diff options
Diffstat (limited to 'vendors/dokuwiki/lib/plugins/acl/admin.php')
| -rw-r--r-- | vendors/dokuwiki/lib/plugins/acl/admin.php | 809 |
1 files changed, 0 insertions, 809 deletions
diff --git a/vendors/dokuwiki/lib/plugins/acl/admin.php b/vendors/dokuwiki/lib/plugins/acl/admin.php deleted file mode 100644 index 34149ea05..000000000 --- a/vendors/dokuwiki/lib/plugins/acl/admin.php +++ /dev/null @@ -1,809 +0,0 @@ -<?php -/** - * ACL administration functions - * - * @license GPL 2 (http://www.gnu.org/licenses/gpl.html) - * @author Andreas Gohr <andi@splitbrain.org> - * @author Anika Henke <anika@selfthinker.org> (concepts) - * @author Frank Schubert <frank@schokilade.de> (old version) - */ -// must be run within Dokuwiki -if(!defined('DOKU_INC')) die(); - -if(!defined('DOKU_PLUGIN')) define('DOKU_PLUGIN',DOKU_INC.'lib/plugins/'); -require_once(DOKU_PLUGIN.'admin.php'); - -/** - * All DokuWiki plugins to extend the admin function - * need to inherit from this class - */ -class admin_plugin_acl extends DokuWiki_Admin_Plugin { - var $acl = null; - var $ns = null; - var $who = ''; - var $usersgroups = array(); - var $specials = array(); - - /** - * return some info - */ - function getInfo(){ - return array( - 'author' => 'Andreas Gohr', - 'email' => 'andi@splitbrain.org', - 'date' => '2010-01-17', - 'name' => 'ACL Manager', - 'desc' => 'Manage Page Access Control Lists', - 'url' => 'http://dokuwiki.org/plugin:acl', - ); - } - - /** - * return prompt for admin menu - */ - function getMenuText($language) { - return $this->getLang('admin_acl'); - } - - /** - * return sort order for position in admin menu - */ - function getMenuSort() { - return 1; - } - - /** - * handle user request - * - * Initializes internal vars and handles modifications - * - * @author Andreas Gohr <andi@splitbrain.org> - */ - function handle() { - global $AUTH_ACL; - global $ID; - global $auth; - // fresh 1:1 copy without replacements - $AUTH_ACL = $this->load_acl_config(false); - // namespace given? - if($_REQUEST['ns'] == '*'){ - $this->ns = '*'; - }else{ - $this->ns = cleanID($_REQUEST['ns']); - } - - // user or group choosen? - $who = trim($_REQUEST['acl_w']); - if($_REQUEST['acl_t'] == '__g__' && $who){ - $this->who = '@'.ltrim($auth->cleanGroup($who),'@'); - }elseif($_REQUEST['acl_t'] == '__u__' && $who){ - $this->who = ltrim($auth->cleanUser($who),'@'); - }elseif($_REQUEST['acl_t'] && - $_REQUEST['acl_t'] != '__u__' && - $_REQUEST['acl_t'] != '__g__'){ - $this->who = $_REQUEST['acl_t']; - }elseif($who){ - $this->who = $who; - } - - // handle modifications - if(isset($_REQUEST['cmd']) && checkSecurityToken()){ - - //error_log("dokuwiki:acl:cms!!!"); - // scope for modifications - if($this->ns){ - if($this->ns == '*'){ - $scope = '*'; - }else{ - $scope = $this->ns.':*'; - } - }else{ - $scope = $ID; - } - - if(isset($_REQUEST['cmd']['save']) && $scope && $this->who && isset($_REQUEST['acl'])){ - //error_log("dokuwiki:acl:save!!!"); - // handle additions or single modifications - $this->_acl_del($scope, $this->who); - $this->_acl_add($scope, $this->who, (int) $_REQUEST['acl']); - }elseif(isset($_REQUEST['cmd']['del']) && $scope && $this->who){ - //error_log("dokuwiki:acl:delete!!!"); - // handle single deletions - $this->_acl_del($scope, $this->who); - }elseif(isset($_REQUEST['cmd']['update'])){ - //error_log("dokuwiki:acl:update!!!"); - // handle update of the whole file - foreach((array) $_REQUEST['del'] as $where => $names){ - // remove all rules marked for deletion - foreach($names as $who) { - unset($_REQUEST['acl'][$where][$who]); - //error_log("dokuwiki:acl:where_who:".