xref: /dokuwiki/lib/plugins/acl/remote.php (revision 7aaa20510695c9364a034cd9779b7cb6691b4a95) 
1<?php
2
3use dokuwiki\Extension\RemotePlugin;
4use dokuwiki\Remote\AccessDeniedException;
5
6/**
7 * Class remote_plugin_acl
8 */
9class remote_plugin_acl extends RemotePlugin
10{
11    /**
12     * Returns details about the remote plugin methods
13     *
14     * @return array Information about all provided methods. {@see dokuwiki\Remote\RemoteAPI}
15     */
16    public function _getMethods()
17    {
18        return [
19            'listAcls' => [
20                'args' => [],
21                'return' => 'Array of ACLs {scope, user, permission}',
22                'name' => 'listAcls',
23                'doc' => 'Get the list of all ACLs'
24            ],
25            'addAcl' => [
26                'args' => ['string', 'string', 'int'],
27                'return' => 'int',
28                'name' => 'addAcl',
29                'doc' => 'Adds a new ACL rule.'
30            ],
31            'delAcl' => [
32                'args' => ['string', 'string'],
33                'return' => 'int',
34                'name' => 'delAcl',
35                'doc' => 'Delete an existing ACL rule.'
36            ]
37        ];
38    }
39
40    /**
41     * List all ACL config entries
42     *
43     * @throws AccessDeniedException
44     * @return dictionary {Scope: ACL}, where ACL = dictionnary {user/group: permissions_int}
45     */
46    public function listAcls()
47    {
48        if (!auth_isadmin()) {
49            throw new AccessDeniedException(
50                'You are not allowed to access ACLs, superuser permission is required',
51                114
52            );
53        }
54        /** @var admin_plugin_acl $apa */
55        $apa = plugin_load('admin', 'acl');
56        $apa->initAclConfig();
57        return $apa->acl;
58    }
59
60    /**
61     * Add a new entry to ACL config
62     *
63     * @param string $scope
64     * @param string $user
65     * @param int    $level see also inc/auth.php
66     * @throws AccessDeniedException
67     * @return bool
68     */
69    public function addAcl($scope, $user, $level)
70    {
71        if (!auth_isadmin()) {
72            throw new AccessDeniedException(
73                'You are not allowed to access ACLs, superuser permission is required',
74                114
75            );
76        }
77
78        /** @var admin_plugin_acl $apa */
79        $apa = plugin_load('admin', 'acl');
80        return $apa->addOrUpdateACL($scope, $user, $level);
81    }
82
83    /**
84     * Remove an entry from ACL config
85     *
86     * @param string $scope
87     * @param string $user
88     * @throws AccessDeniedException
89     * @return bool
90     */
91    public function delAcl($scope, $user)
92    {
93        if (!auth_isadmin()) {
94            throw new AccessDeniedException(
95                'You are not allowed to access ACLs, superuser permission is required',
96                114
97            );
98        }
99
100        /** @var admin_plugin_acl $apa */
101        $apa = plugin_load('admin', 'acl');
102        return $apa->deleteACL($scope, $user);
103    }
104}
105