1
0
mirror of https://github.com/anope/anope.git synced 2026-07-01 15:46:37 +02:00

Only allow using os_oper add and del if you have the privileges for what

you are giving or taking.
This commit is contained in:
Adam
2013-09-13 04:48:24 -04:00
parent 5aac6377c2
commit b60b23fd48
2 changed files with 31 additions and 7 deletions
+1 -1
View File
@@ -864,7 +864,7 @@ opertype
inherits = "Helper, Another Helper"
/* What commands (see above) this opertype may use */
commands = "chanserv/list chanserv/suspend chanserv/topic memoserv/staff nickserv/list nickserv/resetpass nickserv/suspend operserv/mode operserv/chankill operserv/akill operserv/session operserv/modinfo operserv/sqline operserv/kick operserv/ignore operserv/snline"
commands = "chanserv/list chanserv/suspend chanserv/topic memoserv/staff nickserv/list nickserv/resetpass nickserv/suspend operserv/mode operserv/chankill operserv/akill operserv/session operserv/modinfo operserv/sqline operserv/oper operserv/kick operserv/ignore operserv/snline"
/* What privs (see above) this opertype has */
privs = "chanserv/auspex chanserv/no-register-limit memoserv/* nickserv/auspex nickserv/confirm"
+30 -6
View File
@@ -48,6 +48,21 @@ struct MyOper : Oper, Serializable
class CommandOSOper : public Command
{
bool HasPrivs(CommandSource &source, OperType *ot) const
{
std::list<Anope::string> commands = ot->GetCommands(), privs = ot->GetPrivs();
for (std::list<Anope::string>::iterator it = commands.begin(); it != commands.end(); ++it)
if (!source.HasCommand(*it))
return false;
for (std::list<Anope::string>::iterator it = privs.begin(); it != privs.end(); ++it)
if (!source.HasPriv(*it))
return false;
return true;
}
public:
CommandOSOper(Module *creator) : Command(creator, "operserv/oper", 1, 3)
{
@@ -76,14 +91,21 @@ class CommandOSOper : public Command
{
OperType *ot = OperType::Find(otype);
if (ot == NULL)
source.Reply(_("Oper type \002%s\002 has not been configured."), otype.c_str());
else
{
na->nc->o = new MyOper(na->nc->display, ot);
Log(LOG_ADMIN, source, this) << "ADD " << na->nick << " as type " << ot->GetName();
source.Reply("%s (%s) added to the \002%s\002 list.", na->nick.c_str(), na->nc->display.c_str(), ot->GetName().c_str());
source.Reply(_("Oper type \002%s\002 has not been configured."), otype.c_str());
return;
}
if (!HasPrivs(source, ot))
{
source.Reply(ACCESS_DENIED);
return;
}
na->nc->o = new MyOper(na->nc->display, ot);
Log(LOG_ADMIN, source, this) << "ADD " << na->nick << " as type " << ot->GetName();
source.Reply("%s (%s) added to the \002%s\002 list.", na->nick.c_str(), na->nc->display.c_str(), ot->GetName().c_str());
}
}
else if (subcommand.equals_ci("DEL") && params.size() > 1)
@@ -95,6 +117,8 @@ class CommandOSOper : public Command
source.Reply(NICK_X_NOT_REGISTERED, oper.c_str());
else if (!na->nc || !na->nc->o)
source.Reply(_("Nick \002%s\002 is not a Services Operator."), oper.c_str());
else if (!HasPrivs(source, na->nc->o->ot))
source.Reply(ACCESS_DENIED);
else
{
delete na->nc->o;