* @author Anika Henke (concepts) * @author Frank Schubert (old version) */ // must be run within Dokuwiki if(!defined('DOKU_INC')) die(); if(!defined('DOKU_PLUGIN')) define('DOKU_PLUGIN',DOKU_INC.'lib/plugins/'); require_once(DOKU_PLUGIN.'admin.php'); /** * All DokuWiki plugins to extend the admin function * need to inherit from this class */ class admin_plugin_acl extends DokuWiki_Admin_Plugin { var $acl = null; var $ns = null; var $who = ''; var $usersgroups = array(); var $specials = array(); /** * return some info */ function getInfo(){ return array( 'author' => 'Andreas Gohr', 'email' => 'andi@splitbrain.org', 'date' => '2010-01-17', 'name' => 'ACL Manager', 'desc' => 'Manage Page Access Control Lists', 'url' => 'http://dokuwiki.org/plugin:acl', ); } /** * return prompt for admin menu */ function getMenuText($language) { return $this->getLang('admin_acl'); } /** * return sort order for position in admin menu */ function getMenuSort() { return 1; } /** * handle user request * * Initializes internal vars and handles modifications * * @author Andreas Gohr */ function handle() { global $AUTH_ACL; global $ID; global $auth; // fresh 1:1 copy without replacements $AUTH_ACL = file(DOKU_CONF.'acl.auth.php'); // namespace given? if($_REQUEST['ns'] == '*'){ $this->ns = '*'; }else{ $this->ns = cleanID($_REQUEST['ns']); } // user or group choosen? $who = trim($_REQUEST['acl_w']); if($_REQUEST['acl_t'] == '__g__' && $who){ $this->who = '@'.ltrim($auth->cleanGroup($who),'@'); }elseif($_REQUEST['acl_t'] == '__u__' && $who){ $this->who = ltrim($auth->cleanUser($who),'@'); }elseif($_REQUEST['acl_t'] && $_REQUEST['acl_t'] != '__u__' && $_REQUEST['acl_t'] != '__g__'){ $this->who = $_REQUEST['acl_t']; }elseif($who){ $this->who = $who; } // handle modifications if(isset($_REQUEST['cmd']) && checkSecurityToken()){ // scope for modifications if($this->ns){ if($this->ns == '*'){ $scope = '*'; }else{ $scope = $this->ns.':*'; } }else{ $scope = $ID; } if(isset($_REQUEST['cmd']['save']) && $scope && $this->who && isset($_REQUEST['acl'])){ // handle additions or single modifications $this->_acl_del($scope, $this->who); $this->_acl_add($scope, $this->who, (int) $_REQUEST['acl']); }elseif(isset($_REQUEST['cmd']['del']) && $scope && $this->who){ // handle single deletions $this->_acl_del($scope, $this->who); }elseif(isset($_REQUEST['cmd']['update'])){ // handle update of the whole file foreach((array) $_REQUEST['del'] as $where => $names){ // remove all rules marked for deletion foreach($names as $who) unset($_REQUEST['acl'][$where][$who]); } // prepare lines $lines = array(); // keep header foreach($AUTH_ACL as $line){ if($line{0} == '#'){ $lines[] = $line; }else{ break; } } // re-add all rules foreach((array) $_REQUEST['acl'] as $where => $opt){ foreach($opt as $who => $perm){ $who = auth_nameencode($who,true); $lines[] = "$where\t$who\t$perm\n"; } } // save it io_saveFile(DOKU_CONF.'acl.auth.php', join('',$lines)); } // reload ACL config $AUTH_ACL = file(DOKU_CONF.'acl.auth.php'); } // initialize ACL array $this->_init_acl_config(); } /** * ACL Output function * * print a table with all significant permissions for the * current id * * @author Frank Schubert * @author Andreas Gohr */ function html() { global $ID; echo '
'.NL; echo '

'.$this->getLang('admin_acl').'

'.NL; echo '
'.NL; echo '
'.NL; $this->_html_explorer($_REQUEST['ns']); echo '
'.NL; echo '
'.NL; $this->_html_detail(); echo '
'.NL; echo '
'.NL; echo '
'; echo '

'.$this->getLang('current').'

