xref: /dokuwiki/lib/plugins/acl/admin.php (revision 52b35d3ab15e4a042a2e1c5c8c5766fc76c534af)
1<?php
2/**
3 * ACL administration functions
4 *
5 * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
6 * @author     Andreas Gohr <andi@splitbrain.org>
7 * @author     Anika Henke <anika@selfthinker.org> (concepts)
8 * @author     Frank Schubert <frank@schokilade.de> (old version)
9 */
10// must be run within Dokuwiki
11if(!defined('DOKU_INC')) die();
12
13if(!defined('DOKU_PLUGIN')) define('DOKU_PLUGIN',DOKU_INC.'lib/plugins/');
14require_once(DOKU_PLUGIN.'admin.php');
15
16/**
17 * All DokuWiki plugins to extend the admin function
18 * need to inherit from this class
19 */
20class admin_plugin_acl extends DokuWiki_Admin_Plugin {
21    var $acl = null;
22    var $ns  = null;
23    var $who = '';
24    var $usersgroups = array();
25    var $specials = array();
26
27    /**
28     * return some info
29     */
30    function getInfo(){
31        return array(
32            'author' => 'Andreas Gohr',
33            'email'  => 'andi@splitbrain.org',
34            'date'   => '2010-01-17',
35            'name'   => 'ACL Manager',
36            'desc'   => 'Manage Page Access Control Lists',
37            'url'    => 'http://dokuwiki.org/plugin:acl',
38        );
39    }
40
41    /**
42     * return prompt for admin menu
43     */
44    function getMenuText($language) {
45        return $this->getLang('admin_acl');
46    }
47
48    /**
49     * return sort order for position in admin menu
50     */
51    function getMenuSort() {
52        return 1;
53    }
54
55    /**
56     * handle user request
57     *
58     * Initializes internal vars and handles modifications
59     *
60     * @author Andreas Gohr <andi@splitbrain.org>
61     */
62    function handle() {
63        global $AUTH_ACL;
64        global $ID;
65        global $auth;
66
67        // fresh 1:1 copy without replacements
68        $AUTH_ACL = file(DOKU_CONF.'acl.auth.php');
69
70
71        // namespace given?
72        if($_REQUEST['ns'] == '*'){
73            $this->ns = '*';
74        }else{
75            $this->ns = cleanID($_REQUEST['ns']);
76        }
77
78        // user or group choosen?
79        $who = trim($_REQUEST['acl_w']);
80        if($_REQUEST['acl_t'] == '__g__' && $who){
81            $this->who = '@'.ltrim($auth->cleanGroup($who),'@');
82        }elseif($_REQUEST['acl_t'] == '__u__' && $who){
83            $this->who = ltrim($auth->cleanUser($who),'@');
84        }elseif($_REQUEST['acl_t'] &&
85                $_REQUEST['acl_t'] != '__u__' &&
86                $_REQUEST['acl_t'] != '__g__'){
87            $this->who = $_REQUEST['acl_t'];
88        }elseif($who){
89            $this->who = $who;
90        }
91
92        // handle modifications
93        if(isset($_REQUEST['cmd']) && checkSecurityToken()){
94
95            // scope for modifications
96            if($this->ns){
97                if($this->ns == '*'){
98                    $scope = '*';
99                }else{
100                    $scope = $this->ns.':*';
101                }
102            }else{
103                $scope = $ID;
104            }
105
106            if(isset($_REQUEST['cmd']['save']) && $scope && $this->who && isset($_REQUEST['acl'])){
107                // handle additions or single modifications
108                $this->_acl_del($scope, $this->who);
109                $this->_acl_add($scope, $this->who, (int) $_REQUEST['acl']);
110            }elseif(isset($_REQUEST['cmd']['del']) && $scope && $this->who){
111                // handle single deletions
112                $this->_acl_del($scope, $this->who);
113            }elseif(isset($_REQUEST['cmd']['update'])){
114                // handle update of the whole file
115                foreach((array) $_REQUEST['del'] as $where => $names){
116                    // remove all rules marked for deletion
117                    foreach($names as $who)
118                        unset($_REQUEST['acl'][$where][$who]);
119                }
120                // prepare lines
