Igor Gariev (gariev) wrote in changelog,
Igor Gariev
gariev
changelog

[livejournal] r18413: LJSV-1404: Userlog w/o identifying infor...

Committer: gariev
LJSV-1404: Userlog w/o identifying information

U   trunk/htdocs/admin/userlog.bml
Modified: trunk/htdocs/admin/userlog.bml
===================================================================
--- trunk/htdocs/admin/userlog.bml	2011-02-25 09:13:52 UTC (rev 18412)
+++ trunk/htdocs/admin/userlog.bml	2011-02-25 11:19:10 UTC (rev 18413)
@@ -31,11 +31,12 @@
     my $err = sub {
         return "<?h1 Error h1?><?p $_[0] p?>";
     };
-
+    my $can_view =  LJ::check_priv($remote, 'canview', '*') || 
+                    LJ::check_priv($remote, 'canview', 'userlog');
     return $err->("You do not have the necessary privilege to view this page.")
-        unless LJ::check_priv($remote, 'canview', 'userlog') ||
-               LJ::check_priv($remote, 'canview', '*') ||
-               $LJ::IS_DEV_SERVER;
+        unless $can_view || 
+                LJ::check_priv($remote, 'canview', 'userloglight') ||
+                $LJ::IS_DEV_SERVER;
 
     my $user = LJ::canonical_username($POST{user} || $GET{user});
 
@@ -149,14 +150,18 @@
         } else {
             $actor = "<em>not recorded</em>";
         }
+        
+        my ($ip, $uniq);
+        if (!$can_view) {
+            $ip = '***';
+            $uniq = '***';
+        } else {
+            $ip = $row->{ip} || "<em>not recorded</em>";
+            $uniq = ($row->{uniq}) 
+                ? qq{<a href='$LJ::SITEROOT/admin/uniq.bml?what=$row->{uniq}'> $row->{uniq} </a>} 
+                : "<em>not recorded</em>";
+        }
 
-        my $ip = $row->{ip} || "<em>not recorded</em>";
-        my $uniq = $row->{uniq} ? qq{
-            <a href="$LJ::SITEROOT/admin/uniq.bml?what=$row->{uniq}">
-                $row->{uniq}
-            </a>
-        } : "<em>not recorded</em>";
-
         $ret .= "<tr>" . join('', map { "<td class='logrow'>$_</td>" } ($time, $action, $actor, $ip, $uniq)) . "</tr>\n";
     }
 

Tags: bml, gariev, livejournal
Subscribe
  • Post a new comment

    Error

    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

  • 0 comments