$where.":".$who); - } - } - // prepare lines - $lines = array(); - // keep header - foreach($AUTH_ACL as $line){ - if($line{0} == '#'){ - $lines[] = $line."\n"; - }else{ - $lines[] = $line."\n"; - } - } - // re-add all rules - foreach((array) $_REQUEST['acl'] as $where => $opt){ - foreach($opt as $who => $perm){ - //error_log("dokuwiki:acl:where_acl:".$where.":".$who); - $who = auth_nameencode($who,true); - $lines[] = "$where\t$who\t$perm\n"; - } - } - // save it - $AUTH_ACL = $this->save_acl_config(join('',$lines)); - - } - - $AUTH_ACL = $this->load_acl_config(false); - } - - // initialize ACL array - $this->_init_acl_config(); - } - - /** - * ACL Output function - * - * print a table with all significant permissions for the - * current id - * - * @author Frank Schubert <frank@schokilade.de> - * @author Andreas Gohr <andi@splitbrain.org> - */ - function html() { - global $ID; - - echo '<div id="acl_manager">'.NL; - echo '<h1>'.$this->getLang('admin_acl').'</h1>'.NL; - echo '<div class="level1">'.NL; - - echo '<div id="acl__tree">'.NL; - $this->_html_explorer($_REQUEST['ns']); - echo '</div>'.NL; - - echo '<div id="acl__detail">'.NL; - $this->_html_detail(); - echo '</div>'.NL; - echo '</div>'.NL; - - echo '<div class="clearer"></div>'; - echo '<h2>'.$this->getLang('current').'</h2>'.NL; - echo '<div class="level2">'.NL; - $this->_html_table(); - echo '</div>'.NL; - - echo '<div class="footnotes"><div class="fn">'.NL; - echo '<sup><a id="fn__1" class="fn_bot" name="fn__1" href="#fnt__1">1)</a></sup>'.NL; - echo $this->getLang('p_include'); - echo '</div></div>'; - - echo '</div>'.NL; - } - - /** - * returns array with set options for building links - * - * @author Andreas Gohr <andi@splitbrain.org> - */ - function _get_opts($addopts=null){ - global $ID; - $opts = array( - 'do'=>'admin', - 'dokupage'=>'acl', - ); - if($this->ns) $opts['ns'] = $this->ns; - if($this->who) $opts['acl_w'] = $this->who; - - if(is_null($addopts)) return $opts; - return array_merge($opts, $addopts); - } - - /** - * Display a tree menu to select a page or namespace - * - * @author Andreas Gohr <andi@splitbrain.org> - */ - function _html_explorer(){ - require_once(DOKU_INC.'inc/search.php'); - global $conf; - global $ID; - global $lang; - - $dir = $conf['datadir']; - $ns = $this->ns; - if(empty($ns)){ - $ns = dirname(str_replace(':','/',$ID)); - if($ns == '.') $ns =''; - }elseif($ns == '*'){ - $ns =''; - } - $ns = utf8_encodeFN(str_replace(':','/',$ns)); - - $data = $this->_get_tree($ns); - - // wrap a list with the root level around the other namespaces - $item = array( 'level' => 0, 'id' => '*', 'type' => 'd', - 'open' =>'true', 'label' => '['.$lang['mediaroot'].']'); - - echo '<ul class="acltree">'; - echo $this->_html_li_acl($item); - echo '<div class="li">'; - echo $this->_html_list_acl($item); - echo '</div>'; - echo html_buildlist($data,'acl', - array($this,'_html_list_acl'), - array($this,'_html_li_acl')); - echo '</li>'; - echo '</ul>'; - - } - - /** - * get a combined list of media and page files - * - * @param string $folder an already converted filesystem folder of the current namespace - * @param string $limit limit the search to this folder - */ - function _get_tree($folder,$limit=''){ - global $conf; - - // read tree structure from pages and media - $data = array(); - search($data,$conf['datadir'],'search_index',array('ns' => $folder),$limit); - $media = array(); - search($media,$conf['mediadir'],'search_index',array('ns' => $folder, 'nofiles' => true),$limit); - $data = array_merge($data,$media); - unset($media); - - // combine by sorting and removing duplicates - usort($data,array($this,'_tree_sort')); - $count = count($data); - if($count>0) for($i=1; $i<$count; $i++){ - if($data[$i]['type'] == 'f') break; // namespaces come first, we're done - if($data[$i-1]['id'] == $data[$i]['id']) unset($data[$i]); - } - return $data; - } - - /** - * usort callback - * - * Sorts the combined trees of media and page files - */ - function _tree_sort($a,$b){ - if($a['type'] == 'd' && $b['type'] == 'f'){ - return -1; - }elseif($a['type'] == 'f' && $b['type'] == 'd'){ - return 1; - }else{ - return strcmp($a['id'],$b['id']); - } - } - - /** - * Display the current ACL for selected where/who combination with - * selectors and modification form - * - * @author Andreas Gohr <andi@splitbrain.org> - */ - function _html_detail(){ - global $conf; - global $ID; - - echo '<form action="'.wl().'" method="post" accept-charset="utf-8"><div class="no">'.NL; - - echo '<div id="acl__user">'; - echo $this->getLang('acl_perms').' '; - $inl = $this->_html_select(); - echo '<input type="text" name="acl_w" class="edit" value="'.(($inl)?'':hsc(ltrim($this->who,'@'))).'" />'.NL; - echo '<input type="submit" value="'.$this->getLang('btn_select').'" class="button" />'.NL; - echo '</div>'.NL; - - echo '<div id="acl__info">'; - $this->_html_info(); - echo '</div>'; - - echo '<input type="hidden" name="ns" value="'.hsc($this->ns).'" />'.NL; - echo '<input type="hidden" name="id" value="'.hsc($ID).'" />'.NL; - echo '<input type="hidden" name="do" value="admin" />'.NL; - echo '<input type="hidden" name="dokupage" value="acl" />'.NL; - echo '<input type="hidden" name="sectok" value="'.getSecurityToken().'" />'.NL; - echo '</div></form>'.NL; - } - - /** - * Print infos and editor - */ - function _html_info(){ - global $ID; - - if($this->who){ - $current = $this->_get_exact_perm(); - - // explain current permissions - $this->_html_explain($current); - // load editor - $this->_html_acleditor($current); - }else{ - echo '<p>'; - if($this->ns){ - printf($this->getLang('p_choose_ns'),hsc($this->ns)); - }else{ - printf($this->getLang('p_choose_id'),hsc($ID)); - } - echo '</p>'; - - echo $this->locale_xhtml('help'); - } - } - - /** - * Display the ACL editor - * - * @author Andreas Gohr <andi@splitbrain.org> - */ - function _html_acleditor($current){ - global $lang; - - echo '<fieldset>'; - if(is_null($current)){ - echo '<legend>'.$this->getLang('acl_new').'</legend>'; - }else{ - echo '<legend>'.$this->getLang('acl_mod').'</legend>'; - } - - - echo $this->_html_checkboxes($current,empty($this->ns),'acl'); - - if(is_null($current)){ - echo '<input type="submit" name="cmd[save]" class="button" value="'.$lang['btn_save'].'" />'.NL; - }else{ - echo '<input type="submit" name="cmd[save]" class="button" value="'.$lang['btn_update'].'" />'.NL; - echo '<input type="submit" name="cmd[del]" class="button" value="'.