121                $lines = array();
122                // keep header
123                foreach($AUTH_ACL as $line){
124                    if($line{0} == '#'){
125                        $lines[] = $line;
126                    }else{
127                        break;
128                    }
129                }
130                // re-add all rules
131                foreach((array) $_REQUEST['acl'] as $where => $opt){
132                    foreach($opt as $who => $perm){
133                        if ($who[0]=='@') {
134                            if ($who!='@ALL') {
135                                $who = '@'.ltrim($auth->cleanGroup($who),'@');
136                            }
137                        } else {
138                            $who = $auth->cleanUser($who);
139                        }
140                        $who = auth_nameencode($who,true);
141                        $lines[] = "$where\t$who\t$perm\n";
142                    }
143                }
144                // save it
145                io_saveFile(DOKU_CONF.'acl.auth.php', join('',$lines));
146            }
147
148            // reload ACL config
149            $AUTH_ACL = file(DOKU_CONF.'acl.auth.php');
150        }
151
152        // initialize ACL array
153        $this->_init_acl_config();
154    }
155
156    /**
157     * ACL Output function
158     *
159     * print a table with all significant permissions for the
160     * current id
161     *
162     * @author  Frank Schubert <frank@schokilade.de>
163     * @author  Andreas Gohr <andi@splitbrain.org>
164     */
165    function html() {
166        global $ID;
167
168        echo '<div id="acl_manager">'.NL;
169        echo '<h1>'.$this->getLang('admin_acl').'</h1>'.NL;
170        echo '<div class="level1">'.NL;
171
172        echo '<div id="acl__tree">'.NL;
173        $this->_html_explorer($_REQUEST['ns']);
174        echo '</div>'.NL;
175
176        echo '<div id="acl__detail">'.NL;
177        $this->_html_detail();
178        echo '</div>'.NL;
179        echo '</div>'.NL;
180
181        echo '<div class="clearer"></div>';
182        echo '<h2>'.$this->getLang('current').'</h2>'.NL;
183        echo '<div class="level2">'.NL;
184        $this->_html_table();
185        echo '</div>'.NL;
186
187        echo '<div class="footnotes"><div class="fn">'.NL;
188        echo '<sup><a id="fn__1" class="fn_bot" name="fn__1" href="#fnt__1">1)</a></sup>'.NL;
189        echo $this->getLang('p_include');
190        echo '</div></div>';
191
192        echo '</div>'.NL;
193    }
194
195    /**
196     * returns array with set options for building links
197     *
198     * @author Andreas Gohr <andi@splitbrain.org>
199     */
200    function _get_opts($addopts=null){
201        global $ID;
202        $opts = array(
203                    'do'=>'admin',
204                    'page'=>'acl',
205                );
206        if($this->ns) $opts['ns'] = $this->ns;
207        if($this->who) $opts['acl_w'] = $this->who;
208
209        if(is_null($addopts)) return $opts;
210        return array_merge($opts, $addopts);
211    }
212
213    /**
214     * Display a tree menu to select a page or namespace
215     *
216     * @author Andreas Gohr <andi@splitbrain.org>
217     */
218    function _html_explorer(){
219        require_once(DOKU_INC.'inc/search.php');
220        global $conf;
221        global $ID;
222        global $lang;
223
224        $dir = $conf['datadir'];
225        $ns  = $this->ns;
226        if(empty($ns)){
227            $ns = dirname(str_replace(':','/',$ID));
228            if($ns == '.') $ns ='';
229        }elseif($ns == '*'){
230            $ns ='';
231        }
232        $ns  = utf8_encodeFN(str_replace(':','/',$ns));
233
234        $data = $this->_get_tree($ns);
235
236        // wrap a list with the root level around the other namespaces
237        $item = array( 'level' => 0, 'id' => '*', 'type' => 'd',
238                   'open' =>'true', 'label' => '['.$lang['mediaroot'].']');
239
240        echo '<ul class="acltree">';
241        echo $this->_html_li_acl($item);
