From abf321f2fb25d1750c96a67807bcda84a63ba497 Mon Sep 17 00:00:00 2001 From: ben Date: Mon, 23 Feb 2009 10:29:43 +0000 Subject: Added site default access permissions. Refs #744 git-svn-id: https://code.elgg.org/elgg/trunk@2885 36083f99-b078-4883-b0ff-0f9b5a30f544 --- actions/admin/site/update_basic.php | 106 +++++++++++++-------------- actions/systemsettings/install.php | 1 + engine/lib/access.php | 110 ++++++++++++++++------------- engine/lib/widgets.php | 8 ++- languages/en.php | 2 + mod/profile/actions/edit.php | 1 + mod/profile/views/default/profile/edit.php | 2 +- views/default/input/access.php | 16 +++-- views/default/settings/system.php | 29 ++++---- views/failsafe/settings/system.php | 22 +++--- 10 files changed, 165 insertions(+), 132 deletions(-) diff --git a/actions/admin/site/update_basic.php b/actions/admin/site/update_basic.php index 002276603..f5582fb2e 100644 --- a/actions/admin/site/update_basic.php +++ b/actions/admin/site/update_basic.php @@ -12,69 +12,71 @@ * @copyright Curverider Ltd 2008-2009 * @link http://elgg.org/ */ - - global $CONFIG; - - // block non-admin users - admin_gatekeeper(); - action_gatekeeper(); + + global $CONFIG; + + // block non-admin users + admin_gatekeeper(); + action_gatekeeper(); if (get_input('settings') == 'go') { if (datalist_get('default_site')) { - - $site = get_entity(datalist_get('default_site')); - if (!($site instanceof ElggSite)) - throw new InstallationException(elgg_echo('InvalidParameterException:NonElggSite')); - + + $site = get_entity(datalist_get('default_site')); + if (!($site instanceof ElggSite)) + throw new InstallationException(elgg_echo('InvalidParameterException:NonElggSite')); + $site->description = get_input('sitedescription'); - $site->name = get_input('sitename'); + $site->name = get_input('sitename'); $site->email = get_input('siteemail'); $site->url = get_input('wwwroot'); datalist_set('path',sanitise_filepath(get_input('path'))); - datalist_set('dataroot',sanitise_filepath(get_input('dataroot'))); - - set_config('language', get_input('language'), $site->getGUID()); - - set_config('view', get_input('view'), $site->getGUID()); - - $debug = get_input('debug'); - if ($debug) - set_config('debug', 1, $site->getGUID()); - else - unset_config('debug', $site->getGUID()); - - $https_login = get_input('https_login'); - if ($https_login) - set_config('https_login', 1, $site->getGUID()); - else - unset_config('https_login', $site->getGUID()); - - $usage = get_input('usage'); - if ($usage) - unset_config('ping_home', $site->getGUID()); - else - set_config('ping_home', 'disabled', $site->getGUID()); - - $api = get_input('api'); - if ($api) - unset_config('disable_api', $site->getGUID()); - else - set_config('disable_api', 'disabled', $site->getGUID()); - - // Now ping home - //if ((!isset($usage)) || ($usage!='disabled')) - //{ - // ping_home($site); - //} - - if ($site->save()) - system_message(elgg_echo("admin:configuration:success")); - else + datalist_set('dataroot',sanitise_filepath(get_input('dataroot'))); + + set_config('language', get_input('language'), $site->getGUID()); + + set_config('default_access', get_input('default_access'), $site->getGUID()); + + set_config('view', get_input('view'), $site->getGUID()); + + $debug = get_input('debug'); + if ($debug) + set_config('debug', 1, $site->getGUID()); + else + unset_config('debug', $site->getGUID()); + + $https_login = get_input('https_login'); + if ($https_login) + set_config('https_login', 1, $site->getGUID()); + else + unset_config('https_login', $site->getGUID()); + + $usage = get_input('usage'); + if ($usage) + unset_config('ping_home', $site->getGUID()); + else + set_config('ping_home', 'disabled', $site->getGUID()); + + $api = get_input('api'); + if ($api) + unset_config('disable_api', $site->getGUID()); + else + set_config('disable_api', 'disabled', $site->getGUID()); + + // Now ping home + //if ((!isset($usage)) || ($usage!='disabled')) + //{ + // ping_home($site); + //} + + if ($site->save()) + system_message(elgg_echo("admin:configuration:success")); + else register_error(elgg_echo("admin:configuration:fail")); - //header("Location: {$CONFIG->wwwroot}admin/site/"); + //header("Location: {$CONFIG->wwwroot}admin/site/"); forward($_SERVER['HTTP_REFERER']); exit; diff --git a/actions/systemsettings/install.php b/actions/systemsettings/install.php index 8b8f78517..9fbbd3802 100644 --- a/actions/systemsettings/install.php +++ b/actions/systemsettings/install.php @@ -58,6 +58,7 @@ set_config('view', get_input('view'), $site->getGUID()); set_config('language', get_input('language'), $site->getGUID()); + set_config('default_access', get_input('default_access'), $site->getGUID()); $debug = get_input('debug'); if ($debug) diff --git a/engine/lib/access.php b/engine/lib/access.php index 77f234dc9..eb00d7543 100644 --- a/engine/lib/access.php +++ b/engine/lib/access.php @@ -53,7 +53,7 @@ function get_access_array($user_id = 0, $site_id = 0, $flush = false) { global $CONFIG, $init_finished; - static $access_array, $acm, $ac; // Caches. $ac* flag whether we have executed a query previously, and stop it being run again if no data is returned. + static $access_array, $acm, $ac; // Caches. $ac* flag whether we have executed a query previously, and stop it being run again if no data is returned. if (!isset($access_array) || (!isset($init_finished)) || (!