diff options
author | brettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544> | 2010-04-15 17:07:13 +0000 |
---|---|---|
committer | brettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544> | 2010-04-15 17:07:13 +0000 |
commit | 18d00e176826a353503f889bb8ea157e5228304b (patch) | |
tree | 2627deb9fbf4f67d542100445953bed181e6fa00 | |
parent | 08b4a8007503f580ebe85527124b452de5832dd3 (diff) | |
download | elgg-18d00e176826a353503f889bb8ea157e5228304b.tar.gz elgg-18d00e176826a353503f889bb8ea157e5228304b.tar.bz2 |
Added granular access for views in ECML.
Added 'usage' on keyword info.
Updated docs.
git-svn-id: http://code.elgg.org/elgg/trunk@5747 36083f99-b078-4883-b0ff-0f9b5a30f544
-rw-r--r-- | mod/ecml/README.txt | 15 | ||||
-rw-r--r-- | mod/ecml/actions/save_permissions.php | 20 | ||||
-rw-r--r-- | mod/ecml/ecml_functions.php | 3 | ||||
-rw-r--r-- | mod/ecml/languages/en.php | 43 | ||||
-rw-r--r-- | mod/ecml/start.php | 45 | ||||
-rw-r--r-- | mod/ecml/views/default/ecml/admin/css.php | 17 | ||||
-rw-r--r-- | mod/ecml/views/default/ecml/admin/ecml_admin.php | 80 | ||||
-rw-r--r-- | mod/ecml/views/default/ecml/keywords/googlemaps.php | 8 |
8 files changed, 207 insertions, 24 deletions
diff --git a/mod/ecml/README.txt b/mod/ecml/README.txt index c72e8c0c4..f57dc1b8d 100644 --- a/mod/ecml/README.txt +++ b/mod/ecml/README.txt @@ -90,7 +90,13 @@ CONTENTS: To register your own ECML keywords, reply to the 'get_keywords' hook of type 'ecml' and append to the passed array with a key that is - your keyword name and a value that is an array of a description and view. + your keyword name and a value that is an array of a view, a description, + and usage instructions. + + Optionally, the array can pass a 'restricted' => array() value of views + that this keyword is valid in. This is not overrideable by the admin + interface and is useful for forcing security on possibly dangerous + keywords. Arguments passed to the keyword are accessible to the keyword view via the $vars array. It is the responsibility of the custom view to parse @@ -111,7 +117,8 @@ CONTENTS: function buttonizer_ecml_keywords($hook, $type, $value, $params) { $value['buttonizer'] = array( 'view' => 'buttonizer/ecml/buttonizer', - 'description' => 'Makes your text a button! What could be better?' + 'description' => 'Makes your text a button! What could be better?', + 'usage' => 'Use [[buttonizer text="My text"]] to make "My text" a button!' ); return $value; @@ -129,6 +136,10 @@ CONTENTS: [[view src="buttonizer/ecml/buttonizer" text="This is my button!"]] + or even: + + [[view src="input/button" value="This is my button!" type="button"]] + but is much simpler for the user. diff --git a/mod/ecml/actions/save_permissions.php b/mod/ecml/actions/save_permissions.php new file mode 100644 index 000000000..490a8928b --- /dev/null +++ b/mod/ecml/actions/save_permissions.php @@ -0,0 +1,20 @@ +<?php +/** + * Saves granular access + * + * @package ECML + * @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2 + * @author Curverider Ltd + * @copyright Curverider Ltd 2008-2010 + * @link http://elgg.org/ + */ + +$perms = get_input('perms', array()); + +if (set_plugin_setting('ecml_permissions', serialize($perms), 'ecml')) { + system_message(elgg_echo('ecml:admin:permissions_saved')); +} else { + register_error(elgg_echo('ecml:admin:cannot_save_permissions')); +} + +forward($_SERVER['HTTP_REFERER']); diff --git a/mod/ecml/ecml_functions.php b/mod/ecml/ecml_functions.php index e818a8f99..58395aa7b 100644 --- a/mod/ecml/ecml_functions.php +++ b/mod/ecml/ecml_functions.php @@ -203,8 +203,7 @@ function ecml_is_valid_keyword($keyword, $view = NULL) { return FALSE; } - $views = $CONFIG->ecml_permissions['views']; - $contexts = $CONFIG->ecml_permissions['contexts']; + $views = $CONFIG->ecml_permissions; // this is a blacklist, so return TRUE by default. $r = TRUE; diff --git a/mod/ecml/languages/en.php b/mod/ecml/languages/en.php index d93c7236a..2d1b873ad 100644 --- a/mod/ecml/languages/en.php +++ b/mod/ecml/languages/en.php @@ -13,9 +13,31 @@ $english = array( 'ecml' => 'ECML', 'ecml:help' => 'ECML Help', - /** - * Key words - */ + + // views + 'ecml:views:annotation_generic_comment' => 'Comments', + + // keywords + 'ecml:keywords:desc:entity' => 'Displays a list of any Elgg entity.', + 'ecml:keywords:usage:entity' => '[[entity]] supports