$lang['btn_delete'].'" />'.NL; - } - - echo '</fieldset>'; - } - - /** - * Explain the currently set permissions in plain english/$lang - * - * @author Andreas Gohr <andi@splitbrain.org> - */ - function _html_explain($current){ - global $ID; - global $auth; - - $who = $this->who; - $ns = $this->ns; - - // prepare where to check - if($ns){ - if($ns == '*'){ - $check='*'; - }else{ - $check=$ns.':*'; - } - }else{ - $check = $ID; - } - - // prepare who to check - if($who{0} == '@'){ - $user = ''; - $groups = array(ltrim($who,'@')); - }else{ - $user = auth_nameencode($who); - $info = $auth->getUserData($user); - if($info === false){ - $groups = array(); - }else{ - $groups = $info['grps']; - } - } - - // check the permissions - $perm = auth_aclcheck($check,$user,$groups); - - // build array of named permissions - $names = array(); - if($perm){ - if($ns){ - if($perm >= AUTH_DELETE) $names[] = $this->getLang('acl_perm16'); - if($perm >= AUTH_UPLOAD) $names[] = $this->getLang('acl_perm8'); - if($perm >= AUTH_CREATE) $names[] = $this->getLang('acl_perm4'); - } - if($perm >= AUTH_EDIT) $names[] = $this->getLang('acl_perm2'); - if($perm >= AUTH_READ) $names[] = $this->getLang('acl_perm1'); - $names = array_reverse($names); - }else{ - $names[] = $this->getLang('acl_perm0'); - } - - // print permission explanation - echo '<p>'; - if($user){ - if($ns){ - printf($this->getLang('p_user_ns'),hsc($who),hsc($ns),join(', ',$names)); - }else{ - printf($this->getLang('p_user_id'),hsc($who),hsc($ID),join(', ',$names)); - } - }else{ - if($ns){ - printf($this->getLang('p_group_ns'),hsc(ltrim($who,'@')),hsc($ns),join(', ',$names)); - }else{ - printf($this->getLang('p_group_id'),hsc(ltrim($who,'@')),hsc($ID),join(', ',$names)); - } - } - echo '</p>'; - - // add note if admin - if($perm == AUTH_ADMIN){ - echo '<p>'.$this->getLang('p_isadmin').'</p>'; - }elseif(is_null($current)){ - echo '<p>'.$this->getLang('p_inherited').'</p>'; - } - } - - - /** - * Item formatter for the tree view - * - * User function for html_buildlist() - * - * @author Andreas Gohr <andi@splitbrain.org> - */ - function _html_list_acl($item){ - global $ID; - $ret = ''; - // what to display - if($item['label']){ - $base = $item['label']; - }else{ - $base = ':'.$item['id']; - $base = substr($base,strrpos($base,':')+1); - } - - // highlight? - if( ($item['type']=='d' && $item['id'] == $this->ns) || - ($item['type']!='d' && $item['id'] == $ID)) $cl = ' cur'; - - // namespace or page? - if($item['type']=='d'){ - if($item['open']){ - $img = DOKU_BASE.'lib/images/minus.gif'; - $alt = '−'; - }else{ - $img = DOKU_BASE.'lib/images/plus.gif'; - $alt = '+'; - } - $ret .= '<img src="'.$img.'" alt="'.$alt.'" />'; - $ret .= '<a href="'.wl('',$this->_get_opts(array('ns'=>$item['id'],'sectok'=>getSecurityToken()))).'" class="idx_dir'.$cl.'">'; - $ret .= $base; - $ret .= '</a>'; - }else{ - $ret .= '<a href="'.wl('',$this->_get_opts(array('id'=>$item['id'],'ns'=>'','sectok'=>getSecurityToken()))).'" class="wikilink1'.$cl.'">'; - $ret .= noNS($item['id']); - $ret .= '</a>'; - } - return $ret; - } - - - function _html_li_acl($item){ - return '<li class="level'.$item['level'].'">'; - } - - - /** - * Get current ACL settings as multidim array - * - * @author Andreas Gohr <andi@splitbrain.org> - */ - function _init_acl_config(){ - global $AUTH_ACL; - global $conf; - $acl_config=array(); - $usersgroups = array(); - - // get special users and groups - $this->specials[] = '@ALL'; - $this->specials[] = '@'.$conf['defaultgroup']; - if($conf['manager'] != '!!not set!!'){ - $this->specials = array_merge($this->specials, - array_map('trim', - explode(',',$conf['manager']))); - } - $this->specials = array_filter($this->specials); - $this->specials = array_unique($this->specials); - sort($this->specials); - - foreach($AUTH_ACL as $line){ - $line = trim(preg_replace('/#.*$/','',$line)); //ignore comments - if(!