?/config: Advanced permissions
This commit is contained in:
Michael Foster
parent
6e0e5b1e8a
commit
c3da5ab4e1
@ -1187,12 +1187,47 @@
|
||||
$config['mod']['news_custom'] = ADMIN;
|
||||
// Delete news entries
|
||||
$config['mod']['news_delete'] = ADMIN;
|
||||
|
||||
// Edit the current configuration (via web interface)
|
||||
$config['mod']['edit_config'] = ADMIN;
|
||||
|
||||
// Execute un-filtered SQL queries on the database (?/debug/sql)
|
||||
$config['mod']['debug_sql'] = DISABLED;
|
||||
// Edit the current configuration (via web interface)
|
||||
$config['mod']['edit_config'] = MOD;
|
||||
|
||||
// Config editor permissions
|
||||
$config['mod']['config'] = array(
|
||||
JANITOR => false,
|
||||
MOD => false,
|
||||
ADMIN => false,
|
||||
DISABLED => false,
|
||||
);
|
||||
|
||||
// Disable the following configuration variables from being changed via ?/config. The following default
|
||||
// banned variables are considered somewhat dangerous.
|
||||
$config['mod']['config'][DISABLED] = array(
|
||||
'mod>config',
|
||||
'mod>config_editor_php',
|
||||
'convert_args',
|
||||
'db>password',
|
||||
);
|
||||
|
||||
$config['mod']['config'][JANITOR] = array(
|
||||
'!', // Allow editing ONLY the variables listed (in this case, nothing).
|
||||
);
|
||||
|
||||
$config['mod']['config'][MOD] = array(
|
||||
'!', // Allow editing ONLY the variables listed (plus that in $config['mod']['config'][JANITOR]).
|
||||
'global_message',
|
||||
);
|
||||
|
||||
// Example: Disallow ADMIN from editing (and viewing) $config['db']['password'].
|
||||
// $config['mod']['config'][ADMIN] = array(
|
||||
// 'db>password',
|
||||
// );
|
||||
|
||||
// Example: Allow ADMIN to edit anything other than $config['db']
|
||||
// (and $config['mod']['config'][DISABLED]).
|
||||
// $config['mod']['config'][ADMIN] = array(
|
||||
// 'db',
|
||||
// );
|
||||
|
||||
/*
|
||||
* ====================
|
||||
|
||||
@ -1,5 +1,43 @@
|
||||
<?php
|
||||
|
||||
function permission_to_edit_config_var($varname) {
|
||||
global $config, $mod;
|
||||
|
||||
if (is_array($config['mod']['config'][DISABLED])) {
|
||||
foreach ($config['mod']['config'][DISABLED] as $disabled_var_name) {
|
||||
$disabled_var_name = explode('>', $disabled_var_name);
|
||||
if (count($disabled_var_name) == 1)
|
||||
$disabled_var_name = $disabled_var_name[0];
|
||||
if ($varname == $disabled_var_name)
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
$allow_only = false;
|
||||
// for ($perm = (int)$mod['type']; $perm >= JANITOR; $perm --) {
|
||||
for ($perm = JANITOR; $perm <= (int)$mod['type']; $perm ++) {
|
||||
$allow_only = false;
|
||||
if (is_array($config['mod']['config'][$perm])) {
|
||||
foreach ($config['mod']['config'][$perm] as $perm_var_name) {
|
||||
if ($perm_var_name == '!') {
|
||||
$allow_only = true;
|
||||
continue;
|
||||
}
|
||||
$perm_var_name = explode('>', $perm_var_name);
|
||||
if ((count($perm_var_name) == 1 && $varname == $perm_var_name[0]) ||
|
||||
(is_array($varname) && array_slice($varname, 0, count($perm_var_name)) == $perm_var_name)) {
|
||||
if ($allow_only)
|
||||
return true;
|
||||
else
|
||||
return false;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return !$allow_only;
|
||||
}
|
||||
|
||||
function config_vars() {
|
||||
global $config;
|
||||
|
||||
@ -77,7 +115,7 @@ function config_vars() {
|
||||
$already_exists = true;
|
||||
|
||||
}
|
||||
if (!$already_exists)
|
||||
if (!$already_exists && permission_to_edit_config_var($var['name']))
|
||||
$conf[] = $var;
|
||||
}
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user