5 # This module implements the listing of valid arguments for each
6 # known user privilege in dw-free. Any site that defines a different
7 # set of privs or privargs must create additional hooks to supplement
11 # Jen Griffin <kareila@livejournal.com>
13 # Copyright (c) 2011 by Dreamwidth Studios, LLC.
15 # This program is free software; you may redistribute it and/or modify it under
16 # the same terms as Perl itself. For a copy of the license, please reference
17 # 'perldoc perlartistic' or 'perldoc perlgpl'.
20 package DW::Hooks::PrivList;
30 LJ::Hooks::register_hook( 'privlist-add', sub {
32 return unless defined $priv;
35 # valid admin privargs are the same as defined DB privs
36 if ( $priv eq 'admin' ) {
37 my $dbr = LJ::get_db_reader();
38 $hr = $dbr->selectall_hashref(
39 'SELECT privcode, privname FROM priv_list', 'privcode' );
41 $hr->{$_} = $hr->{$_}->{privname} foreach keys %$hr;
42 # add subprivs for supporthelp
43 my $cats = LJ::Support::load_cats();
44 $hr->{"supporthelp/$_"} = "$hr->{supporthelp} for $_"
45 foreach map { $_->{catkey} } values %$cats;
48 # valid support* privargs are the same as support cats
49 if ( my ( $sup ) = ( $priv =~ /^support(.*)$/ ) ) {
50 my $cats = LJ::Support::load_cats();
51 my @catkeys = map { $_->{catkey} } values %$cats;
52 if ( $priv eq 'supportread' ) {
53 $hr->{"$_+"} = "Extended $sup privs for $_ category"
56 $sup = $priv eq 'supporthelp' ? 'All' : ucfirst $sup;
57 $hr->{$_} = "$sup privs for $_ category"
59 $hr->{''} = "$sup privs for public categories";
62 # valid faqadd/faqedit privargs are the same as faqcats
63 if ( $priv eq 'faqadd' or $priv eq 'faqedit' ) {
64 my $dbr = LJ::get_db_reader();
65 $hr = $dbr->selectall_hashref(
66 'SELECT faqcat, faqcatname FROM faqcat', 'faqcat' );
68 $hr->{$_} = $hr->{$_}->{faqcatname} foreach keys %$hr;
71 # valid translate privargs are the same as defined languages
72 if ( $priv eq 'translate' ) {
73 my %langs = @{ LJ::Lang::get_lang_names() };
74 $hr->{$_} = "Can translate $langs{$_}" foreach keys %langs;
75 # plus a couple of extras
76 $hr->{'[itemdelete]'} = "Can delete translation strings";
77 $hr->{'[itemrename]'} = "Can rename translation strings";
80 # have to manually maintain the other lists
82 entryprops => "Access to /admin/entryprops",
83 sessions => "Access to admin mode on /manage/logins",
84 styles => "Access to private styles on /customize/advanced",
85 suspended => "Access to suspended journal content",
86 userlog => "Access to /admin/userlog",
87 userprops => "Access to /admin/propedit",
88 } if $priv eq 'canview';
91 codetrace => "Access to /admin/invites/codetrace",
92 infohistory => "Access to infohistory console command",
93 } if $priv eq 'finduser';
95 # extracted from grep -r statushistory_add
96 if ( $priv eq 'historyview' ) {
97 my @shtypes = qw/ account_level_change b2lid_remap capedit
98 change_journal_type comment_action communityxfer
99 create_from_invite create_from_promo
100 entry_action email_changed expunge_userpic
101 impersonate journal_status logout_user
102 mass_privacy paid_from_invite paidstatus
103 privadd privdel reset_email reset_password
104 s2lid_remap set_badpassword shop_points
105 suspend sysban_add sysban_mod synd_create
106 synd_edit synd_merge sysban_add sysban_modify
107 sysban_trig unsuspend vgifts viewall /;
109 $hr->{$_} = "Access to statushistory for $_ logs"
114 commentview => "Access to /admin/recent_comments",
115 emailqueue => "Access to /tools/recent_email",
116 entry_redirect => "Access to /misc/entry_redirect",
117 invites => "Access to some invites functionality under /admin/invites",
118 largefeedsize => "Overrides synsuck_max_size for a feed",
119 memcacheclear => "Access to /admin/memcache_clear",
120 memcacheview => "Access to /admin/memcache",
121 mysqlstatus => "Access to /admin/mysql_status",
122 navtag => "Access to /admin/navtag",
123 propedit => "Allow to change userprops for other users",
124 rename => "Access to rename_opts console command",
125 sitemessages => "Access to /admin/sitemessages",
126 spamreports => "Access to /admin/spamreports",
127 themes => "Access to /admin/themes",
128 theschwartz => "Access to /admin/theschwartz",
129 usernames => "Bypasses is_protected_username check",
130 userpics => "Access to expunge_userpic console command",
131 users => "Access to change_journal_status console command",
132 vgifts => "Access to approval functions on /admin/vgifts",
133 } if $priv eq 'siteadmin';
136 openid => "Only allowed to suspend OpenID accounts",
137 } if $priv eq 'suspend';
139 # extracted from LJ::Sysban::validate
141 email => "Can ban specific email addresses",
142 email_domain => "Can ban entire email domains",
143 invite_email => "Can ban invites for email addresses",
144 invite_user => "Can ban invites for users",
145 ip => "Can ban connections from specific IPs",
146 lostpassword => "Can ban requests for lost passwords",
147 noanon_ip => "Can ban anonymous comments from specific IPs",
148 pay_cc => "Can ban payments from specific credit cards",
149 pay_email => "Can ban payments from specific emails",
150 pay_uniq => "Can ban payments from specific sessions",
151 pay_user => "Can ban payments from specific users",
152 spamreport => "Can ban spam reports from specific users",
153 support_email => "Can ban support requests from emails",
154 support_uniq => "Can ban support requests from sessions",
155 support_user => "Can ban support requests from users",
156 talk_ip_test => "Can force IPs to complete CAPTCHA to leave comments",
157 uniq => "Can ban specific browser sessions",
158 user => "Can ban specific users",
159 } if $priv eq 'sysban';