$init_finished)) $access_array = array(); @@ -72,23 +72,23 @@ $tmp_access_array = array(ACCESS_PUBLIC); if (isloggedin()) { - $tmp_access_array[] = ACCESS_LOGGED_IN; - - // The following can only return sensible data if the user is logged in. + $tmp_access_array[] = ACCESS_LOGGED_IN; + + // The following can only return sensible data if the user is logged in. if ($collections = get_data($query)) { foreach($collections as $collection) - if (!empty($collection->access_collection_id)) $tmp_access_array[] = $collection->access_collection_id; + if (!empty($collection->access_collection_id)) $tmp_access_array[] = $collection->access_collection_id; - } + } $query = "SELECT ag.id FROM {$CONFIG->dbprefix}access_collections ag "; $query .= " WHERE ag.owner_guid = {$user_id} AND (ag.site_guid = {$site_id} OR ag.site_guid = 0)"; - + if ($collections = get_data($query)) { foreach($collections as $collection) if (!empty($collection->id)) $tmp_access_array[] = $collection->id; - } + } global $is_admin; @@ -96,11 +96,11 @@ if (isset($is_admin) && $is_admin == true) { $tmp_access_array[] = ACCESS_PRIVATE; } - - $access_array[$user_id] = $tmp_access_array; + + $access_array[$user_id] = $tmp_access_array; } - else - return $tmp_access_array; // No user id logged in so we can only access public info + else + return $tmp_access_array; // No user id logged in so we can only access public info } else { @@ -110,34 +110,48 @@ return $access_array[$user_id]; } - - /** - * Override the default behaviour and allow results to show hidden entities as well. - * THIS IS A HACK. - * - * TODO: Replace this with query object! - */ - $ENTITY_SHOW_HIDDEN_OVERRIDE = false; - - /** - * This will be replaced. Do not use in plugins! - * - * @param bool $show - */ - function access_show_hidden_entities($show_hidden) - { - global $ENTITY_SHOW_HIDDEN_OVERRIDE; - $ENTITY_SHOW_HIDDEN_OVERRIDE = $show_hidden; - } - - /** - * This will be replaced. Do not use in plugins! - */ - function access_get_show_hidden_status() - { - global $ENTITY_SHOW_HIDDEN_OVERRIDE; - return $ENTITY_SHOW_HIDDEN_OVERRIDE; - } + + /** + * Gets the default access permission for new content + * + * @return int default access id (see ACCESS defines in elgglib.php) + */ + function get_default_access() + { + global $CONFIG; + + // future: if user has a default access set, override site default access + + return $CONFIG->default_access; + } + + /** + * Override the default behaviour and allow results to show hidden entities as well. + * THIS IS A HACK. + * + * TODO: Replace this with query object! + */ + $ENTITY_SHOW_HIDDEN_OVERRIDE = false; + + /** + * This will be replaced. Do not use in plugins! + * + * @param bool $show + */ + function access_show_hidden_entities($show_hidden) + { + global $ENTITY_SHOW_HIDDEN_OVERRIDE; + $ENTITY_SHOW_HIDDEN_OVERRIDE = $show_hidden; + } + + /** + * This will be replaced. Do not use in plugins! + */ + function access_get_show_hidden_status() + { + global $ENTITY_SHOW_HIDDEN_OVERRIDE; + return $ENTITY_SHOW_HIDDEN_OVERRIDE; + } /** * Add access restriction sql code to a given query. @@ -149,17 +163,17 @@ * @param string $table_prefix Optional xxx. prefix for the access code. */ function get_access_sql_suffix($table_prefix = "") - { - global $ENTITY_SHOW_HIDDEN_OVERRIDE; + { + global $ENTITY_SHOW_HIDDEN_OVERRIDE; $sql = ""; if ($table_prefix) $table_prefix = sanitise_string($table_prefix) . "."; - $access = get_access_list(); - - $owner = get_loggedin_userid(); + $access = get_access_list(); + + $owner = get_loggedin_userid(); if (!$owner) $owner = -1; global $is_admin; @@ -171,7 +185,7 @@ if (empty($sql)) $sql = " ({$table_prefix}access_id in {$access} or ({$table_prefix}access_id = " . ACCESS_PRIVATE . " and {$table_prefix}owner_guid = $owner))"; - if (!$ENTITY_SHOW_HIDDEN_OVERRIDE) + if (!$ENTITY_SHOW_HIDDEN_OVERRIDE) $sql .