diff options
| author | andi <andi@splitbrain.org> | 2005-06-03 22:55:01 +0200 |
|---|---|---|
| committer | andi <andi@splitbrain.org> | 2005-06-03 22:55:01 +0200 |
| commit | 8ef6b7cad0b5839ab823182392161af60f15fd69 (patch) | |
| tree | e143cd40ad8581810fe78fcfac00dcb660a035da | |
| parent | 5ef370d246543eb020ac46989b5ab8717e10a5b0 (diff) | |
| download | rpg-8ef6b7cad0b5839ab823182392161af60f15fd69.tar.gz rpg-8ef6b7cad0b5839ab823182392161af60f15fd69.tar.bz2 | |
Mediafile Deletion and Overwrite Handling #200
This patch enhances the ACL feature by adding another Permission called DELETE - this permission
allows a user to delete or overwrite existing mediafiles. Users with UPLOAD permission are no longer
allowed to overwrite media files.
Users whith DELETE permissions now need to check an additional checkbox to overwrite existing files,
this is to prevent accidently deletions.
Please note: If no ACL is used UPLOAD rights are assumed for everybody - not DELETE rights. This
changes the behaviour from previous versions as UPLOAD does not allow overwriting anymore.
darcs-hash:20050603205501-9977f-1d219b23a79bb097ed0e0b8184dc6d5d8aad578b.gz
| -rw-r--r-- | images/del.png | bin | 0 -> 433 bytes | |||
| -rw-r--r-- | inc/admin_acl.php | 4 | ||||
| -rw-r--r-- | inc/auth.php | 5 | ||||
| -rw-r--r-- | inc/template.php | 24 | ||||
| -rw-r--r-- | lang/de/lang.php | 5 | ||||
| -rw-r--r-- | lang/en/lang.php | 5 | ||||
| -rw-r--r-- | media.php | 45 |
7 files changed, 75 insertions, 13 deletions
diff --git a/images/del.png b/images/del.png Binary files differnew file mode 100644 index 000000000..a3260d718 --- /dev/null +++ b/images/del.png diff --git a/inc/admin_acl.php b/inc/admin_acl.php index 5dc907049..fcf9d9ae3 100644 --- a/inc/admin_acl.php +++ b/inc/admin_acl.php @@ -28,7 +28,7 @@ function admin_acl_handler(){ if($type == '@') $user = '@'.$user; if($user == '@all') $user = '@ALL'; //special group! (now case insensitive) $perm = (int) $perm; - if($perm > AUTH_UPLOAD) $perm = AUTH_UPLOAD; + if($perm > AUTH_DELETE) $perm = AUTH_DELETE; //FIXME sanitize scope!!! //nothing to do? @@ -374,7 +374,7 @@ function admin_acl_html_checkboxes($setperm,$ispage){ static $label = 0; //number labels $ret = ''; - foreach(array(AUTH_READ,AUTH_EDIT,AUTH_CREATE,AUTH_UPLOAD) as $perm){ + foreach(array(AUTH_READ,AUTH_EDIT,AUTH_CREATE,AUTH_UPLOAD,AUTH_DELETE) as $perm){ $label += 1; //general checkbox attributes diff --git a/inc/auth.php b/inc/auth.php index a948a544f..a55cfbc51 100644 --- a/inc/auth.php +++ b/inc/auth.php @@ -23,6 +23,7 @@ define('AUTH_EDIT',2); define('AUTH_CREATE',4); define('AUTH_UPLOAD',8); + define('AUTH_DELETE',16); define('AUTH_ADMIN',255); if($conf['useacl']){ @@ -249,7 +250,7 @@ function auth_aclcheck($id,$user,$groups){ foreach($matches as $match){ $match = preg_replace('/#.*$/','',$match); //ignore comments $acl = preg_split('/\s+/',$match); - if($acl[2] > AUTH_UPLOAD) $acl[2] = AUTH_UPLOAD; //no admins in the ACL! + if($acl[2] > AUTH_DELETE) $acl[2] = AUTH_DELETE; //no admins in the ACL! if($acl[2] > $perm){ $perm = $acl[2]; } @@ -273,7 +274,7 @@ function auth_aclcheck($id,$user,$groups){ foreach($matches as $match){ $match = preg_replace('/#.