111e2ce22Schris<?php 211e2ce22Schris/** 311e2ce22Schris * ACL administration functions 411e2ce22Schris * 511e2ce22Schris * @license GPL 2 (http://www.gnu.org/licenses/gpl.html) 62a3623daSAndreas Gohr * @author Andreas Gohr <andi@splitbrain.org> 72a3623daSAndreas Gohr * @author Anika Henke <a.c.henke@arcor.de> (concepts) 82a3623daSAndreas Gohr * @author Frank Schubert <frank@schokilade.de> (old version) 911e2ce22Schris */ 10e04f1f16Schris// must be run within Dokuwiki 11e04f1f16Schrisif(!defined('DOKU_INC')) die(); 12e04f1f16Schris 1311e2ce22Schrisif(!defined('DOKU_PLUGIN')) define('DOKU_PLUGIN',DOKU_INC.'lib/plugins/'); 1411e2ce22Schrisrequire_once(DOKU_PLUGIN.'admin.php'); 1511e2ce22Schris 1611e2ce22Schris/** 1711e2ce22Schris * All DokuWiki plugins to extend the admin function 1811e2ce22Schris * need to inherit from this class 1911e2ce22Schris */ 2011e2ce22Schrisclass admin_plugin_acl extends DokuWiki_Admin_Plugin { 212a3623daSAndreas Gohr var $acl = null; 222a3623daSAndreas Gohr var $ns = null; 232a3623daSAndreas Gohr var $who = ''; 242a3623daSAndreas Gohr var $usersgroups = array(); 251d3e0272SAndreas Gohr 261d3e0272SAndreas Gohr 2711e2ce22Schris /** 2811e2ce22Schris * return some info 2911e2ce22Schris */ 3011e2ce22Schris function getInfo(){ 3111e2ce22Schris return array( 322a3623daSAndreas Gohr 'author' => 'Andreas Gohr', 332a3623daSAndreas Gohr 'email' => 'andi@splitbrain.org', 34*deb28ffbSAndreas Gohr 'date' => '2008-03-15', 3511e2ce22Schris 'name' => 'ACL', 3611e2ce22Schris 'desc' => 'Manage Page Access Control Lists', 3711e2ce22Schris 'url' => 'http://wiki.splitbrain.org/wiki:acl', 3811e2ce22Schris ); 3911e2ce22Schris } 4011e2ce22Schris 4111e2ce22Schris /** 4211e2ce22Schris * return prompt for admin menu 4311e2ce22Schris */ 4411e2ce22Schris function getMenuText($language) { 452a3623daSAndreas Gohr return $this->getLang('admin_acl'); 4611e2ce22Schris } 4711e2ce22Schris 4811e2ce22Schris /** 4911e2ce22Schris * return sort order for position in admin menu 5011e2ce22Schris */ 5111e2ce22Schris function getMenuSort() { 5211e2ce22Schris return 1; 5311e2ce22Schris } 5411e2ce22Schris 5511e2ce22Schris /** 5611e2ce22Schris * handle user request 572a3623daSAndreas Gohr * 582a3623daSAndreas Gohr * Initializes internal vars and handles modifications 592a3623daSAndreas Gohr * 602a3623daSAndreas Gohr * @author Andreas Gohr <andi@splitbrain.org> 6111e2ce22Schris */ 6211e2ce22Schris function handle() { 6311e2ce22Schris global $AUTH_ACL; 642a3623daSAndreas Gohr global $ID; 6511e2ce22Schris 662a3623daSAndreas Gohr // namespace given? 672a3623daSAndreas Gohr if($_REQUEST['ns'] == '*'){ 682a3623daSAndreas Gohr $this->ns = '*'; 6911e2ce22Schris }else{ 702a3623daSAndreas Gohr $this->ns = cleanID($_REQUEST['ns']); 7111e2ce22Schris } 7211e2ce22Schris 732a3623daSAndreas Gohr // user or group choosen? 742a3623daSAndreas Gohr $who = trim($_REQUEST['acl_w']); 752a3623daSAndreas Gohr if($_REQUEST['acl_t'] == '__g__' && $who){ 762a3623daSAndreas Gohr $this->who = '@'.ltrim($who,'@'); 772a3623daSAndreas Gohr }elseif($_REQUEST['acl_t'] == '__u__' && $who){ 782a3623daSAndreas Gohr $this->who = ltrim($who,'@'); 792a3623daSAndreas Gohr }elseif($_REQUEST['acl_t'] && 802a3623daSAndreas Gohr $_REQUEST['acl_t'] != '__u__' && 812a3623daSAndreas Gohr $_REQUEST['acl_t'] != '__g__'){ 822a3623daSAndreas Gohr $this->who = $_REQUEST['acl_t']; 832a3623daSAndreas Gohr }elseif($who){ 842a3623daSAndreas Gohr $this->who = $who; 852a3623daSAndreas Gohr } 86634d7150SAndreas Gohr 872a3623daSAndreas Gohr // handle modifications 882a3623daSAndreas Gohr if(isset($_REQUEST['cmd'])){ 892a3623daSAndreas Gohr // scope for modifications 902a3623daSAndreas Gohr if($this->ns){ 912a3623daSAndreas Gohr if($this->ns == '*'){ 922a3623daSAndreas Gohr $scope = '*'; 932a3623daSAndreas Gohr }else{ 942a3623daSAndreas Gohr $scope = $this->ns.':*'; 952a3623daSAndreas Gohr } 962a3623daSAndreas Gohr }else{ 972a3623daSAndreas Gohr $scope = $ID; 982a3623daSAndreas Gohr } 9911e2ce22Schris 1002a3623daSAndreas Gohr if(isset($_REQUEST['cmd']['save']) && $scope && $this->who && isset($_REQUEST['acl'])){ 1012a3623daSAndreas Gohr // handle additions or single modifications 1022a3623daSAndreas Gohr $this->_acl_del($scope, $this->who); 1032a3623daSAndreas Gohr $this->_acl_add($scope, $this->who, (int) $_REQUEST['acl']); 