242        echo '<div class="li">';
243        echo $this->_html_list_acl($item);
244        echo '</div>';
245        echo html_buildlist($data,'acl',
246                            array($this,'_html_list_acl'),
247                            array($this,'_html_li_acl'));
248        echo '</li>';
249        echo '</ul>';
250
251    }
252
253    /**
254     * get a combined list of media and page files
255     *
256     * @param string $folder an already converted filesystem folder of the current namespace
257     * @param string $limit  limit the search to this folder
258     */
259    function _get_tree($folder,$limit=''){
260        global $conf;
261
262        // read tree structure from pages and media
263        $data = array();
264        search($data,$conf['datadir'],'search_index',array('ns' => $folder),$limit);
265        $media = array();
266        search($media,$conf['mediadir'],'search_index',array('ns' => $folder, 'nofiles' => true),$limit);
267        $data = array_merge($data,$media);
268        unset($media);
269
270        // combine by sorting and removing duplicates
271        usort($data,array($this,'_tree_sort'));
272        $count = count($data);
273        if($count>0) for($i=1; $i<$count; $i++){
274            if($data[$i]['type'] == 'f') break; // namespaces come first, we're done
275            if($data[$i-1]['id'] == $data[$i]['id']) unset($data[$i]);
276        }
277        return $data;
278    }
279
280    /**
281     * usort callback
282     *
283     * Sorts the combined trees of media and page files
284     */
285    function _tree_sort($a,$b){
286        if($a['type'] == 'd' && $b['type'] == 'f'){
287            return -1;
288        }elseif($a['type'] == 'f' && $b['type'] == 'd'){
289            return 1;
290        }else{
291            return strcmp($a['id'],$b['id']);
292        }
293    }
294
295    /**
296     * Display the current ACL for selected where/who combination with
297     * selectors and modification form
298     *
299     * @author Andreas Gohr <andi@splitbrain.org>
300     */
301    function _html_detail(){
302        global $conf;
303        global $ID;
304
305        echo '<form action="'.wl().'" method="post" accept-charset="utf-8"><div class="no">'.NL;
306
307        echo '<div id="acl__user">';
308        echo $this->getLang('acl_perms').' ';
309        $inl =  $this->_html_select();
310        echo '<input type="text" name="acl_w" class="edit" value="'.(($inl)?'':hsc(ltrim($this->who,'@'))).'" />'.NL;
311        echo '<input type="submit" value="'.$this->getLang('btn_select').'" class="button" />'.NL;
312        echo '</div>'.NL;
313
314        echo '<div id="acl__info">';
315        $this->_html_info();
316        echo '</div>';
317
318        echo '<input type="hidden" name="ns" value="'.hsc($this->ns).'" />'.NL;
319        echo '<input type="hidden" name="id" value="'.hsc($ID).'" />'.NL;
320        echo '<input type="hidden" name="do" value="admin" />'.NL;
321        echo '<input type="hidden" name="page" value="acl" />'.NL;
322        echo '<input type="hidden" name="sectok" value="'.getSecurityToken().'" />'.NL;
323        echo '</div></form>'.NL;
324    }
325
326    /**
327     * Print infos and editor
328     */
329    function _html_info(){
330        global $ID;
331
332        if($this->who){
333            $current = $this->_get_exact_perm();
334
335            // explain current permissions
336            $this->_html_explain($current);
337            // load editor
338            $this->_html_acleditor($current);
339        }else{
340            echo '<p>';
341            if($this->ns){
342                printf($this->getLang('p_choose_ns'),hsc($this->ns));
343            }else{
344                printf($this->getLang('p_choose_id'),hsc($ID));
345            }
346            echo '</p>';
347
348            echo $this->locale_xhtml('help');
349        }
350    }
351
352    /**
353     * Display the ACL editor
354     *
355     * @author Andreas Gohr <andi@splitbrain.org>
356     */
