From c633575be565ec3c9c9a3cc4120f7eb85f55dc02 Mon Sep 17 00:00:00 2001 From: Joshua Charles Campbell Date: Thu, 16 Apr 2015 13:16:56 -0600 Subject: [PATCH 1/2] Implement basic settings to only allow some users to edit the wiki. --- Network/Gitit2.hs | 16 ++++++++-------- Network/Gitit2/Routes.hs | 3 +++ settings.yaml | 3 +++ src/Config.hs | 7 +++++++ src/gitit2.hs | 8 ++++++++ 5 files changed, 29 insertions(+), 8 deletions(-) diff --git a/Network/Gitit2.hs b/Network/Gitit2.hs index 1956f10..58c25d9 100644 --- a/Network/Gitit2.hs +++ b/Network/Gitit2.hs @@ -308,7 +308,7 @@ getRawR page = do getDeleteR :: HasGitit master => Page -> GH master Html getDeleteR page = do - requireUser + requireEditor fs <- filestore <$> getYesod path <- pathForPage page pageTest <- liftIO $ try $ latest fs path @@ -337,7 +337,7 @@ getDeleteR page = do postDeleteR :: HasGitit master => Page -> GH master Html postDeleteR page = do - user <- requireUser + user <- requireEditor fs <- filestore <$> getYesod mr <- getMessageRender fileToDelete <- lift $ runInputPost $ ireq textField "fileToDelete" @@ -654,7 +654,7 @@ searchResults patterns = do getEditR :: HasGitit master => Page -> GH master Html getEditR page = do - requireUser + requireEditor fs <- filestore <$> getYesod path <- pathForPage page mbcont <- getRawContents path Nothing @@ -670,7 +670,7 @@ getEditR page = do getRevertR :: HasGitit master => RevisionId -> Page -> GH master Html getRevertR rev page = do - requireUser + requireEditor path <- pathForPage page mbcont <- getRawContents path (Just rev) case mbcont of @@ -684,7 +684,7 @@ edit :: HasGitit master -> Page -> GH master Html edit revert txt mbrevid page = do - requireUser + requireEditor let contents = Textarea $ T.pack txt mr <- getMessageRender let comment = if revert @@ -733,7 +733,7 @@ postCreateR = update' Nothing update' :: HasGitit master => Maybe RevisionId -> Page -> GH master Html update' mbrevid page = do - user <- requireUser + user <- requireEditor ((result, widget), enctype) <- lift $ runFormPost $ editForm Nothing fs <- filestore <$> getYesod toMaster <- getRouteToParent @@ -1124,7 +1124,7 @@ setFilename fname = addHeader "Content-Disposition" getUploadR :: HasGitit master => GH master Html getUploadR = do - requireUser + requireEditor (form, enctype) <- lift $ generateFormPost $ uploadForm Nothing showUploadForm enctype form @@ -1185,7 +1185,7 @@ uploadForm mbupload = postUploadR :: HasGitit master => GH master Html postUploadR = do - user <- requireUser + user <- requireEditor ((result, widget), enctype) <- lift $ runFormPost $ uploadForm Nothing fs <- filestore <$> getYesod case result of diff --git a/Network/Gitit2/Routes.hs b/Network/Gitit2/Routes.hs index 65afed0..817c40d 100644 --- a/Network/Gitit2/Routes.hs +++ b/Network/Gitit2/Routes.hs @@ -39,6 +39,8 @@ class (Yesod master, RenderMessage master FormMessage, maybeUser :: GH master (Maybe GititUser) -- | Return user information or redirect to login page. requireUser :: GH master GititUser + -- | Return user information or redirect to login page. + requireEditor :: GH master GititUser -- | Gitit subsite page layout. makePage :: PageLayout -> WidgetT master IO () -> GH master Html -- | Plugins. @@ -69,6 +71,7 @@ data GititConfig = GititConfig{ , front_page :: Text -- ^ Front page of wiki , help_page :: Text -- ^ Help page , latex_engine :: Maybe FilePath -- ^ LaTeX engine to use for PDF export + , editors :: Maybe [Text] -- ^ Users allowed to actually edit } -- | Path to a wiki page. Page and page components can't begin with '_'. diff --git a/settings.yaml b/settings.yaml index c7b8df1..611cf98 100644 --- a/settings.yaml +++ b/settings.yaml @@ -14,3 +14,6 @@ front_page: Front Page help_page: Help max_upload_size: 1M latex_engine: xelatex +# editors is the list of user emails which are allowed to edit pages +# leave unset to allow anyone to edit +# editors: my.email@provider.com my.other.email@example.com diff --git a/src/Config.hs b/src/Config.hs index ee88ca6..0826eed 100644 --- a/src/Config.hs +++ b/src/Config.hs @@ -48,6 +48,7 @@ data Conf = Conf { cfg_port :: Int , cfg_help_page :: Text , cfg_max_upload_size :: String , cfg_latex_engine :: Maybe FilePath + , cfg_editors :: Maybe Text } data FoundationSettings = FoundationSettings { @@ -88,6 +89,7 @@ parseConfig os = Conf <*> os `parseElem` "help_page" .!