1042a3623daSAndreas Gohr }elseif(isset($_REQUEST['cmd']['del']) && $scope && $this->who){ 1052a3623daSAndreas Gohr // handle single deletions 1062a3623daSAndreas Gohr $this->_acl_del($scope, $this->who); 1072a3623daSAndreas Gohr }elseif(isset($_REQUEST['cmd']['update'])){ 1082a3623daSAndreas Gohr // handle update of the whole file 1092a3623daSAndreas Gohr foreach((array) $_REQUEST['del'] as $where => $who){ 1102a3623daSAndreas Gohr // remove all rules marked for deletion 1112a3623daSAndreas Gohr unset($_REQUEST['acl'][$where][$who]); 1122a3623daSAndreas Gohr } 1132a3623daSAndreas Gohr // prepare lines 1142a3623daSAndreas Gohr $lines = array(); 1152a3623daSAndreas Gohr // keep header 1162a3623daSAndreas Gohr foreach($AUTH_ACL as $line){ 1172a3623daSAndreas Gohr if($line{0} == '#'){ 1182a3623daSAndreas Gohr $lines[] = $line; 1192a3623daSAndreas Gohr }else{ 1202a3623daSAndreas Gohr break; 1212a3623daSAndreas Gohr } 1222a3623daSAndreas Gohr } 1232a3623daSAndreas Gohr // re-add all rules 1242a3623daSAndreas Gohr foreach((array) $_REQUEST['acl'] as $where => $opt){ 1252a3623daSAndreas Gohr foreach($opt as $who => $perm){ 1262a3623daSAndreas Gohr $who = auth_nameencode($who,true); 1272a3623daSAndreas Gohr $lines[] = "$where\t$who\t$perm\n"; 1282a3623daSAndreas Gohr } 1292a3623daSAndreas Gohr } 1302a3623daSAndreas Gohr // save it 1312a3623daSAndreas Gohr io_saveFile(DOKU_CONF.'acl.auth.php', join('',$lines)); 13211e2ce22Schris } 13311e2ce22Schris 13411e2ce22Schris // reload ACL config 13511e2ce22Schris $AUTH_ACL = file(DOKU_CONF.'acl.auth.php'); 13611e2ce22Schris } 13711e2ce22Schris 1382a3623daSAndreas Gohr // initialize ACL array 1392a3623daSAndreas Gohr $this->_init_acl_config(); 1402a3623daSAndreas Gohr } 1412a3623daSAndreas Gohr 14211e2ce22Schris /** 14311e2ce22Schris * ACL Output function 14411e2ce22Schris * 14511e2ce22Schris * print a table with all significant permissions for the 14611e2ce22Schris * current id 14711e2ce22Schris * 14811e2ce22Schris * @author Frank Schubert <frank@schokilade.de> 14911e2ce22Schris * @author Andreas Gohr <andi@splitbrain.org> 15011e2ce22Schris */ 15111e2ce22Schris function html() { 15211e2ce22Schris global $ID; 15311e2ce22Schris 1542a3623daSAndreas Gohr echo '<div id="acl_manager">'.NL; 1552a3623daSAndreas Gohr echo '<h1>'.$this->getLang('admin_acl').'</h1>'.NL; 1562a3623daSAndreas Gohr echo '<div class="level1">'.NL; 15711e2ce22Schris 1582a3623daSAndreas Gohr echo '<div id="acl__tree">'.NL; 1592a3623daSAndreas Gohr $this->_html_explorer($_REQUEST['ns']); 1602a3623daSAndreas Gohr echo '</div>'.NL; 16111e2ce22Schris 1622a3623daSAndreas Gohr echo '<div id="acl__detail">'.NL; 1632a3623daSAndreas Gohr $this->_html_detail(); 1642a3623daSAndreas Gohr echo '</div>'.NL; 1652a3623daSAndreas Gohr echo '</div>'.NL; 16611e2ce22Schris 1672a3623daSAndreas Gohr echo '<div class="clearer"></div>'; 1682a3623daSAndreas Gohr echo '<h2>'.$this->getLang('current').'</h2>'.NL; 1692a3623daSAndreas Gohr echo '<div class="level2">'.NL; 1702a3623daSAndreas Gohr $this->_html_table(); 1712a3623daSAndreas Gohr echo '</div>'.NL; 1722a3623daSAndreas Gohr 1732a3623daSAndreas Gohr echo '</div>'.NL; 17411e2ce22Schris } 17511e2ce22Schris 1762a3623daSAndreas Gohr /** 1772a3623daSAndreas Gohr * returns array with set options for building links 1782a3623daSAndreas Gohr * 1792a3623daSAndreas Gohr * @author Andreas Gohr <andi@splitbrain.org> 1802a3623daSAndreas Gohr */ 1812a3623daSAndreas Gohr function _get_opts($addopts=null){ 1822a3623daSAndreas Gohr global $ID; 1832a3623daSAndreas Gohr $opts = array( 1842a3623daSAndreas Gohr 'do'=>'admin', 1852a3623daSAndreas Gohr 'page'=>'acl', 1862a3623daSAndreas Gohr ); 1872a3623daSAndreas Gohr if($this->ns) $opts['ns'] = $this->ns; 1882a3623daSAndreas Gohr if($this->who) $opts['acl_w'] = $this->who; 1892a3623daSAndreas Gohr 1902a3623daSAndreas Gohr if(is_null($addopts)) return $opts; 1912a3623daSAndreas Gohr return array_merge($opts, $addopts); 1922a3623daSAndreas Gohr } 1932a3623daSAndreas Gohr 1942a3623daSAndreas Gohr /** 1952a3623daSAndreas Gohr * Display a tree menu to select a page or namespace 1962a3623daSAndreas Gohr * 1972a3623daSAndreas Gohr * @author Andreas Gohr <andi@splitbrain.org> 1982a3623daSAndreas Gohr */ 1992a3623daSAndreas Gohr function _html_explorer(){ 2002a3623daSAndreas Gohr require_once(DOKU_INC.'inc/search.php'); 2012a3623daSAndreas Gohr global $conf; 2022a3623daSAndreas Gohr global $ID; 2032a3623daSAndreas Gohr global $lang; 2042a3623daSAndreas Gohr 2052a3623daSAndreas Gohr $dir = $conf['datadir']; 2062a3623daSAndreas Gohr $ns = $this->ns; 2072a3623daSAndreas Gohr if(empty($ns)){ 2082a3623daSAndreas Gohr $ns = dirname(str_replace(':','/',$ID)); 2092a3623daSAndreas Gohr if($ns == '.') $ns =''; 2102a3623daSAndreas Gohr }elseif($ns == '*'){ 2112a3623daSAndreas Gohr $ns =''; 2122a3623daSAndreas Gohr } 2132a3623daSAndreas Gohr $ns = utf8_encodeFN(str_replace(':','/',$ns)); 2142a3623daSAndreas Gohr 2152a3623daSAndreas Gohr 2162a3623daSAndreas Gohr $data = array(); 2172a3623daSAndreas Gohr search($data,$conf['datadir'],'search_index',array('ns' => $ns)); 2182a3623daSAndreas Gohr 2192a3623daSAndreas Gohr 2202a3623daSAndreas Gohr // wrap a list with the root level around the other namespaces 2212a3623daSAndreas Gohr $item = array( 'level' => 0, 'id' => '*', 'type' => 'd', 2222a3623daSAndreas Gohr 'open' =>'true', 'label' => '['.$lang['mediaroot'].']'); 2232a3623daSAndreas Gohr 2242a3623daSAndreas Gohr echo '<ul class="acltree">'; 2252a3623daSAndreas Gohr echo $this->_html_li_acl($item); 2262a3623daSAndreas Gohr echo '<div class="li">'; 2272a3623daSAndreas Gohr echo $this->_html_list_acl($item); 2282a3623daSAndreas Gohr echo '</div>'; 2292a3623daSAndreas Gohr echo html_buildlist($data,'acl', 2302a3623daSAndreas Gohr array($this,'_html_list_acl'), 2312a3623daSAndreas Gohr array($this,'_html_li_acl')); 2322a3623daSAndreas Gohr echo '</li>'; 2332a3623daSAndreas Gohr echo '</ul>'; 2342a3623daSAndreas Gohr 2352a3623daSAndreas Gohr } 2362a3623daSAndreas Gohr 2372a3623daSAndreas Gohr /** 2382a3623daSAndreas Gohr * Display the current ACL for selected where/who combination with 2392a3623daSAndreas Gohr * selectors and modification form 2402a3623daSAndreas Gohr * 2412a3623daSAndreas Gohr * @author Andreas Gohr <andi@splitbrain.org> 2422a3623daSAndreas Gohr */ 2432a3623daSAndreas Gohr function _html_detail(){ 2442a3623daSAndreas Gohr global $conf; 2452a3623daSAndreas Gohr global $ID; 2462a3623daSAndreas Gohr 2472404d0edSAnika Henke echo '<form action="'.wl().'" method="post" accept-charset="utf-8"><div class="no">'.NL; 2482a3623daSAndreas Gohr 2492a3623daSAndreas Gohr echo '<div id="acl__user">'; 2502a3623daSAndreas Gohr echo $this->getLang('acl_perms').' '; 2512a3623daSAndreas Gohr $inl = $this->_html_select(); 2522a3623daSAndreas Gohr echo '<input type="text" name="acl_w" class="edit" value="'.(($inl)?'':hsc(ltrim($this->who,'@'))).'" />'.NL; 2532a3623daSAndreas Gohr echo '<input type="submit" value="Select" class="button" />'.NL; 2542a3623daSAndreas Gohr echo '</div>'.NL; 2552a3623daSAndreas Gohr 2562a3623daSAndreas Gohr echo '<div id="acl__info">'; 2572a3623daSAndreas Gohr $this->_html_info(); 2582a3623daSAndreas Gohr echo '</div>'; 2592a3623daSAndreas Gohr 2602a3623daSAndreas Gohr echo '<input type="hidden" name="ns" value="'.hsc($this->ns).'" />'.NL; 2612a3623daSAndreas Gohr echo '<input type="hidden" name="id" value="'.hsc($ID).'" />'.NL; 2622a3623daSAndreas Gohr echo '<input type="hidden" name="do" value="admin" />'.NL; 2632a3623daSAndreas Gohr echo '<input type="hidden" name="page" value="acl" />'.NL; 2642404d0edSAnika Henke echo '</div></form>'.NL; 2652a3623daSAndreas Gohr } 2662a3623daSAndreas Gohr 2672a3623daSAndreas Gohr /** 2682a3623daSAndreas Gohr * Print infos and editor 2692a3623daSAndreas Gohr */ 2702a3623daSAndreas Gohr function _html_info(){ 2712a3623daSAndreas Gohr global $ID; 2722a3623daSAndreas Gohr 2732a3623daSAndreas Gohr if($this->who){ 2742a3623daSAndreas Gohr $current = $this->_get_exact_perm(); 2752a3623daSAndreas Gohr 2762a3623daSAndreas Gohr // explain current permissions 2772a3623daSAndreas Gohr $this->_html_explain($current); 2782a3623daSAndreas Gohr // load editor 2792a3623daSAndreas Gohr $this->_html_acleditor($current); 2802a3623daSAndreas Gohr }else{ 2812a3623daSAndreas Gohr echo '<p>'; 2822a3623daSAndreas Gohr if($this->ns){ 2832a3623daSAndreas Gohr printf($this->getLang('p_choose_ns'),hsc($this->ns)); 2842a3623daSAndreas Gohr }else{ 2852a3623daSAndreas Gohr printf($this->getLang('p_choose_id'),hsc($ID)); 