(filter extension) * @author Andreas Gohr * @author Anika Henke (concepts) * @author Frank Schubert (old version) */ // must be run within Dokuwiki if(!defined('DOKU_INC')) die(); if(!defined('DOKU_PLUGIN')) define('DOKU_PLUGIN',DOKU_INC.'lib/plugins/'); require_once(DOKU_PLUGIN.'admin.php'); /** * All DokuWiki plugins to extend the admin function * need to inherit from this class */ class admin_plugin_superacl2 extends DokuWiki_Admin_Plugin { var $acl = null; var $ns = null; var $who = ''; var $usersgroups = array(); var $filter_table = true; function forAdminOnly() { return false; // Allow for managers } /** * return some info */ function getInfo(){ return array( 'author' => 'Pascal Bihler', 'email' => 'bihler@cs.uni-bonn.de', 'date' => '2008-05-25', 'name' => 'SuperACL2', 'desc' => 'Manage Page Access Control Lists with filter', 'url' => 'http://wiki.splitbrain.org/plugin:superacl', ); } /** * return prompt for admin menu */ function getMenuText($language) { return $this->getLang('admin_acl'); } /** * return sort order for position in admin menu */ function getMenuSort() { return 1; } /** * handle user request * * Initializes internal vars and handles modifications * * @author Andreas Gohr */ function handle() { global $AUTH_ACL; global $ID; // namespace given? if($_REQUEST['ns'] == '*'){ $this->ns = '*'; }else{ $this->ns = cleanID($_REQUEST['ns']); } // user or group choosen? $who = trim($_REQUEST['acl_w']); if($_REQUEST['acl_t'] == '__g__' && $who){ $this->who = '@'.ltrim($who,'@'); }elseif($_REQUEST['acl_t'] == '__u__' && $who){ $this->who = ltrim($who,'@'); }elseif($_REQUEST['acl_t'] && $_REQUEST['acl_t'] != '__u__' && $_REQUEST['acl_t'] != '__g__'){ $this->who = $_REQUEST['acl_t']; }elseif($who){ $this->who = $who; } // handle modifications if(isset($_REQUEST['cmd'])){ // scope for modifications if($this->ns){ if($this->ns == '*'){ $scope = '*'; }else{ $scope = $this->ns.':*'; } }else{ $scope = $ID; } if(isset($_REQUEST['cmd']['save']) && $scope && $this->who && isset($_REQUEST['acl'])){ // handle additions or single modifications $this->_acl_del($scope, $this->who); $this->_acl_add($scope, $this->who, (int) $_REQUEST['acl']); }elseif(isset($_REQUEST['cmd']['del']) && $scope && $this->who){ // handle single deletions $this->_acl_del($scope, $this->who); }elseif(isset($_REQUEST['cmd']['update'])){ // handle update of the whole file foreach((array) $_REQUEST['del'] as $where => $who){ // remove all rules marked for deletion unset($_REQUEST['acl'][$where][$who]); } // prepare lines $lines = array(); // keep header foreach($AUTH_ACL as $line){ if($line{0} == '#'){ $lines[] = $line; }else{ break; } } // re-add all rules foreach((array) $_REQUEST['acl'] as $where => $opt){ foreach($opt as $who => $perm){ $who = auth_nameencode($who,true); $lines[] = "$where\t$who\t$perm\n"; } } // save it io_saveFile(DOKU_CONF.'acl.auth.php', join('',$lines)); } // reload ACL config $AUTH_ACL = file(DOKU_CONF.'acl.auth.php'); } // initialize ACL array $this->_init_acl_config(); // set filter flag if(isset($_REQUEST['acl__filter'])){ $this->filter_table = ($_REQUEST['acl__filter'] != "off"); } } /** * ACL Output function * * print a table with all significant permissions for the * current id * * @author Frank Schubert * @author Andreas Gohr */ function html() { global $ID; echo '
'.NL; echo '

'.$this->getLang('admin_acl').'

'.NL; echo '
'.NL; echo '
'.NL; $this->_html_explorer($_REQUEST['ns']); echo '
'.NL; echo '
'.NL; $this->_html_detail(); echo '
'.NL; echo '
'.NL; echo '
'; echo '

'.$this->getLang('current').'