all options in elgg_get_entities()', + + 'ecml:keywords:desc:view' => 'Displays any Elgg view.', + 'ecml:keywords:usage:view' => '[[view src="valid/view" arg1=value1 arg2=value2]]', + + 'ecml:keywords:desc:googlemaps' => 'Embed a Google Map.', + 'ecml:keywords:usage:entity' => '[[googlemaps src="URL"]] Use the link code from Google Maps as the src.', + + 'ecml:keywords:desc:slideshare' => 'Embed a Slideshare slide.', + 'ecml:keywords:usage:entity' => '[[slideshare id="slideshare_id"]] Use the Wordpress.com embed code, but make sure there are two [s and ]s surrounding it!', + + 'ecml:keywords:desc:vimeo' => 'Embed a Vimeo video.', + 'ecml:keywords:usage:videmo' => '[[videmo src="URL"]] Use a standard Vimeo URL as the source.', + + 'ecml:keywords:desc:youtube' => 'Embed a YouTube video.', + 'ecml:keywords:usage:entity' => '[[youtube src="URL"]] Use a standard YouTube URL as the source.', + + + // keyword help 'ecml:keywords_title' => 'Keywords', 'ecml:keywords_instructions' => 'Keywords are replaced with content when viewed. They must be surrounded by @@ -36,6 +58,21 @@ $english = array( <p>Ex: To show a text input with a default value:<br /> [[view: input/text, value=This is a default value]]</p>', + + // admin + 'ecml:admin:admin' => 'ECML Permissions', + 'ecml:admin:instruction' => + +'ECML allows users you easily embed views, entities, and 3rd party applications into their content +on your site by using ECML keywords. There are some ECML keywords that you may want to restrict +in certain areas of your site. To disable a keyword for a section of your site, check the box in the +grid below. +', + + 'ecml:admin:permissions_saved' => 'ECML permissions saved.', + 'ecml:admin:cannot_save_permissions' => 'Cannot save ECML permissions!', + + ); add_translation('en', $english);
\ No newline at end of file diff --git a/mod/ecml/start.php b/mod/ecml/start.php index c6a9ff38b..cad6f096f 100644 --- a/mod/ecml/start.php +++ b/mod/ecml/start.php @@ -32,11 +32,20 @@ function ecml_init() { register_page_handler('ecml_admin', 'ecml_admin_page_handler'); register_elgg_event_handler('pagesetup', 'system', 'ecml_pagesetup'); + // CSS for admin access + elgg_extend_view('css', 'ecml/admin/css'); + + // admin action to save permissions + register_action('ecml/save_permissions', FALSE, dirname(__FILE__) . '/actions/save_permissions.php', TRUE); + // show ECML-enabled icon on free-text input areas elgg_extend_view('input/longtext', 'ecml/input_ext'); elgg_extend_view('input/plaintext', 'ecml/input_ext'); //elgg_extend_view('input/text', 'ecml/input_ext'); + // add parsing for core views. + register_plugin_hook('get_views', 'ecml', 'ecml_views_hook'); + // get register the views we want to parse for ecml // @todo will need to do profiling to see if it would be faster // to foreach through this list and register to specific views or @@ -60,9 +69,7 @@ function ecml_init() { // it's more efficient to use this as a blacklist // but probably makes more sense from a UI perspective as a whitelist. // uses [views][view_name] = array(keywords, not, allowed) - $CONFIG->ecml_permissions = array( - 'views' => array() - ); + $CONFIG->ecml_permissions = unserialize(get_plugin_setting('ecml_permissions', 'ecml')); } /** @@ -92,7 +99,8 @@ function ecml_help_page_handler($page) { * @param array $page */ function ecml_admin_page_handler($page) { - $content = elgg_view('ecml/admin'); + admin_gatekeeper(); + $content = elgg_view('ecml/admin/ecml_admin'); echo page_draw(elgg_echo('ecml:admin'), $content); } @@ -122,22 +130,39 @@ function ecml_parse_view($hook, $entity_type, $return_value, $params) { * Register default keywords. * * @param unknown_type $hook - * @param unknown_type $entity_type - * @param unknown_type $return_value + * @param unknown_type $type + * @param unknown_type $value * @param unknown_type $params * @return unknown_type */ -function ecml_keyword_hook($hook, $entity_type, $return_value, $params) { +function ecml_keyword_hook($hook, $type, $value, $params) { + // I keep going back and forth about entity and view. They're powerful, but + // a great way to let a site get hacked if the admin doesn't lock them down. $keywords = array('entity', 'view', 'youtube', 'slideshare', 'vimeo', 'googlemaps'); foreach ($keywords as $keyword) { - $return_value[$keyword] = array( + $value[$keyword] = array( 