diff options
| author | andi <andi@splitbrain.org> | 2005-06-03 22:55:01 +0200 |
|---|---|---|
| committer | andi <andi@splitbrain.org> | 2005-06-03 22:55:01 +0200 |
| commit | 8ef6b7cad0b5839ab823182392161af60f15fd69 (patch) | |
| tree | e143cd40ad8581810fe78fcfac00dcb660a035da /inc | |
| parent | 5ef370d246543eb020ac46989b5ab8717e10a5b0 (diff) | |
| download | rpg-8ef6b7cad0b5839ab823182392161af60f15fd69.tar.gz rpg-8ef6b7cad0b5839ab823182392161af60f15fd69.tar.bz2 | |
Mediafile Deletion and Overwrite Handling #200
This patch enhances the ACL feature by adding another Permission called DELETE - this permission
allows a user to delete or overwrite existing mediafiles. Users with UPLOAD permission are no longer
allowed to overwrite media files.
Users whith DELETE permissions now need to check an additional checkbox to overwrite existing files,
this is to prevent accidently deletions.
Please note: If no ACL is used UPLOAD rights are assumed for everybody - not DELETE rights. This
changes the behaviour from previous versions as UPLOAD does not allow overwriting anymore.
darcs-hash:20050603205501-9977f-1d219b23a79bb097ed0e0b8184dc6d5d8aad578b.gz
Diffstat (limited to 'inc')
| -rw-r--r-- | inc/admin_acl.php | 4 | ||||
| -rw-r--r-- | inc/auth.php | 5 | ||||
| -rw-r--r-- | inc/template.php | 24 |
3 files changed, 28 insertions, 5 deletions
diff --git a/inc/admin_acl.php b/inc/admin_acl.php index 5dc907049..fcf9d9ae3 100644 --- a/inc/admin_acl.php +++ b/inc/admin_acl.php @@ -28,7 +28,7 @@ function admin_acl_handler(){ if($type == '@') $user = '@'.$user; if($user == '@all') $user = '@ALL'; //special group! (now case insensitive) $perm = (int) $perm; - if($perm > AUTH_UPLOAD) $perm = AUTH_UPLOAD; + if($perm > AUTH_DELETE) $perm = AUTH_DELETE; //FIXME sanitize scope!!! //nothing to do? @@ -374,7 +374,7 @@ function admin_acl_html_checkboxes($setperm,$ispage){ static $label = 0; //number labels $ret = ''; - foreach(array(AUTH_READ,AUTH_EDIT,AUTH_CREATE,AUTH_UPLOAD) as $perm){ + foreach(array(AUTH_READ,AUTH_EDIT,AUTH_CREATE,AUTH_UPLOAD,AUTH_DELETE) as $perm){ $label += 1; //general checkbox attributes diff --git a/inc/auth.php b/inc/auth.php index a948a544f..a55cfbc51 100644 --- a/inc/auth.php +++ b/inc/auth.php @@ -23,6 +23,7 @@ define('AUTH_EDIT',2); define('AUTH_CREATE',4); define('AUTH_UPLOAD',8); + define('AUTH_DELETE',16); define('AUTH_ADMIN',255); if($conf['useacl']){ @@ -249,7 +250,7 @@ function auth_aclcheck($id,$user,$groups){ foreach($matches as $match){ $match = preg_replace('/#.*$/','',$match); //ignore comments $acl = preg_split('/\s+/',$match); - if($acl[2] > AUTH_UPLOAD) $acl[2] = AUTH_UPLOAD; //no admins in the ACL! + if($acl[2] > AUTH_DELETE) $acl[2] = AUTH_DELETE; //no admins in the ACL! if($acl[2] > $perm){ $perm = $acl[2]; } @@ -273,7 +274,7 @@ function auth_aclcheck($id,$user,$groups){ foreach($matches as $match){ $match = preg_replace('/#.*$/','',$match); //ignore comments $acl = preg_split('/\s+/',$match); - if($acl[2] > AUTH_UPLOAD) $acl[2] = AUTH_UPLOAD; //no admins in the ACL! + if($acl[2] > AUTH_DELETE) $acl[2] = AUTH_DELETE; //no admins in the ACL! if($acl[2] > $perm){ $perm = $acl[2]; } diff --git a/inc/template.php b/inc/template.php index 1f54c5f99..11a1112d0 100644 --- a/inc/template.php +++ b/inc/template.php @@ -548,6 +548,7 @@ function tpl_mediafilelist(){ global $conf; global $lang; global $NS; + global $AUTH; $dir = utf8_encodeFN(str_replace(':','/',$NS)); $data = array(); @@ -564,11 +565,27 @@ function tpl_mediafilelist(){ ptln('<a href="javascript:mediaSelect(\''.$item['id'].'\')">'. utf8_decodeFN($item['file']). '</a>',6); + + //prepare deletion button + if($AUTH >= AUTH_DELETE){ + $ask = $lang['del_confirm'].'\\n'; + $ask .= $item['id']; + + $del = '<a href="media.php?delete='.urlencode($item['id']).'" '. + 'onclick="return confirm(\''.$ask.'\')" onkeypress="return confirm(\''.$ask.'\')">'. + '<img src="'.DOKU_BASE.'images/del.png" alt="'.$lang['btn_delete'].'" '. + 'align="bottom" title="'.$lang['btn_delete'].'" /></a>'; + }else{ + $del = ''; + } + + if($item['isimg']){ $w = $item['info'][0]; $h = $item['info'][1]; - ptln('('.$w.'×'.$h.' '.filesize_h($item['size']).')<br />',6); + ptln('('.$w.'×'.$h.' '.filesize_h($item['size']).')',6); + ptln($del.'<br />',6); ptln('<a href="javascript:mediaSelect(\''.$item['id'].'\')">'); if($w>120){ @@ -580,6 +597,7 @@ function tpl_mediafilelist(){ }else{ ptln ('('.filesize_h($item['size']).')',6); + ptln($del,6); } ptln('</li>',4); } @@ -594,6 +612,7 @@ function tpl_mediafilelist(){ function tpl_mediauploadform(){ global $NS; global $UPLOADOK; + global $AUTH; global $lang; if(!$UPLOADOK) return; @@ -606,6 +625,9 @@ function tpl_mediauploadform(){ ptln($lang['txt_filename'].'<br />',4); ptln('<input type="text" name="id" class="edit" />',4); ptln('<input type="submit" class="button" value="'.$lang['btn_upload'].'" accesskey="s" />',4); + if($AUTH >= AUTH_DELETE){ + ptln('<label for="ow" class="simple"><input type="checkbox" name="ow" value="1" id="ow">'.$lang['txt_overwrt'].'</label>',4); + } ptln('</form>',2); } |