111e2ce22Schris<?php 211e2ce22Schris/** 311e2ce22Schris * ACL administration functions 411e2ce22Schris * 511e2ce22Schris * @license GPL 2 (http://www.gnu.org/licenses/gpl.html) 611e2ce22Schris * @author Frank Schubert <frank@schokilade.de> 711e2ce22Schris */ 811e2ce22Schrisif(!defined('DOKU_INC')) define('DOKU_INC',realpath(dirname(__FILE__).'/../../').'/'); 911e2ce22Schrisif(!defined('DOKU_PLUGIN')) define('DOKU_PLUGIN',DOKU_INC.'lib/plugins/'); 1011e2ce22Schrisrequire_once(DOKU_PLUGIN.'admin.php'); 1111e2ce22Schris 1211e2ce22Schris/** 1311e2ce22Schris * All DokuWiki plugins to extend the admin function 1411e2ce22Schris * need to inherit from this class 1511e2ce22Schris */ 1611e2ce22Schrisclass admin_plugin_acl extends DokuWiki_Admin_Plugin { 1711e2ce22Schris 1811e2ce22Schris /** 1911e2ce22Schris * return some info 2011e2ce22Schris */ 2111e2ce22Schris function getInfo(){ 2211e2ce22Schris return array( 2311e2ce22Schris 'author' => 'Frank Schubert', 2411e2ce22Schris 'email' => 'frank@schokilade.de', 2511e2ce22Schris 'date' => '2005-08-08', 2611e2ce22Schris 'name' => 'ACL', 2711e2ce22Schris 'desc' => 'Manage Page Access Control Lists', 2811e2ce22Schris 'url' => 'http://wiki.splitbrain.org/wiki:acl', 2911e2ce22Schris ); 3011e2ce22Schris } 3111e2ce22Schris 3211e2ce22Schris /** 3311e2ce22Schris * return prompt for admin menu 3411e2ce22Schris */ 3511e2ce22Schris function getMenuText($language) { 3611e2ce22Schris global $lang; 3711e2ce22Schris return $lang['admin_acl']; 3811e2ce22Schris } 3911e2ce22Schris 4011e2ce22Schris /** 4111e2ce22Schris * return sort order for position in admin menu 4211e2ce22Schris */ 4311e2ce22Schris function getMenuSort() { 4411e2ce22Schris return 1; 4511e2ce22Schris } 4611e2ce22Schris 4711e2ce22Schris /** 4811e2ce22Schris * handle user request 4911e2ce22Schris */ 5011e2ce22Schris function handle() { 5111e2ce22Schris global $AUTH_ACL; 5211e2ce22Schris 5311e2ce22Schris $cmd = $_REQUEST['acl_cmd']; 5411e2ce22Schris $scope = $_REQUEST['acl_scope']; 5511e2ce22Schris $type = $_REQUEST['acl_type']; 5611e2ce22Schris $user = $_REQUEST['acl_user']; 5711e2ce22Schris $perm = $_REQUEST['acl_perm']; 5811e2ce22Schris 5911e2ce22Schris if(is_array($perm)){ 6011e2ce22Schris //use the maximum 6111e2ce22Schris sort($perm); 6211e2ce22Schris $perm = array_pop($perm); 6311e2ce22Schris }else{ 6411e2ce22Schris $perm = 0; 6511e2ce22Schris } 6611e2ce22Schris 6711e2ce22Schris //sanitize 6811e2ce22Schris $user = cleanID($user); 6911e2ce22Schris if($type == '@') $user = '@'.$user; 7011e2ce22Schris if($user == '@all') $user = '@ALL'; //special group! (now case insensitive) 7111e2ce22Schris $perm = (int) $perm; 7211e2ce22Schris if($perm > AUTH_DELETE) $perm = AUTH_DELETE; 7311e2ce22Schris //FIXME sanitize scope!!! 