Ticket #51

Reverted changeset [375]

Implemented approach B from lars comment:3 to ticket #51. Updated INSTALL and UPGRADING documents.

INSTALL

@@ -141,6 +141,10 @@ OVERVIEW:
 	Direct links to a specifc domain use the following format:
 		http://BASE_URL/ezmlm-web?domain=foo
 	
+	Note that since version 3.3 webusers file has to explictly let users create 
+	and manage lists. If you are relying on the user beeing able to create lists 
+	if no webusers file exists, then you will have to explicitly create one with
+	the appropiate permissions.
 
 7.	Copy the stylesheet files (/usr/local/share/ezmlm-web/www-data/*.css)
 	to a location of your choice. It has to be accessible by an URL - maybe

UPGRADING

@@ -2,6 +2,20 @@ This file contains some useful hints for upgrading from a previous version.
 
 ##############################################################################
 
+------------------------------------------------------------------------------
+
+UPGRADING ezmlm-web 3.2 to ezmlm-web 3.3
+
+1) the file webusers is mandatory
+   The admin has to add ALLOW_CREATE or user-specific permissions to the 
+   webusers file, to allow changes to mailing lists otherwise no changes are 
+   allowed. If you have ezmlm-web running already, a webusers file has already 
+   been created for you. This change should just affect setups that let a list
+   be created in a directory where there are no explicit permissions (more than 
+   one domain or multiple user directories)
+
+------------------------------------------------------------------------------
+
 UPGRADING ezmlm-web 3.1 to ezmlm-web 3.2
 
 1) the following dependency was added:

examples/ezmlmwebrc.dist

@@ -38,16 +38,6 @@ $LIST_DIR = "$HOME_DIR/lists";
 # defaults to "$LIST_DIR/webusers"
 #$WEBUSERS_FILE = "$LIST_DIR/webusers";
 
-# if no webusers file, grant list creation by default
-# 0 - don't grant creation if webusers file doesn't exist
-# 1 - grant creation if webusers file doesn't exist
-#$NO_WEBUSERS_CREATE = 1;
-
-# if no webusers file, grant access by default
-# 0 - don't grant access to all lists if webusers file doesn't exist
-# 1 - grant access to all lists if webusers file doesn't exist
-#$NO_WEBUSERS_ACCESSALL = 1;
-
 # Where are the language files
 # usually something like /usr/local/share/ezmlm-web/lang
 $LANGUAGE_DIR = "/usr/local/share/ezmlm-web/lang";

ezmlm-web.cgi

@@ -90,11 +90,10 @@ use vars qw[$HOME_DIR]; $HOME_DIR=$tmp[7];
 # some configuration settings
 use vars qw[$DEFAULT_OPTIONS $UNSAFE_RM $ALIAS_USER $LIST_DIR];
 use vars qw[$QMAIL_BASE $PRETTY_NAMES $DOTQMAIL_DIR];
-use vars qw[$FILE_UPLOAD $MAIL_DOMAIN $HTML_TITLE];
+use vars qw[$FILE_UPLOAD $WEBUSERS_FILE $MAIL_DOMAIN $HTML_TITLE];
 use vars qw[$TEMPLATE_DIR $LANGUAGE_DIR $HTML_LANGUAGE];
 use vars qw[$HTML_CSS_COMMON $HTML_CSS_COLOR];
 use vars qw[$MAIL_ADDRESS_PREFIX @HTML_LINKS];
-use vars qw[$WEBUSERS_FILE $NO_WEBUSERS_CREATE $NO_WEBUSERS_ACCESSALL];
 # default interface template (basic/normal/expert)
 use vars qw[$DEFAULT_INTERFACE_TYPE];
 # some settings for encrypted mailing lists
@@ -171,12 +170,6 @@ if (defined($opt_d)) {
 # then use former default value for compatibility
 $WEBUSERS_FILE = $LIST_DIR . '/webusers' unless (defined($WEBUSERS_FILE));
 
-# if no webusers file, grant list creation by defautlt
-$NO_WEBUSERS_CREATE = 1 unless defined($NO_WEBUSERS_CREATE);
-
-# if no webusers file, grant access to all lists by default
-$NO_WEBUSERS_ACCESSALL = 1 unless defined($NO_WEBUSERS_ACCESSALL);
-
 # check for non-default dotqmail directory
 $DOTQMAIL_DIR = $HOME_DIR unless defined($DOTQMAIL_DIR);
 
@@ -2388,7 +2381,7 @@ sub webauth {
 	my $listname = shift;
    
 	# Check if webusers file exists - if not, then access is granted
-	return ($NO_WEBUSERS_ACCESSALL) if (! -e "$WEBUSERS_FILE");
+	return (1==0) if (! -e "$WEBUSERS_FILE");
 
 	# if there was no user authentication, then everything is allowed
 	return (0==0) if (!$LOGIN_NAME);
@@ -2434,7 +2427,7 @@ sub webauth_create_allowed {
 	return (0==0) if (!$LOGIN_NAME);
 
 	# Check if webusers file exists - if not, then access is granted
-	return ($NO_WEBUSERS_CREATE) if (! -e "$WEBUSERS_FILE");
+	return (1==0) if (! -e "$WEBUSERS_FILE");
 
 	# Read create-permission from webusers file.
 	# the special listname "ALLOW_CREATE" controls, who is allowed to do it