4 * Copyright 2004,2007 $ThePhpWikiProgrammingTeam
5 * Copyright 2009-2010 Marc-Etienne Vargenau, Alcatel-Lucent
7 * This file is part of PhpWiki.
9 * PhpWiki is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
14 * PhpWiki is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
19 * You should have received a copy of the GNU General Public License along
20 * with PhpWiki; if not, write to the Free Software Foundation, Inc.,
21 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
25 * Permissions per page and action based on current user,
26 * ownership and group membership implemented with ACL's (Access Control Lists),
27 * opposed to the simplier unix-like ugo:rwx system.
28 * The previous system was only based on action and current user. (lib/main.php)
30 * Permissions may be inherited from its parent pages, a optional the
31 * optional master page ("."), and predefined default permissions, if "."
33 * Pagenames starting with "." have special default permissions.
34 * For Authentication see WikiUserNew.php, WikiGroup.php and main.php
35 * Page Permissions are in PhpWiki since v1.3.9 and enabled since v1.4.0
37 * This file might replace the following functions from main.php:
38 * Request::_notAuthorized($require_level)
39 * display the denied message and optionally a login form
40 * to gain higher privileges
41 * Request::getActionDescription($action)
42 * helper to localize the _notAuthorized message per action,
43 * when login is tried.
44 * Request::getDisallowedActionDescription($action)
45 * helper to localize the _notAuthorized message per action,
47 * Request::requiredAuthority($action)
48 * returns the needed user level
49 * has a hook for plugins on POST
50 * Request::requiredAuthorityForAction($action)
51 * just returns the level per action, will be replaced with the
54 * The defined main.php actions map to simplier access types:
57 * create => edit or create
60 * store prefs => change
61 * list in PageList => list
64 /* Symbolic special ACL groups. Untranslated to be stored in page metadata*/
65 define('ACL_EVERY', '_EVERY');
66 define('ACL_ANONYMOUS', '_ANONYMOUS');
67 define('ACL_BOGOUSER', '_BOGOUSER');
68 define('ACL_HASHOMEPAGE', '_HASHOMEPAGE');
69 define('ACL_SIGNED', '_SIGNED');
70 define('ACL_AUTHENTICATED','_AUTHENTICATED');
71 define('ACL_ADMIN', '_ADMIN');
72 define('ACL_OWNER', '_OWNER');
73 define('ACL_CREATOR', '_CREATOR');
75 // Return an page permissions array for this page.
76 // To provide ui helpers to view and change page permissions:
77 // <tr><th>Group</th><th>Access</th><th>Allow or Forbid</th></tr>
78 // <tr><td>$group</td><td>_($access)</td><td> [ ] </td></tr>
79 function pagePermissions($pagename) {
81 $page = $request->getPage($pagename);
82 // Page not found (new page); returned inherited permissions, to be displayed in gray
83 if (! $page->exists() ) {
84 if ($pagename == '.') // stop recursion
85 return array('default', new PagePermission());
87 return array('inherited', pagePermissions(getParentPage($pagename)));
89 } elseif ($perm = getPagePermissions($page)) {
90 return array('page', $perm);
91 // or no permissions defined; returned inherited permissions, to be displayed in gray
92 } elseif ($pagename == '.') { // stop recursion in pathological case.
