From c19fe9c0f68f58ff9c18f0e185a5bc6b591bf798 Mon Sep 17 00:00:00 2001 From: andi Date: Tue, 15 Mar 2005 22:30:05 +0100 Subject: template fixes and ACL admin interface darcs-hash:20050315213005-9977f-0939681aa5ee37e0ea8cb054ffddb8e6275aa398.gz --- inc/acl_admin.php | 121 ----------------- inc/actions.php | 14 +- inc/admin_acl.php | 388 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ inc/html.php | 45 ++++++- inc/template.php | 25 ++++ 5 files changed, 469 insertions(+), 124 deletions(-) delete mode 100644 inc/acl_admin.php create mode 100644 inc/admin_acl.php (limited to 'inc') diff --git a/inc/acl_admin.php b/inc/acl_admin.php deleted file mode 100644 index f7cd7fbd7..000000000 --- a/inc/acl_admin.php +++ /dev/null @@ -1,121 +0,0 @@ - - */ -function get_acl_config($ID){ - global $AUTH_ACL; - - $acl_config=array(); - - // match exact name - $matches = preg_grep('/^'.$ID.'\s+.*/',$AUTH_ACL); - if(count($matches)){ - foreach($matches as $match){ - $match = preg_replace('/#.*$/','',$match); //ignore comments - $acl = preg_split('/\s+/',$match); - //0 is pagename, 1 is user, 2 is acl - $acl_config["$acl[0]"][]=array($acl[1],$acl[2]); - } - } - - $specific_found=array(); - // match ns - if(($ID=getNS($ID)) !== false){ - $matches = preg_grep('/^'.$ID.':\*\s+.*/',$AUTH_ACL); - if(count($matches)){ - foreach($matches as $match){ - $match = preg_replace('/#.*$/','',$match); //ignore comments - $acl = preg_split('/\s+/',$match); - //0 is pagename, 1 is user, 2 is acl - $acl_config["$acl[0]"][]=array($acl[1],$acl[2]); - $specific_found[]=$acl[1]; - } - } - } - - //include *-config - $matches = preg_grep('/^\*\s+.*/',$AUTH_ACL); - if(count($matches)){ - foreach($matches as $match){ - $match = preg_replace('/#.*$/','',$match); //ignore comments - $acl = preg_split('/\s+/',$match); - // only include * for this user if not already found in ns - if(!in_array($acl[1], $specific_found)){ - //0 is pagename, 1 is user, 2 is acl - $acl_config["$acl[0]"][]=array($acl[1],$acl[2]); - } - } - } - - //sort - //FIXME: better sort algo: first sort by key, then sort by first value - krsort($acl_config, SORT_STRING); - - return($acl_config); -} - -/** - * adds new acl-entry to conf/acl.auth - * - * @author Frank Schubert - */ -function acl_admin_add($acl_scope, $acl_user, $acl_level){ - if($acl_scope === '' || $acl_user === '' || $acl_level === '') { return false; } - - $acl_config = join("",file('conf/acl.auth')); - - // max level for pagenames is 2 - if(strpos("*", $acl_scope) === false) { - if($acl_level > 2) { $acl_level = 2; } - } - - $new_acl = "$acl_scope\t$acl_user\t$acl_level\n"; - - $new_config = $acl_config.$new_acl; - - return io_saveFile("conf/acl.auth", $new_config); -} - -/** - * remove acl-entry from conf/acl.auth - * - * @author Frank Schubert - */ -function acl_admin_del($acl_scope, $acl_user, $acl_level){ - if($acl_scope === '' || $acl_user === '' || $acl_level === '') { return false; } - - $acl_pattern = preg_quote($acl_scope)."\s+".$acl_user."\s+".$acl_level."\n"; - - $acl_config = file('conf/acl.auth'); - - // save all non!-matching - $new_config = preg_grep("/$acl_pattern/", $acl_config, PREG_GREP_INVERT); - - return io_saveFile("conf/acl.auth", join("",$new_config)); -} - -/** - * change existing acl entries - * - * @author Frank Schubert - */ -function acl_admin_change($acl_scope, $acl_user, $acl_level, $acl_checkbox){ - - $new_level = 0; - if(is_array($acl_checkbox)) { - foreach($acl_checkbox as $acl_num => $value){ - if( ($value == "on") && - ($acl_num > $new_level)) { - $new_level = $acl_num; - } - } - } - - acl_admin_del($acl_scope, $acl_user, $acl_level); - acl_admin_add($acl_scope, $acl_user, $new_level); -} -?