move acl checks from theme to handlers

author Paul Hänsch <paul@plutz.net>

Sun, 22 May 2022 11:05:47 +0000 (13:05 +0200)

committer Paul Hänsch <paul@plutz.net>

Sun, 22 May 2022 11:05:47 +0000 (13:05 +0200)
author Paul Hänsch <paul@plutz.net>
Sun, 22 May 2022 11:05:47 +0000 (13:05 +0200)
committer Paul Hänsch <paul@plutz.net>
Sun, 22 May 2022 11:05:47 +0000 (13:05 +0200)
diff --git a/handlers/10_page.sh b/handlers/10_page.sh

index 0ebc2d028737979a84213bcdb89d54708eb7c583..99b79a43e8c70c5beabbf4b6d38882d96378aac7 100755 (executable)
--- a/handlers/10_page.sh
+++ b/handlers/10_page.sh
@@ -53,7 +53,13 @@ case "${PATH_INFO}" in
      return 1
      ;;
    */)
-    theme_page "${PATH_INFO}"
+    if [ ! "$(mdfile "$page")" ]; then
+      theme_error 404
+    elif ! acl_read "$page"; then
+      theme_error 403
+    else
+      theme_page "${PATH_INFO}"
+    fi
      return 0
      ;;
  esac
diff --git a/handlers/20_account.sh b/handlers/20_account.sh

index 73edb0ff608e38a573923a9b4c2150dd51e7c7c5..c4982fdf97b1538c57930eaab93cf52cfb735fbe 100755 (executable)
--- a/handlers/20_account.sh
+++ b/handlers/20_account.sh
@@ -2,19 +2,27 @@
  
  case "${PATH_INFO}" in
    */"[login]")
-    theme_page "/[wiki]/login/"
+    acl_read "/wiki/login/" \
+    && theme_page "/[wiki]/login/" \
+    || theme_error 403
      return 0
      ;;
    */"[register]")
-    theme_page "/[wiki]/register/"
+    acl_read "/wiki/register/" \
+    && theme_page "/[wiki]/register/" \
+    || theme_error 403
      return 0
      ;;
    */"[invite]")
-    theme_page "/[wiki]/invite/"
+    acl_read "/wiki/invite/" \
+    && theme_page "/[wiki]/invite/" \
+    || theme_error 403
      return 0
      ;;
    */"[settings]")
-    theme_page "/[wiki]/settings/"
+    acl_read "/wiki/settings/" \
+    && theme_page "/[wiki]/settings/" \
+    || theme_error 403
      return 0
      ;;
  esac
diff --git a/handlers/90_brackets.sh b/handlers/90_brackets.sh

index b6b25383f32b4d58e000ac110e3cb0d0b45b64e5..f509294c69f470217dc7adc32a8d6844bc7da45e 100755 (executable)
--- a/handlers/90_brackets.sh
+++ b/handlers/90_brackets.sh
@@ -5,7 +5,13 @@
  
  case "${PATH_INFO}" in
    */\[*\]/*)
-    theme_page "${PATH_INFO}"
+    if [ ! "$(mdfile "${PATH_INFO}")" ]; then
+      theme_error 404
+    elif ! acl_read "${PATH_INFO}"; then
+      theme_error 403
+    else
+      theme_page "${PATH_INFO}"
+    fi
      return 0
      ;;
  esac
author	Paul Hänsch <paul@plutz.net>
	Sun, 22 May 2022 11:05:47 +0000 (13:05 +0200)
committer	Paul Hänsch <paul@plutz.net>
	Sun, 22 May 2022 11:05:47 +0000 (13:05 +0200)
handlers/10_page.sh		patch \| blob \| history
handlers/20_account.sh		patch \| blob \| history
handlers/90_brackets.sh		patch \| blob \| history