93 // "." defined, without any acl
94 return array('default', new PagePermission());
96 return array('inherited', pagePermissions(getParentPage($pagename)));
100 function pagePermissionsSimpleFormat($perm_tree, $owner, $group=false) {
101 list($type,$perm) = pagePermissionsAcl($perm_tree[0], $perm_tree);
103 $type = $perm_tree[0];
104 $perm = pagePermissionsAcl($perm_tree);
105 if (is_object($perm_tree[1]))
106 $perm = $perm_tree[1];
107 elseif (is_array($perm_tree[1])) {
108 $perm_tree = pagePermissionsSimpleFormat($perm_tree[1],$owner,$group);
109 if (isa($perm_tree[1],'pagepermission'))
110 $perm = $perm_tree[1];
111 elseif (isa($perm_tree,'htmlelement'))
116 return HTML::tt(HTML::strong($perm->asRwxString($owner, $group)));
117 elseif ($type == 'default')
118 return HTML::tt($perm->asRwxString($owner, $group));
119 elseif ($type == 'inherited') {
120 return HTML::tt(array('class'=>'inherited', 'style'=>'color:#aaa;'),
121 $perm->asRwxString($owner, $group));
125 function pagePermissionsAcl($type,$perm_tree) {
126 $perm = $perm_tree[1];
127 while (!is_object($perm)) {
128 $perm_tree = pagePermissionsAcl($type, $perm);
129 $perm = $perm_tree[1];
131 return array($type,$perm);
136 function pagePermissionsAclFormat($perm_tree, $editable=false) {
137 list($type,$perm) = pagePermissionsAcl($perm_tree[0], $perm_tree);
139 return $perm->asEditableTable($type);
141 return $perm->asTable($type);
145 * Check the permissions for the current action.
146 * Walk down the inheritance tree. Collect all permissions until
147 * the minimum required level is gained, which is not
148 * overruled by more specific forbid rules.
149 * Todo: cache result per access and page in session?
151 function requiredAuthorityForPage ($action) {
153 $auth = _requiredAuthorityForPagename(action2access($action),
154 $request->getArg('pagename'));
155 assert($auth !== -1);
157 return $request->_user->_level;
159 return WIKIAUTH_UNOBTAINABLE;
162 // Translate action or plugin to the simplier access types:
163 function action2access ($action) {
175 // performance and security relevant
184 // invent a new access-perm massedit? or switch back to change, or keep it at edit?
185 case _("PhpWikiAdministration")."/"._("Rename"):
186 case _("PhpWikiAdministration")."/"._("SearchReplace"):
193 $page = $request->getPage();
194 if (!$page->exists())
201 // probably create/edit but we cannot check all page permissions, can we?
211 //Todo: Plugins should be able to override its access type
212 if (isWikiWord($action))
220 // Recursive helper to do the real work.
221 // Using a simple perm cache for page-access pairs.
222 // Maybe page-(current+edit+change?)action pairs will help
223 function _requiredAuthorityForPagename($access, $pagename) {
224 static $permcache = array();
226 if (array_key_exists($pagename, $permcache)
227 and array_key_exists($access, $permcache[$pagename]))
228 return $permcache[$pagename][$access];
231 $page = $request->getPage($pagename);
235 if ($pagename != '.' && isset($request->_user->_is_external) && $request->_user->_is_external && ! $page->get('external')) {
236 $permcache[$pagename][$access] = 0;
240 if ((READONLY or $request->_dbi->readonly)
241 and in_array($access, array('edit','create','change')))
246 // Page not found; check against default permissions
247 if (! $page->exists() ) {
248 $perm = new PagePermission();
249 $result = ($perm->isAuthorized($access, $request->_user) === true);
250 $permcache[$pagename][$access] = $result;
253 // no ACL defined; check for special dotfile or walk down
254 if (! ($perm = getPagePermissions($page))) {
255 if ($pagename == '.') {
256 $perm = new PagePermission();
257 if ($perm->isAuthorized('change', $request->_user)) {
258 // warn the user to set ACL of ".", if he has permissions to do so.
259 trigger_error(". (dotpage == rootpage for inheriting pageperm ACLs) exists without any ACL!\n".
260 "Please do ?action=setacl&pagename=.", E_USER_WARNING);
262 $result = ($perm->isAuthorized($access, $request->_user) === true);
263 $permcache[$pagename][$access] = $result;
265 } elseif ($pagename[0] == '.') {
266 $perm = new PagePermission(PagePermission::dotPerms());
267 $result = ($perm->isAuthorized($access, $request->_user) === true);
268 $permcache[$pagename][$access] = $result;
271 return _requiredAuthorityForPagename($access, getParentPage($pagename));
273 // ACL defined; check if isAuthorized returns true or false or undecided
274 $authorized = $perm->isAuthorized($access, $request->_user);
275 if ($authorized !== -1) { // interestingly true is also -1
276 $permcache[$pagename][$access] = $authorized;
278 } elseif ($pagename == '.') {
281 return _requiredAuthorityForPagename($access, getParentPage($pagename));
286 * @param string $pagename page from which the parent page is searched.