7411e2ce22Schris 7511e2ce22Schris //nothing to do? 7611e2ce22Schris if(empty($cmd) || empty($scope) || empty($user)) return; 7711e2ce22Schris 7811e2ce22Schris 7911e2ce22Schris if($cmd == 'save'){ 8011e2ce22Schris $this->admin_acl_del($scope, $user); 8111e2ce22Schris $this->admin_acl_add($scope, $user, $perm); 8211e2ce22Schris }elseif($cmd == 'delete'){ 8311e2ce22Schris $this->admin_acl_del($scope, $user); 8411e2ce22Schris } 8511e2ce22Schris 8611e2ce22Schris // reload ACL config 8711e2ce22Schris $AUTH_ACL = file(DOKU_CONF.'acl.auth.php'); 8811e2ce22Schris } 8911e2ce22Schris 9011e2ce22Schris /** 9111e2ce22Schris * ACL Output function 9211e2ce22Schris * 9311e2ce22Schris * print a table with all significant permissions for the 9411e2ce22Schris * current id 9511e2ce22Schris * 9611e2ce22Schris * @author Frank Schubert <frank@schokilade.de> 9711e2ce22Schris * @author Andreas Gohr <andi@splitbrain.org> 9811e2ce22Schris */ 9911e2ce22Schris function html() { 10011e2ce22Schris global $ID; 10111e2ce22Schris 10211e2ce22Schris print p_locale_xhtml('admin_acl'); 10311e2ce22Schris 10411e2ce22Schris ptln('<div class="acladmin">'); 10511e2ce22Schris ptln('<table class="inline">'); 10611e2ce22Schris 10711e2ce22Schris //new 10811e2ce22Schris $this->admin_acl_html_new(); 10911e2ce22Schris 11011e2ce22Schris //current config 11111e2ce22Schris $acls = $this->get_acl_config($ID); 11211e2ce22Schris foreach ($acls as $id => $acl){ 11311e2ce22Schris $this->admin_acl_html_current($id,$acl); 11411e2ce22Schris } 11511e2ce22Schris 11611e2ce22Schris ptln('</table>'); 11711e2ce22Schris ptln('</div>'); 11811e2ce22Schris } 11911e2ce22Schris 12011e2ce22Schris 12111e2ce22Schris /** 12211e2ce22Schris * Get matching ACL lines for a page 12311e2ce22Schris * 12411e2ce22Schris * $ID is pagename, reads matching lines from $AUTH_ACL, 12511e2ce22Schris * also reads acls from namespace 12611e2ce22Schris * returns multi-array with key=pagename and value=array(user, acl) 12711e2ce22Schris * 12811e2ce22Schris * @todo Fix comment to make sense 12911e2ce22Schris * @todo should this moved to auth.php? 13011e2ce22Schris * @todo can this be combined with auth_aclcheck to avoid duplicate code? 13111e2ce22Schris * @author Frank Schubert <frank@schokilade.de> 13211e2ce22Schris */ 13311e2ce22Schris function get_acl_config($id){ 13411e2ce22Schris global $AUTH_ACL; 13511e2ce22Schris 13611e2ce22Schris $acl_config=array(); 13711e2ce22Schris 13811e2ce22Schris // match exact name 13911e2ce22Schris $matches = preg_grep('/^'.$id.'\s+.*/',$AUTH_ACL); 14011e2ce22Schris if(count($matches)){ 14111e2ce22Schris foreach($matches as $match){ 14211e2ce22Schris $match = preg_replace('/#.*$/','',$match); //ignore comments 14311e2ce22Schris $acl = preg_split('/\s+/',$match); 14411e2ce22Schris //0 is pagename, 1 is user, 2 is acl 14511e2ce22Schris $acl_config[$acl[0]][] = array( 'name' => $acl[1], 'perm' => $acl[2]); 14611e2ce22Schris } 14711e2ce22Schris } 14811e2ce22Schris 14911e2ce22Schris $specific_found=array(); 15011e2ce22Schris // match ns 15111e2ce22Schris while(($id=getNS($id)) !== false){ 15211e2ce22Schris $matches = preg_grep('/^'.$id.':\*\s+.*/',$AUTH_ACL); 15311e2ce22Schris if(count($matches)){ 15411e2ce22Schris foreach($matches as $match){ 15511e2ce22Schris $match = preg_replace('/#.