summaryrefslogtreecommitdiff
path: root/lib/plugins/acl/admin.php
diff options
context:
space:
mode:
Diffstat (limited to 'lib/plugins/acl/admin.php')
-rw-r--r--lib/plugins/acl/admin.php436
1 files changed, 436 insertions, 0 deletions
diff --git a/lib/plugins/acl/admin.php b/lib/plugins/acl/admin.php
new file mode 100644
index 000000000..c122edfe6
--- /dev/null
+++ b/lib/plugins/acl/admin.php
@@ -0,0 +1,436 @@
+<?php
+/**
+ * ACL administration functions
+ *
+ * @license GPL 2 (http://www.gnu.org/licenses/gpl.html)
+ * @author Frank Schubert <frank@schokilade.de>
+ */
+if(!defined('DOKU_INC')) define('DOKU_INC',realpath(dirname(__FILE__).'/../../').'/');
+if(!defined('DOKU_PLUGIN')) define('DOKU_PLUGIN',DOKU_INC.'lib/plugins/');
+require_once(DOKU_PLUGIN.'admin.php');
+
+/**
+ * All DokuWiki plugins to extend the admin function
+ * need to inherit from this class
+ */
+class admin_plugin_acl extends DokuWiki_Admin_Plugin {
+
+ /**
+ * return some info
+ */
+ function getInfo(){
+ return array(
+ 'author' => 'Frank Schubert',
+ 'email' => 'frank@schokilade.de',
+ 'date' => '2005-08-08',
+ 'name' => 'ACL',
+ 'desc' => 'Manage Page Access Control Lists',
+ 'url' => 'http://wiki.splitbrain.org/wiki:acl',
+ );
+ }
+
+ /**
+ * return prompt for admin menu
+ */
+ function getMenuText($language) {
+ global $lang;
+ return $lang['admin_acl'];
+ }
+
+ /**
+ * return sort order for position in admin menu
+ */
+ function getMenuSort() {
+ return 1;
+ }
+
+ /**
+ * handle user request
+ */
+ function handle() {
+ global $AUTH_ACL;
+
+ $cmd = $_REQUEST['acl_cmd'];
+ $scope = $_REQUEST['acl_scope'];
+ $type = $_REQUEST['acl_type'];
+ $user = $_REQUEST['acl_user'];
+ $perm = $_REQUEST['acl_perm'];
+
+ if(is_array($perm)){
+ //use the maximum
+ sort($perm);
+ $perm = array_pop($perm);
+ }else{
+ $perm = 0;
+ }
+
+ //sanitize
+ $user = cleanID($user);
+ if($type == '@') $user = '@'.$user;
+ if($user == '@all') $user = '@ALL'; //special group! (now case insensitive)
+ $perm = (int) $perm;
+ if($perm > AUTH_DELETE) $perm = AUTH_DELETE;
+ //FIXME sanitize scope!!!
+
+ //nothing to do?
+ if(empty($cmd) || empty($scope) || empty($user)) return;
+
+
+ if($cmd == 'save'){
+ $this->admin_acl_del($scope, $user);
+ $this->admin_acl_add($scope, $user, $perm);
+ }elseif($cmd == 'delete'){
+ $this->admin_acl_del($scope, $user);
+ }
+
+ // reload ACL config
+ $AUTH_ACL = file(DOKU_CONF.'acl.auth.php');
+ }
+
+ /**
+ * ACL Output function
+ *
+ * print a table with all significant permissions for the
+ * current id
+ *
+ * @author Frank Schubert <frank@schokilade.de>
+ * @author Andreas Gohr <andi@splitbrain.org>
+ */
+ function html() {
+ global $ID;
+
+ print p_locale_xhtml('admin_acl');
+
+ ptln('<div class="acladmin">');
+ ptln('<table class="inline">');
+
+ //new
+ $this->admin_acl_html_new();
+
+ //current config
+ $acls = $this->get_acl_config($ID);
+ foreach ($acls as $id => $acl){
+ $this->admin_acl_html_current($id,$acl);
+ }
+
+ ptln('</table>');
+ ptln('</div>');
+ }
+
+
+ /**
+ * Get matching ACL lines for a page
+ *
+ * $ID is pagename, reads matching lines from $AUTH_ACL,
+ * also reads acls from namespace
+ * returns multi-array with key=pagename and value=array(user, acl)
+ *
+ * @todo Fix comment to make sense
+ * @todo should this moved to auth.php?