2862a3623daSAndreas Gohr } 2872a3623daSAndreas Gohr echo '</p>'; 2882a3623daSAndreas Gohr 2892a3623daSAndreas Gohr echo $this->locale_xhtml('help'); 2902a3623daSAndreas Gohr } 2912a3623daSAndreas Gohr } 2922a3623daSAndreas Gohr 2932a3623daSAndreas Gohr /** 2942a3623daSAndreas Gohr * Display the ACL editor 2952a3623daSAndreas Gohr * 2962a3623daSAndreas Gohr * @author Andreas Gohr <andi@splitbrain.org> 2972a3623daSAndreas Gohr */ 2982a3623daSAndreas Gohr function _html_acleditor($current){ 2992a3623daSAndreas Gohr global $lang; 3002a3623daSAndreas Gohr 3012a3623daSAndreas Gohr echo '<fieldset>'; 3022a3623daSAndreas Gohr if(is_null($current)){ 3032a3623daSAndreas Gohr echo '<legend>'.$this->getLang('acl_new').'</legend>'; 3042a3623daSAndreas Gohr }else{ 3052a3623daSAndreas Gohr echo '<legend>'.$this->getLang('acl_mod').'</legend>'; 3062a3623daSAndreas Gohr } 3072a3623daSAndreas Gohr 3082a3623daSAndreas Gohr 3092a3623daSAndreas Gohr echo $this->_html_checkboxes($current,empty($this->ns),'acl'); 3102a3623daSAndreas Gohr 3112a3623daSAndreas Gohr if(is_null($current)){ 3122a3623daSAndreas Gohr echo '<input type="submit" name="cmd[save]" class="button" value="'.$lang['btn_save'].'" />'.NL; 3132a3623daSAndreas Gohr }else{ 3142a3623daSAndreas Gohr echo '<input type="submit" name="cmd[save]" class="button" value="'.$lang['btn_update'].'" />'.NL; 3152a3623daSAndreas Gohr echo '<input type="submit" name="cmd[del]" class="button" value="'.$lang['btn_delete'].'" />'.NL; 3162a3623daSAndreas Gohr } 3172a3623daSAndreas Gohr 3182a3623daSAndreas Gohr echo '</fieldset>'; 3192a3623daSAndreas Gohr } 3202a3623daSAndreas Gohr 3212a3623daSAndreas Gohr /** 3222a3623daSAndreas Gohr * Explain the currently set permissions in plain english/$lang 3232a3623daSAndreas Gohr * 3242a3623daSAndreas Gohr * @author Andreas Gohr <andi@splitbrain.org> 3252a3623daSAndreas Gohr */ 3262a3623daSAndreas Gohr function _html_explain($current){ 3272a3623daSAndreas Gohr global $ID; 3282a3623daSAndreas Gohr global $auth; 3292a3623daSAndreas Gohr 3302a3623daSAndreas Gohr $who = $this->who; 3312a3623daSAndreas Gohr $ns = $this->ns; 3322a3623daSAndreas Gohr 3332a3623daSAndreas Gohr // prepare where to check 3342a3623daSAndreas Gohr if($ns){ 3352a3623daSAndreas Gohr if($ns == '*'){ 3362a3623daSAndreas Gohr $check='*'; 3372a3623daSAndreas Gohr }else{ 3382a3623daSAndreas Gohr $check=$ns.':*'; 3392a3623daSAndreas Gohr } 3402a3623daSAndreas Gohr }else{ 3412a3623daSAndreas Gohr $check = $ID; 3422a3623daSAndreas Gohr } 3432a3623daSAndreas Gohr 3442a3623daSAndreas Gohr // prepare who to check 3452a3623daSAndreas Gohr if($who{0} == '@'){ 3462a3623daSAndreas Gohr $user = ''; 3472a3623daSAndreas Gohr $groups = array(ltrim($who,'@')); 3482a3623daSAndreas Gohr }else{ 3492a3623daSAndreas Gohr $user = auth_nameencode($who); 3502a3623daSAndreas Gohr $info = $auth->getUserData($user); 351c1791678SAndreas Gohr if($info === false){ 352c1791678SAndreas Gohr $groups = array(); 353c1791678SAndreas Gohr }else{ 3542a3623daSAndreas Gohr $groups = $info['groups']; 3552a3623daSAndreas Gohr } 356c1791678SAndreas Gohr } 3572a3623daSAndreas Gohr 3582a3623daSAndreas Gohr // check the permissions 3592a3623daSAndreas Gohr $perm = auth_aclcheck($check,$user,$groups); 3602a3623daSAndreas Gohr 3612a3623daSAndreas Gohr // build array of named permissions 3622a3623daSAndreas Gohr $names = array(); 3632a3623daSAndreas Gohr if($perm){ 3642a3623daSAndreas Gohr if($ns){ 3652a3623daSAndreas Gohr if($perm >= AUTH_DELETE) $names[] = $this->getLang('acl_perm16'); 3662a3623daSAndreas Gohr if($perm >= AUTH_UPLOAD) $names[] = $this->getLang('acl_perm8'); 3672a3623daSAndreas Gohr if($perm >= AUTH_CREATE) $names[] = $this->getLang('acl_perm4'); 3682a3623daSAndreas Gohr } 3692a3623daSAndreas Gohr if($perm >= AUTH_EDIT) $names[] = $this->getLang('acl_perm2'); 3702a3623daSAndreas Gohr if($perm >= AUTH_READ) $names[] = $this->getLang('acl_perm1'); 3712a3623daSAndreas Gohr $names = array_reverse($names); 3722a3623daSAndreas Gohr }else{ 3732a3623daSAndreas Gohr $names[] = $this->getLang('acl_perm0'); 3742a3623daSAndreas Gohr } 3752a3623daSAndreas Gohr 3762a3623daSAndreas Gohr // print permission explanation 3772a3623daSAndreas Gohr echo '<p>'; 3782a3623daSAndreas Gohr if($user){ 3792a3623daSAndreas Gohr if($ns){ 3802a3623daSAndreas