From 10a76f6fd45bbbf4443fb8626d35aae3a388c490 Mon Sep 17 00:00:00 2001
From: frank <frank@schokilade.de>
Date: Sun, 20 Feb 2005 11:45:06 +0100
Subject: acl-administration rc1

darcs-hash:20050220104506-b7c55-01c85b4b688597c8405987e0f7ea30aa4fb1472f.gz
---
 inc/acl_admin.php | 121 ++++++++++++++++++++++++++++++++++++++++++++
 inc/auth.php      |  32 +++++++++++-
 inc/html.php      | 147 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 298 insertions(+), 2 deletions(-)
 create mode 100644 inc/acl_admin.php

(limited to 'inc')

diff --git a/inc/acl_admin.php b/inc/acl_admin.php
new file mode 100644
index 000000000..f7cd7fbd7
--- /dev/null
+++ b/inc/acl_admin.php
@@ -0,0 +1,121 @@
+<?php
+/**
+ * $ID is pagename, reads matching lines from $AUTH_ACL,
+ * also reads acls from namespace
+ * returns multi-array with key=pagename and value=array(user, acl)
+ *
+ * @author	Frank Schubert <frank@schokilade.de>
+ */
+function get_acl_config($ID){
+  global $AUTH_ACL;
+  
+  $acl_config=array();
+  
+  // match exact name
+  $matches = preg_grep('/^'.$ID.'\s+.*/',$AUTH_ACL);
+  if(count($matches)){
+    foreach($matches as $match){
+      $match = preg_replace('/#.*$/','',$match); //ignore comments
+      $acl   = preg_split('/\s+/',$match);
+      //0 is pagename, 1 is user, 2 is acl
+      $acl_config["$acl[0]"][]=array($acl[1],$acl[2]);
+    }
+  }
+  
+  $specific_found=array();
+  // match ns
+  if(($ID=getNS($ID)) !== false){
+    $matches = preg_grep('/^'.$ID.':\*\s+.*/',$AUTH_ACL);
+    if(count($matches)){
+      foreach($matches as $match){
+	$match = preg_replace('/#.*$/','',$match); //ignore comments
+	$acl   = preg_split('/\s+/',$match);
+	//0 is pagename, 1 is user, 2 is acl
+	$acl_config["$acl[0]"][]=array($acl[1],$acl[2]);
+	$specific_found[]=$acl[1];
+      }
+    }
+  }
+  
+  //include *-config
+  $matches = preg_grep('/^\*\s+.*/',$AUTH_ACL);
+  if(count($matches)){
+    foreach($matches as $match){
+      $match = preg_replace('/#.*$/','',$match); //ignore comments
+      $acl   = preg_split('/\s+/',$match);
+      // only include * for this user if not already found in ns
+      if(!in_array($acl[1], $specific_found)){
+        //0 is pagename, 1 is user, 2 is acl
+        $acl_config["$acl[0]"][]=array($acl[1],$acl[2]);
+      }
+    }
+  }
+  
+  //sort
+  //FIXME: better sort algo: first sort by key, then sort by first value
+  krsort($acl_config, SORT_STRING);
+  
+  return($acl_config);
+}
+
+/**
+ * adds new acl-entry to conf/acl.auth
+ *
+ * @author	Frank Schubert <frank@schokilade.de>
+ */
+function acl_admin_add($acl_scope, $acl_user, $acl_level){
+  if($acl_scope === '' || $acl_user === '' || $acl_level === '') { return false; }
+  
+  $acl_config = join("",file('conf/acl.auth'));
+  
+  // max level for pagenames is 2
+  if(strpos("*", $acl_scope) === false) {
+    if($acl_level > 2) { $acl_level = 2; }
+  }
+  
+  $new_acl = "$acl_scope\t$acl_user\t$acl_level\n";
+  
+  $new_config = $acl_config.$new_acl;
+  
+  return io_saveFile("conf/acl.auth", $new_config);
+}
+
+/**
+ * remove acl-entry from conf/acl.auth
+ *
+ * @author	Frank Schubert <frank@schokilade.de>
+ */
+function acl_admin_del($acl_scope, $acl_user, $acl_level){
+  if($acl_scope === '' || $acl_user === '' || $acl_level === '') { return false; }
+  
+  $acl_pattern = preg_quote($acl_scope)."\s+".$acl_user."\s+".$acl_level."\n";
+  
+  $acl_config = file('conf/acl.auth');
+  
+  // save all non!-matching
+  $new_config = preg_grep("/$acl_pattern/", $acl_config, PREG_GREP_INVERT);
+  
+  return io_saveFile("conf/acl.auth", join("",$new_config));
+}
+
+/**
+ * change existing acl entries
+ *
+ * @author	Frank Schubert <frank@schokilade.de>
+ */
+function acl_admin_change($acl_scope, $acl_user, $acl_level, $acl_checkbox){
+  
+  $new_level = 0;
+  if(is_array($acl_checkbox)) {
+    foreach($acl_checkbox as $acl_num => $value){
+      if( ($value == "on") && 
+          ($acl_num > $new_level)) {
+	$new_level = $acl_num;
+      }
+    }
+  }
+  
+  acl_admin_del($acl_scope, $acl_user, $acl_level);
+  acl_admin_add($acl_scope, $acl_user, $new_level);
+}
+?>
diff --git a/inc/auth.php b/inc/auth.php
index 094319377..1e84d6552 100644
--- a/inc/auth.php
+++ b/inc/auth.php
@@ -16,6 +16,7 @@
   require_once(DOKU_INC.'inc/mail.php');
   // load the the auth functions
   require_once(DOKU_INC.'inc/auth_'.$conf['authtype'].'.php');
+  require_once(DOKU_INC.'inc/acl_admin.php');
 
