*/ // must be run within Dokuwiki if(!defined('DOKU_INC')) die(); if(!defined('DOKU_PLUGIN')) define('DOKU_PLUGIN',DOKU_INC.'lib/plugins/'); require_once(DOKU_PLUGIN.'admin.php'); /** * All DokuWiki plugins to extend the admin function * need to inherit from this class */ class admin_plugin_acl extends DokuWiki_Admin_Plugin { function admin_plugin_acl(){ $this->setupLocale(); } /** * return some info */ function getInfo(){ return array( 'author' => 'Frank Schubert', 'email' => 'frank@schokilade.de', 'date' => '2005-08-08', 'name' => 'ACL', 'desc' => 'Manage Page Access Control Lists', 'url' => 'http://wiki.splitbrain.org/wiki:acl', ); } /** * return prompt for admin menu */ function getMenuText($language) { return $this->lang['admin_acl']; } /** * return sort order for position in admin menu */ function getMenuSort() { return 1; } /** * handle user request */ function handle() { global $AUTH_ACL; $cmd = $_REQUEST['acl_cmd']; $scope = $_REQUEST['acl_scope']; $type = $_REQUEST['acl_type']; $user = $_REQUEST['acl_user']; $perm = $_REQUEST['acl_perm']; if(is_array($perm)){ //use the maximum sort($perm); $perm = array_pop($perm); }else{ $perm = 0; } //sanitize $user = auth_nameencode($user); if($type == '@') $user = '@'.$user; if($user == '@all') $user = '@ALL'; //special group! (now case insensitive) $perm = (int) $perm; if($perm > AUTH_DELETE) $perm = AUTH_DELETE; //FIXME sanitize scope!!! //nothing to do? if(empty($cmd) || empty($scope) || empty($user)) return; if($cmd == 'save'){ $this->admin_acl_del($scope, $user); $this->admin_acl_add($scope, $user, $perm); }elseif($cmd == 'delete'){ $this->admin_acl_del($scope, $user); } // reload ACL config $AUTH_ACL = file(DOKU_CONF.'acl.auth.php'); } /** * ACL Output function * * print a table with all significant permissions for the * current id * * @author Frank Schubert * @author Andreas Gohr */ function html() { global $ID; print $this->locale_xhtml('intro'); ptln('

'); ptln(''); //new $this->admin_acl_html_new(); //current config $acls = $this->get_acl_config($ID); foreach ($acls as $id => $acl){ $this->admin_acl_html_current($id,$acl); } ptln('

'); ptln('

'); } /** * Get matching ACL lines for a page * * $ID is pagename, reads matching lines from $AUTH_ACL, * also reads acls from namespace * returns multi-array with key=pagename and value=array(user, acl) * * @todo Fix comment to make sense * @todo should this moved to auth.php? * @todo can this be combined with auth_aclcheck to avoid duplicate code? * @author Frank Schubert */ function get_acl_config($id){ global $AUTH_ACL; $acl_config=array(); // match exact name $matches = preg_grep('/^'.$id.'\s+.*/',$AUTH_ACL); if(count($matches)){ foreach($matches as $match){ $match = preg_replace('/#.*$/','',$match); //ignore comments $acl = preg_split('/\s+/',$match); //0 is pagename, 1 is user, 2 is acl $acl_config[$acl[0]][] = array( 'name' => $acl[1], 'perm' => $acl[2]); } } $specific_found=array(); // match ns while(($id=getNS($id)) !== false){ $matches = preg_grep('/^'.$id.':\*\s+.*/',$AUTH_ACL); if(count($matches)){ foreach($matches as $match){ $match = preg_replace('/#.*$/','',$match); //ignore comments $acl = preg_split('/\s+/',$match); //0 is pagename, 1 is user, 2 is acl $acl_config[$acl[0]][] = array( 'name' => $acl[1], 'perm' => $acl[2]); $specific_found[]=$acl[1]; } } } //include *-config $matches = preg_grep('/^\*\s+.*/',$AUTH_ACL); if(count($matches)){ foreach($matches as $match){ $match = preg_replace('/#.*$/','',$match); //ignore comments $acl = preg_split('/\s+/',$match); // only include * for this user if not already found in ns if(!in_array($acl[1], $specific_found)){ //0 is pagename, 1 is user, 2 is acl $acl_config[$acl[0]][] = array( 'name' => $acl[1], 'perm' => $acl[2]); } } } //sort //FIXME: better sort algo: first sort by key, then sort by first value krsort($acl_config, SORT_STRING); return($acl_config); } /** * adds new acl-entry to conf/acl.auth.php * * @author Frank Schubert */ function admin_acl_add($acl_scope, $acl_user, $acl_level){ $acl_config = join("",file(DOKU_CONF.'acl.auth.php')); // max level for pagenames is edit if(strpos($acl_scope,'*') === false) { if($acl_level > AUTH_EDIT) $acl_level = AUTH_EDIT; } $new_acl = "$acl_scope\t$acl_user\t$acl_level\n"; $new_config = $acl_config.$new_acl; return io_saveFile(DOKU_CONF.'acl.auth.php', $new_config); } /** * remove acl-entry from conf/acl.auth.php * * @author Frank Schubert */ function admin_acl_del($acl_scope, $acl_user){ $acl_config = file(DOKU_CONF.'acl.auth.php'); $acl_pattern = '^'.preg_quote($acl_scope,'/').'\s+'.$acl_user.'\s+[0-8].*$'; // save all non!-matching #FIXME invert is available from 4.2.0 only! $new_config = preg_grep("/$acl_pattern/", $acl_config, PREG_GREP_INVERT); return io_saveFile(DOKU_CONF.'acl.auth.php', join('',$new_config)); } // --- HTML OUTPUT FUNCTIONS BELOW --- // /** * print tablerows with the current permissions for one id * * @author Frank Schubert * @author Andreas Gohr */ function admin_acl_html_dropdown($id){ $cur = $id; $ret = ''; $opt = array(); //prepare all options // current page $opt[] = array('key'=> $id, 'val'=> $id.' ('.$this->lang['page'].')'); // additional namespaces while(($id=getNS($id)) !== false){ $opt[] = array('key'=> $id.':*', 'val'=> $id.':* ('.$this->lang['namespace'].')'); } // the top namespace $opt[] = array('key'=> '*', 'val'=> '* ('.$this->lang['namespace'].')'); // set sel on second entry (current namespace) $opt[1]['sel'] = ' selected="selected"'; // flip options $opt = array_reverse($opt); // create HTML $att = array( 'name' => 'acl_scope', 'class' => 'edit', 'title' => $this->lang['page'].'/'.$this->lang['namespace']); $ret .= ''; return $ret; } /** * print tablerows with the current permissions for one id * * @author Frank Schubert * @author Andreas Gohr */ function admin_acl_html_new(){ global $ID; global $lang; // table headers ptln('',2); ptln(' '.$this->lang['acl_new'].'',2); ptln('',2); ptln('',2); ptln('',4); ptln('

