From 18d00e176826a353503f889bb8ea157e5228304b Mon Sep 17 00:00:00 2001 From: brettp Date: Thu, 15 Apr 2010 17:07:13 +0000 Subject: Added granular access for views in ECML. Added 'usage' on keyword info. Updated docs. git-svn-id: http://code.elgg.org/elgg/trunk@5747 36083f99-b078-4883-b0ff-0f9b5a30f544 --- mod/ecml/README.txt | 15 +++- mod/ecml/actions/save_permissions.php | 20 ++++++ mod/ecml/ecml_functions.php | 3 +- mod/ecml/languages/en.php | 43 +++++++++++- mod/ecml/start.php | 45 +++++++++--- mod/ecml/views/default/ecml/admin/css.php | 17 +++++ mod/ecml/views/default/ecml/admin/ecml_admin.php | 80 ++++++++++++++++++++++ .../views/default/ecml/keywords/googlemaps.php | 8 +-- 8 files changed, 207 insertions(+), 24 deletions(-) create mode 100644 mod/ecml/actions/save_permissions.php create mode 100644 mod/ecml/views/default/ecml/admin/css.php create mode 100644 mod/ecml/views/default/ecml/admin/ecml_admin.php (limited to 'mod') diff --git a/mod/ecml/README.txt b/mod/ecml/README.txt index c72e8c0c4..f57dc1b8d 100644 --- a/mod/ecml/README.txt +++ b/mod/ecml/README.txt @@ -90,7 +90,13 @@ CONTENTS: To register your own ECML keywords, reply to the 'get_keywords' hook of type 'ecml' and append to the passed array with a key that is - your keyword name and a value that is an array of a description and view. + your keyword name and a value that is an array of a view, a description, + and usage instructions. + + Optionally, the array can pass a 'restricted' => array() value of views + that this keyword is valid in. This is not overrideable by the admin + interface and is useful for forcing security on possibly dangerous + keywords. Arguments passed to the keyword are accessible to the keyword view via the $vars array. It is the responsibility of the custom view to parse @@ -111,7 +117,8 @@ CONTENTS: function buttonizer_ecml_keywords($hook, $type, $value, $params) { $value['buttonizer'] = array( 'view' => 'buttonizer/ecml/buttonizer', - 'description' => 'Makes your text a button! What could be better?' + 'description' => 'Makes your text a button! What could be better?', + 'usage' => 'Use [[buttonizer text="My text"]] to make "My text" a button!' ); return $value; @@ -129,6 +136,10 @@ CONTENTS: [[view src="buttonizer/ecml/buttonizer" text="This is my button!"]] + or even: + + [[view src="input/button" value="This is my button!" type="button"]] + but is much simpler for the user. diff --git a/mod/ecml/actions/save_permissions.php b/mod/ecml/actions/save_permissions.php new file mode 100644 index 000000000..490a8928b --- /dev/null +++ b/mod/ecml/actions/save_permissions.php @@ -0,0 +1,20 @@ +ecml_permissions['views']; - $contexts = $CONFIG->ecml_permissions['contexts']; + $views = $CONFIG->ecml_permissions; // this is a blacklist, so return TRUE by default. $r = TRUE; diff --git a/mod/ecml/languages/en.php b/mod/ecml/languages/en.php index d93c7236a..2d1b873ad 100644 --- a/mod/ecml/languages/en.php +++ b/mod/ecml/languages/en.php @@ -13,9 +13,31 @@ $english = array( 'ecml' => 'ECML', 'ecml:help' => 'ECML Help', - /** - * Key words - */ + + // views + 'ecml:views:annotation_generic_comment' => 'Comments', + + // keywords + 'ecml:keywords:desc:entity' => 'Displays a list of any Elgg entity.', + 'ecml:keywords:usage:entity' => '[[entity]] supports all options in elgg_get_entities()', + + 'ecml:keywords:desc:view' => 'Displays any Elgg view.', + 'ecml:keywords:usage:view' => '[[view src="valid/view" arg1=value1 arg2=value2]]', + + 'ecml:keywords:desc:googlemaps' => 'Embed a Google Map.', + 'ecml:keywords:usage:entity' => '[[googlemaps src="URL"]] Use the link code from Google Maps as the src.', + + 