*$/','',$match); //ignore comments $acl = preg_split('/\s+/',$match); - if($acl[2] > AUTH_UPLOAD) $acl[2] = AUTH_UPLOAD; //no admins in the ACL! + if($acl[2] > AUTH_DELETE) $acl[2] = AUTH_DELETE; //no admins in the ACL! if($acl[2] > $perm){ $perm = $acl[2]; } diff --git a/inc/template.php b/inc/template.php index 1f54c5f99..11a1112d0 100644 --- a/inc/template.php +++ b/inc/template.php @@ -548,6 +548,7 @@ function tpl_mediafilelist(){ global $conf; global $lang; global $NS; + global $AUTH; $dir = utf8_encodeFN(str_replace(':','/',$NS)); $data = array(); @@ -564,11 +565,27 @@ function tpl_mediafilelist(){ ptln('<a href="javascript:mediaSelect(\''.$item['id'].'\')">'. utf8_decodeFN($item['file']). '</a>',6); + + //prepare deletion button + if($AUTH >= AUTH_DELETE){ + $ask = $lang['del_confirm'].'\\n'; + $ask .= $item['id']; + + $del = '<a href="media.php?delete='.urlencode($item['id']).'" '. + 'onclick="return confirm(\''.$ask.'\')" onkeypress="return confirm(\''.$ask.'\')">'. + '<img src="'.DOKU_BASE.'images/del.png" alt="'.$lang['btn_delete'].'" '. + 'align="bottom" title="'.$lang['btn_delete'].'" /></a>'; + }else{ + $del = ''; + } + + if($item['isimg']){ $w = $item['info'][0]; $h = $item['info'][1]; - ptln('('.$w.'×'.$h.' '.filesize_h($item['size']).')<br />',6); + ptln('('.$w.'×'.$h.' '.filesize_h($item['size']).')',6); + ptln($del.'<br />',6); ptln('<a href="javascript:mediaSelect(\''.$item['id'].'\')">'); if($w>120){ @@ -580,6 +597,7 @@ function tpl_mediafilelist(){ }else{ ptln ('('.filesize_h($item['size']).')',6); + ptln($del,6); } ptln('</li>',4); } @@ -594,6 +612,7 @@ function tpl_mediafilelist(){ function tpl_mediauploadform(){ global $NS; global $UPLOADOK; + global $AUTH; global $lang; if(!$UPLOADOK) return; @@ -606,6 +625,9 @@ function tpl_mediauploadform(){ ptln($lang['txt_filename'].'<br />',4); ptln('<input type="text" name="id" class="edit" />',4); ptln('<input type="submit" class="button" value="'.$lang['btn_upload'].'" accesskey="s" />',4); + if($AUTH >= AUTH_DELETE){ + ptln('<label for="ow" class="simple"><input type="checkbox" name="ow" value="1" id="ow">'.$lang['txt_overwrt'].'</label>',4); + } ptln('</form>',2); } diff --git a/lang/de/lang.php b/lang/de/lang.php index c4f65d814..bc6ff749a 100644 --- a/lang/de/lang.php +++ b/lang/de/lang.php @@ -53,8 +53,9 @@ $lang['reqbadpass'] = 'Die beiden eingegeben Passwörter stimmen nicht überein. $lang['regpwmail'] = 'Ihr DokuWiki Passwort'; $lang['reghere'] = 'Sie haben noch keinen Zugang? Hier anmelden'; -$lang['txt_upload'] = 'Datei zum Hochladen auswählen'; +$lang['txt_upload'] = 'Datei zum Hochladen auswählen'; $lang['txt_filename'] = 'Wikinamen eingeben (optional)'; +$lang['txt_overwrt'] = 'Bestehende Datei überschreiben'; $lang['lockedby'] = 'Momentan gesperrt von'; $lang['lockexpire'] = 'Sperre läuft ab am'; $lang['willexpire'] = 'Die Sperre zur Bearbeitung dieser Seite läuft in einer Minute ab.\nUm Bearbeitungskonflikte zu vermeiden, sollten sie sie durch einen Klick auf den Vorschau-Knopf verlängern.'; @@ -69,6 +70,7 @@ $lang['fileupload'] = 'Datei hochladen'; $lang['uploadsucc'] = 'Datei wurde erfolgreich hochgeladen'; $lang['uploadfail'] = 'Hochladen fehlgeschlagen. Keine Berechtigung?'; $lang['uploadwrong'] = 'Hochladen verweigert. Diese Dateiendung ist nicht erlaubt.'; +$lang['uploadexist'] = 'Datei existiert bereits. Keine Änderungen vorgenommen.'; $lang['namespaces'] = 'Namensräume'; $lang['mediafiles'] = 'Vorhandene Dateien in'; @@ -125,6 +127,7 @@ $lang['acl_perm1'] = 'Lesen'; $lang['acl_perm2'] = 'Bearbeiten'; $lang['acl_perm4'] = 'Anlegen'; $lang['acl_perm8'] = 'Hochladen'; +$lang['acl_perm16'] = 'Entfernen'; $lang['acl_new'] = 'Eintrag hinzufügen'; //Setup