*$/','',$match); //ignore comments 15611e2ce22Schris $acl = preg_split('/\s+/',$match); 15711e2ce22Schris //0 is pagename, 1 is user, 2 is acl 15811e2ce22Schris $acl_config[$acl[0]][] = array( 'name' => $acl[1], 'perm' => $acl[2]); 15911e2ce22Schris $specific_found[]=$acl[1]; 16011e2ce22Schris } 16111e2ce22Schris } 16211e2ce22Schris } 16311e2ce22Schris 16411e2ce22Schris //include *-config 16511e2ce22Schris $matches = preg_grep('/^\*\s+.*/',$AUTH_ACL); 16611e2ce22Schris if(count($matches)){ 16711e2ce22Schris foreach($matches as $match){ 16811e2ce22Schris $match = preg_replace('/#.*$/','',$match); //ignore comments 16911e2ce22Schris $acl = preg_split('/\s+/',$match); 17011e2ce22Schris // only include * for this user if not already found in ns 17111e2ce22Schris if(!in_array($acl[1], $specific_found)){ 17211e2ce22Schris //0 is pagename, 1 is user, 2 is acl 17311e2ce22Schris $acl_config[$acl[0]][] = array( 'name' => $acl[1], 'perm' => $acl[2]); 17411e2ce22Schris } 17511e2ce22Schris } 17611e2ce22Schris } 17711e2ce22Schris 17811e2ce22Schris //sort 17911e2ce22Schris //FIXME: better sort algo: first sort by key, then sort by first value 18011e2ce22Schris krsort($acl_config, SORT_STRING); 18111e2ce22Schris 18211e2ce22Schris return($acl_config); 18311e2ce22Schris } 18411e2ce22Schris 18511e2ce22Schris 18611e2ce22Schris /** 18711e2ce22Schris * adds new acl-entry to conf/acl.auth.php 18811e2ce22Schris * 18911e2ce22Schris * @author Frank Schubert <frank@schokilade.de> 19011e2ce22Schris */ 19111e2ce22Schris function admin_acl_add($acl_scope, $acl_user, $acl_level){ 19211e2ce22Schris $acl_config = join("",file(DOKU_CONF.'acl.auth.php')); 19311e2ce22Schris 19411e2ce22Schris // max level for pagenames is edit 19511e2ce22Schris if(strpos($acl_scope,'*') === false) { 19611e2ce22Schris if($acl_level > AUTH_EDIT) $acl_level = AUTH_EDIT; 19711e2ce22Schris } 19811e2ce22Schris 19911e2ce22Schris $new_acl = "$acl_scope\t$acl_user\t$acl_level\n"; 20011e2ce22Schris 20111e2ce22Schris $new_config = $acl_config.$new_acl; 20211e2ce22Schris 20311e2ce22Schris return io_saveFile(DOKU_CONF.'acl.auth.php', $new_config); 20411e2ce22Schris } 20511e2ce22Schris 20611e2ce22Schris /** 20711e2ce22Schris * remove acl-entry from conf/acl.auth.php 20811e2ce22Schris * 20911e2ce22Schris * @author Frank Schubert <frank@schokilade.de> 21011e2ce22Schris */ 21111e2ce22Schris function admin_acl_del($acl_scope, $acl_user){ 21211e2ce22Schris $acl_config = file(DOKU_CONF.'acl.auth.php'); 21311e2ce22Schris 21411e2ce22Schris $acl_pattern = '^'.preg_quote($acl_scope,'/').'\s+'.$acl_user.'\s+[0-8].*$'; 21511e2ce22Schris 21611e2ce22Schris // save all non!-matching #FIXME invert is available from 4.2.0 only! 21711e2ce22Schris $new_config = preg_grep("/$acl_pattern/", $acl_config, PREG_GREP_INVERT); 21811e2ce22Schris 21911e2ce22Schris return io_saveFile(DOKU_CONF.'acl.auth.php', join('',$new_config)); 22011e2ce22Schris } 22111e2ce22Schris 22211e2ce22Schris // --- HTML OUTPUT FUNCTIONS BELOW --- // 22311e2ce22Schris 22411e2ce22Schris /** 22511e2ce22Schris * print tablerows with the current permissions for one id 22611e2ce22Schris * 22711e2ce22Schris * @author Frank Schubert <frank@schokilade.de> 22811e2ce22Schris * @author Andreas Gohr <andi@splitbrain.org> 22911e2ce22Schris */ 23011e2ce22Schris function admin_acl_html_dropdown($id){ 23111e2ce22Schris global $lang; 23211e2ce22Schris $cur = $id; 23311e2ce22Schris $ret = ''; 23411e2ce22Schris $opt = array(); 23511e2ce22Schris 23611e2ce22Schris //prepare all options 23711e2ce22Schris 23811e2ce22Schris // current page 23911e2ce22Schris $opt[] = array('key'=> $id, 'val'=> $id.' ('.