+ * @todo can this be combined with auth_aclcheck to avoid duplicate code?
+ * @author Frank Schubert <frank@schokilade.de>
+ */
+ function get_acl_config($id){
+ global $AUTH_ACL;
+
+ $acl_config=array();
+
+ // match exact name
+ $matches = preg_grep('/^'.$id.'\s+.*/',$AUTH_ACL);
+ if(count($matches)){
+ foreach($matches as $match){
+ $match = preg_replace('/#.*$/','',$match); //ignore comments
+ $acl = preg_split('/\s+/',$match);
+ //0 is pagename, 1 is user, 2 is acl
+ $acl_config[$acl[0]][] = array( 'name' => $acl[1], 'perm' => $acl[2]);
+ }
+ }
+
+ $specific_found=array();
+ // match ns
+ while(($id=getNS($id)) !== false){
+ $matches = preg_grep('/^'.$id.':\*\s+.*/',$AUTH_ACL);
+ if(count($matches)){
+ foreach($matches as $match){
+ $match = preg_replace('/#.*$/','',$match); //ignore comments
+ $acl = preg_split('/\s+/',$match);
+ //0 is pagename, 1 is user, 2 is acl
+ $acl_config[$acl[0]][] = array( 'name' => $acl[1], 'perm' => $acl[2]);
+ $specific_found[]=$acl[1];
+ }
+ }
+ }
+
+ //include *-config
+ $matches = preg_grep('/^\*\s+.*/',$AUTH_ACL);
+ if(count($matches)){
+ foreach($matches as $match){
+ $match = preg_replace('/#.*$/','',$match); //ignore comments
+ $acl = preg_split('/\s+/',$match);
+ // only include * for this user if not already found in ns
+ if(!in_array($acl[1], $specific_found)){
+ //0 is pagename, 1 is user, 2 is acl
+ $acl_config[$acl[0]][] = array( 'name' => $acl[1], 'perm' => $acl[2]);
+ }
+ }
+ }
+
+ //sort
+ //FIXME: better sort algo: first sort by key, then sort by first value
+ krsort($acl_config, SORT_STRING);
+
+ return($acl_config);
+ }
+
+
+ /**
+ * adds new acl-entry to conf/acl.auth.php
+ *
+ * @author Frank Schubert <frank@schokilade.de>
+ */
+ function admin_acl_add($acl_scope, $acl_user, $acl_level){
+ $acl_config = join("",file(DOKU_CONF.'acl.auth.php'));
+
+ // max level for pagenames is edit
+ if(strpos($acl_scope,'*') === false) {
+ if($acl_level > AUTH_EDIT) $acl_level = AUTH_EDIT;
+ }
+
+ $new_acl = "$acl_scope\t$acl_user\t$acl_level\n";
+
+ $new_config = $acl_config.$new_acl;
+
+ return io_saveFile(DOKU_CONF.'acl.auth.php', $new_config);
+ }
+
+ /**
+ * remove acl-entry from conf/acl.auth.php
+ *
+ * @author Frank Schubert <frank@schokilade.de>
+ */
+ function admin_acl_del($acl_scope, $acl_user){
+ $acl_config = file(DOKU_CONF.'acl.auth.php');
+
+ $acl_pattern = '^'.preg_quote($acl_scope,'/').'\s+'.$acl_user.'\s+[0-8].*$';
+
+ // save all non!-matching #FIXME invert is available from 4.2.0 only!
