diff options
| -rw-r--r-- | conf/dokuwiki.php | 1 | ||||
| -rw-r--r-- | inc/actions.php | 8 | ||||
| -rw-r--r-- | inc/auth.php | 57 | ||||
| -rw-r--r-- | inc/common.php | 10 | ||||
| -rw-r--r-- | inc/html.php | 5 | ||||
| -rw-r--r-- | inc/infoutils.php | 2 | ||||
| -rw-r--r-- | inc/template.php | 17 | ||||
| -rw-r--r-- | lib/plugins/admin.php | 44 | ||||
| -rw-r--r-- | lib/plugins/config/lang/en/lang.php | 3 | ||||
| -rw-r--r-- | lib/plugins/config/settings/config.metadata.php | 1 | ||||
| -rw-r--r-- | lib/plugins/revert/admin.php | 7 |
11 files changed, 126 insertions, 29 deletions
diff --git a/conf/dokuwiki.php b/conf/dokuwiki.php index b239d54d2..98c446d58 100644 --- a/conf/dokuwiki.php +++ b/conf/dokuwiki.php @@ -63,6 +63,7 @@ $conf['authtype'] = 'plain'; //which authentication backend should b $conf['passcrypt'] = 'smd5'; //Used crypt method (smd5,md5,sha1,ssha,crypt,mysql,my411) $conf['defaultgroup']= 'user'; //Default groups new Users are added to $conf['superuser'] = '!!not set!!'; //The admin can be user or @group +$conf['manager'] = '!!not set!!'; //The manager can be user or @group $conf['profileconfirm'] = '1'; //Require current password to confirm changes to user profile $conf['disableactions'] = ''; //comma separated list of actions to disable diff --git a/inc/actions.php b/inc/actions.php index 8d7479d0e..b37106ec5 100644 --- a/inc/actions.php +++ b/inc/actions.php @@ -208,7 +208,13 @@ function act_permcheck($act){ }elseif($act == 'resendpwd'){ $permneed = AUTH_NONE; }elseif($act == 'admin'){ - $permneed = AUTH_ADMIN; + if($INFO['ismanager']){ + // if the manager has the needed permissions for a certain admin + // action is checked later + $permneed = AUTH_READ; + }else{ + $permneed = AUTH_ADMIN; + } }else{ $permneed = AUTH_READ; } diff --git a/inc/auth.php b/inc/auth.php index bedc3877e..35c2e48d3 100644 --- a/inc/auth.php +++ b/inc/auth.php @@ -242,6 +242,63 @@ function auth_logoff(){ } /** + * Check if a user is a manager + * + * Should usually be called without any parameters to check the current + * user. + * + * The info is available through $INFO['ismanager'], too + * + * @author Andreas Gohr <andi@splitbrain.org> + * @see auth_isadmin + * @param string user - Username + * @param array groups - List of groups the user is in + * @param bool adminonly - when true checks if user is admin + */ +function auth_ismanager($user=null,$groups=null,$adminonly=false){ + global $conf; + global $USERINFO; + + if(!$conf['useacl']) return false; + if(is_null($user)) $user = $_SERVER['REMOTE_USER']; + if(is_null($groups)) $groups = $USERINFO['grps']; + $user = auth_nameencode($user); + + // check username against superuser and manager + if(auth_nameencode($conf['superuser']) == $user) return true; + if(!$adminonly){ + if(auth_nameencode($conf['manager']) == $user) return true; + } + + //prepend groups with @ and nameencode + $cnt = count($groups); + for($i=0; $i<$cnt; $i++){ + $groups[$i] = '@'.auth_nameencode($groups[$i]); + } + + // check groups against superuser and manager + if(in_array(auth_nameencode($conf['superuser'],true), $groups)) return true; + if(!