Controller/Admin.pm	Wed Mar 21 19:08:06 2012 +0800
@@ -42,9 +42,6 @@
 
 # DO NOT add anything to here
 DW::Controller::Admin->_register_admin_pages_legacy( '/', 
-    [ 'capedit', '.admin.capability.link', '.admin.capability.text', [ 'admin:*', sub {
-        return ( $LJ::IS_DEV_SERVER, LJ::Lang::ml( "/admin/index.tt.devserver" ) );
-    } ] ],
     [ 'clusterstatus',
         '.admin.cluster.link', '.admin.cluster.text', [ 'supporthelp' ] ],
     [ 'console/',
diff -r e17e214b4289 -r f9f69e8892b9 cgi-bin/DW/Controller/Admin/CapEdit.pm
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/cgi-bin/DW/Controller/Admin/CapEdit.pm	Wed Mar 21 19:08:06 2012 +0800
@@ -0,0 +1,111 @@
+#!/usr/bin/perl
+#
+# DW::Controller::Admin::CapEdit
+#
+# Edit user capabilities, which are listed in the site's config files; requires
+# admin:capedit or payments:* privileges.
+#
+# Authors:
+#      foxfirefey <foxfirefey@gmail.com>
+#
+# Copyright (c) 2012 by Dreamwidth Studios, LLC.
+#
+# This program is free software; you may redistribute it and/or modify it under
+# the same terms as Perl itself. For a copy of the license, please reference
+# 'perldoc perlartistic' or 'perldoc perlgpl'.
+#
+
+package DW::Controller::Admin::CapEdit;
+
+use strict;
+
+use DW::Controller;
+use DW::Controller::Admin;
+use DW::Routing;
+use DW::Template;
+
+use LJ::User;
+
+DW::Routing->register_string( "/admin/capedit/index", \&index_controller );
+DW::Controller::Admin->register_admin_page( '/',
+    path => 'capedit',
+    ml_scope => '/admin/capedit.tt',
+    privs => [ 'admin:capedit', 'payments', sub {
+        return ( $LJ::IS_DEV_SERVER, LJ::Lang::ml( "/admin/index.tt.devserver" ) ) } ]
+);
+
+sub index_controller {
+    my ( $ok, $rv ) = controller( privcheck => [ "admin:capedit", "payments" ] );
+    return $rv unless $ok;
+
+    my $vars = {%$rv};
+    my $r = DW::Request->get;
+    my $args = $r->did_post ? $r->post_args : $r->get_args;
+    my @errors;
+
+    if ( $args->{user} ) {
+        my $user = LJ::canonical_username( $args->{user} );
+        my $u = LJ::load_user($user) if $user;
+
+        push @errors, "Unknown user: " . LJ::ehtml( $args->{user} ) unless $u;
+
+        $vars->{u} = $u;
+
+        # do this first so later when we construct the user caps it will be already there
+        if ( $r->did_post ) {
+            push @errors, "Invalid form auth" unless LJ::check_form_auth( $args->{lj_form_auth} );
+
+            unless ( @errors ) {
+
+                my @cap_add = ();
+                my @cap_del = ();
+                my $newcaps = $u->{caps};
+
+                foreach my $n ( sort { $a <=> $b } keys %LJ::CAP ) {
+                    if ( $args->{"class_$n"} ) {
+                        push @cap_add, $n;
+                        $newcaps |= (1 << $n);
+                    } else {
+                        push @cap_del, $n;
+                        $newcaps &= ~(1 << $n);
+                    }
+                }
+
+                # note which caps were changed and log $logmsg to statushistory
+                my $add_txt = join( ",", @cap_add );
+                my $del_txt = join( ",", @cap_del );
+                my $remote = LJ::get_remote();
+
+                LJ::statushistory_add( $u->{userid}, $remote->{userid},
+                                      "capedit", "add: $add_txt, del: $del_txt\n" );
+
+                $u->modify_caps( \@cap_add, \@cap_del ) or
+                    push @errors, "Error: Unable to modify caps.";
+
+                # $u->{caps} is now updated in memory for later in this request
+                $u->{caps} = $newcaps;
