Added granular access for views in ECML.

Added 'usage' on keyword info.
Updated docs.


git-svn-id: http://code.elgg.org/elgg/trunk@5747 36083f99-b078-4883-b0ff-0f9b5a30f544

8 files changed, 207 insertions, 24 deletions

diff --git a/mod/ecml/README.txt b/mod/ecml/README.txt
index c72e8c0c4..f57dc1b8d 100644
--- a/mod/ecml/README.txt
+++ b/mod/ecml/README.txt
@@ -90,7 +90,13 @@ CONTENTS:
 
 	To register your own ECML keywords, reply to the 'get_keywords'
 	hook of type 'ecml' and append to the passed array with a key that is
-	your keyword name and a value that is an array of a description and view.
+	your keyword name and a value that is an array of a view, a description,
+	and usage instructions.
+
+	Optionally, the array can pass a 'restricted' => array() value of views
+	that this keyword is valid in.  This is not overrideable by the admin
+	interface and is useful for forcing security on possibly dangerous
+	keywords.
 
 	Arguments passed to the keyword are accessible to the keyword view via
 	the $vars array.  It is	the responsibility of the custom view to parse
@@ -111,7 +117,8 @@ CONTENTS:
 			function buttonizer_ecml_keywords($hook, $type, $value, $params) {
 				$value['buttonizer'] = array(
 					'view' => 'buttonizer/ecml/buttonizer',
-					'description' => 'Makes your text a button!  What could be better?'
+					'description' => 'Makes your text a button!  What could be better?',
+					'usage' => 'Use [[buttonizer text="My text"]] to make "My text" a button!'
 				);
 
 				return $value;
@@ -129,6 +136,10 @@ CONTENTS:
 
 		[[view src="buttonizer/ecml/buttonizer" text="This is my button!"]]
 
+	or even:
+
+		[[view src="input/button" value="This is my button!" type="button"]]
+
 	but is much simpler for the user.
 
 
diff --git a/mod/ecml/actions/save_permissions.php b/mod/ecml/actions/save_permissions.php
new file mode 100644
index 000000000..490a8928b
--- /dev/null
+++ b/mod/ecml/actions/save_permissions.php
@@ -0,0 +1,20 @@
+<?php
+/**
+ * Saves granular access
+ *
+ * @package ECML
+ * @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2
+ * @author Curverider Ltd
+ * @copyright Curverider Ltd 2008-2010
+ * @link http://elgg.org/
+ */
+
+$perms = get_input('perms', array());
+
+if (set_plugin_setting('ecml_permissions', serialize($perms), 'ecml')) {
+	system_message(elgg_echo('ecml:admin:permissions_saved'));
+} else {
+	register_error(elgg_echo('ecml:admin:cannot_save_permissions'));
+}
+
+forward($_SERVER['HTTP_REFERER']);
diff --git a/mod/ecml/ecml_functions.php b/mod/ecml/ecml_functions.php
index e818a8f99..58395aa7b 100644
--- a/mod/ecml/ecml_functions.php
+++ b/mod/ecml/ecml_functions.php
@@ -203,8 +203,7 @@ function ecml_is_valid_keyword($keyword, $view = NULL) {
 		return FALSE;
 	}
 
-	$views = $CONFIG->ecml_permissions['views'];
-	$contexts = $CONFIG->ecml_permissions['contexts'];
+	$views = $CONFIG->ecml_permissions;
 
 	// this is a blacklist, so return TRUE by default.
 	$r = TRUE;
diff --git a/mod/ecml/languages/en.php b/mod/ecml/languages/en.php
index d93c7236a..2d1b873ad 100644
--- a/mod/ecml/languages/en.php
+++ b/mod/ecml/languages/en.php
@@ -13,9 +13,31 @@ $english = array(
 	'ecml' => 'ECML',
 	'ecml:help' => 'ECML Help',
 
-	/**
-	 * Key words
-	 */
+
+	// views
+	'ecml:views:annotation_generic_comment' => 'Comments',
+
+	// keywords
+	'ecml:keywords:desc:entity' => 'Displays a list of any Elgg entity.',
+	'ecml:keywords:usage:entity' => '[[entity]] supports all options in elgg_get_entities()',
+
+	'ecml:keywords:desc:view' => 'Displays any Elgg view.',
+	'ecml:keywords:usage:view' => '[[view src="valid/view" arg1=value1 arg2=value2]]',
+
+	'ecml:keywords:desc:googlemaps' => 'Embed a Google Map.',
+	'ecml:keywords:usage:entity' => '[[googlemaps src="URL"]] Use the link code from Google Maps as the src.',
+
+	'ecml:keywords:desc:slideshare' => 'Embed a Slideshare slide.',
+	'ecml:keywords:usage:entity' => '[[slideshare id="slideshare_id"]] Use the Wordpress.com embed code, but make sure there are two [s and ]s surrounding it!',
+
+	'ecml:keywords:desc:vimeo' => 'Embed a Vimeo video.',
+	'ecml:keywords:usage:videmo' => '[[videmo src="URL"]] Use a standard Vimeo URL as the source.',
+
+	'ecml:keywords:desc:youtube' => 'Embed a YouTube video.',
+	'ecml:keywords:usage:entity' => '[[youtube src="URL"]] Use a standard YouTube URL as the source.',
+
+
+	// keyword help
 	'ecml:keywords_title' => 'Keywords',
 	'ecml:keywords_instructions' =>
 		'Keywords are replaced with content when viewed.  They must be surrounded by
@@ -36,6 +58,21 @@ $english = array(
 
