From: Matthew Jordan Date: Sun, 24 Feb 2013 16:27:47 +0000 (+0000) Subject: Don't display the AMI ALL class authorization for users if they don't have it X-Git-Tag: 13.0.0-beta1~2067 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=182098ba9665b2ad70f6a8312ebaa0a60a380e6e;p=thirdparty%2Fasterisk.git Don't display the AMI ALL class authorization for users if they don't have it When converting AMI class authorizations to a string representation, the method always appends the ALL class authorization. This is especially important for events, as they should always communicate that class authorization - even if the event itself does not specify ALL as a class authorization for itself. (Events have always assumed that the ALL class authorization is implied when they are raised) Unfortunately, this did mean that specifying a user with restricted class authorizations would show up in the 'manager show user' CLI command as having the ALL class authorization. Rather then modifying the existing string manipulation function, this patch adds a function that will only return a string if the field being compared explicitly matches class authorization field it is being compared against. This prevents ALL from being returned unless it is actually specified for the user. (closes issue ASTERISK-20397) Reported by: Johan Wilfer ........ Merged revisions 381939 from http://svn.asterisk.org/svn/asterisk/branches/1.8 ........ Merged revisions 381943 from http://svn.asterisk.org/svn/asterisk/branches/11 git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@381949 65c4cc65-6c06-0410-ace0-fbb531ad65f3 --- diff --git a/main/manager.c b/main/manager.c index 2c6751776b..fc0ec26311 100644 --- a/main/manager.c +++ b/main/manager.c @@ -1357,7 +1357,30 @@ static int function_capable_string_allowed_with_auths(const char *evaluating, in return 1; } -/*! \brief Convert authority code to a list of options */ +/*! \brief Convert authority code to a list of options for a user. This will only + * display those authority codes that have an explicit match on authority */ +static const char *user_authority_to_str(int authority, struct ast_str **res) +{ + int i; + char *sep = ""; + + ast_str_reset(*res); + for (i = 0; i < ARRAY_LEN(perms) - 1; i++) { + if ((authority & perms[i].num) == perms[i].num) { + ast_str_append(res, 0, "%s%s", sep, perms[i].label); + sep = ","; + } + } + + if (ast_str_strlen(*res) == 0) /* replace empty string with something sensible */ + ast_str_append(res, 0, ""); + + return ast_str_buffer(*res); +} + + +/*! \brief Convert authority code to a list of options. Note that the EVENT_FLAG_ALL + * authority will always be returned. */ static const char *authority_to_str(int authority, struct ast_str **res) { int i; @@ -1756,8 +1779,8 @@ static char *handle_showmanager(struct ast_cli_entry *e, int cmd, struct ast_cli (user->username ? user->username : "(N/A)"), (user->secret ? "" : "(N/A)"), ((user->acl && !ast_acl_list_is_empty(user->acl)) ? "yes" : "no"), - authority_to_str(user->readperm, &rauthority), - authority_to_str(user->writeperm, &wauthority), + user_authority_to_str(user->readperm, &rauthority), + user_authority_to_str(user->writeperm, &wauthority), (user->displayconnects ? "yes" : "no")); ast_cli(a->fd, " Variables: \n"); for (v = user->chanvars ; v ; v = v->next) {