VIM: ex: et ts=2 enc=utf-8 : diff --git a/lang/en/lang.php b/lang/en/lang.php index 49773b594..7d6667429 100644 --- a/lang/en/lang.php +++ b/lang/en/lang.php @@ -54,6 +54,7 @@ $lang['reghere'] = 'You don\'t have an account yet? Just get one'; $lang['txt_upload'] = 'Select file to upload'; $lang['txt_filename'] = 'Enter wikiname (optional)'; +$lang['txt_overwrt'] = 'Overwrite existing file'; $lang['lockedby'] = 'Currently locked by'; $lang['lockexpire'] = 'Lock expires at'; $lang['willexpire'] = 'Your lock for editing this page is about to expire in a minute.\nTo avoid conflicts use the preview button to reset the locktimer.'; @@ -66,7 +67,8 @@ $lang['mediaselect'] = 'Mediafile Selection'; $lang['fileupload'] = 'Mediafile Upload'; $lang['uploadsucc'] = 'Upload successful'; $lang['uploadfail'] = 'Upload failed. Maybe wrong permissions?'; -$lang['uploadwrong'] = 'Upload denied. This file extension is forbidden'; +$lang['uploadwrong'] = 'Upload denied. This file extension is forbidden!'; +$lang['uploadexist'] = 'File already exists. Nothing done.'; $lang['namespaces'] = 'Namespaces'; $lang['mediafiles'] = 'Available files in'; @@ -123,6 +125,7 @@ $lang['acl_perm1'] = 'Read'; $lang['acl_perm2'] = 'Edit'; $lang['acl_perm4'] = 'Create'; $lang['acl_perm8'] = 'Upload'; +$lang['acl_perm16'] = 'Delete'; $lang['acl_new'] = 'Add new Entry'; //Setup VIM: ex: et ts=2 enc=utf-8 : @@ -11,11 +11,18 @@ header('Content-Type: text/html; charset='.$lang['encoding']); - $NS = $_REQUEST['ns']; - $NS = cleanID($NS); + //get namespace to display (either direct or from deletion order) + if($_REQUEST['delete']){ + $DEL = cleanID($_REQUEST['delete']); + $NS = getNS($DEL); + }else{ + $NS = $_REQUEST['ns']; + $NS = cleanID($NS); + } //check upload permissions - if(auth_quickaclcheck("$NS:*") >= AUTH_UPLOAD){ + $AUTH = auth_quickaclcheck("$NS:*"); + if($AUTH >= AUTH_UPLOAD){ $UPLOADOK = true; //create the given namespace (just for beautification) $mdir = $conf['mediadir'].'/'.utf8_encodeFN(str_replace(':','/',$NS)); @@ -24,8 +31,14 @@ $UPLOADOK = false; } + //handle deletion + if($DEL && $AUTH >= AUTH_DELETE){ + media_delete($DEL); + } + + //handle upload if($_FILES['upload']['tmp_name'] && $UPLOADOK){ - media_upload($NS); + media_upload($NS,$AUTH); } //start output and load template @@ -38,11 +51,26 @@ /**********************************************/ /** + * Deletes mediafiles - Auth is not handled here! + * + * @author Andreas Gohr <andi@splitbrain.org> + */ +function media_delete($delid){ + $file = mediaFN($delid); + if(@unlink($file)){ + return true; + } + //something went wrong + msg("'$file' couldn't be deleted - check permissions",-1); + return false; +} + +/** * Handles Mediafile uploads * * @author Andreas Gohr <andi@splitbrain.org> */ -function media_upload($NS){ +function media_upload($NS,$AUTH){ require_once(DOKU_INC.'inc/confutils.php'); global $lang; global $conf; @@ -65,9 +93,14 @@ function media_upload($NS){ // because a temp file was created already umask($conf['umask']); if(preg_match('/\.('.$regex.')$/i',$fn)){ + //check for overwrite + if(@file_exists($fn) && (!$_POST['ow'] || $AUTH < AUTH_DELETE)){ + msg($lang['uploadexist'],0); + return false; + } // prepare directory io_makeFileDir($fn); - if (move_uploaded_file($file['tmp_name'], $fn)) { + if(move_uploaded_file($file['tmp_name'], $fn)) { // set the correct permission here chmod($fn, 0777 - $conf['umask']); msg($lang['uploadsucc'],1); |