357    function _html_acleditor($current){
358        global $lang;
359
360        echo '<fieldset>';
361        if(is_null($current)){
362            echo '<legend>'.$this->getLang('acl_new').'</legend>';
363        }else{
364            echo '<legend>'.$this->getLang('acl_mod').'</legend>';
365        }
366
367
368        echo $this->_html_checkboxes($current,empty($this->ns),'acl');
369
370        if(is_null($current)){
371            echo '<input type="submit" name="cmd[save]" class="button" value="'.$lang['btn_save'].'" />'.NL;
372        }else{
373            echo '<input type="submit" name="cmd[save]" class="button" value="'.$lang['btn_update'].'" />'.NL;
374            echo '<input type="submit" name="cmd[del]" class="button" value="'.$lang['btn_delete'].'" />'.NL;
375        }
376
377        echo '</fieldset>';
378    }
379
380    /**
381     * Explain the currently set permissions in plain english/$lang
382     *
383     * @author Andreas Gohr <andi@splitbrain.org>
384     */
385    function _html_explain($current){
386        global $ID;
387        global $auth;
388
389        $who = $this->who;
390        $ns  = $this->ns;
391
392        // prepare where to check
393        if($ns){
394            if($ns == '*'){
395                $check='*';
396            }else{
397                $check=$ns.':*';
398            }
399        }else{
400            $check = $ID;
401        }
402
403        // prepare who to check
404        if($who{0} == '@'){
405            $user   = '';
406            $groups = array(ltrim($who,'@'));
407        }else{
408            $user = auth_nameencode($who);
409            $info = $auth->getUserData($user);
410            if($info === false){
411                $groups = array();
412            }else{
413                $groups = $info['grps'];
414            }
415        }
416
417        // check the permissions
418        $perm = auth_aclcheck($check,$user,$groups);
419
420        // build array of named permissions
421        $names = array();
422        if($perm){
423            if($ns){
424                if($perm >= AUTH_DELETE) $names[] = $this->getLang('acl_perm16');
425                if($perm >= AUTH_UPLOAD) $names[] = $this->getLang('acl_perm8');
426                if($perm >= AUTH_CREATE) $names[] = $this->getLang('acl_perm4');
427            }
428            if($perm >= AUTH_EDIT) $names[] = $this->getLang('acl_perm2');
429            if($perm >= AUTH_READ) $names[] = $this->getLang('acl_perm1');
430            $names = array_reverse($names);
431        }else{
432            $names[] = $this->getLang('acl_perm0');
433        }
434
435        // print permission explanation
436        echo '<p>';
437        if($user){
438            if($ns){
439                printf($this->getLang('p_user_ns'),hsc($who),hsc($ns),join(', ',$names));
440            }else{
441                printf($this->getLang('p_user_id'),hsc($who),hsc($ID),join(', ',$names));
442            }
443        }else{
444            if($ns){
445                printf($this->getLang('p_group_ns'),hsc(ltrim($who,'@')),hsc($ns),join(', ',$names));
446            }else{
447                printf($this->getLang('p_group_id'),hsc(ltrim($who,'@')),hsc($ID),join(', ',$names));
448            }
449        }
450        echo '</p>';
451
452        // add note if admin
453        if($perm == AUTH_ADMIN){
454            echo '<p>'.$this->getLang('p_isadmin').'</p>';
455        }elseif(is_null($current)){
456            echo '<p>'.$this->getLang('p_inherited').'</p>';
457        }
458    }
459
460
461    /**
462     * Item formatter for the tree view
463     *
464     * User function for html_buildlist()
465     *
466     * @author Andreas Gohr <andi@splitbrain.org>
467     */
468    function _html_list_acl($item){
469        global $ID;
470        $ret = '';
471        // what to display
472        if($item['label']){
473            $base = $item['label'];
474        }else{
475            $base = ':'.$item['id'];
476            $base = substr($base,strrpos($base,':')+1);
477        }
478
479        // highlight?
