Add admin privilege to manage room aliases.

This commit is contained in:
Jordan Bancino 2023-08-09 15:50:03 +00:00
parent 69d28f39d1
commit bc71a7ec01
5 changed files with 14 additions and 4 deletions

View file

@ -61,7 +61,7 @@ Milestone: v0.4.0
[ ] Finish RouteAliasDirectory [ ] Finish RouteAliasDirectory
[ ] Add "id" objects when putting aliases [ ] Add "id" objects when putting aliases
[ ] Delete from "id" when deleting alias [ ] Delete from "id" when deleting alias
[ ] Add alias admin privilege to allow admins to manage aliases [x] Add alias admin privilege to allow admins to manage aliases
Milestone: v0.5.0 Milestone: v0.5.0
----------------- -----------------

View file

@ -1,4 +1,4 @@
.Dd $Mdocdate: April 20 2023 $ .Dd $Mdocdate: August 9 2023 $
.Dt TELODENDRIA-ADMIN 7 .Dt TELODENDRIA-ADMIN 7
.Os Telodendria Project .Os Telodendria Project
.Sh NAME .Sh NAME
@ -32,6 +32,10 @@ Allows a user to modify the Telodendria server daemon's configuration.
.It Dv GRANT_PRIVILEGES .It Dv GRANT_PRIVILEGES
Allows a user to modify his or her own privileges or the privileges of other Allows a user to modify his or her own privileges or the privileges of other
local users. local users.
.It Dv ALIAS
Allows a user to modify room aliases created by other users. By default, users
can only manage their own room aliases, but an administrator may wish to take
over an alias or remove an offensive alias.
.It Dv PROC_CONTROL .It Dv PROC_CONTROL
Allows a user to get statistics on the running process, as well as shutdown and Allows a user to get statistics on the running process, as well as shutdown and
restart the Telodendria daemon itself. Typically this will pair well with restart the Telodendria daemon itself. Typically this will pair well with

View file

@ -135,7 +135,7 @@ ROUTE_IMPL(RouteAliasDirectory, path, argp)
goto finish; goto finish;
} }
if (!StrEquals(UserGetName(user), JsonValueAsString(JsonGet(aliases, 3, "alias", alias, "createdBy")))) if (!(UserGetPrivileges(user) & USER_ALIAS) && !StrEquals(UserGetName(user), JsonValueAsString(JsonGet(aliases, 3, "alias", alias, "createdBy"))))
{ {
HttpResponseStatus(args->context, HTTP_UNAUTHORIZED); HttpResponseStatus(args->context, HTTP_UNAUTHORIZED);
response = MatrixErrorCreate(M_UNAUTHORIZED, NULL); response = MatrixErrorCreate(M_UNAUTHORIZED, NULL);

View file

@ -802,6 +802,10 @@ UserDecodePrivilege(const char *p)
{ {
return USER_PROC_CONTROL; return USER_PROC_CONTROL;
} }
else if (StrEquals(p, "ALIAS"))
{
return USER_ALIAS;
}
else else
{ {
return USER_NONE; return USER_NONE;
@ -835,6 +839,7 @@ UserEncodePrivileges(int privileges)
A(USER_CONFIG, "CONFIG"); A(USER_CONFIG, "CONFIG");
A(USER_GRANT_PRIVILEGES, "GRANT_PRIVILEGES"); A(USER_GRANT_PRIVILEGES, "GRANT_PRIVILEGES");
A(USER_PROC_CONTROL, "PROC_CONTROL"); A(USER_PROC_CONTROL, "PROC_CONTROL");
A(USER_ALIAS, "ALIAS");
#undef A #undef A

View file

@ -61,7 +61,8 @@ typedef enum UserPrivileges
USER_CONFIG = (1 << 2), USER_CONFIG = (1 << 2),
USER_GRANT_PRIVILEGES = (1 << 3), USER_GRANT_PRIVILEGES = (1 << 3),
USER_PROC_CONTROL = (1 << 4), USER_PROC_CONTROL = (1 << 4),
USER_ALL = ((1 << 5) - 1) USER_ALIAS = (1 << 5),
USER_ALL = ((1 << 6) - 1)
} UserPrivileges; } UserPrivileges;
/** /**