'.NL; echo '
'.NL; $this->_html_table(); echo '
'.NL; echo '
'.NL; echo '1)'.NL; echo $this->getLang('p_include'); echo '
'; echo '
'.NL; } /** * returns array with set options for building links * * @author Andreas Gohr */ function _get_opts($addopts=null){ global $ID; $opts = array( 'do'=>'admin', 'page'=>'acl', ); if($this->ns) $opts['ns'] = $this->ns; if($this->who) $opts['acl_w'] = $this->who; if(is_null($addopts)) return $opts; return array_merge($opts, $addopts); } /** * Display a tree menu to select a page or namespace * * @author Andreas Gohr */ function _html_explorer(){ require_once(DOKU_INC.'inc/search.php'); global $conf; global $ID; global $lang; $dir = $conf['datadir']; $ns = $this->ns; if(empty($ns)){ $ns = dirname(str_replace(':','/',$ID)); if($ns == '.') $ns =''; }elseif($ns == '*'){ $ns =''; } $ns = utf8_encodeFN(str_replace(':','/',$ns)); $data = $this->_get_tree($ns); // wrap a list with the root level around the other namespaces $item = array( 'level' => 0, 'id' => '*', 'type' => 'd', 'open' =>'true', 'label' => '['.$lang['mediaroot'].']'); echo '
    '; echo $this->_html_li_acl($item); echo '
    '; echo $this->_html_list_acl($item); echo '
    '; echo html_buildlist($data,'acl', array($this,'_html_list_acl'), array($this,'_html_li_acl')); echo ''; echo '
'; } /** * get a combined list of media and page files * * @param string $folder an already converted filesystem folder of the current namespace * @param string $limit limit the search to this folder */ function _get_tree($folder,$limit=''){ global $conf; // read tree structure from pages and media $data = array(); search($data,$conf['datadir'],'search_index',array('ns' => $folder),$limit); $media = array(); search($media,$conf['mediadir'],'search_index',array('ns' => $folder, 'nofiles' => true),$limit); $data = array_merge($data,$media); unset($media); // combine by sorting and removing duplicates usort($data,array($this,'_tree_sort')); $count = count($data); if($count>0) for($i=1; $i<$count; $i++){ if($data[$i]['type'] == 'f') break; // namespaces come first, we're done if($data[$i-1]['id'] == $data[$i]['id']) unset($data[$i]); } return $data; } /** * usort callback * * Sorts the combined trees of media and page files */ function _tree_sort($a,$b){ if($a['type'] == 'd' && $b['type'] == 'f'){ return -1; }elseif($a['type'] == 'f' && $b['type'] == 'd'){ return 1; }else{ return strcmp($a['id'],$b['id']); } } /** * Display the current ACL for selected where/who combination with * selectors and modification form * * @author Andreas Gohr */ function _html_detail(){ global $conf; global $ID; echo '
'.NL; echo '
'; echo $this->getLang('acl_perms').' '; $inl = $this->_html_select(); echo ''.NL; echo ''.NL; echo '
'.NL; echo '
'; $this->_html_info(); echo '
'; echo ''.NL; echo ''.NL; echo ''.NL; echo ''.NL; echo ''.NL; echo '
'.NL; } /** * Print infos and editor */ function _html_info(){ global $ID; if($this->who){ $current = $this->_get_exact_perm(); // explain current permissions $this->_html_explain($current); // load editor $this->_html_acleditor($current); }else{ echo '

'; if($this->ns){ printf($this->getLang('p_choose_ns'),hsc($this->ns)); }else{ printf($this->getLang('p_choose_id'),hsc($ID)); } echo '