480        if( ($item['type']=='d' && $item['id'] == $this->ns) ||
481            ($item['type']!='d' && $item['id'] == $ID)) $cl = ' cur';
482
483        // namespace or page?
484        if($item['type']=='d'){
485            if($item['open']){
486                $img   = DOKU_BASE.'lib/images/minus.gif';
487                $alt   = '&minus;';
488            }else{
489                $img   = DOKU_BASE.'lib/images/plus.gif';
490                $alt   = '+';
491            }
492            $ret .= '<img src="'.$img.'" alt="'.$alt.'" />';
493            $ret .= '<a href="'.wl('',$this->_get_opts(array('ns'=>$item['id'],'sectok'=>getSecurityToken()))).'" class="idx_dir'.$cl.'">';
494            $ret .= $base;
495            $ret .= '</a>';
496        }else{
497            $ret .= '<a href="'.wl('',$this->_get_opts(array('id'=>$item['id'],'ns'=>'','sectok'=>getSecurityToken()))).'" class="wikilink1'.$cl.'">';
498            $ret .= noNS($item['id']);
499            $ret .= '</a>';
500        }
501        return $ret;
502    }
503
504
505    function _html_li_acl($item){
506            return '<li class="level'.$item['level'].'">';
507    }
508
509
510    /**
511     * Get current ACL settings as multidim array
512     *
513     * @author Andreas Gohr <andi@splitbrain.org>
514     */
515    function _init_acl_config(){
516        global $AUTH_ACL;
517        global $conf;
518        $acl_config=array();
519        $usersgroups = array();
520
521        // get special users and groups
522        $this->specials[] = '@ALL';
523        $this->specials[] = '@'.$conf['defaultgroup'];
524        if($conf['manager'] != '!!not set!!'){
525            $this->specials = array_merge($this->specials,
526                                          array_map('trim',
527                                                    explode(',',$conf['manager'])));
528        }
529        $this->specials = array_filter($this->specials);
530        $this->specials = array_unique($this->specials);
531        sort($this->specials);
532
533        foreach($AUTH_ACL as $line){
534            $line = trim(preg_replace('/#.*$/','',$line)); //ignore comments
535            if(!$line) continue;
536
537            $acl = preg_split('/\s+/',$line);
538            //0 is pagename, 1 is user, 2 is acl
539
540            $acl[1] = rawurldecode($acl[1]);
541            $acl_config[$acl[0]][$acl[1]] = $acl[2];
542
543            // store non-special users and groups for later selection dialog
544            $ug = $acl[1];
545            if(in_array($ug,$this->specials)) continue;
546            $usersgroups[] = $ug;
547        }
548
549        $usersgroups = array_unique($usersgroups);
550        sort($usersgroups);
551        ksort($acl_config);
552
553        $this->acl = $acl_config;
554        $this->usersgroups = $usersgroups;
555    }
556
557    /**
558     * Display all currently set permissions in a table
559     *
560     * @author Andreas Gohr <andi@splitbrain.org>
561     */
562    function _html_table(){
563        global $lang;
564        global $ID;
565
566        echo '<form action="'.wl().'" method="post" accept-charset="utf-8"><div class="no">'.NL;
567        if($this->ns){
568            echo '<input type="hidden" name="ns" value="'.hsc($this->ns).'" />'.NL;
569        }else{
570            echo '<input type="hidden" name="id" value="'.hsc($ID).'" />'.NL;
571        }
572        echo '<input type="hidden" name="acl_w" value="'.hsc($this->who).'" />'.NL;
573        echo '<input type="hidden" name="do" value="admin" />'.NL;
574        echo '<input type="hidden" name="page" value="acl" />'.NL;
575        echo '<input type="hidden" name="sectok" value="'.getSecurityToken().'" />'.NL;
576        echo '<table class="inline">';
577        echo '<tr>';
578        echo '<th>'.$this->getLang('where').'</th>';