+ $new_config = preg_grep("/$acl_pattern/", $acl_config, PREG_GREP_INVERT);
+
+ return io_saveFile(DOKU_CONF.'acl.auth.php', join('',$new_config));
+ }
+
+ // --- HTML OUTPUT FUNCTIONS BELOW --- //
+
+ /**
+ * print tablerows with the current permissions for one id
+ *
+ * @author Frank Schubert <frank@schokilade.de>
+ * @author Andreas Gohr <andi@splitbrain.org>
+ */
+ function admin_acl_html_dropdown($id){
+ global $lang;
+ $cur = $id;
+ $ret = '';
+ $opt = array();
+
+ //prepare all options
+
+ // current page
+ $opt[] = array('key'=> $id, 'val'=> $id.' ('.$lang['page'].')');
+
+ // additional namespaces
+ while(($id=getNS($id)) !== false){
+ $opt[] = array('key'=> $id.':*', 'val'=> $id.':* ('.$lang['namespace'].')');
+ }
+
+ // the top namespace
+ $opt[] = array('key'=> '*', 'val'=> '* ('.$lang['namespace'].')');
+
+ // set sel on second entry (current namespace)
+ $opt[1]['sel'] = ' selected="selected"';
+
+ // flip options
+ $opt = array_reverse($opt);
+
+ // create HTML
+ $att = array( 'name' => 'acl_scope',
+ 'class' => 'edit',
+ 'title' => $lang['page'].'/'.$lang['namespace']);
+ $ret .= '<select '.html_attbuild($att).'>';
+ foreach($opt as $o){
+ $ret .= '<option value="'.$o['key'].'"'.$o['sel'].'>'.$o['val'].'</option>';
+ }
+ $ret .= '</select>';
+
+ return $ret;
+ }
+
+ /**
+ * print tablerows with the current permissions for one id
+ *
+ * @author Frank Schubert <frank@schokilade.de>
+ * @author Andreas Gohr <andi@splitbrain.org>
+ */
+ function admin_acl_html_new(){
+ global $lang;
+ global $ID;
+
+ // table headers
+ ptln('<tr>',2);
+ ptln(' <th class="leftalign" colspan="3">'.$lang['acl_new'].'</th>',2);
+ ptln('</tr>',2);
+
+ ptln('<tr>',2);
+
+ ptln('<td class="centeralign" colspan="3">',4);
+
+ ptln(' <form method="post" action="'.wl($ID).'">',4);
+ ptln(' <input type="hidden" name="do" value="admin" />',4);
+ ptln(' <input type="hidden" name="page" value="acl" />',4);
+ ptln(' <input type="hidden" name="acl_cmd" value="save" />',4);
+
+ //scope select
+ ptln($lang['acl_perms'],4);
+ ptln($this->admin_acl_html_dropdown($ID),4);
+
+ $att = array( 'name' => 'acl_type',
+ 'class' => 'edit',
+ 'title' => $lang['acl_user'].'/'.$lang['acl_group']);
+ ptln(' <select '.html_attbuild($att).'>',4);
+ ptln(' <option value="@">'.$lang['acl_group'].'</option>',4);
+ ptln(' <option value="">'.$lang['acl_user'].'</option>',4);
+ ptln(' </select>',4);
+
+ $att = array( 'name' => 'acl_user',
+ 'type' => 'text',
+ 'class' => 'edit',
+ 'title' => $lang['acl_user'].'/'.$lang['acl_group']);
+ ptln(' <input '.html_attbuild($att).' />',4);
+ ptln(' <br />');
+
+ ptln( $this->admin_acl_html_checkboxes(0,false),8);
+
+ ptln(' <input type="submit" class="edit" value="'.$lang['btn_save'].'" />',4);
+ ptln(' </form>');
+ ptln('</tr>',2);
+ }
+
+ /**
+ * print tablerows with the current permissions for one id
+ *
+ * @author Frank Schubert <frank@schokilade.de>
+ * @author Andreas Gohr <andi@splitbrain.org>
+ */
+ function admin_acl_html_current($id,$permissions){
+ global $lang;
+ global $ID;
+
+ //is it a page?