   // some ACL level defines
   define('AUTH_NONE',0);
@@ -23,11 +24,11 @@
   define('AUTH_EDIT',2);
   define('AUTH_CREATE',4);
   define('AUTH_UPLOAD',8);
-  define('AUTH_GRANT',255);
+  define('AUTH_ADMIN',255);
 
   if($conf['useacl']){
     auth_login($_REQUEST['u'],$_REQUEST['p'],$_REQUEST['r']);
-    // load ACL into a global array
+    //load ACL into a global array
     $AUTH_ACL = file('conf/acl.auth');
   }
 
@@ -212,6 +213,16 @@ function auth_aclcheck($id,$user,$groups){
 
   # if no ACL is used always return upload rights
   if(!$conf['useacl']) return AUTH_UPLOAD;
+  
+  //if user is superuser return 255 (acl_admin)
+  if($conf['superuser'] == $user) { return AUTH_ADMIN; }
+
+  //prepend groups with @
+  for($i=0; $i<count($groups); $i++){
+    $groups[$i] = '@'.$groups[$i];
+  }
+  //if user is in superuser group return 255 (acl_admin)
+  if(in_array($conf['superuser'], $groups)) { return AUTH_ADMIN; }
 
   $ns    = getNS($id);
   $perm  = -1;
@@ -237,6 +248,7 @@ function auth_aclcheck($id,$user,$groups){
     foreach($matches as $match){
       $match = preg_replace('/#.*$/','',$match); //ignore comments
       $acl   = preg_split('/\s+/',$match);
+      if($acl[2] > AUTH_UPLOAD) $acl[2] = AUTH_UPLOAD; //no admins in the ACL!
       if($acl[2] > $perm){
         $perm = $acl[2];
       }
@@ -260,6 +272,7 @@ function auth_aclcheck($id,$user,$groups){
       foreach($matches as $match){
         $match = preg_replace('/#.*$/','',$match); //ignore comments
         $acl   = preg_split('/\s+/',$match);
+        if($acl[2] > AUTH_UPLOAD) $acl[2] = AUTH_UPLOAD; //no admins in the ACL!
         if($acl[2] > $perm){
           $perm = $acl[2];
         }
@@ -390,4 +403,19 @@ function register(){
   }
 }
 
+/**
+ * Uses a regular expresion to check if a given mail address is valid
+ *
+ * May not be completly RFC conform!
+ * 
+ * @link    http://www.webmasterworld.com/forum88/135.htm
+ *
+ * @param   string $email the address to check
+ * @return  bool          true if address is valid
+ */
+function isvalidemail($email){
+  return eregi("^[0-9a-z]([-_.]?[0-9a-z])*@[0-9a-z]([-.]?[0-9a-z])*\\.[a-z]{2,4}$", $email);
+}
+
+
 ?>
diff --git a/inc/html.php b/inc/html.php
index d848f89b4..9cceee82c 100644
--- a/inc/html.php
+++ b/inc/html.php
@@ -428,6 +428,10 @@ function html_footer(){
             }else{
               print html_btn('login',$ID,'',array('do' => 'login'));
             }
+            #//acl-admin button
+            #if($INFO['perm'] == AUTH_GRANT){
+            #  print html_btn('acl_admin',$ID,'',array('do' => 'acl_admin'));
+            #}
           }
         ?>
         <?=html_btn(index,$ID,'x',array('do' => 'index'))?>
@@ -1171,4 +1175,147 @@ function html_debug(){
   print '</body></html>';
 }
 