$line) continue; - - $acl = preg_split('/\s+/',$line); - //0 is pagename, 1 is user, 2 is acl - - $acl[1] = rawurldecode($acl[1]); - $acl_config[$acl[0]][$acl[1]] = $acl[2]; - - // store non-special users and groups for later selection dialog - $ug = $acl[1]; - if(in_array($ug,$this->specials)) continue; - $usersgroups[] = $ug; - } - - $usersgroups = array_unique($usersgroups); - sort($usersgroups); - ksort($acl_config); - - $this->acl = $acl_config; - $this->usersgroups = $usersgroups; - } - - /** - * Display all currently set permissions in a table - * - * @author Andreas Gohr <andi@splitbrain.org> - */ - function _html_table(){ - global $lang; - global $ID; - - echo '<form action="'.wl().'" method="post" accept-charset="utf-8"><div class="no">'.NL; - if($this->ns){ - echo '<input type="hidden" name="ns" value="'.hsc($this->ns).'" />'.NL; - }else{ - echo '<input type="hidden" name="id" value="'.hsc($ID).'" />'.NL; - } - echo '<input type="hidden" name="acl_w" value="'.hsc($this->who).'" />'.NL; - echo '<input type="hidden" name="do" value="admin" />'.NL; - echo '<input type="hidden" name="dokupage" value="acl" />'.NL; - echo '<input type="hidden" name="sectok" value="'.getSecurityToken().'" />'.NL; - echo '<table class="inline">'; - echo '<tr>'; - echo '<th>'.$this->getLang('where').'</th>'; - echo '<th>'.$this->getLang('who').'</th>'; - echo '<th>'.$this->getLang('perm').'<sup><a id="fnt__1" class="fn_top" name="fnt__1" href="#fn__1">1)</a></sup></th>'; - echo '<th>'.$lang['btn_delete'].'</th>'; - echo '</tr>'; - foreach($this->acl as $where => $set){ - foreach($set as $who => $perm){ - echo '<tr>'; - echo '<td>'; - if(substr($where,-1) == '*'){ - echo '<span class="aclns">'.hsc($where).'</span>'; - $ispage = false; - }else{ - echo '<span class="aclpage">'.hsc($where).'</span>'; - $ispage = true; - } - echo '</td>'; - - echo '<td>'; - if($who{0} == '@'){ - echo '<span class="aclgroup">'.hsc($who).'</span>'; - }else{ - echo '<span class="acluser">'.hsc($who).'</span>'; - } - echo '</td>'; - - echo '<td>'; - echo $this->_html_checkboxes($perm,$ispage,'acl['.$where.']['.$who.']'); - echo '</td>'; - - echo '<td align="center">'; - echo '<input type="checkbox" name="del['.hsc($where).'][]" value="'.hsc($who).'" />'; - echo '</td>'; - echo '</tr>'; - } - } - - echo '<tr>'; - echo '<th align="right" colspan="4">'; - echo '<input type="submit" value="'.$lang['btn_update'].'" name="cmd[update]" class="button" />'; - echo '</th>'; - echo '</tr>'; - echo '</table>'; - echo '</div></form>'.NL; - } - - - /** - * Returns the permission which were set for exactly the given user/group - * and page/namespace. Returns null if no exact match is available - * - * @author Andreas Gohr <andi@splitbrain.org> - */ - function _get_exact_perm(){ - global $ID; - if($this->ns){ - if($this->ns == '*'){ - $check = '*'; - }else{ - $check = $this->ns.':*'; - } - }else{ - $check = $ID; - } - - if(isset($this->acl[$check][$this->who])){ - return $this->acl[$check][$this->who]; - }else{ - return null; - } - } - - function load_acl_config($full) { - global $auth; - if($auth->cando['getACL']) { - $acl = $auth->getACL(); - } else { - $acl = file(DOKU_CONF.'acl.auth.php'); - } - if ($full) return join("\n", $acl)."\n"; - return $acl; - } - function save_acl_config($newconfig) { - global $auth; - if($auth->cando['getACL']) { - $auth->setACL($newconfig); - return true; - } else { - return io_saveFile(DOKU_CONF.'acl.auth.php', $newconfig); - } - - } - - /** - * adds new acl-entry to conf/acl.auth.php - * - * @author Frank Schubert <frank@schokilade.de> - */ - function _acl_add($acl_scope, $acl_user, $acl_level){ - $acl_config = $this->load_acl_config(true); - $acl_user = auth_nameencode($acl_user,true); - - // max level for pagenames is edit - if(strpos($acl_scope,'*') === false) { - if($acl_level > AUTH_EDIT) $acl_level = AUTH_EDIT; - } - - - $new_acl = "$acl_scope\t$acl_user\t$acl_level\n"; - - $new_config = $acl_config.