Gohr printf($this->getLang('p_user_ns'),hsc($who),hsc($ns),join(', ',$names)); 3812a3623daSAndreas Gohr }else{ 3822a3623daSAndreas Gohr printf($this->getLang('p_user_id'),hsc($who),hsc($ID),join(', ',$names)); 3832a3623daSAndreas Gohr } 3842a3623daSAndreas Gohr }else{ 3852a3623daSAndreas Gohr if($ns){ 3862a3623daSAndreas Gohr printf($this->getLang('p_group_ns'),hsc(ltrim($who,'@')),hsc($ns),join(', ',$names)); 3872a3623daSAndreas Gohr }else{ 3882a3623daSAndreas Gohr printf($this->getLang('p_group_id'),hsc(ltrim($who,'@')),hsc($ID),join(', ',$names)); 3892a3623daSAndreas Gohr } 3902a3623daSAndreas Gohr } 3912a3623daSAndreas Gohr echo '</p>'; 3922a3623daSAndreas Gohr 3932a3623daSAndreas Gohr // add note if admin 3942a3623daSAndreas Gohr if($perm == AUTH_ADMIN){ 3952a3623daSAndreas Gohr echo '<p>'.$this->getLang('p_isadmin').'</p>'; 3962a3623daSAndreas Gohr }elseif(is_null($current)){ 3972a3623daSAndreas Gohr echo '<p>'.$this->getLang('p_inherited').'</p>'; 3982a3623daSAndreas Gohr } 39911e2ce22Schris } 40011e2ce22Schris 40111e2ce22Schris 40211e2ce22Schris /** 4032a3623daSAndreas Gohr * Item formatter for the tree view 40411e2ce22Schris * 4052a3623daSAndreas Gohr * User function for html_buildlist() 40611e2ce22Schris * 4072a3623daSAndreas Gohr * @author Andreas Gohr <andi@splitbrain.org> 40811e2ce22Schris */ 4092a3623daSAndreas Gohr function _html_list_acl($item){ 4102a3623daSAndreas Gohr global $ID; 4112a3623daSAndreas Gohr $ret = ''; 4122a3623daSAndreas Gohr // what to display 4132a3623daSAndreas Gohr if($item['label']){ 4142a3623daSAndreas Gohr $base = $item['label']; 4152a3623daSAndreas Gohr }else{ 4162a3623daSAndreas Gohr $base = ':'.$item['id']; 4172a3623daSAndreas Gohr $base = substr($base,strrpos($base,':')+1); 4182a3623daSAndreas Gohr } 4192a3623daSAndreas Gohr 4202a3623daSAndreas Gohr // highlight? 4212a3623daSAndreas Gohr if(($item['type']=='d' && 4222a3623daSAndreas Gohr $item['id'] == $this->ns) || 4232a3623daSAndreas Gohr $item['id'] == $ID) $cl = ' cur'; 4242a3623daSAndreas Gohr 4252a3623daSAndreas Gohr // namespace or page? 4262a3623daSAndreas Gohr if($item['type']=='d'){ 4272a3623daSAndreas Gohr if($item['open']){ 4282a3623daSAndreas Gohr $img = DOKU_BASE.'lib/images/minus.gif'; 4292a3623daSAndreas Gohr $alt = '−'; 4302a3623daSAndreas Gohr }else{ 4312a3623daSAndreas Gohr $img = DOKU_BASE.'lib/images/plus.gif'; 4322a3623daSAndreas Gohr $alt = '+'; 4332a3623daSAndreas Gohr } 4342a3623daSAndreas Gohr $ret .= '<img src="'.$img.'" alt="'.$alt.'" />'; 4352a3623daSAndreas Gohr $ret .= '<a href="'.wl('',$this->_get_opts(array('ns'=>$item['id']))).'" class="idx_dir'.$cl.'">'; 4362a3623daSAndreas Gohr $ret .= $base; 4372a3623daSAndreas Gohr $ret .= '</a>'; 4382a3623daSAndreas Gohr }else{ 4392a3623daSAndreas Gohr $ret .= '<a href="'.wl('',$this->_get_opts(array('id'=>$item['id'],'ns'=>''))).'" class="wikilink1'.$cl.'">'; 4402a3623daSAndreas Gohr $ret .= noNS($item['id']); 4412a3623daSAndreas Gohr $ret .= '</a>'; 4422a3623daSAndreas Gohr } 4432a3623daSAndreas Gohr return $ret; 4442a3623daSAndreas Gohr } 4452a3623daSAndreas Gohr 4462a3623daSAndreas Gohr 4472a3623daSAndreas Gohr function _html_li_acl($item){ 4482a3623daSAndreas Gohr return '<li class="level'.$item['level'].'">'; 4492a3623daSAndreas Gohr } 4502a3623daSAndreas Gohr 4512a3623daSAndreas Gohr 4522a3623daSAndreas Gohr /** 4532a3623daSAndreas Gohr * Get current ACL settings as multidim array 4542a3623daSAndreas Gohr * 4552a3623daSAndreas Gohr * @author Andreas Gohr <andi@splitbrain.org> 4562a3623daSAndreas Gohr */ 4572a3623daSAndreas Gohr function _init_acl_config(){ 45811e2ce22Schris global $AUTH_ACL; 4592a3623daSAndreas Gohr global $conf; 46011e2ce22Schris $acl_config=array(); 4612a3623daSAndreas Gohr $usersgroups = array(); 46211e2ce22Schris 4632a3623daSAndreas Gohr foreach($AUTH_ACL as $line){ 4642a3623daSAndreas Gohr $line = trim(preg_replace('/#.*$/','',$line)); //ignore comments 4652a3623daSAndreas Gohr if(!