'; echo $this->locale_xhtml('help'); } } /** * Display the ACL editor * * @author Andreas Gohr */ function _html_acleditor($current){ global $lang; echo '
'; if(is_null($current)){ echo ''.$this->getLang('acl_new').''; }else{ echo ''.$this->getLang('acl_mod').''; } echo $this->_html_checkboxes($current,empty($this->ns),'acl'); if(is_null($current)){ echo ''.NL; }else{ echo ''.NL; echo ''.NL; } echo '
'; } /** * Explain the currently set permissions in plain english/$lang * * @author Andreas Gohr */ function _html_explain($current){ global $ID; global $auth; $who = $this->who; $ns = $this->ns; // prepare where to check if($ns){ if($ns == '*'){ $check='*'; }else{ $check=$ns.':*'; } }else{ $check = $ID; } // prepare who to check if($who{0} == '@'){ $user = ''; $groups = array(ltrim($who,'@')); }else{ $user = auth_nameencode($who); $info = $auth->getUserData($user); if($info === false){ $groups = array(); }else{ $groups = $info['grps']; } } // check the permissions $perm = auth_aclcheck($check,$user,$groups); // build array of named permissions $names = array(); if($perm){ if($ns){ if($perm >= AUTH_DELETE) $names[] = $this->getLang('acl_perm16'); if($perm >= AUTH_UPLOAD) $names[] = $this->getLang('acl_perm8'); if($perm >= AUTH_CREATE) $names[] = $this->getLang('acl_perm4'); } if($perm >= AUTH_EDIT) $names[] = $this->getLang('acl_perm2'); if($perm >= AUTH_READ) $names[] = $this->getLang('acl_perm1'); $names = array_reverse($names); }else{ $names[] = $this->getLang('acl_perm0'); } // print permission explanation echo '

'; if($user){ if($ns){ printf($this->getLang('p_user_ns'),hsc($who),hsc($ns),join(', ',$names)); }else{ printf($this->getLang('p_user_id'),hsc($who),hsc($ID),join(', ',$names)); } }else{ if($ns){ printf($this->getLang('p_group_ns'),hsc(ltrim($who,'@')),hsc($ns),join(', ',$names)); }else{ printf($this->getLang('p_group_id'),hsc(ltrim($who,'@')),hsc($ID),join(', ',$names)); } } echo '

'; // add note if admin if($perm == AUTH_ADMIN){ echo '

'.$this->getLang('p_isadmin').'

'; }elseif(is_null($current)){ echo '

'.$this->getLang('p_inherited').'

