Skip to content

Commit

Permalink
logs: implemented simpler access control for message logs
Browse files Browse the repository at this point in the history 
by default this is members only.
  • Loading branch information
jonas747 committed Apr 20, 2021
1 parent 0d089c2 commit 3318690
Show file tree
Hide file tree
Showing 3 changed files with 40 additions and 21 deletions.
40 changes: 25 additions & 15 deletions logs/assets/logs_control_panel.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,45 +17,55 @@ <h2 class="card-title">General settings</h2>
<form role="form" method="post" data-async-form data-async-form-alertsonly>
<div class="row">
<div class="col-lg-4 col-md-6">
{{checkbox "UsernameLoggingEnabled" "UsernameLoggingEnabled" "Enable username logging" .Config.UsernameLoggingEnabled.Bool}}
{{checkbox "UsernameLoggingEnabled" "UsernameLoggingEnabled" "Enable username logging"
.Config.UsernameLoggingEnabled.Bool}}
<p>
<div class="bs-callout bs-callout-info"><b>Note:</b> If users are on another server
with the bot on with this enabled, then their usernames will be logged even if
you disable it on your server.<br /></div>
<div class="bs-callout bs-callout-info"><b>Note:</b> If users are on another server
with the bot on with this enabled, then their usernames will be logged even if
you disable it on your server.<br /></div>
</p>

{{checkbox "NicknameLoggingEnabled" "NicknameLoggingEnabled" "Enable nickname logging" .Config.NicknameLoggingEnabled.Bool}}
{{checkbox "NicknameLoggingEnabled" "NicknameLoggingEnabled" "Enable nickname logging"
.Config.NicknameLoggingEnabled.Bool}}
<p>
You can check a users past usernames and nicknames with the commands <code>whois</code>
<code>usernames</code> and <code>nicknames</code>
</p>
<hr />
</div>
<div class="col-lg-4 col-md-6">
{{checkbox "ManageMessagesCanViewDeleted" "ManageMessagesCanViewDeleted" "Allow members with <code>Manage Messages</code> permissions to view deleted messages" .Config.ManageMessagesCanViewDeleted.Bool}}
{{checkbox "EveryoneCanViewDeleted" "EveryoneCanViewDeleted" "Allow everyone to view deleted messages" .Config.EveryoneCanViewDeleted.Bool}}
{{checkbox "ManageMessagesCanViewDeleted" "ManageMessagesCanViewDeleted"
"Allow members with <code>Manage Messages</code> permissions to view deleted messages"
.Config.ManageMessagesCanViewDeleted.Bool}}
{{checkbox "EveryoneCanViewDeleted" "EveryoneCanViewDeleted"
"Allow everyone to view deletedmessages" .Config.EveryoneCanViewDeleted.Bool}}
<hr />
</div>
<div class="col-lg-4 col-md 12">
<div class="form-group">
<label>Blacklist channels from message logs</label><br />
<select class="multiselect" id="blacklist-channels" name="BlacklistedChannels"
multiple="multiple" data-plugin-multiselect>
{{textChannelOptionsMulti .ActiveGuild.Channels .ConfBlacklistedChannels}}
</select>
</div>
</div>
<div class="col-lg-4 col-md 12">

<div class="form-group">
<label>Restrict message log access</label><br>
<p><b>Access control</b></p>
<label>Mode</label><br>
<select name="AccessMode" class="multiselect form-control"
id="blacklisted-roles-receive">
<option value="0" {{if eq .Config.AccessMode 0}} selected{{end}}>Members can view
message logs</option>
<option value="1" {{if eq .Config.AccessMode 1}} selected{{end}}>Everyone can view
message logs</option>
</select>
<label>Roles</label><br>
<select name="MessageLogsAllowedRoles" class="multiselect form-control"
multiple="multiple" id="blacklisted-roles-receive" data-plugin-multiselect
data-placeholder="Everyone">
{{roleOptionsMulti .ActiveGuild.Roles nil .Config.MessageLogsAllowedRoles}}
</select>
<p class="help-block">If none are set, everyone will be able to access message logs
(including users not logged in at all), otherwise access is restricted to only the
specified roles. Note: people with access to the control panel will always have
access to logs.</p>
<hr />
</div>
</div>
</div>
Expand Down
5 changes: 5 additions & 0 deletions logs/logs.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -270,3 +270,8 @@ func GetNicknames(ctx context.Context, userID, guildID int64, limit, offset int)
qm.Limit(limit),
qm.Offset(offset)).AllG(ctx)
}

const (
AccessModeMembers = 0
AccessModeEveryone = 1
)
16 changes: 10 additions & 6 deletions logs/web.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,7 @@ type ConfigFormData struct {
NicknameLoggingEnabled bool
ManageMessagesCanViewDeleted bool
EveryoneCanViewDeleted bool
AccessMode int
BlacklistedChannels []string
MessageLogsAllowedRoles []int64
}
Expand Down Expand Up @@ -159,6 +160,7 @@ func HandleLogsCPSaveGeneral(w http.ResponseWriter, r *http.Request) (web.Templa
EveryoneCanViewDeleted: null.BoolFrom(form.EveryoneCanViewDeleted),
ManageMessagesCanViewDeleted: null.BoolFrom(form.ManageMessagesCanViewDeleted),
MessageLogsAllowedRoles: form.MessageLogsAllowedRoles,
AccessMode: int16(form.AccessMode),
}

err := config.UpsertG(ctx, true, []string{"guild_id"}, boil.Infer(), boil.Infer())
Expand Down Expand Up @@ -201,19 +203,21 @@ func CheckCanAccessLogs(w http.ResponseWriter, r *http.Request, config *models.G
isAdmin, _ := web.IsAdminRequest(r.Context(), r)

// check if were allowed access to logs on this server
if isAdmin || len(config.MessageLogsAllowedRoles) < 1 {
if isAdmin || config.AccessMode == AccessModeEveryone {
return true
}

member := web.ContextMember(r.Context())
if member == nil {
tmpl.AddAlerts(web.ErrorAlert("This server has restricted log access to certain roles, either you're not logged in or not on this server."))
tmpl.AddAlerts(web.ErrorAlert("This server has restricted log access to members only."))
return false
}

if !common.ContainsInt64SliceOneOf(member.Roles, config.MessageLogsAllowedRoles) {
tmpl.AddAlerts(web.ErrorAlert("This server has restricted log access to certain roles, you don't have any of them."))
return false
if len(config.MessageLogsAllowedRoles) > 0 {
if !common.ContainsInt64SliceOneOf(member.Roles, config.MessageLogsAllowedRoles) {
tmpl.AddAlerts(web.ErrorAlert("This server has restricted log access to certain roles, you don't have any of them."))
return false
}
}

return true
Expand Down Expand Up @@ -302,7 +306,7 @@ func HandleLogsHTML(w http.ResponseWriter, r *http.Request) interface{} {
// Convert into views with formatted dates and colors
const TimeFormat = "2006 Jan 02 15:04"
messageViews := make([]*MessageView, len(messages))
for i, _ := range messageViews {
for i := range messageViews {
m := messages[i]
v := &MessageView{
Model: m,
Expand Down

0 comments on commit 3318690

Please sign in to comment.