$line) continue; 4662a3623daSAndreas Gohr 4672a3623daSAndreas Gohr $acl = preg_split('/\s+/',$line); 46811e2ce22Schris //0 is pagename, 1 is user, 2 is acl 4692a3623daSAndreas Gohr 4702a3623daSAndreas Gohr $acl[1] = rawurldecode($acl[1]); 4712a3623daSAndreas Gohr $acl_config[$acl[0]][$acl[1]] = $acl[2]; 4722a3623daSAndreas Gohr 4732a3623daSAndreas Gohr // store non-special users and groups for later selection dialog 4742a3623daSAndreas Gohr $ug = $acl[1]; 4752a3623daSAndreas Gohr if($ug == '@ALL') continue; 4762a3623daSAndreas Gohr if($ug == $conf['superuser']) continue; 4772a3623daSAndreas Gohr if($ug == $conf['manager']) continue; 4782a3623daSAndreas Gohr $usersgroups[] = $ug; 4792a3623daSAndreas Gohr } 4802a3623daSAndreas Gohr 4812a3623daSAndreas Gohr $usersgroups = array_unique($usersgroups); 4822a3623daSAndreas Gohr sort($usersgroups); 4832a3623daSAndreas Gohr uksort($acl_config,array($this,'_sort_names')); 4842a3623daSAndreas Gohr 4852a3623daSAndreas Gohr $this->acl = $acl_config; 4862a3623daSAndreas Gohr $this->usersgroups = $usersgroups; 4872a3623daSAndreas Gohr } 4882a3623daSAndreas Gohr 4892a3623daSAndreas Gohr /** 4902a3623daSAndreas Gohr * Custom function to sort the ACLs by namespace names 4912a3623daSAndreas Gohr * 4922a3623daSAndreas Gohr * @todo This maybe could be improved to resemble the real tree structure? 4932a3623daSAndreas Gohr */ 4942a3623daSAndreas Gohr function _sort_names($a,$b){ 4952a3623daSAndreas Gohr $ca = substr_count($a,':'); 4962a3623daSAndreas Gohr $cb = substr_count($b,':'); 4972a3623daSAndreas Gohr if($ca < $cb){ 4982a3623daSAndreas Gohr return -1; 4992a3623daSAndreas Gohr }elseif($ca > $cb){ 5002a3623daSAndreas Gohr return 1; 5012a3623daSAndreas Gohr }else{ 5022a3623daSAndreas Gohr return strcmp($a,$b); 50311e2ce22Schris } 50411e2ce22Schris } 50511e2ce22Schris 5062a3623daSAndreas Gohr /** 5072a3623daSAndreas Gohr * Display all currently set permissions in a table 5082a3623daSAndreas Gohr * 5092a3623daSAndreas Gohr * @author Andreas Gohr <andi@splitbrain.org> 5102a3623daSAndreas Gohr */ 5112a3623daSAndreas Gohr function _html_table(){ 5122a3623daSAndreas Gohr global $lang; 5132a3623daSAndreas Gohr global $ID; 5142a3623daSAndreas Gohr 5152404d0edSAnika Henke echo '<form action="'.wl().'" method="post" accept-charset="utf-8"><div class="no">'.NL; 5162a3623daSAndreas Gohr if($this->ns){ 5172a3623daSAndreas Gohr echo '<input type="hidden" name="ns" value="'.hsc($this->ns).'" />'.NL; 5182a3623daSAndreas Gohr }else{ 5192a3623daSAndreas Gohr echo '<input type="hidden" name="id" value="'.hsc($ID).'" />'.NL; 52011e2ce22Schris } 5212a3623daSAndreas Gohr echo '<input type="hidden" name="acl_w" value="'.hsc($this->who).'" />'.NL; 5222a3623daSAndreas Gohr echo '<input type="hidden" name="do" value="admin" />'.NL; 5232a3623daSAndreas Gohr echo '<input type="hidden" name="page" value="acl" />'.NL; 5242a3623daSAndreas Gohr echo '<table class="inline">'; 5252a3623daSAndreas Gohr echo '<tr>'; 5262a3623daSAndreas Gohr echo '<th>'.$this->getLang('where').'</th>'; 5272a3623daSAndreas Gohr echo '<th>'.$this->getLang('who').'</th>'; 5282a3623daSAndreas Gohr echo '<th>'.$this->getLang('perm').'</th>'; 5292a3623daSAndreas Gohr echo '<th>'.$lang['btn_delete'].'</th>'; 5302a3623daSAndreas Gohr echo '</tr>'; 5312a3623daSAndreas Gohr foreach($this->acl as $where => $set){ 5322a3623daSAndreas Gohr foreach($set as $who => $perm){ 5332a3623daSAndreas Gohr echo '<tr>'; 5342a3623daSAndreas Gohr echo '<td>'; 5352a3623daSAndreas Gohr if(substr($where,-1) == '*'){ 5362a3623daSAndreas Gohr echo '<span class="aclns">'.hsc($where).'</span>'; 5372a3623daSAndreas Gohr $ispage = false; 5382a3623daSAndreas Gohr }else{ 5392a3623daSAndreas Gohr echo '<span class="aclpage">'.hsc($where).'</span>'; 5402a3623daSAndreas Gohr $ispage = true; 5412a3623daSAndreas Gohr } 5422a3623daSAndreas Gohr echo '</td>'; 5432a3623daSAndreas Gohr 5442a3623daSAndreas Gohr echo '<td>'; 5452a3623daSAndreas Gohr if($who{0} == '@'){ 5462a3623daSAndreas Gohr echo '<span class="aclgroup">'.hsc($who).'</span>'; 5472a3623daSAndreas Gohr }else{ 5482a3623daSAndreas Gohr echo '<span class="acluser">'.hsc($who).'</span>'; 5492a3623daSAndreas Gohr } 5502a3623daSAndreas Gohr echo '</td>'; 5512a3623daSAndreas Gohr 5522a3623daSAndreas Gohr echo '<td>'; 5532a3623daSAndreas Gohr echo $this->_html_checkboxes($perm,$ispage,'acl['.hsc($where).']