2 files changed, 17 insertions, 7 deletions

diff --git a/data/example.conf b/data/example.conf
index 88a2fb21e..d0b02593e 100644
--- a/data/example.conf
+++ b/data/example.conf
@@ -737,7 +737,7 @@ log
  *
  * Available privileges:
  *  botserv/administration        - Can view and assign private BotServ bots
- *  chanserv/access/modify        - Can modify channel access and akick lists
+ *  chanserv/access/modify        - Can modify channel access and akick lists, and use /chanserv enforce
  *  chanserv/auspex               - Can see any information with /chanserv info
  *  chanserv/no-register-limit    - May register an unlimited number of channels and nicknames
  *  chanserv/set                  - Can modify the settings of any channel (incl. changing of the owner!)
diff --git a/modules/commands/cs_enforce.cpp b/modules/commands/cs_enforce.cpp
index e9ddb2943..4d5ba0242 100644
--- a/modules/commands/cs_enforce.cpp
+++ b/modules/commands/cs_enforce.cpp
@@ -18,7 +18,8 @@ class CommandCSEnforce : public Command
  private:
 	void DoSecureOps(CommandSource &source, ChannelInfo *ci)
 	{
-		Log(LOG_COMMAND, source, this) << "to enforce secureops";
+		bool override = !source.AccessFor(ci).HasPriv("AKICK") && source.HasPriv("chanserv/access/modify");
+		Log(override ? LOG_OVERRIDE : LOG_COMMAND, source, this, ci) << "to enforce secureops";
 
 		/* Dirty hack to allow Channel::SetCorrectModes to work ok.
 		 * We pretend like SECUREOPS is on so it doesn't ignore that
@@ -43,7 +44,8 @@ class CommandCSEnforce : public Command
 
 	void DoRestricted(CommandSource &source, ChannelInfo *ci)
 	{
-		Log(LOG_COMMAND, source, this) << "to enforce restricted";
+		bool override = !source.AccessFor(ci).HasPriv("AKICK") && source.HasPriv("chanserv/access/modify");
+		Log(override ? LOG_OVERRIDE : LOG_COMMAND, source, this, ci) << "to enforce restricted";
 
 		std::vector<User *> users;
 		for (Channel::ChanUserList::iterator it = ci->c->users.begin(), it_end = ci->c->users.end(); it != it_end; ++it)
@@ -73,7 +75,8 @@ class CommandCSEnforce : public Command
 
 	void DoRegOnly(CommandSource &source, ChannelInfo *ci)
 	{
-		Log(LOG_COMMAND, source, this) << "to enforce registered only";
+		bool override = !source.AccessFor(ci).HasPriv("AKICK") && source.HasPriv("chanserv/access/modify");
+		Log(override ? LOG_OVERRIDE : LOG_COMMAND, source, this, ci) << "to enforce registered only";
 
 		std::vector<User *> users;
 		for (Channel::ChanUserList::iterator it = ci->c->users.begin(), it_end = ci->c->users.end(); it != it_end; ++it)
@@ -104,7 +107,8 @@ class CommandCSEnforce : public Command
 
 	void DoSSLOnly(CommandSource &source, ChannelInfo *ci)
 	{
-		Log(LOG_COMMAND, source, this) << "to enforce SSL only";
+		bool override = !source.AccessFor(ci).HasPriv("AKICK") && source.HasPriv("chanserv/access/modify");
+		Log(override ? LOG_OVERRIDE : LOG_COMMAND, source, this, ci) << "to enforce SSL only";
 
 		std::vector<User *> users;
 		for (Channel::ChanUserList::iterator it = ci->c->users.begin(), it_end = ci->c->users.end(); it != it_end; ++it)
@@ -135,6 +139,9 @@ class CommandCSEnforce : public Command
 
 	void DoBans(CommandSource &source, ChannelInfo *ci)
 	{
+		bool override = !source.AccessFor(ci).HasPriv("AKICK") && source.HasPriv("chanserv/access/modify");
+		Log(override ? LOG_OVERRIDE : LOG_COMMAND, source, this, ci) << "to enforce bans";
+
 		std::vector<User *> users;
 		for (Channel::ChanUserList::iterator it = ci->c->users.begin(), it_end = ci->c->users.end(); it != it_end; ++it)
 		{
@@ -156,11 +163,14 @@ class CommandCSEnforce : public Command
 			ci->c->Kick(NULL, user, "%s", reason.c_str());
 		}
 
-		source.Reply(_("BANS enforced on %s."), ci->name.c_str());
+		source.Reply(_("Bans enforced on %s."), ci->name.c_str());
 	}
 
 	void DoLimit(CommandSource &source, ChannelInfo *ci)
 	{
+		bool override = !source.AccessFor(ci).HasPriv("AKICK") && source.HasPriv("chanserv/access/modify");
+		Log(override ? LOG_OVERRIDE : LOG_COMMAND, source, this, ci) << "to enforce limit";
+
 		Anope::string l_str;
 		if (!ci->c->GetParam("LIMIT", l_str))
 		{
@@ -228,7 +238,7 @@ class CommandCSEnforce : public Command
 			source.Reply(CHAN_X_NOT_REGISTERED, params[0].c_str());
 		else if (!ci->c)
 			source.Reply(CHAN_X_NOT_IN_USE, ci->name.c_str());
-		else if (!source.AccessFor(ci).HasPriv("AKICK"))
+		else if (!source.AccessFor(ci).HasPriv("AKICK") && !source.HasPriv("chanserv/access/modify"))
 			source.Reply(ACCESS_DENIED);
 		else if (what.equals_ci("SECUREOPS"))
 			this->DoSecureOps(source, ci);