xref: /dokuwiki/lib/plugins/acl/action.php (revision 00dd0e7e7ab5bc29658e4be85336841af70b6b97) 
1<?php
2/**
3 * AJAX call handler for ACL plugin
4 *
5 * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
6 * @author     Andreas Gohr <andi@splitbrain.org>
7 */
8
9// must be run within Dokuwiki
10if(!defined('DOKU_INC')) die();
11
12/**
13 * Register handler
14 */
15class action_plugin_acl extends DokuWiki_Action_Plugin {
16
17    /**
18     * Registers a callback function for a given event
19     *
20     * @param Doku_Event_Handler $controller DokuWiki's event controller object
21     * @return void
22     */
23    public function register(Doku_Event_Handler &$controller) {
24
25        $controller->register_hook('AJAX_CALL_UNKNOWN', 'BEFORE', $this, 'handle_ajax_call_acl');
26
27    }
28
29    /**
30     * AJAX call handler for ACL plugin
31     *
32     * @param Doku_Event $event  event object by reference
33     * @param mixed $param  empty
34     * @return void
35     */
36
37    public function handle_ajax_call_acl(Doku_Event &$event, $param) {
38        if($event->data !== 'plugin_acl') {
39            return;
40        }
41        $event->stopPropagation();
42        $event->preventDefault();
43
44        //close session
45        session_write_close();
46
47        global $ID;
48        global $INPUT;
49
50        //fix for Opera XMLHttpRequests
51        $postData = http_get_raw_post_data();
52        if(!count($_POST) && !empty($postData)) {
53            parse_str($postData, $_POST);
54        }
55
56        if(!auth_isadmin()) {
57            echo 'for admins only';
58            return;
59        }
60        if(!checkSecurityToken()) {
61            echo 'CRSF Attack';
62            return;
63        }
64
65        $ID = getID();
66
67        /** @var $acl admin_plugin_acl */
68        $acl = plugin_load('admin', 'acl');
69        $acl->handle();
70
71        $ajax = $INPUT->str('ajax');
72        header('Content-Type: text/html; charset=utf-8');
73
74        if($ajax == 'info') {
75            $acl->_html_info();
76        } elseif($ajax == 'tree') {
77
78            $ns = $INPUT->str('ns');
79            if($ns == '*') {
80                $ns = '';
81            }
82            $ns = cleanID($ns);
83            $lvl = count(explode(':', $ns));
84            $ns = utf8_encodeFN(str_replace(':', '/', $ns));
85
86            $data = $acl->_get_tree($ns, $ns);
87
88            foreach(array_keys($data) as $item) {
89                $data[$item]['level'] = $lvl + 1;
90            }
91            echo html_buildlist(
92                $data, 'acl', array($acl, '_html_list_acl'),
93                array($acl, '_html_li_acl')
94            );
95        }
96    }
97}