xref: /dokuwiki/lib/plugins/acl/action.php (revision 8265594d98708c1c993489099402d9ee27d2a289) 
1<?php
2/**
3 * AJAX call handler for ACL plugin
4 *
5 * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
6 * @author     Andreas Gohr <andi@splitbrain.org>
7 */
8
9// must be run within Dokuwiki
10if(!defined('DOKU_INC')) die();
11
12/**
13 * Register handler
14 */
15class action_plugin_acl extends DokuWiki_Action_Plugin {
16
17    /**
18     * Registers a callback function for a given event
19     *
20     * @param Doku_Event_Handler $controller DokuWiki's event controller object
21     * @return void
22     */
23    public function register(Doku_Event_Handler &$controller) {
24
25        $controller->register_hook('AJAX_CALL_UNKNOWN', 'BEFORE', $this, 'handle_ajax_call_acl');
26
27    }
28
29    /**
30     * AJAX call handler for ACL plugin
31     *
32     * @param Doku_Event $event  event object by reference
33     * @param mixed      $param  empty
34     * @return void
35     */
36
37    public function handle_ajax_call_acl(Doku_Event &$event, $param) {
38        if ($event->data !== 'plugin_acl') {
39            return;
40        }
41        $event->stopPropagation();
42        $event->preventDefault();
43
44
45        //close session
46        session_write_close();
47
48        global $conf;
49        global $ID;
50        global $INPUT;
51
52        //fix for Opera XMLHttpRequests
53        $postData = http_get_raw_post_data();
54        if(!count($_POST) && !empty($postData)){
55            parse_str($postData, $_POST);
56        }
57
58        if(!auth_isadmin()) die('for admins only');
59        if(!checkSecurityToken()) die('CRSF Attack');
60
61        $ID    = getID();
62
63        /** @var $acl admin_plugin_acl */
64        $acl = plugin_load('admin','acl');
65        $acl->handle();
66
67        $ajax = $INPUT->str('ajax');
68        header('Content-Type: text/html; charset=utf-8');
69
70        if($ajax == 'info'){
71            $acl->_html_info();
72        }elseif($ajax == 'tree'){
73
74            $dir = $conf['datadir'];
75            $ns  = $INPUT->str('ns');
76            if($ns == '*'){
77                $ns ='';
78            }
79            $ns  = cleanID($ns);
80            $lvl = count(explode(':',$ns));
81            $ns  = utf8_encodeFN(str_replace(':','/',$ns));
82
83            $data = $acl->_get_tree($ns,$ns);
84
85            foreach(array_keys($data) as $item){
86                $data[$item]['level'] = $lvl+1;
87            }
88            echo html_buildlist($data, 'acl', array($acl, '_html_list_acl'),
89                                array($acl, '_html_li_acl'));
90        }
91    }
92}