287 * @return string parent pagename or the (possibly pseudo) dot-pagename.
289 function getParentPage($pagename) {
290 if (isSubPage($pagename)) {
291 return subPageSlice($pagename, 0);
297 // Read the ACL from the page
298 // Done: Not existing pages should NOT be queried.
299 // Check the parent page instead and don't take the default ACL's
300 function getPagePermissions ($page) {
301 if ($hash = $page->get('perm')) // hash => object
302 return new PagePermission(unserialize($hash));
307 // Store the ACL in the page
308 function setPagePermissions ($page,$perm) {
312 function getAccessDescription($access) {
313 static $accessDescriptions;
314 if (! $accessDescriptions) {
315 $accessDescriptions = array(
316 'list' => _("List this page and all subpages"),
317 'view' => _("View this page and all subpages"),
318 'edit' => _("Edit this page and all subpages"),
319 'create' => _("Create a new (sub)page"),
320 'dump' => _("Download page contents"),
321 'change' => _("Change page attributes"),
322 'remove' => _("Remove this page"),
323 'purge' => _("Purge this page"),
326 if (in_array($access, array_keys($accessDescriptions)))
327 return $accessDescriptions[$access];
333 * The ACL object per page. It is stored in a page, but can also
334 * be merged with ACL's from other pages or taken from the master (pseudo) dot-file.
336 * A hash of "access" => "requires" pairs.
337 * "access" is a shortcut for common actions, which map to main.php actions
338 * "requires" required username or groupname or any special group => true or false
340 * Define any special rules here, like don't list dot-pages.
342 class PagePermission {
345 function PagePermission($hash = array()) {
346 $this->_group = &$GLOBALS['request']->getGroup();
347 if (is_array($hash) and !empty($hash)) {
348 $accessTypes = $this->accessTypes();
349 foreach ($hash as $access => $requires) {
350 if (in_array($access, $accessTypes))
351 $this->perm[$access] = $requires;
353 trigger_error(sprintf(_("Unsupported ACL access type %s ignored."), $access),
357 // set default permissions, the so called dot-file acl's
358 $this->perm = $this->defaultPerms();
364 * The workhorse to check the user against the current ACL pairs.
365 * Must translate the various special groups to the actual users settings
366 * (userid, group membership).
368 function isAuthorized($access, $user) {
370 if (!empty($this->perm{$access})) {
371 foreach ($this->perm[$access] as $group => $bool) {
372 if ($this->isMember($user, $group)) {
374 } elseif ($allow == -1) { // not a member and undecided: check other groups
379 return $allow; // undecided
383 * Translate the various special groups to the actual users settings
384 * (userid, group membership).
386 function isMember($user, $group) {
388 if ($group === ACL_EVERY) return true;
389 if (!isset($this->_group)) $member =& $request->getGroup();
390 else $member =& $this->_group;
391 //$user = & $request->_user;
392 if ($group === ACL_ADMIN) // WIKI_ADMIN or member of _("Administrators")
393 return $user->isAdmin() or
394 ($user->isAuthenticated() and
395 $member->isMember(GROUP_ADMIN));
396 if ($group === ACL_ANONYMOUS)
397 return ! $user->isSignedIn();
398 if ($group === ACL_BOGOUSER)
400 return isa($user,'_BogoUser') or
401 (isWikiWord($user->_userid) and $user->_level >= WIKIAUTH_BOGO);
402 else return isWikiWord($user->UserName());
403 if ($group === ACL_HASHOMEPAGE)
404 return $user->hasHomePage();
405 if ($group === ACL_SIGNED)
406 return $user->isSignedIn();
407 if ($group === ACL_AUTHENTICATED)
408 return $user->isAuthenticated();
409 if ($group === ACL_OWNER) {
410 if (!$user->isAuthenticated()) return false;
411 $page = $request->getPage();
412 $owner = $page->getOwner();
413 return ($owner === $user->UserName()
414 or $member->isMember($owner));
416 if ($group === ACL_CREATOR) {
417 if (!$user->isAuthenticated()) return false;
418 $page = $request->getPage();
419 $creator = $page->getCreator();
420 return ($creator === $user->UserName()
421 or $member->isMember($creator));
423 /* Or named groups or usernames.