+                # set this flag to let the template know we have saved
+                $vars->{save} = 1;
+            }
+
+            # make information for all of the caps based on the current info
+            my @caps;
+
+            foreach my $n (sort { $a <=> $b } keys %LJ::CAP) {
+                push @caps, { "n" => $n,
+                    "on" => ( ( $u->{caps} + 0 ) & ( 1 << $n ) ) ? 1 : 0,
+                    "name" => $LJ::CAP{$n}->{'_name'} || "Unnamed capability class #$n",
+                }
+             }
+
+             $vars->{caps} = \@caps;
+        }
+    } else {
+        $vars->{u} = 0;
+    }
+
+    $vars->{error_list} = \@errors if @errors;
+    return DW::Template->render_template( 'admin/capedit.tt', $vars );
+}
+
+1;
diff -r e17e214b4289 -r f9f69e8892b9 htdocs/admin/capedit.bml
--- a/htdocs/admin/capedit.bml	Wed Mar 21 16:55:34 2012 +0800
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,120 +0,0 @@
-<?_c
-# This code was forked from the LiveJournal project owned and operated
-# by Live Journal, Inc. The code has been modified and expanded by
-# Dreamwidth Studios, LLC. These files were originally licensed under
-# the terms of the license supplied by Live Journal, Inc, which can
-# currently be found at:
-#
-# http://code.livejournal.org/trac/livejournal/browser/trunk/LICENSE-LiveJournal.txt
-#
-# In accordance with the original license, this code and all its
-# modifications are provided under the GNU General Public License.
-# A copy of that license can be found in the LICENSE file included as
-# part of this distribution.
-_c?>
-<?_code
-
- use strict;
- use vars qw(%FORM);
-
- my ($sth, $ret);
- my $mode = $FORM{'mode'};
-
- my $remote = LJ::get_remote();
- my @display_privs = ( "admin:*" );
- my $numprivs = @display_privs;
-
- return "<?needlogin?>" unless $remote;
- return BML::ml ( "admin.noprivserror", { numpriv => $numprivs, needprivs => "<b>"  . join(", ", @display_privs) . "</b>"} )
-   unless $LJ::IS_DEV_SERVER || $remote->has_priv( "admin", "*" );
-
- $mode ||= $FORM{'user'} ? "viewuser" : "intro";
-
- my $user = LJ::canonical_username($FORM{'user'});
- my $u;
- $u = LJ::load_user($user) if $user;
-
- if ($mode eq "intro")
- {
-     $ret .= "<h1>capability class management</h1>\n";
-     $ret .= "<form method='get'>";
-     $ret .= "Modify capabilities for user: <input name='user' maxlength='25' size='25'> <input type='submit' value=\"Load\">";
-     $ret .= "</form>";
-
-     return $ret;
- }
-
- if ($mode eq "save")
- {
-     return "<b>Error:</b> requires post"
-         unless (LJ::did_post());
-
-     return"<b>Error:</b> You don't have access to change a user's capability class."
-         unless $LJ::IS_DEV_SERVER || ( $remote && $remote->has_priv( "admin", "*" ) );
-
-     unless ($u) {
-         $ret .= "Unknown user.\n";
-         return $ret;
-     }
-
-     my @cap_add = ();
-     my @cap_del = ();
-     my $newcaps = $u->{caps};
-     foreach my $n (sort { $a <=> $b } keys %LJ::CAP) {
-         if ($FORM{"class_$n"}) {
-             push @cap_add, $n;
-             $newcaps |= (1 << $n);
-         } else {
-             push @cap_del, $n;
-             $newcaps &= ~(1 << $n);
-         }
-     }
-
-     # note which caps were changed and log $logmsg to statushistory
-     my $add_txt = join(",", @cap_add);
-     my $del_txt = join(",", @cap_del);
-     LJ::statushistory_add($u->{'userid'}, $remote->{'userid'},
-                           "capedit", "add: $add_txt, del: $del_txt\n");
-
-     $u->modify_caps( \@cap_add, \@cap_del )
-         or return"<b>Error:</b> Unable to modify caps.";
-
-     # $u->{caps} is now updated in memory for later in this request