',4); ptln(' ',4); ptln(' ',4); ptln(' ',4); //scope select ptln($this->lang['acl_perms'],4); ptln($this->admin_acl_html_dropdown($ID),4); $att = array( 'name' => 'acl_type', 'class' => 'edit', 'title' => $this->lang['acl_user'].'/'.$this->lang['acl_group']); ptln(' ',4); $att = array( 'name' => 'acl_user', 'type' => 'text', 'class' => 'edit', 'title' => $this->lang['acl_user'].'/'.$this->lang['acl_group']); ptln(' ',4); ptln('
'); ptln( $this->admin_acl_html_checkboxes(0,false),8); ptln(' ',4); ptln('

'); ptln('',4); ptln('',2); } /** * print tablerows with the current permissions for one id * * @author Frank Schubert * @author Andreas Gohr */ function admin_acl_html_current($id,$permissions){ global $lang; global $ID; //is it a page? if(substr($id,-1) == '*'){ $ispage = false; }else{ $ispage = true; } // table headers ptln(' '); ptln(' '); ptln($this->lang['acl_perms'],6); if($ispage){ ptln($this->lang['page'],6); }else{ ptln($this->lang['namespace'],6); } ptln(''.$id.'',6); ptln(' '); ptln(' '); sort($permissions); foreach ($permissions as $conf){ //userfriendly group/user display $conf['name'] = rawurldecode($conf['name']); if(substr($conf['name'],0,1)=="@"){ $group = $this->lang['acl_group']; $name = substr($conf['name'],1); $type = '@'; }else{ $group = $this->lang['acl_user']; $name = $conf['name']; $type = ''; } ptln('',2); ptln(''.htmlspecialchars($group.' '.$name).'',4); // update form ptln('',4); ptln(' '); ptln('',4); // deletion form $ask = $lang['del_confirm'].'\\n'; $ask .= $id.' '.$conf['name'].' '.$conf['perm']; ptln('',4); ptln(' ',4); ptln('',4); ptln('',2); } } /** * print the permission checkboxes * * @author Frank Schubert * @author Andreas Gohr */ function admin_acl_html_checkboxes($setperm,$ispage){ global $lang; static $label = 0; //number labels $ret = ''; foreach(array(AUTH_READ,AUTH_EDIT,AUTH_CREATE,AUTH_UPLOAD,AUTH_DELETE) as $perm){ $label += 1; //general checkbox attributes $atts = array( 'type' => 'checkbox', 'id' => 'pbox'.$label, 'name' => 'acl_perm[]', 'value' => $perm ); //dynamic attributes if($setperm >= $perm) $atts['checked'] = 'checked'; # if($perm > AUTH_READ) $atts['onchange'] = #FIXME JS to autoadd lower perms if($ispage && $perm > AUTH_EDIT) $atts['disabled'] = 'disabled'; //build code $ret .= ''; $ret .= ''; $ret .= $this->lang['acl_perm'.$perm]; $ret .= "\n"; } return $ret; } }