From e17bf8f32534bd17cfb8d51d17b4b8cbc81e7200 Mon Sep 17 00:00:00 2001
From: ed <s@ocv.me>
Date: Sat, 15 Jul 2023 18:39:41 +0000
Subject: [PATCH] require the new admin permission for the admin-panel

---
 README.md             | 6 +++---
 copyparty/__main__.py | 2 +-
 copyparty/authsrv.py  | 3 ++-
 copyparty/httpcli.py  | 7 ++++---
 4 files changed, 10 insertions(+), 8 deletions(-)

diff --git a/README.md b/README.md
index 519cec91..ee988013 100644
--- a/README.md
+++ b/README.md
@@ -327,7 +327,7 @@ upgrade notes
 # accounts and volumes
 
 per-folder, per-user permissions  - if your setup is getting complex, consider making a [config file](./docs/example.conf) instead of using arguments
-* much easier to manage, and you can modify the config at runtime with `systemctl reload copyparty` or more conveniently using the `[reload cfg]` button in the control-panel (if logged in as admin)
+* much easier to manage, and you can modify the config at runtime with `systemctl reload copyparty` or more conveniently using the `[reload cfg]` button in the control-panel (if the user has `a`/admin in any volume)
   * changes to the `[global]` config section requires a restart to take effect
 
 a quick summary can be seen using `--help-accounts`
@@ -346,7 +346,7 @@ permissions:
 * `d` (delete): delete files/folders
 * `g` (get): only download files, cannot see folder contents or zip/tar
 * `G` (upget): same as `g` except uploaders get to see their own filekeys (see `fk` in examples below)
-* `a` (admin): can see uploader IPs
+* `a` (admin): can see uploader IPs, config-reload
 
 examples:
 * add accounts named u1, u2, u3 with passwords p1, p2, p3: `-a u1:p1 -a u2:p2 -a u3:p3`
@@ -774,7 +774,7 @@ for the above example to work, add the commandline argument `-e2ts` to also scan
 using arguments or config files, or a mix of both:
 * config files (`-c some.conf`) can set additional commandline arguments; see [./docs/example.conf](docs/example.conf) and [./docs/example2.conf](docs/example2.conf)
 * `kill -s USR1` (same as `systemctl reload copyparty`) to reload accounts and volumes from config files without restarting
-  * or click the `[reload cfg]` button in the control-panel when logged in as admin 
+  * or click the `[reload cfg]` button in the control-panel if the user has `a`/admin in any volume
   * changes to the `[global]` config section requires a restart to take effect
 
 
diff --git a/copyparty/__main__.py b/copyparty/__main__.py
index d2195e71..df01fb99 100755
--- a/copyparty/__main__.py
+++ b/copyparty/__main__.py
@@ -492,7 +492,7 @@ def get_sects():
               "d" (delete): permanently delete files and folders
               "g" (get):    download files, but cannot see folder contents
               "G" (upget):  "get", but can see filekeys of their own uploads
-              "a" (admin):  can see uploader IPs
+              "a" (admin):  can see uploader IPs, config-reload
 
             too many volflags to list here, see --help-flags
 
diff --git a/copyparty/authsrv.py b/copyparty/authsrv.py
index 64904831..dd98fb57 100644
--- a/copyparty/authsrv.py
+++ b/copyparty/authsrv.py
@@ -324,6 +324,7 @@ class VFS(object):
         self.adel: dict[str, list[str]] = {}
         self.aget: dict[str, list[str]] = {}
         self.apget: dict[str, list[str]] = {}
+        self.aadmin: dict[str, list[str]] = {}
 
         if realpath:
             rp = realpath + ("" if realpath.endswith(os.sep) else os.sep)
@@ -1182,7 +1183,7 @@ class AuthSrv(object):
             vol.all_vps.sort(key=lambda x: len(x[0]), reverse=True)
             vol.root = vfs
 
-        for perm in "read write move del get pget".split():
+        for perm in "read write move del get pget admin".split():
             axs_key = "u" + perm
             unames = ["*"] + list(acct.keys())
             umap: dict[str, list[str]] = {x: [] for x in unames}
diff --git a/copyparty/httpcli.py b/copyparty/httpcli.py
index e23f5fc9..68f21216 100644
--- a/copyparty/httpcli.py
+++ b/copyparty/httpcli.py
@@ -149,6 +149,7 @@ class HttpCli(object):
         self.dvol = [" "]
         self.gvol = [" "]
         self.upvol = [" "]
+        self.avol = [" "]
         self.do_log = True
         self.can_read = False
         self.can_write = False
@@ -405,6 +406,7 @@ class HttpCli(object):
         self.dvol = self.asrv.vfs.adel[self.uname]
         self.gvol = self.asrv.vfs.aget[self.uname]
         self.upvol = self.asrv.vfs.apget[self.uname]
+        self.avol = self.asrv.vfs.aadmin[self.uname]
 
         if self.pw and (
             self.pw != cookie_pw or self.conn.freshen_pwd + 30 < time.time()
@@ -3003,13 +3005,12 @@ class HttpCli(object):
 
     def tx_mounts(self) -> bool:
         suf = self.urlq({}, ["h"])
-        avol = [x for x in self.wvol if x in self.rvol]
         rvol, wvol, avol = [
             [("/" + x).rstrip("/") + "/" for x in y]
-            for y in [self.rvol, self.wvol, avol]
+            for y in [self.rvol, self.wvol, self.avol]
         ]
 
-        if avol and not self.args.no_rescan:
+        if self.avol and not self.args.no_rescan:
             x = self.conn.hsrv.broker.ask("up2k.get_state")
             vs = json.loads(x.get())
             vstate = {("/" + k).rstrip("/") + "/": v for k, v in vs["volstate"].items()}