$lang['page'].')'); 24011e2ce22Schris 24111e2ce22Schris // additional namespaces 24211e2ce22Schris while(($id=getNS($id)) !== false){ 24311e2ce22Schris $opt[] = array('key'=> $id.':*', 'val'=> $id.':* ('.$lang['namespace'].')'); 24411e2ce22Schris } 24511e2ce22Schris 24611e2ce22Schris // the top namespace 24711e2ce22Schris $opt[] = array('key'=> '*', 'val'=> '* ('.$lang['namespace'].')'); 24811e2ce22Schris 24911e2ce22Schris // set sel on second entry (current namespace) 25011e2ce22Schris $opt[1]['sel'] = ' selected="selected"'; 25111e2ce22Schris 25211e2ce22Schris // flip options 25311e2ce22Schris $opt = array_reverse($opt); 25411e2ce22Schris 25511e2ce22Schris // create HTML 25611e2ce22Schris $att = array( 'name' => 'acl_scope', 25711e2ce22Schris 'class' => 'edit', 25811e2ce22Schris 'title' => $lang['page'].'/'.$lang['namespace']); 25911e2ce22Schris $ret .= '<select '.html_attbuild($att).'>'; 26011e2ce22Schris foreach($opt as $o){ 26111e2ce22Schris $ret .= '<option value="'.$o['key'].'"'.$o['sel'].'>'.$o['val'].'</option>'; 26211e2ce22Schris } 26311e2ce22Schris $ret .= '</select>'; 26411e2ce22Schris 26511e2ce22Schris return $ret; 26611e2ce22Schris } 26711e2ce22Schris 26811e2ce22Schris /** 26911e2ce22Schris * print tablerows with the current permissions for one id 27011e2ce22Schris * 27111e2ce22Schris * @author Frank Schubert <frank@schokilade.de> 27211e2ce22Schris * @author Andreas Gohr <andi@splitbrain.org> 27311e2ce22Schris */ 27411e2ce22Schris function admin_acl_html_new(){ 27511e2ce22Schris global $lang; 27611e2ce22Schris global $ID; 27711e2ce22Schris 27811e2ce22Schris // table headers 27911e2ce22Schris ptln('<tr>',2); 28011e2ce22Schris ptln(' <th class="leftalign" colspan="3">'.$lang['acl_new'].'</th>',2); 28111e2ce22Schris ptln('</tr>',2); 28211e2ce22Schris 28311e2ce22Schris ptln('<tr>',2); 28411e2ce22Schris 28511e2ce22Schris ptln('<td class="centeralign" colspan="3">',4); 28611e2ce22Schris 28711e2ce22Schris ptln(' <form method="post" action="'.wl($ID).'">',4); 28811e2ce22Schris ptln(' <input type="hidden" name="do" value="admin" />',4); 28911e2ce22Schris ptln(' <input type="hidden" name="page" value="acl" />',4); 29011e2ce22Schris ptln(' <input type="hidden" name="acl_cmd" value="save" />',4); 29111e2ce22Schris 29211e2ce22Schris //scope select 29311e2ce22Schris ptln($lang['acl_perms'],4); 29411e2ce22Schris ptln($this->admin_acl_html_dropdown($ID),4); 29511e2ce22Schris 29611e2ce22Schris $att = array( 'name' => 'acl_type', 29711e2ce22Schris 'class' => 'edit', 29811e2ce22Schris 'title' => $lang['acl_user'].'/'.$lang['acl_group']); 29911e2ce22Schris ptln(' <select '.html_attbuild($att).'>',4); 30011e2ce22Schris ptln(' <option value="@">'.$lang['acl_group'].'</option>',4); 30111e2ce22Schris ptln(' <option value="">'.