579        echo '<th>'.$this->getLang('who').'</th>';
580        echo '<th>'.$this->getLang('perm').'<sup><a id="fnt__1" class="fn_top" name="fnt__1" href="#fn__1">1)</a></sup></th>';
581        echo '<th>'.$lang['btn_delete'].'</th>';
582        echo '</tr>';
583        foreach($this->acl as $where => $set){
584            foreach($set as $who => $perm){
585                echo '<tr>';
586                echo '<td>';
587                if(substr($where,-1) == '*'){
588                    echo '<span class="aclns">'.hsc($where).'</span>';
589                    $ispage = false;
590                }else{
591                    echo '<span class="aclpage">'.hsc($where).'</span>';
592                    $ispage = true;
593                }
594                echo '</td>';
595
596                echo '<td>';
597                if($who{0} == '@'){
598                    echo '<span class="aclgroup">'.hsc($who).'</span>';
599                }else{
600                    echo '<span class="acluser">'.hsc($who).'</span>';
601                }
602                echo '</td>';
603
604                echo '<td>';
605                echo $this->_html_checkboxes($perm,$ispage,'acl['.$where.']['.$who.']');
606                echo '</td>';
607
608                echo '<td align="center">';
609                echo '<input type="checkbox" name="del['.hsc($where).'][]" value="'.hsc($who).'" />';
610                echo '</td>';
611                echo '</tr>';
612            }
613        }
614
615        echo '<tr>';
616        echo '<th align="right" colspan="4">';
617        echo '<input type="submit" value="'.$lang['btn_update'].'" name="cmd[update]" class="button" />';
618        echo '</th>';
619        echo '</tr>';
620        echo '</table>';
621        echo '</div></form>'.NL;
622    }
623
624
625    /**
626     * Returns the permission which were set for exactly the given user/group
627     * and page/namespace. Returns null if no exact match is available
628     *
629     * @author Andreas Gohr <andi@splitbrain.org>
630     */
631    function _get_exact_perm(){
632        global $ID;
633        if($this->ns){
634            if($this->ns == '*'){
635                $check = '*';
636            }else{
637                $check = $this->ns.':*';
638            }
639        }else{
640            $check = $ID;
641        }
642
643        if(isset($this->acl[$check][$this->who])){
644            return $this->acl[$check][$this->who];
645        }else{
646            return null;
647        }
648    }
649
650    /**
651     * adds new acl-entry to conf/acl.auth.php
652     *
653     * @author  Frank Schubert <frank@schokilade.de>
654     */
655    function _acl_add($acl_scope, $acl_user, $acl_level){
656        $acl_config = file_get_contents(DOKU_CONF.'acl.auth.php');
657        $acl_user = auth_nameencode($acl_user,true);
658
659        // max level for pagenames is edit
660        if(strpos($acl_scope,'*') === false) {
661            if($acl_level > AUTH_EDIT) $acl_level = AUTH_EDIT;
662        }
663
664
665        $new_acl = "$acl_scope\t$acl_user\t$acl_level\n";
666
667        $new_config = $acl_config.$new_acl;
668
669        return io_saveFile(DOKU_CONF.'acl.auth.php', $new_config);
670    }
671
672    /**
673     * remove acl-entry from conf/acl.auth.php
674     *
675     * @author  Frank Schubert <frank@schokilade.de>
676     */
677    function _acl_del($acl_scope, $acl_user){
678        $acl_config = file(DOKU_CONF.'acl.auth.php');
679        $acl_user = auth_nameencode($acl_user,true);
680
681        $acl_pattern = '^'.preg_quote($acl_scope,'/').'\s+'.$acl_user.'\s+[0-8].*$';
682
683        // save all non!-matching
684        $new_config = preg_grep("/$acl_pattern/", $acl_config, PREG_GREP_INVERT);
685
686        return io_saveFile(DOKU_CONF.'acl.auth.php', join('',$new_config));
687    }
