1<?php 2 3use dokuwiki\Extension\ActionPlugin; 4use dokuwiki\Extension\EventHandler; 5use dokuwiki\Extension\Event; 6 7/** 8 * AJAX call handler for ACL plugin 9 * 10 * @license GPL 2 (http://www.gnu.org/licenses/gpl.html) 11 * @author Andreas Gohr <andi@splitbrain.org> 12 */ 13/** 14 * Register handler 15 */ 16class action_plugin_acl extends ActionPlugin 17{ 18 /** 19 * Registers a callback function for a given event 20 * 21 * @param EventHandler $controller DokuWiki's event controller object 22 * @return void 23 */ 24 public function register(EventHandler $controller) 25 { 26 27 $controller->register_hook('AJAX_CALL_UNKNOWN', 'BEFORE', $this, 'handleAjaxCallAcl'); 28 } 29 30 /** 31 * AJAX call handler for ACL plugin 32 * 33 * @param Event $event event object by reference 34 * @param mixed $param empty 35 * @return void 36 */ 37 public function handleAjaxCallAcl(Event $event, $param) 38 { 39 if ($event->data !== 'plugin_acl') { 40 return; 41 } 42 $event->stopPropagation(); 43 $event->preventDefault(); 44 45 global $ID; 46 global $INPUT; 47 48 /** @var $acl admin_plugin_acl */ 49 $acl = plugin_load('admin', 'acl'); 50 if (!$acl->isAccessibleByCurrentUser()) { 51 echo 'for admins only'; 52 return; 53 } 54 if (!checkSecurityToken()) { 55 echo 'CRSF Attack'; 56 return; 57 } 58 59 $ID = getID(); 60 $acl->handle(); 61 62 $ajax = $INPUT->str('ajax'); 63 header('Content-Type: text/html; charset=utf-8'); 64 65 if ($ajax == 'info') { 66 $acl->printInfo(); 67 } elseif ($ajax == 'tree') { 68 $ns = $INPUT->str('ns'); 69 if ($ns == '*') { 70 $ns = ''; 71 } 72 $ns = cleanID($ns); 73 $lvl = count(explode(':', $ns)); 74 $ns = utf8_encodeFN(str_replace(':', '/', $ns)); 75 76 $data = $acl->makeTree($ns, $ns); 77 78 foreach (array_keys($data) as $item) { 79 $data[$item]['level'] = $lvl + 1; 80 } 81 echo html_buildlist( 82 $data, 83 'acl', 84 [$acl, 'makeTreeItem'], 85 [$acl, 'makeListItem'] 86 ); 87 } 88 } 89} 90