> diff --git a/inc/actions.php b/inc/actions.php index e660c136b..282d36ae7 100644 --- a/inc/actions.php +++ b/inc/actions.php @@ -59,9 +59,19 @@ function act_dispatch(){ $ACT = 'show'; } + //handle admin tasks + if($ACT == 'admin'){ + if($_REQUEST['page'] == 'acl'){ + require_once(DOKU_INC.'inc/admin_acl.php'); + admin_acl_handler(); + } + } + //call template FIXME: all needed vars available? header('Content-Type: text/html; charset=utf-8'); include(DOKU_INC.'tpl/'.$conf['template'].'/main.php'); + // output for the commands is now handled in inc/templates.php + // in function tpl_content() } /** @@ -85,7 +95,7 @@ function act_clean($act){ if(!array_search($act,array('login','logout','register','save','edit', 'preview','export_raw','export_html', 'search','show','check','index','revisions', - 'diff','recent','backlink',))){ + 'diff','recent','backlink','admin',))){ msg('Unknown command: '.htmlspecialchars($act),-1); return 'show'; } @@ -108,6 +118,8 @@ function act_permcheck($act){ } }elseif(in_array($act,array('login','register','search','recent'))){ $permneed = AUTH_NONE; + }elseif($act == 'admin'){ + $permneed = AUTH_ADMIN; }else{ $permneed = AUTH_READ; } diff --git a/inc/admin_acl.php b/inc/admin_acl.php new file mode 100644 index 000000000..9732318f0 --- /dev/null +++ b/inc/admin_acl.php @@ -0,0 +1,388 @@ + + */ + +function admin_acl_handler(){ + $cmd = $_REQUEST['acl_cmd']; + $scope = $_REQUEST['acl_scope']; + $type = $_REQUEST['acl_type']; + $user = $_REQUEST['acl_user']; + $perm = $_REQUEST['acl_perm']; + if(is_array($perm)){ + $perm = array_pop(sort($perm)); //use the maximum + }else{ + $perm = 0; + } + + //sanitize + $user = cleanID($user); + if($type == '@') $user = '@'.$user; + if($perm > AUTH_UPLOAD) $perm = AUTH_UPLOAD; + //FIXME sanitize scope!!! + + + //FIXME add should delete if nessary, too + if($cmd == 'add'){ + admin_acl_add($scope, $user, $perm); //add feedback? + }elseif($cmd == 'update'){ + admin_acl_del($scope, $user, $perm); + admin_acl_add($scope, $user, $perm); + }elseif($cmd == 'delete'){ + admin_acl_del($scope, $user, $perm); + } + +} + +/** + * Get matching ACL lines for a page + * + * $ID is pagename, reads matching lines from $AUTH_ACL, + * also reads acls from namespace + * returns multi-array with key=pagename and value=array(user, acl) + * + * @todo Fix comment to make sense + * @todo should this moved to auth.php? + * @todo can this be combined with auth_aclcheck to avoid duplicate code? + * @author Frank Schubert + */ +function get_acl_config($ID){ + global $AUTH_ACL; + + $acl_config=array(); + + // match exact name + $matches = preg_grep('/^'.$ID.'\s+.*/',$AUTH_ACL); + if(count($matches)){ + foreach($matches as $match){ + $match = preg_replace('/#.*$/','',$match); //ignore comments + $acl = preg_split('/\s+/',$match); + //0 is pagename, 1 is user, 2 is acl + $acl_config[$acl[0]][] = array( 'name' => $acl[1], 'perm' => $acl[2]); + } + } + + $specific_found=array(); + // match ns + if(($ID=getNS($ID)) !== false){ + $matches = preg_grep('/^'.$ID.':\*\s+.*/',$AUTH_ACL); + if(count($matches)){ + foreach($matches as $match){ + $match = preg_replace('/#.*$/','',$match); //ignore comments + $acl = preg_split('/\s+/',$match); + //0 is pagename, 1 is user, 2 is acl + $acl_config[$acl[0]][] = array( 'name' => $acl[1], 'perm' => $acl[2]); + $specific_found[]=$acl[1]; + } + } + } + + //include *-config + $matches = preg_grep('/^\*\s+.*/',$AUTH_ACL); + if(count($matches)){ + foreach($matches as $match){ + $match = preg_replace('/#.