+/**
+ * prints the acl-admin form(s)
+ *
+ * @author Frank Schubert <frank@schokilade.de>
+ */
+function html_acl_admin(){
+  global $lang;
+  global $ID;
+  global $INFO;
+
+  print parsedLocale('acl_admin');
+?>  
+  <fieldset style="float:left; text-align:left; white-space:nowrap; width:320px;">
+    <legend><?=$lang['acl_admin']?></legend>
+    
+    <form name="acl_admin_add" method="post" action="<?=wl($ID)?>" accept-charset="<?=$lang['encoding']?>">
+      <input type="hidden" name="do" value="acl_admin_add" />
+      <input type="hidden" name="save" value="1" />
+      <table>
+        <tr>
+    <td><?=$lang['acl_user']?></td>
+    <td><input type="text" name="acl_user" class="edit" size="20" value="" /></td>
+    </tr><tr>
+        <td><?=$lang['acl_scope']?></td>
+    <td><select name="acl_scope" id="acl_scope" class="edit" size="1" onChange="checkAclLevel();">
+        <option value="">(<?=$lang['acl_input_request']?>)</option>
+        <option><?=$ID?></option>
+        <?php if( ($ns=getNS($ID)) != NULL) {?>
+                 <option><?=$ns?>:*</option>
+        <?php }else{ ?>
+                 <option>*</option>
+        <?php } ?>
+        </select></td>
+    </tr><tr>
+        <td style="vertical-align:top"><?=$lang['acl_level']?></td>
+        <td>
+      <input type="checkbox" name="acl_checkbox[1]" value="on" checked="checked" /><?=$lang['acl_read']?><br />
+      <input type="checkbox" name="acl_checkbox[2]" value="on" /><?=$lang['acl_edit']?><br />
+      <input type="checkbox" name="acl_checkbox[4]" value="on" /><?=$lang['acl_create']?><br />
+      <input type="checkbox" name="acl_checkbox[8]" value="on" /><?=$lang['acl_upload']?>
+    </td>
+    </tr><tr>
+    <td></td>
+    <td><input type="submit" class="button" value="<?=$lang['acl_commit']?>" /></td>
+        </tr>
+      </table>
+    </form>
+  </fieldset>
+
+  <div style="float:right;">
+    <fieldset>
+    <legend><?=$lang['acl_current']?></legend>
+    <div style="text-align:left">
+    <?php
+      $acl_config=get_acl_config($ID);
+      foreach($acl_config as $pagename => $value){
+        if($pagename != '*') {
+      $ID_cur=$pagename;
+          while(($piece=getNS($ID_cur)) !== false){
+            $url="<a href='".wl($piece,'do=acl_admin')."'>".noNS($piece)."</a>:".$url;;
+            $ID_cur=$piece;
+          }
+          $url.="<a href='".wl($pagename,'do=acl_admin')."'>".noNS($pagename)."</a>";
+          print $url;
+          $url='';
+           }else{
+             print $pagename;
+           } ?>
+           <table class="inline">
+             <tr>
+               <th class="inline"></th>
+               <th class="inline">name</th>
+               <th class="inline">R</th>
+               <th class="inline">W</th>
+               <th class="inline">C</th>
+               <th class="inline">U</th>
+        <th class="inline">UPDATE</th>
+               <th class="inline">DELETE</th>
+             </tr>
+           <?php
+           foreach($value as $conf){
+           ?>
+             <tr>
+        <!-- user/group -->
+            <td class="inline">
+              <?php
+    	$group = false;
+            if(substr($conf[0],0,1)=="@"){ 
+    	  print $lang['acl_group'];
+    	  $group = true;
+    	}else{
+    	  print $lang['acl_user'];
+    	}
+              ?>
+            </td>
+        <td class="inline">
+        <!-- name -->
+          <?php
+    	if($group) { print substr($conf[0],1); } else { print $conf[0]; }
+          ?>
+        </td>
+        <form name="acl_admin_change" method="post" action="<?=wl($ID)?>" accept-charset="<?=$lang['encoding']?>">
+        <?php
+          // read,write,create,upload
+          $acl_nums=array(1,2,4,8);
+          foreach($acl_nums as $num){
+    	?><td class="inline">
+    	  <input type="hidden" name="do" value="acl_admin_change" />
+                  <input type="hidden" name="save" value="1" />
+    	  <input type="hidden" name="acl_scope" value='<?=urlencode($pagename)?>' />
+    	  <input type="hidden" name="acl_user" value='<?=urlencode($conf[0])?>' />
+    	  <input type="hidden" name="acl_level" value='<?=$conf[1]?>' />
+    	  <input type="checkbox" name="acl_checkbox[<?=$num?>]" value="on"<?php
+    	  if($conf[1]>=$num) { 
+    	  ?> checked="checked"<?php
+    	  }
+    	?> /></td><?php
+          }
+        ?>
+        <td class="inline"><input type="submit" class="button" value="update"></td>
+        </form>
+            <td class="inline">
+        <!-- delete form -->
+            <form name="acl_admin_del" method="post" action="<?=wl($ID)?>" accept-charset="<?=$lang['encoding']?>">
+              <input type="hidden" name="do" value="acl_admin_del" />
+              <input type="hidden" name="save" value="1" />
+              <input type="hidden" name="acl_scope" value='<?=urlencode($pagename);?>' />
+             <input type="hidden" name="acl_user" value='<?=urlencode($conf[0])?>' />
+          <input type="hidden" name="acl_level" value='<?=$conf[1]?>' />
+              <input type="submit" class="button" value='DEL' onClick="return window.confirm('<?=$lang['acl_confirm_delete']?>');" />
+            </form>
+            </td>
+             </tr>
+           <?php
+           }
+      ?></table><?php
+      }
+    ?>
+    </div>
+    </fieldset>
+  </div>
+<?
+}
 ?>
-- 
cgit v1.2.3