= "Help" <*> os `parseElem` "max_upload_size" .!= "1M" <*> os `parseElem` "latex_engine" + <*> os `parseElem` "editors" -- | Ready collection of common mime types. (Copied from -- Happstack.Server.HTTP.FileServe.) @@ -139,6 +141,10 @@ gititConfigFromConf conf = do Just f -> return f Nothing -> err 11 $ "Unknown default format: " ++ T.unpack (cfg_default_format conf) + + editorEmails <- case cfg_editors conf of + Just emails -> return (Just (T.splitOn (T.pack " ") emails)) + Nothing -> return Nothing let gconfig = GititConfig{ mime_types = mimes , default_format = format @@ -154,5 +160,6 @@ gititConfigFromConf conf = do , front_page = cfg_front_page conf , help_page = cfg_help_page conf , latex_engine = cfg_latex_engine conf + , editors = editorEmails } return gconfig diff --git a/src/gitit2.hs b/src/gitit2.hs index d1531c8..7f07d7e 100644 --- a/src/gitit2.hs +++ b/src/gitit2.hs @@ -104,6 +104,14 @@ instance HasGitit Master where (T.unpack $ T.takeWhile (/='@') id') (T.unpack id') requireUser = maybe (fail "login required") return =<< maybeUser + requireEditor = do + user <- requireUser + conf <- config <$> getYesod + case (editors conf) of + Just emails -> case elem (T.pack (gititUserEmail user)) emails of + False -> fail "unauthorized" + True -> return user + Nothing -> return user makePage = makeDefaultPage getPlugins = return [] -- [samplePlugin] staticR = StaticR From 413c36a8b37331057f055ee5e239c4e6335eaf47 Mon Sep 17 00:00:00 2001 From: Freiric Barral Date: Sat, 18 Apr 2015 10:41:57 +0200 Subject: [PATCH 2/2] isEditor instead of requireEditor --- Network/Gitit2.hs | 11 ++++++++--- Network/Gitit2/Routes.hs | 2 +- src/gitit2.hs | 11 ++++------- 3 files changed, 13 insertions(+), 11 deletions(-) diff --git a/Network/Gitit2.hs b/Network/Gitit2.hs index 58c25d9..77b5529 100644 --- a/Network/Gitit2.hs +++ b/Network/Gitit2.hs @@ -1213,6 +1213,14 @@ postUploadR = do redirect $ ViewR page _ -> showUploadForm enctype widget +requireEditor :: HasGitit master => GH master GititUser +requireEditor = do + user <- requireUser + editorUser <- isEditor user + if editorUser + then return user + else fail "unauthorized" + ---------- -- Caching -- @@ -1399,6 +1407,3 @@ hGetLinesTill h end = do else do rest <- hGetLinesTill h end return (next:rest) - - - diff --git a/Network/Gitit2/Routes.hs b/Network/Gitit2/Routes.hs index 817c40d..ed34d3f 100644 --- a/Network/Gitit2/Routes.hs +++ b/Network/Gitit2/Routes.hs @@ -40,7 +40,7 @@ class (Yesod master, RenderMessage master FormMessage, -- | Return user information or redirect to login page. requireUser :: GH master GititUser -- | Return user information or redirect to login page. - requireEditor :: GH master GititUser + isEditor :: GititUser -> GH master Bool -- | Gitit subsite page layout. makePage :: PageLayout -> WidgetT master IO () -> GH master Html -- | Plugins. diff --git a/src/gitit2.hs b/src/gitit2.hs index 7f07d7e..6638d77 100644 --- a/src/gitit2.hs +++ b/src/gitit2.hs @@ -104,14 +104,11 @@ instance HasGitit Master where (T.unpack $ T.takeWhile (/='@') id') (T.unpack id') requireUser = maybe (fail "login required") return =<< maybeUser - requireEditor = do - user <- requireUser + isEditor user = do conf <- config <$> getYesod - case (editors conf) of - Just emails -> case elem (T.pack (gititUserEmail user)) emails of - False -> fail "unauthorized" - True -> return user - Nothing -> return user + return $ case editors conf of + Just emails -> T.pack (gititUserEmail user) `elem` emails + Nothing -> True makePage = makeDefaultPage getPlugins = return [] -- [samplePlugin] staticR = StaticR