xref: /dokuwiki/lib/plugins/acl/remote.php (revision c1482d1c08360e6401534a1391da2b650c37d34d) 
1<?php
2
3use dokuwiki\Extension\RemotePlugin;
4use dokuwiki\Remote\AccessDeniedException;
5
6/**
7 * Class remote_plugin_acl
8 */
9class remote_plugin_acl extends RemotePlugin
10{
11
12    /**
13     * Returns details about the remote plugin methods
14     *
15     * @return array Information about all provided methods. {@see dokuwiki\Remote\RemoteAPI}
16     */
17    public function _getMethods()
18    {
19        return [
20            'listAcls' => [
21                'args' => [],
22                'return' => 'Array of ACLs {scope, user, permission}',
23                'name' => 'listAcls',
24                'doc' => 'Get the list of all ACLs'
25            ],
26            'addAcl' => [
27                'args' => ['string', 'string', 'int'],
28                'return' => 'int',
29                'name' => 'addAcl',
30                'doc' => 'Adds a new ACL rule.'
31            ],
32            'delAcl' => [
33                'args' => ['string', 'string'],
34                'return' => 'int',
35                'name' => 'delAcl',
36                'doc' => 'Delete an existing ACL rule.'
37            ]
38        ];
39    }
40
41    /**
42     * List all ACL config entries
43     *
44     * @throws AccessDeniedException
45     * @return dictionary {Scope: ACL}, where ACL = dictionnary {user/group: permissions_int}
46     */
47    public function listAcls()
48    {
49        if (!auth_isadmin()) {
50            throw new AccessDeniedException(
51                'You are not allowed to access ACLs, superuser permission is required',
52                114
53            );
54        }
55        /** @var admin_plugin_acl $apa */
56        $apa = plugin_load('admin', 'acl');
57        $apa->initAclConfig();
58        return $apa->acl;
59    }
60
61    /**
62     * Add a new entry to ACL config
63     *
64     * @param string $scope
65     * @param string $user
66     * @param int    $level see also inc/auth.php
67     * @throws AccessDeniedException
68     * @return bool
69     */
70    public function addAcl($scope, $user, $level)
71    {
72        if (!auth_isadmin()) {
73            throw new AccessDeniedException(
74                'You are not allowed to access ACLs, superuser permission is required',
75                114
76            );
77        }
78
79        /** @var admin_plugin_acl $apa */
80        $apa = plugin_load('admin', 'acl');
81        return $apa->addOrUpdateACL($scope, $user, $level);
82    }
83
84    /**
85     * Remove an entry from ACL config
86     *
87     * @param string $scope
88     * @param string $user
89     * @throws AccessDeniedException
90     * @return bool
91     */
92    public function delAcl($scope, $user)
93    {
94        if (!auth_isadmin()) {
95            throw new AccessDeniedException(
96                'You are not allowed to access ACLs, superuser permission is required',
97                114
98            );
99        }
100
101        /** @var admin_plugin_acl $apa */
102        $apa = plugin_load('admin', 'acl');
103        return $apa->deleteACL($scope, $user);
104    }
105}
106