+ if(substr($id,-1) == '*'){
+ $ispage = false;
+ }else{
+ $ispage = true;
+ }
+
+ // table headers
+ ptln(' <tr>');
+ ptln(' <th class="leftalign" colspan="3">');
+ ptln($lang['acl_perms'],6);
+ if($ispage){
+ ptln($lang['page'],6);
+ }else{
+ ptln($lang['namespace'],6);
+ }
+ ptln('<em>'.$id.'</em>',6);
+ ptln(' </th>');
+ ptln(' </tr>');
+
+ sort($permissions);
+
+ foreach ($permissions as $conf){
+ //userfriendly group/user display
+ if(substr($conf['name'],0,1)=="@"){
+ $group = $lang['acl_group'];
+ $name = substr($conf['name'],1);
+ $type = '@';
+ }else{
+ $group = $lang['acl_user'];
+ $name = $conf['name'];
+ $type = '';
+ }
+
+ ptln('<tr>',2);
+ ptln('<td class="leftalign">'.$group.' '.$name.'</td>',4);
+
+ // update form
+ ptln('<td class="centeralign">',4);
+ ptln(' <form method="post" action="'.wl($ID).'">',4);
+ ptln(' <input type="hidden" name="do" value="admin" />',4);
+ ptln(' <input type="hidden" name="page" value="acl" />',4);
+ ptln(' <input type="hidden" name="acl_cmd" value="save" />',4);
+ ptln(' <input type="hidden" name="acl_scope" value="'.formtext($id).'" />',4);
+ ptln(' <input type="hidden" name="acl_type" value="'.$type.'" />',4);
+ ptln(' <input type="hidden" name="acl_user" value="'.formtext($name).'" />',4);
+ ptln( $this->admin_acl_html_checkboxes($conf['perm'],$ispage),8);
+ ptln(' <input type="submit" class="edit" value="'.$lang['btn_update'].'" />',4);
+ ptln(' </form>');
+ ptln('</td>',4);
+
+
+ // deletion form
+
+ $ask = $lang['del_confirm'].'\\n';
+ $ask .= $id.' '.$conf['name'].' '.$conf['perm'];
+ ptln('<td class="centeralign">',4);
+ ptln(' <form method="post" action="'.wl($ID).'" onsubmit="return confirm(\''.$ask.'\')">',4);
+ ptln(' <input type="hidden" name="do" value="admin" />',4);
+ ptln(' <input type="hidden" name="page" value="acl" />',4);
+ ptln(' <input type="hidden" name="acl_cmd" value="delete" />',4);
+ ptln(' <input type="hidden" name="acl_scope" value="'.formtext($id).'" />',4);
+ ptln(' <input type="hidden" name="acl_type" value="'.$type.'" />',4);
+ ptln(' <input type="hidden" name="acl_user" value="'.formtext($name).'" />',4);
+ ptln(' <input type="submit" class="edit" value="'.$lang['btn_delete'].'" />',4);
+ ptln(' </form>',4);
+ ptln('</td>',4);
+
+ ptln('</tr>',2);
+ }
+
+ }
+
+
+ /**
+ * print the permission checkboxes
+ *
+ * @author Frank Schubert <frank@schokilade.de>
+ * @author Andreas Gohr <andi@splitbrain.org>
+ */
+ function admin_acl_html_checkboxes($setperm,$ispage){
+ global $lang;
+
+ static $label = 0; //number labels
+ $ret = '';
+
+ foreach(array(AUTH_READ,AUTH_EDIT,AUTH_CREATE,AUTH_UPLOAD,AUTH_DELETE) as $perm){
+ $label += 1;
+
+ //general checkbox attributes
+ $atts = array( 'type' => 'checkbox',
+ 'id' => 'pbox'.$label,
+ 'name' => 'acl_perm[]',
+ 'value' => $perm );
+ //dynamic attributes
+ if($setperm >= $perm) $atts['checked'] = 'checked';
+ # if($perm > AUTH_READ) $atts['onchange'] = #FIXME JS to autoadd lower perms
+ if($ispage && $perm > AUTH_EDIT) $atts['disabled'] = 'disabled';
+
+ //build code
+ $ret .= '<label for="pbox'.$label.'" title="'.$lang['acl_perm'.$perm].'">';
+ $ret .= '<input '.html_attbuild($atts).' />';
+ $ret .= $lang['acl_perm'.$perm];
+ $ret .= "</label>\n";
+ }
+ return $ret;
+ }
+
+} \ No newline at end of file
generated by cgit v1.2.3 (git 2.25.1) at 2025-05-10 18:47:48 +0000