Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Backport "Merge PR #6512: FIX(server, client): Fix ACL write and traverse permissions" to 1.5.x #6676

Merged
merged 3 commits into from
Jan 2, 2025
Merged

Backport "Merge PR #6512: FIX(server, client): Fix ACL write and traverse permissions" to 1.5.x #6676

merged 3 commits into from
Jan 2, 2025

Conversation

Krzmbrzl
Copy link
Member

@Krzmbrzl Krzmbrzl commented Jan 2, 2025

Backport

This will backport the following commits from master to 1.5.x:

Questions ?

Please refer to the Backport tool documentation

Hartmnt added 3 commits January 2, 2025 11:59
@Hartmnt
FIX(server): Make sure context is applied to traverse and write ACL
87c1544 
Previously, both the traverse and write ACL would be evaluated
without taking the "in this channel" and "in sub-channels" context
options into account.
This would lead to denying traverse for channels that were
actually supposed to be traversable.

This commit refactors the ACL calculation for readability
and makes sure the write and traverse checks are actually taking the
context into account.

Fixes #3579

(cherry picked from commit 1da8b6f)
@Hartmnt
FIX(server, client): Remove "Write" ACL parent channel inheritance
37eb695 
Since 2a9dcfd and 62b1536 the Mumble server
would overwrite the current channel Write ACL, if the user
had Write ACL permission in the parent channel.
Supposedly, this was done because otherwise malicious users
could create temporary "ungovernable" channels by locking admins out
denying Write ACL for them.
However, this makes ACL management a lot less intuitive with regard
to the Write permission.

This commit reverts those commits and instead adds a check to see
if the user has Write permission in the root channel instead.
The reasoning being: If the server owner grants Write ACL on root,
they probably want those users to be able to moderate every channel.
If instead the server owner only grants Write on part of the channel
tree, normal ACL rules apply and users may lock other users out for
whatever reason.

(cherry picked from commit 1e05f14)
@Hartmnt
FIX(client): Prevent unchecking both ACL context checkboxes
dcd739d 
Previously, it was possible to have both context checkboxes
disabled in the ACLEditor, leaving the ACL entry in a dangleing
inactive state.
This commit makes sure, that at least one of the checkboxes is
always enabled.

(cherry picked from commit 55b4de0)
@Krzmbrzl Krzmbrzl mentioned this pull request Jan 2, 2025
Merged
@Hartmnt Hartmnt merged commit 2e7a385 into 1.5.x Jan 2, 2025
21 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@Hartmnt Hartmnt

Labels
backport
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Krzmbrzl @Hartmnt