summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorfrank <frank@schokilade.de>2005-02-20 11:45:06 +0100
committerfrank <frank@schokilade.de>2005-02-20 11:45:06 +0100
commit10a76f6fd45bbbf4443fb8626d35aae3a388c490 (patch)
treead76b39e0b739d7e87cd2b595bd9f10cf9a5ae76
parent3a8a9050bc97ca54a26f0163fb9b8d50c82f8b3d (diff)
downloadrpg-10a76f6fd45bbbf4443fb8626d35aae3a388c490.tar.gz
rpg-10a76f6fd45bbbf4443fb8626d35aae3a388c490.tar.bz2
acl-administration rc1
darcs-hash:20050220104506-b7c55-01c85b4b688597c8405987e0f7ea30aa4fb1472f.gz
Diffstat
-rw-r--r--doku.php34
-rw-r--r--inc/acl_admin.php121
-rw-r--r--inc/auth.php32
-rw-r--r--inc/html.php147
-rw-r--r--lang/de/acl_admin.txt3
-rw-r--r--lang/de/lang.php17
-rw-r--r--lang/en/acl_admin.txt3
-rw-r--r--lang/en/lang.php17
-rw-r--r--script.js23
9 files changed, 395 insertions, 2 deletions
diff --git a/doku.php b/doku.php
index c69462574..f67d4789f 100644
--- a/doku.php
+++ b/doku.php
@@ -25,6 +25,11 @@
$RANGE = $_REQUEST['lines'];
$HIGH = $_REQUEST['s'];
if(empty($HIGH)) $HIGH = getGoogleQuery();
+
+# $ACL_USER = urldecode($_REQUEST['acl_user']);
+# $ACL_SCOPE = urldecode($_REQUEST['acl_scope']);
+# $ACL_LEVEL = $_REQUEST['acl_level'];
+# $ACL_CHECKBOX = $_REQUEST['acl_checkbox'];
$TEXT = cleanText($_POST['wikitext']);
$PRE = cleanText($_POST['prefix']);
@@ -60,6 +65,33 @@
$ACT='login';
}
+/*
+ //handle acl_admin stuff, add acl entry
+ if( ($ACT=='acl_admin_add') && (auth_quickaclcheck($ID) == AUTH_GRANT)){
+ acl_admin_change($ACL_SCOPE, $ACL_USER, "", $ACL_CHECKBOX);
+ # reload ACL into a global array
+ //$AUTH_ACL = file('conf/acl.auth');
+ $AUTH_ACL = load_acl_config();
+ $ACT='acl_admin';
+ }
+
+ //handle acl_admin stuff, change acl entry
+ if( ($ACT=='acl_admin_change') && (auth_quickaclcheck($ID) == AUTH_GRANT)){
+ acl_admin_change($ACL_SCOPE, $ACL_USER, $ACL_LEVEL, $ACL_CHECKBOX);
+ # reload ACL into a global array
+ $AUTH_ACL = load_acl_config();
+ $ACT='acl_admin';
+ }
+
+ //handle acl_admin_del stuff, remove acl entry
+ if( ($ACT=='acl_admin_del') && (auth_quickaclcheck($ID) == AUTH_GRANT)) {
+ acl_admin_del($ACL_SCOPE, $ACL_USER, $ACL_LEVEL);
+ # reload ACL into a global array
+ $AUTH_ACL = load_acl_config();
+ $ACT='acl_admin';
+ }
+*/
+
//do saving after spam- and conflictcheck
if($ACT == $lang['btn_save'] && auth_quickaclcheck($ID)){
if(checkwordblock()){
@@ -148,6 +180,8 @@
html_diff(con($PRE,$TEXT,$SUF),false);
}elseif($ACT == 'locked'){
html_locked($lockedby);
+# }elseif( ($ACT == 'acl_admin') && (auth_quickaclcheck($ID) == AUTH_GRANT)){
+# html_acl_admin();
}elseif($ACT == 'login'){
html_login();
}elseif($ACT == 'register' && $conf['openregister']){
