From 190657ed71861114213d0bd8128bd157a69f17ff Mon Sep 17 00:00:00 2001
From: =?utf8?q?Paul=20H=C3=A4nsch?= <paul@plutz.net>
Date: Sun, 22 May 2022 13:05:47 +0200
Subject: [PATCH] move acl checks from theme to handlers

---
 handlers/10_page.sh     |  8 +++++++-
 handlers/20_account.sh  | 16 ++++++++++++----
 handlers/90_brackets.sh |  8 +++++++-
 3 files changed, 26 insertions(+), 6 deletions(-)

diff --git a/handlers/10_page.sh b/handlers/10_page.sh
index 0ebc2d0..99b79a4 100755
--- a/handlers/10_page.sh
+++ b/handlers/10_page.sh
@@ -53,7 +53,13 @@ case "${PATH_INFO}" in
     return 1
     ;;
   */)
-    theme_page "${PATH_INFO}"
+    if [ ! "$(mdfile "$page")" ]; then
+      theme_error 404
+    elif ! acl_read "$page"; then
+      theme_error 403
+    else
+      theme_page "${PATH_INFO}"
+    fi
     return 0
     ;;
 esac
diff --git a/handlers/20_account.sh b/handlers/20_account.sh
index 73edb0f..c4982fd 100755
--- a/handlers/20_account.sh
+++ b/handlers/20_account.sh
@@ -2,19 +2,27 @@
 
 case "${PATH_INFO}" in
   */"[login]")
-    theme_page "/[wiki]/login/"
+    acl_read "/wiki/login/" \
+    && theme_page "/[wiki]/login/" \
+    || theme_error 403
     return 0
     ;;
   */"[register]")
-    theme_page "/[wiki]/register/"
+    acl_read "/wiki/register/" \
+    && theme_page "/[wiki]/register/" \
+    || theme_error 403
     return 0
     ;;
   */"[invite]")
-    theme_page "/[wiki]/invite/"
+    acl_read "/wiki/invite/" \
+    && theme_page "/[wiki]/invite/" \
+    || theme_error 403
     return 0
     ;;
   */"[settings]")
-    theme_page "/[wiki]/settings/"
+    acl_read "/wiki/settings/" \
+    && theme_page "/[wiki]/settings/" \
+    || theme_error 403
     return 0
     ;;
 esac
diff --git a/handlers/90_brackets.sh b/handlers/90_brackets.sh
index b6b2538..f509294 100755
--- a/handlers/90_brackets.sh
+++ b/handlers/90_brackets.sh
@@ -5,7 +5,13 @@
 
 case "${PATH_INFO}" in
   */\[*\]/*)
-    theme_page "${PATH_INFO}"
+    if [ ! "$(mdfile "${PATH_INFO}")" ]; then
+      theme_error 404
+    elif ! acl_read "${PATH_INFO}"; then
+      theme_error 403
+    else
+      theme_page "${PATH_INFO}"
+    fi
     return 0
     ;;
 esac
-- 
2.39.2