['.hsc($who).']'); 5542a3623daSAndreas Gohr echo '</td>'; 5552a3623daSAndreas Gohr 5562a3623daSAndreas Gohr echo '<td align="center">'; 557*deb28ffbSAndreas Gohr echo '<input type="checkbox" name="del['.hsc($where).']" value="'.hsc($who).'" />'; 5582a3623daSAndreas Gohr echo '</td>'; 5592a3623daSAndreas Gohr echo '</tr>'; 56011e2ce22Schris } 56111e2ce22Schris } 56211e2ce22Schris 5632a3623daSAndreas Gohr echo '<tr>'; 5642a3623daSAndreas Gohr echo '<th align="right" colspan="4">'; 5652a3623daSAndreas Gohr echo '<input type="submit" value="'.$lang['btn_update'].'" name="cmd[update]" class="button" />'; 5662a3623daSAndreas Gohr echo '</th>'; 5672a3623daSAndreas Gohr echo '</tr>'; 5682a3623daSAndreas Gohr echo '</table>'; 5692404d0edSAnika Henke echo '</div></form>'.NL; 57011e2ce22Schris } 57111e2ce22Schris 57211e2ce22Schris 5732a3623daSAndreas Gohr /** 5742a3623daSAndreas Gohr * Returns the permission which were set for exactly the given user/group 5752a3623daSAndreas Gohr * and page/namespace. Returns null if no exact match is available 5762a3623daSAndreas Gohr * 5772a3623daSAndreas Gohr * @author Andreas Gohr <andi@splitbrain.org> 5782a3623daSAndreas Gohr */ 5792a3623daSAndreas Gohr function _get_exact_perm(){ 5802a3623daSAndreas Gohr global $ID; 5812a3623daSAndreas Gohr if($this->ns){ 5822a3623daSAndreas Gohr if($this->ns == '*'){ 5832a3623daSAndreas Gohr $check = '*'; 5842a3623daSAndreas Gohr }else{ 5852a3623daSAndreas Gohr $check = $this->ns.':*'; 5862a3623daSAndreas Gohr } 5872a3623daSAndreas Gohr }else{ 5882a3623daSAndreas Gohr $check = $ID; 58911e2ce22Schris } 59011e2ce22Schris 5912a3623daSAndreas Gohr if(isset($this->acl[$check][auth_nameencode($this->who,true)])){ 5922a3623daSAndreas Gohr return $this->acl[$check][auth_nameencode($this->who,true)]; 5932a3623daSAndreas Gohr }else{ 5942a3623daSAndreas Gohr return null; 5952a3623daSAndreas Gohr } 5962a3623daSAndreas Gohr } 59711e2ce22Schris 59811e2ce22Schris /** 59911e2ce22Schris * adds new acl-entry to conf/acl.auth.php 60011e2ce22Schris * 60111e2ce22Schris * @author Frank Schubert <frank@schokilade.de> 60211e2ce22Schris */ 6032a3623daSAndreas Gohr function _acl_add($acl_scope, $acl_user, $acl_level){ 6042a3623daSAndreas Gohr $acl_config = file_get_contents(DOKU_CONF.'acl.auth.php'); 6052a3623daSAndreas Gohr $acl_user = auth_nameencode($acl_user,true); 60611e2ce22Schris 60711e2ce22Schris // max level for pagenames is edit 60811e2ce22Schris if(strpos($acl_scope,'*') === false) { 60911e2ce22Schris if($acl_level > AUTH_EDIT) $acl_level = AUTH_EDIT; 61011e2ce22Schris } 61111e2ce22Schris 6122a3623daSAndreas Gohr 61311e2ce22Schris $new_acl = "$acl_scope\t$acl_user\t$acl_level\n"; 61411e2ce22Schris 61511e2ce22Schris $new_config = $acl_config.$new_acl; 61611e2ce22Schris 61711e2ce22Schris return io_saveFile(DOKU_CONF.'acl.auth.php', $new_config); 61811e2ce22Schris } 61911e2ce22Schris 62011e2ce22Schris /** 62111e2ce22Schris * remove acl-entry from conf/acl.auth.php 62211e2ce22Schris * 62311e2ce22Schris * @author Frank Schubert <frank@schokilade.de> 62411e2ce22Schris */ 6252a3623daSAndreas Gohr function _acl_del($acl_scope, $acl_user){ 62611e2ce22Schris $acl_config = file(DOKU_CONF.'acl.auth.php'); 6272a3623daSAndreas Gohr $acl_user = auth_nameencode($acl_user,true); 62811e2ce22Schris 62911e2ce22Schris $acl_pattern = '^'.preg_quote($acl_scope,'/').'\s+'.$acl_user.'\s+[0-8].*$'; 63011e2ce22Schris 6312a3623daSAndreas Gohr // save all non!-matching 63211e2ce22Schris $new_config = preg_grep("/$acl_pattern/", $acl_config, PREG_GREP_INVERT); 63311e2ce22Schris 63411e2ce22Schris return io_saveFile(DOKU_CONF.'acl.auth.php', join('',$new_config)); 63511e2ce22Schris } 63611e2ce22Schris 63711e2ce22Schris /** 6382a3623daSAndreas Gohr * print the permission radio boxes 63911e2ce22Schris * 64011e2ce22Schris * @author Frank Schubert <frank@schokilade.de> 64111e2ce22Schris * @author Andreas Gohr <andi@splitbrain.org> 64211e2ce22Schris */ 6432a3623daSAndreas Gohr function _html_checkboxes($setperm,$ispage,$name){ 64411e2ce22Schris global $lang; 64511e2ce22Schris 64611e2ce22Schris static $label = 0; //number labels 64711e2ce22Schris $ret = ''; 64811e2ce22Schris 6492a3623daSAndreas Gohr if($ispage && $setperm > AUTH_EDIT) $perm = AUTH_EDIT; 6502a3623daSAndreas Gohr 6512a3623daSAndreas Gohr foreach(array(AUTH_NONE,AUTH_READ,AUTH_EDIT,AUTH_CREATE,AUTH_UPLOAD,AUTH_DELETE) as $perm){ 65211e2ce22Schris $label += 1; 65311e2ce22Schris 65411e2ce22Schris //general checkbox attributes 6552a3623daSAndreas Gohr $atts = array( 'type' => 'radio', 65611e2ce22Schris 'id' => 'pbox'.