= " and {$table_prefix}enabled='yes'"; return $sql; @@ -332,9 +346,9 @@ if ((array_key_exists($collection_id, $collections) || $collection->owner_guid == 0) && $user = get_user($user_guid)) { - global $CONFIG; + global $CONFIG; try { - insert_data("insert into {$CONFIG->dbprefix}access_collection_membership set access_collection_id = {$collection_id}, user_guid = {$user_guid}"); + insert_data("insert into {$CONFIG->dbprefix}access_collection_membership set access_collection_id = {$collection_id}, user_guid = {$user_guid}"); } catch (DatabaseException $e) {} return true; diff --git a/engine/lib/widgets.php b/engine/lib/widgets.php index 2660cc240..a455f8068 100644 --- a/engine/lib/widgets.php +++ b/engine/lib/widgets.php @@ -232,8 +232,12 @@ $widget = new ElggWidget; $widget->owner_guid = $user_guid; - $widget->access_id = ACCESS_LOGGED_IN; - if (!$widget->save()) + $widget->access_id = get_default_access(); + // private widgets don't makes sense, correct? + if ($widget->access_id == ACCESS_PRIVATE) + $widget->access_id = ACCESS_LOGGED_IN; // change to ACCESS_FRIENDS when implemented + + if (!$widget->save()) return false; $widget->handler = $handler; diff --git a/languages/en.php b/languages/en.php index 09da1d9c3..62de6f1dd 100644 --- a/languages/en.php +++ b/languages/en.php @@ -495,6 +495,7 @@ To remove a widget drag it back to the Widget gallery.", 'admin:site:description' => "This admin panel allows you to control global settings for your site. Choose an option below to get started.", 'admin:site:opt:linktext' => "Configure site...", 'admin:site:opt:description' => "Configure the site technical and non-technical settings. ", + 'admin:site:access:warning' => "Changing the access setting only affects the permissions on content created in the future.", 'admin:plugins' => "Tool Administration", 'admin:plugins:description' => "This admin panel allows you to control and configure tools installed on your site.", @@ -759,6 +760,7 @@ Alternatively, you can enter your database settings below and we will try and do 'installation:path' => "The full path to your site root on your disk, followed by a trailing slash:", 'installation:dataroot' => "The full path to the directory where uploaded files will be stored, followed by a trailing slash:", 'installation:dataroot:warning' => "You must create this directory manually. It should sit in a different directory to your Elgg installation.", + 'installation:sitepermissions' => "The default access permissions:", 'installation:language' => "The default language for your site:", 'installation:debug' => "Debug mode provides extra information which can be used to diagnose faults, however it can slow your system down so should only be used if you are having problems:", 'installation:debug:label' => "Turn on debug mode", diff --git a/mod/profile/actions/edit.php b/mod/profile/actions/edit.php index 7a4716646..95a669a69 100644 --- a/mod/profile/actions/edit.php +++ b/mod/profile/actions/edit.php @@ -44,6 +44,7 @@ if (isset($accesslevel[$shortname])) { $access_id = (int) $accesslevel[$shortname]; } else { + // this should never be executed since the access level should always be set $access_id = ACCESS_PRIVATE; } if (is_array($value)) { diff --git a/mod/profile/views/default/profile/edit.php b/mod/profile/views/default/profile/edit.php index 7b1f9540a..e2eb8f5ce 100644 --- a/mod/profile/views/default/profile/edit.php +++ b/mod/profile/views/default/profile/edit.php @@ -36,7 +36,7 @@ } } else { $value = ''; - $access_id = ACCESS_LOGGED_IN; + $access_id = ACCESS_DEFAULT; } ?> diff --git a/views/default/input/access.php b/views/default/input/access.php index db938111e..e08eca13a 100644 --- a/views/default/input/access.php +++ b/views/default/input/access.php @@ -15,15 +15,19 @@ * @uses $vars['js'] Any Javascript to enter into the input tag * @uses $vars['internalname'] The name of the input field * - */ - - if (isset($vars['class'])) $class = $vars['class']; + */ + + if (isset($vars['class'])) $class = $vars['class']; if (!$class) $class = "input-access"; - - if ((!isset($vars['options'])) || (!is_array($vars['options']))) + + if (!array_key_exists('value', $vars) || $vars['value'] == ACCESS_DEFAULT) + $vars['value'] = get_default_access(); + + + if ((!isset($vars['options'])) || (!is_array($vars['options']))) { $vars['options'] = array(); - $vars['options'] = get_write_access_array(); + $vars['options'] = get_write_access_array(); } if (is_array($vars['options']) && sizeof($vars['options']) > 0) { diff --git a/views/default/settings/system.php b/views/default/settings/system.php index f8317d95c..317a1094e 100644 --- a/views/default/settings/system.php +++ b/views/default/settings/system.php @@ -35,26 +35,29 @@ $languages = get_installed_translations(); $form_body .= "

