summaryrefslogtreecommitdiff
path: root/inc
diff options
context:
space:
mode:
Diffstat (limited to 'inc')
-rw-r--r--inc/acl_admin.php121
-rw-r--r--inc/auth.php32
-rw-r--r--inc/html.php147
3 files changed, 298 insertions, 2 deletions
diff --git a/inc/acl_admin.php b/inc/acl_admin.php
new file mode 100644
index 000000000..f7cd7fbd7
--- /dev/null
+++ b/inc/acl_admin.php
@@ -0,0 +1,121 @@
+<?php
+/**
+ * $ID is pagename, reads matching lines from $AUTH_ACL,
+ * also reads acls from namespace
+ * returns multi-array with key=pagename and value=array(user, acl)
+ *
+ * @author Frank Schubert <frank@schokilade.de>
+ */
+function get_acl_config($ID){
+ global $AUTH_ACL;
+
+ $acl_config=array();
+
+ // match exact name
+ $matches = preg_grep('/^'.$ID.'\s+.*/',$AUTH_ACL);
+ if(count($matches)){
+ foreach($matches as $match){
+ $match = preg_replace('/#.*$/','',$match); //ignore comments
+ $acl = preg_split('/\s+/',$match);
+ //0 is pagename, 1 is user, 2 is acl
+ $acl_config["$acl[0]"][]=array($acl[1],$acl[2]);
+ }
+ }
+
+ $specific_found=array();
+ // match ns
+ if(($ID=getNS($ID)) !== false){
+ $matches = preg_grep('/^'.$ID.':\*\s+.*/',$AUTH_ACL);
+ if(count($matches)){
+ foreach($matches as $match){
+ $match = preg_replace('/#.*$/','',$match); //ignore comments
+ $acl = preg_split('/\s+/',$match);
+ //0 is pagename, 1 is user, 2 is acl
+ $acl_config["$acl[0]"][]=array($acl[1],$acl[2]);
+ $specific_found[]=$acl[1];
+ }
+ }
+ }
+
+ //include *-config
+ $matches = preg_grep('/^\*\s+.*/',$AUTH_ACL);
+ if(count($matches)){
+ foreach($matches as $match){
+ $match = preg_replace('/#.*$/','',$match); //ignore comments
+ $acl = preg_split('/\s+/',$match);
+ // only include * for this user if not already found in ns
+ if(!in_array($acl[1], $specific_found)){
+ //0 is pagename, 1 is user, 2 is acl
+ $acl_config["$acl[0]"][]=array($acl[1],$acl[2]);
+ }
+ }
+ }
+
+ //sort
+ //FIXME: better sort algo: first sort by key, then sort by first value
+ krsort($acl_config, SORT_STRING);
+
+ return($acl_config);
+}
+
+/**
+ * adds new acl-entry to conf/acl.auth
+ *
+ * @author Frank Schubert <frank@schokilade.de>
+ */
+function acl_admin_add($acl_scope, $acl_user, $acl_level){
+ if($acl_scope === '' || $acl_user === '' || $acl_level === '') { return false; }
+
+ $acl_config = join("",file('conf/acl.auth'));
+
+ // max level for pagenames is 2
+ if(strpos("*", $acl_scope) === false) {
+ if($acl_level > 2) { $acl_level = 2; }
+ }
+
+ $new_acl = "$acl_scope\t$acl_user\t$acl_level\n";
+
+ $new_config = $acl_config.$new_acl;
+
+ return io_saveFile("conf/acl.auth", $new_config);
+}
+
+/**
+ * remove acl-entry from conf/acl.auth
+ *
+ * @author Frank Schubert <frank@schokilade.de>
+ */
+function acl_admin_del($acl_scope, $acl_user, $acl_level){
+ if($acl_scope === '' || $acl_user === '' || $acl_level === '') { return false; }
+
+ $acl_pattern = preg_quote($acl_scope)."\s+".$acl_user."\s+".$acl_level."\n";
+
+ $acl_config = file('conf/acl.auth');
+
+ // save all non!-matching
+ $new_config = preg_grep("/$acl_pattern/", $acl_config, PREG_GREP_INVERT);
+
+ return io_saveFile("conf/acl.auth", join("",$new_config));
+}
+
+/**
+ * change existing acl entries
+ *
+ * @author Frank Schubert <frank@schokilade.de>
+ */
+function acl_admin_change($acl_scope, $acl_user, $acl_level, $acl_checkbox){
+
+ $new_level = 0;
+ if(is_array($acl_checkbox)) {
+ foreach($acl_checkbox as $acl_num => $value){
+ if( ($value == "on") &&
+ ($acl_num > $new_level)) {
+ $new_level = $acl_num;
+ }
+ }
+ }
+
+ acl_admin_del($acl_scope, $acl_user, $acl_level);
+ acl_admin_add($acl_scope, $acl_user, $new_level);