$label, 6572a3623daSAndreas Gohr 'name' => $name, 65811e2ce22Schris 'value' => $perm ); 65911e2ce22Schris //dynamic attributes 6602a3623daSAndreas Gohr if(!is_null($setperm) && $setperm == $perm) $atts['checked'] = 'checked'; 6612a3623daSAndreas Gohr if($ispage && $perm > AUTH_EDIT){ 6622a3623daSAndreas Gohr $atts['disabled'] = 'disabled'; 6632a3623daSAndreas Gohr $class = ' class="disabled"'; 6642a3623daSAndreas Gohr }else{ 6652a3623daSAndreas Gohr $class = ''; 6662a3623daSAndreas Gohr } 66711e2ce22Schris 66811e2ce22Schris //build code 6692a3623daSAndreas Gohr $ret .= '<label for="pbox'.$label.'" title="'.$this->getLang('acl_perm'.$perm).'"'.$class.'>'; 6702a3623daSAndreas Gohr $ret .= '<input '.html_attbuild($atts).' /> '; 6712a3623daSAndreas Gohr $ret .= $this->getLang('acl_perm'.$perm); 6722a3623daSAndreas Gohr $ret .= '</label>'.NL; 67311e2ce22Schris } 67411e2ce22Schris return $ret; 67511e2ce22Schris } 67611e2ce22Schris 6772a3623daSAndreas Gohr /** 6782a3623daSAndreas Gohr * Print a user/group selector (reusing already used users and groups) 6792a3623daSAndreas Gohr * 6802a3623daSAndreas Gohr * @author Andreas Gohr <andi@splitbrain.org> 6812a3623daSAndreas Gohr */ 6822a3623daSAndreas Gohr function _html_select(){ 6832a3623daSAndreas Gohr global $conf; 6842a3623daSAndreas Gohr $inlist = false; 6852a3623daSAndreas Gohr 6862a3623daSAndreas Gohr $specials = array('@ALL','@'.$conf['defaultgroup']); 6872a3623daSAndreas Gohr if($conf['manager'] && $conf['manager'] != '!!not set!!') $specials[] = $conf['manager']; 6882a3623daSAndreas Gohr 6892a3623daSAndreas Gohr 6902a3623daSAndreas Gohr if($this->who && 6912a3623daSAndreas Gohr !in_array($this->who,$this->usersgroups) && 6922a3623daSAndreas Gohr !in_array($this->who,$specials)){ 6932a3623daSAndreas Gohr 6942a3623daSAndreas Gohr if($this->who{0} == '@'){ 6952a3623daSAndreas Gohr $gsel = ' selected="selected"'; 6962a3623daSAndreas Gohr }else{ 6972a3623daSAndreas Gohr $usel = ' selected="selected"'; 6982a3623daSAndreas Gohr } 6992a3623daSAndreas Gohr }else{ 7002a3623daSAndreas Gohr $usel = ''; 7012a3623daSAndreas Gohr $gsel = ''; 7022a3623daSAndreas Gohr $inlist = true; 7032a3623daSAndreas Gohr } 7042a3623daSAndreas Gohr 7052a3623daSAndreas Gohr 7062a3623daSAndreas Gohr echo '<select name="acl_t" class="edit">'.NL; 7072a3623daSAndreas Gohr echo ' <option value="__g__" class="aclgroup"'.$gsel.'>'.$this->getLang('acl_group').':</option>'.NL; 7082a3623daSAndreas Gohr echo ' <option value="__u__" class="acluser"'.$usel.'>'.$this->getLang('acl_user').':</option>'.NL; 7092a3623daSAndreas Gohr echo ' <optgroup label=" ">'.NL; 7102a3623daSAndreas Gohr foreach($specials as $ug){ 7112a3623daSAndreas Gohr if($ug == $this->who){ 7122a3623daSAndreas Gohr $sel = ' selected="selected"'; 7132a3623daSAndreas Gohr $inlist = true; 7142a3623daSAndreas Gohr }else{ 7152a3623daSAndreas Gohr $sel = ''; 7162a3623daSAndreas Gohr } 7172a3623daSAndreas Gohr 7182a3623daSAndreas Gohr if($ug{0} == '@'){ 7192a3623daSAndreas Gohr echo ' <option value="'.hsc($ug).'" class="aclgroup"'.$sel.'>'.hsc($ug).'</option>'.NL; 7202a3623daSAndreas Gohr }else{ 7212a3623daSAndreas Gohr echo ' <option value="'.hsc($ug).'" class="acluser"'.$sel.'>'.hsc($ug).'</option>'.NL; 7222a3623daSAndreas Gohr } 7232a3623daSAndreas Gohr } 7242a3623daSAndreas Gohr echo ' </optgroup>'.NL; 7252a3623daSAndreas Gohr echo ' <optgroup label=" ">'.NL; 7262a3623daSAndreas Gohr foreach($this->usersgroups as $ug){ 7272a3623daSAndreas Gohr if($ug == $this->who){ 7282a3623daSAndreas Gohr $sel = ' selected="selected"'; 7292a3623daSAndreas Gohr $inlist = true; 7302a3623daSAndreas Gohr }else{ 7312a3623daSAndreas Gohr $sel = ''; 7322a3623daSAndreas Gohr } 7332a3623daSAndreas Gohr 7342a3623daSAndreas Gohr if($ug{0} == '@'){ 7352a3623daSAndreas Gohr echo ' <option value="'.hsc($ug).'" class="aclgroup"'.$sel.'>'.hsc($ug).'</option>'.NL; 7362a3623daSAndreas Gohr }else{ 7372a3623daSAndreas Gohr echo ' <option value="'.hsc($ug).'" class="acluser"'.$sel.'>'.hsc($ug).'</option>'.NL; 7382a3623daSAndreas Gohr } 7392a3623daSAndreas Gohr } 7402a3623daSAndreas Gohr echo ' </optgroup>'.NL; 7412a3623daSAndreas Gohr echo '</select>'.NL; 7422a3623daSAndreas Gohr return $inlist; 7432a3623daSAndreas Gohr } 74411e2ce22Schris} 745