diff --git a/inc/acl_admin.php b/inc/acl_admin.php
new file mode 100644
index 000000000..f7cd7fbd7
--- /dev/null
+++ b/inc/acl_admin.php
@@ -0,0 +1,121 @@
+<?php
+/**
+ * $ID is pagename, reads matching lines from $AUTH_ACL,
+ * also reads acls from namespace
+ * returns multi-array with key=pagename and value=array(user, acl)
+ *
+ * @author Frank Schubert <frank@schokilade.de>
+ */
+function get_acl_config($ID){
+ global $AUTH_ACL;
+
+ $acl_config=array();
+
+ // match exact name
+ $matches = preg_grep('/^'.$ID.'\s+.*/',$AUTH_ACL);
+ if(count($matches)){
+ foreach($matches as $match){
+ $match = preg_replace('/#.*$/','',$match); //ignore comments
+ $acl = preg_split('/\s+/',$match);
+ //0 is pagename, 1 is user, 2 is acl
+ $acl_config["$acl[0]"][]=array($acl[1],$acl[2]);
+ }
+ }
+
+ $specific_found=array();
+ // match ns
+ if(($ID=getNS($ID)) !== false){
+ $matches = preg_grep('/^'.$ID.':\*\s+.*/',$AUTH_ACL);
+ if(count($matches)){
+ foreach($matches as $match){
+ $match = preg_replace('/#.*$/','',$match); //ignore comments
+ $acl = preg_split('/\s+/',$match);
+ //0 is pagename, 1 is user, 2 is acl
+ $acl_config["$acl[0]"][]=array($acl[1],$acl[2]);
+ $specific_found[]=$acl[1];
+ }
+ }
+ }
+
+ //include *-config
+ $matches = preg_grep('/^\*\s+.*/',$AUTH_ACL);
+ if(count($matches)){
+ foreach($matches as $match){
+ $match = preg_replace('/#.*$/','',$match); //ignore comments
+ $acl = preg_split('/\s+/',$match);
+ // only include * for this user if not already found in ns
+ if(!in_array($acl[1], $specific_found)){
+ //0 is pagename, 1 is user, 2 is acl
+ $acl_config["$acl[0]"][]=array($acl[1],$acl[2]);
+ }
+ }
+ }
+
+ //sort
+ //FIXME: better sort algo: first sort by key, then sort by first value
+ krsort($acl_config, SORT_STRING);
+
+ return($acl_config);
+}
+
+/**
+ * adds new acl-entry to conf/acl.auth
+ *
+ * @author Frank Schubert <frank@schokilade.de>
+ */
+function acl_admin_add($acl_scope, $acl_user, $acl_level){
+ if($acl_scope === '' || $acl_user === '' || $acl_level === '') { return false; }
+
+ $acl_config = join("",file('conf/acl.auth'));
+
+ // max level for pagenames is 2
+ if(strpos("*", $acl_scope) === false) {
+ if($acl_level > 2) { $acl_level = 2; }
+ }
+
+ $new_acl = "$acl_scope\t$acl_user\t$acl_level\n";
+
+ $new_config = $acl_config.$new_acl;
+
+ return io_saveFile("conf/acl.auth", $new_config);
+}
+
+/**
+ * remove acl-entry from conf/acl.auth
+ *
+ * @author Frank Schubert <frank@schokilade.de>
+ */
+function acl_admin_del($acl_scope, $acl_user, $acl_level){
+ if($acl_scope === '' || $acl_user === '' || $acl_level === '') { return false; }
+
+ $acl_pattern = preg_quote($acl_scope)."\s+".$acl_user."\s+".$acl_level."\n";