'.NL; echo '
'.NL; $this->_html_table(); echo '
'.NL; echo '
'.NL; } /** * returns array with set options for building links * * @author Andreas Gohr */ function _get_opts($addopts=null){ global $ID; $opts = array( 'do'=>'admin', 'page'=>'superacl2', ); if($this->ns) $opts['ns'] = $this->ns; if($this->who) $opts['acl_w'] = $this->who; if(is_null($addopts)) return $opts; return array_merge($opts, $addopts); } /** * Display a tree menu to select a page or namespace * * @author Andreas Gohr */ function _html_explorer(){ require_once(DOKU_INC.'inc/search.php'); global $conf; global $ID; global $lang; $dir = $conf['datadir']; $ns = $this->ns; if(empty($ns)){ $ns = dirname(str_replace(':','/',$ID)); if($ns == '.') $ns =''; }elseif($ns == '*'){ $ns =''; } $ns = utf8_encodeFN(str_replace(':','/',$ns)); $data = array(); search($data,$conf['datadir'],'search_index',array('ns' => $ns)); // wrap a list with the root level around the other namespaces $item = array( 'level' => 0, 'id' => '*', 'type' => 'd', 'open' =>'true', 'label' => '['.$lang['mediaroot'].']'); echo '
    '; echo $this->_html_li_acl($item); echo '
    '; echo $this->_html_list_acl($item); echo '
    '; echo html_buildlist($data,'acl', array($this,'_html_list_acl'), array($this,'_html_li_acl')); echo ''; echo '
'; } /** * Display the current ACL for selected where/who combination with * selectors and modification form * * @author Andreas Gohr */ function _html_detail(){ global $conf; global $ID; echo '
'.NL; echo '
'; echo $this->getLang('acl_perms').' '; $inl = $this->_html_select(); echo ''.NL; echo ''.NL; echo '
'.NL; echo '
'; $this->_html_info(); echo '
'; echo ''.NL; echo ''.NL; echo ''.NL; echo ''.NL; echo ''.NL; echo '
'.NL; } /** * Print infos and editor */ function _html_info(){ global $ID; if($this->who){ $current = $this->_get_exact_perm(); // explain current permissions $this->_html_explain($current); // load editor $this->_html_acleditor($current); }else{ echo '

'; if($this->ns){ printf($this->getLang('p_choose_ns'),hsc($this->ns)); }else{ printf($this->getLang('p_choose_id'),hsc($ID)); } echo '

'; echo $this->locale_xhtml('help'); } } /** * Display the ACL editor * * @author Andreas Gohr */ function _html_acleditor($current){ global $lang; echo '
'; if(is_null($current)){ echo ''.$this->getLang('acl_new').''; }else{ echo ''.$this->getLang('acl_mod').''; } echo $this->_html_checkboxes($current,empty($this->ns),'acl'); if(is_null($current)){ echo ''.NL; }else{ echo ''.NL; echo ''.NL; } echo '
'; } /** * Explain the currently set permissions in plain english/$lang * * @author Andreas Gohr */ function _html_explain($current){ global $ID; global $auth; $who = $this->who; $ns = $this->ns; // prepare where to check if($ns){ if($ns == '*'){ $check='*'; }else{ $check=$ns.':*'; } }else{ $check = $ID; } // prepare who to check if($who{0} == '@'){ $user = ''; $groups = array(ltrim($who,'@')); }else{ $user = auth_nameencode($who); $info = $auth->getUserData($user); if($info === false){ $groups = array(); }else{ $groups = $info['groups']; } } // check the permissions $perm = auth_aclcheck($check,$user,$groups); // build array of named permissions $names = array(); if($perm){ if($ns){ if($perm >= AUTH_DELETE) $names[] = $this->getLang('acl_perm16'); if($perm >= AUTH_UPLOAD) $names[] = $this->getLang('acl_perm8'); if($perm >= AUTH_CREATE) $names[] = $this->getLang('acl_perm4'); } if($perm >= AUTH_EDIT) $names[] = $this->getLang('acl_perm2'); if($perm >= AUTH_READ) $names[] = $this->getLang('acl_perm1'); $names = array_reverse($names); }else{ $names[] = $this->getLang('acl_perm0'); } // print permission explanation echo '