$adminonly){ + if(in_array(auth_nameencode($conf['manager'],true), $groups)) return true; + } + return false; +} + +/** + * Check if a user is admin + * + * Alias to auth_ismanager with adminonly=true + * + * The info is available through $INFO['isadmin'], too + * + * @author Andreas Gohr <andi@splitbrain.org> + * @see auth_ismanager + */ +function auth_isadmin($user=null,$groups=null){ + return auth_ismanager($user,$groups,true); +} + +/** * Convinience function for auth_aclcheck() * * This checks the permissions for the current user diff --git a/inc/common.php b/inc/common.php index af1d2248b..711df9d11 100644 --- a/inc/common.php +++ b/inc/common.php @@ -76,6 +76,16 @@ function pageinfo(){ $info['subscribed'] = is_subscribed($ID,$_SERVER['REMOTE_USER']); $info['client'] = $_SERVER['REMOTE_USER']; + // set info about manager/admin status + $info['isadmin'] = false; + $info['ismanager'] = false; + if($info['perm'] == AUTH_ADMIN){ + $info['isadmin'] = true; + $info['ismanager'] = true; + }elseif(auth_ismanager()){ + $info['ismanager'] = true; + } + // if some outside auth were used only REMOTE_USER is set if(!$info['userinfo']['name']){ $info['userinfo']['name'] = $_SERVER['REMOTE_USER']; diff --git a/inc/html.php b/inc/html.php index 106c10f60..d5a7a232e 100644 --- a/inc/html.php +++ b/inc/html.php @@ -1274,6 +1274,7 @@ function html_debug(){ function html_admin(){ global $ID; + global $INFO; global $lang; global $conf; @@ -1284,6 +1285,10 @@ function html_admin(){ $menu = array(); foreach ($pluginlist as $p) { if($obj =& plugin_load('admin',$p) === NULL) continue; + + // check permissions + if($obj->forAdminOnly() && !$INFO['isadmin']) continue; + $menu[] = array('plugin' => $p, 'prompt' => $obj->getMenuText($conf['lang']), 'sort' => $obj->getMenuSort() diff --git a/inc/infoutils.php b/inc/infoutils.php index 7ca45efeb..a6d0c269e 100644 --- a/inc/infoutils.php +++ b/inc/infoutils.php @@ -18,7 +18,7 @@ function checkUpdateMessages(){ global $conf; global $INFO; if(!$conf['updatecheck']) return; - if($conf['useacl'] && $INFO['perm'] < AUTH_ADMIN) return; + if($conf['useacl'] && !$INFO['ismanager']) return; $cf = $conf['cachedir'].'/messages.txt'; $lm = @filemtime($cf); diff --git a/inc/template.php b/inc/template.php index 9d3efb339..27923f404 100644 --- a/inc/template.php +++ b/inc/template.php @@ -137,6 +137,7 @@ function tpl_content_core(){ * @author Andreas Gohr <andi@splitbrain.org> */ function tpl_admin(){ + global $INFO; $plugin = NULL; if (!empty($_REQUEST['page'])) { @@ -149,10 +150,16 @@ function tpl_admin(){ } } - if ($plugin !== NULL) - $plugin->html(); - else + if ($plugin !== NULL){ + if($plugin->forAdminOnly() && !$INFO['isadmin']){ + msg('For admins only',-1); + html_admin(); + }else{ + $plugin->html(); + } + }else{ html_admin(); + } } /** @@ -422,7 +429,7 @@ function tpl_button($type){ } break; case 'admin': - if($INFO['perm'] == AUTH_ADMIN) + if($INFO['ismanager']) print html_btn('admin',$ID,'',array('do' => 'admin')); break; case 'backtomedia': @@ -549,7 +556,7 @@ function tpl_actionlink($type,$pre='',$suf=''){ } return false; case 'admin': - if($INFO['perm'] == AUTH_ADMIN){ + if($INFO['ismanager']){ tpl_link(wl($ID,'do=admin'),$pre.$lang['btn_admin'].