agnes/mourningdove
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 3
mourningdove/cgi-bin/DW/Hooks/PrivList.pm
aggie 929b0e3cf7 first!
2026-05-24 01:03:05 +00:00

172 lines
7.2 KiB
Perl
Raw Blame History

#!/usr/bin/perl
#
# DW::Hooks::PrivList
#
# This module implements the listing of valid arguments for each
# known user privilege in Dreamwidth. Any site that defines a different
# set of privs or privargs must create additional hooks to supplement
# this list.
#
# Authors:
# Jen Griffin <kareila@livejournal.com>
#
# Copyright (c) 2011-2014 by Dreamwidth Studios, LLC.
#
# This program is free software; you may redistribute it and/or modify it under
# the same terms as Perl itself. For a copy of the license, please reference
# 'perldoc perlartistic' or 'perldoc perlgpl'.
#
package DW::Hooks::PrivList;
use strict;
use LJ::Hooks;
use LJ::DB;
use LJ::Lang;
use LJ::Support;
LJ::Hooks::register_hook(
'privlist-add',
sub {
my ($priv) = @_;
return unless defined $priv;
my $hr = {};
# valid admin privargs are the same as defined DB privs
if ( $priv eq 'admin' ) {
my $dbr = LJ::get_db_reader();
$hr = $dbr->selectall_hashref( 'SELECT privcode, privname FROM priv_list', 'privcode' );
# unfold result
$hr->{$_} = $hr->{$_}->{privname} foreach keys %$hr;
# add subprivs for supporthelp
my $cats = LJ::Support::load_cats();
$hr->{"supporthelp/$_"} = "$hr->{supporthelp} for $_"
foreach map { $_->{catkey} } values %$cats;
}
# valid support* privargs are the same as support cats
if ( my ($sup) = ( $priv =~ /^support(.*)$/ ) ) {
my $cats = LJ::Support::load_cats();
my @catkeys = map { $_->{catkey} } values %$cats;
if ( $priv eq 'supportread' ) {
$hr->{"$_+"} = "Extended $sup privs for $_ category" foreach @catkeys;
}
$sup = $priv eq 'supporthelp' ? 'All' : ucfirst $sup;
$hr->{$_} = "$sup privs for $_ category" foreach @catkeys;
$hr->{''} = "$sup privs for public categories";
}
# valid faqadd/faqedit privargs are the same as faqcats
if ( $priv eq 'faqadd' or $priv eq 'faqedit' ) {
my $dbr = LJ::get_db_reader();
$hr = $dbr->selectall_hashref( 'SELECT faqcat, faqcatname FROM faqcat', 'faqcat' );
# unfold result
$hr->{$_} = $hr->{$_}->{faqcatname} foreach keys %$hr;
}
# valid translate privargs are the same as defined languages
if ( $priv eq 'translate' ) {
my %langs = @{ LJ::Lang::get_lang_names() };
$hr->{$_} = "Can translate $langs{$_}" foreach keys %langs;
# plus a couple of extras
$hr->{'[itemdelete]'} = "Can delete translation strings";
$hr->{'[itemrename]'} = "Can rename translation strings";
}
# have to manually maintain the other lists
$hr = {
entryprops => "Access to /admin/entryprops",
images => "Access to admin mode on /file/list",
sessions => "Access to admin mode on /manage/logins",
subscriptions => "Access to admin mode on notification settings",
suspended => "Access to suspended journal content",
userlog => "Access to /admin/userlog",
userprops => "Access to /admin/propedit",
}
if $priv eq 'canview';
$hr = {
codetrace => "Access to /admin/invites/codetrace",
infohistory => "Access to infohistory console command",
}
if $priv eq 'finduser';
# extracted from grep -r statushistory_add
if ( $priv eq 'historyview' ) {
my @shtypes = qw/ account_level_change approvenew b2lid_remap
capedit change_journal_type comment_action communityxfer
create_from_invite create_from_promo
entry_action email_changed expunge_userpic
impersonate journal_status logout_user
mass_privacy paid_from_invite paidstatus
privadd privdel rename_token reset_email
reset_password s2lid_remap shop_points
suspend sysban_add sysban_mod synd_create
synd_edit synd_merge sysban_add sysban_modify
sysban_trig unsuspend vgifts viewall /;
$hr->{$_} = "Access to statushistory for $_ logs" foreach @shtypes;
}
$hr = {
approvenew => "Access to /admin/recent_accounts",
commentview => "Access to /admin/recent_comments",
invites => "Access to some invites functionality under /admin/invites",
largefeedsize => "Overrides synsuck_max_size for a feed",
memcacheclear => "Access to /admin/memcache_clear",
propedit => "Allow to change userprops for other users",
rename => "Access to rename_opts console command",
sendmail => "Access to /admin/sendmail",
spamreports => "Access to /admin/spamreports",
styleview => "Access to private styles on /customize/advanced",
support => "Access to /admin/supportcat",
themes => "Access to /admin/themes",
theschwartz => "Access to /admin/theschwartz",
usernames => "Bypasses is_protected_username check",
userpics => "Access to expunge_userpic console command",
users => "Access to change_journal_status console command",
vgifts => "Access to approval functions on /admin/vgifts",
oauth => "Modify some settings on OAuth consumers",
}
if $priv eq 'siteadmin';
$hr = {
openid => "Only allowed to suspend OpenID accounts",
recent => "Only allowed to suspend from /admin/recent_accounts",
}
if $priv eq 'suspend';
# extracted from LJ::Sysban::validate
$hr = {
email => "Can ban specific email addresses",
email_domain => "Can ban entire email domains",
invite_email => "Can ban invites for email addresses",
invite_user => "Can ban invites for users",
ip => "Can ban connections from specific IPs",
lostpassword => "Can ban requests for lost passwords",
noanon_ip => "Can ban anonymous comments from specific IPs",
oauth_consumer => "Can ban specific users from having OAuth consumers",
pay_cc => "Can ban payments from specific credit cards",
pay_email => "Can ban payments from specific emails",
pay_uniq => "Can ban payments from specific sessions",
pay_user => "Can ban payments from specific users",
spamreport => "Can ban spam reports from specific users",
support_email => "Can ban support requests from emails",
support_uniq => "Can ban support requests from sessions",
support_user => "Can ban support requests from users",
talk_ip_test => "Can force IPs to complete CAPTCHA to leave comments",
uniq => "Can ban specific browser sessions",
user => "Can ban specific users",
}
if $priv eq 'sysban';
return $hr;
}
);
1;
Reference in a new issue View git blame Copy permalink