+
+ $acl_config = file('conf/acl.auth');
+
+ // save all non!-matching
+ $new_config = preg_grep("/$acl_pattern/", $acl_config, PREG_GREP_INVERT);
+
+ return io_saveFile("conf/acl.auth", join("",$new_config));
+}
+
+/**
+ * change existing acl entries
+ *
+ * @author Frank Schubert <frank@schokilade.de>
+ */
+function acl_admin_change($acl_scope, $acl_user, $acl_level, $acl_checkbox){
+
+ $new_level = 0;
+ if(is_array($acl_checkbox)) {
+ foreach($acl_checkbox as $acl_num => $value){
+ if( ($value == "on") &&
+ ($acl_num > $new_level)) {
+ $new_level = $acl_num;
+ }
+ }
+ }
+
+ acl_admin_del($acl_scope, $acl_user, $acl_level);
+ acl_admin_add($acl_scope, $acl_user, $new_level);
+}
+?>
diff --git a/inc/auth.php b/inc/auth.php
index 094319377..1e84d6552 100644
--- a/inc/auth.php
+++ b/inc/auth.php
@@ -16,6 +16,7 @@
require_once(DOKU_INC.'inc/mail.php');
// load the the auth functions
require_once(DOKU_INC.'inc/auth_'.$conf['authtype'].'.php');
+ require_once(DOKU_INC.'inc/acl_admin.php');
// some ACL level defines
define('AUTH_NONE',0);
@@ -23,11 +24,11 @@
define('AUTH_EDIT',2);
define('AUTH_CREATE',4);
define('AUTH_UPLOAD',8);
- define('AUTH_GRANT',255);
+ define('AUTH_ADMIN',255);
if($conf['useacl']){
auth_login($_REQUEST['u'],$_REQUEST['p'],$_REQUEST['r']);
- // load ACL into a global array
+ //load ACL into a global array
$AUTH_ACL = file('conf/acl.auth');
}
@@ -212,6 +213,16 @@ function auth_aclcheck($id,$user,$groups){
# if no ACL is used always return upload rights
if(!$conf['useacl']) return AUTH_UPLOAD;
+
+ //if user is superuser return 255 (acl_admin)
+ if($conf['superuser'] == $user) { return AUTH_ADMIN; }
+
+ //prepend groups with @
+ for($i=0; $i<count($groups); $i++){
+ $groups[$i] = '@'.$groups[$i];
+ }
+ //if user is in superuser group return 255 (acl_admin)
+ if(in_array($conf['superuser'], $groups)) { return AUTH_ADMIN; }
$ns = getNS($id);
$perm = -1;
@@ -237,6 +248,7 @@ function auth_aclcheck($id,$user,$groups){
foreach($matches as $match){
$match = preg_replace('/#.*$/','',$match); //ignore comments
$acl = preg_split('/\s+/',$match);
+ if($acl[2] > AUTH_UPLOAD) $acl[2] = AUTH_UPLOAD; //no admins in the ACL!
if($acl[2] > $perm){
$perm = $acl[2];
}
@@ -260,6 +272,7 @@ function auth_aclcheck($id,$user,$groups){
foreach($matches as $match){
$match = preg_replace('/#.*$/','',$match); //ignore comments
$acl = preg_split('/\s+/',$match);
+ if($acl[2] > AUTH_UPLOAD) $acl[2] = AUTH_UPLOAD; //no admins in the ACL!
if($acl[2] > $perm){
$perm = $acl[2];
}
@@ -390,4 +403,19 @@ function register(){
}
}
+/**
+ * Uses a regular expresion to check if a given mail address is valid
+ *
+ * May not be completly RFC conform!