 		<p>Ex: To show a text input with a default value:<br />
 		[[view: input/text, value=This is a default value]]</p>',
+
+	// admin
+	'ecml:admin:admin' => 'ECML Permissions',
+	'ecml:admin:instruction' =>
+
+'ECML allows users you easily embed views, entities, and 3rd party applications into their content
+on your site by using ECML keywords.  There are some ECML keywords that you may want to restrict
+in certain areas of your site.  To disable a keyword for a section of your site, check the box in the
+grid below.
+',
+
+	'ecml:admin:permissions_saved' => 'ECML permissions saved.',
+	'ecml:admin:cannot_save_permissions' => 'Cannot save ECML permissions!',
+
+
 );
 
 add_translation('en', $english);
\ No newline at end of file
diff --git a/mod/ecml/start.php b/mod/ecml/start.php
index c6a9ff38b..cad6f096f 100644
--- a/mod/ecml/start.php
+++ b/mod/ecml/start.php
@@ -32,11 +32,20 @@ function ecml_init() {
 	register_page_handler('ecml_admin', 'ecml_admin_page_handler');
 	register_elgg_event_handler('pagesetup', 'system', 'ecml_pagesetup');
 
+	// CSS for admin access
+	elgg_extend_view('css', 'ecml/admin/css');
+
+	// admin action to save permissions
+	register_action('ecml/save_permissions', FALSE, dirname(__FILE__) . '/actions/save_permissions.php', TRUE);
+
 	// show ECML-enabled icon on free-text input areas
 	elgg_extend_view('input/longtext',  'ecml/input_ext');
 	elgg_extend_view('input/plaintext', 'ecml/input_ext');
 	//elgg_extend_view('input/text', 'ecml/input_ext');
 
+	// add parsing for core views.
+	register_plugin_hook('get_views', 'ecml', 'ecml_views_hook');
+
 	// get register the views we want to parse for ecml
 	// @todo will need to do profiling to see if it would be faster
 	// to foreach through this list and register to specific views or
@@ -60,9 +69,7 @@ function ecml_init() {
 	// it's more efficient to use this as a blacklist
 	// but probably makes more sense from a UI perspective as a whitelist.
 	// uses [views][view_name] = array(keywords, not, allowed)
-	$CONFIG->ecml_permissions = array(
-		'views' => array()
-	);
+	$CONFIG->ecml_permissions = unserialize(get_plugin_setting('ecml_permissions', 'ecml'));
 }
 
 /**
@@ -92,7 +99,8 @@ function ecml_help_page_handler($page) {
  * @param array $page
  */
 function ecml_admin_page_handler($page) {
-	$content = elgg_view('ecml/admin');
+	admin_gatekeeper();
+	$content = elgg_view('ecml/admin/ecml_admin');
 	echo page_draw(elgg_echo('ecml:admin'), $content);
 }
 
@@ -122,22 +130,39 @@ function ecml_parse_view($hook, $entity_type, $return_value, $params) {
  * Register default keywords.
  *
  * @param unknown_type $hook
- * @param unknown_type $entity_type
- * @param unknown_type $return_value
+ * @param unknown_type $type
+ * @param unknown_type $value
  * @param unknown_type $params
  * @return unknown_type
  */
-function ecml_keyword_hook($hook, $entity_type, $return_value, $params) {
+function ecml_keyword_hook($hook, $type, $value, $params) {
+	// I keep going back and forth about entity and view. They're powerful, but
+	// a great way to let a site get hacked if the admin doesn't lock them down.
 	$keywords = array('entity', 'view', 'youtube', 'slideshare', 'vimeo', 'googlemaps');
 
 	foreach ($keywords as $keyword) {
-		$return_value[$keyword] = array(
+		$value[$keyword] = array(
 			'view' => "ecml/keywords/$keyword",
-			'description' => elgg_echo("ecml:keywords:$keyword")
+			'description' => elgg_echo("ecml:keywords:desc:$keyword"),
+			'usage' => elgg_echo("ecml:keywords:usage:$keyword")
 		);
 	}
 