424 Note: We don't seperate groups and users here.
425 Users overrides groups with the same name.
427 return $user->UserName() === $group or
428 $member->isMember($group);
432 * returns hash of default permissions.
433 * check if the page '.' exists and returns this instead.
435 function defaultPerms() {
436 //Todo: check for the existance of '.' and take this instead.
437 //Todo: honor more config.ini auth settings here
438 $perm = array('view' => array(ACL_EVERY => true),
439 'edit' => array(ACL_EVERY => true),
440 'create' => array(ACL_EVERY => true),
441 'list' => array(ACL_EVERY => true),
442 'remove' => array(ACL_ADMIN => true,
444 'purge' => array(ACL_ADMIN => true,
446 'dump' => array(ACL_ADMIN => true,
448 'change' => array(ACL_ADMIN => true,
451 $perm['dump'] = array(ACL_ADMIN => true,
453 elseif (INSECURE_ACTIONS_LOCALHOST_ONLY) {
455 $perm['dump'] = array(ACL_EVERY => true);
457 $perm['dump'] = array(ACL_ADMIN => true);
460 $perm['dump'] = array(ACL_EVERY => true);
461 if (defined('REQUIRE_SIGNIN_BEFORE_EDIT') && REQUIRE_SIGNIN_BEFORE_EDIT)
462 $perm['edit'] = array(ACL_SIGNED => true);
464 if (!ALLOW_ANON_USER) {
465 if (!ALLOW_USER_PASSWORDS)
466 $perm['view'] = array(ACL_SIGNED => true);
468 $perm['view'] = array(ACL_AUTHENTICATED => true);
469 $perm['view'][ACL_BOGOUSER] = ALLOW_BOGO_LOGIN ? true : false;
472 if (!ALLOW_ANON_EDIT) {
473 if (!ALLOW_USER_PASSWORDS)
474 $perm['edit'] = array(ACL_SIGNED => true);
476 $perm['edit'] = array(ACL_AUTHENTICATED => true);
477 $perm['edit'][ACL_BOGOUSER] = ALLOW_BOGO_LOGIN ? true : false;
478 $perm['create'] = $perm['edit'];
484 * FIXME: check valid groups and access
487 foreach ($this->perm as $access => $groups) {
488 foreach ($groups as $group => $bool) {
489 $this->perm[$access][$group] = (boolean) $bool;
495 * do a recursive comparison
497 function equal($otherperm) {
498 // The equal function seems to be unable to detect removed perm.
499 // Use case is when a rule is removed.
500 return (print_r($this->perm, true) === print_r($otherperm, true));
504 * returns list of all supported access types.
506 function accessTypes() {
507 return array_keys(PagePermission::defaultPerms());
511 * special permissions for dot-files, beginning with '.'
512 * maybe also for '_' files?
