*/ function admin_acl_handler(){ global $AUTH_ACL; $cmd = $_REQUEST['acl_cmd']; $scope = $_REQUEST['acl_scope']; $type = $_REQUEST['acl_type']; $user = $_REQUEST['acl_user']; $perm = $_REQUEST['acl_perm']; if(is_array($perm)){ //use the maximum sort($perm); $perm = array_pop($perm); }else{ $perm = 0; } //sanitize $user = cleanID($user); if($type == '@') $user = '@'.$user; if($user == '@all') $user = '@ALL'; //special group! (now case insensitive) $perm = (int) $perm; if($perm > AUTH_UPLOAD) $perm = AUTH_UPLOAD; //FIXME sanitize scope!!! //nothing to do? if(empty($cmd) || empty($scope) || empty($user)) return; if($cmd == 'save'){ admin_acl_del($scope, $user); admin_acl_add($scope, $user, $perm); }elseif($cmd == 'delete'){ admin_acl_del($scope, $user); } // reload ACL config $AUTH_ACL = file('conf/acl.auth'); } /** * Get matching ACL lines for a page * * $ID is pagename, reads matching lines from $AUTH_ACL, * also reads acls from namespace * returns multi-array with key=pagename and value=array(user, acl) * * @todo Fix comment to make sense * @todo should this moved to auth.php? * @todo can this be combined with auth_aclcheck to avoid duplicate code? * @author Frank Schubert */ function get_acl_config($id){ global $AUTH_ACL; $acl_config=array(); // match exact name $matches = preg_grep('/^'.$id.'\s+.*/',$AUTH_ACL); if(count($matches)){ foreach($matches as $match){ $match = preg_replace('/#.*$/','',$match); //ignore comments $acl = preg_split('/\s+/',$match); //0 is pagename, 1 is user, 2 is acl $acl_config[$acl[0]][] = array( 'name' => $acl[1], 'perm' => $acl[2]); } } $specific_found=array(); // match ns while(($id=getNS($id)) !== false){ $matches = preg_grep('/^'.$id.':\*\s+.*/',$AUTH_ACL); if(count($matches)){ foreach($matches as $match){ $match = preg_replace('/#.*$/','',$match); //ignore comments $acl = preg_split('/\s+/',$match); //0 is pagename, 1 is user, 2 is acl $acl_config[$acl[0]][] = array( 'name' => $acl[1], 'perm' => $acl[2]); $specific_found[]=$acl[1]; } } } //include *-config $matches = preg_grep('/^\*\s+.*/',$AUTH_ACL); if(count($matches)){ foreach($matches as $match){ $match = preg_replace('/#.*$/','',$match); //ignore comments $acl = preg_split('/\s+/',$match); // only include * for this user if not already found in ns if(!in_array($acl[1], $specific_found)){ //0 is pagename, 1 is user, 2 is acl $acl_config[$acl[0]][] = array( 'name' => $acl[1], 'perm' => $acl[2]); } } } //sort //FIXME: better sort algo: first sort by key, then sort by first value krsort($acl_config, SORT_STRING); return($acl_config); } /** * adds new acl-entry to conf/acl.auth * * @author Frank Schubert */ function admin_acl_add($acl_scope, $acl_user, $acl_level){ $acl_config = join("",file('conf/acl.auth')); // max level for pagenames is edit if(strpos("*", $acl_scope) === false) { if($acl_level > AUTH_EDIT) $acl_level = AUTH_EDIT; } $new_acl = "$acl_scope\t$acl_user\t$acl_level\n"; $new_config = $acl_config.$new_acl; return io_saveFile("conf/acl.auth", $new_config); } /** * remove acl-entry from conf/acl.auth * * @author Frank Schubert */ function admin_acl_del($acl_scope, $acl_user){ $acl_config = file('conf/acl.auth'); $acl_pattern = '^'.preg_quote($acl_scope,'/').'\s+'.$acl_user.'\s+[0-8].*$'; // save all non!-matching #FIXME invert is available from 4.2.0 only! $new_config = preg_grep("/$acl_pattern/", $acl_config, PREG_GREP_INVERT); return io_saveFile("conf/acl.auth", join("",$new_config)); } // --- HTML OUTPUT FUNCTIONS BELOW --- // /** * ACL Output function * * print a table with all significant permissions for the * current id * * @author Frank Schubert * @author Andreas Gohr */ function admin_acl_html(){ global $ID; print p_locale_xhtml('admin_acl'); ptln('