+}
+?>
diff --git a/inc/auth.php b/inc/auth.php
index 094319377..1e84d6552 100644
--- a/inc/auth.php
+++ b/inc/auth.php
@@ -16,6 +16,7 @@
require_once(DOKU_INC.'inc/mail.php');
// load the the auth functions
require_once(DOKU_INC.'inc/auth_'.$conf['authtype'].'.php');
+ require_once(DOKU_INC.'inc/acl_admin.php');
// some ACL level defines
define('AUTH_NONE',0);
@@ -23,11 +24,11 @@
define('AUTH_EDIT',2);
define('AUTH_CREATE',4);
define('AUTH_UPLOAD',8);
- define('AUTH_GRANT',255);
+ define('AUTH_ADMIN',255);
if($conf['useacl']){
auth_login($_REQUEST['u'],$_REQUEST['p'],$_REQUEST['r']);
- // load ACL into a global array
+ //load ACL into a global array
$AUTH_ACL = file('conf/acl.auth');
}
@@ -212,6 +213,16 @@ function auth_aclcheck($id,$user,$groups){
# if no ACL is used always return upload rights
if(!$conf['useacl']) return AUTH_UPLOAD;
+
+ //if user is superuser return 255 (acl_admin)
+ if($conf['superuser'] == $user) { return AUTH_ADMIN; }
+
+ //prepend groups with @
+ for($i=0; $i<count($groups); $i++){
+ $groups[$i] = '@'.$groups[$i];
+ }
+ //if user is in superuser group return 255 (acl_admin)
+ if(in_array($conf['superuser'], $groups)) { return AUTH_ADMIN; }
$ns = getNS($id);
$perm = -1;
@@ -237,6 +248,7 @@ function auth_aclcheck($id,$user,$groups){
foreach($matches as $match){
$match = preg_replace('/#.*$/','',$match); //ignore comments
$acl = preg_split('/\s+/',$match);
+ if($acl[2] > AUTH_UPLOAD) $acl[2] = AUTH_UPLOAD; //no admins in the ACL!
if($acl[2] > $perm){
$perm = $acl[2];
}
@@ -260,6 +272,7 @@ function auth_aclcheck($id,$user,$groups){
foreach($matches as $match){
$match = preg_replace('/#.*$/','',$match); //ignore comments
$acl = preg_split('/\s+/',$match);
+ if($acl[2] > AUTH_UPLOAD) $acl[2] = AUTH_UPLOAD; //no admins in the ACL!
if($acl[2] > $perm){
$perm = $acl[2];
}
@@ -390,4 +403,19 @@ function register(){
}
}
+/**
+ * Uses a regular expresion to check if a given mail address is valid
+ *
+ * May not be completly RFC conform!
+ *
+ * @link http://www.webmasterworld.com/forum88/135.htm
+ *
+ * @param string $email the address to check
+ * @return bool true if address is valid
+ */
+function isvalidemail($email){
+ return eregi("^[0-9a-z]([-_.]?[0-9a-z])*@[0-9a-z]([-.]?[0-9a-z])*\\.[a-z]{2,4}$", $email);
+}
+
+
?>
diff --git a/inc/html.php b/inc/html.php
index d848f89b4..9cceee82c 100644
--- a/inc/html.php
+++ b/inc/html.php
@@ -428,6 +428,10 @@ function html_footer(){
}else{
print html_btn('login',$ID,'',array('do' => 'login'));
}
+ #//acl-admin button
+ #if($INFO['perm'] == AUTH_GRANT){
+ # print html_btn('acl_admin',$ID,'',array('do' => 'acl_admin'));
+ #}
}
?>
<?=html_btn(index,$ID,'x',array('do' => 'index'))?>
@@ -1171,4 +1175,147 @@ function html_debug(){
print '</body></html>';
}
+/**
+ * prints the acl-admin form(s)
+ *
+ * @author Frank Schubert <frank@schokilade.de>
+ */
+function html_acl_admin(){
+ global $lang;
+ global $ID;
+ global $INFO;
+
+ print parsedLocale('acl_admin');
+?>
+ <fieldset style="float:left; text-align:left; white-space:nowrap; width:320px;">
+ <legend><?=$lang['acl_admin']?></legend>
+
+ <form name="acl_admin_add" method="post" action="<?=wl($ID)?>" accept-charset="<?=$lang['encoding']?>">
+ <input type="hidden" name="do" value="acl_admin_add" />
+ <input type="hidden" name="save" value="1" />
+ <table>
+ <tr>
+ <td><?=$lang['acl_user']?></td>
+ <td><input type="text" name="acl_user" class="edit" size="20" value="" /></td>
+ </tr><tr>
+ <td><?=$lang['acl_scope']?></td>
+ <td><select name="acl_scope" id="acl_scope" class="edit" size="1" onChange="checkAclLevel();">