" . elgg_echo('installation:language') . elgg_view("input/pulldown", array('internalname' => 'language', 'value' => $vars['config']->language, 'options_values' => $languages)) . "

"; - $form_body .= "

" . elgg_echo('installation:debug') . "
" .elgg_view("input/checkboxes", array('options' => array(elgg_echo('installation:debug:label')), 'internalname' => 'debug', 'value' => ($vars['config']->debug ? elgg_echo('installation:debug:label') : "") )) . "

"; - - $form_body .= "

" . elgg_echo('installation:httpslogin') . "
" .elgg_view("input/checkboxes", array('options' => array(elgg_echo('installation:httpslogin:label')), 'internalname' => 'https_login', 'value' => ($vars['config']->https_login ? elgg_echo('installation:httpslogin:label') : "") )) . "

"; + $form_body .= "

" . elgg_echo('admin:site:access:warning') . "
"; + $form_body .= elgg_echo('installation:sitepermissions') . elgg_view('input/access', array('internalname' => 'default_access','value' => $vars['config']->default_access)) . "

"; - - $form_body .= "

" . elgg_echo('installation:disableapi') . "
"; - $on = elgg_echo('installation:disableapi:label'); - if ((isset($CONFIG->disable_api)) && ($CONFIG->disable_api == true)) - $on = ($vars['config']->disable_api ? "" : elgg_echo('installation:disableapi:label')); - $form_body .= elgg_view("input/checkboxes", array('options' => array(elgg_echo('installation:disableapi:label')), 'internalname' => 'api', 'value' => $on )); - $form_body .= "

"; + $form_body .= "

" . elgg_echo('installation:debug') . "
" .elgg_view("input/checkboxes", array('options' => array(elgg_echo('installation:debug:label')), 'internalname' => 'debug', 'value' => ($vars['config']->debug ? elgg_echo('installation:debug:label') : "") )) . "

"; + + $form_body .= "

" . elgg_echo('installation:httpslogin') . "
" .elgg_view("input/checkboxes", array('options' => array(elgg_echo('installation:httpslogin:label')), 'internalname' => 'https_login', 'value' => ($vars['config']->https_login ? elgg_echo('installation:httpslogin:label') : "") )) . "

"; + + + $form_body .= "

