manager user/group

This patch adds support for a manager option as suggested in
http://www.freelists.org/archives/dokuwiki/11-2006/msg00314.html

darcs-hash:20061203134104-7ad00-72ff6422bbb4f79be325c7e77255e1eee32d0f6b.gz

6 files changed, 92 insertions, 7 deletions

diff --git a/inc/actions.php b/inc/actions.php
index 8d7479d0e..b37106ec5 100644
--- a/inc/actions.php
+++ b/inc/actions.php
@@ -208,7 +208,13 @@ function act_permcheck($act){
   }elseif($act == 'resendpwd'){
     $permneed = AUTH_NONE;
   }elseif($act == 'admin'){
-    $permneed = AUTH_ADMIN;
+    if($INFO['ismanager']){
+      // if the manager has the needed permissions for a certain admin
+      // action is checked later
+      $permneed = AUTH_READ;
+    }else{
+      $permneed = AUTH_ADMIN;
+    }
   }else{
     $permneed = AUTH_READ;
   }
diff --git a/inc/auth.php b/inc/auth.php
index bedc3877e..35c2e48d3 100644
--- a/inc/auth.php
+++ b/inc/auth.php
@@ -242,6 +242,63 @@ function auth_logoff(){
 }
 
 /**
+ * Check if a user is a manager
+ *
+ * Should usually be called without any parameters to check the current
+ * user.
+ *
+ * The info is available through $INFO['ismanager'], too
+ *
+ * @author Andreas Gohr <andi@splitbrain.org>
+ * @see    auth_isadmin
+ * @param  string user      - Username
+ * @param  array  groups    - List of groups the user is in
+ * @param  bool   adminonly - when true checks if user is admin
+ */
+function auth_ismanager($user=null,$groups=null,$adminonly=false){
+  global $conf;
+  global $USERINFO;
+
+  if(!$conf['useacl']) return false;
+  if(is_null($user))   $user   = $_SERVER['REMOTE_USER'];
+  if(is_null($groups)) $groups = $USERINFO['grps'];
+  $user   = auth_nameencode($user);
+
+  // check username against superuser and manager
+  if(auth_nameencode($conf['superuser']) == $user) return true;
+  if(!$adminonly){
+    if(auth_nameencode($conf['manager']) == $user) return true;
+  }
+
+  //prepend groups with @ and nameencode
+  $cnt = count($groups);
+  for($i=0; $i<$cnt; $i++){
+    $groups[$i] = '@'.auth_nameencode($groups[$i]);
+  }
+
+  // check groups against superuser and manager
+  if(in_array(auth_nameencode($conf['superuser'],true), $groups)) return true;
+  if(!$adminonly){
+    if(in_array(auth_nameencode($conf['manager'],true), $groups)) return true;
+  }
+  return false;
+}
+
+/**
+ * Check if a user is admin
+ *
+ * Alias to auth_ismanager with adminonly=true
+ *
+ * The info is available through $INFO['isadmin'], too
+ *
+ * @author Andreas Gohr <andi@splitbrain.org>
+ * @see auth_ismanager
+ */
+function auth_isadmin($user=null,$groups=null){
+  return auth_ismanager($user,$groups,true);
+}
+
+/**
  * Convinience function for auth_aclcheck()
  *
  * This checks the permissions for the current user
diff --git a/inc/common.php b/inc/common.php
index af1d2248b..711df9d11 100644
--- a/inc/common.php
+++ b/inc/common.php
@@ -76,6 +76,16 @@ function pageinfo(){
     $info['subscribed'] = is_subscribed($ID,$_SERVER['REMOTE_USER']);
     $info['client']     = $_SERVER['REMOTE_USER'];
 
+    // set info about manager/admin status
+    $info['isadmin']   = false;
+    $info['ismanager'] = false;
+    if($info['perm'] == AUTH_ADMIN){
+      $info['isadmin']   = true;
+      $info['ismanager'] = true;
+    }elseif(auth_ismanager()){
+      $info['ismanager'] = true;
+    }
+
     // if some outside auth were used only REMOTE_USER is set
     if(!$info['userinfo']['name']){
       $info['userinfo']['name'] = $_SERVER['REMOTE_USER'];
diff --git a/inc/html.php b/inc/html.php
index 106c10f60..d5a7a232e 100644
--- a/inc/html.php
+++ b/inc/html.php
@@ -1274,6 +1274,7 @@ function html_debug(){
 
 function html_admin(){
   global $ID;
+  global $INFO;
   global $lang;
   global $conf;
 
@@ -1284,6 +1285,10 @@ function html_admin(){
   $menu = array();
   foreach ($pluginlist as $p) {
     if($obj =& plugin_load('admin',$p) === NULL) continue;
+
+    // check permissions
+    if($obj->forAdminOnly() && !$INFO['isadmin']) continue;
+
     $menu[] = array('plugin' => $p,
                     'prompt' => $obj->getMenuText($conf['lang']),
                     'sort' => $obj->getMenuSort()
diff --git a/inc/infoutils.php b/inc/infoutils.php
index 7ca45efeb..a6d0c269e 100644
--- a/inc/infoutils.php
+++ b/inc/infoutils.php
@@ -18,7 +18,7 @@ function checkUpdateMessages(){
     global $conf;
     global $INFO;
     if(!$conf['updatecheck']) return;
-    if($conf['useacl'] && $INFO['perm'] < AUTH_ADMIN) return;
+    if($conf['useacl'] && !$INFO['ismanager']) return;
 
     $cf = $conf['cachedir'].'/messages.txt';
     $lm = @filemtime($cf);
diff --git a/inc/template.php b/inc/template.php
index 9d3efb339..27923f404 100644
--- a/inc/template.php
+++ b/inc/template.php
@@ -137,6 +137,7 @@ function tpl_content_core(){
  * @author Andreas Gohr <andi@splitbrain.org>
  */
 function tpl_admin(){
+    global $INFO;
 
     $plugin = NULL;
     if (!empty($_REQUEST['page'])) {
@@ -149,10 +150,16 @@ function tpl_admin(){
         }
     }
 
-    if ($plugin !== NULL)
-        $plugin->html();
-    else
+    if ($plugin !== NULL){
+        if($plugin->forAdminOnly() && !$INFO['isadmin']){
+            msg('For admins only',-1);
+            html_admin();
+        }else{
+            $plugin->html();
+        }
+    }else{
         html_admin();
+    }
 }
 
 /**
@@ -422,7 +429,7 @@ function tpl_button($type){
       }
       break;
     case 'admin':
-      if($INFO['perm'] == AUTH_ADMIN)
+      if($INFO['ismanager'])
         print html_btn('admin',$ID,'',array('do' => 'admin'));
       break;
     case 'backtomedia':
@@ -549,7 +556,7 @@ function tpl_actionlink($type,$pre='',$suf=''){
       }
       return false;
     case 'admin':
-      if($INFO['perm'] == AUTH_ADMIN){
+      if($INFO['ismanager']){
         tpl_link(wl($ID,'do=admin'),$pre.$lang['btn_admin'].$suf,'class="action admin"');
         return true;
       }