+ *
+ * @link http://www.webmasterworld.com/forum88/135.htm
+ *
+ * @param string $email the address to check
+ * @return bool true if address is valid
+ */
+function isvalidemail($email){
+ return eregi("^[0-9a-z]([-_.]?[0-9a-z])*@[0-9a-z]([-.]?[0-9a-z])*\\.[a-z]{2,4}$", $email);
+}
+
+
?>
diff --git a/inc/html.php b/inc/html.php
index d848f89b4..9cceee82c 100644
--- a/inc/html.php
+++ b/inc/html.php
@@ -428,6 +428,10 @@ function html_footer(){
}else{
print html_btn('login',$ID,'',array('do' => 'login'));
}
+ #//acl-admin button
+ #if($INFO['perm'] == AUTH_GRANT){
+ # print html_btn('acl_admin',$ID,'',array('do' => 'acl_admin'));
+ #}
}
?>
<?=html_btn(index,$ID,'x',array('do' => 'index'))?>
@@ -1171,4 +1175,147 @@ function html_debug(){
print '</body></html>';
}
+/**
+ * prints the acl-admin form(s)
+ *
+ * @author Frank Schubert <frank@schokilade.de>
+ */
+function html_acl_admin(){
+ global $lang;
+ global $ID;
+ global $INFO;
+
+ print parsedLocale('acl_admin');
+?>
+ <fieldset style="float:left; text-align:left; white-space:nowrap; width:320px;">
+ <legend><?=$lang['acl_admin']?></legend>
+
+ <form name="acl_admin_add" method="post" action="<?=wl($ID)?>" accept-charset="<?=$lang['encoding']?>">
+ <input type="hidden" name="do" value="acl_admin_add" />
+ <input type="hidden" name="save" value="1" />
+ <table>
+ <tr>
+ <td><?=$lang['acl_user']?></td>
+ <td><input type="text" name="acl_user" class="edit" size="20" value="" /></td>
+ </tr><tr>
+ <td><?=$lang['acl_scope']?></td>
+ <td><select name="acl_scope" id="acl_scope" class="edit" size="1" onChange="checkAclLevel();">
+ <option value="">(<?=$lang['acl_input_request']?>)</option>
+ <option><?=$ID?></option>
+ <?php if( ($ns=getNS($ID)) != NULL) {?>
+ <option><?=$ns?>:*</option>
+ <?php }else{ ?>
+ <option>*</option>
+ <?php } ?>
+ </select></td>
+ </tr><tr>
+ <td style="vertical-align:top"><?=$lang['acl_level']?></td>
+ <td>
+ <input type="checkbox" name="acl_checkbox[1]" value="on" checked="checked" /><?=$lang['acl_read']?><br />
+ <input type="checkbox" name="acl_checkbox[2]" value="on" /><?=$lang['acl_edit']?><br />
+ <input type="checkbox" name="acl_checkbox[4]" value="on" /><?=$lang['acl_create']?><br />
+ <input type="checkbox" name="acl_checkbox[8]" value="on" /><?=$lang['acl_upload']?>
+ </td>
+ </tr><tr>
+ <td></td>
+ <td><input type="submit" class="button" value="<?=$lang['acl_commit']?>" /></td>
+ </tr>
+ </table>
+ </form>
+ </fieldset>
+
+ <div style="float:right;">
+ <fieldset>
+ <legend><?=$lang['acl_current']?></legend>
+ <div style="text-align:left">
+ <?php
+ $acl_config=get_acl_config($ID);
+ foreach($acl_config as $pagename => $value){
+ if($pagename != '*') {
+ $ID_cur=$pagename;
+ while(($piece=getNS($ID_cur)) !== false){
+ $url="<a href='".wl($piece,'do=acl_admin')."'>".noNS($piece)."</a>:".$url;;
+ $ID_cur=$piece;
+ }
+ $url.="<a href='".wl($pagename,'do=acl_admin')."'>".noNS($pagename)."</a>";
+ print $url;
+ $url='';
+ }else{
+ print $pagename;
+ } ?>
+ <table class="inline">
+ <tr>
+ <th class="inline"></th>
+ <th class="inline">name</th>
+ <th class="inline">R</th>
+ <th class="inline">W</th>
+ <th class="inline">C</th>
+ <th class="inline">U</th>
+ <th class="inline">UPDATE</th>
+ <th class="inline">DELETE</th>
+ </tr>
+ <?php
+ foreach($value as $conf){
+ ?>
+ <tr>
+ <!-- user/group -->
+ <td class="inline">
+ <?php
+ $group = false;
+ if(substr($conf[0],0,1)=="@"){