514 function dotPerms() {
515 $def = array(ACL_ADMIN => true,
518 foreach (PagePermission::accessTypes() as $access) {
519 $perm[$access] = $def;
525 * dead code. not needed inside the object. see getPagePermissions($page)
527 function retrieve($page) {
528 $hash = $page->get('perm');
529 if ($hash) // hash => object
530 $perm = new PagePermission(unserialize($hash));
532 $perm = new PagePermission();
537 function store($page) {
540 return $page->set('perm',serialize($this->perm));
543 function groupName ($group) {
544 if ($group[0] == '_') return constant("GROUP".$group);
548 /* type: page, default, inherited */
549 function asTable($type) {
550 $table = HTML::table();
551 foreach ($this->perm as $access => $perms) {
552 $td = HTML::table(array('class' => 'cal'));
553 foreach ($perms as $group => $bool) {
554 $td->pushContent(HTML::tr(HTML::td(array('align'=>'right'),$group),
555 HTML::td($bool ? '[X]' : '[ ]')));
557 $table->pushContent(HTML::tr(array('valign' => 'top'),
558 HTML::td($access),HTML::td($td)));
560 if ($type == 'default')
561 $table->setAttr('style','border: dotted thin black; background-color:#eee;');
562 elseif ($type == 'inherited')
563 $table->setAttr('style','border: dotted thin black; background-color:#ddd;');
564 elseif ($type == 'page')
565 $table->setAttr('style','border: solid thin black; font-weight: bold;');
569 /* type: page, default, inherited */
570 function asEditableTable($type) {
572 if (!isset($this->_group)) {
573 $this->_group =& $GLOBALS['request']->getGroup();
575 $table = HTML::table();
576 $table->pushContent(HTML::tr(
577 HTML::th(array('align' => 'left'),
579 HTML::th(array('align'=>'right'),
581 HTML::th(_("Grant")),
582 HTML::th(_("Del/+")),
583 HTML::th(_("Description"))));
585 $allGroups = $this->_group->_specialGroups();
586 foreach ($this->_group->getAllGroupsIn() as $group) {
587 if (!in_array($group,$this->_group->specialGroups()))
588 $allGroups[] = $group;
590 //array_unique(array_merge($this->_group->getAllGroupsIn(),
591 $deletesrc = $WikiTheme->_findData('images/delete.png');
592 $addsrc = $WikiTheme->_findData('images/add.png');
593 $nbsp = HTML::raw(' ');
594 foreach ($this->perm as $access => $groups) {
595 //$permlist = HTML::table(array('class' => 'cal'));
597 $newperm = HTML::input(array('type' => 'checkbox',
598 'name' => "acl[_new_perm][$access]",
600 $addbutton = HTML::input(array('type' => 'checkbox',
601 'name' => "acl[_add_group][$access]",
604 'title' => _("Add this ACL"),
606 $newgroup = HTML::select(array('name' => "acl[_new_group][$access]",
607 'style'=> 'text-align: right;',
609 foreach ($allGroups as $groupname) {
610 if (!isset($groups[$groupname]))
611 $newgroup->pushContent(HTML::option(array('value' => $groupname),
612 $this->groupName($groupname)));
614 if (empty($groups)) {
615 $addbutton->setAttr('checked','checked');
616 $newperm->setAttr('checked','checked');
618 HTML::tr(array('valign' => 'top'),
619 HTML::td(HTML::strong($access.":")),
621 HTML::td($nbsp,$newperm),
622 HTML::td($nbsp,$addbutton),
623 HTML::td(HTML::em(getAccessDescription($access)))));
625 foreach ($groups as $group => $bool) {
626 $checkbox = HTML::input(array('type' => 'checkbox',
627 'name' => "acl[$access][$group]",
628 'title' => _("Allow / Deny"),
630 if ($bool) $checkbox->setAttr('checked','checked');
631 $checkbox = HTML(HTML::input(array('type' => 'hidden',
632 'name' => "acl[$access][$group]",
635 $deletebutton = HTML::input(array('type' => 'checkbox',
636 'name' => "acl[_del_group][$access][$group]",