'; if($user){ if($ns){ printf($this->getLang('p_user_ns'),hsc($who),hsc($ns),join(', ',$names)); }else{ printf($this->getLang('p_user_id'),hsc($who),hsc($ID),join(', ',$names)); } }else{ if($ns){ printf($this->getLang('p_group_ns'),hsc(ltrim($who,'@')),hsc($ns),join(', ',$names)); }else{ printf($this->getLang('p_group_id'),hsc(ltrim($who,'@')),hsc($ID),join(', ',$names)); } } echo '

'; // add note if admin if($perm == AUTH_ADMIN){ echo '

'.$this->getLang('p_isadmin').'

'; }elseif(is_null($current)){ echo '

'.$this->getLang('p_inherited').'

'; } } /** * Item formatter for the tree view * * User function for html_buildlist() * * @author Andreas Gohr */ function _html_list_acl($item){ global $ID; $ret = ''; // what to display if($item['label']){ $base = $item['label']; }else{ $base = ':'.$item['id']; $base = substr($base,strrpos($base,':')+1); } // highlight? if(($item['type']=='d' && $item['id'] == $this->ns) || $item['id'] == $ID) $cl = ' cur'; // namespace or page? if($item['type']=='d'){ if($item['open']){ $img = DOKU_BASE.'lib/images/minus.gif'; $alt = '−'; }else{ $img = DOKU_BASE.'lib/images/plus.gif'; $alt = '+'; } $ret .= ''.$alt.''; $ret .= ''; $ret .= $base; $ret .= ''; }else{ $ret .= ''; $ret .= noNS($item['id']); $ret .= ''; } return $ret; } function _html_li_acl($item){ return '
  • '; } /** * Get current ACL settings as multidim array * * @author Andreas Gohr */ function _init_acl_config(){ global $AUTH_ACL; global $conf; $acl_config=array(); $usersgroups = array(); foreach($AUTH_ACL as $line){ $line = trim(preg_replace('/#.*$/','',$line)); //ignore comments if(!$line) continue; $acl = preg_split('/\s+/',$line); //0 is pagename, 1 is user, 2 is acl $acl[1] = rawurldecode($acl[1]); $acl_config[$acl[0]][$acl[1]] = $acl[2]; // store non-special users and groups for later selection dialog $ug = $acl[1]; if($ug == '@ALL') continue; if($ug == $conf['superuser']) continue; if($ug == $conf['manager']) continue; $usersgroups[] = $ug; } $usersgroups = array_unique($usersgroups); sort($usersgroups); uksort($acl_config,array($this,'_sort_names')); $this->acl = $acl_config; $this->usersgroups = $usersgroups; } /** * Custom function to sort the ACLs by namespace names * * @todo This maybe could be improved to resemble the real tree structure? */ function _sort_names($a,$b){ $ca = substr_count($a,':'); $cb = substr_count($b,':'); if($ca < $cb){ return -1; }elseif($ca > $cb){ return 1; }else{ return strcmp($a,$b); } } /** * Display all currently set permissions in a table * * @author Andreas Gohr */ function _html_table(){ global $lang; global $ID; echo '
    '.NL; if($this->ns){ echo ''.NL; }else{ echo ''.NL; } echo ''.NL; echo ''.NL; echo ''.NL; echo '
    '.NL; echo 'filter_table ? '' : 'checked="checked"') . ' value="off" />'.NL; echo ''.NL; echo '
    '.NL; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; foreach($this->acl as $where => $set){ if ($this->filter_table) $hidden = ! ($this->_is_in_current_namespace($where)); else $hidden = false; foreach($set as $who => $perm){ if ($hidden) { echo ''; } else { echo ''; } echo ''; echo ''; echo ''; echo ''; echo ''; } } echo ''; echo ''; echo ''; echo '
    '.$this->getLang('where').''.$this->getLang('who').''.$this->getLang('perm').''.$lang['btn_delete'].'
    '; if(substr($where,-1) == '*'){ echo ''.hsc($where).''; $ispage = false; }else{ echo ''.hsc($where).''; $ispage = true; } echo ''; if($who{0} == '@'){ echo ''.hsc($who).''; }else{ echo ''.hsc($who).''; } echo ''; echo $this->_html_checkboxes($perm,$ispage,'acl['.hsc($where).']['.hsc($who).']'); echo ''; echo ''; echo '