+ print $lang['acl_group'];
+ $group = true;
+ }else{
+ print $lang['acl_user'];
+ }
+ ?>
+ </td>
+ <td class="inline">
+ <!-- name -->
+ <?php
+ if($group) { print substr($conf[0],1); } else { print $conf[0]; }
+ ?>
+ </td>
+ <form name="acl_admin_change" method="post" action="<?=wl($ID)?>" accept-charset="<?=$lang['encoding']?>">
+ <?php
+ // read,write,create,upload
+ $acl_nums=array(1,2,4,8);
+ foreach($acl_nums as $num){
+ ?><td class="inline">
+ <input type="hidden" name="do" value="acl_admin_change" />
+ <input type="hidden" name="save" value="1" />
+ <input type="hidden" name="acl_scope" value='<?=urlencode($pagename)?>' />
+ <input type="hidden" name="acl_user" value='<?=urlencode($conf[0])?>' />
+ <input type="hidden" name="acl_level" value='<?=$conf[1]?>' />
+ <input type="checkbox" name="acl_checkbox[<?=$num?>]" value="on"<?php
+ if($conf[1]>=$num) {
+ ?> checked="checked"<?php
+ }
+ ?> /></td><?php
+ }
+ ?>
+ <td class="inline"><input type="submit" class="button" value="update"></td>
+ </form>
+ <td class="inline">
+ <!-- delete form -->
+ <form name="acl_admin_del" method="post" action="<?=wl($ID)?>" accept-charset="<?=$lang['encoding']?>">
+ <input type="hidden" name="do" value="acl_admin_del" />
+ <input type="hidden" name="save" value="1" />
+ <input type="hidden" name="acl_scope" value='<?=urlencode($pagename);?>' />
+ <input type="hidden" name="acl_user" value='<?=urlencode($conf[0])?>' />
+ <input type="hidden" name="acl_level" value='<?=$conf[1]?>' />
+ <input type="submit" class="button" value='DEL' onClick="return window.confirm('<?=$lang['acl_confirm_delete']?>');" />
+ </form>
+ </td>
+ </tr>
+ <?php
+ }
+ ?></table><?php
+ }
+ ?>
+ </div>
+ </fieldset>
+ </div>
+<?
+}
?>
diff --git a/lang/de/acl_admin.txt b/lang/de/acl_admin.txt
new file mode 100644
index 000000000..3693f82c7
--- /dev/null
+++ b/lang/de/acl_admin.txt
@@ -0,0 +1,3 @@
+====== ACL-Administration ======
+
+Ansicht der vorhandenen ACL-Einstellungen und Konfiguration.
diff --git a/lang/de/lang.php b/lang/de/lang.php
index 47be58abc..1980c34b6 100644
--- a/lang/de/lang.php
+++ b/lang/de/lang.php
@@ -25,6 +25,7 @@ $lang['btn_index'] = 'Ãœbersicht';
$lang['btn_secedit']= 'Bearbeiten';
$lang['btn_login'] = 'Einloggen';
$lang['btn_logout'] = 'Ausloggen';
+$lang['btn_acl_admin'] = 'ACL';
$lang['loggedinas'] = 'Eingeloggt als';
$lang['user'] = 'Benutzername';
@@ -100,5 +101,21 @@ $lang['qb_ul'] = 'Listenpunkt';
$lang['qb_media'] = 'Bilder und andere Dateien hinzufügen';
$lang['qb_sig'] = 'Unterschrift einfügen';
+$lang['acl_admin'] = 'Hinzuf&uuml;gen';
+$lang['acl_current']= 'Aktuelle Access Control Konfiguration';
+$lang['acl_user'] = 'Benutzer/Gruppe';
+$lang['acl_scope'] = 'Pagename/Namespace';
+$lang['acl_level'] = 'Zugriffslevel';
+$lang['acl_none'] = 'Keine';
+$lang['acl_read'] = 'Lesen';
+$lang['acl_edit'] = 'Bearbeiten';
+$lang['acl_create'] = 'Anlegen';
+$lang['acl_upload'] = 'Upload';
+$lang['acl_commit'] = 'Ausführen';
+$lang['acl_input_request'] = 'bitte wählen';
+$lang['acl_group'] = 'Gruppe';
+$lang['acl_user'] = 'Benutzer';
+$lang['acl_confirm_delete'] = 'Diesen Eintrag entfernen?';
+
//Setup VIM: ex: et ts=2 enc=utf-8 :
?>
diff --git a/lang/en/acl_admin.txt b/lang/en/acl_admin.txt
new file mode 100644
index 000000000..e8a112619
--- /dev/null
+++ b/lang/en/acl_admin.txt
@@ -0,0 +1,3 @@
+=== ACL-adminstration ===
+
+View current acl-configuration and change it.