'ecml:keywords:desc:slideshare' => 'Embed a Slideshare slide.', + 'ecml:keywords:usage:entity' => '[[slideshare id="slideshare_id"]] Use the Wordpress.com embed code, but make sure there are two [s and ]s surrounding it!', + + 'ecml:keywords:desc:vimeo' => 'Embed a Vimeo video.', + 'ecml:keywords:usage:videmo' => '[[videmo src="URL"]] Use a standard Vimeo URL as the source.', + + 'ecml:keywords:desc:youtube' => 'Embed a YouTube video.', + 'ecml:keywords:usage:entity' => '[[youtube src="URL"]] Use a standard YouTube URL as the source.', + + + // keyword help 'ecml:keywords_title' => 'Keywords', 'ecml:keywords_instructions' => 'Keywords are replaced with content when viewed. They must be surrounded by @@ -36,6 +58,21 @@ $english = array(

Ex: To show a text input with a default value:
[[view: input/text, value=This is a default value]]

', + + // admin + 'ecml:admin:admin' => 'ECML Permissions', + 'ecml:admin:instruction' => + +'ECML allows users you easily embed views, entities, and 3rd party applications into their content +on your site by using ECML keywords. There are some ECML keywords that you may want to restrict +in certain areas of your site. To disable a keyword for a section of your site, check the box in the +grid below. +', + + 'ecml:admin:permissions_saved' => 'ECML permissions saved.', + 'ecml:admin:cannot_save_permissions' => 'Cannot save ECML permissions!', + + ); add_translation('en', $english); \ No newline at end of file diff --git a/mod/ecml/start.php b/mod/ecml/start.php index c6a9ff38b..cad6f096f 100644 --- a/mod/ecml/start.php +++ b/mod/ecml/start.php @@ -32,11 +32,20 @@ function ecml_init() { register_page_handler('ecml_admin', 'ecml_admin_page_handler'); register_elgg_event_handler('pagesetup', 'system', 'ecml_pagesetup'); + // CSS for admin access + elgg_extend_view('css', 'ecml/admin/css'); + + // admin action to save permissions + register_action('ecml/save_permissions', FALSE, dirname(__FILE__) . '/actions/save_permissions.php', TRUE); + // show ECML-enabled icon on free-text input areas elgg_extend_view('input/longtext', 'ecml/input_ext'); elgg_extend_view('input/plaintext', 'ecml/input_ext'); //elgg_extend_view('input/text', 'ecml/input_ext'); + // add parsing for core views. + register_plugin_hook('get_views', 'ecml', 'ecml_views_hook'); + // get register the views we want to parse for ecml // @todo will need to do profiling to see if it would be faster // to foreach through this list and register to specific views or @@ -60,9 +69,7 @@ function ecml_init() { // it's more efficient to use this as a blacklist // but probably makes more sense from a UI perspective as a whitelist. // uses [views][view_name] = array(keywords, not, allowed) - $CONFIG->ecml_permissions = array( - 'views' => array() - ); + $CONFIG->ecml_permissions = unserialize(get_plugin_setting('ecml_permissions', 'ecml')); } /** @@ -92,7 +99,8 @@ function ecml_help_page_handler($page) { * @param array $page */ function ecml_admin_page_handler($page) { - $content = elgg_view('ecml/admin'); + admin_gatekeeper(); + $content = elgg_view('ecml/admin/ecml_admin'); echo page_draw(elgg_echo('ecml:admin'), $content); } @@ -122,22 +130,39 @@ function ecml_parse_view($hook, $entity_type, $return_value, $params) { * Register default keywords. * * @param unknown_type $hook - * @param unknown_type $entity_type - * @param unknown_type $return_value + * @param unknown_type $type + * @param unknown_type $value * @param unknown_type $params * @return unknown_type */ -function ecml_keyword_hook($hook, $entity_type, $return_value, $params) { +function ecml_keyword_hook($hook, $type, $value, $params) { + // I keep going back and forth