Allow services operators to release other user's nicks, and allow services operators to view the access list of other operators

4 files changed, 13 insertions, 9 deletions

diff --git a/data/example.conf b/data/example.conf
index 3a9022d47..8c1dc1d93 100644
--- a/data/example.conf
+++ b/data/example.conf
@@ -753,7 +753,7 @@ log
  *   memoserv/sendall        memoserv/staff
  *
  *   nickserv/getpass        nickserv/sendpass      nickserv/getemail   nickserv/suspend
- *   nickserv/resetpass
+ *   nickserv/resetpass      nickserv/release
  *
  *   nickserv/saset/autoop   nickserv/saset/email   nickserv/saset/greet
  *   nickserv/saset/icq      nickserv/saset/kill    nickserv/saset/language nickserv/saset/message
diff --git a/data/nickserv.example.conf b/data/nickserv.example.conf
index dd9dc9b99..599656ce5 100644
--- a/data/nickserv.example.conf
+++ b/data/nickserv.example.conf
@@ -221,8 +221,8 @@ nickserv
 	guestnickprefix = "Guest"
 
 	/*
-	 * Prevents the use of the ACCESS, DROP, FORBID, GETPASS, and SET PASSWORD commands by Services Admins
-	 * on other Services Admins or the Services Root(s).
+	 * Prevents the use of the ACCESS (excluding the LIST subcommand), DROP, FORBID, SUSPEND,
+	 * GETPASS and SET PASSWORD commands by services operators on other services operators.
 	 *
 	 * This directive is optional, but recommended.
 	 */
diff --git a/modules/commands/ns_access.cpp b/modules/commands/ns_access.cpp
index 598de4d5a..5fdba68fb 100644
--- a/modules/commands/ns_access.cpp
+++ b/modules/commands/ns_access.cpp
@@ -120,9 +120,9 @@ class CommandNSAccess : public Command
 				source.Reply(ACCESS_DENIED);
 				return;
 			}
-			else if (Config->NSSecureAdmins && u->Account() != na->nc && na->nc->IsServicesOper())
+			else if (Config->NSSecureAdmins && u->Account() != na->nc && na->nc->IsServicesOper() && !cmd.equals_ci("LIST"))
 			{
-				source.Reply(_("You may view or modify the access list of other services operators."));
+				source.Reply(_("You may view but not modify the access list of other services operators."));
 				return;
 			}
 
diff --git a/modules/commands/ns_release.cpp b/modules/commands/ns_release.cpp
index d843b2f84..3c5a230b3 100644
--- a/modules/commands/ns_release.cpp
+++ b/modules/commands/ns_release.cpp
@@ -45,9 +45,9 @@ class CommandNSRelease : public Command
 
 			if (MOD_RESULT == EVENT_ALLOW)
 			{
-				Log(LOG_COMMAND, u, this) << "released " << na->nick;
+				Log(LOG_COMMAND, u, this) << "for nickname " << na->nick;
 				na->Release();
-				source.Reply(_("Services' hold on your nick has been released."));
+				source.Reply(_("Services' hold on \002%s\002 has been released."), nick.c_str());
 			}
 			else
 			{
@@ -58,11 +58,15 @@ class CommandNSRelease : public Command
 		}
 		else
 		{
-			if (u->Account() == na->nc || (!na->nc->HasFlag(NI_SECURE) && is_on_access(u, na->nc)) ||
+			bool override = u->Account() != na->nc && u->HasPriv("nickserv/release");
+
+			if (override || u->Account() == na->nc ||
+					(!na->nc->HasFlag(NI_SECURE) && is_on_access(u, na->nc)) ||
 					(!u->fingerprint.empty() && na->nc->FindCert(u->fingerprint)))
 			{
+				Log(override ? LOG_OVERRIDE : LOG_COMMAND, u, this) << "for nickname " << na->nick;
 				na->Release();
-				source.Reply(_("Services' hold on your nick has been released."));
+				source.Reply(_("Services' hold on \002%s\002 has been released."), nick.c_str());
 			}
 			else
 				source.Reply(ACCESS_DENIED);