+ <option value="">(<?=$lang['acl_input_request']?>)</option>
+ <option><?=$ID?></option>
+ <?php if( ($ns=getNS($ID)) != NULL) {?>
+ <option><?=$ns?>:*</option>
+ <?php }else{ ?>
+ <option>*</option>
+ <?php } ?>
+ </select></td>
+ </tr><tr>
+ <td style="vertical-align:top"><?=$lang['acl_level']?></td>
+ <td>
+ <input type="checkbox" name="acl_checkbox[1]" value="on" checked="checked" /><?=$lang['acl_read']?><br />
+ <input type="checkbox" name="acl_checkbox[2]" value="on" /><?=$lang['acl_edit']?><br />
+ <input type="checkbox" name="acl_checkbox[4]" value="on" /><?=$lang['acl_create']?><br />
+ <input type="checkbox" name="acl_checkbox[8]" value="on" /><?=$lang['acl_upload']?>
+ </td>
+ </tr><tr>
+ <td></td>
+ <td><input type="submit" class="button" value="<?=$lang['acl_commit']?>" /></td>
+ </tr>
+ </table>
+ </form>
+ </fieldset>
+
+ <div style="float:right;">
+ <fieldset>
+ <legend><?=$lang['acl_current']?></legend>
+ <div style="text-align:left">
+ <?php
+ $acl_config=get_acl_config($ID);
+ foreach($acl_config as $pagename => $value){
+ if($pagename != '*') {
+ $ID_cur=$pagename;
+ while(($piece=getNS($ID_cur)) !== false){
+ $url="<a href='".wl($piece,'do=acl_admin')."'>".noNS($piece)."</a>:".$url;;
+ $ID_cur=$piece;
+ }
+ $url.="<a href='".wl($pagename,'do=acl_admin')."'>".noNS($pagename)."</a>";
+ print $url;
+ $url='';
+ }else{
+ print $pagename;
+ } ?>
+ <table class="inline">
+ <tr>
+ <th class="inline"></th>
+ <th class="inline">name</th>
+ <th class="inline">R</th>
+ <th class="inline">W</th>
+ <th class="inline">C</th>
+ <th class="inline">U</th>
+ <th class="inline">UPDATE</th>
+ <th class="inline">DELETE</th>
+ </tr>
+ <?php
+ foreach($value as $conf){
+ ?>
+ <tr>
+ <!-- user/group -->
+ <td class="inline">
+ <?php
+ $group = false;
+ if(substr($conf[0],0,1)=="@"){
+ print $lang['acl_group'];
+ $group = true;
+ }else{
+ print $lang['acl_user'];
+ }
+ ?>
+ </td>
+ <td class="inline">
+ <!-- name -->
+ <?php
+ if($group) { print substr($conf[0],1); } else { print $conf[0]; }
+ ?>
+ </td>
+ <form name="acl_admin_change" method="post" action="<?=wl($ID)?>" accept-charset="<?=$lang['encoding']?>">
+ <?php
+ // read,write,create,upload
+ $acl_nums=array(1,2,4,8);
+ foreach($acl_nums as $num){
+ ?><td class="inline">
+ <input type="hidden" name="do" value="acl_admin_change" />
+ <input type="hidden" name="save" value="1" />
+ <input type="hidden" name="acl_scope" value='<?=urlencode($pagename)?>' />
+ <input type="hidden" name="acl_user" value='<?=urlencode($conf[0])?>' />
+ <input type="hidden" name="acl_level" value='<?=$conf[1]?>' />
+ <input type="checkbox" name="acl_checkbox[<?=$num?>]" value="on"<?php
+ if($conf[1]>=$num) {
+ ?> checked="checked"<?php
+ }
+ ?> /></td><?php
+ }
+ ?>
+ <td class="inline"><input type="submit" class="button" value="update"></td>
+ </form>
+ <td class="inline">
+ <!-- delete form -->
+ <form name="acl_admin_del" method="post" action="<?=wl($ID)?>" accept-charset="<?=$lang['encoding']?>">
+ <input type="hidden" name="do" value="acl_admin_del" />
+ <input type="hidden" name="save" value="1" />
+ <input type="hidden" name="acl_scope" value='<?=urlencode($pagename);?>' />
+ <input type="hidden" name="acl_user" value='<?=urlencode($conf[0])?>' />
+ <input type="hidden" name="acl_level" value='<?=$conf[1]?>' />
+ <input type="submit" class="button" value='DEL' onClick="return window.confirm('<?=$lang['acl_confirm_delete']?>');" />
+ </form>
+ </td>
+ </tr>
+ <?php
+ }
+ ?></table><?php
+ }
+ ?>
+ </div>
+ </fieldset>
+ </div>
+<?
+}
?>
generated by cgit v1.2.3 (git 2.25.1) at 2025-05-10 09:41:09 +0000