'); ptln(''); //new admin_acl_html_new(); //current config $acls = get_acl_config($ID); foreach ($acls as $id => $acl){ admin_acl_html_current($id,$acl); } ptln('
'); ptln('
'); } /** * print tablerows with the current permissions for one id * * @author Frank Schubert * @author Andreas Gohr */ function admin_acl_html_dropdown($id){ global $lang; $cur = $id; $ret = ''; $opt = array(); //prepare all options // current page $opt[] = array('key'=> $id, 'val'=> $id.' ('.$lang['page'].')'); // additional namespaces while(($id=getNS($id)) !== false){ $opt[] = array('key'=> $id.':*', 'val'=> $id.':* ('.$lang['namespace'].')'); } // the top namespace $opt[] = array('key'=> '*', 'val'=> '* ('.$lang['namespace'].')'); // set sel on second entry (current namespace) $opt[1]['sel'] = ' selected="selected"'; // flip options $opt = array_reverse($opt); // create HTML $att = array( 'name' => 'acl_scope', 'class' => 'edit', 'title' => $lang['page'].'/'.$lang['namespace']); $ret .= ''; return $ret; } /** * print tablerows with the current permissions for one id * * @author Frank Schubert * @author Andreas Gohr */ function admin_acl_html_new(){ global $lang; global $ID; // table headers ptln('',2); ptln(' '.$lang['acl_new'].'',2); ptln('',2); ptln('',2); ptln('',4); ptln('
',4); ptln(' ',4); ptln(' ',4); ptln(' ',4); //scope select ptln($lang['acl_perms'],4); ptln(admin_acl_html_dropdown($ID),4); $att = array( 'name' => 'acl_type', 'class' => 'edit', 'title' => $lang['acl_user'].'/'.$lang['acl_group']); ptln(' ',4); $att = array( 'name' => 'acl_user', 'type' => 'text', 'class' => 'edit', 'title' => $lang['acl_user'].'/'.$lang['acl_group']); ptln(' ',4); ptln('
'); ptln( admin_acl_html_checkboxes(0,false),8); ptln(' ',4); ptln('
'); ptln('',2); } /** * print tablerows with the current permissions for one id * * @author Frank Schubert * @author Andreas Gohr */ function admin_acl_html_current($id,$permissions){ global $lang; global $ID; //is it a page? if(substr($id,-1) == '*'){ $ispage = false; }else{ $ispage = true; } // table headers ptln(' '); ptln(' '); ptln($lang['acl_perms'],6); if($ispage){ ptln($lang['page'],6); }else{ ptln($lang['namespace'],6); } ptln(''.$id.'',6); ptln(' '); ptln(' '); sort($permissions); foreach ($permissions as $conf){ //userfriendly group/user display if(substr($conf['name'],0,1)=="@"){ $group = $lang['acl_group']; $name = substr($conf['name'],1); $type = '@'; }else{ $group = $lang['acl_user']; $name = $conf['name']; $type = ''; } ptln('',2); ptln(''.$group.' '.$name.'',4); // update form ptln('',4); ptln('
',4); ptln(' ',4); ptln(' ',4); ptln(' ',4); ptln(' ',4); ptln(' ',4); ptln(' ',4); ptln( admin_acl_html_checkboxes($conf['perm'],$ispage),8); ptln(' ',4); ptln('
'); ptln('',4); // deletion form $ask = $lang['del_confirm'].'\\n'; $ask .= $id.' '.$conf['name'].' '.$conf['perm']; ptln('',4); ptln('
',4); ptln(' ',4); ptln(' ',4); ptln(' ',4); ptln(' ',4); ptln(' ',4); ptln(' ',4); ptln(' ',4); ptln('
',4); ptln('',4); ptln('',2); } } /** * print the permission checkboxes * * @author Frank Schubert * @author Andreas Gohr */ function admin_acl_html_checkboxes($setperm,$ispage){ global $lang; static $label = 0; //number labels $ret = ''; foreach(array(AUTH_READ,AUTH_EDIT,AUTH_CREATE,AUTH_UPLOAD) as $perm){ $label += 1; //general checkbox attributes $atts = array( 'type' => 'checkbox', 'id' => 'pbox'.$label, 'name' => 'acl_perm[]', 'value' => $perm ); //dynamic attributes if($setperm >= $perm) $atts['checked'] = 'checked'; # if($perm > AUTH_READ) $atts['onchange'] = #FIXME JS to autoadd lower perms if($ispage && $perm > AUTH_EDIT) $atts['disabled'] = 'disabled'; //build code $ret .= '\n"; } return $ret; } //Setup VIM: ex: et ts=2 enc=utf-8 :