1<?php 2 3 4use ComboStrap\Identity; 5use ComboStrap\LogUtility; 6use ComboStrap\PluginUtility; 7use ComboStrap\Tag\WebCodeTag; 8use ComboStrap\XmlTagProcessing; 9 10if (!defined('DOKU_INC')) die(); 11 12/** 13 * 14 */ 15class action_plugin_combo_webcode extends DokuWiki_Action_Plugin 16{ 17 18 19 const YOU_DON_T_HAVE_THE_RIGHT = "You don't have the right to save a webcode component."; 20 21 function register(Doku_Event_Handler $controller) 22 { 23 24 /** 25 * To enforce security 26 */ 27 $controller->register_hook('COMMON_WIKIPAGE_SAVE', 'BEFORE', $this, '_enforceSecurity'); 28 29 } 30 31 32 /** 33 * @param $event Doku_Event https://www.dokuwiki.org/devel:event:common_wikipage_save 34 * @return void 35 */ 36 function _enforceSecurity(Doku_Event &$event) 37 { 38 39 $data = $event->data; 40 $text = $data["newContent"]; 41 $pattern = XmlTagProcessing::getContainerTagPattern(WebCodeTag::TAG); 42 $result = preg_match("/" . $pattern . "/ms", $text); 43 if ($result === 0) { 44 return; 45 } 46 47 $isAdmin = Identity::isAdmin(); 48 if ($isAdmin) { 49 return; 50 } 51 52 $group = "@" . Identity::CONF_DESIGNER_GROUP_NAME; 53 $isMember = Identity::isMember($group); 54 if ($isMember) { 55 return; 56 } 57 58 LogUtility::warning(self::YOU_DON_T_HAVE_THE_RIGHT . " You should be admin or part of the ($group) group."); 59 $event->preventDefault(); 60 61 62 } 63 64} 65