dw-free: cgi-bin/DW/Hooks/PrivList.pm@34b3c4ba3afb (annotated)

fu@4145	1	#!/usr/bin/perl
fu@4145	2	#
fu@4145	3	# DW::Hooks::PrivList
fu@4145	4	#
fu@4145	5	# This module implements the listing of valid arguments for each
fu@4145	6	# known user privilege in dw-free. Any site that defines a different
fu@4145	7	# set of privs or privargs must create additional hooks to supplement
fu@4145	8	# this list.
fu@4145	9	#
fu@4145	10	# Authors:
fu@4145	11	# Jen Griffin <kareila@livejournal.com>
fu@4145	12	#
fu@4145	13	# Copyright (c) 2011 by Dreamwidth Studios, LLC.
fu@4145	14	#
fu@4145	15	# This program is free software; you may redistribute it and/or modify it under
fu@4145	16	# the same terms as Perl itself. For a copy of the license, please reference
fu@4145	17	# 'perldoc perlartistic' or 'perldoc perlgpl'.
fu@4145	18	#
fu@4145	19
fu@4145	20	package DW::Hooks::PrivList;
fu@4145	21
fu@4145	22	use strict;
fu@4145	23	use LJ::Hooks;
fu@4145	24
fu@4145	25	use LJ::DB;
fu@4145	26	use LJ::Lang;
fu@4145	27	use LJ::Support;
fu@4145	28
fu@4145	29
fu@4145	30	LJ::Hooks::register_hook( 'privlist-add', sub {
fu@4145	31	my ( $priv ) = @_;
fu@4145	32	return unless defined $priv;
fu@4145	33	my $hr = {};
fu@4145	34
fu@4145	35	# valid admin privargs are the same as defined DB privs
fu@4145	36	if ( $priv eq 'admin' ) {
fu@4145	37	my $dbr = LJ::get_db_reader();
fu@4145	38	$hr = $dbr->selectall_hashref(
fu@4145	39	'SELECT privcode, privname FROM priv_list', 'privcode' );
fu@4145	40	# unfold result
fu@4145	41	$hr->{$_} = $hr->{$_}->{privname} foreach keys %$hr;
fu@4145	42	# add subprivs for supporthelp
fu@4145	43	my $cats = LJ::Support::load_cats();
fu@4145	44	$hr->{"supporthelp/$_"} = "$hr->{supporthelp} for $_"
fu@4145	45	foreach map { $_->{catkey} } values %$cats;
fu@4145	46	}
fu@4145	47
fu@4145	48	# valid support* privargs are the same as support cats
fu@4145	49	if ( my ( $sup ) = ( $priv =~ /^support(.*)$/ ) ) {
fu@4145	50	my $cats = LJ::Support::load_cats();
fu@4145	51	my @catkeys = map { $_->{catkey} } values %$cats;
fu@4145	52	if ( $priv eq 'supportread' ) {
fu@4145	53	$hr->{"$_+"} = "Extended $sup privs for $_ category"
fu@4145	54	foreach @catkeys;
fu@4145	55	}
fu@4145	56	$sup = $priv eq 'supporthelp' ? 'All' : ucfirst $sup;
fu@4145	57	$hr->{$_} = "$sup privs for $_ category"
fu@4145	58	foreach @catkeys;
fu@4145	59	$hr->{''} = "$sup privs for public categories";
fu@4145	60	}
fu@4145	61
fu@4145	62	# valid faqadd/faqedit privargs are the same as faqcats
fu@4145	63	if ( $priv eq 'faqadd' or $priv eq 'faqedit' ) {
fu@4145	64	my $dbr = LJ::get_db_reader();
fu@4145	65	$hr = $dbr->selectall_hashref(
fu@4145	66	'SELECT faqcat, faqcatname FROM faqcat', 'faqcat' );
fu@4145	67	# unfold result
fu@4145	68	$hr->{$_} = $hr->{$_}->{faqcatname} foreach keys %$hr;
fu@4145	69	}
fu@4145	70
fu@4145	71	# valid translate privargs are the same as defined languages
fu@4145	72	if ( $priv eq 'translate' ) {
fu@4145	73	my %langs = @{ LJ::Lang::get_lang_names() };
fu@4145	74	$hr->{$_} = "Can translate $langs{$_}" foreach keys %langs;
fu@4145	75	# plus a couple of extras
fu@4145	76	$hr->{'[itemdelete]'} = "Can delete translation strings";
fu@4145	77	$hr->{'[itemrename]'} = "Can rename translation strings";
fu@4145	78	}
fu@4145	79
fu@4145	80	# have to manually maintain the other lists
fu@4145	81	$hr = {
fu@4145	82	entryprops => "Access to /admin/entryprops",
fu@4145	83	sessions => "Access to admin mode on /manage/logins",
fu@4145	84	styles => "Access to private styles on /customize/advanced",
fu@4145	85	suspended => "Access to suspended journal content",
fu@4145	86	userlog => "Access to /admin/userlog",
fu@4145	87	userprops => "Access to /admin/propedit",
fu@4145	88	} if $priv eq 'canview';
fu@4145	89
fu@4145	90	$hr = {
fu@4145	91	codetrace => "Access to /admin/invites/codetrace",