'; } } /** * Item formatter for the tree view * * User function for html_buildlist() * * @author Andreas Gohr */ function _html_list_acl($item){ global $ID; $ret = ''; // what to display if($item['label']){ $base = $item['label']; }else{ $base = ':'.$item['id']; $base = substr($base,strrpos($base,':')+1); } // highlight? if( ($item['type']=='d' && $item['id'] == $this->ns) || ($item['type']!='d' && $item['id'] == $ID)) $cl = ' cur'; // namespace or page? if($item['type']=='d'){ if($item['open']){ $img = DOKU_BASE.'lib/images/minus.gif'; $alt = '−'; }else{ $img = DOKU_BASE.'lib/images/plus.gif'; $alt = '+'; } $ret .= ''.$alt.''; $ret .= ''; $ret .= $base; $ret .= ''; }else{ $ret .= ''; $ret .= noNS($item['id']); $ret .= ''; } return $ret; } function _html_li_acl($item){ return '
  • '; } /** * Get current ACL settings as multidim array * * @author Andreas Gohr */ function _init_acl_config(){ global $AUTH_ACL; global $conf; $acl_config=array(); $usersgroups = array(); // get special users and groups $this->specials[] = '@ALL'; $this->specials[] = '@'.$conf['defaultgroup']; if($conf['manager'] != '!!not set!!'){ $this->specials = array_merge($this->specials, array_map('trim', explode(',',$conf['manager']))); } $this->specials = array_filter($this->specials); $this->specials = array_unique($this->specials); sort($this->specials); foreach($AUTH_ACL as $line){ $line = trim(preg_replace('/#.*$/','',$line)); //ignore comments if(!$line) continue; $acl = preg_split('/\s+/',$line); //0 is pagename, 1 is user, 2 is acl $acl[1] = rawurldecode($acl[1]); $acl_config[$acl[0]][$acl[1]] = $acl[2]; // store non-special users and groups for later selection dialog $ug = $acl[1]; if(in_array($ug,$this->specials)) continue; $usersgroups[] = $ug; } $usersgroups = array_unique($usersgroups); sort($usersgroups); ksort($acl_config); $this->acl = $acl_config; $this->usersgroups = $usersgroups; } /** * Display all currently set permissions in a table * * @author Andreas Gohr */ function _html_table(){ global $lang; global $ID; echo '
    '.NL; if($this->ns){ echo ''.NL; }else{ echo ''.NL; } echo ''.NL; echo ''.NL; echo ''.NL; echo ''.NL; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; foreach($this->acl as $where => $set){ foreach($set as $who => $perm){ echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; } } echo ''; echo ''; echo ''; echo '
    '.$this->getLang('where').''.$this->getLang('who').''.$this->getLang('perm').'1)'.$lang['btn_delete'].'
    '; if(substr($where,-1) == '*'){ echo ''.hsc($where).''; $ispage = false; }else{ echo ''.hsc($where).''; $ispage = true; } echo ''; if($who{0} == '@'){ echo ''.hsc($who).''; }else{ echo ''.hsc($who).''; } echo ''; echo $this->_html_checkboxes($perm,$ispage,'acl['.$where.']['.$who.']'); echo ''; echo ''; echo '
    '; echo ''; echo '
    '; echo '
    '.NL; } /** * Returns the permission which were set for exactly the given user/group * and page/namespace. Returns null if no exact match is available * * @author Andreas Gohr */ function _get_exact_perm(){ global $ID; if($this->ns){ if($this->ns == '*'){ $check = '*'; }else{ $check = $this->ns.':*'; } }else{ $check = $ID; } if(isset($this->acl[$check][$this->who])){ return $this->acl[$check][$this->who]; }else{ return null; } } /** * adds new acl-entry to conf/acl.auth.php * * @author Frank Schubert */ function _acl_add($acl_scope, $acl_user, $acl_level){ $acl_config = file_get_contents(DOKU_CONF.'acl.auth.php'); $acl_user = auth_nameencode($acl_user,true); // max level for pagenames is edit if(strpos($acl_scope,'*') === false) { if($acl_level > AUTH_EDIT) $acl_level = AUTH_EDIT; } $new_acl = "$acl_scope\t$acl_user\t$acl_level\n"; $new_config = $acl_config.$new_acl; return io_saveFile(DOKU_CONF.'acl.auth.php', $new_config); } /** * remove acl-entry from conf/acl.auth.php * * @author Frank Schubert */ function _acl_del($acl_scope, $acl_user){ $acl_config = file(DOKU_CONF.'acl.auth.php'); $acl_user = auth_nameencode($acl_user,true); $acl_pattern = '^'.preg_quote($acl_scope,'/').'\s+'.$acl_user.'\s+[0-8].*$'; // save all non!-matching $new_config = preg_grep("/$acl_pattern/", $acl_config, PREG_GREP_INVERT); return io_saveFile(DOKU_CONF.'acl.auth.php', join('',$new_config)); } /** * print the permission radio boxes * * @author Frank Schubert * @author Andreas Gohr */ function _html_checkboxes($setperm,$ispage,$name){ global $lang; static $label = 0; //number labels $ret = ''; if($ispage && $setperm > AUTH_EDIT) $perm = AUTH_EDIT; foreach(array(AUTH_NONE,AUTH_READ,AUTH_EDIT,AUTH_CREATE,AUTH_UPLOAD,AUTH_DELETE) as $perm){ $label += 1; //general checkbox attributes $atts = array( 'type' => 'radio', 'id' => 'pbox'.$label, 'name' => $name, 'value' => $perm ); //dynamic attributes if(!is_null($setperm) && $setperm == $perm) $atts['checked'] = 'checked'; if($ispage && $perm > AUTH_EDIT){ $atts['disabled'] = 'disabled'; $class = ' class="disabled"'; }else{ $class = ''; } //build code $ret .= ''.NL; } return $ret; } /** * Print a user/group selector (reusing already used users and groups) * * @author Andreas Gohr */ function _html_select(){ global $conf; $inlist = false; if($this->who && !in_array($this->who,$this->usersgroups) && !in_array($this->who,$this->specials)){ if($this->who{0} == '@'){ $gsel = ' selected="selected"'; }else{ $usel = ' selected="selected"'; } }else{ $usel = ''; $gsel = ''; $inlist = true; } echo ''.NL; return $inlist; } }