    '; echo ''; echo '
    '; echo '
    '.NL; } /** * Returns true if the given location is in the currently selected namespace (or below, if namespace given) * * @author Pascal Bihler */ function _is_in_current_namespace($location) { global $ID; $is_namespace = substr($location,strlen($location)-1,1)=="*"; $location = getNS($location); $ns = $this->ns; if (! $this->ns) $ns = getNS($ID); if ($ns == "*") $ns = ""; if (! $is_namespace) return $location == $ns; else return substr($ns,0,strlen($location)) == $location; } /** * Returns the permission which were set for exactly the given user/group * and page/namespace. Returns null if no exact match is available * * @author Andreas Gohr */ function _get_exact_perm(){ global $ID; if($this->ns){ if($this->ns == '*'){ $check = '*'; }else{ $check = $this->ns.':*'; } }else{ $check = $ID; } if(isset($this->acl[$check][auth_nameencode($this->who,true)])){ return $this->acl[$check][auth_nameencode($this->who,true)]; }else{ return null; } } /** * adds new acl-entry to conf/acl.auth.php * * @author Frank Schubert */ function _acl_add($acl_scope, $acl_user, $acl_level){ $acl_config = file_get_contents(DOKU_CONF.'acl.auth.php'); $acl_user = auth_nameencode($acl_user,true); // max level for pagenames is edit if(strpos($acl_scope,'*') === false) { if($acl_level > AUTH_EDIT) $acl_level = AUTH_EDIT; } $new_acl = "$acl_scope\t$acl_user\t$acl_level\n"; $new_config = $acl_config.$new_acl; return io_saveFile(DOKU_CONF.'acl.auth.php', $new_config); } /** * remove acl-entry from conf/acl.auth.php * * @author Frank Schubert */ function _acl_del($acl_scope, $acl_user){ $acl_config = file(DOKU_CONF.'acl.auth.php'); $acl_user = auth_nameencode($acl_user,true); $acl_pattern = '^'.preg_quote($acl_scope,'/').'\s+'.$acl_user.'\s+[0-8].*$'; // save all non!-matching $new_config = preg_grep("/$acl_pattern/", $acl_config, PREG_GREP_INVERT); return io_saveFile(DOKU_CONF.'acl.auth.php', join('',$new_config)); } /** * print the permission radio boxes * * @author Frank Schubert * @author Andreas Gohr */ function _html_checkboxes($setperm,$ispage,$name){ global $lang; static $label = 0; //number labels $ret = ''; if($ispage && $setperm > AUTH_EDIT) $perm = AUTH_EDIT; foreach(array(AUTH_NONE,AUTH_READ,AUTH_EDIT,AUTH_CREATE,AUTH_UPLOAD,AUTH_DELETE) as $perm){ $label += 1; //general checkbox attributes $atts = array( 'type' => 'radio', 'id' => 'pbox'.$label, 'name' => $name, 'value' => $perm ); //dynamic attributes if(!is_null($setperm) && $setperm == $perm) $atts['checked'] = 'checked'; if($ispage && $perm > AUTH_EDIT){ $atts['disabled'] = 'disabled'; $class = ' class="disabled"'; }else{ $class = ''; } //build code $ret .= ''.NL; } return $ret; } /** * Print a user/group selector (reusing already used users and groups) * * @author Andreas Gohr */ function _html_select(){ global $conf; $inlist = false; $specials = array('@ALL','@'.$conf['defaultgroup']); if($conf['manager'] && $conf['manager'] != '!!not set!!') $specials[] = $conf['manager']; if($this->who && !in_array($this->who,$this->usersgroups) && !in_array($this->who,$specials)){ if($this->who{0} == '@'){ $gsel = ' selected="selected"'; }else{ $usel = ' selected="selected"'; } }else{ $usel = ''; $gsel = ''; $inlist = true; } echo ''.NL; return $inlist; } }