Add ACL option for own logs only

2019-12-07 07:56:10 -08:00 · 2019-12-07 07:56:10 -08:00 · f6b554a247
commit f6b554a247
parent ef37f01d6b
4 changed files with 28 additions and 10 deletions
--- a/5
+++ b/5
@ -0,0 +1,5 @@
+root=
+fileunix=
+feedback=0
+rpc=0
+negative=0
--- a/webminlog/acl_security.pl
+++ b/webminlog/acl_security.pl
@ -6,13 +6,15 @@ do 'webminlog-lib.pl';
 # Output HTML for editing security options for the acl module
 sub acl_security_form
 {
+my ($o) = @_;
+
 # Allowed modules
 print &ui_table_row($text{'acl_mods'},
-	&ui_radio("mods_def", $_[0]->{'mods'} eq "*" ? 1 : 0,
+	&ui_radio("mods_def", $o->{'mods'} eq "*" ? 1 : 0,
 		  [ [ 1, $text{'acl_all'} ],
                    [ 0, $text{'acl_sel'} ] ])."<br>\n".
 	&ui_select("mods",
-		   [ split(/\s+/, $_[0]->{'mods'}) ],
+		   [ split(/\s+/, $o->{'mods'}) ],
 		   [ map { [ $_->{'dir'}, $_->{'desc'} ] }
 			 &get_all_module_infos() ],
 		   10, 1),
@ -20,26 +22,31 @@ print &ui_table_row($text{'acl_mods'},

 # Allowed users
 print &ui_table_row($text{'acl_users'},
-	&ui_radio("users_def", $_[0]->{'users'} eq "*" ? 1 : 0,
+	&ui_radio("users_def", $o->{'users'} eq "*" ? 1
+			       $o->{'users'} eq "~" ? 2 : 0,
 		  [ [ 1, $text{'acl_all'} ],
+		    [ 2, $text{'acl_self'} ],
 		    [ 0, $text{'acl_sel'} ] ])."<br>\n".
 	&ui_select("users",
-		   [ split(/\s+/, $_[0]->{'users'}) ],
+		   [ split(/\s+/, $o->{'users'}) ],
 		   [ map { $_->{'name'} } &acl::list_users() ],
 		   10, 1),
 	3);

 # Rollback
 print &ui_table_row($text{'acl_rollback'},
-	&ui_yesno_radio("rollback", $_[0]->{'rollback'}));
+	&ui_yesno_radio("rollback", $o->{'rollback'}));
 }

 # acl_security_save(&options)
 # Parse the form for security options for the acl module
 sub acl_security_save
 {
-$_[0]->{'mods'} = $in{'mods_def'} ? "*" : join(" ", split(/\0/, $in{'mods'}));
-$_[0]->{'users'} = $in{'users_def'} ? "*" : join(" ", split(/\0/,$in{'users'}));
-$_[0]->{'rollback'} = $in{'rollback'};
+my ($o) = @_;
+$o->{'mods'} = $in{'mods_def'} ? "*" : join(" ", split(/\0/, $in{'mods'}));
+$o->{'users'} = $in{'users_def'} == 1 ? "*" :
+		$in{'users_def'} == 2 ? "~" :
+			join(" ", split(/\0/,$in{'users'}));
+$o->{'rollback'} = $in{'rollback'};
 }

--- a/webminlog/safeacl
+++ b/webminlog/safeacl
@ -0,0 +1,2 @@
+rollback=0
+users=~
--- a/webminlog/webminlog-lib.pl
+++ b/webminlog/webminlog-lib.pl
@ -315,7 +315,10 @@ Returns 1 if the current Webmin user can view log entries for the given user.
 =cut
 sub can_user
 {
-return $access_users{'*'} || $access_users{$_[0]};
+my ($user) = @_;
+return $access_users{'*'} ||
+       $access_users{'~'} && $user eq $remote_user ||
+       $access_users{$user};
 }

 =head2 can_mod(module)
@ -325,7 +328,8 @@ Returns 1 if the current Webmin user can view log entries for the given module.
 =cut
 sub can_mod
 {
-return $access_mods{'*'} || $access_mods{$_[0]};
+my ($mod) = @_;
+return $access_mods{'*'} || $access_mods{$mod};
 }

 =head2 get_action(id)