fu@4145	92	infohistory => "Access to infohistory console command",
fu@4145	93	} if $priv eq 'finduser';
fu@4145	94
fu@4145	95	# extracted from grep -r statushistory_add
fu@4145	96	if ( $priv eq 'historyview' ) {
fu@4145	97	my @shtypes = qw/ account_level_change b2lid_remap capedit
fu@4145	98	change_journal_type comment_action communityxfer
fu@4145	99	create_from_invite create_from_promo
fu@4145	100	entry_action email_changed expunge_userpic
fu@4145	101	impersonate journal_status logout_user
fu@4145	102	mass_privacy paid_from_invite paidstatus
fu@4145	103	privadd privdel reset_email reset_password
fu@4145	104	s2lid_remap set_badpassword shop_points
fu@4145	105	suspend sysban_add sysban_mod synd_create
fu@4145	106	synd_edit synd_merge sysban_add sysban_modify
fu@4145	107	sysban_trig unsuspend vgifts viewall /;
fu@4145	108
fu@4145	109	$hr->{$_} = "Access to statushistory for $_ logs"
fu@4145	110	foreach @shtypes;
fu@4145	111	}
fu@4145	112
fu@4145	113	$hr = {
fu@4145	114	commentview => "Access to /admin/recent_comments",
fu@4145	115	emailqueue => "Access to /tools/recent_email",
fu@4145	116	entry_redirect => "Access to /misc/entry_redirect",
fu@4145	117	invites => "Access to some invites functionality under /admin/invites",
fu@4145	118	largefeedsize => "Overrides synsuck_max_size for a feed",
fu@4145	119	memcacheclear => "Access to /admin/memcache_clear",
fu@4145	120	memcacheview => "Access to /admin/memcache",
fu@4145	121	mysqlstatus => "Access to /admin/mysql_status",
fu@4145	122	navtag => "Access to /admin/navtag",
fu@4145	123	propedit => "Allow to change userprops for other users",
fu@4145	124	rename => "Access to rename_opts console command",
fu@4145	125	sitemessages => "Access to /admin/sitemessages",
fu@4145	126	spamreports => "Access to /admin/spamreports",
fu@4263	127	themes => "Access to /admin/themes",
fu@4145	128	theschwartz => "Access to /admin/theschwartz",
fu@4145	129	usernames => "Bypasses is_protected_username check",
fu@4145	130	userpics => "Access to expunge_userpic console command",
fu@4145	131	users => "Access to change_journal_status console command",
fu@4145	132	vgifts => "Access to approval functions on /admin/vgifts",
fu@4145	133	} if $priv eq 'siteadmin';
fu@4145	134
fu@4145	135	$hr = {
fu@4145	136	openid => "Only allowed to suspend OpenID accounts",
fu@4145	137	} if $priv eq 'suspend';
fu@4145	138
fu@4145	139	# extracted from LJ::Sysban::validate
fu@4145	140	$hr = {
fu@4145	141	email => "Can ban specific email addresses",
fu@4145	142	email_domain => "Can ban entire email domains",
fu@4145	143	invite_email => "Can ban invites for email addresses",
fu@4145	144	invite_user => "Can ban invites for users",
fu@4145	145	ip => "Can ban connections from specific IPs",
fu@4145	146	lostpassword => "Can ban requests for lost passwords",
fu@4145	147	noanon_ip => "Can ban anonymous comments from specific IPs",
fu@4145	148	pay_cc => "Can ban payments from specific credit cards",
fu@4145	149	pay_email => "Can ban payments from specific emails",
fu@4145	150	pay_uniq => "Can ban payments from specific sessions",
fu@4145	151	pay_user => "Can ban payments from specific users",
fu@4145	152	spamreport => "Can ban spam reports from specific users",
fu@4145	153	support_email => "Can ban support requests from emails",
fu@4145	154	support_uniq => "Can ban support requests from sessions",
fu@4145	155	support_user => "Can ban support requests from users",
fu@4145	156	talk_ip_test => "Can force IPs to complete CAPTCHA to leave comments",
fu@4145	157	uniq => "Can ban specific browser sessions",
fu@4145	158	user => "Can ban specific users",
fu@4145	159	} if $priv eq 'sysban';
fu@4145	160
fu@4145	161	return $hr;
fu@4145	162	} );
fu@4145	163
fu@4145	164
fu@4145	165	1;

author	fu
	Thu Feb 23 02:21:54 2012 +0800
changeset 4315	34b3c4ba3afb
parent 4145	dea9381b157c
permissions	-rwxr-xr-x