From d41377983e9a3f6f29db078d4a5fe3f4ba5f154b Mon Sep 17 00:00:00 2001 From: Jamie Cameron Date: Sat, 16 May 2026 12:16:29 -0700 Subject: [PATCH] Move the option that controls if a user can accept RPC calls out of the global ACL and into a more findable location in the Edit User page --- acl/edit_user.cgi | 16 ++++++++++++++-- acl/save_user.cgi | 4 +++- acl_security.pl | 8 -------- 3 files changed, 17 insertions(+), 11 deletions(-) diff --git a/acl/edit_user.cgi b/acl/edit_user.cgi index 7f840f8a5..66a87a086 100755 --- a/acl/edit_user.cgi +++ b/acl/edit_user.cgi @@ -42,6 +42,11 @@ else { : $text{'edit_title2'}, ""); } my $me = &get_user($base_remote_user); +my %uaccess = &get_module_acl($in{'user'} || "", "", 1); +if (!$in{'user'} && $uaccess{'rpc'} == 2) { + # Don't offer the confusing 'root' or 'admin' RPC option by default + $uaccess{'rpc'} = 0; + } # Give up if readonly if ($user{'readonly'} && !$in{'readwrite'}) { @@ -363,6 +368,15 @@ elsif ($miniserv{'twofactor_provider'}) { &ui_submit($text{'edit_twofactoradd'}, "twofactor")); } +# Can accept RPC calls? +if ($access{'acl'} && !$safe) { + print &ui_table_row($text{'acl_rpc'}, + &ui_radio("rpc", int($uaccess{'rpc'}), + [ [ 1, $text{'acl_rpc1'} ], + $uaccess{'rpc'} == 2 ? ( [ 2, $text{'acl_rpc2'} ] ) : ( ), + [ 0, $text{'acl_rpc0'} ] ])); + } + print &ui_hidden_table_end("security"); # Work out which modules can be selected @@ -445,8 +459,6 @@ my $groupglobal = $memg && -r "$config_directory/$memg->{'name'}.acl"; if ($access{'acl'} && !$groupglobal && !$safe) { print &ui_hidden_table_start($text{'edit_global'}, "width=100%", 2, "global", 0, [ "width=30%" ]); - my %uaccess; - %uaccess = &get_module_acl($in{'user'} || "", "", 1); print &ui_hidden("acl_security_form", 1); &foreign_require("", "acl_security.pl"); &foreign_call("", "acl_security_form", \%uaccess); diff --git a/acl/save_user.cgi b/acl/save_user.cgi index 62de632c7..6fdb23ebe 100755 --- a/acl/save_user.cgi +++ b/acl/save_user.cgi @@ -370,10 +370,12 @@ else { my $aclfile = "$config_directory/$in{'name'}.acl"; if ($in{'acl_security_form'} && !$newgroup && !$in{'safe'}) { - # Update user's global ACL + # Update user's global ACL, and merge in RPC setting which has + # been moved out of this form &foreign_require("", "acl_security.pl"); my %uaccess; &foreign_call("", "acl_security_save", \%uaccess, \%in); + $uaccess{'rpc'} = $in{'rpc'}; &lock_file($aclfile); &save_module_acl(\%uaccess, $in{'name'}, "", 1); &set_ownership_permissions(undef, undef, 0640, $aclfile); diff --git a/acl_security.pl b/acl_security.pl index 0dda36b27..f02398df5 100755 --- a/acl_security.pl +++ b/acl_security.pl @@ -77,13 +77,6 @@ print &ui_table_row($text{'acl_gedit'}, print &ui_table_hr(); -# Can accept RPC calls? -print &ui_table_row($text{'acl_rpc'}, - &ui_radio("rpc", int($o->{'rpc'}), - [ [ 1, $text{'acl_rpc1'} ], - $o->{'rpc'} == 2 ? ( [ 2, $text{'acl_rpc2'} ] ) : ( ), - [ 0, $text{'acl_rpc0'} ] ])); - # Get new permissions? print &ui_table_row($text{'acl_negative'}, &ui_radio("negative", int($o->{'negative'}), @@ -122,7 +115,6 @@ $o->{'gedit'} = $in{'gedit_mode'} == 2 ? $in{'gedit_can'} : $in{'gedit_mode'} == 3 ? $in{'gedit_cannot'} : $in{'gedit_mode'} == 4 ? $in{'gedit_gid'} : ""; $o->{'gedit2'} = $in{'gedit_mode'} == 4 ? $in{'gedit_gid2'} : undef; -$o->{'rpc'} = $in{'rpc'}; $o->{'negative'} = $in{'negative'}; $o->{'readonly'} = $in{'readonly'}; $o->{'fileunix'} = $in{'fileunix_def'} ? undef : $in{'fileunix'};