688
689    /**
690     * print the permission radio boxes
691     *
692     * @author  Frank Schubert <frank@schokilade.de>
693     * @author  Andreas Gohr <andi@splitbrain.org>
694     */
695    function _html_checkboxes($setperm,$ispage,$name){
696        global $lang;
697
698        static $label = 0; //number labels
699        $ret = '';
700
701        if($ispage && $setperm > AUTH_EDIT) $perm = AUTH_EDIT;
702
703        foreach(array(AUTH_NONE,AUTH_READ,AUTH_EDIT,AUTH_CREATE,AUTH_UPLOAD,AUTH_DELETE) as $perm){
704            $label += 1;
705
706            //general checkbox attributes
707            $atts = array( 'type'  => 'radio',
708                           'id'    => 'pbox'.$label,
709                           'name'  => $name,
710                           'value' => $perm );
711            //dynamic attributes
712            if(!is_null($setperm) && $setperm == $perm) $atts['checked']  = 'checked';
713            if($ispage && $perm > AUTH_EDIT){
714                $atts['disabled'] = 'disabled';
715                $class = ' class="disabled"';
716            }else{
717                $class = '';
718            }
719
720            //build code
721            $ret .= '<label for="pbox'.$label.'" title="'.$this->getLang('acl_perm'.$perm).'"'.$class.'>';
722            $ret .= '<input '.html_attbuild($atts).' />&nbsp;';
723            $ret .= $this->getLang('acl_perm'.$perm);
724            $ret .= '</label>'.NL;
725        }
726        return $ret;
727    }
728
729    /**
730     * Print a user/group selector (reusing already used users and groups)
731     *
732     * @author  Andreas Gohr <andi@splitbrain.org>
733     */
734    function _html_select(){
735        global $conf;
736        $inlist = false;
737
738        if($this->who &&
739           !in_array($this->who,$this->usersgroups) &&
740           !in_array($this->who,$this->specials)){
741
742            if($this->who{0} == '@'){
743                $gsel = ' selected="selected"';
744            }else{
745                $usel   = ' selected="selected"';
746            }
747        }else{
748            $usel = '';
749            $gsel = '';
750            $inlist = true;
751        }
752
753
754        echo '<select name="acl_t" class="edit">'.NL;
755        echo '  <option value="__g__" class="aclgroup"'.$gsel.'>'.$this->getLang('acl_group').':</option>'.NL;
756        echo '  <option value="__u__"  class="acluser"'.$usel.'>'.$this->getLang('acl_user').':</option>'.NL;
757        echo '  <optgroup label="&nbsp;">'.NL;
758        foreach($this->specials as $ug){
759            if($ug == $this->who){
760                $sel    = ' selected="selected"';
761                $inlist = true;
762            }else{
763                $sel = '';
764            }
765
766            if($ug{0} == '@'){
767                    echo '  <option value="'.hsc($ug).'" class="aclgroup"'.$sel.'>'.hsc($ug).'</option>'.NL;
768            }else{
769                    echo '  <option value="'.hsc($ug).'" class="acluser"'.$sel.'>'.hsc($ug).'</option>'.NL;
770            }
771        }
772        echo '  </optgroup>'.NL;
773        echo '  <optgroup label="&nbsp;">'.NL;
774        foreach($this->usersgroups as $ug){
775            if($ug == $this->who){
776                $sel    = ' selected="selected"';
777                $inlist = true;
778            }else{
779                $sel = '';
780            }
781
782            if($ug{0} == '@'){
783                    echo '  <option value="'.hsc($ug).'" class="aclgroup"'.$sel.'>'.hsc($ug).'</option>'.NL;
784            }else{
785                    echo '  <option value="'.hsc($ug).'" class="acluser"'.$sel.'>'.hsc($ug).'</option>'.NL;
786            }
787        }
788        echo '  </optgroup>'.NL;
789        echo '</select>'.NL;
790        return $inlist;
791    }
792}
793