-     $u->{caps} = $newcaps;
-
-     $ret .= "Saved.";
-     $mode = "viewuser";
- }
-
- if ($mode eq "viewuser")
- {
-     $ret .= "<h1><a href='capedit'>&lt;&lt;</a> edit user '$user'</h1>\n";
-
-     unless ($u) {
-         $ret .= "Unknown user.\n";
-         return $ret;
-     }
-
-     $ret .= "<form method='post'>";
-     $ret .= "<input type='hidden' name='mode' value='save'>\n";
-     $ret .= "<input type='hidden' name='user' value='$user'>\n";
-     foreach my $n (sort { $a <=> $b } keys %LJ::CAP)
-     {
-         my $on = ($u->{'caps'}+0) & (1 << $n);
-         my $checked = $on ? " checked='1'" : "";
-         $ret .= "<p><input type='checkbox' name='class_$n' value='1' id='class_$n' $checked> ";
-         my $name = $LJ::CAP{$n}->{'_name'} || "Unnamed capability class \#$n";
-         if ($on) { $ret .= "<b>"; }
-         $ret .= "<label for='class_$n'>$name</label>";
-         if ($on) { $ret .= "</b>"; }
-     }
-
-     $ret .= "<p><input type='submit' value='Save'>\n";
-     $ret .= "</form>";
-
-     return $ret;
- }
-
- return "Unknown mode.";
-
-_code?>
diff -r e17e214b4289 -r f9f69e8892b9 views/admin/capedit.tt
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/views/admin/capedit.tt	Wed Mar 21 19:08:06 2012 +0800
@@ -0,0 +1,46 @@
+[%# admin/rename.tt
+
+Admin page for capability class management
+
+Authors:
+    foxfirefey <foxfirefey@gmail.com>
+
+This program is free software; you may redistribute it and/or modify it under
+the same terms as Perl itself.  For a copy of the license, please reference
+'perldoc perlartistic' or 'perldoc perlgpl'.
+%]
+[%- sections.title = '.title' | ml -%]
+
+[% IF error_list %]
+<div class='error-box message-box'>
+<div class='title'>[% 'error' | ml %]</div>
+<ul class='error-list'>
+    [% FOREACH error = error_list %]
+        <li>[% error %] </li>
+    [% END %]
+</ul>
+</div>
+[% END %]
+
+<form method="get">
+<p>Modify capabilities for user: <input name='user' maxlength='25' size='25'> <input type='submit' value="Load"></p>
+</form>
+
+[% IF u %]
+<h2><a href="capedit">&lt;&lt;</a> editing user [% u.ljuser_display %]</h2>
+
+[% IF save %]<h4>Changes to [% u.display_name %] have been saved!</h4>[% END %]
+
+<form method="post">
+[% dw.form_auth %]
+<input type="hidden" name="mode" value="save">
+<input type="hidden" name="user" value="[% u.display_name %]">
+[% FOREACH cap IN caps %]
+<p><input type="checkbox" name="class_[% cap.n %]" value="1" id="class_[% cap.n %]"[% IF cap.on %] checked="1"[% END %]>
+[% IF cap.on %]<strong>[% END %]
+<label for="class_[% cap.n %]">[% cap.name %]</label>
+[% IF cap.on %]</strong>[% END %]
+[% END %]
+<p><input type="submit" value="Save"></p>
+</form>
+[% END %]
diff -r e17e214b4289 -r f9f69e8892b9 views/admin/capedit.tt.text
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/views/admin/capedit.tt.text	Wed Mar 21 19:08:06 2012 +0800
@@ -0,0 +1,6 @@
+;; -*- coding: utf-8 -*-
+.admin.link=Capability Edit
+
+.admin.text=For editing user capabilities.
+
+.title=Capability Class Management
diff -r e17e214b4289 -r f9f69e8892b9 views/admin/index.tt.text
--- a/views/admin/index.tt.text	Wed Mar 21 16:55:34 2012 +0800
+++ b/views/admin/index.tt.text	Wed Mar 21 19:08:06 2012 +0800
@@ -1,8 +1,4 @@
 ;; -*- coding: utf-8 -*-
-.admin.capability.link=Capability Edit
-
-.admin.capability.text=For editing user capabilities.
-
 .admin.cluster.link=Cluster Status
 
 .admin.cluster.text=Get information on cluster availability.
--------------------------------------------------------------------------------
[dw-free] change priv for admin/capedit

Post a comment in response:
