From: Victor Wagner <vitus@wagner.pp.ru>
Date: Fri, 21 Mar 2008 15:02:02 +0000 (+0000)
Subject: Отлажена работа кода проверки прав (хотя бы для администратора)
X-Git-Url: http://www.wagner.pp.ru/gitweb/?a=commitdiff_plain;h=89f2fc99e9e637eb9f383f277e68021828ba5fe2;p=oss%2Fstilllife.git

Отлажена работа кода проверки прав (хотя бы для администратора)
---

diff --git a/forum/forum b/forum/forum
index 91961bf..c714859 100755
--- a/forum/forum
+++ b/forum/forum
@@ -36,9 +36,25 @@ my %actions = (
 	openidlogin=>\&openid_login,
 	openidvfy =>\&openid_verify
 );	
+#
+#  Ð£ÑÐ¾Ð²ÐµÐ½Ñ Ð¿ÑÐ°Ð², ÐºÐ¾ÑÐ¾ÑÑÐµ Ð½ÐµÐ¾Ð±ÑÐ¾Ð´Ð¸Ð¼Ð¾ Ð¸Ð¼ÐµÑÑ Ð¿Ð¾Ð»ÑÐ·Ð¾Ð²Ð°ÑÐµÐ»Ñ Ð´Ð»Ñ ÑÐ¾Ð²ÐµÑÑÐµÐ½Ð¸Ñ
+#  Ð¾Ð¿ÑÐµÐ´ÐµÐ»ÐµÐ½Ð½Ð¾Ð³Ð¾ Ð´ÐµÐ¹ÑÑÐ²Ð¸Ñ
+#  Ð¸ÐµÑÐ°ÑÑÐ¸Ñ Ð²Ð¸Ð´Ð° undef < banned < normal < author < moderator <admin
+#  ÐÑÐ»Ð¸ Ð¾Ð¿ÐµÑÐ°ÑÐ¸Ñ Ð½Ðµ ÑÐ¿Ð¾Ð¼ÑÐ½ÑÑÐ° Ð² Ð´Ð°Ð½Ð½Ð¾Ð¼ Ð¼Ð°ÑÑÐ¸Ð², ÑÐ¾ Ð·Ð½Ð°ÑÐ¸Ñ Ð¼Ð¾Ð¶Ð½Ð¾ Ð²ÑÐµÐ¼, Ð²
+#  ÑÐ¾Ð¼ ÑÐ¸ÑÐ»Ðµ  Ð¸ Ð°Ð½Ð¾Ð½Ð¸Ð¼Ñ.
+# Ð¡Ð»Ð¾Ð²Ð¾ login Ð¾Ð·Ð½Ð°ÑÐ°ÐµÑ, ÑÑÐ¾ Ð²Ð¾Ð¾Ð±ÑÐµ-ÑÐ¾ ÑÑÐ¾ normal, Ð½Ð¾ Ð¿Ð¾Ð»ÑÐ·Ð¾Ð²Ð°ÑÐµÐ»Ñ Ð¼Ð¾Ð¶ÐµÑ
+# Ð»Ð¾Ð³Ð¸Ð½Ð¸ÑÑÑÑ Ð½ÐµÐ¿Ð¾ÑÑÐµÐ´ÑÑÐ²ÐµÐ½Ð½Ð¾ Ð² Ð¿ÑÐ¾ÑÐµÑÑÐµ Ð²ÑÐ¿Ð¾Ð»Ð½ÐµÐ½Ð¸Ñ Ð¾Ð¿ÐµÑÐ°ÑÐ¸Ð¸.