637 'style' => 'background: #aaa url('.$deletesrc.')',
638 //'src' => $deletesrc,
640 'title' => _("Delete this ACL"),
645 HTML::td(HTML::strong($access.":")),
646 HTML::td(array('class' => 'cal-today','align'=>'right'),
647 HTML::strong($this->groupName($group))),
648 HTML::td(array('align'=>'center'),$nbsp,$checkbox),
649 HTML::td(array('align'=>'right','style' => 'background: #aaa url('.$deletesrc.') no-repeat'),$deletebutton),
650 HTML::td(HTML::em(getAccessDescription($access)))));
656 HTML::td(array('class' => 'cal-today','align'=>'right'),
657 HTML::strong($this->groupName($group))),
658 HTML::td(array('align'=>'center'),$nbsp,$checkbox),
659 HTML::td(array('align'=>'right','style' => 'background: #aaa url('.$deletesrc.') no-repeat'),$deletebutton),
665 HTML::tr(array('valign' => 'top'),
666 HTML::td(array('align'=>'right'),_("add ")),
668 HTML::td(array('align'=>'center'),$nbsp,$newperm),
669 HTML::td(array('align'=>'right','style' => 'background: #ccc url('.$addsrc.') no-repeat'),$addbutton),
670 HTML::td(HTML::small(_("Check to add this ACL")))));
672 if ($type == 'default')
673 $table->setAttr('style','border: dotted thin black; background-color:#eee;');
674 elseif ($type == 'inherited')
675 $table->setAttr('style','border: dotted thin black; background-color:#ddd;');
676 elseif ($type == 'page')
677 $table->setAttr('style','border: solid thin black; font-weight: bold;');
681 // Print ACL as lines of [+-]user[,group,...]:access[,access...]
682 // Seperate acl's by "; " or whitespace
683 // See http://opag.ca/wiki/HelpOnAccessControlLists
684 // As used by WikiAdminSetAclSimple
685 function asAclLines() {
688 foreach ($this->perm as $access => $groups) {
689 // unify groups for same access+bool
690 // view:CREATOR,-OWNER,
692 foreach ($groups as $group => $bool) {
693 $line .= ($bool?'':'-').$group.",";
695 if (substr($line,-1) == ',')
696 $s .= substr($line,0,-1)."; ";
698 if (substr($s,-2) == '; ')
699 $s = substr($s,0,-2);
703 // This is just a bad hack for testing.
704 // Simplify the ACL to a unix-like "rwx------+" string
706 function asRwxString($owner,$group=false) {
708 // simplify object => rwxrw---x+ string as in cygwin (+ denotes additional ACLs)
709 $perm =& $this->perm;
710 // get effective user and group
712 if (isset($perm['view'][$owner]) or
713 (isset($perm['view'][ACL_AUTHENTICATED]) and $request->_user->isAuthenticated()))
715 if (isset($perm['edit'][$owner]) or
716 (isset($perm['edit'][ACL_AUTHENTICATED]) and $request->_user->isAuthenticated()))
718 if (isset($perm['change'][$owner]) or
719 (isset($perm['change'][ACL_AUTHENTICATED]) and $request->_user->isAuthenticated()))
721 if (!empty($group)) {
722 if (isset($perm['view'][$group]) or
723 (isset($perm['view'][ACL_AUTHENTICATED]) and $request->_user->isAuthenticated()))
725 if (isset($perm['edit'][$group]) or
726 (isset($perm['edit'][ACL_AUTHENTICATED]) and $request->_user->isAuthenticated()))
728 if (isset($perm['change'][$group]) or
729 (isset($perm['change'][ACL_AUTHENTICATED]) and $request->_user->isAuthenticated()))
732 if (isset($perm['view'][ACL_EVERY]) or
733 (isset($perm['view'][ACL_AUTHENTICATED]) and $request->_user->isAuthenticated()))
735 if (isset($perm['edit'][ACL_EVERY]) or
736 (isset($perm['edit'][ACL_AUTHENTICATED]) and $request->_user->isAuthenticated()))
738 if (isset($perm['change'][ACL_EVERY]) or
739 (isset($perm['change'][ACL_AUTHENTICATED]) and $request->_user->isAuthenticated()))
749 // c-hanging-comment-ender-p: nil
750 // indent-tabs-mode: nil