-	return $return_value;
+	return $value;
+}
+
+/**
+ * Register default views to parse
+ *
+ * @param unknown_type $hook
+ * @param unknown_type $type
+ * @param unknown_type $value
+ * @param unknown_type $params
+ */
+function ecml_views_hook($hook, $type, $value, $params) {
+	$value['annotation/generic_comment'] = elgg_echo('ecml:views:annotation_generic_comment');
+
+	return $value;
 }
 
 register_elgg_event_handler('init', 'system', 'ecml_init');
\ No newline at end of file
diff --git a/mod/ecml/views/default/ecml/admin/css.php b/mod/ecml/views/default/ecml/admin/css.php
new file mode 100644
index 000000000..4a9cd8e4d
--- /dev/null
+++ b/mod/ecml/views/default/ecml/admin/css.php
@@ -0,0 +1,17 @@
+.ecml_admin_table {
+	width:100%;
+}
+.ecml_admin_table td, th {
+	border: 1px solid gray;
+	text-align: center;
+	padding: 5px;
+}
+.ecml_admin_table th, .ecml_view_desc {
+	font-weight: bold;
+}
+.ecml_row_odd {
+	background-color: #EEE;
+}
+.ecml_row_even {
+
+}
\ No newline at end of file
diff --git a/mod/ecml/views/default/ecml/admin/ecml_admin.php b/mod/ecml/views/default/ecml/admin/ecml_admin.php
new file mode 100644
index 000000000..b91807510
--- /dev/null
+++ b/mod/ecml/views/default/ecml/admin/ecml_admin.php
@@ -0,0 +1,80 @@
+<?php
+/**
+ * Configs granular access
+ *
+ * @package ECML
+ * @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2
+ * @author Curverider Ltd
+ * @copyright Curverider Ltd 2008-2010
+ * @link http://elgg.org/
+ */
+
+$views = $vars['config']->ecml_parse_views;
+$keywords = $vars['config']->ecml_keywords;
+$perms = $vars['config']->ecml_permissions;
+
+ksort($views);
+ksort($keywords);
+
+echo elgg_view_title(elgg_echo('ecml:admin:admin'));
+echo '<p>' . elgg_echo('ecml:admin:instruction') . '</p>';
+
+// yes I'm using a table because this is table.
+$form_body = <<<___END
+<table class="ecml_admin_table">
+	<tr>
+		<th>&nbsp</th>
+___END;
+
+foreach ($keywords as $keyword => $info) {
+	$desc = $info['description'];
+
+	$form_body .= "<th><acronym title=\"$desc\">$keyword</acronym></th>";
+}
+$form_body .= '</tr>';
+
+$odd = 'odd';
+foreach ($views as $view => $desc) {
+	$form_body .= "
+	<tr class=\"ecml_row_$odd\">
+		<td class=\"ecml_view_desc\">$desc</td>
+";
+	foreach ($keywords as $keyword => $info) {
+		$checked = (in_array($keyword, $perms[$view])) ? 'checked="checked"' : '';
+
+		// ooook. input/checkboxes isn't overly useful.
+		// do it ourself.
+		$form_body .= "<td><input type=\"checkbox\" name=\"perms[$view][]\" value=\"$keyword\" $checked /></td>";
+	}
+	$form_body .= '</tr>';
+
+	$odd = ($odd == 'odd') ? 'even' : 'odd';
+}
+
+$form_body .= '</table>';
+$form_body .= elgg_view('input/submit', array('value' => elgg_echo('submit')));
+$form_body .= elgg_view('input/reset', array('value' => elgg_echo('reset')));
+
+echo elgg_view('input/form', array(
+	'body' => $form_body,
+	'action' => $vars['url'] . 'action/ecml/save_permissions'
+));
+
+//foreach ($views as $view => $desc) {
+//	echo elgg_view_title($desc);
+//	echo '<ul>';
+//	foreach ($keywords as $keyword => $info) {
+//		$description = $info['description'];
+//
+//		echo "<li>$keyword</li>";
+//	}
+//	echo '</ul>';
+//
+//echo <<<___END
+//	<br />
+//	</li>
+//
+//___END;
+//}
+//
+//echo '</ul>';
\ No newline at end of file
diff --git a/mod/ecml/views/default/ecml/keywords/googlemaps.php b/mod/ecml/views/default/ecml/keywords/googlemaps.php
index c75023045..4f31a4531 100644
--- a/mod/ecml/views/default/ecml/keywords/googlemaps.php
+++ b/mod/ecml/views/default/ecml/keywords/googlemaps.php
@@ -18,14 +18,8 @@ if ($src) {
 	$link_href = elgg_http_add_url_query_elements($src, array('source' => 'embed'));
 
 	echo "
-
 <iframe width=\"$width\" height=\"$height\" frameborder=\"0\" scrolling=\"no\" marginheight=\"0\" marginwidth=\"0\" src=\"$embed_src\"></iframe>
 <br />
-<small>
-	<a href=\"$link_href\" style=\"color:#0000FF;text-align:left\">
-		" . elgg_echo('ecml:googlemaps:view_larger_map') . "
-	</a>
-</small>
-
+<small><a href=\"$link_href\" style=\"color:#0000FF;text-align:left\">" . elgg_echo('ecml:googlemaps:view_larger_map') . "</a></small>
 ";
 }
\ No newline at end of file