*$/','',$match); //ignore comments + $acl = preg_split('/\s+/',$match); + // only include * for this user if not already found in ns + if(!in_array($acl[1], $specific_found)){ + //0 is pagename, 1 is user, 2 is acl + $acl_config[$acl[0]][] = array( 'name' => $acl[1], 'perm' => $acl[2]); + } + } + } + + //sort + //FIXME: better sort algo: first sort by key, then sort by first value + krsort($acl_config, SORT_STRING); + + return($acl_config); +} + + +/** + * adds new acl-entry to conf/acl.auth + * + * @author Frank Schubert + */ +function admin_acl_add($acl_scope, $acl_user, $acl_level){ + if($acl_scope === '' || $acl_user === '' || $acl_level === '') return false; + + $acl_config = join("",file('conf/acl.auth')); + + // max level for pagenames is edit + if(strpos("*", $acl_scope) === false) { + if($acl_level > AUTH_EDIT) $acl_level = AUTH_EDIT; + } + + $new_acl = "$acl_scope\t$acl_user\t$acl_level\n"; + + $new_config = $acl_config.$new_acl; + + return io_saveFile("conf/acl.auth", $new_config); +} + +/** + * remove acl-entry from conf/acl.auth + * + * @author Frank Schubert + */ +function admin_acl_del($acl_scope, $acl_user, $acl_level){ + if($acl_scope === '' || $acl_user === '' || $acl_level === '') return false; + + $acl_pattern = preg_quote($acl_scope)."\s+".$acl_user."\s+".$acl_level."\n"; + + $acl_config = file('conf/acl.auth'); + + // save all non!-matching + $new_config = preg_grep("/$acl_pattern/", $acl_config, PREG_GREP_INVERT); + + return io_saveFile("conf/acl.auth", join("",$new_config)); +} + +// --- HTML OUTPUT FUNCTIONS BELOW --- // + +/** + * ACL Output function + * + * print a table with all significant permissions for the + * current id + * + * @author Frank Schubert + * @author Andreas Gohr + */ +function admin_acl_html(){ + global $ID; + + print parsedLocale('admin_acl'); + + ptln('
'); + + //new + admin_acl_html_new(); + + //current config + $acls = get_acl_config($ID); + foreach ($acls as $id => $acl){ + admin_acl_html_current($id,$acl); + } + + ptln(''); + ptln('
'); +} + +/** + * print tablerows with the current permissions for one id + * + * @author Frank Schubert + * @author Andreas Gohr + */ +function admin_acl_html_dropdown($id){ + global $lang; + $cur = $id; + $ret = ''; + $opt = array(); + + //prepare all options + + // current page + $opt[] = array('key'=> $id, 'val'=> $id.' ('.$lang['page'].')'); + + // additional namespaces + while(($id=getNS($id)) !== false){ + $opt[] = array('key'=> $id.':*', 'val'=> $id.':* ('.$lang['namespace'].')'); + } + + // the top namespace + $opt[] = array('key'=> '*', 'val'=> '* ('.$lang['namespace'].')'); + + // set sel on second entry (current namespace) + $opt[1]['sel'] = ' selected="selected"'; + + // flip options + $opt = array_reverse($opt); + + // create HTML + $att = array( 'name' => 'acl_scope', + 'class' => 'edit', + 'title' => $lang['page'].'/'.$lang['namespace']); + $ret .= ''; + + return $ret; +} + +/** + * print tablerows with the current permissions for one id + * + * @author Frank Schubert + * @author Andreas Gohr + */ +function admin_acl_html_new(){ + global $lang; + global $ID; + + // table headers + ptln('',2); + ptln(' '.$lang['acl_new'].'',2); + ptln('',2); + + ptln('',2); + + ptln('',4); + + ptln('
',4); + ptln(' ',4); + ptln(' ',4); + ptln(' ',4); + + //scope select + ptln($lang['acl_perms'],4); + ptln(admin_acl_html_dropdown($ID),4); + + $att = array( 'name' => 'acl_type', + 'class' => 'edit', + 'title' => $lang['acl_user'].'/'.$lang['acl_group']); + ptln(' ',4); + + $att = array( 'name' => 'acl_user', + 'type' => 'text', + 'class' => 'edit', + 'title' => $lang['acl_user'].'/'.$lang['acl_group']); + ptln(' ',4); + ptln('
'); + + ptln( admin_acl_html_checkboxes(0,false,false),8); + + ptln(' ',4); + ptln('
'); + + + + + ptln('',2); + +} + +/** + * print tablerows with the current permissions for one id + * + * @author Frank Schubert + * @author Andreas Gohr + */ +function admin_acl_html_current($id,$permissions){ + global $lang; + global $ID; + + //is it a page? + if(substr($id,-1) == '*'){ + $ispage = false; + }else{ + $ispage = true; + } + + // table headers + ptln(' '); + ptln(' '); + ptln($lang['acl_perms'],6); + if($ispage){ + ptln($lang['page'],6); + }else{ + ptln($lang['namespace'],6); + } + ptln(''.$id.'',6); + ptln(' '); + ptln(' '); + + foreach ($permissions as $conf){ + //userfriendly group/user display + if(substr($conf['name'],0,1)=="@"){ + $group = $lang['acl_group']; + $name = substr($conf['name'],1); + }else{ + $group = $lang['acl_user']; + $name = $conf['name']; + } + + ptln('',2); + ptln(''.$group.' '.$name.'',4); + + // update form + ptln('',4); + ptln('
