MINOR: cli: create new function cli_has_level() to validate permissions

This function is used to check that the CLI features the appropriate
level of permissions or to prepare the adequate error message.

diff --git a/include/proto/cli.h b/include/proto/cli.h
index 25c2ee0226f18a3d4a64954f16401f2eb9f98ae1..d5feb862adf3171e9e6b45f2035e01538abdc75a 100644 (file)
--- a/include/proto/cli.h
+++ b/include/proto/cli.h
@@ -27,5 +27,7 @@
 struct cli_kw* cli_find_kw(char **args);
 void cli_register_kw(struct cli_kw_list *kw_list);
 
+int cli_has_level(struct appctx *appctx, int level);
+
 #endif /* _PROTO_CLI_H */
 

diff --git a/src/cli.c b/src/cli.c
index c00fc865d2284def65f733025bab04a4ef45302f..0a6a68dc11ab5a7a685d46f449684635c188f7c9 100644 (file)
--- a/src/cli.c
+++ b/src/cli.c
@@ -472,6 +472,24 @@ static int stats_parse_global(char **args, int section_type, struct proxy *curpx
        return 0;
 }
 
+/* Verifies that the CLI at least has a level at least as high as <level>
+ * (typically ACCESS_LVL_ADMIN). Returns 1 if OK, otherwise 0. In case of
+ * failure, an error message is prepared and the appctx's state is adjusted
+ * to print it so that a return 1 is enough to abort any processing.
+ */
+int cli_has_level(struct appctx *appctx, int level)
+{
+       struct stream_interface *si = appctx->owner;
+       struct stream *s = si_strm(si);
+
+       if (strm_li(s)->bind_conf->level < level) {
+               appctx->ctx.cli.msg = stats_permission_denied_msg;
+               appctx->st0 = STAT_CLI_PRINT;
+               return 0;
+       }
+       return 1;
+}
+
 
 /* print a string of text buffer to <out>. The format is :
  * Non-printable chars \t, \n, \r and \e are * encoded in C format.