diff --git a/lang/en/lang.php b/lang/en/lang.php
index 06ee1e9ae..f98e0d20d 100644
--- a/lang/en/lang.php
+++ b/lang/en/lang.php
@@ -24,6 +24,7 @@ $lang['btn_index'] = 'Index';
$lang['btn_secedit']= 'Edit';
$lang['btn_login'] = 'Login';
$lang['btn_logout'] = 'Logout';
+$lang['btn_acl_admin'] = 'ACL';
$lang['loggedinas'] = 'Logged in as';
$lang['user'] = 'Username';
@@ -98,5 +99,21 @@ $lang['qb_ul'] = 'Unordered List Item';
$lang['qb_media'] = 'Add Images and other files';
$lang['qb_sig'] = 'Insert Signature';
+$lang['acl_admin'] = 'New';
+$lang['acl_current']= 'Current Access Control Configuration';
+$lang['acl_user'] = 'User/Group';
+$lang['acl_scope'] = 'Pagename/Namespace';
+$lang['acl_level'] = 'Access Level';
+$lang['acl_none'] = 'None';
+$lang['acl_read'] = 'Read';
+$lang['acl_edit'] = 'Edit';
+$lang['acl_create'] = 'Create';
+$lang['acl_upload'] = 'Upload';
+$lang['acl_commit'] = 'Commit';
+$lang['acl_input_request'] = 'please select';
+$lang['acl_group'] = 'Group';
+$lang['acl_user'] = 'User';
+$lang['acl_confirm_delete'] = 'Delete this entry?';
+
//Setup VIM: ex: et ts=2 enc=utf-8 :
?>
diff --git a/script.js b/script.js
index 996652903..f39877e34 100644
--- a/script.js
+++ b/script.js
@@ -431,3 +431,26 @@ function fixDate(date) {
if (skew > 0)
date.setTime(date.getTime() - skew);
}
+
+/*
+ * This enables/disables checkboxes for acl-administration
+ *
+ * @author Frank Schubert <frank@schokilade.de>
+ */
+function checkAclLevel(){
+ if(document.getElementById) {
+ var scope = document.getElementById('acl_scope').value;
+
+ //check for namespace
+ if( (scope.indexOf(":*") > 0) || (scope == "*") ){
+ document.getElementsByName('acl_checkbox[4]')[0].disabled=false;
+ document.getElementsByName('acl_checkbox[8]')[0].disabled=false;
+ }else{
+ document.getElementsByName('acl_checkbox[4]')[0].checked=false;
+ document.getElementsByName('acl_checkbox[8]')[0].checked=false;
+
+ document.getElementsByName('acl_checkbox[4]')[0].disabled=true;
+ document.getElementsByName('acl_checkbox[8]')[0].disabled=true;
+ }
+ }
+}
generated by cgit v1.2.3 (git 2.25.1) at 2025-05-10 04:07:09 +0000