about entity and view. They're powerful, but + // a great way to let a site get hacked if the admin doesn't lock them down. $keywords = array('entity', 'view', 'youtube', 'slideshare', 'vimeo', 'googlemaps'); foreach ($keywords as $keyword) { - $return_value[$keyword] = array( + $value[$keyword] = array( 'view' => "ecml/keywords/$keyword", - 'description' => elgg_echo("ecml:keywords:$keyword") + 'description' => elgg_echo("ecml:keywords:desc:$keyword"), + 'usage' => elgg_echo("ecml:keywords:usage:$keyword") ); } - return $return_value; + return $value; +} + +/** + * Register default views to parse + * + * @param unknown_type $hook + * @param unknown_type $type + * @param unknown_type $value + * @param unknown_type $params + */ +function ecml_views_hook($hook, $type, $value, $params) { + $value['annotation/generic_comment'] = elgg_echo('ecml:views:annotation_generic_comment'); + + return $value; } register_elgg_event_handler('init', 'system', 'ecml_init'); \ No newline at end of file diff --git a/mod/ecml/views/default/ecml/admin/css.php b/mod/ecml/views/default/ecml/admin/css.php new file mode 100644 index 000000000..4a9cd8e4d --- /dev/null +++ b/mod/ecml/views/default/ecml/admin/css.php @@ -0,0 +1,17 @@ +.ecml_admin_table { + width:100%; +} +.ecml_admin_table td, th { + border: 1px solid gray; + text-align: center; + padding: 5px; +} +.ecml_admin_table th, .ecml_view_desc { + font-weight: bold; +} +.ecml_row_odd { + background-color: #EEE; +} +.ecml_row_even { + +} \ No newline at end of file diff --git a/mod/ecml/views/default/ecml/admin/ecml_admin.php b/mod/ecml/views/default/ecml/admin/ecml_admin.php new file mode 100644 index 000000000..b91807510 --- /dev/null +++ b/mod/ecml/views/default/ecml/admin/ecml_admin.php @@ -0,0 +1,80 @@ +ecml_parse_views; +$keywords = $vars['config']->ecml_keywords; +$perms = $vars['config']->ecml_permissions; + +ksort($views); +ksort($keywords); + +echo elgg_view_title(elgg_echo('ecml:admin:admin')); +echo '

' . elgg_echo('ecml:admin:instruction') . '

'; + +// yes I'm using a table because this is table. +$form_body = <<<___END + + + +___END; + +foreach ($keywords as $keyword => $info) { + $desc = $info['description']; + + $form_body .= ""; +} +$form_body .= ''; + +$odd = 'odd'; +foreach ($views as $view => $desc) { + $form_body .= " + + +"; + foreach ($keywords as $keyword => $info) { + $checked = (in_array($keyword, $perms[$view])) ? 'checked="checked"' : ''; + + // ooook. input/checkboxes isn't overly useful. + // do it ourself. + $form_body .= ""; + } + $form_body .= ''; + + $odd = ($odd == 'odd') ? 'even' : 'odd'; +} + +$form_body .= '
 $keyword
$desc
'; +$form_body .= elgg_view('input/submit', array('value' => elgg_echo('submit'))); +$form_body .= elgg_view('input/reset', array('value' => elgg_echo('reset'))); + +echo elgg_view('input/form', array( + 'body' => $form_body, + 'action' => $vars['url'] . 'action/ecml/save_permissions' +)); + +//foreach ($views as $view => $desc) { +// echo elgg_view_title($desc); +// echo ''; +// +//echo <<<___END +//
+// +// +//___END; +//} +// +//echo ''; \ No newline at end of file diff --git a/mod/ecml/views/default/ecml/keywords/googlemaps.php b/mod/ecml/views/default/ecml/keywords/googlemaps.php index c75023045..4f31a4531 100644 --- a/mod/ecml/views/default/ecml/keywords/googlemaps.php +++ b/mod/ecml/views/default/ecml/keywords/googlemaps.php @@ -18,14 +18,8 @@ if ($src) { $link_href = elgg_http_add_url_query_elements($src, array('source' => 'embed')); echo " -
- - - " . elgg_echo('ecml:googlemaps:view_larger_map') . " - - - +" . elgg_echo('ecml:googlemaps:view_larger_map') . " "; } \ No newline at end of file -- cgit v1.2.3