$new_acl; - return $this->save_acl_config($new_config); - } - - /** - * remove acl-entry from conf/acl.auth.php - * - * @author Frank Schubert <frank@schokilade.de> - */ - function _acl_del($acl_scope, $acl_user){ - $acl_config = $this->load_acl_config(false); - $acl_user = auth_nameencode($acl_user,true); - - $acl_pattern = '^'.preg_quote($acl_scope,'/').'\s+'.$acl_user.'\s+[0-8].*$'; - - // save all non!-matching - $new_config = preg_grep("/$acl_pattern/", $acl_config, PREG_GREP_INVERT); - - return $this->save_acl_config(join("\n",$new_config)."\n"); - } - - /** - * print the permission radio boxes - * - * @author Frank Schubert <frank@schokilade.de> - * @author Andreas Gohr <andi@splitbrain.org> - */ - function _html_checkboxes($setperm,$ispage,$name){ - global $lang; - - static $label = 0; //number labels - $ret = ''; - - if($ispage && $setperm > AUTH_EDIT) $perm = AUTH_EDIT; - - foreach(array(AUTH_NONE,AUTH_READ,AUTH_EDIT,AUTH_CREATE,AUTH_UPLOAD,AUTH_DELETE) as $perm){ - $label += 1; - - //general checkbox attributes - $atts = array( 'type' => 'radio', - 'id' => 'pbox'.$label, - 'name' => $name, - 'value' => $perm ); - //dynamic attributes - if(!is_null($setperm) && $setperm == $perm) $atts['checked'] = 'checked'; - if($ispage && $perm > AUTH_EDIT){ - $atts['disabled'] = 'disabled'; - $class = ' class="disabled"'; - }else{ - $class = ''; - } - - //build code - $ret .= '<label for="pbox'.$label.'" title="'.$this->getLang('acl_perm'.$perm).'"'.$class.'>'; - $ret .= '<input '.html_attbuild($atts).' /> '; - $ret .= $this->getLang('acl_perm'.$perm); - $ret .= '</label>'.NL; - } - return $ret; - } - - /** - * Print a user/group selector (reusing already used users and groups) - * - * @author Andreas Gohr <andi@splitbrain.org> - */ - function _html_select(){ - global $conf; - $inlist = false; - - if($this->who && - !in_array($this->who,$this->usersgroups) && - !in_array($this->who,$this->specials)){ - - if($this->who{0} == '@'){ - $gsel = ' selected="selected"'; - }else{ - $usel = ' selected="selected"'; - } - }else{ - $usel = ''; - $gsel = ''; - $inlist = true; - } - - - echo '<select name="acl_t" class="edit">'.NL; - echo ' <option value="__g__" class="aclgroup"'.$gsel.'>'.$this->getLang('acl_group').':</option>'.NL; - echo ' <option value="__u__" class="acluser"'.$usel.'>'.$this->getLang('acl_user').':</option>'.NL; - echo ' <optgroup label=" ">'.NL; - foreach($this->specials as $ug){ - if($ug == $this->who){ - $sel = ' selected="selected"'; - $inlist = true; - }else{ - $sel = ''; - } - - if($ug{0} == '@'){ - echo ' <option value="'.hsc($ug).'" class="aclgroup"'.$sel.'>'.hsc($ug).'</option>'.NL; - }else{ - echo ' <option value="'.hsc($ug).'" class="acluser"'.$sel.'>'.hsc($ug).'</option>'.NL; - } - } - echo ' </optgroup>'.NL; - echo ' <optgroup label=" ">'.NL; - foreach($this->usersgroups as $ug){ - if($ug == $this->who){ - $sel = ' selected="selected"'; - $inlist = true; - }else{ - $sel = ''; - } - - if($ug{0} == '@'){ - echo ' <option value="'.hsc($ug).'" class="aclgroup"'.$sel.'>'.hsc($ug).'</option>'.NL; - }else{ - echo ' <option value="'.hsc($ug).'" class="acluser"'.$sel.'>'.hsc($ug).'</option>'.NL; - } - } - echo ' </optgroup>'.NL; - echo '</select>'.NL; - return $inlist; - } -} |