$suf,'class="action admin"'); return true; } diff --git a/lib/plugins/admin.php b/lib/plugins/admin.php index 0cf12ad93..22867a93d 100644 --- a/lib/plugins/admin.php +++ b/lib/plugins/admin.php @@ -1,7 +1,7 @@ <?php /** * Admin Plugin Prototype - * + * * @license GPL 2 (http://www.gnu.org/licenses/gpl.html) * @author Christopher Smith <chris@jalakai.co.uk> */ @@ -17,27 +17,29 @@ require_once(DOKU_PLUGIN.'base.php'); */ class DokuWiki_Admin_Plugin extends DokuWiki_Plugin { - function getMenuText($language) { - $menutext = $this->getLang('menu'); - if (!$menutext) { - $info = $this->getInfo(); - $menutext = $info['name'].' ...'; - } - return $menutext; - } + function getMenuText($language) { + $menutext = $this->getLang('menu'); + if (!$menutext) { + $info = $this->getInfo(); + $menutext = $info['name'].' ...'; + } + return $menutext; + } - function getMenuSort() { - return 1000; - } + function getMenuSort() { + return 1000; + } - function handle() { - trigger_error('handle() not implemented in '.get_class($this), E_USER_WARNING); - } + function handle() { + trigger_error('handle() not implemented in '.get_class($this), E_USER_WARNING); + } - function html() { - trigger_error('html() not implemented in '.get_class($this), E_USER_WARNING); - } - - + function html() { + trigger_error('html() not implemented in '.get_class($this), E_USER_WARNING); + } + + function forAdminOnly() { + return true; + } } -//Setup VIM: ex: et ts=4 enc=utf-8 :
\ No newline at end of file +//Setup VIM: ex: et ts=4 enc=utf-8 : diff --git a/lib/plugins/config/lang/en/lang.php b/lib/plugins/config/lang/en/lang.php index 70109e5fb..a415ca464 100644 --- a/lib/plugins/config/lang/en/lang.php +++ b/lib/plugins/config/lang/en/lang.php @@ -87,7 +87,8 @@ $lang['autopasswd'] = 'Autogenerate passwords'; $lang['authtype'] = 'Authentication backend'; $lang['passcrypt'] = 'Password encryption method'; $lang['defaultgroup']= 'Default group'; -$lang['superuser'] = 'Superuser'; +$lang['superuser'] = 'Superuser - a group or user with full access to all pages and functions regardless of the ACL settings'; +$lang['manager'] = 'Manager - a group or user with access to certain management functions'; $lang['profileconfirm'] = 'Confirm profile changes with password'; $lang['disableactions'] = 'Disable DokuWiki actions'; $lang['disableactions_check'] = 'Check'; diff --git a/lib/plugins/config/settings/config.metadata.php b/lib/plugins/config/settings/config.metadata.php index 38a24ebb8..3ef6c79b1 100644 --- a/lib/plugins/config/settings/config.metadata.php +++ b/lib/plugins/config/settings/config.metadata.php @@ -110,6 +110,7 @@ $meta['authtype'] = array('authtype'); $meta['passcrypt'] = array('multichoice','_choices' => array('smd5','md5','sha1','ssha','crypt','mysql','my411')); $meta['defaultgroup']= array('string'); $meta['superuser'] = array('string'); +$meta['manager'] = array('string'); $meta['profileconfirm'] = array('onoff'); $meta['registernotify'] = array('email'); $meta['disableactions'] = array('disableactions', diff --git a/lib/plugins/revert/admin.php b/lib/plugins/revert/admin.php index 879cd961c..b9c196297 100644 --- a/lib/plugins/revert/admin.php +++ b/lib/plugins/revert/admin.php @@ -33,6 +33,13 @@ class admin_plugin_revert extends DokuWiki_Admin_Plugin { } /** + * access for managers + */ + function forAdminOnly(){ + return false; + } + + /** * return sort order for position in admin menu */ function getMenuSort() { |