" . elgg_echo('installation:disableapi') . "
"; + $on = elgg_echo('installation:disableapi:label'); + if ((isset($CONFIG->disable_api)) && ($CONFIG->disable_api == true)) + $on = ($vars['config']->disable_api ? "" : elgg_echo('installation:disableapi:label')); + $form_body .= elgg_view("input/checkboxes", array('options' => array(elgg_echo('installation:disableapi:label')), 'internalname' => 'api', 'value' => $on )); + $form_body .= "

"; $form_body .= "

" . elgg_echo('installation:usage') . "
"; - $on = elgg_echo('installation:usage:label'); + $on = elgg_echo('installation:usage:label'); if (isset($CONFIG->ping_home)) $on = ($vars['config']->ping_home!='disabled' ? elgg_echo('installation:usage:label') : ""); $form_body .= elgg_view("input/checkboxes", array('options' => array(elgg_echo('installation:usage:label')), 'internalname' => 'usage', 'value' => $on )); - $form_body .= "

"; - + $form_body .= "

"; + $form_body .= elgg_view('input/hidden', array('internalname' => 'settings', 'value' => 'go')); diff --git a/views/failsafe/settings/system.php b/views/failsafe/settings/system.php index 18e43eac1..420dc45aa 100644 --- a/views/failsafe/settings/system.php +++ b/views/failsafe/settings/system.php @@ -36,16 +36,18 @@ $languages = get_installed_translations(); $form_body .= "

" . elgg_echo('installation:language') . elgg_view("input/pulldown", array('internalname' => 'language', 'value' => $vars['config']->language, 'options_values' => $languages)) . "

"; - $form_body .= "

" . elgg_echo('installation:debug') . "
" .elgg_view("input/checkboxes", array('options' => array(elgg_echo('installation:debug:label')), 'internalname' => 'debug', 'value' => ($vars['config']->debug ? elgg_echo('installation:debug:label') : "") )) . "

"; - + $form_body .= "

" . elgg_echo('installation:sitepermissions') . elgg_view('input/access', array('internalname' => 'default_access','value' => ACCESS_LOGGED_IN)) . "

"; + + $form_body .= "

" . elgg_echo('installation:debug') . "
" .elgg_view("input/checkboxes", array('options' => array(elgg_echo('installation:debug:label')), 'internalname' => 'debug', 'value' => ($vars['config']->debug ? elgg_echo('installation:debug:label') : "") )) . "

"; + $form_body .= "

" . elgg_echo('installation:httpslogin') . "
" .elgg_view("input/checkboxes", array('options' => array(elgg_echo('installation:httpslogin:label')), 'internalname' => 'https_login', 'value' => ($vars['config']->https_login ? elgg_echo('installation:httpslogin:label') : "") )) . "

"; - - $form_body .= "

" . elgg_echo('installation:disableapi') . "
"; - $on = elgg_echo('installation:disableapi:label'); - if ((isset($CONFIG->disable_api)) && ($CONFIG->disable_api == true)) - $on = ($vars['config']->disable_api ? "" : elgg_echo('installation:disableapi:label')); - $form_body .= elgg_view("input/checkboxes", array('options' => array(elgg_echo('installation:disableapi:label')), 'internalname' => 'api', 'value' => $on )); - $form_body .= "

"; + + $form_body .= "

" . elgg_echo('installation:disableapi') . "
"; + $on = elgg_echo('installation:disableapi:label'); + if ((isset($CONFIG->disable_api)) && ($CONFIG->disable_api == true)) + $on = ($vars['config']->disable_api ? "" : elgg_echo('installation:disableapi:label')); + $form_body .= elgg_view("input/checkboxes", array('options' => array(elgg_echo('installation:disableapi:label')), 'internalname' => 'api', 'value' => $on )); + $form_body .= "

"; $form_body .= "

" . elgg_echo('installation:usage') . "
"; $on = elgg_echo('installation:usage:label'); @@ -53,7 +55,7 @@ if (isset($CONFIG->ping_home)) $on = ($vars['config']->ping_home!='disabled' ? elgg_echo('installation:usage:label') : ""); $form_body .= elgg_view("input/checkboxes", array('options' => array(elgg_echo('installation:usage:label')), 'internalname' => 'usage', 'value' => $on )); - $form_body .= "

"; + $form_body .= "

"; $form_body .= elgg_view('input/hidden', array('internalname' => 'settings', 'value' => 'go')); -- cgit v1.2.3