+my %permissions = (
+	reply => "login",
+	edit => "author",
+	delete => "author",
+	newtopic => "normal",
+	move => "moderator",
+	newforum => "moderator",
+	profile => "normal",
+	setrights => "admin",
+);	
 
-
-	
 my $cgi = new CGI;
 print STDERR "--------------------\n";
 my $forum=get_forum_config();
@@ -83,8 +99,14 @@ if ($cgi->request_method ne "POST") {
 	# ÐÐ°Ð¿ÑÐ¾Ñ Ð¼ÐµÑÐ¾Ð´Ð¾Ð¼ POST. ÐÑÐ·ÑÐ²Ð°ÐµÐ¼ Ð¾Ð±ÑÐ°Ð±Ð¾ÑÑÐ¸Ðº
 	for my $param ($cgi->param) {
 		if (exists $actions{$param}) {
-			$actions{$param}->($param,$cgi,$forum);
-			exit;
+			if (allow_operation($param,$cgi,$forum)) {
+				$actions{$param}->($param,$cgi,$forum);
+				exit;
+			} else {
+				show_error($forum,"Ð£ ÐÐ°Ñ Ð½ÐµÑ Ð¿ÑÐ°Ð² Ð½Ð°  Ð²ÑÐ¿Ð¾Ð»Ð½ÐµÐ½Ð¸Ðµ ÑÑÐ¾Ð¹
+				Ð¾Ð¿ÐµÑÐ°ÑÐ¸Ð¸")
+	 		}
+
 		}
 	}
 	print STDERR "ÐÐ¾Ð»ÑÑÐµÐ½Ñ Ð¿Ð°ÑÐ°Ð¼ÐµÑÑÑ ",join(" ",$cgi->param),"\n";
@@ -346,7 +368,6 @@ sub fix_forum_links {
 			$attr ="src";
 		}
 		my $link = $element->attr($attr);
-		print STDERR "Fixing link $link\n";
 		# ÐÐ±ÑÐ¾Ð»ÑÑÐ½Ð°Ñ ÑÑÑÐ»ÐºÐ° - Ð¾ÑÑÐ°Ð²Ð»ÑÐµÐ¼ ÐºÐ°Ðº ÐµÑÑÑ. 
 		next ELEMENT if (! defined $link || $link=~/^\w+:/); 
 		# Ð¡ÑÑÐ»ÐºÐ° Ð¾Ñ ÐºÐ¾ÑÐ½Ñ ÑÐ°Ð¹ÑÐ°. 
@@ -363,7 +384,6 @@ sub fix_forum_links {
 		    !($link =~ s!^forum\b!$script_with_path!)) {
 			$link = $forum->{"forumtop"}."/".$link 
 		}	
-		print STDERR "Fixed to $link\n";
 		$element->attr($attr,$link);
 	}
 }		
@@ -501,7 +521,6 @@ sub authenticate {
 	dbmopen %userbase,datafile($forum,"passwd"),0644;
 	my $user = $cgi->param("user");
 	my $password = $cgi->param("password");
-	print STDERR "user=>'$user'\npassword=>'$password'\n";
 	$cgi->delete("password");
 	if (! $userbase{$user}) {
 	  set_error($forum,"ÐÐµÐ²ÐµÑÐ½Ð¾Ðµ Ð¸Ð¼Ñ Ð¿Ð¾Ð»ÑÐ·Ð¾Ð²Ð°ÑÐµÐ»Ñ Ð¸Ð»Ð¸ Ð¿Ð°ÑÐ¾Ð»Ñ");
@@ -509,7 +528,7 @@ sub authenticate {
 	}   
 	my $userinfo = thaw($userbase{$user}) ;
 	dbmclose %userbase;
-	while (my ($key,$val)=each %$userinfo) { print STDERR "$key => '$val'\n";}
+	#while (my ($key,$val)=each %$userinfo) { print STDERR "$key => '$val'\n";}
 	if (crypt($password,$userinfo->{passwd}) eq $userinfo->{passwd}) {
 		delete $userinfo->{"passwd"};
 		$cgi->delete("password");