$lang['acl_user'].'</option>',4); 30211e2ce22Schris ptln(' </select>',4); 30311e2ce22Schris 30411e2ce22Schris $att = array( 'name' => 'acl_user', 30511e2ce22Schris 'type' => 'text', 30611e2ce22Schris 'class' => 'edit', 30711e2ce22Schris 'title' => $lang['acl_user'].'/'.$lang['acl_group']); 30811e2ce22Schris ptln(' <input '.html_attbuild($att).' />',4); 30911e2ce22Schris ptln(' <br />'); 31011e2ce22Schris 31111e2ce22Schris ptln( $this->admin_acl_html_checkboxes(0,false),8); 31211e2ce22Schris 31311e2ce22Schris ptln(' <input type="submit" class="edit" value="'.$lang['btn_save'].'" />',4); 31411e2ce22Schris ptln(' </form>'); 315*bf5d40c2SAnika Henke ptln('</td>',4); 31611e2ce22Schris ptln('</tr>',2); 31711e2ce22Schris } 31811e2ce22Schris 31911e2ce22Schris /** 32011e2ce22Schris * print tablerows with the current permissions for one id 32111e2ce22Schris * 32211e2ce22Schris * @author Frank Schubert <frank@schokilade.de> 32311e2ce22Schris * @author Andreas Gohr <andi@splitbrain.org> 32411e2ce22Schris */ 32511e2ce22Schris function admin_acl_html_current($id,$permissions){ 32611e2ce22Schris global $lang; 32711e2ce22Schris global $ID; 32811e2ce22Schris 32911e2ce22Schris //is it a page? 33011e2ce22Schris if(substr($id,-1) == '*'){ 33111e2ce22Schris $ispage = false; 33211e2ce22Schris }else{ 33311e2ce22Schris $ispage = true; 33411e2ce22Schris } 33511e2ce22Schris 33611e2ce22Schris // table headers 33711e2ce22Schris ptln(' <tr>'); 33811e2ce22Schris ptln(' <th class="leftalign" colspan="3">'); 33911e2ce22Schris ptln($lang['acl_perms'],6); 34011e2ce22Schris if($ispage){ 34111e2ce22Schris ptln($lang['page'],6); 34211e2ce22Schris }else{ 34311e2ce22Schris ptln($lang['namespace'],6); 34411e2ce22Schris } 34511e2ce22Schris ptln('<em>'.$id.'</em>',6); 34611e2ce22Schris ptln(' </th>'); 34711e2ce22Schris ptln(' </tr>'); 34811e2ce22Schris 34911e2ce22Schris sort($permissions); 35011e2ce22Schris 35111e2ce22Schris foreach ($permissions as $conf){ 35211e2ce22Schris //userfriendly group/user display 35311e2ce22Schris if(substr($conf['name'],0,1)=="@"){ 35411e2ce22Schris $group = $lang['acl_group']; 35511e2ce22Schris $name = substr($conf['name'],1); 35611e2ce22Schris $type = '@'; 35711e2ce22Schris }else{ 35811e2ce22Schris $group = $lang['acl_user']; 35911e2ce22Schris $name = $conf['name']; 36011e2ce22Schris $type = ''; 36111e2ce22Schris } 36211e2ce22Schris 36311e2ce22Schris ptln('<tr>',2); 36411e2ce22Schris ptln('<td class="leftalign">'.$group.' '.$name.'</td>',4); 36511e2ce22Schris 36611e2ce22Schris // update form 36711e2ce22Schris ptln('<td class="centeralign">',4); 36811e2ce22Schris ptln(' <form method="post" action="'.wl($ID).'">',4); 36911e2ce22Schris ptln(' <input type="hidden" name="do" value="admin" />',4); 37011e2ce22Schris ptln(' <input type="hidden" name="page" value="acl" />',4); 37111e2ce22Schris ptln(' <input type="hidden" name="acl_cmd" value="save" />',4); 37211e2ce22Schris ptln(' <input type="hidden" name="acl_scope" value="'.formtext($id).'" />',4); 37311e2ce22Schris ptln(' <input type="hidden" name="acl_type" value="'.