Refuse to add visitors to mail / xmpp / ... permission as it doesnt make sense

2024-09-03 20:06:10 +02:00 · 2019-10-24 17:47:43 +02:00 · 2019-10-24 17:47:43 +02:00 · bd02678275
commit bd02678275
parent 698f31943a
2 changed files with 5 additions and 0 deletions
--- a/locales/en.json
+++ b/locales/en.json
@ -429,6 +429,7 @@
    "permission_update_failed": "Could not update permission '{permission}' : {error}",
    "permission_updated": "Permission '{permission:s}' updated",
    "permission_update_nothing_to_do": "No permissions to update",
+    "permission_require_account": "Permission {permission} only makes sense for users having an account, and therefore cannot be enabled for visitors.",
    "port_already_closed": "Port {port:d} is already closed for {ip_version:s} connections",
    "port_already_opened": "Port {port:d} is already opened for {ip_version:s} connections",
    "port_available": "Port {port:d} is available",
--- a/src/yunohost/permission.py
+++ b/src/yunohost/permission.py
@ -100,6 +100,10 @@ def user_permission_update(operation_logger, permission, add=None, remove=None,
    if "." not in permission:
        permission = permission + ".main"

+    # Refuse to add "visitors" to mail, xmpp ... they require an account to make sense.
+    if add and "visitors" in add and permission.split(".")[0] in SYSTEM_PERMS:
+        raise YunohostError('permission_require_account', permission=permission)
+
    # Fetch currently allowed groups for this permission

    existing_permission = user_permission_list(full=True)["permissions"].get(permission, None)