@@ -681,8 +700,24 @@ sub logout {
 }	
 sub allow_operation {
 	my ($operation,$cgi,$forum) = @_;
-	return 1 if (grep $operation eq $_,"register","login","reply");
-
+	return 1 if (!exists($permissions{$operation})); 
+	if (!$forum->{authenticated}) {
+		return 1 if ($permissions{$operation} eq "login");
+		return 0;
+	}	
+	my $user = $forum->{authenticated}{user} ;
+	my $accesslevel=getrights($cgi,$forum);
+	# ÐÑÐ»Ð¸ permissions{$operation} ÑÐ°Ð²Ð½Ñ author, Ð½Ð°Ð¼ Ð½ÑÐ¶Ð½Ð¾ Ð¸Ð·Ð²Ð»ÐµÑÑ
+	# ÑÐµÐºÑÑ Ð¸Ð· ÑÐ¾Ð¾ÑÐ²ÐµÑÑÑÐ²ÑÑÑÐµÐ³Ð¾ ÑÐ°Ð¹Ð»Ð° Ð¸ Ð¿Ð¾Ð»Ð¾Ð¶Ð¸ÑÑ ÐµÐ³Ð¾ Ð²
+	# cgi->param("text"); ÐÐ°Ð¾Ð´Ð½Ð¾ Ð¾Ð¿ÑÐµÐ´ÐµÐ»Ð¸Ð¼ Ð¸ Ð°Ð²ÑÐ¾ÑÐ°
+	my ($itemauthor,$itemtext)=get_message_by_id($cgi->param("id")) if
+		$permissions{$operation} eq "author";
+	
+	return 1 if ($accesslevel eq "admin");
+	return 0 if ($permissions{$operation} eq "admin");	
+	return 1 if ($accesslevel eq "moderator");
+	return 0 if $accesslevel eq "banned";	
+	return 0 if $permissions{$operation} eq "author" && $user ne $itemauthor;
 	return 1;
 }
 
@@ -726,4 +761,50 @@ sub reply {
 		}	
 	}	
 }	
-		
+#
+# ÑÐ¸ÑÐ°ÐµÑ ÑÐ°Ð¹Ð»Ñ Ð¿ÑÐ°Ð² Ð´Ð¾ÑÑÑÐ¿Ð° Ð² Ð´ÐµÑÐµÐ²Ðµ ÑÐ¾ÑÑÐ¼Ð°, Ð¸ Ð²Ð¾Ð·Ð²ÑÐ°ÑÐ°ÐµÑ
+# ÑÑÐ°ÑÑÑ ÑÐµÐºÑÑÐµÐ³Ð¾ Ð¿Ð¾Ð»ÑÐ·Ð¾Ð²Ð°ÑÐµÐ»Ñ (undef - Ð°Ð½Ð¾Ð½Ð¸Ð¼, banned, normal,
+# moderator Ð¸Ð»Ð¸ admin
+
+sub getrights {
+	my ($cgi,$forum) = @_;
+	if (!$forum->{authenticated}) {
+		return undef;
+	}	
+	my $user = $forum->{authenticated}{user};
+	my $dir = $ENV{'PATH_TRANSLATED'};
+	$dir =~s/\/[^\/]+$// if (!-d $dir);
+	my $f;
+	my $user_status = "normal";
+	LEVEL:
+	while (length($dir)) {  
+		if (-f "$dir/perms.txt") {
+			open $f,"<","$dir/perms.txt";
+			my $status = undef;
+			while (<$f>) {
+				if (/^\[\s*(admins|moderators|banned)\s*\]/) {
+					$status = $1;
+				} else {
+					chomp;
+					if  ($user eq $_ && defined $status) {
+						if ($status eq "banned") {
+							return $status;
+						} 
+						if ($status eq "admins" ) {
+							return "admin";
+						}
+						$user_status = "moderator";
+					}
+				}	
+			}
+			close $f;
+			last LEVEL if  -f "$dir/.forum";
+			# Strip last path component.
+			$dir =~s/\/[^\/]+$// 
+		}	
+	}		
+	return $user_status;
+
+}		
+
+