'view' => "ecml/keywords/$keyword", - 'description' => elgg_echo("ecml:keywords:$keyword") + 'description' => elgg_echo("ecml:keywords:desc:$keyword"), + 'usage' => elgg_echo("ecml:keywords:usage:$keyword") ); } - return $return_value; + return $value; +} + +/** + * Register default views to parse + * + * @param unknown_type $hook + * @param unknown_type $type + * @param unknown_type $value + * @param unknown_type $params + */ +function ecml_views_hook($hook, $type, $value, $params) { + $value['annotation/generic_comment'] = elgg_echo('ecml:views:annotation_generic_comment'); + + return $value; } register_elgg_event_handler('init', 'system', 'ecml_init');
\ No newline at end of file diff --git a/mod/ecml/views/default/ecml/admin/css.php b/mod/ecml/views/default/ecml/admin/css.php new file mode 100644 index 000000000..4a9cd8e4d --- /dev/null +++ b/mod/ecml/views/default/ecml/admin/css.php @@ -0,0 +1,17 @@ +.ecml_admin_table { + width:100%; +} +.ecml_admin_table td, th { + border: 1px solid gray; + text-align: center; + padding: 5px; +} +.ecml_admin_table th, .ecml_view_desc { + font-weight: bold; +} +.ecml_row_odd { + background-color: #EEE; +} +.ecml_row_even { + +}
\ No newline at end of file diff --git a/mod/ecml/views/default/ecml/admin/ecml_admin.php b/mod/ecml/views/default/ecml/admin/ecml_admin.php new file mode 100644 index 000000000..b91807510 --- /dev/null +++ b/mod/ecml/views/default/ecml/admin/ecml_admin.php @@ -0,0 +1,80 @@ +<?php +/** + * Configs granular access + * + * @package ECML + * @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2 + * @author Curverider Ltd + * @copyright Curverider Ltd 2008-2010 + * @link http://elgg.org/ + */ + +$views = $vars['config']->ecml_parse_views; +$keywords = $vars['config']->ecml_keywords; +$perms = $vars['config']->ecml_permissions; + +ksort($views); +ksort($keywords); + +echo elgg_view_title(elgg_echo('ecml:admin:admin')); +echo '<p>' . elgg_echo('ecml:admin:instruction') . '</p>'; + +// yes I'm using a table because this is table. +$form_body = <<<___END +<table class="ecml_admin_table"> + <tr> + <th> </th> +___END; + +foreach ($keywords as $keyword => $info) { + $desc = $info['description']; + + $form_body .= "<th><acronym title=\"$desc\">$keyword</acronym></th>"; +} +$form_body .= '</tr>'; + +$odd = 'odd'; +foreach ($views as $view => $desc) { + $form_body .= " + <tr class=\"ecml_row_$odd\"> + <td class=\"ecml_view_desc\">$desc</td> +"; + foreach ($keywords as $keyword => $info) { + $checked = (in_array($keyword, $perms[$view])) ? 'checked="checked"' : ''; + + // ooook. input/checkboxes isn't overly useful. + // do it ourself. + $form_body .= "<td><input type=\"checkbox\" name=\"perms[$view][]\" value=\"$keyword\" $checked /></td>"; + } + $form_body .= '</tr>'; + + $odd = ($odd == 'odd') ? 'even' : 'odd'; +} + +$form_body .= '</table>'; +$form_body .= elgg_view('input/submit', array('value' => elgg_echo('submit'))); +$form_body .= elgg_view('input/reset', array('value' => elgg_echo('reset'))); + +echo elgg_view('input/form', array( + 'body' => $form_body, + 'action' => $vars['url'] . 'action/ecml/save_permissions' +)); + +//foreach ($views as $view => $desc) { +// echo elgg_view_title($desc); +// echo '<ul>'; +// foreach ($keywords as $keyword => $info) { +// $description = $info['description']; +// +// echo "<li>$keyword</li>"; +// } +// echo '</ul>'; +// +//echo <<<___END +// <br /> +// </li> +// +//___END; +//} +// +//echo '</ul>';
\ No newline at end of file diff --git a/mod/ecml/views/default/ecml/keywords/googlemaps.php b/mod/ecml/views/default/ecml/keywords/googlemaps.php index c75023045..4f31a4531 100644 --- a/mod/ecml/views/default/ecml/keywords/googlemaps.php +++ b/mod/ecml/views/default/ecml/keywords/googlemaps.php @@ -18,14 +18,8 @@ if ($src) { $link_href = elgg_http_add_url_query_elements($src, array('source' => 'embed')); echo " - <iframe width=\"$width\" height=\"$height\" frameborder=\"0\" scrolling=\"no\" marginheight=\"0\" marginwidth=\"0\" src=\"$embed_src\"></iframe> <br /> -<small> - <a href=\"$link_href\" style=\"color:#0000FF;text-align:left\"> - " . elgg_echo('ecml:googlemaps:view_larger_map') . " - </a> -</small> - +<small><a href=\"$link_href\" style=\"color:#0000FF;text-align:left\">" . elgg_echo('ecml:googlemaps:view_larger_map') . "</a></small> "; }
\ No newline at end of file |