1<?php
2
3use dokuwiki\Remote\AccessDeniedException;
4
5/**
6 * Class remote_plugin_acl
7 */
8class remote_plugin_acl extends DokuWiki_Remote_Plugin
9{
10
11    /**
12     * Returns details about the remote plugin methods
13     *
14     * @return array Information about all provided methods. {@see dokuwiki\Remote\RemoteAPI}
15     */
16    public function _getMethods()
17    {
18        return array(
19            'listAcls' => array(
20                'args' => array(),
21                'return' => 'Array of ACLs {scope, user, permission}',
22                'name' => 'listAcls',
23                'doc' => 'Get the list of all ACLs',
24            ),'addAcl' => array(
25                'args' => array('string','string','int'),
26                'return' => 'int',
27                'name' => 'addAcl',
28                'doc' => 'Adds a new ACL rule.'
29            ), 'delAcl' => array(
30                'args' => array('string','string'),
31                'return' => 'int',
32                'name' => 'delAcl',
33                'doc' => 'Delete an existing ACL rule.'
34            ),
35        );
36    }
37
38    /**
39     * List all ACL config entries
40     *
41     * @throws AccessDeniedException
42     * @return dictionary {Scope: ACL}, where ACL = dictionnary {user/group: permissions_int}
43     */
44    public function listAcls()
45    {
46        if (!auth_isadmin()) {
47            throw new AccessDeniedException(
48                'You are not allowed to access ACLs, superuser permission is required',
49                114
50            );
51        }
52        /** @var admin_plugin_acl $apa */
53        $apa = plugin_load('admin', 'acl');
54        $apa->initAclConfig();
55        return $apa->acl;
56    }
57
58    /**
59     * Add a new entry to ACL config
60     *
61     * @param string $scope
62     * @param string $user
63     * @param int    $level see also inc/auth.php
64     * @throws AccessDeniedException
65     * @return bool
66     */
67    public function addAcl($scope, $user, $level)
68    {
69        if (!auth_isadmin()) {
70            throw new AccessDeniedException(
71                'You are not allowed to access ACLs, superuser permission is required',
72                114
73            );
74        }
75
76        /** @var admin_plugin_acl $apa */
77        $apa = plugin_load('admin', 'acl');
78        return $apa->addOrUpdateACL($scope, $user, $level);
79    }
80
81    /**
82     * Remove an entry from ACL config
83     *
84     * @param string $scope
85     * @param string $user
86     * @throws AccessDeniedException
87     * @return bool
88     */
89    public function delAcl($scope, $user)
90    {
91        if (!auth_isadmin()) {
92            throw new AccessDeniedException(
93                'You are not allowed to access ACLs, superuser permission is required',
94                114
95            );
96        }
97
98        /** @var admin_plugin_acl $apa */
99        $apa = plugin_load('admin', 'acl');
100        return $apa->deleteACL($scope, $user);
101    }
102}
103