',4); + ptln(' ',4); + ptln(' ',4); + ptln(' ',4); + ptln(' ',4); + ptln(' ',4); + ptln( admin_acl_html_checkboxes($conf['perm'],$ispage),8); + ptln(' ',4); + ptln('
'); + ptln('',4); + + + // deletion form + + $ask = $lang['del_confirm'].'\\n'; + $ask .= $id.' '.$conf['name'].' '.$conf['perm']; + ptln('',4); + ptln('
',4); + ptln(' ',4); + ptln(' ',4); + ptln(' ',4); + ptln(' ',4); + ptln(' ',4); + ptln(' ',4); + ptln('
',4); + ptln('',4); + + ptln('',2); + } + +} + + +/** + * print the permission checkboxes + * + * @author Frank Schubert + * @author Andreas Gohr + */ +function admin_acl_html_checkboxes($setperm,$ispage,$submit=false){ + global $lang; + + static $label = 0; //number labels + $ret = ''; + + foreach(array(AUTH_READ,AUTH_EDIT,AUTH_CREATE,AUTH_UPLOAD) as $perm){ + $label += 1; + + //general checkbox attributes + $atts = array( 'type' => 'checkbox', + 'id' => 'pbox'.$label, + 'name' => 'aclperm[]', + 'value' => $perm ); + //dynamic attributes + if($setperm >= $perm) $atts['checked'] = 'checked'; + if($submit) $atts['onchange'] = 'submit()'; + if($ispage && $perm > AUTH_EDIT) $atts['disabled'] = 'disabled'; + + //build code + $ret .= '\n"; + } + return $ret; +} + +?> diff --git a/inc/html.php b/inc/html.php index df3f446b5..3b31c96ff 100644 --- a/inc/html.php +++ b/inc/html.php @@ -29,6 +29,19 @@ function html_wikilink($url,$name='',$search=''){ return format_link_build($link); } +/** + * Helps building long attribute lists + * + * @author Andreas Gohr + */ +function html_attbuild($attributes){ + $ret = ''; + foreach ( $attributes as $key => $value ) { + $ret .= $key.'="'.formtext($value).'" '; + } + return trim($ret); +} + /** * The loginform * @@ -1208,6 +1221,9 @@ function html_acl_admin(){ ?>
+ + +
@@ -1241,17 +1257,20 @@ function html_acl_admin(){
+
+ + $value){ if($pagename != '*') { - $ID_cur=$pagename; + $ID_cur=$pagename; while(($piece=getNS($ID_cur)) !== false){ $url="".noNS($piece).":".$url;; $ID_cur=$piece; @@ -1262,6 +1281,8 @@ function html_acl_admin(){ }else{ print $pagename; } ?> + + @@ -1270,7 +1291,7 @@ function html_acl_admin(){ - + + */ +function html_admin(){ + global $ID; + global $lang; + + print parsedLocale('admin'); + + ptln(''); +} + ?> diff --git a/inc/template.php b/inc/template.php index d52d5c7a0..8047a33d0 100644 --- a/inc/template.php +++ b/inc/template.php @@ -99,11 +99,28 @@ function tpl_content(){ case 'denied': print parsedLocale('denied'); break; + case 'admin': + tpl_admin(); + break; default: msg("Failed to handle command: ".hsc($ACT),-1); } } +/** + * Handle the admin page contents + * + * @author Andreas Gohr + */ +function tpl_admin(){ + switch($_REQUEST['page']){ + case 'acl': + admin_acl_html(); + break; + default: + html_admin(); + } +} /** * Print the correct HTML meta headers @@ -184,12 +201,14 @@ function tpl_link($url,$name,$more=''){ * recent - recent changes * login - login/logout button - if ACL enabled * index - The index + * admin - admin page - if enough rights * top - a back to top button * * @author Andreas Gohr */ function tpl_button($type){ global $ID; + global $INFO; global $conf; switch($type){ @@ -217,6 +236,12 @@ function tpl_button($type){ } } break; + case 'admin': + if($INFO['perm'] == AUTH_ADMIN) + print html_btn(admin,$ID,'',array('do' => 'admin')); + break; + default: + print '[unknown button type]'; } } -- cgit v1.2.3
W C UUPDATEUPDATE DELETE