aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authortkikuchi <>2005-11-30 02:14:41 +0000
committertkikuchi <>2005-11-30 02:14:41 +0000
commit0ed64f809db4b66380b095801dc5a406cce71e8f (patch)
tree26d11a185504f062d7d4f3d151f5d5f7820fbd5b
parent4e4294d6f742926bf7db40d91385a790f6afa01b (diff)
downloadmailman2-0ed64f809db4b66380b095801dc5a406cce71e8f.tar.gz
mailman2-0ed64f809db4b66380b095801dc5a406cce71e8f.tar.xz
mailman2-0ed64f809db4b66380b095801dc5a406cce71e8f.zip
As of 2.1.6, List admins can change user's option/subscription globally.
This is not good if list admin cannot be fully trusted. This patch disables the list admin's ability of changing the user option/subscription globally; changes are effective only within the list. Site admin can change globally if mm_cfg.ALLOW_SITE_ADMIN_COOKIES is set Yes.
-rw-r--r--Mailman/Cgi/options.py67
1 files changed, 56 insertions, 11 deletions
diff --git a/Mailman/Cgi/options.py b/Mailman/Cgi/options.py
index 0ebd7632..ed40e828 100644
--- a/Mailman/Cgi/options.py
+++ b/Mailman/Cgi/options.py
@@ -1,4 +1,4 @@
-# Copyright (C) 1998-2004 by the Free Software Foundation, Inc.
+# Copyright (C) 1998-2005 by the Free Software Foundation, Inc.
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
@@ -12,7 +12,8 @@
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+# USA.
"""Produce and handle the member options."""
@@ -218,10 +219,23 @@ def main():
print doc.Format()
return
- # Authenticate, possibly using the password supplied in the login page
+ # Get the password from the form.
password = cgidata.getvalue('password', '').strip()
- if not mlist.WebAuthenticate((mm_cfg.AuthUser,
- mm_cfg.AuthListAdmin,
+ # Check authentication. We need to know if the credentials match the user
+ # or the site admin, because they are the only ones who are allowed to
+ # change things globally. Specifically, the list admin may not change
+ # values globally.
+ if mm_cfg.ALLOW_SITE_ADMIN_COOKIES:
+ user_or_siteadmin_context = (mm_cfg.AuthUser, mm_cfg.AuthSiteAdmin)
+ else:
+ # Site and list admins are treated equal so that list admin can pass
+ # site admin test. :-(
+ user_or_siteadmin_context = (mm_cfg.AuthUser,)
+ is_user_or_siteadmin = mlist.WebAuthenticate(
+ user_or_siteadmin_context, password, user)
+ # Authenticate, possibly using the password supplied in the login page
+ if not is_user_or_siteadmin and \
+ not mlist.WebAuthenticate((mm_cfg.AuthListAdmin,
mm_cfg.AuthSiteAdmin),
password, user):
# Not authenticated, so throw up the login page again. If they tried
@@ -259,6 +273,13 @@ def main():
return
if cgidata.has_key('othersubs'):
+ # Only the user or site administrator can view all subscriptions.
+ if not is_user_or_siteadmin:
+ doc.addError(_("""The list administrator may not view the other
+ subscriptions for this user."""), _('Note: '))
+ options_page(mlist, doc, user, cpuser, userlang)
+ print doc.Format()
+ return
hostname = mlist.host_name
title = _('List subscriptions for %(safeuser)s on %(hostname)s')
doc.SetTitle(title)
@@ -291,9 +312,15 @@ def main():
oldname = mlist.getMemberName(user)
set_address = set_membername = 0
- # See if the user wants to change their email address globally
+ # See if the user wants to change their email address globally. The
+ # list admin is /not/ allowed to make global changes.
globally = cgidata.getvalue('changeaddr-globally')
-
+ if globally and not is_user_or_siteadmin:
+ doc.addError(_("""The list administrator may not change the names
+ or addresses for this user's other subscriptions. However, the
+ subscription for this mailing list has been changed."""),
+ _('Note: '))
+ globally = False
# We will change the member's name under the following conditions:
# - membername has a value
# - membername has no value, but they /used/ to have a membername
@@ -400,9 +427,19 @@ address. Upon confirmation, any other mailing list containing the address
print doc.Format()
return
- # See if the user wants to change their passwords globally
+ # See if the user wants to change their passwords globally, however
+ # the list admin is /not/ allowed to change passwords globally.
+ pw_globally = cgidata.getvalue('pw-globally')
+ if pw_globally and not is_user_or_siteadmin:
+ doc.addError(_("""The list administrator may not change the
+ password for this user's other subscriptions. However, the
+ password for this mailing list has been changed."""),
+ _('Note: '))
+ pw_globally = False
+
mlists = [mlist]
- if cgidata.getvalue('pw-globally'):
+
+ if pw_globally:
mlists.extend(lists_of_member(mlist, user))
for gmlist in mlists:
@@ -606,9 +643,17 @@ address. Upon confirmation, any other mailing list containing the address
globalopts.mime = newval
break
+ # Change options globally, but only if this is the user or site admin,
+ # /not/ if this is the list admin.
if globalopts:
- for gmlist in lists_of_member(mlist, user):
- global_options(gmlist, user, globalopts)
+ if not is_user_or_siteadmin:
+ doc.addError(_("""The list administrator may not change the
+ options for this user's other subscriptions. However the
+ options for this mailing list subscription has been
+ changed."""), _('Note: '))
+ else:
+ for gmlist in lists_of_member(mlist, user):
+ global_options(gmlist, user, globalopts)
# Now print the results
if cantdigest: