aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorbrettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544>2010-04-15 17:07:13 +0000
committerbrettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544>2010-04-15 17:07:13 +0000
commit18d00e176826a353503f889bb8ea157e5228304b (patch)
tree2627deb9fbf4f67d542100445953bed181e6fa00
parent08b4a8007503f580ebe85527124b452de5832dd3 (diff)
downloadelgg-18d00e176826a353503f889bb8ea157e5228304b.tar.gz
elgg-18d00e176826a353503f889bb8ea157e5228304b.tar.bz2
Added granular access for views in ECML.
Added 'usage' on keyword info. Updated docs. git-svn-id: http://code.elgg.org/elgg/trunk@5747 36083f99-b078-4883-b0ff-0f9b5a30f544
-rw-r--r--mod/ecml/README.txt15
-rw-r--r--mod/ecml/actions/save_permissions.php20
-rw-r--r--mod/ecml/ecml_functions.php3
-rw-r--r--mod/ecml/languages/en.php43
-rw-r--r--mod/ecml/start.php45
-rw-r--r--mod/ecml/views/default/ecml/admin/css.php17
-rw-r--r--mod/ecml/views/default/ecml/admin/ecml_admin.php80
-rw-r--r--mod/ecml/views/default/ecml/keywords/googlemaps.php8
8 files changed, 207 insertions, 24 deletions
diff --git a/mod/ecml/README.txt b/mod/ecml/README.txt
index c72e8c0c4..f57dc1b8d 100644
--- a/mod/ecml/README.txt
+++ b/mod/ecml/README.txt
@@ -90,7 +90,13 @@ CONTENTS:
To register your own ECML keywords, reply to the 'get_keywords'
hook of type 'ecml' and append to the passed array with a key that is
- your keyword name and a value that is an array of a description and view.
+ your keyword name and a value that is an array of a view, a description,
+ and usage instructions.
+
+ Optionally, the array can pass a 'restricted' => array() value of views
+ that this keyword is valid in. This is not overrideable by the admin
+ interface and is useful for forcing security on possibly dangerous
+ keywords.
Arguments passed to the keyword are accessible to the keyword view via
the $vars array. It is the responsibility of the custom view to parse
@@ -111,7 +117,8 @@ CONTENTS:
function buttonizer_ecml_keywords($hook, $type, $value, $params) {
$value['buttonizer'] = array(
'view' => 'buttonizer/ecml/buttonizer',
- 'description' => 'Makes your text a button! What could be better?'
+ 'description' => 'Makes your text a button! What could be better?',
+ 'usage' => 'Use [[buttonizer text="My text"]] to make "My text" a button!'
);
return $value;
@@ -129,6 +136,10 @@ CONTENTS:
[[view src="buttonizer/ecml/buttonizer" text="This is my button!"]]
+ or even:
+
+ [[view src="input/button" value="This is my button!" type="button"]]
+
but is much simpler for the user.
diff --git a/mod/ecml/actions/save_permissions.php b/mod/ecml/actions/save_permissions.php
new file mode 100644
index 000000000..490a8928b
--- /dev/null
+++ b/mod/ecml/actions/save_permissions.php
@@ -0,0 +1,20 @@
+<?php
+/**
+ * Saves granular access
+ *
+ * @package ECML
+ * @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2
+ * @author Curverider Ltd
+ * @copyright Curverider Ltd 2008-2010
+ * @link http://elgg.org/
+ */
+
+$perms = get_input('perms', array());
+
+if (set_plugin_setting('ecml_permissions', serialize($perms), 'ecml')) {
+ system_message(elgg_echo('ecml:admin:permissions_saved'));
+} else {
+ register_error(elgg_echo('ecml:admin:cannot_save_permissions'));
+}
+
+forward($_SERVER['HTTP_REFERER']);
diff --git a/mod/ecml/ecml_functions.php b/mod/ecml/ecml_functions.php
index e818a8f99..58395aa7b 100644
--- a/mod/ecml/ecml_functions.php
+++ b/mod/ecml/ecml_functions.php
@@ -203,8 +203,7 @@ function ecml_is_valid_keyword($keyword, $view = NULL) {
return FALSE;
}
- $views = $CONFIG->ecml_permissions['views'];
- $contexts = $CONFIG->ecml_permissions['contexts'];
+ $views = $CONFIG->ecml_permissions;
// this is a blacklist, so return TRUE by default.
$r = TRUE;
diff --git a/mod/ecml/languages/en.php b/mod/ecml/languages/en.php
index d93c7236a..2d1b873ad 100644
--- a/mod/ecml/languages/en.php
+++ b/mod/ecml/languages/en.php
@@ -13,9 +13,31 @@ $english = array(
'ecml' => 'ECML',
'ecml:help' => 'ECML Help',
- /**
- * Key words
- */
+
+ // views
+ 'ecml:views:annotation_generic_comment' => 'Comments',
+
+ // keywords
+ 'ecml:keywords:desc:entity' => 'Displays a list of any Elgg entity.',
+ 'ecml:keywords:usage:entity' => '[[entity]] supports all options in elgg_get_entities()',
+
+ 'ecml:keywords:desc:view' => 'Displays any Elgg view.',
+ 'ecml:keywords:usage:view' => '[[view src="valid/view" arg1=value1 arg2=value2]]',
+
+ 'ecml:keywords:desc:googlemaps' => 'Embed a Google Map.',
+ 'ecml:keywords:usage:entity' => '[[googlemaps src="URL"]] Use the link code from Google Maps as the src.',
+
+ 'ecml:keywords:desc:slideshare' => 'Embed a Slideshare slide.',
+ 'ecml:keywords:usage:entity' => '[[slideshare id="slideshare_id"]] Use the Wordpress.com embed code, but make sure there are two [s and ]s surrounding it!',
+
+ 'ecml:keywords:desc:vimeo' => 'Embed a Vimeo video.',
+ 'ecml:keywords:usage:videmo' => '[[videmo src="URL"]] Use a standard Vimeo URL as the source.',
+
+ 'ecml:keywords:desc:youtube' => 'Embed a YouTube video.',
+ 'ecml:keywords:usage:entity' => '[[youtube src="URL"]] Use a standard YouTube URL as the source.',
+
+
+ // keyword help
'ecml:keywords_title' => 'Keywords',
'ecml:keywords_instructions' =>
'Keywords are replaced with content when viewed. They must be surrounded by
@@ -36,6 +58,21 @@ $english = array(
<p>Ex: To show a text input with a default value:<br />
[[view: input/text, value=This is a default value]]</p>',
+
+ // admin
+ 'ecml:admin:admin' => 'ECML Permissions',
+ 'ecml:admin:instruction' =>
+
+'ECML allows users you easily embed views, entities, and 3rd party applications into their content
+on your site by using ECML keywords. There are some ECML keywords that you may want to restrict
+in certain areas of your site. To disable a keyword for a section of your site, check the box in the
+grid below.
+',
+
+ 'ecml:admin:permissions_saved' => 'ECML permissions saved.',
+ 'ecml:admin:cannot_save_permissions' => 'Cannot save ECML permissions!',
+
+
);
add_translation('en', $english); \ No newline at end of file
diff --git a/mod/ecml/start.php b/mod/ecml/start.php
index c6a9ff38b..cad6f096f 100644
--- a/mod/ecml/start.php
+++ b/mod/ecml/start.php
@@ -32,11 +32,20 @@ function ecml_init() {
register_page_handler('ecml_admin', 'ecml_admin_page_handler');
register_elgg_event_handler('pagesetup', 'system', 'ecml_pagesetup');
+ // CSS for admin access
+ elgg_extend_view('css', 'ecml/admin/css');
+
+ // admin action to save permissions
+ register_action('ecml/save_permissions', FALSE, dirname(__FILE__) . '/actions/save_permissions.php', TRUE);
+
// show ECML-enabled icon on free-text input areas
elgg_extend_view('input/longtext', 'ecml/input_ext');
elgg_extend_view('input/plaintext', 'ecml/input_ext');
//elgg_extend_view('input/text', 'ecml/input_ext');
+ // add parsing for core views.
+ register_plugin_hook('get_views', 'ecml', 'ecml_views_hook');
+
// get register the views we want to parse for ecml
// @todo will need to do profiling to see if it would be faster
// to foreach through this list and register to specific views or
@@ -60,9 +69,7 @@ function ecml_init() {
// it's more efficient to use this as a blacklist
// but probably makes more sense from a UI perspective as a whitelist.
// uses [views][view_name] = array(keywords, not, allowed)
- $CONFIG->ecml_permissions = array(
- 'views' => array()
- );
+ $CONFIG->ecml_permissions = unserialize(get_plugin_setting('ecml_permissions', 'ecml'));
}
/**
@@ -92,7 +99,8 @@ function ecml_help_page_handler($page) {
* @param array $page
*/
function ecml_admin_page_handler($page) {
- $content = elgg_view('ecml/admin');
+ admin_gatekeeper();
+ $content = elgg_view('ecml/admin/ecml_admin');
echo page_draw(elgg_echo('ecml:admin'), $content);
}
@@ -122,22 +130,39 @@ function ecml_parse_view($hook, $entity_type, $return_value, $params) {
* Register default keywords.
*
* @param unknown_type $hook
- * @param unknown_type $entity_type
- * @param unknown_type $return_value
+ * @param unknown_type $type
+ * @param unknown_type $value
* @param unknown_type $params
* @return unknown_type
*/
-function ecml_keyword_hook($hook, $entity_type, $return_value, $params) {
+function ecml_keyword_hook($hook, $type, $value, $params) {
+ // I keep going back and forth about entity and view. They're powerful, but
+ // a great way to let a site get hacked if the admin doesn't lock them down.
$keywords = array('entity', 'view', 'youtube', 'slideshare', 'vimeo', 'googlemaps');
foreach ($keywords as $keyword) {
- $return_value[$keyword] = array(
+ $value[$keyword] = array(
'view' => "ecml/keywords/$keyword",
- 'description' => elgg_echo("ecml:keywords:$keyword")
+ 'description' => elgg_echo("ecml:keywords:desc:$keyword"),
+ 'usage' => elgg_echo("ecml:keywords:usage:$keyword")
);
}
- return $return_value;
+ return $value;
+}
+
+/**
+ * Register default views to parse
+ *
+ * @param unknown_type $hook
+ * @param unknown_type $type
+ * @param unknown_type $value
+ * @param unknown_type $params
+ */
+function ecml_views_hook($hook, $type, $value, $params) {
+ $value['annotation/generic_comment'] = elgg_echo('ecml:views:annotation_generic_comment');
+
+ return $value;
}
register_elgg_event_handler('init', 'system', 'ecml_init'); \ No newline at end of file
diff --git a/mod/ecml/views/default/ecml/admin/css.php b/mod/ecml/views/default/ecml/admin/css.php
new file mode 100644
index 000000000..4a9cd8e4d
--- /dev/null
+++ b/mod/ecml/views/default/ecml/admin/css.php
@@ -0,0 +1,17 @@
+.ecml_admin_table {
+ width:100%;
+}
+.ecml_admin_table td, th {
+ border: 1px solid gray;
+ text-align: center;
+ padding: 5px;
+}
+.ecml_admin_table th, .ecml_view_desc {
+ font-weight: bold;
+}
+.ecml_row_odd {
+ background-color: #EEE;
+}
+.ecml_row_even {
+
+} \ No newline at end of file
diff --git a/mod/ecml/views/default/ecml/admin/ecml_admin.php b/mod/ecml/views/default/ecml/admin/ecml_admin.php
new file mode 100644
index 000000000..b91807510
--- /dev/null
+++ b/mod/ecml/views/default/ecml/admin/ecml_admin.php
@@ -0,0 +1,80 @@
+<?php
+/**
+ * Configs granular access
+ *
+ * @package ECML
+ * @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2
+ * @author Curverider Ltd
+ * @copyright Curverider Ltd 2008-2010
+ * @link http://elgg.org/
+ */
+
+$views = $vars['config']->ecml_parse_views;
+$keywords = $vars['config']->ecml_keywords;
+$perms = $vars['config']->ecml_permissions;
+
+ksort($views);
+ksort($keywords);
+
+echo elgg_view_title(elgg_echo('ecml:admin:admin'));
+echo '<p>' . elgg_echo('ecml:admin:instruction') . '</p>';
+
+// yes I'm using a table because this is table.
+$form_body = <<<___END
+<table class="ecml_admin_table">
+ <tr>
+ <th>&nbsp</th>
+___END;
+
+foreach ($keywords as $keyword => $info) {
+ $desc = $info['description'];
+
+ $form_body .= "<th><acronym title=\"$desc\">$keyword</acronym></th>";
+}
+$form_body .= '</tr>';
+
+$odd = 'odd';
+foreach ($views as $view => $desc) {
+ $form_body .= "
+ <tr class=\"ecml_row_$odd\">
+ <td class=\"ecml_view_desc\">$desc</td>
+";
+ foreach ($keywords as $keyword => $info) {
+ $checked = (in_array($keyword, $perms[$view])) ? 'checked="checked"' : '';
+
+ // ooook. input/checkboxes isn't overly useful.
+ // do it ourself.
+ $form_body .= "<td><input type=\"checkbox\" name=\"perms[$view][]\" value=\"$keyword\" $checked /></td>";
+ }
+ $form_body .= '</tr>';
+
+ $odd = ($odd == 'odd') ? 'even' : 'odd';
+}
+
+$form_body .= '</table>';
+$form_body .= elgg_view('input/submit', array('value' => elgg_echo('submit')));
+$form_body .= elgg_view('input/reset', array('value' => elgg_echo('reset')));
+
+echo elgg_view('input/form', array(
+ 'body' => $form_body,
+ 'action' => $vars['url'] . 'action/ecml/save_permissions'
+));
+
+//foreach ($views as $view => $desc) {
+// echo elgg_view_title($desc);
+// echo '<ul>';
+// foreach ($keywords as $keyword => $info) {
+// $description = $info['description'];
+//
+// echo "<li>$keyword</li>";
+// }
+// echo '</ul>';
+//
+//echo <<<___END
+// <br />
+// </li>
+//
+//___END;
+//}
+//
+//echo '</ul>'; \ No newline at end of file
diff --git a/mod/ecml/views/default/ecml/keywords/googlemaps.php b/mod/ecml/views/default/ecml/keywords/googlemaps.php
index c75023045..4f31a4531 100644
--- a/mod/ecml/views/default/ecml/keywords/googlemaps.php
+++ b/mod/ecml/views/default/ecml/keywords/googlemaps.php
@@ -18,14 +18,8 @@ if ($src) {
$link_href = elgg_http_add_url_query_elements($src, array('source' => 'embed'));
echo "
-
<iframe width=\"$width\" height=\"$height\" frameborder=\"0\" scrolling=\"no\" marginheight=\"0\" marginwidth=\"0\" src=\"$embed_src\"></iframe>
<br />
-<small>
- <a href=\"$link_href\" style=\"color:#0000FF;text-align:left\">
- " . elgg_echo('ecml:googlemaps:view_larger_map') . "
- </a>
-</small>
-
+<small><a href=\"$link_href\" style=\"color:#0000FF;text-align:left\">" . elgg_echo('ecml:googlemaps:view_larger_map') . "</a></small>
";
} \ No newline at end of file