$type.'" />',4); 37411e2ce22Schris ptln(' <input type="hidden" name="acl_user" value="'.formtext($name).'" />',4); 37511e2ce22Schris ptln( $this->admin_acl_html_checkboxes($conf['perm'],$ispage),8); 37611e2ce22Schris ptln(' <input type="submit" class="edit" value="'.$lang['btn_update'].'" />',4); 37711e2ce22Schris ptln(' </form>'); 37811e2ce22Schris ptln('</td>',4); 37911e2ce22Schris 38011e2ce22Schris 38111e2ce22Schris // deletion form 38211e2ce22Schris 38311e2ce22Schris $ask = $lang['del_confirm'].'\\n'; 38411e2ce22Schris $ask .= $id.' '.$conf['name'].' '.$conf['perm']; 38511e2ce22Schris ptln('<td class="centeralign">',4); 38611e2ce22Schris ptln(' <form method="post" action="'.wl($ID).'" onsubmit="return confirm(\''.$ask.'\')">',4); 38711e2ce22Schris ptln(' <input type="hidden" name="do" value="admin" />',4); 38811e2ce22Schris ptln(' <input type="hidden" name="page" value="acl" />',4); 38911e2ce22Schris ptln(' <input type="hidden" name="acl_cmd" value="delete" />',4); 39011e2ce22Schris ptln(' <input type="hidden" name="acl_scope" value="'.formtext($id).'" />',4); 39111e2ce22Schris ptln(' <input type="hidden" name="acl_type" value="'.$type.'" />',4); 39211e2ce22Schris ptln(' <input type="hidden" name="acl_user" value="'.formtext($name).'" />',4); 39311e2ce22Schris ptln(' <input type="submit" class="edit" value="'.$lang['btn_delete'].'" />',4); 39411e2ce22Schris ptln(' </form>',4); 39511e2ce22Schris ptln('</td>',4); 39611e2ce22Schris 39711e2ce22Schris ptln('</tr>',2); 39811e2ce22Schris } 39911e2ce22Schris 40011e2ce22Schris } 40111e2ce22Schris 40211e2ce22Schris 40311e2ce22Schris /** 40411e2ce22Schris * print the permission checkboxes 40511e2ce22Schris * 40611e2ce22Schris * @author Frank Schubert <frank@schokilade.de> 40711e2ce22Schris * @author Andreas Gohr <andi@splitbrain.org> 40811e2ce22Schris */ 40911e2ce22Schris function admin_acl_html_checkboxes($setperm,$ispage){ 41011e2ce22Schris global $lang; 41111e2ce22Schris 41211e2ce22Schris static $label = 0; //number labels 41311e2ce22Schris $ret = ''; 41411e2ce22Schris 41511e2ce22Schris foreach(array(AUTH_READ,AUTH_EDIT,AUTH_CREATE,AUTH_UPLOAD,AUTH_DELETE) as $perm){ 41611e2ce22Schris $label += 1; 41711e2ce22Schris 41811e2ce22Schris //general checkbox attributes 41911e2ce22Schris $atts = array( 'type' => 'checkbox', 42011e2ce22Schris 'id' => 'pbox'.$label, 42111e2ce22Schris 'name' => 'acl_perm[]', 42211e2ce22Schris 'value' => $perm ); 42311e2ce22Schris //dynamic attributes 42411e2ce22Schris if($setperm >= $perm) $atts['checked'] = 'checked'; 42511e2ce22Schris # if($perm > AUTH_READ) $atts['onchange'] = #FIXME JS to autoadd lower perms 42611e2ce22Schris if($ispage && $perm > AUTH_EDIT) $atts['disabled'] = 'disabled'; 42711e2ce22Schris 42811e2ce22Schris //build code 42911e2ce22Schris $ret .= '<label for="pbox'.$label.'" title="'.$lang['acl_perm'.$perm].'">'; 43011e2ce22Schris $ret .= '<input '.html_attbuild($atts).' />'; 43111e2ce22Schris $ret .= $lang['acl_perm'.$perm]; 43211e2ce22Schris $ret .= "</label>\n"; 43311e2ce22Schris } 43411e2ce22Schris return $ret; 43511e2ce22Schris } 43611e2ce22Schris 43711e2ce22Schris}