package Newslash::Plugin::AccessControl;
use Mojo::Base 'Mojolicious::Plugin';
use Mojo::Util qw(md5_sum dumper);
-
+use List::Util qw(any);
use Socket;
sub register {
$app->hook(around_action => sub {
my ($next, $c, $action, $last) = @_;
+ my $user = $c->stash('user');
+ my $conf = $c->app->config || {};
+ my $acl_conf = $conf->{ACL} || {};
+ my $the_url = $c->url_for;
+
+ if (any { $the_url =~ m/$_/ } @{$acl_conf->{exclude}}) {
+ return $next->();
+ }
+
+ # check banned
+ if (!$user->{is_admin} && !$user->{permissions}->{access}) {
+ $c->redirect_to('/banned');
+ $c->res->code(307);
+ return;
+ }
+
+ # check seclev
my $page_seclev = $c->stash('seclev') || 0;
return $next->() if $page_seclev == 0;
- my $user = $c->stash('user');
my $user_seclev = $user->{seclev} || 0;
if ($user_seclev < $page_seclev) {
$c->rendered(403);
return;
}
+
return $next->();
});
}
$user = $c->cache->get('anonymous_user');
if (!$user) {
$user = $c->model('users')->anonymous_user;
+ $user->{permissions} = $c->model('users')->get_permissions_of($user) || {};
my $expire = 300; # expire time is 300 sec (5 min)
$c->cache->set('anonymous_user', $user, $expire);
}
$user->{configJSON} = to_json($new_cfg);
}
+ # add permissions
+ $user->{permissions} = $users->get_permissions_of($user) || {};
+
# set user relations
$user->{relations} = $c->model('relations')->hash($user->{uid});
$r->get('/comments')->to('index#comments');
$r->get('/submissions')->to('index#submissions');
+ # Banned page
+ $r->get('/banned')->to('index#banned', noindex => 1);
+
# archive page
$r->get('/story/:year/:month/:day/' => [year => qr/[0-9]{2}/,
month => qr/[0-9]{2}/,
$c->render(template => 'index/root', stories => $stories);
}
+sub banned {
+ my $c = shift;
+ my $user = $c->stash('user');
+ if($user->{permissions}->{access}) {
+ $c->redirect_to('/');
+ $c->res->code(307);
+ return;
+ }
+ $c->render();
+}
+
1;
--- /dev/null
+[% WRAPPER common/layout enable_sidebar=1 %]
+
+<div class="app-frame sidebar=0 banned">
+ <h3>You are banned.</h3>
+ <div>
+ <p>あなたが使用しているアカウントもしくはネットワークからのアクセスは禁止されています。</p>
+ <p>もしスラドにログインしていない場合、<a href="/login">ログイン</a>することで解決できるかもしれません。</p>
+ </div>
+</div>
+
+[% END %]