Add permissions checks for spam_noticer ui

2023-09-07 20:22:10 +00:00 · 2023-09-07 20:22:10 +00:00 · 3fa80c6e39
parent 37ac429d60
commit 3fa80c6e39
5 changed files with 16 additions and 6 deletions
--- a/auth-proxy.php
+++ b/auth-proxy.php
@ -48,7 +48,7 @@ function proxy() {
 }

 function main() {
-    global $mod;
+    global $mod, $config;

    check_login(true);

@ -61,7 +61,12 @@ function main() {
        exit;
    }

-    #echo json_encode($mod);
+    if (!hasPermission($config['mod']['spam_noticer'])) {
+        header("HTTP/1.1 403 Forbidden");
+        echo "You do not have sufficient privileges.";
+        exit;
+    }
+
    proxy();
 }

--- a/inc/config.php
+++ b/inc/config.php
@ -1623,6 +1623,8 @@
    // Allow searching posts (can be used with board configuration file to disallow searching through a
    // certain board)
    $config['mod']['search_posts'] = JANITOR;
+    // Access SpamNoticer UI
+    $config['mod']['spam_noticer'] = MOD;
    // Read the moderator noticeboard
    $config['mod']['noticeboard'] = JANITOR;
    // Post to the moderator noticeboard
--- a/inc/instance-config.php
+++ b/inc/instance-config.php
@ -107,6 +107,7 @@ $config['thread_subject_in_title'] = true;
 $config['spam']['enabled'] = true;
 $config['spam_noticer']['enabled'] = true;
 $config['spam_noticer']['base_url'] = 'http://localhost:8300';
+$config['spam_noticer']['ui_url'] = 'https://dev-spamnoticer.leftychan.net/static/index.html';
 $config['spam_noticer']['website_name'] = "leftychan_dev";

 /*
--- a/inc/spamnoticer.php
+++ b/inc/spamnoticer.php
@ -192,10 +192,14 @@ function checkWithSpamNoticer($config, $post, $boardname) {

        $status_code = $response->getStatusCode();

+        print_err("spamnoticer status code: " . $status_code);
+        print_err("spamnoticer response body: " . $response->getBody());
+
        if ($status_code >= 200 && $status_code < 300) {
            $result->succeeded = true;
            $result->result_json = json_decode($response->getBody(), true);
            $result->noticed = $result->result_json['noticed'] == true;
+
            if ($result->noticed) {
                $result->reason = (string) $response->getBody();
            }
@ -205,8 +209,6 @@ function checkWithSpamNoticer($config, $post, $boardname) {

        $result->client = $client;

-        print_err($response->getBody());
-
        return $result;
    } catch (GuzzleHttp\Exception\ConnectException $e) {
        $result->reason = $e->getMessage();
--- a/templates/mod/dashboard.html
+++ b/templates/mod/dashboard.html
@ -75,9 +75,9 @@

 {% endif %}

-{% if config.spam_noticer.enabled %}
+{% if (config.spam_noticer.enabled) and (mod|hasPermission(config.mod.spam_noticer)) %}
    <li>
-        <a href="{{ config.spam_noticer.base_url }}/static/index.html">
+        <a href="{{ config.spam_noticer.ui_url }}">
            SpamNoticer
        </a>
    </li>